sorry to keep harping on this one, but I'm actually learning something here.
Besides, my big project at work these days is working with a large
university, replacing their campus physical and switch infrastructure. I'm
finding the this discussion fascinating for that reason as well.
If I read my
The idea is :the router make a copy of the hello packet and send this packet
on each VC.So if you have 10 VC you will send 10 hello packeges and this
pacheges are multicast (destination address 224.0.0.10).
Anyway you can see a document on Cisco
Morning,
I am trying to deny access to our Router on the network, but allow access
on the switches only. I am Tacacs, is there a way of grouping switches
different from routers and assigning defferent security setting to them
Cheers
Message Posted at:
Morning,
I have a cisco 7204 that was alright until 4 weeks ago. It started
rebooting itself every 12 hours, upon checking the Crashinfo file, nothing
in it suggests something was wrong. Flash was full with crashinfo files,
after deleting files, the router stopped rebooting for about too weeks.
wow.
(attention G-S moderators: I know you always hoped I'd be at a loss for
words at some point. Nota Bene: this post came closer than most. I apologize
for the tease)
please note that I'm using this thread in a vain hope to render dormant all
sub-threads.
I say wow, partially because where
Need some advices from BGP experts : Does BGP do load balancing by default?
Says there are 4 parallel paths between the source and destination, will
the traffic be distributed among the 4 paths? If it does not support load
balancing by default, how to turn it on? How many parallel paths can it
Ok, but I see a mac-address jumping to port 10 (and 11) and spanning-tree
ports start at 13.
Words by Larry Letterman [Mon, May 20, 2002 at 12:52:38PM -0400]:
That looks like it is using the spanning tree port numbers, not the
physical switch port numbers.
Larry Letterman
Cisco Systems
Is it always NACKing for the same IP lease? Normally, the DHCP process works
like this: The client sends a DHCPDISCOVER to find a DHCP server, the server
responds with a DHCPOFFER, offering the client an IP, the client responds
with a DHCPREQUEST to choose the IP address (in case it gets an offer
There are two differences. The first is that in the first example you are
using a standard ACL, and in the second you are using an extended ACL. The
second is that in the first example, you are using a numbered ACL, while in
the second, you are using a named ACL. The primary differences in the
Maurice,
BGP defaults to using only the BEST path, hence ONE.
Check CCO for path determination in BGP.
The other protocols default to maximum of four, but can
be extended to 6 with maximum-paths.
To turn on load-balancing in BGP, a few steps are needed:
1. enable eBGP multihop
2. use
I have just bought a new WS-X5013 for my cat 5000 and I have been trying
the passowrd recovery--it will not let me change the set password...the set
enablepass works though. As the set password seems to have the console
locked apart from the first 30 seconds after every reset I would like to
Guys,
Will anybody know is ppp multilink is possible over an adsl link and
does it work similar to isdn?
Regards,
George.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44704t=44704
--
FAQ, list archives, and subscription
Stuart,
You can press enter during the 1st 30 seconds ( No later) which will get you
into the CAT and then you can reset the password(s)
HTH
Richard
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44705t=44702
--
FAQ, list
Unfortunately, the gals in the U.S. are less apt to shrug it off their
shoulders if a co-worker is checking out Female Porn... They're, shall
we say, a bit sensitive to the subject... and usually immediately
complain of Sexual Harassment... even if it's not involving them in
any way.
In other
Gang,
To put a closure to the thread, allow me to repeat the saying...
When a man with money meets a man with experience,
the man with experience ends up with the money, and
the man with money ends up with experience.
(Gals, no flame please.)
So please give these newbies a break. After all,
Hello people, I have solutioned the problem for connect VPN Fully Meshed.
The solution: You have to add all peers in all crypto map Sample:
BAD CONFIGURATION
crypto map vpn 10 ipsec-isakmp
set peer 100.100.100.249
set transform-set rtpset
match address 102
crypto map vpn 20
More importantly -
Autonomous switching is not used when you have extended access lists.
Dom Stocqueler
Brian Hill
Sent by: [EMAIL PROTECTED]
22/05/2002 12:06
Please respond to Brian Hill
To: [EMAIL PROTECTED]
cc:
Subject:RE: Dumb Access-List
I tried that but it tells me incorrect password--the enablepass seems to
work though
-Urspr|ngliche Nachricht-
Von: Richard Botham [mailto:[EMAIL PROTECTED]]
Gesendet am: Wednesday, May 22, 2002 2:17 PM
An: [EMAIL PROTECTED]
Betreff: RE: set password problem [7:44702]
Stuart,
You can
I loaded the WS-X5013 (24 10bT RJ45) into my Cat 5k but it show some errors
booting it shows this
module 2 is not supported
afterward with a show mod is shows 0 ports and status unknown or it will not
see the module at all.
Bootrom is version 2.2 and version is 4.5
I checked on Cisco and
Hello friends, I am having a little problem getting a
new long distance frame relay circuit going and
getting the ol its your equipment answer from telco
and not sure if this is the case or not. I have
checked cables and tsu/router config and all seems ok
. when the telco loops my csu/tsu it
This link should help.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1918.htm
beth shriver wrote:
Hello friends, I am having a little problem getting a
new long distance frame relay circuit going and
getting the ol its your equipment answer from telco
and not sure if
Your problem is spooky, I just had the exact same problem with a 1924 the
other day. Same symptoms, same inability to use XMODEM to upgrade the flash.
I discovered that not all null modem cables are made the same, strangely
enough. Do a search on CCO and you will find a variety of pinouts. I
Well, it's good to hear that there will be more choices to study from once I
get to that point.
From looking at review comments on Amazon, it appears that of the Exam
Cram series, only the switching book by Deal was any good. I sent him an
email message (found an old posting of his on Amazon
Hi all,
I have a 3002 trying to connect to my 3015. I set up the group name and the
user name and it is setup on the 3002. From the 3015 icant ping the 3002
internet address. But I can ping other internet addresses. On the 3002 I
can't ping the 3015's port but can ping other addresses. If I go
I'm not saying to close the thread or not, although I think the
moderators (I am one) are starting to block messages that come across
as personal attacks.
What I see is the fundamental misperception in this thread is an
assumption there is a binary choice between experience and new
training.
send a sh conf and sh int from the serial interface. a sh frame pvc
too.
Dave
beth shriver wrote:
Hello friends, I am having a little problem getting a
new long distance frame relay circuit going and
getting the ol its your equipment answer from telco
and not sure if this is the case
Since this is a Sup. Blade that you just acquired, what about just
wiping the config completely??
Either a write erase or a clear config all after you've gotten on
the thing in enable mode might be your best bet. When you reload the
switch afterwards, it should come up with factory default
Also, to add to this... if you have a WINS server with a corrupt
database, that could be adding to the confusion for Duplicate IPs. I've
had this happen to me before, and didn't realize it until I decided to
just look at the WINS server to see what it thought was true of the LAN
topology. It's
Maybe - but not successfully.
You need a MAU between routers.
-Original Message-
From: nettable_walker [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 9:06 PM
To: [EMAIL PROTECTED]
Subject: anybody ever try to make a token ring crossover cable ?
[7:44682]
5/21/2002
Two other things. This is only a problem (as far as I know) on the older
1900s with the DB-9 console port. The other issue, and I have sorta
confirmed it, is that you can't load anything older than about 5.37 on the
older 1900s. I was able to do that with my old 1924, but it gags when I try
to
Well, Richard Deal just sent me an email. Coriolis was maintaining all the
errata.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44720t=44638
--
FAQ, list archives, and subscription info:
Does anybody know a way to rack mount a PIX 501?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44722t=44722
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and
I have 4 2948g's in 4 different wiring closets all wired to a core 6509
through gig uplinks. The interfaces on the switches are all assigned to
VLAN 2, my management VLAN. The only way to access VLAN 2 is through a
checkpoint firewall running NG. All switches have the firewall interface
I'm going to hazzard a guess here and see what others think of my theory.
For PPP Multilink to work you need it enabled at both ends. with
point-to-point T1s or ISDN this isn't a problem because you (usually)
control both ends But with ADSL, you only control one end (unless this
is
I looked in the archives and it appears that some have successfully
connected a Centillion 100 and a Catalyst 5000. What I am looking for is
specifics and caveats for using these two in my CCIE rack. What versions of
software/firmware will work together?
Appreciate any help.
Message Posted
My calendar is marked.
Priscilla Oppenheimer wrote:
I have a new book coming out soon for the Support Test. And I
plan to
manage my own errata sheet (which hopefully will be very small
;-) rather
than let the publisher do it. There's more info here:
test
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44728t=44728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hi,
Even I have observed this on the pix firewall which act as a default
gateway to all our switches...the switches used are catalyst 4000 series.
any explanation why it does so ?
Kind Regards /Thangavel
186K
Reading,Brkshire
Direct No -0118 9064259
Mobile No -07796292416
Post code: RG16LH
Just curious
Do I need to review all my routing and switching commands for the CCIE
written? Boson #3 have no emphasis on commands but Boson #1 does.
Thank you,
Pierre-Alex
P.S. I assume this question does not violate the NDA .
Message Posted at:
Hi I would like to contact with people who are preparing or recently did
650-504 Exam, for dicusing subjects. [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44731t=44731
--
FAQ, list archives, and subscription
Buy a shelf for the rack.
Sandra Carr wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Does anybody know a way to rack mount a PIX 501?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44732t=44722
--
FAQ, list
I don't think there is a problem in the world good old duct tape can't fix.
Sandra Carr wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Does anybody know a way to rack mount a PIX 501?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44733t=44722
Yes it does if you are doing EBGP and your router has two or more directly
conneted links to your EBGP peer. The the default load balancing will work
if static routes or an IGP is used for your subnets linking your neighbors.
You see it is not BGP performing the load balancing but the normal
I was under the impression that, while a switch is often termed a multiport
bridge, there is one fundamental difference in the way the two devices
forward frames. While my source is not always the most credible or reliable
(Course Technology Networks Plus book), it does cause me to stop and
Could you elaborate on the backbone engineering is at a level far more
specialized and complex than the CCIE level, and there haven't been
formalized ways to learn it.
I would love to know more about what you actuall mean?
Thank you.
Regards.
From: Howard C. Berkowitz
Reply-To: Howard C.
And add cef per-packet or per-destination
From: cebuano
Reply-To: cebuano
To: [EMAIL PROTECTED]
Subject: Re: BGP load balancing [7:44697]
Date: Wed, 22 May 2002 07:17:07 -0400
Maurice,
BGP defaults to using only the BEST path, hence ONE.
Check CCO for path determination in BGP.
The other
Yes , I have started from yesterday, after passing my BSCN.
We can discuss thes subject as we go forward.
Thanks
Ravi
Antonio Malker wrote:
Hi I would like to contact with people who are preparing or recently did
650-504 Exam, for dicusing subjects. [EMAIL PROTECTED]
Message Posted at:
There are a few things wrong with that description.
First, switches and/or bridges are layer two devices and wouldn't be
aware of different IP subnets in the first place. A switch or bridge
will forward a frame out all ports except the originating port if it has
not yet learned the correct port
Hope it comes out before the start of our fall semester. Who's publishing
it?
Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy
Priscilla Oppenheimer wrote:
I have a new book coming out soon for the Support Test. And I plan to
manage my own
At 7:03 PM + 5/22/02, Cisco Nuts wrote:
Could you elaborate on the backbone engineering is at a level far
more specialized and complex than the CCIE level, and there haven't
been formalized ways to learn it.
I would love to know more about what you actually mean?
Thank you.
Regards.
All,
I have a quick question regarding content switches. Should the content
switched be placed inside or outside of a firewall. I can not find any
documentation to support which is better.
Thanks,
Jason Forrester
CCIE 8748
Message Posted at:
My interpretation of what he meant by that is you have to understand
everything that encompasses a campus network. you have to first understand
what the data is that the user what's, where it is and how it is that he
going to get that information.
I.E. There is data on the mainframe that some
Find out what lmi the telco is using and ensure your lmi is configured
properly.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44747t=44709
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Just recently installed a PIX 515E. I can ping from the PIX to an outside
address (and inside box to ethernet on PIX); but trying to ping through the
PIX comes back as unreachable. Basic layout as follows:
Netopia DSL Router -- PIX 515E-- LAN
I'm using the default
If your not using the CSS to load balance between firewalls I see now reason
to put it outside. The CSS constantly sends keepalives to the servers it
load balances for. I don't see any reason the packets should be inspected by
the firewall. If the firewall gets overloaded and drops packets the
My understanding is that for firewall loadbalancing they are installed
on the inside and outside otherwise they are most often installed on the
DMZ.
Dave
Jason Forrester wrote:
All,
I have a quick question regarding content switches. Should the content
switched be placed inside or
Both- they call it sandwich-ing the firewall.
We had call for a design awhile back using the Cisco CSSs (ArrowPoints).
The firewall portion called for us to use the CSSs to advertise the
CheckPoint cluster IP address coming in and going out of the network.
Instead of buying 1 or 2 fire
At 02:58 PM 5/22/02, Kevin Jones wrote:
If a multiport bridge determines (based on the destination MAC address) that
the destination node is on another subnet,
Stop right there. It can't figure out that the destination is on a
different subnet from the MAC address. Subnets are differentiated by
If I want to setup a VPN connection PIX (on cable modem) at the remote and
IOS firewall / IPSEC 3640 on a T1 to ISP at the central site since I don't
have static address on PIX can I just use the below line and replace the
95.95.95.2 with 0.0.0.0 and then the rest of my config?
crypto isakmp key
Check the default gateway of your PC.
Enable debug icmp trace on the PIX to troubleshoot...
-- Lidiya White
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jablonski, Michael
Sent: Wednesday, May 22, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: PIX 515E
I think your correct. Most people that have DSL terminate at a
provider and I know of no providers that provide DSL-ppp-multilink. We
do have several customers that do control both sides, use DSL for
employee remote access and some use it for backup but again none have
tried the multilink but I
John Neiberger wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
However,
it's still a rectangle when you get right down to it.
Hey. A square isn't a rectangle!!!
(just kidding I just thought I'd be stubborn... hehe)
Good analogy..
Mike W.
Message Posted at:
I have configured PIX for remote VPN client. It works for Cisco VPN client,
however Cisco does not have support to Mac 8-9. I downloaded the software
from Netlock. However it failed in Phase 1. Then I upgraded the PIX to
6.2(1), it seems making some progress. However the connection is killed in
I was oblivious to the fact that I was using the word subnet. What I
should have used is the word segment. Anyway, I went back to what I
thought was the source and was unable to find the description I had read.
I'll look again. Not sure where I read it now. Anyway, this thread has
confirmed
Try to explicitly permit ICMP from the inside to the outside and see if that
helps.
Thanks
Larry
-Original Message-
From: Jablonski, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 4:14 PM
To: [EMAIL PROTECTED]
Subject: FW: PIX 515E routing issue [7:44749]
Oh yeah
I'm a little confused by configs I see in production that appear to be
contrary to how I think HSRP works.
What is the significance of the preempt statement on Switch #2 in this
example below ???
Is it- without the preempt statement on the second switch (even though
it
has the lower
Phil, Thanks for posting this, I was'nt even aware that you could use hsrp
on switches/vlans, if you have an url or more info on using hsrp on switches
that would be great. As for your question, if hsrp works on switches in the
same way it does on routers, than yes switch #2 should also have a
At 06:11 PM 5/22/02, Kevin Jones wrote:
I was oblivious to the fact that I was using the word subnet. What I
should have used is the word segment.
Ah. That makes more sense. When a frame arrives, both bridges and switches
send the frame on its way without sending it back onto the originating
Precisely without the 'preempt', the first router (RSM, MSFC, etc) would
never take control back from #2 after coming back up
I would also be suspect of all of the lines that say 'standbye' hehe
=)
Seriously tho, just for overkill, we always put preempt on all HSRP
groups..
Howard C. Berkowitz wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
:-) well, my book on the subject, Building Service Provider
Networks, should be about to ship.
Seriously, let's talk about several areas, beginning with BGP. Every
BGP scenario I've seen or or heard of in
nrf wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On the other hand, who's more likely to show up to work late? Or show up
drunk or high? Or get into a fight with his coworkers? Or surf porn in
front of female coworkers? The guy who's been in the working world for
25
For that price you might as well order 2 ISDN lines from your local telco.
That should only cost you about $80.00 a month as you don't need to get ISP
service with it. You would be able to use those for 17 months until coming
up even.
Georg Treptow
-Original Message-
From: Dennis
Earlier today I proposed putting together some comparative information on
the various ISDN Simulators available. Since the question which simulator
do I buy? comes up regularly on the list, I though a cooperative effort to
develop an answer would be an interesting exercise for the group. Just to
At 02:51 AM 5/22/02, Chuck wrote:
sorry to keep harping on this one, but I'm actually learning something here.
Besides, my big project at work these days is working with a large
university, replacing their campus physical and switch infrastructure. I'm
finding the this discussion fascinating for
I passed switching today. Will pass Support tomorrow and then I'll be a NP.
This test is more theory than any others and there are at least 15 gimmee
questions that would be better served on a CompTia N+ test. There are about
12 really hard questions, and the rest are not very difficult if you
I bought a adtran 550 for $1600 from someone who appropriated it when they
got laid off at a dot com. Anyway it work real good and you can get POTS
modules for it. I haven't been able to get PPP multilink to work with it
anyone have thoughts? Its a real bitch to set upo too. But it is the one
What router/ios are you running?
IOS 11.2 and above will autodetect the LMI type.
If you're IOS is lower you'll need to get the telco to tell you what kind of
LMI their frame switch is using and then set that type on the interface.
Have you set the encapsulation type to frame-relay on the
I'd agree, especially if you've got a study buddy to split the cost with...
On the other hand, the prices I found were from e-bay - so provided Cisco
doesn't drop ISDN from the lab, you can always resell the unit once you're
done and the only thing you're out is the delta in the prices and any
No LMI indicates the telco frame switch is not seeing the frame
keepalives from the cisco.
1. Are both sides confirmed as using same frame relay encapsulation
[ietf/cisco]
2. What is the output of 'debug frame lmi'?
3. What is the output of debug serial interface?
4. Have you tried to do a
Sorry- it was a router, a MSFC1 to be specific.
Thanks
Phil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 7:51 PM
To: [EMAIL PROTECTED]
Subject: RE: Standby Preempt [7:44762]
Phil, Thanks for posting this, I was'nt even aware that
Hi group,
Is there a way to filter the SNMP MIB sned out on a
cisco router.
For example, I want a community string only send out
router interface status info.
How would I accomplish this?
Thanks
Adam
__
Do You Yahoo!?
LAUNCH - Your Yahoo!
At 7:58 PM -0400 5/22/02, dre wrote:
Howard C. Berkowitz wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
:-) well, my book on the subject, Building Service Provider
Networks, should be about to ship.
Seriously, let's talk about several areas, beginning with BGP. Every
Another possible problem (although the outputs that people have asked for
would help...)
Do you have no keepalive set? If you turn off keepalives, you will turn
off LMI from your router to the telco switch - which won't help your
connectivity much...
Could be worth checking with your telco
I heard someplace, maybe on this list, about using dry pair for DSL
connections between two points. Attach a DSL device like an 827 at each end
and voila! In such a case, I wonder. Especially now that you can create a
virtual multilink interface, rather than have to go through the old virtual
I love these how to load balance using BGP threads.
Everyone who wants to load balance across the internet should be aware
that you may be creating a situation where you are hurting your performance.
Lets say that you have two AS Paths that are the same length. How do you
know how many hops
Hi all,
Which book/document must read before the exam?
- Original Message -
From: Kerry
To:
Sent: Thursday, May 09, 2002 12:26 AM
Subject: Re: Passed 350-001 today [7:43574]
congrats
Kris Keen wrote in message
news:[EMAIL PROTECTED]...
Hi All,
I sat the CCIE RS Written
Does anyone have any input on the CCIE bootcamps for
the lab. Is this worth the money? I dont want to dish
out $8000 large for nothing.
- Me
__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
Message Posted at:
Howard C. Berkowitz wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
-- in the real world, it's VERY rare to redistribute between a dynamic
IGP and BGP. Sure, there are exceptions, but they are VERY carefully
chosen.
A provider backbone CANNOT survive having 100,000-plus
Congrats! Good luck on the lab
Mike W.
Kris Keen wrote in message
news:[EMAIL PROTECTED]...
Hi All,
I sat the CCIE RS Written today at Vue in Sydney. I passed with 79%
I sat the original exam..
I used the NLI Study Guide (spot on), Boson 2/3, Rossi's paper and the
Michael L. Williams wrote:
(just to echo what others have said) If you're anywhere close
to ready to
take the written, do it now! I took the beta for the new
written, and it's
much different. Aside from information on routing protocols,
I assume this means you took the Beta, and
At 11:27 PM -0400 5/22/02, dre wrote:
Howard C. Berkowitz wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
-- in the real world, it's VERY rare to redistribute between a
dynamic
IGP and BGP. Sure, there are exceptions, but they are VERY carefully
chosen.
A provider
I will be out of the office starting May 23, 2002 and will not return
until June 10, 2002.
I will respond to your message when I return.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44790t=44790
--
FAQ, list archives, and
Hi,
Is there any acceptable limit for this?
Thanks,
Sujal
[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44791t=44791
--
FAQ,
I have an older Arca Emutel which is ST only. No external NT1's required on
the older 2500s. Works great and about the only difference between the new
one and this one is the U interface.
Default numbers are 55 and 66
Switch type default is Basic-dms100
Bought it used from one of the
94 matches
Mail list logo