home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World Interactive 1
/
PC World Interactive 1 - Nisan 1997.iso
/
nostalji
/
bbs
/
faq
/
cisco.txt
< prev
next >
Wrap
Internet Message Format
|
1995-07-16
|
62KB
Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!panix!not-for-mail
From: jhawk@panix.com (John Hawkinson)
Newsgroups: comp.dcom.sys.cisco,comp.protocols.tcp-ip,comp.dcom.servers,comp.answers,news.answers
Subject: comp.dcom.sys.cisco Frequently Asked Questions (FAQ)
Supersedes: <cisco_804668880@panix.com>
Followup-To: comp.dcom.sys.cisco
Date: 17 Jul 1995 03:08:02 -0400
Organization: PANIX Public Access Internet and Unix, NYC
Lines: 1616
Approved: news-answers-request@MIT.EDU
Expires: 14 Aug 1995 07:08:01 GMT
Message-ID: <cisco_805964881@panix.com>
Reply-To: cisco-faq@panix.com (comp.dcom.sys.cisco FAQ responses)
NNTP-Posting-Host: panix.com
Summary: This FAQ consists of frequently asked questions about
routers manufactured by cisco Systems, Inc. Additionally, it provides
additional information on IP routing that may be useful in non-Cisco
environments.
Xref: senator-bedfellow.mit.edu comp.dcom.sys.cisco:22823 comp.protocols.tcp-ip:42978 comp.dcom.servers:2695 comp.answers:13118 news.answers:48566
Archive-name: cisco-networking-faq
Last-modified: $Date: 1995/04/18 07:16:54 $
Version: $Revision: 1.3 $
This FAQ is edited by John Hawkinson, <jhawk@panix.com>.
New stuff (please look this over):
25. Is DHCP supported?
26. Where can I get cisco documentation?
27. What's the latest software for the CSC/3?
28. What IP routing protocol should I use?
29. How do I interpret the output of ``show version''?
30. What is the maximum number of Frame Relay PVCs?
31. How much memory is necessary to telnet to a cisco router?
32. Where can I purchase flash RAM?
New Administrivia:
This is getting to the point where the questions should be organized
in some sort of logical ordering, rather than chronologically.
Next revision, hopefully.
It's been a while since I updated this, and I'll try
and get a chance to dig through archives and write up
some more stuff. As always, contributions are welcome.
Old administrivia:
There should eventually be an html version of this FAQ
available. Question should also be numbered, and perhaps divided into
subcategories for large things (like ntp...); also, they need to be
sorted.
Please contribute answers to the questions in the Todo section! If
your answer is somewhat complicated, posting would probably be best
(to comp.dcom.sys.cisco). Otherwise, e-mail it to cisco-faq@panix.com.
Please note that a LOT of these questions have been hanging around for
some time, and if knowledgable people could take the time to answer a
few of them, that'd help.
This draft FAQ is in RFC1153 digest format, so you can follow each
question with your newsreader. I suppose that question-numbers should
be moved to the From: field. Note that Date: fields represent
last-modification times for the questions.
Table of Contents
=================
1. How can I contact cisco?
2. What is this newsgroup?
3. What does ``cisco'' stand for?
4. How do I save the configuration of a cisco?
5. Where can I get ancillary software for my cisco?
6. Is there a World-Wide-Web (www) information source?
7. How can I get my cisco to talk to a third party router over
8. How can I get my cisco to talk to a 3rd-party router over Frame Relay?
9. How can I use debugging?
10. How can I use NTP (Network Time Protocol) with my cisco?
11. Sample cisco NTP Configurations
12. How do I avoid the annoying DNS lookup if I have misspelled a command?
13. Tracing bad routing information
14. How to use access lists
15. The cisco boot process
16. Where can I get cisco hardware?
17. Where can I get IETF documents (RFCs, STDs, etc.)?
18. Future features in cisco software
19. How do cisco routers rate performance-wise?
20. How are packets switched?
21. How does one interpret buffer statistics?
22. How should I restrict access to my router?
23. What can I do about source routing?
24. Is there a block of private IP addresses I can use?
25. Is DHCP supported?
26. Where can I get cisco documentation?
27. What's the latest software for the CSC/3?
28. What IP routing protocol should I use?
29. How do I interpret the output of ``show version''?
30. What is the maximum number of Frame Relay PVCs?
31. How much memory is necessary to telnet to a cisco router?
32. Where can I purchase flash RAM?
99. Acknowledgements.
todo:
=====
* What is SNMP and how can I use it? What software is available and how do
I use cisco enterprise MIBs? MIBs on ftp.cisco.com and CIO.cisco.com
* Pointers to other s/w that's particularly useful in this sort
of routing environment (like Charley Kline's VLSM program).
* Pointers to other net resources, like comp.protocols.tcp-ip, RFCs,
the firewalls mailing list, etc (bgpd?[or is it cidrd now? :-)]).
* Hints about confusing and not-well documented things like xtacacs...
* Comments on interoperability issues WRT other vendors.
* What's SMARTnet, why should I subscribe, how much does it cost,
and what do I get?
* What should I name my router, my interfaces, etc.?
* Should we adjust the buffer parameters on the routers? What should
be the indicator before tunning the buffer parameters? How should
one fine tune the buffer parapeters?
* what is the real purpose of the network subcommand of
router commands? When do I not want to include a network
I know about?
* What is a VLSM and why would I want one? What supports
them?
* What is CIDR and why do I care (or a more general acronym decoder) ?
* How do I configure my cisco to use variable-length subnetting ?
* What are some methods for conserving IP addresses for
serial lines?
* Is there a block of private network numbers I can use
within my organization only? When should I use them?
How do I access them from outside?
* What do I do if I have to partition a network number?
* Questions and answers about access lists
access-list reference list (lots of questions on that)
* I forgot to mention that routing DECnet over X.25 is a problem.
* Where PD network applications for SLIP/PPP are.
* What is HSRP and how does it work? When is it available (10.0)
(Hot Standby Routing Protocol)
* Should I run 9.1, 9.21, 10.0, 10.2, or what?
Actual content.
===============
------------------------------
From: Question 1
Date: 31 October 1994
Subject: How can I contact cisco?
Corporate address:
cisco Systems
170 West Tasman Drive
San Jose, CA 95134
The following phone numbers are available:
Technical Assistance Center (TAC) +1 800 553 2447
(553 24HR)
+1 800 553 6387
+1 408 526 8209
Customer Service (Documentation, Warranty & +1 800 553 6387
Contract Services, Order Status
Engineering +1 800 553 2447
(553 24HR)
On-site Services, Time & Materials Service +1 800 829 2447
(829 24HR)
Corporate number / general +1 408 526 4000
Corporate FAX (NOT tech support) +1 408 526 4100
The above 800 numbers are US/Canada only.
cisco can also be contacted via e-mail:
tac@cisco.com Technical Assistance Center
tac-euro@cisco.com European TAC
cs-rep@cisco.com Literature and administrative (?) requests
cs@cisco.com *UNRELIABLE*, special-interest, ``non-support''
Please follow the directions available on CIO before doing this.
cisco provides an on-line service for information about their routers
and other products, called CIO (cisco Information Online). telnet to
cio.cisco.com for more details.
The collective experience of this FAQ indicates that it is far wiser to
open a case using e-mail than FAXes, which may be mislaid, shredded,
etc.
For those of you still in the paperfull office (unlike the rest of us),
cisco Systems' new corporate address is:
170 West Tasman Drive
San Jose, CA 95134
Mail to tac@cisco.com should include your service contract number, your name,
telephone number, a brief one line problem/question description, and a
case priority in the first 5 lines. For example:
Cisco service contract number 92snt1234a
First and last name Jane Doe
Best number to contact you 415-555-1234
Problem/question description Cannot see Appletalk zones
Case Priority 3
CASE PRIORITIES are defined as one of the following:
Pri 1 Production network down, critical business impact
Pri 2 Production net seriously degraded, serious impact
Pri 3 Network degraded, noticeable impact to business
Pri 4 General information, non production problems
------------------------------
From: Question 2
Date: 26 July 1994
Subject: What is this newsgroup?
comp.dcom.sys.cisco, which is gatewayed to the mailing list
cisco@spot.colorado.edu, is a newsgroup for discussion of cisco
hardware, software, and related issues. Remember that you can also
consult with cisco technical support.
This newsgroup is not an official cisco support channel, and should
not be relied upon for answers, particularly answers from cisco
Systems employees.
Until recently, the mailing list was gatewayed into the newsgroup,
one-way. It is possible that this arrangement may resume at somet time
in the future.
------------------------------
From: Question 3
Date: 31 October 1994
Subject: What does ``cisco'' stand for?
cisco folklore time:
At one point in time, the first letter in cisco Systems was a
lowercase ``c''. At present, various factions within the company have
adopted a capital ``C'', while fierce traditionalists (as well as some
others) continue to use the lowercase variant, as does the cisco
Systems logo. This FAQ has chosen to use the lowercase variant
throughout.
cisco is not C.I.S.C.O. but is short for San Francisco, so the story
goes. Back in the early days when the founders Len Bosack and Sandy
Lerner and appropriate legal entities were trying to come up with a
name they did many searches for non similar names, and always came up
with a name which was denied. Eventually someone suggested ``cisco''
and the name wasn't taken (although SYSCO may be confusingly similar
sounding). There was an East Coast company which later was using the
``CISCO'' name (I think they sold in the IBM marketplace) they ended
up having to not use the CISCO abberviation. Today many people spell
cisco with a capital ``C'', citing problems in getting the lowercase
``c'' right in publications, etc. This lead to at least one amusing
article headlined ``Cisco grows up''. This winter we will celebrate
our 10th year.
[This text was written in July of 1994 -jhawk]
------------------------------
From: Question 4
Date: 31 October 1994
Subject: How do I save the configuration of a cisco?
If you have a tftp server available, you can create a file on the
server for your router to write to, and then use the write network
command. From a typical unix system:
mytftpserver$ touch /var/spool/tftpboot/myconfig
mytftpserver$ chmod a+w /var/spool/tftpboot/myconfig
myrouter#write net
Remote host [10.7.0.63]? 10.7.0.2
Name of configuration file to write [myrouter-confg]? myconfig
Write file foobar on host 10.7.0.2? [confirm] y
Additionally, there's a Macintosh TFTP server available:
ftp://nic.switch.ch/software/mac/peterlewis/tftpd-100.sit.hqx
Additionally, you can also use expect, available from:
ftp://ftp.uu.net/languages/tcl/expect/expect.tar.gz
ftp://ftp.cme.nist.gov/expect/expect.tar.gz
or, in shar form from ftp.cisco.com.
Expect allows you to write a script which telnets to the router and
performs a ``write terminal'' command, or any other arbitrary set of
command(s), using a structured scripting language (Tcl).
------------------------------
From: Question 5
Date: 5 July 1994
Subject: Where can I get ancillary software for my cisco?
Try ftping to
ftp://ftp.cisco.com/pub
It's a hodgepodge collection of useful stuff, some maintained and some
not. Some is also available from
ftp://cio.cisco.com
Vikas Aggarwal has a very customised tacacsd:
A new version of xtacacsd is available via anonymous FTP from:
ftp://ftp.navya.com/pub/vikas/xtacacsd-3.3.shar.gz
------------------------------
From: Question 6
Date: 26 July 1994
Subject: Is there a World-Wide-Web (www) information source?
You can try the www homepage of this FAQ:
http://www.panix.com/cisco-faq [still not there yet]
or the cisco Educational Archive (CEA) home page:
http://sunsite.unc.edu/cisco/cisco-home.html
or the cisco Information Online (CIO) home page:
http://www.cisco.com/
------------------------------
From: Question 7
Date: 5 July 1994
Subject: How can I get my cisco to talk to a third party router over
a serial link?
You need to tell your cisco to use the same link-level protocol as the
other router; by default, ciscos use a rather bare variant of HDLC
(High-level Data Link Control) all link-level protocols use at some
level/layer or another. To make your cisco operate with most other
routers, you need to change the encapsulation from HDLC to PPP on the
relevant interfaces. For instance:
sewer-cgs#conf t
Enter configuration commands, one per line.
Edit with DELETE, CTRL/W, and CTRL/U; end with CTRL/Z
interface serial 1
encapsulation ppp
^Z
sewer-cgs#sh int s 1
Serial 1 is administratively down, line protocol is down
Hardware is MCI Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
[...]
If you're still having trouble, you might wish to turn on serial interface
debugging:
sewer-cgs#ter mon
sewer-cgs#debug serial-interface
------------------------------
From: Question 8
Date: 27 July 1994
Subject: How can I get my cisco to talk to a 3rd-party router over Frame Relay?
You should tell your cisco to use ``encapsulation frame-relay ietf''
(instead of ``encapsulation frame-relay'') on your serial interface
that's running frame relay if your frame relay network contains a
diverse set of manufacturers' routers. The keyword ``ietf'' specifies
that your cisco will use RFC1294-compliant encapsulation, rather than
the default, RFC1490-compliant encapsulation (other products, notably
Novell MPR 2.11, use a practice sanctioned by 1294 but deemed verbotten
by 1490, namely padding of the nlpid). If only a few routers in your
frame relay cloud require this, then you can use the default
encapsulation on everything and specify the exceptions with the
frame-relay map command:
frame-relay map ip 10.1.2.3 56 broadcast ietf
^^^^
(ietf stands for Internet Engineering Task Force, the body which
evaluates Standards-track RFCs; this keyword is a misnomer as both
RFC1294 and RFC1490 are ietf-approved, however 1490 is most recent and
is a Draft Standard (DS), whereas 1294 is a Proposed Standard (one step
beneath a DS), and is effectively obsolete).
------------------------------
From: Question 9
Date: 26 July 1994
Subject: How can I use debugging?
The ``terminal monitor'' command directs your cisco to send debugging
output to the current session. It's necessary to turn this on each time
you telnet to your router to view debugging information. After that,
you must specify the specific types of debugging you wish to turn on;
please note that these stay on or off until changed, or until the
router reboots, so remember to turn them off when you're done.
Debugging messages are also logged to a host if you have trap logging
enabled on your cisco. You can check this like so:
sl-panix-1>sh logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 66 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level debugging, 69 message lines logged
Logging to 198.7.0.2, 69 message lines logged
sl-panix-1>
If you have syslog going to a host somewhere and you then set about a
nice long debug session from a term your box is doing double work and
sending every debug message to your syslog server. Additionally, if you
turn on something that provides copious debugging output, be careful
that you don't overflow your disk (``debug ip-rip'' is notorious for
this).
One solution to this is to only log severity ``info'' and higher:
sl-panix-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
logging trap info
The other solution is to just be careful and remember to turn off
debugging. This is easy enough with:
sl-panix-1#undebug all
If you have a heavily loaded box, you should be aware that debugging
can load your router. The console has a higher priority than a vty so
don't debug from the console; instead, disable console logging:
cix-west.cix.net#conf t
Enter configuration commands, one per line. End with CNTL/Z.
no logging console
Then always debug from a vty. If the box is busy and you are a little
too vigorous with debugging and the box is starting to sink, quickly
run, don't walk to your console and kill the session on the vty. If
you are on the console your debugging has top prioority and then the
only way out is the power switch. This of course makes remote
debugging a real sweaty palms adventure especially on a crowded box.
Caveat debugger!
Also, if you for some reason forget what the available debug commands
are and don't have a manual handy, remember that's what on-line help
is for. Under pre 9.21 versions, ``debug ?'' lists all commands. Under
9.21 and above, that gives you general categories, and you can check
for more specific options by specifying the category: ``debug ip ?''.
As a warning, the ``logging buffered'' feature causes all debug
streams to be redirected to an in-memory buffer, so be careful using
that.
Lastly, if you're not sure what debugging criteria you need, you can
try ``debug all''. BE CAREFUL! It is way useful, but only in a very
controlled environment, where you can turn off absolutely everything
you're not interested in. Saves a lot of thinking. Turning it on on
a busy box can quickly cause meltdown.
------------------------------
From: Question 10
Date: 5 July 1994
Subject: How can I use NTP (Network Time Protocol) with my cisco?
>What level of software is required for NTP support in
>a cisco router?
9.21 or above.
>Which cisco routers support NTP?
It is a software feature exclusively. Anything that supports
9.21 or 10 will run NTP (when running that s/w).
>How do I set it up?
The basic hook is:
ntp server <host> [version n]
or
ntp peer <host> [version n]
depending on whether you want a client/server or peer relationship.
There's a bunch of other stuff available for MD5 authentication,
broadcast, access control, etc. You can also use the
context-sensitive help feature to puzzle it out; try ``ntp ?'' in
config mode.
You'll also want to play with the SHOW NTP * router commands. Here
are two examples.
EXAMPLE 1:
router# show ntp assoc
address ref clock st when poll reach delay offset disp
+~128.9.2.129 .WWVB. 1 109 512 377 97.8 -2.69 26.7
*~132.249.16.1 .GOES. 1 309 512 357 55.4 -1.34 27.5
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
EXAMPLE 2:
router#show ntp stat
Clock is synchronized, stratum 2, reference is 132.249.16.1
nominal freq is 250.0000 Hz, actual freq is 249.9981 Hz, precision is 2**19
reference time is B1A8852D.B69201EE (12:36:13.713 PDT Tue Jun 14 1994)
clock offset is -1.34 msec, root delay is 55.40 msec
root dispersion is 41.29 msec, peer dispersion is 28.96 msec
For particular cisco NTP questions, feel free to ask in comp.dcom.sys.cisco.
For broader NTP info, see ftp://louie.udel.edu:pub/ntp/doc. The file
clock.txt in that directory has info about various public NTP servers.
There is also information on radio time receivers that can be
connected to an NTP server (this is handy on private networks, if you
have an entire campus to get chiming, or if you become a hard core
chimer).
The ``ntp clock-period'' command is added automagically to jump-start
the NTP frequency compensation when the box is rebooted. This is
essentially a representation of the frequency of the crystal used as
the local timebase, and may take several days to calculate otherwise.
(Do a ``write mem'' after a week or so to save a good value.)
Caveat: Note that the CS-500 will not be able to achieve quite the same
level of accuracy as other platforms, since its hardware clock
resolution is roughly 242Hz instead of the 1MHz available on other
platforms. In practice this shouldn't matter for anyone other than
true time geeks.
----------------------------------------------------------------------
From: Question 11
Date: 5 July 1994
Subject: Sample cisco NTP Configurations
You will need to substitute your own NTP peers, timezones, and GMT
offsets into the examples below, of course. Example 1 is in US Central
Time Zone, while example 3 is in US Pacific Time Zone. Both account
for normal US Daylight Savings Time practices.
EXAMPLE 1 (Charley Kline):
...
clock timezone CST -6
clock summer-time CDT recurring
ntp source eth 0
ntp peer <host1>
ntp peer <host2>
ntp peer <host3>
...
EXAMPLE 2 (Tony Li):
...
ntp source Ethernet0/0
ntp update-calendar
ntp peer <host1>
ntp peer <host2> prefer
...
EXAMPLE 3 (Dave Katz):
...
service timestamps debug datetime localtime
service timestamps log datetime localtime
clock timezone PST -8
clock summer-time PDT recurring
interface Ethernet0
ip address <mumble>
ntp broadcast
ntp clock-period 17180319
ntp source Ethernet0
ntp server <host1>
ntp server <host2>
ntp server <host3>
COMMENTS ON EXAMPLE 3:
The config file is commented with date and time (and user id,
if TACACS is enabled) when the system thinks the clock is accurate.
I've enabled timestamping of debug and syslog messages. I send NTP
broadcast packets out onto the local ethernet. I'm in Pacific
Standard Time, with U.S. standard daylight saving time rules. I use
the IP address of the ethernet as the source for all NTP packets.
------------------------------
From: Question 12
Date: 5 July 1994
Subject: How do I avoid the annoying DNS lookup if I have misspelled a command?
By default, all lines are configured to automatically try a telnet
connection if the first word in a input line is not recognized as a
valid command. You can disable this by setting ``transport preferred
none'' on every line (con, aux and vty). For instance:
sl-panix-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
line vty 0 10
transport preferred none
You can see the number of vty's currently configuered with ``show lines''
Also, you can suspend connect attempts with ^^ followed by ``x'', ie
shift-cntrl-6 x.
[It has been suggested that ``no ip ipname-lookup'' to turn off IEN116
helps. I think this is the default -jhawk ]
------------------------------
From: Question 13
Date: 31 Oct 1994
Subject: Tracing bad routing information
or: How do I find out which non-cisco systems on my networks generate IP-RIP
information without letting them mess up my routing tables.
Here you could work with a default administrative distance.
Administrative distance is the basis upon which the cisco prefers
routing information of one protocol over another. In this example:
router rip
network 192.125.254.0
distance 255
distance 120 192.125.254.17 ! list all valid RIP suppliers
[...]
the value 255 has the implicit meaning of not putting this information
into the routing table. Therefore, setting an administrative distance
of 255 means that all RIP suppliers are by default accepted but their
information is not put into the routing table. The administrative
distance for the router 192.125.244.17 has been reset to the default
(for RIP) of 120, causing its routes to be accepted into the routing table.
Then you can look them up with ``show ip protocols'' and restore the
original administrative distance for the ones you want to fill in the
routing table.
The same results can be acheived with an ip access-list, but with
that, ``show ip protocols'' will only show the valid ones. But often
it is more useful to see which systems were generating routing
information at all.
This trick works for other routing protocols as well, but please select
the proper adminstrative distance (rather than 120) for the protocol
you're using.
------------------------------
From: Question 14
Date: 5 July 1994
Subject: How to use access lists
[The following is wholesale included; at some point it'll
probably be editted a bit and reformatted... -jhawk ]
Frequently Asked Questions
contributed by Howard C. Berkowitz
PSC International
hcb@world.std.com
@clark.net [probably will be my permanent
personal account]
PSC's domain is in mid-setup
Where in the router are access lists applied?
In general, Basic access lists are executed as filters on
outgoing interfaces. Newer releases of the cisco code, such as
9.21 and 10, do have increased ability to filter on incoming ports.
Certain special cases, such as broadcasts and bridged traffic,
can be filtered on incoming interfaces in earlier releases.
There are also special cases involving console access.
Rules, written as ACCESS-LIST statements, are global for the entire
cisco box; they are activated on individual outgoing interfaces by
ACCESS-GROUP subcommands of the INTERFACE major command.
Filters are applied after traffic has entered on an incoming
interface and gone through a routing process; traffic that originates in
a router (e.g., telnets from the console port) is not subject to
filtering.
+-------------------+
| GLOBAL |
| |
| Routing |
| ^ v Access |
| ^ v Lists |
+-^--v--------^---v-+
| ^ v ^ v |
| ^ v ^ v |
A----------->|-| |>>>>Access >>----------->B
|1 Group 2 |
<------------| |<-----------
| |
| |
+-------------------+
Some types of ``filter,'' using ``filter'' as a broader class than
ACCESS-LIST, can operate on incoming traffic. For example, the INPUT-
SAP-FILTER used for Novell networks is applied to Service Advertisement
Packets (SAP) seen at incoming interfaces. In general, incoming
filtering can only be done for ``system'' rather than user traffic.
Rules of thumb in defining access lists.
First, define what you want to do and in which directions. An
informal drawing is a good first step. As opposed to the usual
connectivity drawings among routers, it's often convenient to draw
unidirectional links between routers.
Second, informally write out your filtering rules. In general, it
is best to go from most specific to least specific. Modify the order of
writing things to minimize the number of rules needed.
Third, determine which rules need to be on which routers.
Explicitly consider the direction of flow, and the possible existence of
additional paths that could inadvertently bypass a filter.
Can a cisco router be a ``true'' firewall?
This depends on the definition of firewall. Some writers (e.g.,
Gene Spafford in _Practical UNIX Security_) define a firewall as a
host on which an ``inside'' and/or an ``outside'' application process run,
with application-level code linking the two. For example, a firewall
might provide FTP access to the outside world, but it would not also
provide direct FTP service to the inside world. To place a file on
the FTP external server, a designated user would explicitly log onto
the FTP server, transfer a file to the server, and log off. The
firewall prevents direct FTP connectivity between the inside and
outside networks; only indirect, application-level connectivity is
allowed.
Firewalls of this sort are complemented by chokes, which filter on
network addresses and/or port numbers. Cisco routers cannot do
application-level control with access control lists.
Other authors do not distinguish between chokes and filters. Using
the loose definition that a firewall is anything that selectively blocks
access from the inside to the outside, routers can be firewalls.
IP Specific
-----------
Can the ``operand'' field be used with a protocol keyword of IP to filter
on protocol ID?
No. Operand filtering only works for TCP and UDP port numbers.
How can I prevent traffic for a certain Internet application to flow in
one direction but not the other?
Remember that Internet applications flow from client port to server
port. Denying traffic from port 23, for example, blocks flow from the
client to the server.
+-------------------+
| |
A----------->| |----------->B
|1 2|
<------------| |<-----------
| |
+-------------------+
If we deny traffic to Port 23 of address B by placing a filter at
interface 2, we have blocked A's ability to telnet to B, but not B's
ability to telnet to A. A second filter at interface A would be needed
to block telnet in both directions.
Assume that we only have the filter at interface 2. Telnets to A
from B will not be affected because the filter at 2 does not check
incoming traffic.
-------
With the arrival of in-bound access lists in 9.21, it should be noted
that both inbound and access lists are about equally efficient, in
case any of you were wondering.
------------------------------
From: Question 15
Date: 26 July 1994
Subject: The cisco boot process
What really happens when a cisco router boots, from boot start to live
interfaces?
First it boots the ROM os version. It reads the config. Now, it
realizes that you want to netboot. It loads the netbooted copy in on
top of itself. It then re-initializes the box and re-reads the
config. Manly, yes, but we like it too....
[[ Ummm... in particular it loads the netbooted copy in as WELL as
itself, decompresses it, if necessary, and THEN loads on top of
itself. Note that this is important because it tells you what the
memory requirements are for netbooting: RAM for ROM image (if it's a
run from RAM image), plus dynamic data structures, plus RAM for
netbooted image. ]]
The four ways to boot and what happens (sort of):
I (from bootstrap mode)
The ROM monitor is running. The I command causes the ROM monitor to
walk all of the hardware in the bus and reset it with a brute force
hammer. If the bits in the config register say to auto-boot, then
goto B
B (from bootstrap mode)
Load the OS from ROM. If a name is given, tell that image to start
silently and then load a new image. If the boot system command is
given, then start silently and load a new image.
powercycle
Does some delay stuff to let the power settle. Goto I.
reload (from the EXEC)
Goto I.
------------------------------
From: Question 16
Date: 18 July 1994
Subject: Where can I get cisco hardware?
[ It is with great relucatance that I list any one vendor. I would
appreciate some commentary as to whether doing so is a good idea. Also,
other vendors would be a good thing. -jhawk ]
You might try:
Comstar, Inc.
5250 W. 74th Street
Minneapolis, MN 55439
P: 612-835-5502
F: 612-835-1927
Mr. Bill Lunger
------------------------------
From: Question 17
Date: 18 April 1995
Subject: Where can I get IETF documents (RFCs, STDs, etc.)?
Where and how to get new RFCs
=============================
RFCs may be obtained via EMAIL or FTP from many RFC Repositories. The
Primary Repositories will have the RFC available when it is first
announced, as will many Secondary Repositories. Some Secondary
Repositories may take a few days to make available the most recent
RFCs.
Primary Repositories:
RFCs can be obtained via FTP from DS.INTERNIC.NET, NIS.NSF.NET,
NISC.JVNC.NET, FTP.ISI.EDU, WUARCHIVE.WUSTL.EDU, SRC.DOC.IC.AC.UK,
FTP.CONCERT.NET, or FTP.SESQUI.NET.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Secondary Repositories:
Sweden
------
Host: sunic.sunet.se
Directory: rfc
Host: chalmers.se
Directory: rfc
Germany
-------
Site: EUnet Germany
Host: ftp.Germany.EU.net
Directory: pub/documents/rfc
France
------
Site: Institut National de la Recherche en Informatique
et Automatique (INRIA)
Address: info-server@inria.fr
Notes: RFCs are available via email to the above
address. Info Server manager is Mireille
Yamajako (yamajako@inria.fr).
Netherlands
-----------
Site: EUnet
Host: mcsun.eu.net
Directory: rfc
Notes: RFCs in compressed format.
France
------
Site: Centre d'Informatique Scientifique et Medicale
(CISM)
Contact: ftpmaint@univ-lyon1.fr
Host: ftp.univ-lyon1.fr
Directories: pub/rfc/* Classified by hundreds
pub/mirrors/rfc Mirror of Internic
Notes: Files compressed with gzip. Online
decompression done by the FTP server.
Finland
-------
Site: FUNET
Host: funet.fi
Directory: rfc
Notes: RFCs in compressed format. Also provides
email access by sending mail to
archive-server@funet.fi.
Norway
------
Host: ugle.unit.no
Directory: pub/rfc
Denmark
-------
Site: University of Copenhagen
Host: ftp.denet.dk
Directory: rfc
Australia and Pacific Rim
-------------------------
Site: munnari
Contact: Robert Elz <kre@cs.mu.OZ.AU>
Host: munnari.oz.au
Directory: rfc
rfc's in compressed format rfcNNNN.Z
postscript rfc's rfcNNNN.ps.Z
United States
-------------
Site: cerfnet
Contact: help@cerf.net
Host: nic.cerf.net
Directory: netinfo/rfc
Site: NASA NAIC
Contact: rfc-updates@naic.nasa.gov
Host: naic.nasa.gov
Directory: files/rfc
Site: NIC.DDN.MIL (DOD users only)
Contact: NIC@nic.ddn.mil
Host: NIC.DDN.MIL
Directory: rfc/rfcnnnn.txt
Note: DOD users only may obtain RFC's via FTP
from NIC.DDN.MIL. Internet users should NOT
use this source due to inadequate connectivity.
Site: uunet
Contact: James Revell <revell@uunet.uu.net>
Host: ftp.uu.net
Directory: inet/rfc
UUNET Archive
-------------
UUNET archive, which includes the RFC's, various IETF documents,
and other information regarding the internet, is available to the
public via anonymous ftp (to ftp.uu.net) and anonymous uucp, and
will be available via an anonymous kermit server soon. Get the
file /archive/inet/ls-lR.Z for a listing of these documents.
Any site in the US running UUCP may call +1 900 GOT SRCS and use
the login "uucp". There is no password. The phone company will
bill you at $0.50 per minute for the call. The 900 number only
works from within the US.
------------------------------
From: Question 18
Date: 27 July 1994
Subject: Future features in cisco software
[This could be more fleshed out, but Philip sent these in. -jhawk]
IPXWAN support added in 10.0
BGP4 support added in 10.0
Kerberos not yet available
------------------------------
From: Question 19
Date: 27 July 1994
Subject: How do cisco routers rate performance-wise?
People often ask about performance of the cisco routers and are shyed
away from answering their questions because we don't know where to send
them.
Scott Bradner keeps the results of his performance tests on the
Internet. You can find them for ftp on the system hsdndev.harvard.edu
in the /pub/ndtl. There is a README file in that directory that
explains what is available. In addition, cisco has just started
publishing a piece of literature called ``The Harvard Benchmark Test
Results: Summary of cisco Systems Performance''. The only number I
can find on the doc is Lit. #700901. Don't know if you can order it
by this number, but at least there's a title to go on.
------------------------------
From: Question 20
Date: 31 October 1994
Subject: How are packets switched?
There are 4 types of switching (in order of increasing performance).
process switching
fast switching
autonomous switching
silicon switching
Autonomous switching is done in the switch processor.
Silicon switching is done in the silicon switching engine (creative,
eh? ;-).
The silicon switch processor (SSP) is the board which combines both the
switch processor and a silicon switching engine.
Process and fast switching support inbound and outbound, simple and
extended, access lists.
The SSP supports simple outbound access lists.
------------------------------
From: Question 21
Date: 31 October 1994
Subject: How does one interpret buffer statistics?
Buffer statistics may be obtained with:
mit2-gw.near.net>sh buffers
Buffer elements:
433 in free list (500 max allowed)
82320311 hits, 0 misses, 0 created
Small buffers, 104 bytes (total 202, permanent 120):
185 in free list (20 min, 250 max allowed)
34289219 hits, 4297 misses, 1307 trims, 1389 created
Middle buffers, 600 bytes (total 104, permanent 90):
102 in free list (10 min, 200 max allowed)
6829533 hits, 1432 misses, 483 trims, 497 created
Big buffers, 1524 bytes (total 90, permanent 90):
90 in free list (5 min, 300 max allowed)
3403884 hits, 56 misses, 1 trims, 1 created
Large buffers, 5024 bytes (total 5, permanent 5):
5 in free list (0 min, 30 max allowed)
49984 hits, 13 misses, 20 trims, 20 created
Huge buffers, 18024 bytes (total 0, permanent 0):
0 in free list (0 min, 4 max allowed)
0 hits, 0 misses, 0 trims, 0 created
5683 failures (0 no memory)
You can interpret them:
Total Number of buffers of that size that exist.
Free Number of free buffers.
Max Maximum size that the free list can grow to before we start
throwing them away.
Hit Buffer got used.
Miss Someone requested a buffer and we had to go carve it up out of
free memory. If we couldn't because we were at interrupt
level, it's also an allocation failure. If we couldn't
because we were out of memory, then it's also a ``no memory''
failure.
Trim There are more free buffers on the free list than there need
to be and we threw some away.
Create Number of buffers we created after a miss.
------------------------------
From: Question 22
Date: 1 November 1994
Subject: How should I restrict access to my router?
Many admins are concerned about unauthorized access to their routers
from malicious people on the Internet; one way to prevent this
is to restrict access to your router on the basis of IP address.
Many people do this, however it should be noted that a significant number
of network service providers allow unrestricted access to their routers
to allow others to debug, examine routes, etc. If you're comfortable doing
this, so much the better, and we thank you!
If you wish to restrict access to your router, select a free IP access
list (numbered from 1-100) -- enter ``sh access-list'' to see those
numbers in use.
yourrouter#sh access-list
Standard IP access list 5
permit 192.94.207.0, wildcard bits 0.0.0.255
Next, enter the IP addresses you wish to allow access to your router
from; remember that access lists contain an implicit "deny everything"
at the end, so there is no need to include that. In this case, 30
is free:
yourrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
yourrouter(config)#access-list 30 permit 172.30.0.0 0.0.255.255
yourrouter(config)#^Z
(This permits all IP addreses in the network 172.30.0.0, i.e. 172.30.*.*).
Enter multiple lines for multiple addresses; be sure that you don't
restrict the address you may be telnetting to the router from.
Next, examine the output of ``sh line'' for all the vty's (Virtual ttys)
that you wish to apply the access list to. In this example, I want
lines 2 through 12:
yourrouter#sh line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
0 CTY - - - - - 0 0 0/0
1 AUX 9600/9600 - - - - - 1 3287605 1/0
* 2 VTY 9600/9600 - - - - 7 55 0 0/0
3 VTY 9600/9600 - - - - 7 4 0 0/0
4 VTY 9600/9600 - - - - 7 0 0 0/0
5 VTY 9600/9600 - - - - 7 0 0 0/0
6 VTY 9600/9600 - - - - 7 0 0 0/0
7 VTY 9600/9600 - - - - 7 0 0 0/0
8 VTY 9600/9600 - - - - 7 0 0 0/0
9 VTY 9600/9600 - - - - 7 0 0 0/0
10 VTY 9600/9600 - - - - 7 0 0 0/0
11 VTY 9600/9600 - - - - - 0 0 0/0
12 VTY 9600/9600 - - - - - 0 0 0/0
Apply the access list to the relevant lines:
yourrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
yourrouter(config)#line 2 12
yourrouter(config-line)# access-class 30 in
yourrouter(config-line)# ^Z
(This apply access list 30 to lines 2 through 12.)
Be sure to save your configuration with ``write mem''.
Please note that access lists for incoming telnet connections do NOT
cause your router to perform significant CPU work, unlike access lists
on interfaces.
------------------------------
From: Question 23
Date: 1 November 1994
Subject: What can I do about source routing?
What *is* source routing?
Soure routing is an IP option which allows the originator of a packet
to specify what path that packet will take, and what path return packets
sent back to the originator will take. Source routing is useful when the
default route that a connection will take fails or is suboptimal for some
reason, or for network diagnostic purposes. For more information on
source routing, see RFC791.
Unfortunately, source routing is often abused by malicious users on
the Internet (and elsewhere), and used to make a machine (A), think
it is talking to a different machine (B), when it is really talking to
a third machine (C). This means that C has control over B's ip address
for some purposes.
The proper way to fix this is to configure machine A to ignore
source-routed packets where appropriate. This can be done for most
unix variants by installing a package such as Wietse Venema,
<wietse@wzv.win.tue.nl>,'s tcp_wrapper:
ftp://cert.org:pub/tools/tcp_wrappers
For some operating systems, a kernel patch is required to make this
work correctly (notably SunOS 4.1.3). Also, there is an unofficial
kernel patch available for SunOS 4.1.3 which turns all source routing
off; I'm not sure where this is available, but I believe it was posted
to the firewalls list by Brad Powell soimetime in mid-1994.
If disabling source routing on all your clients is not posssible, a
last resort is to disable it at your router. This will make you unable
to use ``traceroute -g'' or ``telnet @hostname1:hostname2'', both
of which use LSRR (Loose Source Record Route, 2 IP options, the first
of which is a type of source routing), but may be necessary for some.
If so, you can do this with
foo-e-0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
foo-e-0(config)#no ip source-route
foo-e-0(config)#^Z
It is somewhat unfortunate that you cannot be selective about this; it
disables all forwarding of source-routed packets through the router,
for all interfaces, as well as source-routed packets to the router
(the last is unfortunate for the purposes of ``traceroute -g'').
------------------------------
From: Question 24
Date: 18 April 1995
Subject: Is there a block of private IP addresses I can use?
Yes there is, however whether you wish to do so is an issue of
some debate.
There are two RFCs which discuss this issue, and present opposing
views:
1597 Address Allocation for Private Internets. Y. Rekhter, B.
Moskowitz, D. Karrenberg & G. de Groot. March 1994. (Format:
TXT=17430 bytes)
1627 Network 10 Considered Harmful (Some Practices Shouldn't be
Codified). E. Lear, E. Fair, D. Crocker & T. Kessler. June 1994.
(Format: TXT=18823 bytes)
Neither one of these RFCs is anything more than a set of informational
guidelines; they are *not* words to live by (remember that RFC stands
for Request For Comments). Nevertheless, both comment cogently on this
issue, a full discussion of which is outside the scope of this
document. If you're seriously considering using private IP addresses,
please read them both (see question 17, ``Where can I get IETF
documents'') to find them.
Additionally, it is likely that a third RFC will be coming out shortly
that discusses both sides of the issue; watch this space for details.
In any event, RFC 1597 documents the allocation of the following
addresses for use by ``private internets'':
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Most importantly, it is vital that nothing using these addresses
should ever connect to the global Internet, or have plans to do so.
Please read the above RFCs before considering implementing such
a policy.
As an additional note, some Internet providers provide network-management
services, statistics gathering, etc. It is unlikely (if at all possible)
that they would be willing to perform those services if you choose to
utilize private address space.
------------------------------
From: Question 25
Date: 18 April 1995
Subject: Is DHCP supported?
DHCP, the Dynamic Host Configuration Protocol (RFC1533), is essentially
a more extended and flexible version of BOOTP, which allows configuration
parameters and other control information to be carried to hosts.
DHCP is supported in 9.21(4) and 10.0(3), as well as later releases.
------------------------------
From: Question 26
Date: 18 April 1995
Subject: Where can I get cisco documentation?
Cisco no longer distributes printed documentation with their
routers; instead, they distribute a CDROM.
Paper documentation may be purchased, however if you purchase
a support contract, documentation is free.
------------------------------
From: Question 27
Date: 18 April 1995
Subject: What's the latest software for the CSC/3?
The last supported release on the CSC/3 is 9.1(15). cisco
does not plan to release further software for the CSC/3.
------------------------------
From: Question 28
Date: 18 April 1995
Subject: What IP routing protocol should I use?
This is a really complicated question, and a full answer
is beyond the scope of this document. Here are the beginnings
of an answer.
Protocol RIP HELLO IGRP OSPF EIGRP IS-IS EGP BGP4
-------------------------------------------------------------------------
Type IGP IGP IGP IGP IGP IGP EGP EGP
Algorithm DV DV? DV SPF DUAL SPF -- --
Metrics Hopcnt Delay Speed Speed Speed ??? Policy Policy
Convergence Slow Unstb Mdt Fast Fast ??? -- --
Standard? IETF IETF No IETF No ISO IETF IETF
Complexity Simple ??? ??? Complx ??? ??? Simple Complx
Multipath? No No Yes Yes Yes No? No No?
Var-netmask? No No No Yes Yes Yes No No
Notes:
IGP = interior gateway protocol, used to build routing tables within an AS.
EGP = exterior gateway protocol, used to communicate reachability
information between AS's.
DV = Distance Vector (Bellman-Ford)
SPF = Shortest-path-first (Dijkstra)
DUAL = DV with diffusing update algorithm (Garcia-Luna-Aceves et al)
Metrics: how the protocol measures the network to determine the "best"
path. "Speed" refers typically to link speed, not available bandwidth.
HELLO tried to use available bandwidth by monitoring round-trip delay, but
was not generally successful at this. Metrics are not directly exchangable
when distributing routing information from one protocol to another, with
the exception of IGRP and EIGRP, which use identical metric measurements.
Convergence: qualitatively, how fast routers using this protocol will
adapt to changes in the topology of the network. "Unstb" indicates a
protocol which in general never decided on a stable configuration but
continually oscillated between alternatives.
Complexity: my observation of how complex the protocol is to implement.
Multipath: will the protocol support and transport multiple equal- or
different- cost pathways across between endpoints?
Var-netmask: does the protocol allow for and transport different masks for
the subnets of a routed network. Note that BGP4, because it is not an IGP,
does not properly support variable subnet masks, but does do
"supernetting" ala CIDR.
------------------------------
From: Question 29
Date: 18 April 1995
Subject: How do I interpret the output of ``show version''?
Typing ``show version'' or ``show hardware'' yields a response like:
prospect-gw.near.net>sh version
Cisco Internetwork Operating System Software
IOS (tm) GS Software (GS7), Experimental Version 10.2(11829) [pst 113]
System-type (imagename) Version major.minor(release.interim)[who] Desc
System-type: type of system the software is designed to run on.
imagename: The name of the image. This is different (slightly) for
run-from-rom, run-from-flash, and run-from-ram images, and also
for subset images which both were and will be more common.
"Version": text changes slightly. For example, if an engineer gives you
a special version of software to try out a bug fix, this will say
experimental version.
Major: Major version number. Changes (in theory) when there have been
major feature additions and changes to the softare.
Minor: minor version number. Smaller but still signficant feature added.
(in reality, cisco is not very sure what the difference between
"major" and "minor" is, and sometimes politics gets in the way,
but either of these "incrementing" indicates feature additions.)
EXCEPT: 9.14, 9.17, and 9.1 are all somewhat similar. 9.1 is
the base, 9.14 adds specical feature for low end systems, 9.17
added special features specific the high end (cisco-7000) This
was an experiment that we are trying not to repeat.
release: increments (1 2 3 4 ...) for each maintenance release of released
software. Increments for every compile in some other places.
interim: increments on every build of the "release tree", which happens
weekly for each release, but is only made into a generically
shipping maintenance release every 7 to 8 weeks or so.
[who]: who built it. Has "fc 1" or similar for released software.
has something like [billw 101] for test software built Bill
Westfield (billw@cisco.com).
Desc: additional description.
The idea is that the image name and version number UNIQUELY identify
a set of sources and debugging information somewhere back at cisco,
should anything go wrong.
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Thu 09-Mar-95 23:54 by tli
Image text-base: 0x00001000, data-base: 0x00463EB0
Copyright, compilation date (and by whom), as well as the
starting address of the image.
ROM: System Bootstrap, Version 5.0(7), RELEASE SOFTWARE
ROM: GS Software (GS7), Version 10.0(7), RELEASE SOFTWARE (fc1)
The version of ROM bootstrap software, and the version of IOS
in ROM.
prospect-gw.near.net uptime is 2 weeks, 4 days, 18 hours, 38 minutes
System restarted by reload
How long the router has been up, and why it restarted.
System image file is "sse-current", booted via flash
How the router was booted.
RP (68040) processor with 16384K bytes of memory.
Type of processor.
G.703/E1 software, Version 1.0.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Bridging software.
ISDN software, Version 1.0.
Various software options compiled in.
1 Silicon Switch Processor.
2 EIP controllers (8 Ethernet).
2 FSIP controllers (16 Serial).
1 MIP controller (1 T1).
8 Ethernet/IEEE 802.3 interfaces.
16 Serial network interfaces.
128K bytes of non-volatile configuration memory.
4096K bytes of flash memory sized on embedded flash.
Hardware configuration.
Configuration register is 0x102
Lastly, the "configuration register", which may be set via
software in current releases...
------------------------------
From: Question 30
Date: 18 April 1995
Subject: What is the maximum number of Frame Relay PVCs?
This is covered fairly thoroughly in Product Info/Product
Bulletin/Frame Relay Broadcast Queue, Cisco Product Bulletin # 256,
available on CIO.
Via the web (requires CIO username and pasword)
http://cio.cisco.com/warp/customer/417/38.html
An excerpt:
(Virtual Interfaces)
It should be noted that in the IOS (Internetworking Operating System)
10.0 software there is a limit of 256 Virtual and physical
interfaces. Hence, if each DLCI is given its own virtual interface,
the router is limited to 256 DLCIs. This restriction is expected to be
removed in a future release.
In most scenarios, it is not necessary that each DLCI have its own
Virtual Interface. In particular, IP has the facility which allows
disabling of split-horizon routing and hence does not require Virtual
Interfaces to support partial mesh topologies.
(Appendix 1: How many DLCIs Can Cisco Support on an Interface?)
This question is similar to the question of how many PCs can you put
on an Ethernet. In general, you can put a lot more than you should
given performance and availability constraints.
When dimensioning a router in a large network, the following issues
should be considered:
DLCI Address Space: The only hard limits are the roughly 1000 DLCI
limit due to the 10 bit DLCI address space in the Frame Relay frame
header.
LMI Status Update: The LMI protocol requires that all status reports
fit into a single packet and generally limits the number of DLCIs to
less than 800.
Max DLCIs (approx) = (MTU -20)/5,
where MTU is the MTU size in bytes on the Frame Relay link.
Broadcast Replication: When sending, the router must replicate the
packet on each DLCI and this causes congestion on the access link. The
Broadcast Queue reduces this problem. In general, the network should
designed to keep the routing update load to below 20 percent of the
access lines speed. It is also important that memory requirements for
the Broadcast Queue be considered. A good technique to reduce this
restriction is the use of default route or extending the update
timers.
Broadcast Receipt: When receiving, the router must receive updates
from the network. The issue here is that the upstream switch can be
overloaded and drop packets. When routing updates are dropped, routing
instability occurs. Again, the receiving routing update load should be
kept to less than 20 percent of the access link speed and preferably
lower. Where very high speed links are used, a limit of 128 Kbit/s
worth of routing updates is recommended.
Routing Stability: When using a link state protocol to reduce the
update traffic, the dimensioning should be done assuming the periodic
update process and the worst case for Link State Updates (i.e.,
assuming link and power instability). Dimensioning should not be based
on the Hello traffic. As a rule of thumb, dimension assuming a
distance vector protocol, but assume that extra bandwidth is available
for user data.
User Data Traffic: Clearly, the number of DLCIs is dependent on the
traffic on each DLCI and the performance requirements to be met. In
general, Frame Relay accesses should be run at lower loads than
router-to-router links since the prioritisation capabilities are not
as strong in many cases and in general the marginal costs of
increasing access link speed are lower than with dedicated lines.
Many of the issues covered here are included in the Internet Design
Guide manual that Cisco provides.
------------------------------
From: Question 31
Date: 18 April 1995
Subject: How much memory is necessary to telnet to a cisco router?
In order to login to a cisco router, it needs to have at least 64k
of contiguous free memory.
------------------------------
From: Question 32
Date: 18 April 1995
Subject: Where can I purchase flash RAM?
There are two varieties:
MEM-1X8F 8meg
MEM-2X8F 16meg
*******************************************************************************
******************************* 2500 ********************************
******************************* 8M Flash ********************************
*******************************************************************************
PRODUCT# QTY
-------- ---
MEM-1X8F 1
MEM-2X8F 2
Part Number: 16-0975-01
Description: IC,FEPROM, 2Mx32,100ns,SIM80 SC: P REV: A0 S/UM: EA P/UM: EA
-------------------------------------------------------------------------------
VENDOR
ITM MANUFACTURER'S PART CODE MANUFACTURER'S NAME
--- -------------------- ---------- ------------------------------
1- 1 SM732C2000B-10 KITTING01 SMART MODULE
Smart Modular is located in Freemont, California.
------------------------------
From: Question 99
Date: 18 April 1995
Subject: Acknowledgements.
The following people contributed to this FAQ, and their contributions
are greatly appreciated, both questions and answers (in alpha order):
Alain Martineau <amartineau@MacMartineau.ccr.hydro.qc.ca>
Barton.Bruce@camb.com (Barton F. Bruce / CCA)
Charley Kline <cvk@uiuc.edu>
Dave Katz <dkatz@cisco.com>
Eriks Rugelis <eriks@YorkU.CA>
Howard C. Berkowitz, PSC International, <hcb@world.std.com>
Jim Forster <forster@cisco.com>
John Wright
Pete Siemsen <siemsen@skat.usc.edu>
Phillip Remaker <remaker@cisco.com>
Ran Atkinson <atkinson@itd.nrl.navy.mil>
"Ronnie B. Kon" <ronnie@cisco.com>
Sanjay Rungta~ <srungta@sedona.intel.com>
Sean McGrath <SEAN@oak.his.ucsf.EDU>
Steve Cunningham <steve@vf.ge.com>
Warren Lavallee <warren@zion.ltw.org>
William "Chops" Westfield <billw@cisco.com>
atkinson@sundance.itd.nrl.navy.mil (Ran Atkinson)
bpinsky@cisco.com (Bruce Pinsky)
buk@taz.de ($ Burkhard Kohl)
jerry@ksu.ksu.edu (Jerry Anderson)
jhawk@panix.com (John Hawkinson)
john@cisco.com (John Wright)
john@gulfa.ods.gulfnet.kw (John Temples)
paul@hawksbill.sprintmrn.com (Paul Ferguson)
peter@ulisse.rhein-main.de (Peter Radig)
tli@cisco.com (Tony Li)
tom@park.uvsc.edu (Thomas R. Kimpton)
vikas@Tudor.Com (Vikas Aggarwal)
warner@cats.ucsc.edu (Jim Warner)
