subject:"\\31 Mak could it be used on leased lines\(serial\) \[7\:62853\]"

RE: \31 Mak could it be used on leased lines(serial) [7:62853]

2003-02-12 Thread Logan, Harold

It's a feature supported in 12.2.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087aeb.html

Hal

-Original Message-
From: Monu Sekhon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 1:30 AM
To: [EMAIL PROTECTED]
Subject: \31 Mak could it be used on leased lines(serial) [7:62853]

Hi Harold/all,

In your description u mentioned that u can use /31 mask also,

Your comments:
Since the point-to-point link is likely to have a /30 (or
/31 if they're
running 12.2) mask on it

questions is
-

-will the connection work , till now i only know that 30 is
the max mask
used on serial lines .how will we use this 31 mask
- Does this applies only in ios version 12.2 or later as mentioned.
- Do people use these 31 mask
- Can anybody provide me any inf link

Thanx in Advance
(Please refer the description below in thread he mentioned that.)

Over a leased line I can't see the harm in leaving it
running. If someone
manages to get into your router, there's very little target
enumeration they
can do with CDP that can't be done by other means. Since the
point-to-point
link is likely to have a /30 (or /31 if they're running 12.2)
mask on it,
it's not going to be a stretch to figure out the other router's IP.

While disabling CDP is certainly a sound practice on LAN
interfaces, we also
disable it on our switched WAN connections on general
principles. That isn't
a magic bullet by any means though, disabling CDP is security through
obscurity more than anything else. If you're concerned about
unauthorized
access to your routers, then you should consider running
access classes on
your vty lines and AAA so you can audit access to the
routers, if you aren't
already.

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 11, 2003 1:12 PM
To: [EMAIL PROTECTED]
Subject: Re: Why disable cdp for back-to-back serial connec
[7:62798]

Lawrence Law wrote:

Dear Priscilla,

Thank you for your clear explaination.

May be it is better to disable cdp for low speed link, and
security issue.

CDP uses very little bandwidth, so unless it's a really
low-speed link, I
wouldn't turn it off for that reason. Regarding security, if
it's a private
point-to-point HDLC link, then security probably isn't too
much of an issue.
It would be hard for a hacker to see the packets.

On the other hand, if the hacker somehow got into a router
that was running
CDP on any of its interfaces, then the hacker could learn
about one or more
additional routers, and that's not good. You want to limit
how much a hacker
can learn.

It's sort of a close call since CDP is so helpful for
troubleshooting,
though. How about the rest of you out there? Do you disable
CDP like some
security documents say to do?

If often occurs to me these days that we spent the '80s and
'90s developing
all sorts of cool protocols to share info of all sorts, and
were spending
the '00s disabling most of them for security reasons. It's a
crazy world we
live in.

Priscilla

Regards,
Lawrence

Priscilla Oppenheimer wrote in
message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Cisco Discovery Protocol (CDP) is a managment protocol that
allows routers
and switches to tell each other about their IOS version,
hardware
platform,
and basic config info. Some security experts say to disable
it because it
tells too much.

It has nothing to do with bringing the serial interface
up/up. You could
use
it or you could not. The two routers on the HDLC link don't
have to agree.
One could send CDP while the other doesn't and the link
should still come
up/up, assuming everything is OK at the physical and
data-link layers.

It's too bad they used no cdp enable in that simple example
with no
explanation. I don't think it's the default? So someone had
to type it in,
so they should have explained it.

Priscilla

Lawrence Law wrote:

Dear all,

From cisco configuration example

http://www.cisco.com/en/US/tech/tk713/tk317/technologies_confi
guration_examp
le09186a00800944ff.shtml

I'm wondering that the line no cdp enable is required
for
both router
in order to make a serial connection up for back-to-back
connection.

Regards,
Lawrence

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62866t=62853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations t

Re: \31 Mak could it be used on leased lines(serial) [7:62853]

2003-02-12 Thread Kaj J. Niemi

In mail.net.groupstudy.pro, you wrote:

  -will the connection work , till now i only know that 30 is the max mask
  used on serial lines .how will we use this 31 mask

It will. Here's an example:

RtrA

int se0/0
  ip add 192.168.0.0 255.255.255.254

RtrB

int se0/1
  ip add 192.168.0.1 255.255.255.254

  - Does this applies only in ios version 12.2 or later as mentioned.

Or a late-stage 12.0S.

  - Do people use these 31 mask

Yes, they work well.

  - Can anybody provide me any inf  link

Check out RFC 3021, Using 31-Bit Prefixes on IPv4 Point-to-Point Links.



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62870t=62853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

\31 Mak could it be used on leased lines(serial) [7:62853]

2003-02-11 Thread Monu Sekhon

Hi Harold/all,

In your description u mentioned that u can use /31 mask also,

Your comments:
Since the point-to-point link is likely to have a /30 (or /31 if they're
running 12.2) mask on it


questions is
-

-will the connection work , till now i only know that 30 is the max mask
used on serial lines .how will we use this 31 mask
- Does this applies only in ios version 12.2 or later as mentioned.
- Do people use these 31 mask 
- Can anybody provide me any inf  link

Thanx in Advance
(Please refer the description below in thread he mentioned that.)



Over a leased line I can't see the harm in leaving it running. If someone
manages to get into your router, there's very little target enumeration they
can do with CDP that can't be done by other means. Since the point-to-point
link is likely to have a /30 (or /31 if they're running 12.2) mask on it,
it's not going to be a stretch to figure out the other router's IP.

While disabling CDP is certainly a sound practice on LAN interfaces, we also
disable it on our switched WAN connections on general principles. That isn't
a magic bullet by any means though, disabling CDP is security through
obscurity more than anything else. If you're concerned about unauthorized
access to your routers, then you should consider running access classes on
your vty lines and AAA so you can audit access to the routers, if you aren't
already.



 -Original Message- 
 From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
 Sent: Tuesday, February 11, 2003 1:12 PM 
 To: [EMAIL PROTECTED] 
 Subject: Re: Why disable cdp for back-to-back serial connec [7:62798] 
 
 
 Lawrence Law wrote: 
  
  Dear Priscilla, 
  
  Thank you for your clear explaination. 
  
  May be it is better to disable cdp for low speed link, and 
  security issue. 
 
 CDP uses very little bandwidth, so unless it's a really 
 low-speed link, I 
 wouldn't turn it off for that reason. Regarding security, if 
 it's a private 
 point-to-point HDLC link, then security probably isn't too 
 much of an issue. 
 It would be hard for a hacker to see the packets. 
 
 On the other hand, if the hacker somehow got into a router 
 that was running 
 CDP on any of its interfaces, then the hacker could learn 
 about one or more 
 additional routers, and that's not good. You want to limit 
 how much a hacker 
 can learn. 
 
 It's sort of a close call since CDP is so helpful for troubleshooting, 
 though. How about the rest of you out there? Do you disable 
 CDP like some 
 security documents say to do? 
 
 If often occurs to me these days that we spent the '80s and 
 '90s developing 
 all sorts of cool protocols to share info of all sorts, and 
 were spending 
 the '00s disabling most of them for security reasons. It's a 
 crazy world we 
 live in. 
 
 Priscilla 
 
 
  
  Regards, 
  Lawrence 
  
  
  
  Priscilla Oppenheimer wrote in 
  message 
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 
   Cisco Discovery Protocol (CDP) is a managment protocol that 
  allows routers 
   and switches to tell each other about their IOS version, 
  hardware 
  platform, 
   and basic config info. Some security experts say to disable 
  it because it 
   tells too much. 
   
   It has nothing to do with bringing the serial interface 
  up/up. You could 
  use 
   it or you could not. The two routers on the HDLC link don't 
  have to agree. 
   One could send CDP while the other doesn't and the link 
  should still come 
   up/up, assuming everything is OK at the physical and 
  data-link layers. 
   
   It's too bad they used no cdp enable in that simple example 
  with no 
   explanation. I don't think it's the default? So someone had 
  to type it in, 
   so they should have explained it. 
   
   Priscilla 
   
   
   Lawrence Law wrote: 

Dear all, 


From cisco configuration example 


   
  
 http://www.cisco.com/en/US/tech/tk713/tk317/technologies_confi 
guration_examp 
   le09186a00800944ff.shtml 
   
   I'm wondering that the line no cdp enable is required 
 for 
   both router 
   in order to make a serial connection up for back-to-back 
   connection. 
   
   Regards, 
   Lawrence 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62853t=62853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: \31 Mak could it be used on leased lines(serial) [7:62853]

Re: \31 Mak could it be used on leased lines(serial) [7:62853]

\31 Mak could it be used on leased lines(serial) [7:62853]

3 matches

Site Navigation

Mail list logo

Footer information