would anyone care to share the ipexpert latest lab setup in dynamips with me? I downloaded the one from the website, but i think it's still based on the old blueprint (the diagrams don't match up with the connections)
to be honest, as cool as gns is, i find it very hard to only get the l2 visual and not the l3. that would be a huge bonus, to add it as an overlay. it's very hard to see what the l3 architecture is when it is crossed by so many lines :-) But i guess it's still cool to lab small things up, and would be especially helpful if it followed the latest diagrams. If not available, i will try and do it myself, although i really don't want to waste to much time on gns, i've learned it's a huge timesink and distracts more from studying then not. Alef On Jun 2, 2011, at 5:00 PM, [email protected] wrote: > Send CCIE_RS mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_rs > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_RS digest..." > > > Today's Topics: > > 1. lock and key ACL (Alef) > 2. vol1, lab 16.6 lock and key - R6? (Alef) > 3. Re: Need help on this Design (Aaron Moreck) > 4. Re: CLEAR ARP CACHE (Marko Milivojevic) > 5. Re: [OSL| CCIE_RS] GNS3 optimization (Hammer) > 6. Re: CLEAR ARP CACHE (Di Bias, Steve) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 2 Jun 2011 11:25:13 +0100 > From: Alef <[email protected]> > To: "[email protected] IE" <[email protected]> > Subject: [OSL | CCIE_RS] lock and key ACL > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Hi guys, > > Can you use more then 1 dynamic access-list with lock and key ? How does the > autocommand refer to an access-list in the first place, it does not seem to > refer to anything. So i am thinking you can only have 1 dynamic acl across > all your ACL's. > i know cisco says Do not create more than one dynamic access list for any one > access list. The software only refers to the first dynamic access list > defined. > > Cisco's answer is a bit ambiguous to me > Should i interpret it as only 1 for all acl's or one PER acl. If the latter i > don't know how autocommand is supposed to differentiate between multiples. > > Alef > > ------------------------------ > > Message: 2 > Date: Thu, 2 Jun 2011 11:42:11 +0100 > From: Alef <[email protected]> > To: "[email protected] IE" <[email protected]> > Subject: [OSL | CCIE_RS] vol1, lab 16.6 lock and key - R6? > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Hi guys, > now i didn't lab this up yet, just watched the BLS video content on it, i > don't really see how the problem with R6 is overcome? It says we setup a > extended ACL on R5 for lock and key, but unless we shut down the interfaces > on R6 (and thus breaking the adjacencies) i don't see how we can prevent it > from going through R6 and not having this ACL applied. anyone any insight ? i > could maybe set the ACL on R6 but there's already one for the critical > precedence level and a implicit deny any. > > Alef > > ------------------------------ > > Message: 3 > Date: Thu, 2 Jun 2011 09:17:21 -0400 > From: Aaron Moreck <[email protected]> > To: Antonio Dee <[email protected]> > Cc: CCIE_RS OnlineStudyList <[email protected]> > Subject: Re: [OSL | CCIE_RS] Need help on this Design > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > I would agree with Antonio about contacting a security consultant for design > and implementation. > > > To get you started looking in the right direction i would suggest a Cisco > ASA 5510 or 5520 with the AnyConnect Essentials license. This will give you > 250 concurrent users on the 5510 or 750 concurrent users on the 5520. Look > at the specs for total VPN throughput on the 5510 vs. 5520 as well and > don't just make the selection based on user count. > > SSL (Anyconnect) will give you ease of deployment and you will run into less > issues overall vs the traditional IPSEC client. > > The two factor authentication is simply this. Something you have + > something you know . A standard password is 1 factor becasue it is only > something you know. Any example of two factor woudl be RSA securid > tokens. The token is a fob that you can put on your key chain. It has an > always changing 6 digit number. When you login to the VPN you can use > your standard username. The password is a pin number/passowrd followed by a > "," then the 6 digit number that is on the fob at that moment in time. > > So if someone knew your password they dont have the fob and cant login. On > the flip side if you lost your fob they don't know your username or > pin/password and cant login. > > I have used the above solution in an enterprise setup and it works very > nice. RSA integrates with the ASA via RADIUS so you can pass radius > attributes back and forth to further customize user access privileges if > needed. > > Aaron > > > > > On Wed, Jun 1, 2011 at 7:03 PM, Antonio Dee <[email protected]> wrote: > >> >> I think your best bet is get a Security Consultant for your project. >> >> authentication, VPNs (SSL, IPSEc, etc) is handled much better on the CCIE >> Security track , not RS >> >> Cheers! >> Antonio Dee >> CCIE RS #25609 >> >> >>> Date: Wed, 1 Jun 2011 21:17:41 +0530 >>> From: [email protected] >>> To: [email protected] >>> Subject: [OSL | CCIE_RS] Need help on this Design >>> >>> The customer has requested the ability for their developers to connect >>> directly to the current services hosted in SITE a), rather than having to >>> connect to to the 1st Direct network, then come in via the 1st Direct >> WAN. >>> They have a number of developers working from home and small offices, so >>> require some way of connecting from them (VPN or SSL for example). The >>> customer is a financial service, so 2 factor authentication may be >> required. >>> >>> >>> The expectation is that initially there will be 20 users for this >> service, >>> but it is expected to grow to up to 100 concurrent users. Users will be >>> based in the UK and India initially, but access from any internet >> connection >>> globally should be built in. >>> >>> Kindly help me in this design.What is 2 factor authentication >>> What is the difference between SSL and VPn? >>> What is the best approach for me to take in this particular design ? >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> > > > ------------------------------ > > Message: 4 > Date: Thu, 2 Jun 2011 08:33:57 -0700 > From: Marko Milivojevic <[email protected]> > To: Grand Prince <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_RS] CLEAR ARP CACHE > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Can you show the example of it not working please? > > -- > Marko Milivojevic - CCIE #18427 > Senior Technical Instructor - IPexpert > > Free CCIE Training: http://bit.ly/vLecture > > Mailto: [email protected] > Telephone: +1.810.326.1444 > Community: http://www.ipexpert.com/communities > > :: Sent from my phone. Apologies for errors and brevity. :: > > > On Jun 2, 2011, at 2:08, Grand Prince <[email protected]> wrote: > >> The command to clear the cache arp is : >> Router# clear arp-cache >> >> Even after the command , the arp cache still contains the arp entries. >> I thought everything should disappear but no. >> Same thing with this command: >> >> Router# clear ip arp <interface> >> Do you know why? >> Except the command, nothing is not explained on the book i have. >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com > > > ------------------------------ > > Message: 5 > Date: Thu, 2 Jun 2011 10:52:30 -0500 > From: Hammer <[email protected]> > To: Diego Gonzalez <[email protected]> > Cc: CCIE OSL <[email protected]> > Subject: Re: [OSL | CCIE_RS] [OSL| CCIE_RS] GNS3 optimization > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > That is really interesting. I'll be added this to my initial setups. I > haven't really experienced any stability issues but we'll see.... > > > -Hammer- > > "I was a normal American nerd." > -Jack Herer > > > > > > On Wed, Jun 1, 2011 at 2:31 AM, Diego Gonzalez <[email protected]> wrote: > >> Hello, >> >> I also run vol1 lab 15, 25, 32, 33....and every lab worked fine! >> >> Cheers. >> >> >> 2011/6/1 Lukasz Szalacha <[email protected]> >> >>> Hi Guys, >>> >>> >>> I can confirm the same. I've just run vol1 lab 7 for about 3 hours and >>> didn't see any console disconnect. >>> >>> I've also deleted memory-size iomem and warm-reboot and I will see how >>> that works for me. >>> >>> >>> >>> Thanks, >>> Lukasz >>> >>> >>> On Tue, 31 May 2011 20:40:58 +0200, Diego Gonzalez wrote: >>> >>>> Yes. >>>> >>>> For me, since I removed this command from every router, my devices are >>>> working without problems. >>>> I don't know what is the reason but now, its works! >>>> >>>> Cheers. >>>> >>>> 2011/5/31 Hammer >>>> >>>> Diego, >>>>> Are you saying that prior to removing the schedular command >>>>> you experienced routers disconnecting from each other in GNS and >>>>> after removing that command (and nothing else) everything seemed >>>>> more stable? Just trying to clarify..... >>>>> >>>>> >>>>> >>>>> -Hammer- >>>>> >>>>> "I was a normal American nerd." >>>>> -Jack Herer >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, May 27, 2011 at 12:51 PM, Diego Gonzalez wrote: >>>>> >>>>> Hello, >>>>>> >>>>>> I had the same problem but since I remove one commands from >>>>>> initial configs, >>>>>> the issue had resolved and every router is working without >>>>>> problem. >>>>>> >>>>>> The commands that I removed was: >>>>>> >>>>>> scheduler allocate 20000 1000 >>>>>> >>>>>> I hope that it works also for you! >>>>>> >>>>>> Cheers >>>>>> diego. >>>>>> >>>>>> 2011/5/27 Lukasz Szalacha >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> >>>>>>> I've seen that issue couple of times and I've heard there is a >>>>>> way to tweak >>>>>>> GNS3 a bit. >>>>>>> The problem that I have is occasionally I lose the connection >>>>>> to the >>>>>>> routers and I need to restart them have the connection back. >>>>>>> >>>>>>> Please can you share your experience with optimization of the >>>>>> GNS3 on >>>>>>> Ubuntu? >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Regards, >>>>>>> Lukasz >>>>>>> _______________________________________________ >>>>>>> For more information regarding industry leading CCIE Lab >>>>>> training, please >>>>>>> visit www.ipexpert.com [2] >>>>>> >>>>>>> >>>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>>> www.PlatinumPlacement.com [3] >>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab >>>>>> training, please visit www.ipexpert.com [4] >>>>>> >>>>>> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>> www.PlatinumPlacement.com [5] >>>>>> >>>>> >>>> >>>> >>>> Links: >>>> ------ >>>> [1] mailto:[email protected] >>>> [2] http://www.ipexpert.com >>>> [3] http://www.PlatinumPlacement.com >>>> [4] http://www.ipexpert.com >>>> [5] http://www.PlatinumPlacement.com >>>> [6] mailto:[email protected] >>>> [7] mailto:[email protected] >>>> >>> >>> >> > > > ------------------------------ > > Message: 6 > Date: Thu, 2 Jun 2011 11:53:07 -0400 > From: "Di Bias, Steve" <[email protected]> > To: Grand Prince <[email protected]>, "[email protected]" > <[email protected]> > Subject: Re: [OSL | CCIE_RS] CLEAR ARP CACHE > Message-ID: > <2fe030039b8ad14eb4373ca25779c63e91e6325...@corp-exvs01.corp.uhsinc.biz> > > Content-Type: text/plain; charset="us-ascii" > > The "clear arp-cache" is used to remove stale dynamic ARP entries and the > "clear arp interface" is used to do the same just for that interface. However > I've seen this before where the dynamic and stale ARP entries aren't removed. > Typically when I need to remove an ARP entry I use the following command: > > "clear ip arp <ip_address>" > > This command hasn't failed me yet! > > > > Thank you, > > Steve Di Bias > Network Engineer - Information Systems > Valley Health System - Las Vegas > Office - 702- 369-7594 > Cell - 702-241-1801 > [email protected] > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Grand Prince > Sent: Thursday, June 02, 2011 2:09 AM > To: [email protected] > Subject: [OSL | CCIE_RS] CLEAR ARP CACHE > > The command to clear the cache arp is : > Router# clear arp-cache > > Even after the command , the arp cache still contains the arp entries. > I thought everything should disappear but no. > Same thing with this command: > > Router# clear ip arp <interface> > Do you know why? > Except the command, nothing is not explained on the book i have. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > UHS Confidentiality Notice: This e-mail message, including any attachments, > is for the sole use of the intended recipient (s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution of this information is prohibited. If this was > sent to you in error, please notify the sender by reply e-mail and destroy > all copies of the original message. > > End of CCIE_RS Digest, Vol 65, Issue 7 > ************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
