And for IOS nat'ing you can use policy routing to determine egress interface
and thus NAT pool, which determines source address of outgoing traffic,
which can be useful in controlling inbound traffic flow. YMMV But, this can
be very useful when you are trying to do network gymnastics or inflict
Priscilla Oppenheimer wrote in message
news:[EMAIL PROTECTED]
s vermill wrote:
Nate wrote:
We've run a bandwidth test on our DS3 with nothing connected
to
it but a
workstation (and obviously a router/pix). We went to
testmyspeed.com as
well as dslreports.com. We both
Increase the speed of light.
By increasing the speed of light you will increase the speed of your
file transfer. Ask management to fund advanced research into light
accelerators, then wait to do your transfers after light has been speed up
by a few orders of magnitude. (This works best for
Can you create bandwidth graphs based on CAR policies? I would like to be
able to create multiple policies matching access lists on an interface,
and
graph them separately to find out how much usage each policy is seeing.
I had this problem 3 years ago and didn't quickly find a MIB which
As others are saying, get the carrier involved. Do some loopbacks with
their
help. (Do loopbacks still make sense with DS3? I've only worked with DS1).
Regardless, I think you've done the requisite testing and swapping on your
side. Time to hassle the carrier.
I haven't been reading
As others are saying, get the carrier involved. Do some loopbacks with
their
help. (Do loopbacks still make sense with DS3? I've only worked with DS1).
Regardless, I think you've done the requisite testing and swapping on your
side. Time to hassle the carrier.
I haven't been reading
within one classful
boundary then you could lean on this behavior to build a split-tunnel.
YMMV as I doubt microsoft is committed to keeping this quirk and I can't
recall which of their clients behaved which ways, just that this behavior
has been extremely common.
Best of Luck,
Darrell Newcomb
distance and medium quality demands much so more digging would be in order.
Good Luck,
Darrell Newcomb
Netswitch Technology Management
http://www.netswitch.net
Ismail Al-Shelh wrote in message
news:[EMAIL PROTECTED]
I have read the MXL-2300 Brochure its really not complicated like Cisco
DSL
Albert Lu wrote in message news:[EMAIL PROTECTED]
how quickly can you respond to your alerts? Since for some attacks, a half
hour response time could cause your site to be down (eg. slammer virus).
If
that was the case, even if you had all the vendor's IDS, it will be
useless.
Just to soapbox
Luck,
Darrell Newcomb
http://www.hayaitacos.net/mpeer/
CiscoNewbie wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi all. Here is a scneario that I need your help on:
I have a RAS server that has 2 ethernet interfaces for egress traffic.
The
IP addressing on each i
right now and it works under
simple failure modes.
Best of luck and if you've got the time to share more details about what is
desired the group can make more suggestions,
Darrell Newcomb
darrell(at)hayaitacosnet
http://www.hayaitacos.net/mpeer/
Home of the Managed Peering Service
Jim Devane
Since there isn't enough details and the answers to Priscilla's questions
would help us. I'll continue the speculative guessing game with a few spare
minutes.
When I read the description I thought Jason meant that he made (one) request
to a webserver which was taking a VERY long time to
specific cases,
though I am NOT recommending anyone do this. Just wanted to share knowledge
that it is possible to make it work in a stable fashion on the PIX as
well...of course every software upgrade has the potential to break this
unintended(by Cisco) use.
Darrell Newcomb
http://www.netswitch.net
The Long and Winding Road wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
MADMAN wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hmmm, IOS imgaes that are approaching, (in some cases exceeding) 20M ;)
speaking of which, how big would the same IOS image be
Well logically you'd have problems with the 2nd condition regardless of IOS
restrictions. To use a few situations to describe why is probably easier to
follow the 2nd condition.
Some OSPF Network--Router A(device under consideration)---Router B
1) RouterA received default via OSPF and passes it
Typo below
3)Now maybe your entire network is just Router's A,B,andC. Then RouterC
would have a default learned from somewhere else and hopefully a lower
admin
distance than the default seen from RouterA. Then you could have a
survivable situation where RouterA can originate a new default
Xueyan's comments about changing permit and deny's would work.
But I think the big thing you are missing here is you're tagging something
no-export on the way out of AS34. That will pass the route to the
neighboring AS and then they shouldn't pass it on to their neighboring AS's.
If you wanted
What eric is refering to is a couple different items. One is the forward
lookup of the name given on the command prompt, which I don't recall any
traceroute implementations which cause high latency for that.
Secondly is the reverse lookup many traceroute's will do if you give an IP
address as the
Have you observed any problems with long lived tcp sessions besides this bgp
session?(Of course that'd be for sessions not dependant upon the routes
learned/announced via the troublesome session)
Have you looked to see if the link state changing(rapidly) and causing the
bgp session to be
The load shown in your sh int's is that of the % on output rate not some
combination of both input and output. If you look at your interface's
input rate 47 bits/sec you'll see it's quite close to 512kbps or a
high load.
John Botha (Mnet) wrote in message
[EMAIL PROTECTED]">news:[EMAIL
Interesting. Wish I could provide a direct answer.
Aside from NOT using BVI's :) I usually like to just make the assumption
bvi's are going to be process switched to be safe which works for the small
environments I've used them in. And they usually are process switched for
interesting packets
It'll work however:
1)You're not offering much security unless the conduits are for
protocol/applications of a completely benign nature, which I'm confident the
probably are not.
2)By doing this the data traveling between wireless clients and these
opened(conduit) services are at risk of being
Not that this is directly going to do much for you, but seems fine from
here.(See below)
Are you walking the tree and observing a problem? With which root server
did you observe issues?
Or are you seeing things through a caching dns server? Is the cache
polluted?
server 192.5.5.241
Default
Kevin Wigle wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
W2K/XP does that automatically. If you have the icon turned on in the
system tray for the nic, you will see when the cable is unplugged and when
it is plugged in again. (you don't need it turned on to work)
this has
Because pre-W2K windows didn't automatically try to renew a lease when the
ethernet interface comes back up after being down. So...if the old lease
hadn't come up for renewal during the time the machine moved from point A to
B.the users don't automatically get connectivity.
Lots of options
Yes that darn business driver of selling more transport. Reminds me of my
days at a PTT doing research for applications to drive transport. Seeing
the big picture is usually very helpful, people don't buy transport for no
reason. If you're not the PTT or cable based telco then selling
://www.cisco.com/warp/public/471/ttcp.html
Sorry for not responding earlier I'd been on the road.
Darrell Newcomb
darrell(at)netswitchnet
Technology Advisor, Netswitch
http://www.netswitch.net
sam sneed wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Does anyone know where I can ge
on or do independant evaluation of the
proposals.
Hope this helps a bit and Good Luck,
Darrell Newcomb
Technology Advisor, Netswitch
http://www.netswitch.net
So, what have you folks run across?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5439
I don't really have much to say about fetchmail specifically, but two
comments which are probably useful.
Sounds like you really want to speed up fetchmail, not just monitor it. I
don't have any great suggestions about monitoring it other than parsing logs
like any other service you can't
As dre said squid works great. Has worked great for a long time and I don't
see any reason for it to stop being good.
The available tools for log analysis are broad and pretty good, better than
those of the commercial vendors I've seen. The tools for content filtering
on squid(though I don't
. And what device do each
of these destinations port represent
-Output of sh spant stat
Good Luck,
Darrell Newcomb
[EMAIL PROTECTED]
Consultant, Netswitch--Turning your Needs into Results
http://www.netswitch.net
BTW, Netswitch has been Serving Indonesia since 2000
Hitesh Pathak R wrote in message
On the outbounds side the ISP has already incurred the expense of
transporting the outbound data to the edge router the customer is connected
to. So delivering the traffic within reason would be in everyone's best
interest.
On the inbound side the pricing model for rate limited service which
Short answer would be not unless the volume of data was a problem or the new
configuration caused packets to be switched(proccess, ...) in a different
manner than before.
I think you want to do:
int fa0/0
ip addr 205.109.29.x(where x is 128) 255.255.255.128
ip addr 205.109.29.33 255.255.255.224
and R2 are both attached to
the same switch getting L2 forwarding of R1's mac wouldn't be hard along
with setting the MAC of R2's interface. Not sure if that'd work in your
environment though.
Good Luck, Darrell Newcomb
Always looking for the next killer project
darrell(at)hayaitacosnet
John
Ejay, I think you mean the one in Sunnyvale on Mathilda just off 101?
With a Burger King and Hobbee's right there as well. Wish I had a URL
to share, but would seem like a good place to stay.
Darrell
Hire, Ejay wrote:
There is a $50/night motel 6 with a denny's in the parking lot that is
From the top of my head the cisco party line on this is to use the
as5300 as a LAC for a 7200/7400/... LNS which would do the MPLS encaps.
Then again there has been a lot of standards work on making the LNS/LAC
communication over MPLS.
There's my two cents for what it's worth. But these
I took some beta exams for CCNP back the last time(?) they reworked the
tests a few years ago. Got some big surprises on questions covering
some odd areas, but they seemed pretty fair. As long as you aren't in a
rush to get results back go for it,
Darrell
Constantin Tivig wrote:
Anyone
nrf wrote:
Chuck wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
in the case of a number of the CLEC's, part of the problem was the old
telco
monopoly that they had to fight.
Maybe it was part of the problem, but not the whole problem. True, the
RBOC's were hindering
You 'could' pass a BGP session with a route-map to set next-hop
correctly for both sides of the session. But you still have the issue
of what routes you are advertising across any NAT.
The challenge you have is extracting value from running some dynamic
routing over a statically configured
I try not to use the following on my networks, but have also never had it
fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client side
buffers that you'll find you can seemingly overload the link without having
any user
This didn't seem to post earlier
I try not to use the following on my networks, but have also never had it
fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client side
buffers that you'll find you can seemingly overload
I try not to use the below logic on my networks, but have also never had
it fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client
side buffers that you'll find you can seemingly overload the link
without having any user
I try not to use the below logic on my networks, but have also never had
it fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client
side buffers that you'll find you can seemingly overload the link
without having any user
I try not to use the below logic on my networks, but have also never had
it fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client
side buffers that you'll find you can seemingly overload the link
without having any user
Hmm the last one made it
I try not to use the below logic on my networks, but have also never had
it fail to deliver service when there was no other choice.
The common streaming of windows media and real have such large client
side buffers that you'll find you can seemingly overload the
Ok this is like the 8th time I've sent this, maybe I'm tripping the new spam
systembut never had a problem posting before.
I try not to use the below logic on my networks, but have also never had
it fail to deliver service when there was no other choice.
The common streaming of windows
You don't need to ask your customers to change their configuration, but
you do probably need to continue to pass them fulls so you need fulls
from your upstreams.
To better control your 'backup' link:
1)To better control your outbound use local pref, but beware you might
recieve some prefixes
One thing to remember if you do the etherchannel for this customer is
the src/dst mac pairs and their respective flows may not be diverse
enough to offer good load balancing. This is the case for most router
to router subnets such as in customer hand-offs like you seem to have.
Yes some of the
If all of my responses get through this will be embarassing.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33318t=33306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and
With the key NT cheap shot being:
It doesn't matter how coherent the file system is if the OS isn't
executing code, but rather rebooting.
'least those crashes proves they wrote a reasonable filesystem.
I really don't have anything against NT. Mainly since I'm not running
it on any of my
The 1201 UI is very close.
Please correct me since it's been awhile since I've run into 1200's.
1)Trunking. You can't do any form of trunking on the ethernet ports.
But having 4000series routers with the FDDI interface might be a good
compromise.
2)Multicast. There are few of the Catalyst
We need more info
What is the state of the underlying network that the VPN is using?
That's basically be traceroutes to the VPN tunnel endpoint. Pings to
the public side of PIX, the pix itself, and the static NAT of the VPN
server.
Have you verified current behaviour between VPN server
Ok help us help you by providing all the details.
Have you already defined the use of FRF.15, FRF.16, or FR/DS3 for this
8Mbps of traffic?
Is the 8Mbps of traffic 8Mbps in each direction or an in+out sum to
reach 8Mbps?
Is the 8Mbps a 95%-tile or a peak?
Darrell
suaveguru wrote:
problem
Man am I having trouble finding time to keep up with the postings.
You need to permit GRE through as well. PPTP consists of a tcp control
session and a GRE data channel. This way loss on the underlying
transport directly affects the data path rather than having the messy
tcp over tcp
I don't think a 1201 would be a good platform. A 2901 on the other hand
would be perfect as long as you can get the images you want to run
loaded. I don't think the newer features for the Cat5k would be
critical in CCNP or CCIE prep.
Darrell
Colin wrote:
Hi,
I am studying for my CCNP
I was presently surprised to see quite a lot of availability for Lab
testing in San Jose. I'll let others comment on comparing to other
exams.
Ed Chuchaisri wrote:
Guys,
I wonder when is the earliest R/S lab available in San Jose if I passed the
written today? I heard that it still
lab. So for a very brief period of time there
are a number of openings available in February. This was certainly true a
couple of months ago when I was trying to book my next attempt.
Chuck
Darrell Newcomb wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I was p
Usually you can easily convince TAC that they should provide you with an
image which is no longer publicly listed, but which is the logical next
step for you to minimize the amount of changes to your already stable
device. However in the face of significant bugs such as PSIRTs or what
not your
My preference in this is to just scope the translation clearing to just
the affected static, then quickly delete the static translation which I
think sridder was saying.
In particularly busy environments an inbound acl on the
internal/external interfaces will keep traffic from triggering the
Yes. One pitfall is I don't think it'll do it's proxy arp for those
addresses, but I can't recall. As long as your forwarding that subnet
directly to the PIX's outside interface it'll be fine.
Darrell
Rizzo, Damian wrote:
Hey all. Anyone know if you can successfully use a PIX firewall with
Not that I think doing this type of stuff on employees is a good idea
I've been in positions where it was needed. By making the HR policy and
have midlevel managers reinforce its existence in meetings you've done a
good part of warning. Then by *allowing* the application's default
behavior you
Check out the Click Array products.(www.clickarray.com) Though one of
the younger vendors in this space they have a very good engineering
team. I should note I've not used any of their products nor am I
affiliated with the company. I've just had involved conversations and
know some of the
I've been reading and posting for a week or so now and figured I'd
introduce myself.
I'm preparing for the CCIE R/S Lab. At this point I'm trying to list
out which areas I need to study. I passed the written with a few days
prep in early December. I've got a CCNA and CCNP. Most of my
with SWBell... It was pretty straight forward... and if I recall, I
didn't even have to specify the DSL PVC (VSI? 0/XX)... which I think has to
be done with the WIC-1ADSL card.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Darrell Newcomb
Sent: Monday
Here is a much better reference. Actual PPPoE instead PPPoEoA. Don't
know when/if it'll be available on the lower end platforms.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fwan_c/wcfppp.htm#xtocid1245615
Darrell Newcomb wrote:
Well actually I meant the PPP
secondary
ip nat outside
--- Darrell Newcomb wrote:
Interesting. I assume you're trying to place global
and locally
addresses machines on the same L2 ethernet and use
secondary addresses
to place the router on both L3 networks. This part
is straight forward,
just remember to disable
Not sure how cisco does PPPoE but shouldn't that make it easier being
that it'd be a seperate interface, no?
Mark Odette II wrote:
Good point there Chuck. I should have paid closer attention to that little
detail in my last post... DOH!
The rest of what I said still stands though, as is
Interesting. I assume you're trying to place global and locally
addresses machines on the same L2 ethernet and use secondary addresses
to place the router on both L3 networks. This part is straight forward,
just remember to disable icmp-redirects on this interface to remove a
couple
Well by taking a meaningful sample of a certification's population you
should cover the variation in experience. Personally I would expect
lower level certifications to have a wider distribution wrt experience
and that should translate into the same in salary.
With small populations(numbers
Good start, RPSL is actually a step forward from RIPE-181. I think RIPE
has the best documentation and surely most widely used RPSL databases.
The IRR as the collection of databases isn't quite perfectly mirrored
nor is the data nearly up to date.
As for the question about the application.
Actually when I first saw the response of routes renewing constantly I
took it to mean that he was recieving large numbers of updates not have
major failure events locally. If my assumption is correct you would see
MsgRcvd MsgSent TblVer InQ OutQ all incrementing quickly as seen through
sh ip
set port duplex full
IOS(interface config mode):
duplex full
Christian Fredrickson wrote:
What is the command to force an Ethernet port on a Catalyst to Full Duplex?
Thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29719t=29718
Woops in CatOS that's set port duplex 5/1 full
Darrell Newcomb wrote:
set port duplex full
IOS(interface config mode):
duplex full
Christian Fredrickson wrote:
What is the command to force an Ethernet port on a Catalyst to Full
Duplex?
Thanks
Message Posted at:
http
73 matches
Mail list logo