Check this link http://cisco.by.com/browser.aspx?url2=http%3a%2f%2fwww.cisco.com%2fen%2fUS%2fdocs%2fios%2f12_3t%2f12_3t8%2ffeature%2fguide%2fgtcallik.html#wp1027188
Sent from my iPhone On May 8, 2010, at 11:02 PM, [email protected] wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. Re: Call admission limt (Sumit Mahla) > 2. route-maps and vlan maps (Kingsley Charles) > 3. Re: Lab 1a, Task 1.2 - RIP Authentication (Johan Bornman) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 9 May 2010 09:43:15 +0530 > From: Sumit Mahla <[email protected]> > Subject: Re: [OSL | CCIE_Security] Call admission limt > To: <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > > > > > > Any Suggestions? > > > > > > > > From: [email protected] > To: [email protected] > Date: Sun, 9 May 2010 00:18:49 +0530 > Subject: [OSL | CCIE_Security] Call admission limt > > > > Hello All, > > i want to restrict call admission limit of the router to 60%... but > i do not find the option to specify it in percentage... > > > SECUREME(config)#call admission limit ? > <0-100000> Total charge > SECUREME(config)#call admission load ? > <0-1000> Multiplier, value at 100% load > > > Can some body please help me by explaining me what does this mean by > Total charge and the Multiplier value... > > > Thanks > > > > Catch the changing security environment Get it now. > _________________________________________________________________ > Bollywood This Decade > http://entertainment.in.msn.com/bollywoodthisdecade/ > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100509/9d4a2015/attachment-0001.htm > > ------------------------------ > > Message: 2 > Date: Sun, 9 May 2010 10:20:24 +0530 > From: Kingsley Charles <[email protected]> > Subject: [OSL | CCIE_Security] route-maps and vlan maps > To: [email protected] > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi all > > route-maps and vlan access-maps nearly are of same architecture. > > At the end of vlan- access map, we need a dummy vlan access-map with > action > forward that ensures the un-matched traffic are not blocked > > Switch(config)#*vlan access-map block_arp 10* Switch > (config-access-map)#*action > drop* > Switch (config-access-map)#*match mac address ARP_Packet* > Switch(config)#*vlan access-map block_arp 20* > Switch (config-access-map)#*action forward* > > Do we need dummy route-map entry to ensure that the unmatched are not > dropped as following: > > But, I check in my router and it seems we don't need to that dummy > entry. > > route-map test permit 10 > match ip address 1 > match route-type internal > set interface Serial0 > route-map test permit 20 > > > > With regards > Kings > > > With regards > Kings > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100509/016930e6/attachment-0001.htm > > ------------------------------ > > Message: 3 > Date: Sun, 9 May 2010 07:02:31 +0200 > From: "Johan Bornman" <[email protected]> > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > To: "'Tyson Scott'" <[email protected]> > Cc: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Tyson, > > > > Rip authentication is working now, first time. I also know what the > issue > was as I recreated the problem. > > I added a space not at the password string but after RIP on R5 - ip > rip > authentication key-chain RIP<space> > > > > I was thinking the router will complain about RIP<space> as it does > not > exists, but it accepted the incorrect key chain name. > > > > Regards > > > > Johan > > > > From: Johan Bornman [mailto:[email protected]] > Sent: 09 May 2010 06:47 AM > To: 'Tyson Scott' > Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > No, but I got the message J > > > > I am doing rip right now, will let you know in a few min. > > > > From: Tyson Scott [mailto:[email protected]] > Sent: 09 May 2010 06:44 AM > To: 'Johan Bornman' > Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > probably tired of having several people tell you the same thing. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the > Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia > and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at > www.ipexpert.com > <http://www.ipexpert.com/> > > > > From: Johan Bornman [mailto:[email protected]] > Sent: Sunday, May 09, 2010 12:04 AM > To: 'Tyson Scott'; 'Piotr Matusiak' > Cc: 'Kingsley Charles'; [email protected] > Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Tyson, > > > > I checked that a few times by reconfiguring the password and I am > pretty > sure there was no space. I will lab it again now, will let you know. > > > > Thanks for the reply. > > > > Johan > > > > From: Tyson Scott [mailto:[email protected]] > Sent: 08 May 2010 07:36 PM > To: 'Johan Bornman'; 'Piotr Matusiak' > Cc: 'Kingsley Charles'; [email protected] > Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Johan, > > > > On the router you most likely have a space after the password. Your > password is most likely "ipexpert ". There are no bugs with running > rip > between a router and the ASA with authentication. I am doing it > right now > on my rack without issues. > > > > As the ASA has the password with following strings it is most likely > not the > ASA that has the problem. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the > Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia > and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at > www.ipexpert.com > <http://www.ipexpert.com/> > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Johan > Bornman > Sent: Saturday, May 08, 2010 6:05 AM > To: 'Piotr Matusiak' > Cc: 'Kingsley Charles'; [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Yes, checked/reconfigured it a few times. > > > > From: Piotr Matusiak [mailto:[email protected]] > Sent: 08 May 2010 10:49 AM > To: Johan Bornman > Cc: Kingsley Charles; [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Are you sure you have the same key on both sides? A common mistake > is when > ppl adding space after the key. > Just a thought. > > 2010/5/8 Johan Bornman <[email protected]> > > Thanks, Kings. > > > > I am busy doing that. > > > > From: Kingsley Charles [mailto:[email protected]] > Sent: 08 May 2010 10:08 AM > > > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Not sure Johan what could the problem :-( > > You can paste the error message on google and see many reasons/ > suggestions > for the issue. > > > > That's how I solve some issues, > > > > With regards > > Kings > > On Sat, May 8, 2010 at 1:35 PM, Johan Bornman <[email protected]> wrote: > > Kings, > > > > No change after shut and no shut. > > > > Johan > > > > From: Kingsley Charles [mailto:[email protected]] > Sent: 08 May 2010 09:39 AM > > > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Try this Johan. > > > > Apply the authentication, shut both the ASA and router's interface > and then > unshut after sometime. > > > > With regards > > Kings > > On Sat, May 8, 2010 at 1:03 PM, Johan Bornman <[email protected]> wrote: > > Kings, > > > > I reloaded already, no change. > > > > The EIGRP and OSPF authentication in later tasks works fine. > > > > The rip updates are good when authentication is removed. > > > > Johan > > > > From: Kingsley Charles [mailto:[email protected]] > Sent: 08 May 2010 09:29 AM > To: Johan Bornman > > > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Johan, your config seems to fine. It just tries to see, if the hash > matches > and ignores when it doesn't match. > > > > May be you can try to reload ASA once :-) > > > > > > > > With regards > > Kings > > On Sat, May 8, 2010 at 12:54 PM, Johan Bornman <[email protected]> > wrote: > > Kings, > > > > I re-entered the key but there is no change. > > > > Johan > > > > From: Johan Bornman [mailto:[email protected]] > Sent: 08 May 2010 09:16 AM > To: 'Kingsley Charles' > Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > I have but will give it another try. > > > > From: Kingsley Charles [mailto:[email protected]] > Sent: 08 May 2010 09:15 AM > > > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > > Can you try re-entering the rip authentication key on the ASA with key > "ipexpert" again. > > > > > > > On Sat, May 8, 2010 at 12:34 PM, Johan Bornman <[email protected]> > wrote: > > Yes > > > > From: Kingsley Charles [mailto:[email protected]] > Sent: 08 May 2010 09:01 AM > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP > Authentication > > > > Did you enable version 2 on both the sides? > > > > > > On Sat, May 8, 2010 at 12:14 PM, Johan Bornman <[email protected]> > wrote: > > Hi, > > > > My config as per the solutions guide, but I am having RIP > authentication > issues, according to the debugs. > > > > ASA Config > > interface Ethernet0/1 > > nameif Inside > > security-level 100 > > ip address 10.2.2.10 255.255.255.0 standby 10.2.2.11 > > rip authentication mode md5 > > rip authentication key <removed> key_id 1 (removed=ipexpert) > > > > Debug: > > RIP: sending v2 update to 224.0.0.9 via Inside (10.2.2.10) > > RIP: build update entries > > 0.0.0.0 0.0.0.0 via 0.0.0.0, metric 1, tag 0 > > 10.7.7.0 255.255.255.0 via 0.0.0.0, metric 1, tag 0 > > 10.8.8.0 255.255.255.0 via 0.0.0.0, metric 1, tag 0 > > RIP: Update contains 3 routes > > RIP: Update queued > > RIP: Update sent via Inside rip-len:112 > > RIP: ignored v2 packet from 10.2.2.5 (invalid authentication) > > > > R5 Config > > key chain RIP > > key 1 > > key-string ipexpert > > > > interface FastEthernet0/1.2 > > encapsulation dot1Q 2 > > ip address 10.2.2.5 255.255.255.0 > > ip rip authentication mode md5 > > ip rip authentication key-chain RIP > > > > Debug: > > R5# > > *May 8 06:40:14.311: RIP: received packet with MD5 authentication > > *May 8 06:40:14.311: RIP: ignored v2 packet from 10.2.2.10 (invalid > authentication) > > R5# > > *May 8 06:40:15.675: RIP: sending v2 update to 224.0.0.9 via > FastEthernet0/1.2 (10.2.2.5) > > *May 8 06:40:15.675: RIP: build update entries > > *May 8 06:40:15.675: 10.1.1.0/24 via 0.0.0.0, metric 1, tag 0 > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please > visit www.ipexpert.com <http://www.ipexpert.com/> > > > > > > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please > visit www.ipexpert.com > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100509/6c782e7d/attachment.htm > > End of CCIE_Security Digest, Vol 47, Issue 142 > ********************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
