Can someone explain what these ACLs do ???
When applied to an interface (in)
Interace e0
!
!
ip access-group 194 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache same-interface
!
access-list 194 deny ip any any
access-list 195 deny udp any gt 1024 an
Not sure if IPX is used, but this will block any incoming/Outgoing IP
traffic correct...
I will investigate more and get back...
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62929&t=62843
--
FAQ, list archives, and subscription
Qn?
Does Trace route path below indicate the exact interfaces/IP addresses
it phyicsally goes thru.to get to these device interfaces,OR there are some
hidden Device Interfaces that are not seen/shown on it's way to reach it
destination ???
I want to know if I can rely on traceroute to come up with
Qn?
Does Trace route path below indicate the exact interfaces/IP addresses
it phyicsally goes thru.to get to these device interfaces,OR there are some
hidden Device Interfaces that are not seen/shown on it's way to reach it
destination ???
I want to know if I can rely on traceroute to come up with
Thanks Howard,
So it wont show the complete path of routers or switches it goes thru..
What about Extended traceroute ??
thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63139&t=63078
--
FAQ, list archives, and subscription in
Hi Mike, all
I have come accress this problem when connecting Novell Servers/Clients to
Cisco switches, the solution is two things.
1/ enable spantree portfast on these cisco ports by:
set spantree portfast 6/3 enable
But be carefull this is good idea only for ports connecting to a single host
i
Hers is what I would do with a /30 subnet:
RtrA s0 -192.168.0.1 (192.168.0.0/30-link)RrB s0 192.168.0.2
For Router A to B I would use /30 subnet instead of using all /24
Here is how: interface Serial0
> ip address 192.168.0.1 255.255.255.250 (/30)
(this way u hv 4 Addresses, but u c
Correctioin on Subnet Mask /30 = 255.255.255.252 (Not .250)
so Here is correct Sbnet Mask Info:
Hers is what I would do with a /30 subnet:
RtrA s0 -192.168.0.1 (192.168.0.0/30-link)RrB s0 192.168.0.2
For Router A to B I would use /30 subnet instead of using all /24
Here is how: inte
We have a PIX 520 with Software Version 5.1(1)
with a 1.44M floppy drive.
with 128M of DRAM
and 4 ethernet Ports.
Problem: I can Not recover the Enable password:
Here is what happens:
When I boot it up, It beep twice with long beeps, then another short beep.
loads up to the normal prompt PIX520
I have seen some PIX configs with NO global (outside) 1 . command
but only see NAT (inside) 1 0 0 command .
Does that mean all traffic is allowed to go out ???
Can someone expaln.
Thanks
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45676&t=45676
---
Thanks Ole,
I just noticed the nat 0
Here is how this old PIX is configured:
nat (inside) 0 216.119.xx.0 255.255.255.0 0 0
static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0 0
0 -- why same IP for both??
static (websvers,oustide) 216.119.xx.240 216.119.xx.240 ne
Thanks Ole,
Yes I see some access-lists like:
!
access-list JPS permit ip haost 216.119.x.6 host 166.90.1xx.50
access-list JPS permit ip 216.119.xx.0 255.255.255.0 166.90.1xx.48 ...
!then some crypto map entries as follows:
crypto map jps 1 ipsec-isakmp
crypto map jps 1 match address jps
crypto
OK
Good to know,
I will forget this Old PIX config and will look into more
newer PIX 6.2 configs. Thanks for the advise.
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45709&t=45676
--
FAQ, list archives, and subscripti
I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static
and Conduit commands with fixup protocol smtp 25.
I Don't understand the static (inside,outside) global-ip local-ip ...
when I compare it with the below stated static command:
static (dmz2,dmz1) 172.16.1.10 10.1.1.1 net
I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static
and Conduit commands with fixup protocol smtp 25.
I Don't understand the static (inside,outside) global-ip local-ip ...
when I compare it with the below static command:
static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 25
Hi Daniel,
Thanks for clarifying that Static is (High,low) low high
the only thing is that, dmz2 is shown to be on the outside
(1st tier netwk), dmz2 (2nd tier netwk) or private network, where 10.1.1.0
network is.
If this is the case then, should it be written as:
static (dmz1,dmaz2) 172
HI Daniel.
Apprecite your reply ,, I still have one last Qn? if I may..
If we assume dm2 is (high) and dmz1 is (Low) - as in the book, then static
cmd IN THE BOOK is shown as:
static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255
conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0
Can someone explain if B and C are the correct answer??
I thought static with conduit alolows traffic from High interface to low
interface , Please correct me if otherwise.
Practice test for:
Cisco MCNS 2.0 Test #2
Incorrect. Your answer was: B D
The correct answer(s): B C
Which of the following
Tribavan,
Thanks for the correct info.
Ok, Why then static command starts with (high,low) then low addr then High
addr ???
for example: static (inside,outside) 64.114.40.1 10.1.1.1 netmask
255.255.255.255 0 0
Thanks again.
Sarkis Karagozian
CCNA, CCNP.
Preparing for Cisco MCNS exam.
Message
Can someone tell me the right Answer for this Qn?
I thought traffic should originate from high interface to low interface as
in the static command?? please explain?
Practice test for:
Cisco MCNS 2.0 Test #2
Incorrect. Your answer was: B D
The correct answer(s): B C
Which of the following stateme
Thanks Gax,
I Now have the hang of this static and Conduit commands.
Appreciate yr time.
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=46301&t=46002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/
HI all
BCMS book says: permit ping access thru the PIX Firewall with the
conduit permit icmp any any command, letting hosts on the inside ping
outside hosts.
Does this mean I can't ping the dmz interface?? and it only allows pings
from inside Interface to the Outiside global hosts ??
for exampl
Hi Gaz,
Thanks for yr the explanations. (I am refering to MCNS Man.p.5-41)
So infact it should be: conduit permit icmp any any echo-reply
for allowing icmp replys back in from ouside or dmz.
Also why then Iwas able for example: ping outside 4.22.122.10
But, Not able to ping dmz 199.16.1.3 (unle
Thanks Gaz,
That's exactly the case.
Now I understand it well.
Brgds,
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=47246&t=47193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Rep
The VBR-NRT parameters musr matche the ATM Carrier Switch settings.
So If the Carrier ATM Switch is set for UBR then You can't just change your
ATM interface parmaeters from UBR to VBR/NRT.
You have to match the Carrier ATM Switch settings only.
Also try: sh atm vc
to see the VPI/VCI values of p
Edward,
Since you are using PPP Authentication Chap, it requires that both sides
send (same) user name xx and Password .. to each other (Handsahing
using chap) after dialup, to authenticate each other both ways, then start
data transfer.
So, on Router B, u need to add:
username HQ-3640-T
Hi Frederico,
Yes, You you need to use :
Interface e0 (for eaxample on remote router)
ip helper-address 172.16.2.255
(to reach all servers on subnet 172.16.2.0 from the remote routers)
Hope this helps
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61270&t=61249
---
Yes, According to Cisco BSCN Book (Building Scalable Cisco Networks)
pages 88-91.
and Exam Cram book ACRC (Advanced Cisco Router Congirn) pages 46-47.
mentions using ip helper-address to forward to a directed broadcast address
(ie. for this specific subnet 172.16.2.0 where the servers reside)
Reme
HI Hamid,
This seems to be a password or Username Authentication Failure)
you can try to delete and re-enter the username and password for that group
on the ACS/AAA server.
Also is there a Firewall before accessing/Authenticating to the ACS server?
This is not passing the User Authentication pro
Wll Hamid ,
The Local means you must be able to use the Local Username xxx and
PAssword yxyxyxyxy on the local router config. as a last resource
which is the case now
So u shd be able to log in to the router itself, if AAA/ACS is not available.
IS this happening on all the routers/Switche
Priscilla,
Thanks for clearing that, infact I was not sure about enableing Directed
broadcast on a interface with IP helper-address.
Thanks for the explanation.
Sarkis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61322&t=61249
---
HAmid,
One thing u can do is, on the ACS/AAA server clear and re-enter the the
shared KEY xxx.
Qn? have u tried connecting directly into the Console port of 3660
and enter the Local Username , Password.
Also are u trying to telnet into the 3660 ? or directly connecting to
Console Port ... an
Alexandru,
Your commands are correct but,
You need to apply ACL 100 to an interfcae with in/out command like:
conf t
Interface s0
ip access-group 100 out
(to only permit those specific hosts out of intf s0)
Hope this helps
You can refer to some some CCNA/CCNP books for more info.
Message P
33 matches
Mail list logo
