""Ken Diliberto"" wrote in message
news:[EMAIL PROTECTED]
> I had a strange problem this evening with a 2924XL. The server attached
> to port f0/13 had been generating errors and finally the switch stopped
> talking to it. A shut/no shut combination started everything back up
> again.
>
> The co
I spent a fun couple of hours setting something up and playing around. some
comments below, without giving away answers, because once you discover this
for yourself you will have learned another useful tool.
""Casey, Paul (6822)"" wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
>
> I have osp
Don't you have to running the Enterprise version of the software for VTP to
work??
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: 24 February 2003 21:35
To: [EMAIL PROTECTED]
Subject: RE: two 1900 catalyst switches cannot exchange VLAN in
[7:63613]
suavegu
I have a similar site with the same bootstrap version as below as the memory
upgrade worked great.
Thanks for the input - I actually forgot to check that.
Andrew
-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]
Sent: 19 February 2003 18:18
To: 'Andrew Larkins'; [EMAIL PROT
I just got a SUP III (WS-X5530-E3) for my Cat 5005,
all the light come up green but I can not get a prompt.
I check the cable and everything else.I tried getting a prompt
on one of my other switches using the same set up and I get a prompt.
I think this SUP might have a bad console port.
--
__
I had a strange problem this evening with a 2924XL. The server attached
to port f0/13 had been generating errors and finally the switch stopped
talking to it. A shut/no shut combination started everything back up
again.
The configuration only says to send a trap when a broadcast storm
happens.
... don't have much experience with GRE tunnels, but if they operate
anything like VPN tunnels, then I would expect the GRE Tunnel needs to
be terminated between R1 and R5. The dependency for this is that R1 and
R5 can successfully communicated to each other for the GRE Protocol
(i.e., there are n
""Jason Steig"" wrote in message
news:[EMAIL PROTECTED]
> it worked!! thanks!Jason Steig wrote:
> >
forgive me for having gotten lost in this thread...
> > so your saying that my statement
> > ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit
> > all hosts from network
it worked!! thanks!Jason Steig wrote:
>
> so your saying that my statement
> ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit
> all hosts from network 192.17.73.0 and 192.81.73.0??
>
> 17 is 00010001
> 81 is 01010001
>
> so the bit it doesn't match on is the 64 bit. so i
Rutger,
Cisco s2witches allow you tyo specify which VLANS will be allowed to
traverse a trunk link. Your first example simply identifies the port as a
trunk link without any limitations as to which VLANs can use it. Your second
example sets up the port as a trunk link but limits the traffic to VLA
so your saying that my statement
ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit all hosts
from network 192.17.73.0 and 192.81.73.0??
17 is 00010001
81 is 01010001
so the bit it doesn't match on is the 64 bit. so i just have to switch it
around if your saying the ones don't coun
I have a couple of VIP cards from an old 7010 that are (according to Cisco)
compatible with a new 7206. One is a single, copper 100Mb card and the
other is a 4 port 10Bt card. I am supposed to be able to add them "hot" to
the new 7206, but when I tried this I got the message on the console that
a
The below are my 3524xl uplinks to my other switches, I dont
have to put
switch access commands in...I assume you are running default
isl/dot1q encapsulation
for the trunking...I dont see any commands for the ISL or
Dot1Q trunks listed.
interface GigabitEthernet0/1
description to sjc5-00-gw1
sw
Priscilla Oppenheimer wrote:
>
> Jason Steig wrote:
> >
> > Hello all. I'am stumped on an access-list that i need to
> > create. What i did was i set up two routers using rip and put
> > loopbacks on one of them and advertised them in rip. I then
> > attempted to build an access-list allowing jus
Jason Steig wrote:
>
> Hello all. I'am stumped on an access-list that i need to
> create. What i did was i set up two routers using rip and put
> loopbacks on one of them and advertised them in rip. I then
> attempted to build an access-list allowing just these networks
> to pass into the other ro
Newell Ryan D SrA 18 CS/SCBT wrote:
>
> > 500 Meters?? It's 2500 meters. In one example of such a
> network, there can
> > be 5 segments, 4 repeaters (hubs), but only 3 segments can
> have end
> > systems. That's the infamous 5-4-3 "rule." It makes a lot of
> > assumptions. Really, the
> > size o
Does any configured atm back to back on 4500 and have a sample config, whats
the latest ccie number and have folks seen new tests or are they cycling the
same garbage through
thanks in advance
Dave
_
Protect your PC - get McAfee.
At the line level in your config make sure you have 'no exec' configured
on the lines leading to your 'remote' devices or this sort of thing will
happen all the time.
HTH,
John
>>> "McHugh Randy" 2/24/03 3:55:19 PM >>>
It appears that I cannot establish a telnet session to my routers from
the
te
Show users would have displayed the line. I think you piped in 'show
session'. I think show session shows outgoing telnet connections. And show
user shows
connections on the lines...vty,aux,con and tty.
-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February
Are you reverse telneting to the line the routers are connected to?
-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 7:55 AM
To: [EMAIL PROTECTED]
Subject: Cant establish reverse telnet [7:63660]
It appears that I cannot establish a telnet
For the second practice do the following.
1 Clear config all
2 Power cycle the switch
3 If server mode is used make sure the configuration revision number is 0
Daniel Ladrach
CCNP, CCNA
WorldCom
-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED]
Sent: Monday, February 24, 2
Hi all,
A quick question. 803 router, 12.0(4) IOS.
Is it possible to acquire DNS server addresses dynamically from an ISP and
then distribute them via DHCP to a NATted LAN? I can't seem to work out how
to do this.
John McGinn
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63
Actually that is not what I was talking about at all.
I was not looking at things from the enterprise standpoint, but rather from
a provider standpoint - and specifically from Verizon's standpoint. Verizon
lost a lot of voice-switching capacity during 9-11, and while they
admittedly and heroicall
I figured it out but dont really understand it. This is what I did
line con 0
exec-timeout 0 0
logging synchronous
line 97 112
no exec
transport input all
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 060506324F41
login
!
end
TS#clear line 97
[confirm]
[OK]
Was it just the line 97
It appears that I cannot establish a telnet session to my routers from the
term server. How can I clear the line
TS#sh ses
% No connections open
TS#r1
Translating "r1"
Trying r1 (1.1.1.1, 2097)...
% Connection refused by remote host
TS#r2
Translating "r2"
Trying r2 (1.1.1.1, 2098)...
% Connectio
> 500 Meters?? It's 2500 meters. In one example of such a network, there can
> be 5 segments, 4 repeaters (hubs), but only 3 segments can have end
> systems. That's the infamous 5-4-3 "rule." It makes a lot of
> assumptions. Really, the
> size of the network depends on round-trip propagation delay
www.opensystems.com
They make a product called Private-I.. It's bar-none the best
info-correlation product out there.
--
Scott M. Trieste
Information Security Consultant
p: 201.618.8977
[EMAIL PROTECTED]
wrote in message
news:[EMAIL PROTECTED]
> Does anyone know of a product that will merge log
Actually in the case of 9-11 if your internet was still working it was
because your data connection went through a Central office that was not
affected by the 9-11 incident. Keep in mind that data and traditional
voice still ride for the most part the same carrier services. Our
company lost s
Sounds like you need to look into the varience command. Variance is how
you tell eigrp to load ballance across unequal bandwidth links. Keep in
mind that when both ISDN ports fire up you are talking about a link that
is twice as fast as the 64 Kbps Leased Line.
Here is a link to the cisco doc
Because I use multicast,I'm considering to use GRE tunneling.
The equipments are all cisco. Network diagram is like below.
Multicast-R1-passport--LL--passport-R2-LAN-R3--FR--R4--LL--R5--Client
Server
GRE tunneling
LL:leased line
Passport:Nortel Passport
Do I have
Hi All,
Tommorrow I will be adding a new 2950 to my switch fabric. I will add
another GBIC copper module to my 4006. Does any one know if I can just
insert it whilst on ? I remember last time I done this under the old IOS for
the 4006 with the supIII, it had a cow and just died. I have the latest
Hello,
I'm not a Cisco expert and Ionly have some field experience with configuring
switches. So please forgive me for my questions.
Today I've been busy configuring a trunk on some Cisco 2950c/2924c switches.
Could somebody explain the difference between these two configurations:
Config 1:
inte
I tried searching Google about this, but I'm not sure if I located the info
you requested.
This link talks about a Cisco telnet exploit, but it is on Catalyst switches
with the CAT-OS: http://www.theregister.co.uk/content/55/23900.html
This link is about the same thing, but from Cisco's site:
http
buy the course books from the cisco press series..thats what
the test come from...
you can compliment the books with most of the hands on that
the books describe on
your equipment
Larry Letterman
Network Engineer
Cisco Systems
- Original Message -
From: "Steven Aiello"
To:
Sent: Mo
Haven't heard of that one but here is one I am aware of:
http://www.cisco.com/en/US/customer/products/hw/routers/ps274/products_security_advisory09186a00800b1699.shtml
Dave
Steven Aiello wrote:
> I was told that there was a telnet security hole in Cisco's IOS. I was
> told there was a way w
Try www.micromuse.com or logboss at
http://www.securityprofiling.com/logboss.htm.
HTH,
Charles
wrote in message
news:[EMAIL PROTECTED]
> Does anyone know of a product that will merge log files from multiple
> sources Snort, PIX, Checkpoint, etc...?
>
> I'm trying to centralize much of ou
""Casey, Paul (6822)"" wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
>
> I have ospf in to rip redistribution on a /24 classfull boundary, I
> Summarized/ area range(d) all the networks in ospf domain to /24 to get
them
> to show up in rip.domain.
>
> No real problems here, though I haved one
Hello,
I have ospf in to rip redistribution on a /24 classfull boundary, I
Summarized/ area range(d) all the networks in ospf domain to /24 to get them
to show up in rip.domain.
No real problems here, though I haved one network in ospf 200.200.0.0/16
which is not showing up in rip router.
Does anyone know of a product that will merge log files from multiple
sources Snort, PIX, Checkpoint, etc...?
I'm trying to centralize much of our security management responsibilities.
Thanx,
Mike J.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63646&t=63646
-
Hello,
anybody knows where can I get informations about cisco2691? WAN/LAN
integrated... slots for WAN expansions... princing...
I have to connect 12 point... does this equipment support that number of
connections?
thanks
Pedro
- Original Message -
From: "hanan"
To:
Sent: Monday, Febr
Hello all. I'am stumped on an access-list that i need to create. What i did
was i set up two routers using rip and put loopbacks on one of them and
advertised them in rip. I then attempted to build an access-list allowing
just these networks to pass into the other router. The router with the
loopba
Rob Thomas has a great site with sample configs. He uses the term "Bogon" to
refer to ip addresses that are not allocated. Best that you send incoming
packets with those addresses to Null0. Also good to filter those addresses
should they be coming from your network. -- Which means that someone insi
suaveguru wrote:
>
> all,
>
> I have 2 cisco catalyst 1900 switches with VLANS
> configured on it when I tried to enable trunking on
> both of the trunk ports and make the two catalyst 1900
> switched run VTP vlans information just can't travel
> across the switches, appreciate if anyone with si
To clarify, my PIX sits behind a DSL modem, not router.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63641&t=63638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nond
How are you prioritizing traffic? LLQ, priority queueing ect...? Are yor
prioritizing over frame, point to point, lan ect...?
""ira"" wrote in message
news:[EMAIL PROTECTED]
> hallo Qos !
>
> I have 5 types of traffic: A, B, C, D, and E.
> I want to reserve 20% of bandw for each type.
> If I have
Newell Ryan D SrA 18 CS/SCBT wrote:
>
> > A collision could happen at the other end of the network
> segment.
>
> I thought on 10BaseT net a NIC was notified of a collision by
> its RX pin
> getting data. So if Station A was transmitting and it was on
> bit 27 and
> station B
> started TX and by
I have a PIX sitting behind a DSL router with a public DHCP address. I
would like to do the following:
1) If a www request comes in send to host A (10.0.0.111)
2) If a PCanywhere request comes in send to host A (10.0.0.111)
3) If a AH request(authentication header - needed for my VPN tunnel
es
I believe you can also route to a 20.x.x.x ... not sure though
- Original Message -
From: "Lauren Child"
To:
Sent: Monday, February 24, 2003 12:40 PM
Subject: Re: Network Blackholes. [7:63620]
> My understanding is that there are some IP addresses that will never be
> reachable so you
What is the timer for the CAM table? Is it still set to 5 minutes, the
default? If so and you really do have asymmetric routing, then unicast
packets might indeed get flooded. With asymmetric routing a switch can lose
track of which port to use for a MAC address. This happens when replies come
back
Larry,
Thank you for your reply, however what I was speaking of did not
involve SSL. I know this may seem strange I know I am not mistaking. I
checked with my Cisco instructor and he also remembered the exploit.
The instructor even verified the passwords and config on the router. I
am ass
Blackholing is frequently used to block traffic to known 'bad' addresses, or
to alleviate a (D)DoS attack victim's woes.
Using ACL's is not the preferred way however - just route traffic to nul0
(use no icmp unreachables too ... )
Google can be your friend!
Thanks!
TJ
-Original Message-
hallo Qos !
I have 5 types of traffic: A, B, C, D, and E.
I want to reserve 20% of bandw for each type.
If I have no traffic (or less than the reserved
20%)for some of the types, I want that this remaining
bandw to be allocated to the other types of traffic,
but in a priority way : Ahttp://taxes.y
There is an SSH telnet issue in the IOS. An attack can made
with SSH, but it is supposed to be fixed
in later versions of ios. We have switched to SSH on the
cisco campus using the new version that fixed
the bug.
Larry Letterman
Network Engineer
Cisco Systems
- Original Message -
From:
hanan
[GroupStudy removed an attachment of type application/ms-tnef which had a
name of winmail.dat]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63631&t=63631
--
FAQ, list archives, and subscription info: http://www.groupstud
I recently passed my CCNA, and I am interested in starting on my CCNP.
I am taking classes at a local college that offers 10 week classes based
around each of the 4 tests. Basically the CCNP path lasts 40 weeks. I
start in the fall and I wanted to get a jump start on my learning as I
have bee
My understanding is that there are some IP addresses that will never be
reachable so you route those to null to prevent them being used in DoS
attacks etc. These are called "blackhole routes"
I dont know if thats what you were thinking of?
Message Posted at:
http://www.groupstudy.com/form/read.
A good, relevant quote from one of the SANS instructors: (Eric Cole, IIRC)
"Prevention is ideal, but detection is a must"
I.e. - stopping the attack altogether is the best possible outcome, but
failing that you must be able to know that something -has- happened or -is-
happening.
Other
I was told that there was a telnet security hole in Cisco's IOS. I was
told there was a way where you could specify a level to telnet into and
doing so could over ride passwords set on the VTY term. Does any one
know if this is true? Second has it been patched in IOS 12.x? and
lastly how is
Stuart Pittwood wrote:
> How do I configure the router (Cisco 1720) at our remote site to forward
> DHCP requests back to our Windows 2000 DHCP server at the head office?
Look at 'ip helper-address'.
Regards,
Marco.
Message Posted at:
http://www.group
I used Caslow, found it really good, also used the new Cisco Press book
(both the R&S,l and the lab). Even if you are studying for your written
exam, it sometimes really helps to go through what you are learning in a
lab environment
The Long and Winding Road wrote:
>
> a couple of comments in-
Hi all,
A simple DHCP question for you.
How do I configure the router (Cisco 1720) at our remote site to forward
DHCP requests back to our Windows 2000 DHCP server at the head office?
IOS Version is 12.0(3)T & both routers are identical
Cheers
Stu
Message Posted at:
http://www.gr
AFAIK blackholes in networking have to do with reachability or more
accurately lack thereof not something you block via access-lists. I
suppose you could create blackholes with access-lists though;)
Dave
Manoj Ghorpade wrote:
> Hi All,
> Have a question for all the networking guru's.
> Can
R1---WAN-R2
||
PC1 PC2
PC1:10.1.1.1/24
PC2:152.1.1.1/24
ip nat inside source static 10.1.1.1 195.1.1.1
!
int e0
ip add 10.1.1.2 255.255.255.0
ip nat inside
!
int s0
ip add 195.1.1.2 255.255.255.0
ip nat outside
!
ip route 152.1.1.0 255.255.255.0 Serial0
int e0
Every 1 minute and 30 seconds the switches (6509 and 5500) are flooding
traffic.
The CAM agingtime content is changing more than the expected.
The Spanning Tree are stable. There is minimum TCNs on the network.
We are looking at some of the MAC addresses to see if they are valid
stations.
Other
Team,
Finally I am able to have access to an AP1200, I want to thank Jim Brown for
his kindness of making this device available to me behind the DMZ. I have
full access to it, I am able to connect to it via my browser or via telnet
without problem, very easy to configure but my dilemma is the follo
Hi All,
Have a question for all the networking guru's.
Can somebody explain me the concept of network blackholes.
Any idea how to block these on the router using access-lists ?
Regards
Manoj Ghorpade.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63620&t=63620
--
I HOPE YOU CAN SEE THIS PICTURE
Thank you for your reply
See attached documents
Network configuration is attached as an image and Cisco config maker
File
The event for the following ip addresses:
: Received more recent self-originated
>LSA. Type LS-ASE LSID (172.16.142.144) router (172.16.140.1
Hi Deepak,
I'm not sure if I follow. Say for example you wanted userA to connect via
CHAP and userB to connect via PAP, this would indeed be possible, but usera
and userb, could not have the same username.
Most of the ISP's that i have worked for only accept CHAP since the password
is no passed
I have had problems getting it to install too, search NAI I think there
is an article about it
Symon
-Original Message-
From: PacketEXPERTS [mailto:[EMAIL PROTECTED]
Sent: 24 February 2003 03:25
To: [EMAIL PROTECTED]
Subject: Re: SNIFFER SOFTWARE [7:63586]
Really, both of my installs s
hello all
I have cisco router,router A with multiple WAN links
connected to it. on this LAN we have checkpoint f/w
having default route pointing to internet router .
The default route on router A points to ethernet ip
add of f/w. However I cannot ping from router
tofirewall (the ethernet of f/w)
I
Hi All,
Just passed CID. Thank's for all exam related info.
Regards,
Chris A.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63614&t=63614
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
all,
I have 2 cisco catalyst 1900 switches with VLANS
configured on it when I tried to enable trunking on
both of the trunk ports and make the two catalyst 1900
switched run VTP vlans information just can't travel
across the switches, appreciate if anyone with similar
problems tell me what to do
72 matches
Mail list logo