Dear Darry
so prunuing is applied to traffic-forwarding only and all switches knows all
the domain VLAN but the traffic is forwarded for the active VLANs only .
so if VTP updates advertises all domain VLANs how the switches knows which
VLAN is active and which aren't ? via STP BPDUs for PVSTP
[Disclaimer: I haven't seriously touched Cisco gear in years, but
occasionally, people still ask me for advice]
Hi,
I am wondering what's the easiest way to pull the full configuration
(sans passwords/keys, if that makes things any easier) from a PIX or
ASA box.
On a Unix system, I'd write
On Wed, 5 Dec 2007, Mike Johnson wrote:
Why wouldn't you just buy a T3 or an ethernet service?
While I don't recommend trying to build a multilink bundle that big
either, it's possible that higher bandwidth transports are either not
available or are prohibitively expensive.
jms
On 12/5/07,
Switch the entire T3 over to data and the run your voice via VoIP or
circuit emulation
RAD makes an IPmux that will run TDMoverIP emulating T1s on each end
http://www.rad.com/Article/0,6583,35963-TDM_Pseudowire_Access_Gateway,00.html
On Dec 5, 2007, at 9:58 AM, Justin M. Streiner wrote:
On
I did not see anything problematic from the configuration. Here is few
possible options that you may want to look at.
1) Use UDLD on all 4 ports involved in the trunk. If there any problem with
fiber/sfp, it should erro disable the port and prevent both ports from
forwarding due to error.
2) Try
Why wouldn't you just buy a T3 or an ethernet service?
harbor235
On 12/5/07, Rodney Dunn [EMAIL PROTECTED] wrote:
The reordering overhead for that many T1's will be huge. We don't
recommend
that many.
Rodney
reOn Tue, Dec 04, 2007 at 05:21:43PM -0800, Joseph Jackson wrote:
Just to
Hi Marc,
Try sshing to the box and once you are enabled run 'more system:running-config'
This way you will see preshared keys for vpns which are normally
starred out when you do a wr t.
Does that help?
Cheers,
W
On 05/12/2007, Marc Haber [EMAIL PROTECTED] wrote:
[Disclaimer: I haven't
The reordering overhead for that many T1's will be huge. We don't recommend
that many.
Rodney
reOn Tue, Dec 04, 2007 at 05:21:43PM -0800, Joseph Jackson wrote:
Just to answer everyones questions here's the story.
One end has a 7206 NPE G1 with 1 gig of ram
other end has 7204 NPE 300
Hi Folks.
Can someone help me out here.
I've got a problem regarding span ports on Cisco 3750.
The setup is as follows.:
Pe router 1 - Dot1q trunk - Switch 1 - Dot1q trunk ---
Border Controller 1
Hello,
I'm new to using access points and what I would like to do is setup an
1131ag with a trunk to a 2960 switch, then have two different ssid's which
would be mapped to two different vlan's on the 2960. Does anyone have an
example config for something like this?
Thanks,
Dan.
On Wed, Dec 05, 2007 at 12:06:54PM -0500, Eric Van Tol wrote:
I could be wrong, but I believe that the PIX/ASA configuration can be
seen via the internal web server. It's encrypted via SSL, so a wget
should work, if it's compiled with SSL support.
authenticating with username/password for a
It is coming out of a adtran T3su. I will give this a shot.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Weis
Sent: Wednesday, December 05, 2007 8:52 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] multilink bundle
Bill Nash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Security Agent for Windows System Driver
Remote Buffer Overflow Vulnerability
Advisory ID: cisco-sa-20071205-csa
http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
Revision 1.0
For Public Release 2007
Hi ,
I am planning to deploy around 3000 IP SLA operations across the
network.
I have already deployed around 1000 Jitter/ICMP operations.
I would like to get the reaction-configuration set automatically based
on JitterDS/JitterSD, PacketLoss threshold.
Does anyone have implemented successfully
Rancid + only use ssh.
Usually easier than writing your own scripts (not true with netscaler though)
On Dec 5, 2007 10:36 AM, Justin M. Streiner [EMAIL PROTECTED] wrote:
On Wed, 5 Dec 2007, Eric Van Tol wrote:
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marc Haber
On Wed, Dec 05, 2007 at 09:46:53AM -0600, Church, Charles wrote:
What if you enable SCP server on the ASA, and then pull it via SCP get?
Is it possible to authenticate with an ssh key, with the key limited
to a single source IP, and to only be allowed to scp get the running
config?
Greetings
I could be wrong, but I think that any remote access (SSL/SSH/SCP) is
going to require a username/password combo. Of course, those protocols
can be limited to source IPs. I don't believe you can limit a protocol
to a certain command. You can with TACACS (not sure if supported on
ASA) using
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marc Haber
Actually, I do not care about seeing the keys, I care about pulling
the configuration from the box in an automated, secure way with least
possible privileges.
I could be wrong, but I believe that the PIX/ASA
I know you said you already have the DS3 ports, but another way to go
with the T3SU is to insert the Ethernet bridge card, and avoid HSSI
altogether.
Joseph Jackson wrote:
It is coming out of a adtran T3su. I will give this a shot.
-Original Message-
From: [EMAIL PROTECTED]
We used to use a similar situation where we needed T1's in a location on campus
and all we had was Ethernet. We used 4 port IP Tubes, which takes 100mb
Ethernet in, and breaks out up to 4 T1s. One unit on either side. It worked
great for us until we went VoIP, then we disconnected them. We
Bill Nash wrote:
Convert it to a full data pipe and find another way to transport the voice
traffic over it? This is out of my scope, but it seems like VOIP could be
a winner here.
If you want to stay TDM get a pair of Adtran T3SU's appropriately carded
and drop out the unused portion of
I don't have any real world experience, but since you can't upgrade a
2950 SI to EI I guess it won't be possible on the (for example) 2960
either. I'm pretty sure that there is some kind of hardware check or
something else and if the IOS sees a 2960-xx-S it just won't work.
Just my 0.02...
I don't have any real world experience, but since you can't upgrade a
2950 SI to EI I guess it won't be possible on the (for example) 2960
either. I'm pretty sure that there is some kind of hardware check or
something else and if the IOS sees a 2960-xx-S it just won't work.
Just my 0.02...
Hi,
some time ago I wrote a hardening guide for (non-managed) Cisco APs.
See
http://www.ernw.de/content/e7/e183/e691/download693/ERNW_hard_cisco_aps_erey_ger.pdf
your scenario is covered within.
thanks,
Enno
On Wed, Dec 05, 2007 at 12:02:16PM -0600, Dan Letkeman wrote:
Hello,
I'm new to
Hello Ogaki,
to make things easier and to get help it would be helpful to summarize what
you want to achieve if possible in simple point form
.If I try to summarize, are you trying to achieve some kind of link
redundancy and fail over mechanism so that if one link goes down the other
pciks up?
Hello,
does anyone know where I can get an AC to DC power rectifier for the ME 3400
Switch.
there are plenty of them out there but not for this switch. I have been
trying to get info from the Cisco guys locally without any headway.
The specific switch is a Cisco ME 3400-24TS DC.
The power
Convert it to a full data pipe and find another way to transport the voice
traffic over it? This is out of my scope, but it seems like VOIP could be
a winner here.
- billn
On Tue, 4 Dec 2007, Joseph Jackson wrote:
Just to answer everyones questions here's the story.
One end has a 7206
Greetings, has any of you attempted to upgrade a 2960 series with Lan
Lite to the Standard Lan IOS image? I know Cisco says it won't support
it but what is real world experience?
Bryan
--
_
_
Bryan
If you've got two coaxes, you could do a DS3 over it.
On Tue, Dec 04, 2007 at 08:14:47PM +0200, Arie Vayner wrote:
You might want to get a CMTS and some cable modems and run DOCSIS...
Arie
On Dec 4, 2007 4:07 AM, Dracul [EMAIL PROTECTED] wrote:
Hi Guys,
I'm reviewing cabling
On Wed, Dec 05, 2007 at 03:14:01PM +, William wrote:
Try sshing to the box and once you are enabled run 'more
system:running-config'
This way you will see preshared keys for vpns which are normally
starred out when you do a wr t.
Actually, I do not care about seeing the keys, I care
Hi Bill,
Fred already correctly commented most of the points. Policing is
widely supported but shaping is hardware-dependent. FlexWANs and
SIPs for example support shaping. But the key point is you really
want to shape egress traffic to the customer to put in force an
SLA with them.
Also for
Marc Haber schrieb:
I am wondering what's the easiest way to pull the full configuration
(sans passwords/keys, if that makes things any easier) from a PIX or
ASA box.
Use RANCID over SSH. If necessary you can change the RANCID scripts to
work as you want.
cheers,
Thorsten
Hello,
I'm new to using access points and what I would like to do is setup an
1131ag with a trunk to a 2960 switch, then have two different ssid's which
would be mapped to two different vlan's on the 2960. Does anyone have an
example config for something like this?
Thanks,
Dan.
This is
We have a 7609-S with a SUP720C and DFC3C's on our 10/100/1000 cards. It
appears that we can't do shaping.
Our first attempt at policing on the outbound shows that it's very choppy --
bursts of traffic 2 to 4x more than CIR, and then 0, and then back again. It
drops to 0, I believe, because
Building New office Building
We are in the planning stage of a new building for our finance institution
including 1000 employee
I am putting together the specs for data centre in the building and the low
current systems (Data/IP-Phone, Security AV).
Now I am being asked for the following Issues
Is Cisco-NSP really the place to ask a class project type question? I
would think you'd get more play on the Groupstudy Cisco certification
mailing list.
On Dec 6, 2007 12:18 AM, Mad Unix [EMAIL PROTECTED] wrote:
Building New office Building
We are in the planning stage of a new building
36 matches
Mail list logo