Forum, I was working at a client site today and I came across what looks to me as a very unusual configuration on a switch port. Typically we do not see switch ports which are configured both as a trunk port and an access port. In all actuality, I would say this is an illegal configuration, but the switch allows it.  See the configuration below: interface GigabitEthernet1/0/2  description LA WiFi  switchport access vlan 34  switchport trunk encapsulation dot1q  switchport trunk native vlan 34  switchport mode trunk  speed 100  duplex full  spanning-tree portfast I am not sure exactly how this configuration would even work.  I brought it to the customers attention, and the customer response was that it functions as an access port. Is this configuration legal?  Thanks for any comments or input here... Kevin ... View more

As I am preparing to recertify my CCNP, and am preparing for the route exam, a question came up. IF a routing protocol, for example OSPF, is redistributed into EIGRP, the metric is defined after "redistribute ospf <process ID>" is configured in the EIGRP AS. But there is also a "default-metric" command. Can someone explain why both exist as configurable options in EIGRP?   Thank You. ... View more

Team   I was early performing a "sho env" on a Cat 6506 and i see certain values entitled "CFM".   Here is an example: chassis per slot cooling capacity: 94 cfm ambient temperature: < 55C   module 1 cooling requirement: 84 cfm   module 2 cooling requirement: 84 cfm   module 3 cooling requirement: 70 cfm   module 4 cooling requirement: 70 cfm   module 5 cooling requirement: 35 cfm   module 6 cooling requirement: 70 cfm   what does the "cfm" stand for / represent in this context?..   Thank You. ... View more

Forum I wanted to get some insight on the difference between Transform sets being used in IPSEC tunnels vs. the IKE policies themselves. It gets a bit confusing trying to keep both separate in understanding, especially since the transform sets seem to use some of the same values that the IKE policies do. Here is an example of what I am talking about: Lets say I create the following IKE policy: Lifetime 86400 Hash SHA1 Encryption: 3DES Authentication: Preshare Group : 2 Then on to the Transform set:  crypto IPsec transform set MYSET  esp-3DES esp-MD5-hmac   My questions are these: 1.  what is the transform set transforming specifically? 2.  Is it correct to say that the Transfrom set, in addition to the IKE policy, uses 3DES encryption. 3.  What are the differences between the transform set and the IKE policy?   Thank You       ... View more

Forum I am at a client site today where I am tasked with separating a specific VLAN's traffic away from all the other traffic.  It is for VLAN 33 which is our PCI scope traffic. The client uses a 4506 with a Sup II plus, which I just found out from Cisco TAC does not support PBR. The current configuration consists of a switch fabric with 25 switches and approximately 50 Vlans which all route back to the Core 4506.  It is the router on a stick model, wherein each VLAN for example VLAN 5 has an L3 Gateway of 192.168.5.1 on the Core box, and that is the GW for everything in VLAN 5.  All Vlans route back to the Core.   Leaving Core and heading towards the Internet Edge, we pass thru a Cisco IPS 4240, then thru an ASA 5515x, and then a Border Router. I have a separate Interface Pair on the IPS for the VLAN 33 PCI traffic, and also had a separate interface on the ASA for it as well. I am not sure now how to ship the vlan 33 traffic off of Core to the Edge without PBR being supported here. Any recommendations would be welcome. Thank You in advance. ... View more