Here is an example of a named ACL to Block Specific even HOST sources to
destination port 23 to the address you specified. You can use:
ip access-list extended BLOCK_TELNET_EVEN
deny tcp 192.168.2.0 0.0.0.254 host 192.168.1.254 eq telnet
permit ip any any
Just practice and play
Robert,
Yes.. You absolutley CAN... See previous reply...
Robert Perez wrote:
You would have to do each host individually as:
access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq
23
You cannot choose only even addresses with any kind of command.
Atleast not
that I am
Hi,
Have you considered something like this..??
dlsw icanreach netbios-exclusive
dlsw icanreach netbios-name Name
Also.. you will only see this in your local capabilities..
HTH,
Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75216t=75192
Yes... ISIS routing L1,L2,L1-L2 is a requsite on the CCIE Bluprint..
-Sal
PPC-DAT Ep-Ng-Ist wrote:
Is IS-IS tested on the ccie lab exam?
Rgds,
Akpome.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74514t=74508
--
Matthew,
In your current configuration you have a route-map com1 with a
sequence of 10 in which BGP will look at first as you recieve updates from
neighbor R1. Now, within that route map you have specified match ip address
3, so in acl 3 you are PERMITTING 10.3.2.0/24 and then set acl 3 to
That's Great... :)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73721t=73717
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
Yes, I find it to be a very good practice.. you should also activate the
aggressive mode. Normal UDLD takes 90 seconds to bring down a UDLD link.
Aggressive mode will bring it down in 15 seconds. Here is a good link on
Best Practices for Catalyst Switches..
http://packetstormsecurity.nl/defcon10
This is a Bug with Microsoft compatibility with the 3550 and EAP's. I have
seen this before.. but I cant remember the BUG ID.. you might want to
contact your local TAC engineer and find out..
-Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73622t=73586
Juan Blanco wrote:
Team,
Your opinion is always accepted as a good advice...Question if
you are at a
point where
you are running out of time for the lab, what will be more
efficient, take
the lab (spend $2000[traveling and the lab fees]) or let your
written
qualifications expired and
If I am not mistaken... port 3/19 is your culprit..
-Sal
Walker, James - Is wrote:
Dave,
Blade 3 is bad. Open a TAC case, if you have support, and get
the blade
replaced.
Jim
-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 3:49 PM
Hi David,
The vlaues start at Zero. See below..
From Cisco Error Decoder:
%SYS-3-SYS_LCPERR3:Module [dec]: Coil [dec] Port [dec] stuck [dec]
times([dec] due to lcol; [dec] due to notx)
This message indicates that the module has detected a problem with the port
ASIC. The module has
Ahh yes.. you can do this also.. pending you have 12.0(5)T or later. The
only issue with that is you might want to modify the frame-relay end-to-end
keepalive timer As you stated, Within the 15 second intervals x3 you are
looking at a good 45 seconds before the WAN interface goes down down ,plus
?
If there's something good to see, please let me know the URL or
book.
Thanks.
On Sat, 12 Jul 2003 02:58:51 GMT
Salvatore De Luca wrote:
nobody When you have a FR connection, you have a dedicated
circuit to your provider
nobody which then on taps into the frame cloud. So consider it
alomost
When you have a FR connection, you have a dedicated circuit to your provider
which then on taps into the frame cloud. So consider it alomost like a
point-to-point link to your local Carrier and then from there you connect
within the providers Frame Switch into their Frame Relay cloud. Now, when
Here is a plain sample of a 3550 trunk config on one side...
interface FastEthernet 0/24
switchport trunk encapsulation isl
switchport trunk allowed vlan 1-158,160-4094
switchport
Yes, you need the create for multiple spans.. no the destination does not
need to be a trunk..
-Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71716t=71714
--
FAQ, list archives, and subscription info:
You have a BAD ASIC on your module. RMA baby! What kind of module is
it? I have seen many issues with the 6348 blades as ASIC's failing. With the
6348 mod, ASIC's come in 12 port clusters per ASIC.. when the ASIC's fail to
process, you get Coil errors.. You can either, move your connections
Breif example... Your local T1 ciruit to your carrier is Up Up but.. when
you do a sh frame-relay pvc your DLCI shows INACTIVE. Hence why the ISDN
backup interface command does not take effect since the interface is still
up.. even though your frame-relay is not working. This can be caused to
On router A, I have two equal cost paths, via neighbor B and neighbor C, to
a particular EXternal destination.
To begin with, I see both routes in the EIGRP topology table and also in
theIP routing table. I played around with the 'delay' of the connecting
links to ensure that router A sees the
Thank you Daniel for the information.. I wonder if anybody was ever able to
manipulate EIGRP metrics to perform such a task.. I doubt it..
-Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71252t=71220
--
FAQ, list archives, and
Just out of curiosity, how would you create a route-map to modify EXTERNAL
EIGRP specific-routes... since that was the requirement.. Now
that I think about it.. I wonder if something like this would work if I
included it in the prior config?
route-map EIGRP permit 10
set metric +/- (EIGRP
Frame-Relay is a L2 protocol. Assuming with your HUB acting as the
multipoint connection and appropriate map statments exist on the spoke's,
and your routing protocol is configured to compliment all three sites, it
will a spoke will traverse the HUB to reach the other spoke.
Message Posted at:
Thanks Daniel.. I will play with it..
-Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71285t=71220
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure
Sounds like you may want to disable synchronization to get your routes
advertized...
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71079t=71073
--
FAQ, list archives, and subscription info:
Thought this may help...
http://www.cisco.com/warp/public/473/14.html
-Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71041t=71038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report
Thanks Tom.. good explanation! This was my thought to the tee.. Yes I agree
with cisco that it does not hurt to add it to add value to the design.. But
as you just stated.. ebgp-multihop is NOT necessary for load balancing
That was my point all along.. Just wanted to clarify my point so I am not
Understood.. but does the command neigh x.x.x.x ebgp-multihop X by itself
provide load-balancing? I could be wrong.. but from my undrstanding this
just states that you have the capability of peering with neigh that are not
directly connected.. You could very well acheive loadbalancing when 2 EBGP
Hi,
I am inquiring about the internal physical bus layout on the 6509. I have
Dual supes, w/ MSFC2's, running SRM HA, but my quesion relies specifically
on slot 6 and slot 9. I am using CATOS 6.3.5 and MSFC IOS 12.1.(8). Do these
2 slots work on seperate or same BUSES? Basically do these
Not 100%, but the only way I know of accomplishing this is encapsulation
sde for 802.10 traffic under the sub-interface on a standard ethernet.
Someone else may know of a more recent code that can do this without sde.. I
have played with this just for giggles on 11.1(24) and works pretty well..
I personally prefer Peering with Loops myself.. the EBGP multihop command
has absolutley nothing to do with loadbalancing. It it used for peering with
neighbors whom are not directly connected.. There are various ways of
performing BGP load balancing.. Metric..route-maps.. etc.. Pick your flavor.
Is your PVC up?? you can ping your own interface for multipoint connections
if you create a frame-relay map statement to your own IP address pointing to
one of the DLCIs that you have allocated. This will force the ICMP packets
to be sent on the DLCI you've mapped the IP to, sending it to the
I would focus heavily on the Routing. The time and effort you put in to the
routing topics will make it easier for you to apply it to the other tests
such as the Support exam.. or if you decide to go for your CCIE down the
road.. Knowing the ins and outs now, will make it easier to spot the tricks
Hi All,
I am trying to better understand a particular BGP scenario, thought
someone might shed some light. This is probably very simple, i am just
missing the punchline. If you have 2 routers, one let's say running in AS100
the other running in AS200, and you had to EBGP peer with 128.1.1.254
I believe i is $1650.00 for full registration. I found a site that has
information on the 2002 costs and frequently asked questions.. hope this
helps..
http://www.juicemedia.com.au/cisco/networkers2002/faqs.htm#4
Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66922t=66920
If you were given the networks:
192.168.1.0
192.168.2.0
192.168.3.0
192.168.4.0
192.168.5.0
192.168.6.0
192.168.7.0
192.168.8.0
192.168.9.0
192.168.10.0
192.168.11.0
192.168.12.0
192.168.13.0
192.168.14.0
192.168.15.0
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
How would I create a
I have to agree that it is a bit silly, dangerous, and should not be done on
a production enviornment.. but so are a lot of scenarios on the CCIE Lab..
Just to add to the sillyness:
Not sure how this would work, but you can try it.. have you tried as-path
manupulation? From what I can see you
anytime... ;)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66931t=66920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I was thinking maybe.. 192.168.1.0 0.0.254.255 because all the odd's end in
a 1 bit for the 3rd octet.. just wanted to be sure.
Thanks
Sal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66935t=66927
--
FAQ, list archives, and
You are both right.. but the problem scenario does'nt give you that mutch
info.. I am trying to deduce all and any ways of going about possible
peering 128.1.1.254. The scenario does not specify if it is a directly
connected peer on the lan segment. That is why I tried updating the source
to the
I hear ya.. that's why if this was a TEST situation, the statement:
ip as-path access-list 1 permit _2_ ! _2_ _1$ would permit routes
traversing AS2 but deny any routes traversed though AS2 Originating in AS1.
In which case 150.50.200.0 aggregated element should be the nlri Fresh
Route point for
Agreed by me.. the trick is it seems that we want to remove AS1 from the
AS-path without filtering the whole IP Block. As long as AS2 Can Create the
route you want advertised to R3,(Network Statments pointing to Null route
injections will do this and put it in the BGP table). You can then filter
41 matches
Mail list logo
