- Frequently Asked Questions (FAQ)

 Home >  Computers and Hardware > Frequently Asked Questions (FAQ)

Section 1 of 3 - Prev - Next
All sections - 1 - 2 - 3

Archive-name: cisco-networking-faq
Last-modified: $Date: 1996/04/28 05:55:19 $
Version: $Revision: 1.10 $

This FAQ is edited by John Hawkinson, .


Please contribute answers to the questions in the Todo section! If
your answer is somewhat complicated, posting would probably be best
(to Otherwise, e-mail it to
Please note that a LOT of these questions have been hanging around for
some time, and if knowledgable people could take the time to answer a
few of them, that'd help.

This draft FAQ is in RFC1153 digest format, so you can follow each
question with your newsreader. I suppose that question-numbers should
be moved to the From: field. Note that Date: fields represent
last-modification times for the questions.

Since this FAQ was first developed, cisco has written up a lot of
useful information on their web site,  If you
can't find what you're looking for here, please check there, too.

Table of Contents

1.      How can I contact cisco?
2.      What is this newsgroup?
3.      What does ``cisco'' stand for?
4.      How do I save the configuration of a cisco?
5.      Where can I get ancillary software for my cisco?
6.      Is there a World-Wide-Web (www) information source?
7.      How can I get my cisco to talk to a third party router over 
8.      How can I get my cisco to talk to a 3rd-party router over Frame Relay?
9.      How can I use debugging?
10.     How can I use NTP (Network Time Protocol) with my cisco?
11.     Sample cisco NTP Configurations
12.     How do I avoid the annoying DNS lookup if I have misspelled a command?
13.     Tracing bad routing information
14.     How to use access lists
15.     The cisco boot process
16.     Where can I get cisco hardware?
17.     Where can I get IETF documents (RFCs, STDs, etc.)?
18.     Future features in cisco software
19.     How do cisco routers rate performance-wise?
20.     How are packets switched?
21.     How does one interpret buffer statistics?
22.     How should I restrict access to my router?
23.     What can I do about source routing?
24.     Is there a block of private IP addresses I can use?
25.     Is DHCP supported?
26.     Where can I get cisco documentation?
27.     What's the latest software for the CSC/3?
28.     What IP routing protocol should I use?
29.     How do I interpret the output of ``show version''?
30.     What is the maximum number of Frame Relay PVCs?
31.     How much memory is necessary to telnet to a cisco router?
32.     Where can I purchase flash RAM?
33.     When are static routes redistributed?
34.     When is the next hop of a route considered ``reachable''?
35.     How do name and phone number of ``dialer map'' interfere?
36.     What's the purpose of the network command?
37.     What is VLSM? 
38.     What are some methods for conserving IP addresses for serial lines?
39.     Why do some ip addresses get rejected?
40.     How do 4xxx serial numbers correspond to models?
41.     Where can I find more info on TACACS+
99.     Acknowledgements.


*  What is SNMP and how can I use it? What software is available and how do
   I use cisco enterprise MIBs? MIBs on and
*  Pointers to other net resources, like comp.protocols.tcp-ip, RFCs,
   the firewalls mailing list, etc (bgpd?[or is it cidrd now? :-)]).
*  Hints about confusing and not-well documented things like xtacacs...
*  Comments on interoperability issues WRT other vendors.
*  What's SMARTnet, why should I subscribe, how much does it cost,
   and what do I get?
*  What should I name my router, my interfaces, etc.?
*  Should we adjust the buffer parameters on the routers?  What should
   be the indicator before tunning the buffer parameters?  How should
   one fine tune the buffer parapeters?
*  What is CIDR and why do I care (or a more general acronym decoder) ?
*  How do I configure my cisco to use variable-length subnetting ?
*  Is there a block of private network numbers I can use
   within my organization only?  When should I use them?
   How do I access them from outside?
*  What do I do if I have to partition a network number?
*  Questions and answers about access lists
   access-list reference list (lots of questions on that)
*  I forgot to mention that routing DECnet over X.25 is a problem.
*  Where PD network applications for SLIP/PPP are.
*  What is HSRP and how does it work?  When is it available (10.0)
   (Hot Standby Routing Protocol)
*  Should I run 10.0, 10.2, 10.3, 11.1, or what?
*  What's the difference between IBGP and EBGP? Why should I run BGP?

Actual content.


From: Question 1
Date: 31 October 1994
Subject: How can I contact cisco?

Corporate address:

                cisco Systems
                170 West Tasman Drive
                San Jose, CA 95134

The following phone numbers are available:

  Technical Assistance Center (TAC)                     +1 800 553 2447
                                                              (553 24HR)
                                                        +1 800 553 6387
                                                        +1 408 526 8209
  Customer Service (Documentation, Warranty &           +1 800 553 6387
      Contract Services, Order Status
  Engineering                                           +1 800 553 2447
                                                              (553 24HR)
  On-site Services, Time & Materials Service            +1 800 829 2447
                                                              (829 24HR)
  Corporate number / general                            +1 408 526 4000
  Corporate FAX (NOT tech support)                      +1 408 526 4100

The above 800 numbers are US/Canada only.

cisco can also be contacted via e-mail:           Technical Assistance Center      European TAC        Literature and administrative (?) requests            *UNRELIABLE*, special-interest, ``non-support''

Please follow the directions available on CIO before doing this.
cisco provides an on-line service for information about their routers
and other products, called CIO (cisco Information Online).  telnet to for more details.

The collective experience of this FAQ indicates that it is far wiser to
open a case using e-mail than FAXes, which may be mislaid, shredded,

For those of you still in the paperfull office (unlike the rest of us),
cisco Systems' new corporate address is:

        170 West Tasman Drive
        San Jose, CA 95134

Mail to should include your service contract number, your name,
telephone number, a brief one line problem/question description, and a
case  priority in the  first 5 lines. For example:

        Cisco service contract number       92snt1234a 
        First and last name                 Jane Doe 
        Best number to contact you          415-555-1234 
        Problem/question description        Cannot see Appletalk zones 
        Case Priority                       3

CASE PRIORITIES are defined as one of the following:

Pri 1           Production network down, critical business impact 
Pri 2           Production net seriously degraded, serious impact 
Pri 3           Network degraded, noticeable impact to business 
Pri 4           General information, non production problems


From: Question 2
Date: 26 July 1994
Subject: What is this newsgroup?, which is gatewayed to the mailing list, is a newsgroup for discussion of cisco
hardware, software, and related issues. Remember that you can also
consult with cisco technical support.

This newsgroup is not an official cisco support channel, and should
not be relied upon for answers, particularly answers from cisco
Systems employees.

Until recently, the mailing list was gatewayed into the newsgroup,
one-way. It is possible that this arrangement may resume at somet time
in the future.


From: Question 3
Date: 31 October 1994
Subject: What does ``cisco'' stand for?

cisco folklore time:

At one point in time, the first letter in cisco Systems was a
lowercase ``c''. At present, various factions within the company have
adopted a capital ``C'', while fierce traditionalists (as well as some
others) continue to use the lowercase variant, as does the cisco
Systems logo. This FAQ has chosen to use the lowercase variant

cisco is not C.I.S.C.O. but is short for San Francisco, so the story
goes.  Back in the early days when the founders Len Bosack and Sandy
Lerner and appropriate legal entities were trying to come up with a
name they did many searches for non similar names, and always came up
with a name which was denied. Eventually someone suggested ``cisco''
and the name wasn't taken (although SYSCO may be confusingly similar
sounding). There was an East Coast company which later was using the
``CISCO'' name (I think they sold in the IBM marketplace) they ended
up having to not use the CISCO abberviation.  Today many people spell
cisco with a capital ``C'', citing problems in getting the lowercase
``c'' right in publications, etc. This lead to at least one amusing
article headlined ``Cisco grows up''. This winter we will celebrate
our 10th year.

[This text was written in July of 1994 -jhawk]


From: Question 4
Date: 31 October 1994
Subject: How do I save the configuration of a cisco?

If you have a tftp server available, you can create a file on the
server for your router to write to, and then use the write network
command. From a typical unix system:

        mytftpserver$ touch /var/spool/tftpboot/myconfig
        mytftpserver$ chmod a+w /var/spool/tftpboot/myconfig

        myrouter#write net
        Remote host []?
        Name of configuration file to write [myrouter-confg]? myconfig
        Write file foobar on host [confirm] y

Additionally, there's a Macintosh TFTP server available:

Additionally, you can also use expect, available from:

or, in shar form from

Expect allows you to write a script which telnets to the router and
performs a ``write terminal'' command, or any other arbitrary set of
command(s), using a structured scripting language (Tcl).


From: Question 5
Date: 5 July 1994
Subject: Where can I get ancillary software for my cisco?

Try ftping to

It's a hodgepodge collection of useful stuff, some maintained and some
not. Some is also available from

Vikas Aggarwal has a very customised tacacsd:

A new version of xtacacsd is available via anonymous FTP from:


From: Question 6
Date: 28 April 1996
Subject: Is there a World-Wide-Web (www) information source?

You can try the WWW page for this FAQ:

or the cisco Educational Archive (CEA) home page:

or the cisco Information Online (CIO) home page:


From: Question 7
Date: 5 July 1994
Subject: How can I get my cisco to talk to a third party router over 
a serial link?

You need to tell your cisco to use the same link-level protocol as the
other router; by default, ciscos use a rather bare variant of HDLC
(High-level Data Link Control) all link-level protocols use at some
level/layer or another. To make your cisco operate with most other
routers, you need to change the encapsulation from HDLC to PPP on the
relevant interfaces. For instance:

        sewer-cgs#conf t
        Enter configuration commands, one per line.
        Edit with DELETE, CTRL/W, and CTRL/U; end with CTRL/Z
        interface serial 1
        encapsulation ppp

        sewer-cgs#sh int s 1
        Serial 1 is administratively down, line protocol is down 
          Hardware is MCI Serial
          MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
          Encapsulation PPP, loopback not set, keepalive set (10 sec)

If you're still having trouble, you might wish to turn on serial interface

        sewer-cgs#ter mon
        sewer-cgs#debug serial-interface


From: Question 8
Date: 27 July 1994
Subject: How can I get my cisco to talk to a 3rd-party router over Frame Relay?

You should tell your cisco to use ``encapsulation frame-relay ietf''
(instead of ``encapsulation frame-relay'') on your serial interface
that's running frame relay if your frame relay network contains a
diverse set of manufacturers' routers. The keyword ``ietf'' specifies
that your cisco will use RFC1294-compliant encapsulation, rather than
the default, RFC1490-compliant encapsulation (other products, notably
Novell MPR 2.11, use a practice sanctioned by 1294 but deemed verbotten
by 1490, namely padding of the nlpid).  If only a few routers in your
frame relay cloud require this, then you can use the default
encapsulation on everything and specify the exceptions with the
frame-relay map command:

        frame-relay map ip 56 broadcast ietf

(ietf stands for Internet Engineering Task Force, the body which
evaluates Standards-track RFCs; this keyword is a misnomer as both
RFC1294 and RFC1490 are ietf-approved, however 1490 is most recent and
is a Draft Standard (DS), whereas 1294 is a Proposed Standard (one step
beneath a DS), and is effectively obsolete).


From: Question 9
Date: 26 July 1994
Subject: How can I use debugging?

The ``terminal monitor'' command directs your cisco to send debugging
output to the current session. It's necessary to turn this on each time
you telnet to your router to view debugging information. After that,
you must specify the specific types of debugging you wish to turn on;
please note that these stay on or off until changed, or until the
router reboots, so remember to turn them off when you're done.

Debugging messages are also logged to a host if you have trap logging
enabled on your cisco. You can check this like so:

        sl-panix-1>sh logging
        Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
            Console logging: level debugging, 66 messages logged
            Monitor logging: level debugging, 0 messages logged
            Trap logging: level debugging, 69 message lines logged
                Logging to, 69 message lines logged

If you have syslog going to a host somewhere and you then set about a
nice long debug session from a term your box is doing double work and
sending every debug message to your syslog server. Additionally, if you
turn on something that provides copious debugging output, be careful
that you don't overflow your disk (``debug ip-rip'' is notorious for

One solution to this is to only log severity ``info'' and higher:

        sl-panix-1#conf t
        Enter configuration commands, one per line.  End with CNTL/Z.
        logging trap info

The other solution is to just be careful and remember to turn off
debugging. This is easy enough with:

        sl-panix-1#undebug all

If you have a heavily loaded box, you should be aware that debugging
can load your router.  The console has a higher priority than a vty so
don't debug from the console; instead, disable console logging: t
        Enter configuration commands, one per line.  End with CNTL/Z.
        no logging console

Then always debug from a vty.  If the box is busy and you are a little
too vigorous with debugging and the box is starting to sink, quickly
run, don't walk to your console and kill the session on the vty.  If
you are on the console your debugging has top prioority and then the
only way out is the power switch.  This of course makes remote
debugging a real sweaty palms adventure especially on a crowded box.
Caveat debugger!

Also, if you for some reason forget what the available debug commands
are and don't have a manual handy, remember that's what on-line help
is for. Under pre 9.21 versions, ``debug ?'' lists all commands. Under
9.21 and above, that gives you general categories, and you can check
for more specific options by specifying the category: ``debug ip ?''.

As a warning, the ``logging buffered'' feature causes all debug
streams to be redirected to an in-memory buffer, so be careful using

Lastly, if you're not sure what debugging criteria you need, you can
try ``debug all''. BE CAREFUL!  It is way useful, but only in a very
controlled environment, where you can turn off absolutely everything
you're not interested in.  Saves a lot of thinking.  Turning it on on
a busy box can quickly cause meltdown.


From: Question 10
Date: 5 July 1994
Subject: How can I use NTP (Network Time Protocol) with my cisco?

>What level of software is required for NTP support in
>a cisco router?

9.21 or above.

>Which cisco routers support NTP?

It is a software feature exclusively. Anything that supports
9.21 or 10 will run NTP (when running that s/w).

>How do I set it up?

The basic hook is:
        ntp server  [version n]
        ntp peer  [version n]

depending on whether you want a client/server or peer relationship.
There's a bunch of other stuff available for MD5 authentication,
broadcast, access control, etc.  You can also use the
context-sensitive help feature to puzzle it out; try ``ntp ?'' in
config mode.

You'll also want to play with the SHOW NTP * router commands.  Here
are two examples.


router# show ntp assoc

      address         ref clock     st  when  poll reach  delay  offset    disp
+~      .WWVB.            1   109   512  377    97.8   -2.69    26.7
*~     .GOES.            1   309   512  357    55.4   -1.34    27.5
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured


router#show ntp stat
Clock is synchronized, stratum 2, reference is
nominal freq is 250.0000 Hz, actual freq is 249.9981 Hz, precision is 2**19
reference time is B1A8852D.B69201EE (12:36:13.713 PDT Tue Jun 14 1994)
clock offset is -1.34 msec, root delay is 55.40 msec
root dispersion is 41.29 msec, peer dispersion is 28.96 msec

For particular cisco NTP questions, feel free to ask in

For broader NTP info, see  The file
clock.txt in that directory has info about various public NTP servers.
There is also information on radio time receivers that can be
connected to an NTP server (this is handy on private networks, if you
have an entire campus to get chiming, or if you become a hard core

The ``ntp clock-period'' command is added automagically to jump-start
the NTP frequency compensation when the box is rebooted.  This is
essentially a representation of the frequency of the crystal used as
the local timebase, and may take several days to calculate otherwise.
(Do a ``write mem'' after a week or so to save a good value.)

Caveat of obsolecence: Note that the CS-500 will not be able to
achieve quite the same level of accuracy as other platforms, since its
hardware clock resolution is roughly 242Hz instead of the 1MHz
available on other platforms.  In practice this shouldn't matter for
anyone other than true time geeks.


From: Question 11
Date: 5 July 1994
Subject: Sample cisco NTP Configurations

You will need to substitute your own NTP peers, timezones, and GMT
offsets into the examples below, of course.  Example 1 is in US Central
Time Zone, while example 3 is in US Pacific Time Zone.  Both account
for normal US Daylight Savings Time practices.

EXAMPLE 1 (Charley Kline):
clock timezone CST -6
clock summer-time CDT recurring
ntp source eth 0
ntp peer 
ntp peer 
ntp peer 

EXAMPLE 2 (Tony Li):
ntp source Ethernet0/0
ntp update-calendar
ntp peer  
ntp peer  prefer

EXAMPLE 3 (Dave Katz):
service timestamps debug datetime localtime
service timestamps log datetime localtime
clock timezone PST -8
clock summer-time PDT recurring
interface Ethernet0
ip address 
ntp broadcast
ntp clock-period 17180319
ntp source Ethernet0
ntp server 
ntp server 
ntp server 

        The config file is commented with date and time (and user id,
if TACACS is enabled) when the system thinks the clock is accurate.
I've enabled timestamping of debug and syslog messages.  I send NTP
broadcast packets out onto the local ethernet.  I'm in Pacific
Standard Time, with U.S. standard daylight saving time rules.  I use
the IP address of the ethernet as the source for all NTP packets.


From: Question 12
Date: 5 July 1994
Subject: How do I avoid the annoying DNS lookup if I have misspelled a command?
By default, all lines are configured to automatically try a telnet
connection if the first word in a input line is not recognized as a
valid command.  You can disable this by setting ``transport preferred
none'' on every line (con, aux and vty). For instance:

        sl-panix-1#conf t
        Enter configuration commands, one per line.  End with CNTL/Z.
        line vty 0 10
        transport preferred none

You can see the number of vty's currently configuered with ``show lines''

Also, you can suspend connect attempts with ^^ followed by ``x'', ie
shift-cntrl-6 x.

[It has been suggested that ``no ip ipname-lookup'' to turn off IEN116
helps. I think this is the default -jhawk ]

From: Question 13
Date: 31 Oct 1994
Subject: Tracing bad routing information

or: How do I find out which non-cisco systems on my networks generate IP-RIP
   information without letting them mess up my routing tables.
Here you could work with a default administrative distance.
Administrative distance is the basis upon which the cisco prefers
routing information of one protocol over another. In this example:

        router rip
        distance 255
        distance 120     ! list all valid RIP suppliers

the value 255 has the implicit meaning of not putting this information
into the routing table. Therefore, setting an administrative distance
of 255 means that all RIP suppliers are by default accepted but their
information is not put into the routing table. The administrative
distance for the router has been reset to the default
(for RIP) of 120, causing its routes to be accepted into the routing table.

Then you can look them up with ``show ip protocols'' and restore the
original administrative distance for the ones you want to fill in the
routing table.

The same results can be acheived with an ip access-list, but with
that, ``show ip protocols'' will only show the valid ones. But often
it is more useful to see which systems were generating routing
information at all.

This trick works for other routing protocols as well, but please select
the proper adminstrative distance (rather than 120) for the protocol
you're using.


From: Question 14
Date: 5 July 1994
Subject: How to use access lists

[The following is wholesale included; at some point it'll
probably be editted a bit and reformatted... -jhawk ]

                    Frequently Asked Questions
                    contributed by Howard C. Berkowitz
                    PSC International
                [probably will be my permanent 
                                     personal account]
                    PSC's domain is in mid-setup

Where in the router are access lists applied?

    In general, Basic access lists are executed as filters on
outgoing interfaces.  Newer releases of the cisco code, such as
9.21 and 10, do have increased ability to filter on incoming ports.
Certain special cases, such as broadcasts and bridged traffic,
can be filtered on incoming interfaces in earlier releases.
There are also special cases involving console access.

Rules, written as ACCESS-LIST statements, are global for the entire
cisco box; they are activated on individual outgoing interfaces by
ACCESS-GROUP subcommands of the INTERFACE major command.
    Filters are applied after traffic has entered on an incoming
interface and gone through a routing process; traffic that originates in
a router (e.g., telnets from the console port) is not subject to

             |     GLOBAL        |
             |                   |
             | Routing           |
             | ^  v       Access |
             | ^  v       Lists  |
             | ^  v        ^   v |
             | ^  v        ^   v |
A----------->|-|  |>>>>Access  >>----------->B
             |1        Group   2 |
<------------|                   |<-----------
             |                   |
             |                   |

    Some types of ``filter,'' using ``filter'' as a broader class than
ACCESS-LIST, can operate on incoming traffic.  For example, the INPUT-
SAP-FILTER used for Novell networks is applied to Service Advertisement
Packets (SAP) seen at incoming interfaces.  In general, incoming
filtering can only be done for ``system'' rather than user traffic.

Rules of thumb in defining access lists.

    First, define what you want to do and in which directions.  An
informal drawing is a good first step.  As opposed to the usual
connectivity drawings among routers, it's often convenient to draw
unidirectional links between routers.
    Second, informally write out your filtering rules.  In general, it
is best to go from most specific to least specific. Modify the order of
writing things to minimize the number of rules needed.
    Third, determine which rules need to be on which routers.
Explicitly consider the direction of flow, and the possible existence of
additional paths that could inadvertently bypass a filter.

Can a cisco router be a ``true'' firewall?

    This depends on the definition of firewall.  Some writers (e.g.,
Gene Spafford in _Practical UNIX Security_) define a firewall as a
host on which an ``inside'' and/or an ``outside'' application process run,
with application-level code linking the two.  For example, a firewall
might provide FTP access to the outside world, but it would not also
provide direct FTP service to the inside world.  To place a file on
the FTP external server, a designated user would explicitly log onto
the FTP server, transfer a file to the server, and log off.  The
firewall prevents direct FTP connectivity between the inside and
outside networks; only indirect, application-level connectivity is
   Firewalls of this sort are complemented by chokes, which filter on
network addresses and/or port numbers.  Cisco routers cannot do
application-level control with access control lists.
   Other authors do not distinguish between chokes and filters.  Using
the loose definition that a firewall is anything that selectively blocks
access from the inside to the outside, routers can be firewalls.

IP Specific

Can the ``operand'' field be used with a protocol keyword of IP to filter
on protocol ID?

    No.  Operand filtering only works for TCP and UDP port numbers.

How can I prevent traffic for a certain Internet application to flow in
one direction but not the other?

    Remember that Internet applications flow from client port to server
port.  Denying traffic from port 23, for example, blocks flow from the
client to the server.

             |                   |
A----------->|                   |----------->B
             |1                 2|
<------------|                   |<-----------
             |                   |

    If we deny traffic to Port 23 of address B by placing a filter at
interface 2, we have blocked A's ability to telnet to B, but not B's
ability to telnet to A.  A second filter at interface A would be needed
to block telnet in both directions.
    Assume that we only have the filter at interface 2.  Telnets to A
from B will not be affected because the filter at 2 does not check
incoming traffic.

With the arrival of in-bound access lists in 9.21, it should be noted
that both inbound and access lists are about equally efficient, in
case any of you were wondering.

It's worth remembering that there are some kinds of problems
that packet-filtering firewalls are not best suited for. There's
reasonably good information in:

	"Network (in)security through packet filtering"


From: Question 15
Date: 26 July 1994
Subject: The cisco boot process

What really happens when a cisco router boots, from boot start to live
First it boots the ROM os version.  It reads the config.  Now, it
realizes that you want to netboot.  It loads the netbooted copy in on
top of itself.  It then re-initializes the box and re-reads the
config.  Manly, yes, but we like it too....

[[ Ummm... in particular it loads the netbooted copy in as WELL as
itself, decompresses it, if necessary, and THEN loads on top of
itself.  Note that this is important because it tells you what the
memory requirements are for netbooting: RAM for ROM image (if it's a
run from RAM image), plus dynamic data structures, plus RAM for
netbooted image. ]]
The four ways to boot and what happens (sort of):
           I (from bootstrap mode)
The ROM monitor is running.  The I command causes the ROM monitor to
walk all of the hardware in the bus and reset it with a brute force
hammer.  If the bits in the config register say to auto-boot, then
goto B
           B (from bootstrap mode)
Load the OS from ROM.  If a name is given, tell that image to start
silently and then load a new image.  If the boot system command is
given, then start silently and load a new image.

Section 1 of 3 - Prev - Next
All sections - 1 - 2 - 3

Back to category Computers and Hardware - Use Smart Search
Home - Smart Search - About the project - Feedback

© | Terms of use