IRC Logs

Network: freenode Channel: #cisco

	Enter your search terms Submit search form
	Web www.irclog.org

[19:27]<dzzc1lyvn>do ISL append a 4 byte CRC?
[19:28]<msxjv>you're thinking of 802.1q
[19:28]<msxjv>in your direct terminology
[19:28]<xum2jfmv>tkup: hdlc
[19:28]<msxjv>FCS is recalculated to include the inserted tag and appended
[19:28]<dzzc1lyvn>exactly..
[19:28]<dzzc1lyvn>that's what I know.
[19:28]<vcul>humboldt, too bad hdlc doesn't have a link protocol
[19:29]<xum2jfmv>there must be a way to debug the traffic coming in one interface?
[19:29]<dzzc1lyvn>I was looking at something and it said..ISL is what appends
[19:29]<dzzc1lyvn>ISL appends a 30 byte
[19:30]<2drrrxrg>humboldt
[19:30]<2drrrxrg>issue the "no ip route-cache" command on the interface
[19:30]<2drrrxrg>then say "debug interface serial0"
[19:30]<2drrrxrg>and then "debug ip packet"
[19:30]<vcul>humboldt, I was hoping you were on ppp. the latter uses LCP and can give you an idea about upper layer protocols by looking at it at least
[19:30]<2drrrxrg>or "debug ip packet detail"
[19:30]<2drrrxrg>just make sure you log to the buffer or syslog
[19:30]<2drrrxrg>don't log to the console
[19:31]<xum2jfmv>bmcgahan: and how do I read from the buffer? never did that before. and the overall question is: how can I restrict, what I will see to one serial interface?
[19:32]<2drrrxrg>to log to the buffer say "logging buffered" and "no logging console" in global config
[19:32]<2drrrxrg>and then "show log"
[19:33]<2drrrxrg>when you say debug interface you're restricting it to packets related to that interface
[19:33]<2drrrxrg>you need to enable process switching because only process switched traffic can be debugged
[19:33]<2drrrxrg>hence the no ip route-case
[19:33]<2drrrxrg>cache
[19:34]<xum2jfmv>and no ip cef?
[19:34]<2drrrxrg>no you don't need to disable cef globally
[19:34]<xum2jfmv>and this as it seams can not be set for just one interface
[19:35]<2drrrxrg>turning route-cache off disables cef for that interface
[19:36]<msxjv>and this is where the ability to do tcpdump'esqueness would be nice
[19:36]<2drrrxrg>you can
[19:36]<2drrrxrg>"debug ip packet dump"
[19:36]<msxjv>nah, I mean fairly low-impact full bpf capable debugging tools
[19:36]<fjzvxnz>tcpdum -i Serial0/0 ...
[19:37]<msxjv>haha yeah loather
[19:37]<fjzvxnz>... add a 'p' in there somewhere
[19:38]<msxjv>In the distant future, I'm sure something will come about
[19:38]<msxjv>debugs are great for certain things, I'll admit that
[19:39]<2drrrxrg>humboldt: http://pastebin.com/724861
[19:39]<fjzvxnz>yeah. i mean, they managed to put snort, almost verbatim, into the IDS appliances
[19:39]<xum2jfmv>I conclude: "conf t"; "no ip route-cache" on the serial I want to debug; "logging buffered"; "no logging console"; "end"; "debug interface s2/4:0"; "debug ip packet"
[19:39]<gndyvx>that it
[19:39]<gndyvx>:)
[19:39]<2drrrxrg>yep
[19:40]<2drrrxrg>then "show log" to view the results
[19:40]<msxjv>might need to increase the buffer size depending
[19:41]<rgvajac> if I turned IP accounting on for an interface that is the LAN interface, why would I see a bunch of traffic that is public IP to public IP?
[19:42]<rgvajac>(it's all DNS and SMTP)
[19:45]<zjjv2nnz>I'm trying to find some url that would assist in getting a TACACS server to comm. to the RSA token server... I'm using a Cisco Appliance on Windows.
[19:45]<zjjv2nnz>any suggestions or help would be greatly appreciated.
[19:46]<msxjv>SecurID came with a TACACS server, once upon a time
[19:46]<msxjv>and a RADIUS server
[19:46]<amjr`>ugh i dont miss tacacs
[19:47]<fjzvxnz>tacacs+ works great -- i haven't had too big an issue with it
[19:47]<msxjv>I'm not a large fan of any of them
[19:48]<msxjv>not real sexy shit, tbh
[19:48]<zjjv2nnz>I'm not for the simple fact it runs on windoze
[19:48]<sag>you would prefer kerberos -authentication?
[19:49]<vcul>FBH^, radius is really a protocol. read rfcs and then hit the server
[19:49]<sag>yeah, the 's' in 'rfcs' is important.
[19:50]<gndyvx>network audits are fun
[19:50]<gndyvx>tacacs+ is easier and better umho
[19:51]<dzzc1lyvn>hey nemith
[19:51]<dzzc1lyvn>a switch in VTP transparent mode..
[19:51]<gndyvx>radius is more extensiable and more vendor independant
[19:51]<gndyvx>I almost always run both from an ACS server
[19:51]<dzzc1lyvn>would it forward pass information to other switches within the vtp domain.?
[19:51]<msxjv>yes
[19:52]<gndyvx>Dark3Lite: yes
[19:52]<dzzc1lyvn>but it does not participate in it..
[19:52]<msxjv>right
[19:52]<dzzc1lyvn>and it doesn't advertise it's own
[19:52]<msxjv>right
[19:52]<dzzc1lyvn>:P
[19:52]<zjjv2nnz>I'm running an RSA (windows) server and I have an appliance which is seperated. The primary ACS works fine.. but the failover doesn't... so I'm scratchin my head :S
[19:52]<dzzc1lyvn>registering the concepts in my head dshot
[19:52]<dzzc1lyvn>because I want to get 1000 on the BCMSN. :P
[19:53]<gndyvx>tacacs+ is a little bit more secure
[19:53]<gndyvx>Dark3Lite: not going to happen :P
[19:53]<dzzc1lyvn>haha
[19:53]<dzzc1lyvn>we'll see
[19:53]<vcul>FBH^, well you mentioned that radius was pissing you off.
[19:53]<dzzc1lyvn>one thing for sure
[19:53]<gndyvx>shoot for the high 900's
[19:53]<dzzc1lyvn>I want to beat your score nemith :p
[19:53]<gndyvx>that still is probably going to be impossible
[19:53]<gndyvx>Dark3Lite: thats easy.. i got my ccnp in like 2 months
[19:53]<gndyvx>i rushed through it
[19:54]<vcul>FBH^, if you want revenge, read on it :)
[19:54]<gndyvx>BCMSN i got like a 780 or something riducously low
[19:54]<dzzc1lyvn>lol
[19:55]<gndyvx>tkup: FYI http://www.faqs.org/rfcs/rfc1492.html
[19:55]<gndyvx>tacacs is a real protocol too
[19:56]<gndyvx>1:49 <+tkup> FBH^, radius is really a protocol. read rfcs and then hit the
[19:56]<gndyvx> server
[19:56]<dffnw>every person I know with a cisco cert doesnt even do networking
[19:56]<sag>oh, no i remember why i had fbh on ignore before
[19:56]<msxjv>ok Dark3Lite, off the top of your head can you tell me what L2 multicast address VTP utilizes?
[19:56]<gndyvx>mplex: thats pretty common for a ccna

Back to #cisco
Or go to some related logs:
#netbsd
#gentoo
#gentoo
#cisco
#python