FCS Errors between 2 5500's [7:64180]
Elijah, What kind of GBICs are you using? If they're LX and MM fiber, are you using mode-conditioning cables? Chuck Church CCIE #8776, MCNE, MCSE > From: Elijah Savage [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 8:27 AM To: [EMAIL PROTECTED] Subject: FCS Errors between 2 5500's [7:64072] All, Last night I had to shutdown a gig fiber trunk between 2 5500's to run on a 100M trunk we setup as a backup. The FCS errors are only showing up on one side the fiber between the 2 cats were replaced but the errors are still showing up. Which side would you all say you would replace the fiber daughter card the one with the errors or the side without the errors? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64180&t=64180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: CCIE Self-Employment [7:62367]
Yes. Money will depend on your skill level with both Cisco and other products as well, such as Unix, NW, MS, etc. It could be $30/hour, could be $100. Location is probably almost as important. NYC pays pretty well, but it cost's $50 to park a car for 4 hours! The thing about consulting like this is you need be a salesperson at times. Personally, I hate salespeople, and therefore don't make a good one myself. There's also more responsibility, as far as finding your own insurance, paying taxes, etc. If you can find a headhunter who will place you as a 1099 employee, that's usually pretty good, but I haven't heard from my headhunter in months :(I was on an indefinite project for a year, but that ended when they outsourced. Since then it's all been small projects, mostly complicated installs involving layer 3 switching. It's a tough market, and getting a name for yourself can be difficult. Personally, I'm looking for a full time position now. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Jay Greenberg" To: ; Sent: Monday, February 03, 2003 12:14 PM Subject: CCIE Self-Employment > Any CCIEs on the list in business for themselves? What's the money > like, what sort of companies do you work for? Do you do short-term or > long term contracts? Hourly work? > > Thanks, > > -- > Jason Greenberg, CCIE #11021 > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62367&t=62367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: L3 Switching & Swtich/Router Comparsion [7:62273]
I got into this discussion kind of late, but here's my take: Functionally, you can configure either to do what you want. But a 1 armed router has a couple major limitations that a layer 3 switch doesn't. A layer 3 switch has ASICs (application specific integrated chip/circuit) that can perform MAC re-writes, RIB/FIB lookups, rate-limiting, QOS, and ACL at wire speed without bothering the CPU of the device. A 1 armed router needs to use the CPU for some of these functions, and will quickly become a bottleneck after a certain level of traffic is passing through. Also, a 1 armed router is limited by it's 1 arm :) That link will be limited to 100 mb/sec (unless you move up to a 72xx or higher router, where gig is possible). So for instance if you're copying a large file between VLANs, it'd be pretty easy to use up all the bandwidth of that 100 mbit full duplex link, even if the CPU wasn't working hard on the 1 armed router. Moving to a layer 3 switch typically bumps that layer 3 device to layer 2 backplane a multi-gigabit speed connection. So if your traffic between vlans will ever exceed 100 mbit, you can either shell out huge bucks for a 72xx, or get a real QOS-friendly 3550 that is both faster and cheaper. Of course if you need WAN modules in the device that's another story. I was sent this chart a while ago listing speeds of various routers and switches: > Router Performance Specs > > Router Switching Performance - Performance based on 64 Byte packets > > PlatformProcess Fast Fast >SwitchingSwitching Switching > (PPS) (Mb/S) > --- > 1400 6004,000 2,048,000 > 16006004,000 2,048,000 > 1700 1,5008,400 4,300,800 > 25008004,400 2,252,800 > 261X 1,500 15,000 7,680,000 > 262X 1,500 25,000 12,800,000 > 265X 2,000 37,000 18,944,000 > 3620 2,000 40,000 20,480,000 > 3640 4,000 80,000 40,960,000 > 3660 12,000 120,000 61,440,000 > MC38102,000 10,000 5,120,000 > 4000 1,800 14,000 7,168,000 > 4500 5,000 40,000 20,480,000 > 4700 7,000 50,000 25,600,000 > 7120 13,000 175,000 89,600,000 > 7140 20,000 300,000153,600,000 > 7200-NPE100 7,000 100,000 51,200,000 > 7200-NPE150 10,000 150,000 76,800,000 > 7200-NPE175 9,000 175,000 89,600,000 > 7200-NPE200 13,000 200,000102,400,000 > 7200-NPE225 13,000 225,000115,200,000 > 7200-NPE300 20,000 300,000153,600,000 > 7200-NPE400 20,000 400,000204,800,000 > 7200-NSE-1 20,000 300,000153,600,000 > uBR-NPE150 10,000 100,000 51,200,000 > uBR-NPE200 13,000 150,000 76,800,000 > 7000-RP 2,500 30,000 15,360,000 > 7500-RSP2 5,000 220,000112,640,000 > 7500-RSP4 8,000 345,000176,640,000 > 7500-RSP822,000 470,000240,640,000 > Cat 2948G-L3N/A 10,000,000 5,120,000,000 > Cat 4908G-L3N/A 12,000,000 6,144,000,000 > Cat 4232-L3 N/A6,000,000 3,072,000,000 > Cat -RSM 14,000 175,000 89,600,000 > Catalyst-RSFC170,000 87,040,000 > Catalyst-RSFC/NFFCII 2,000,000 1,024,000,000 > Catalyst-MSFC (IP,IPX)15,000,000 7,680,000,000 > Catalyst-MSFC (Other)170,000 87,040,000 > Catalyst-MSFC2 (IP,IPX) 15,000,000 7,680,000,000 > Catalyst-MSFC2 (Other) 680,000 348,160,000 > Catalyst-MSFC (X-bar) 30,000,000 15,360,000,000 > > NOTE: VIP2 Distributed Switching significantly increases > the performance on RSP platforms. Chuck Church CCIE #8776, MCNE, MCSE >>>>Please advice if there are any difference in the >>> >>>functionalities etc. if I >>> >>>>use >>>> >>>>1) a L3 switch for routing between VLANs, >>>>2) a L2 switch followed by a router for routing >>> > between VLANs. > >>>1) define "functionality" >>> >>>2) define "difference" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62273&t=62273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Buffer tuning [7:60647]
I assume you're running in Hybrid mode (IOS on MSFC, CatOS on Sup). 12.1.9 to 12.1.11 had that problem. Not exactly sure about the versions, but I know it's fixed in 12.1.13. The medium buffer category will disappear after the upgrade, and the normal small, middle, etc will have few, if any, misses. Chuck Church CCIE #8776, MCNE, MCSE >Date: Wed, 8 Jan 2003 13:13:13 GMT >From: "[EMAIL PROTECTED]" >Subject: Re: Buffer Tuning [7:60526] Any thoughts on that? == Is it possible to tune the medium buffer? I did find how to tune the middle buffer on the Cisco pages, but nothing about medium buffer. Also, I do not have that option on the 6509 MSFC. The number of failures is very high, and that is why I want to tune it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60647&t=60647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Subject: Re: question - how many commands are there [7:60086]
I just recieved my 12.2 complete doc set the other day. 123 lbs in all, must have been about 30 to 35 books, in a box the size of a Cat4006. The command references are just the right size for curls :) Chuck Church CCIE #8776, MCNE, MCSE >Date: Wed, 1 Jan 2003 14:37:04 GMT >From: "Howard C. Berkowitz" >Subject: Re: question - how many commands are there [7:60051] >As a vague context, I weighed the 9.x command reference on my kitchen >scale, and it was four ounces or so. 10.x was about ten ounces. >11.x slammed the pointer beyond the limit with a loud thump. >I have not repeated the experiment with 12.x. When I want to lift >that much, I use barbells. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60086&t=60086 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:Laying Cable Accross the Pond [7:59994]
Travis, I've often wondered the same thing. I dug this up on google. Amazingly it dates back to the 1890s! http://www.atlantic-cable.com/ Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59994&t=59994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routers multicast address 224.0.0.2 [7:59666]
HSRP uses 224.0.0.2, UDP port 1985. Any ACLs blocking this? Is IGMP snooping enabled all places between the two routers? Check out: http://www.cisco.com/en/US/tech/tk648/tk365/technologies_q_and_a_item09186a0 0800a9679.shtml for more info. Also, check the switch's multicast forwarding tables. HTH. Chuck Church CCIE #8776, MCNE, MCSE > > Mohannad Khuffash wrote: > > > > Hi ... > > > > I have tried to configure HSRP on two 3660 routers, I > > configured them > > straight forward where only a little commands needed.But HSRP > > don't worked > > well ! The reason simply was that they are not seeing the HSRP > > hello > > messages so every one act as the active one ! When I checked > > the problem > > more, I discovered that both of them are not seeing the > > 224.0.0.2 messages > > by using the SHOW IP INTERFACE command where none of the > > interfaces of the > > two routers are joined for this multicast group ! > > My question now is how I can make them joined to 224.0.0.2 > > which should be > > the default configuration ? Or may be I'm wrong in my > > investigation ?! > > > > Thanks for your help > > > > -- > > > > > > > > > > > > > > > > Mohannad Khuffash Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59666&t=59666 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: campus LAN design w/DHCP server [7:59664]
Hey Priscilla, I feel about 10 times better knowing it's a fast ethernet :) If there's anyway to localize the traffic, such as putting department X's clients and servers on vlan 100, and department Y's clients/servers on the other, it'd be optimal. But even if you can't it should run pretty well. Worse comes to worse, they could always buy a 3550 and have that route between VLANs at like light speed. Which ghosting software is the client using? I thought that Ghost itself used multicast and was IGMP aware. Chuck Church CCIE #8776, MCNE, MCSE > > It's a fast Ethernet trunk, actually. I forgot to mention that. He does have > some internal servers. Do you think in and out of a Fast Ethernet trunk will > be less of a problem? > > You know my first reaction was also just move the subnet mask over. But he > didn't seem to want to do that. > > He had a broadcast meltdown last week. Perhaps that's why he's concerned. He > was using ghosting software. > > Thanks for the input! > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59664&t=59664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem with initiating PPTP connection behind [7:59663]
Eric, To get PPTP to work with PAT, you need to play with it like you do with IPSec. Check out: http://www.cisco.com/en/US/tech/tk648/tk369/technologies_configuration_examp le09186a00800949c0.shtml You need to statically map TCP 1723 on the outside to your inside PC, same port. At one time I thought it needed GRE, but I don't see it listed on that doc. HTH. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Neil Moore" To: "eric nguyen" ; ; Sent: Friday, December 20, 2002 5:58 PM Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT > Its all broken... I will give you 500 bux for that pix ..no problem! > > Neil Moore CCIE#10044 > - Original Message - > From: "eric nguyen" > To: ; > Sent: Friday, December 20, 2002 4:47 PM > Subject: problem with initiating PPTP connection behind a Pix Firewall via > PAT > > > > I just replace my home linux "iptables" firewall fwith a "franken" pix > firewall > > > > (700MHz CPU/512MB RAM/16MBFlash) running version 6.2(2) with PDM 2.1(1). > > > > My internal network is 172.16.1.0/24 with the "inside" interface of the > firewall is > > > > 172.16.1.254. The "outside" interface of the firewall is 4.64.1.100. I > also have > > > > a "dmz" 172.17.1.0/24 network with the Pix interface IP of 172.17.1.254. > Machines > > > > on both the "inside" and "dmz" access the Internet via Port Address > Translation > > > > (PAT) to the "outside" interface and it seems to work OK. On the "inside" > network, > > > > I have a Websense filter server (IP 172.16.1.2) to do url filtering for > both the "inside" > > > > and "outside" interface. I use Websense server to filter out traffics > that I don't want > > > > my children to see. Everything is working great with a minor exception: > > > > I need to make a PPTP connection from a laptop on the "inside" network (IP > > > > 172.16.1.100) to a PPTP server at my work place. The problem is that the > > > > connection keeps timing out. The connection time out at the "verify > username and > > > > password". To make sure that this is not a problem with my laptop, I hook > my > > > > laptop directly to the cable modem (I have roadrunner). Since my laptop > has a valid > > > > external IP address, PPTP works. If I place the laptop on the "inside" > network > > > > behind the "franken" pix, PPTP doesn't work. I even make the firewall > "wide-open" for > > > > both inbound and outbound and it still doesn't work. Now if I replace the > "franken" > > > > pix firewall with a linux firewall, PPTP works just fine through IP > masquerading which > > > > is equivalent to PAT. > > > > My question is this: has anyone been able to successfully initiate a PPTP > > > > from behind a Pix firewall via Port Address Translation (PAT)? Does it > even work > > > > at all with PAT? I am starting to have serious doubt with Cisco Pix > firewall. It costs > > > > me $500 to build this "franken" pix firewall. With the CPU, memory and > flash, this > > > > "franken" pix is equivalent to a Cisco Pix525 (minus the Gigabit > Interface) and it can > > > > not even do a simple thing like allowing PPTP through PAT. My linux > firewall is > > > > running on a Pentium 90Mhz with 64MB of RAM and PPTP works just fine, and > it > > > > costs me $20 for that old system. > > > > I think PPTP will work with static NAT but I don't have an extra public IP > to spare. > > > > If anyone has PPTP works through PAT, please reply. Thanks. > > > > Eric. > > > > Here is my Pix configuration > > > > HERNDON-PIX# wr t > > > > Building configuration... > > > > : Saved > > > > : > > > > PIX Version 6.2(2) > > > > nameif ethernet0 outside security0 > > > > nameif ethernet1 inside security100 > > > > nameif ethernet2 dmz security99 > > > > nameif ethernet3 dmz2 security98 > > > > enable password * encrypted > > > > passwd * encrypted > > > > hostname HOME-PIX > > > > domain-name home.com > > > > clock timezone est -5 > > > > clock summer-time est dat
Re: problem with initiating PPTP connection behind [7:59673]
You know, IPSec is far more secure than PPTP, especially if you're dealing with an MS PPTP server. Sound's like you need a PIX at work... Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: eric nguyen To: [EMAIL PROTECTED] ; 'Chuck Church' ; [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, December 20, 2002 10:27 PM Subject: RE: problem with initiating PPTP connection behind a Pix Firewall via PAT Thanks for the info. This absolutely sucks. I am sure there are many folks out there with broadband connection like myself, cable modem or DSL, that has only one external IP address. Those folks might be using Cisco Pix501, Pix506 or Pix506E for their home firewall. I am sure they need to connect to their corporate network via PPTP just like myself. Now I have no choice but to switch back to my Linux firewall. Pix firewall, what a piece of shit. For an expensive product like that, you would think that Cisco makes an effort to make PPTP work via PAT. Enough of me venting off my frustration. Thanks everyone for your help. Eric "Raymond Jett (rajett)" wrote: Hmmm To quote cisco.com... PPTP through the PIX with Port Address Translation (PAT) does not work because there is no concept of ports in GRE. That was from: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura tion_example09186a0080094a5a.shtml This URL shows you how to do it with NAT... Although, interestingly enough... You can do it with IOS: http://www.cisco.com/en/US/tech/tk648/tk369/technologies_configuration_e xample09186a00800949c0.shtml Watch the word wrap on the URLs! Raymond -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of eric nguyen Sent: Friday, December 20, 2002 8:59 PM To: Chuck Church; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT Chuck, I did try the following: static (inside,outside) tcp interface 1723 172.16.1.100 1723 netmask 255.255.255.255 0 0 access-list 100 permit ip any any access-list 100 permit gre any any access-list 100 permit icmp any any access-group 100 in interface outside it still doesn't work. The example you provided has to do with Cisco IOS. Pix is not the same as Cisco IOS even though it comes from the same company. This is really frustrating. I feel like I am being "ripped-off" by Cisco Pix firewall (even though I am running a clone, there is no way in hell that Cisco will support it). It is really amazing that an expensive product like this one doesn't support PPTP with PAT (to my knowlegde). Even Linux firewall supports PPTP over PAT. I feel like I am hitting a brick wall here. Please help. Eric Chuck Church wrote:Eric, To get PPTP to work with PAT, you need to play with it like you do with I! PSec. Check out: http://www.cisco.com/en/US/tech/tk648/tk369/technologies_configuration_e xamp le09186a00800949c0.shtml You need to statically map TCP 1723 on the outside to your inside PC, same port. At one time I thought it needed GRE, but I don't see it listed on that doc. HTH. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Neil Moore" To: "eric nguyen" ; ; Sent: Friday, December 20, 2002 5:58 PM Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT > Its all broken... I will give you 500 bux for that pix ..no problem! > > Neil Moore CCIE#10044 > - Original Message - > From: "eric nguyen" > To: ; > Sent: Friday, December 20, 2002 4:47 PM > Subject: problem with initiating PPTP connection behind a Pix Firewall via > PAT > > > > ! I just replace my home linux "iptables" firewall fwith a "franken" > > pix > firewall > > > > (700MHz CPU/512MB RAM/16MBFlash) running version 6.2(2) with PDM 2.1(1). > > > > My internal network is 172.16.1.0/24 with the "inside" interface of > > the > firewall is > > > > 172.16.1.254. The "outside" interface of the firewall is 4.64.1.100. > > I > also have > > > > a "dmz" 172.17.1.0/24 network with the Pix interface IP of > > 172.17.1.254. > Machines > > > > on both the "inside" and "dmz" access the Internet via Port Address > Translation > > > > (PAT) to the "outside" interface and it seems to work OK. On the "inside&
Re: problem with initiating PPTP connection behind [7:59672]
Eric, I just checked it with an ACL. GRE is used incoming from a PPTP server, at least from my work PIX it does. But the trick is getting the incoming GRE (with a destination of your PATing PIX) to the client inside. Can you try putting a 1-to-1 static from the PIX address pointing to the inside client? I don't have a PIX here to try it. I think anything then without a translation will be sent to your inside client. But it's not really the PIX's fault. What you're trying to do is PAT a protocol that for the most part is incompatible with it. Give it a shot. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: eric nguyen To: Chuck Church ; [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:59 PM Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT Chuck, I did try the following: static (inside,outside) tcp interface 1723 172.16.1.100 1723 netmask 255.255.255.255 0 0 access-list 100 permit ip any any access-list 100 permit gre any any access-list 100 permit icmp any any access-group 100 in interface outside it still doesn't work. The example you provided has to do with Cisco IOS. Pix is not the same as Cisco IOS even though it comes from the same company. This is really frustrating. I feel like I am being "ripped-off" by Cisco Pix firewall (even though I am running a clone, there is no way in hell that Cisco will support it). It is really amazing that an expensive product like this one doesn't support PPTP with PAT (to my knowlegde). Even Linux firewall supports PPTP over PAT. I feel like I am hitting a brick wall here. Please help. Eric Chuck Church wrote: Eric, To get PPTP to work with PAT, you need to play with it like you do with IPSec. Check out: http://www.cisco.com/en/US/tech/tk648/tk369/technologies_configuration_ex amp le09186a00800949c0.shtml You need to statically map TCP 1723 on the outside to your inside PC, same port. At one time I thought it needed GRE, but I don't see it listed on that doc. HTH. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Neil Moore" To: "eric nguyen" ; ; Sent: Friday, December 20, 2002 5:58 PM Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT > Its all broken... I will give you 500 bux for that pix ..no problem! > > Neil Moore CCI! E#10044 > - Original Message - > From: "eric nguyen" > To: ; > Sent: Friday, December 20, 2002 4:47 PM > Subject: problem with initiating PPTP connection behind a Pix Firewall via > PAT > > > > I just replace my home linux "iptables" firewall fwith a "franken" pix > firewall > > > > (700MHz CPU/512MB RAM/16MBFlash) running version 6.2(2) with PDM 2.1(1). > > > > My internal network is 172.16.1.0/24 with the "inside" interface of the > firewall is > > > > 172.16.1.254. The "outside" interface of the firewall is 4.64.1.100. I > also have > > > > a "dmz" 172.17.1.0/24 network with the Pix interface IP of 172.17.1.254. > Machines > > > > on both the "inside" and "dmz" access the Internet via Port Address > Translation> > > > (PAT) to the "outside" interface and it seems to work OK. On the "inside" > network, > > > > I have a Websense filter server (IP 172.16.1.2) to do url filtering for > both the "inside" > > > > and "outside" interface. I use Websense server to filter out traffics > that I don't want > > > > my children to see. Everything is working great with a minor exception: > > > > I need to make a PPTP connection from a laptop on the "inside" network (IP > > > > 172.16.1.100) to a PPTP server at my work place. The problem is that the > > > > connection keeps timing out. The connection time out at the "verify > username and > > > > password". To make sure that this is not a problem with my laptop, I hook > my > > > > laptop directly to the cable modem (I have roadrunner). Since m! y laptop > has a valid > > > > external IP address, PPTP works. If I place the laptop on the "inside" > network > > > > behind the "franken" pix, PPTP doesn't work. I even make the firewall > &q
Re: problem with initiating PPTP connection behind [7:59663]
Eric, To get PPTP to work with PAT, you need to play with it like you do with IPSec. Check out: http://www.cisco.com/en/US/tech/tk648/tk369/technologies_configuration_examp le09186a00800949c0.shtml You need to statically map TCP 1723 on the outside to your inside PC, same port. At one time I thought it needed GRE, but I don't see it listed on that doc. HTH. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Neil Moore" To: "eric nguyen" ; ; Sent: Friday, December 20, 2002 5:58 PM Subject: Re: problem with initiating PPTP connection behind a Pix Firewall via PAT > Its all broken... I will give you 500 bux for that pix ..no problem! > > Neil Moore CCIE#10044 > - Original Message - > From: "eric nguyen" > To: ; > Sent: Friday, December 20, 2002 4:47 PM > Subject: problem with initiating PPTP connection behind a Pix Firewall via > PAT > > > > I just replace my home linux "iptables" firewall fwith a "franken" pix > firewall > > > > (700MHz CPU/512MB RAM/16MBFlash) running version 6.2(2) with PDM 2.1(1). > > > > My internal network is 172.16.1.0/24 with the "inside" interface of the > firewall is > > > > 172.16.1.254. The "outside" interface of the firewall is 4.64.1.100. I > also have > > > > a "dmz" 172.17.1.0/24 network with the Pix interface IP of 172.17.1.254. > Machines > > > > on both the "inside" and "dmz" access the Internet via Port Address > Translation > > > > (PAT) to the "outside" interface and it seems to work OK. On the "inside" > network, > > > > I have a Websense filter server (IP 172.16.1.2) to do url filtering for > both the "inside" > > > > and "outside" interface. I use Websense server to filter out traffics > that I don't want > > > > my children to see. Everything is working great with a minor exception: > > > > I need to make a PPTP connection from a laptop on the "inside" network (IP > > > > 172.16.1.100) to a PPTP server at my work place. The problem is that the > > > > connection keeps timing out. The connection time out at the "verify > username and > > > > password". To make sure that this is not a problem with my laptop, I hook > my > > > > laptop directly to the cable modem (I have roadrunner). Since my laptop > has a valid > > > > external IP address, PPTP works. If I place the laptop on the "inside" > network > > > > behind the "franken" pix, PPTP doesn't work. I even make the firewall > "wide-open" for > > > > both inbound and outbound and it still doesn't work. Now if I replace the > "franken" > > > > pix firewall with a linux firewall, PPTP works just fine through IP > masquerading which > > > > is equivalent to PAT. > > > > My question is this: has anyone been able to successfully initiate a PPTP > > > > from behind a Pix firewall via Port Address Translation (PAT)? Does it > even work > > > > at all with PAT? I am starting to have serious doubt with Cisco Pix > firewall. It costs > > > > me $500 to build this "franken" pix firewall. With the CPU, memory and > flash, this > > > > "franken" pix is equivalent to a Cisco Pix525 (minus the Gigabit > Interface) and it can > > > > not even do a simple thing like allowing PPTP through PAT. My linux > firewall is > > > > running on a Pentium 90Mhz with 64MB of RAM and PPTP works just fine, and > it > > > > costs me $20 for that old system. > > > > I think PPTP will work with static NAT but I don't have an extra public IP > to spare. > > > > If anyone has PPTP works through PAT, please reply. Thanks. > > > > Eric. > > > > Here is my Pix configuration > > > > HERNDON-PIX# wr t > > > > Building configuration... > > > > : Saved > > > > : > > > > PIX Version 6.2(2) > > > > nameif ethernet0 outside security0 > > > > nameif ethernet1 inside security100 > > > > nameif ethernet2 dmz security99 > > > > nameif ethernet3 dmz2 security98 > > > > enable password * encrypted > > > > passwd * encrypted > > > > hostname HOME-PIX > > > > domain-name home.com > > > > clock timezone est -5 > > > > clock summer-time est dat
RE: campus LAN design w/DHCP server [7:59646]
If everyone just goes to the internet, it'll work. But if you've got one or more servers internally, I'd be real afraid of trunking on a 10 mb interface. You'll reduce your broadcasts, but I think performance will suffer horribly crossing the router. Since you've run out of addresses on a /24, I assume you've got a couple hundred devices. Personally I'd just move the mask back one or 2 bits, making it a /22 or /23, and using the additional 1.0 or 1,2, and 3.0 subnets. There's things you can do to almost all OSs to reduce broadcasts. How many broadcasts are you seeing per second? If it's no more than 20 on average, I wouldn't even worry about it. Chuck Church CCIE #8776, MCNE, MCSE >The customer has been using 192.168.168.0/24 in one small flat LAN. He >has run out of these addresses and is being hit by performance issues >related to broadcasts. >He wants to implement subnets and VLANs: >VLAN 100 192.168.168.0/24 >VLAN 200 192.168.169.0/24 >New design: Internet | s0 2600 router e1 --- public servers e0 | dot1q trunk switch VLAN 200 VLAN 100 There is just one DHCP server. It will be in VLAN 100, address 192.168.168.10. The DHCP server will have 2 scopes for the 2 subnets. We're going to do inter-VLAN routing on the 2600 router. Will this config work as far as DHCP is concerned? interface ethernet 0 no ip address interface ethernet 0.1 encapsulation dot1q 100 ip address 192.168.168.1 255.255.255.0 interface ethernet 0.2 encapsulation dot1q 200 ip address 192.168.169.1 255.255.255.0 ip helper-address 192.168.168.10 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59646&t=59646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: High Speed Internet Test from Browser [7:59118]
Well, I suppose they could have a script that downloaded to your PC and then tested some sites for speed. But I think your browser would warn you about that. The most simple way would be for the web server to ping you, say with a 500 byte packet, and based on the reply time, determine your speed. To be more accurate, it could ping with a small packet, then a big one to analyze the difference. I've got a cable modem. Two different pings: Pinging www.novell.com [192.233.80.5] with 32 bytes of data: Reply from 192.233.80.5: bytes=32 time=110ms TTL=34 Reply from 192.233.80.5: bytes=32 time=152ms TTL=34 Reply from 192.233.80.5: bytes=32 time=109ms TTL=34 Reply from 192.233.80.5: bytes=32 time=111ms TTL=34 Ping statistics for 192.233.80.5: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 109ms, Maximum = 152ms, Average = 120ms C:\Documents and Settings\church>ping www.novell.com -l 500 Pinging www.novell.com [192.233.80.5] with 500 bytes of data: Reply from 192.233.80.5: bytes=500 time=114ms TTL=34 Reply from 192.233.80.5: bytes=500 time=122ms TTL=34 Reply from 192.233.80.5: bytes=500 time=146ms TTL=34 Reply from 192.233.80.5: bytes=500 time=144ms TTL=34 Ping statistics for 192.233.80.5: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 114ms, Maximum = 146ms, Average = 131ms As you can see, even though the the second ping data size was over 10 times bigger, the time went up very little, indicating your connection isn't the bottleneck, but the latency through numerous router hops was. Try the same on a slow connection, and you'd see a much bigger difference between the two. Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59118&t=59118 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Little Help Please blocking pop ups and ads [7:58182]
Elijah, Not real easy to do with a PIX. You could setup ACLs to block access to all the big marketing companies like doubleclick.net, etc. But that would be a never-ending battle. An alternative is running Mozilla as your browser. It's got an option to turn off unrequested windows. I'm not sure, the newer Netscapes might do it now as well. It works fine. http://www.mozilla.org Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58182&t=58182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp & isl trunking [7:58144]
I think the 'use-bia' may have been a fix for the problem as well. It's been a while since it happened. For all I know it might have been a problem with the CatOS on the switch. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Larry Letterman" To: "Chuck Church" Cc: Sent: Tuesday, November 26, 2002 6:36 PM Subject: Re: hsrp & isl trunking [7:58144] > And.. > on the new msfc-2 you only get 16 hsrp groups > supposedly the issue that chuck states below is > not an issue with the new msfc-2 for the 6509's > > Chuck Church wrote: > > >Dennis, > > > >It's better to have a unique HSRP group for each VLAN. Cisco bases the > >virtual MAC address on the group. If you reuse the group number, you'll have > >duplicate MAC addresses. Granted, they're on seperate VLANs and shouldn't > >matter, but I had a Cat4000 that didn't like it at all, and gave me lots of > >logged messages about MACs moving around. > > > >Chuck Church > >CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58153&t=58144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp & isl trunking [7:58144]
Dennis, It's better to have a unique HSRP group for each VLAN. Cisco bases the virtual MAC address on the group. If you reuse the group number, you'll have duplicate MAC addresses. Granted, they're on seperate VLANs and shouldn't matter, but I had a Cat4000 that didn't like it at all, and gave me lots of logged messages about MACs moving around. Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58144&t=58144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Client & WIN2000 Internet sharing [7:58062]
I'm not really sure what 'IPSec passthough' means. I've seen it used by different companies and it means different things. If the PIX is smart enough to detect your IKE going out, and setup the necessary IKE and IPSec translations for the other end of the VPN (for the return traffic), then you don't need the statics. This is how the Linksys DSL/Cable routers work, I beleive. But if it doesn't work, try setting up the statics for IKE and IPSec. What works on the router should work on the PIX, although I don't know for sure if the PIX will let you do the extended translations like the IOS does. Don't have a PIX here to try it on. Chuck Church CCIE #8776, MCNE, MCSE - Original Message ----- From: "Elijah Savage III" To: "Chuck Church" ; Sent: Monday, November 25, 2002 4:32 PM Subject: RE: PIX Client & WIN2000 Internet sharing [7:58062] Chuck, Please correct me if I am wrong but you are using a router with PAT, and with a router you will need those statics. But on the PIX you do not need to have statics because it supports ipsec passthrough, I have no statics on my PIX at all. -Original Message- From: Chuck Church [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 4:03 PM To: [EMAIL PROTECTED] Subject: RE: PIX Client & WIN2000 Internet sharing [7:58062] Guys, IPSec will work with PAT, with some caveats. On the device doing the NAT/PAT, you need a static NAT entry to send IKE and IPSec to the designated inside device. Like this: ip nat inside source list 100 interface Ethernet0/0 overload (Standard PAT statement) ip nat inside source static esp 192.168.0.2 interface Ethernet0/0 (IPSec) ip nat inside source static udp 192.168.0.2 500 interface Ethernet0/0 500 (IKE/ISAKMP) By doing this, inside device 192.168.0.2 can connect to an IPSec VPN, using the 3.x client. I'm doing it right now. Of course, if you've got more than 1 internal needing to dial, you'll need more external addresses. Now whether the M$ ICS can be told to send incoming ISAKMP and IPSec to a certain internal client is another question... Chuck Church CCIE #8776, MCNE, MCSE > > This is correct. IPSec will NOT through PAT. At the moment, Pix does > NOT support "NAT traversal (udp encapsulation)". Therefore, trying to > connect > to a Pix behind a NAT device with vpn dialer will not work. VPN > concentrators, on the other hand will work. Or better yet, throw away > your Pix and put in either a CheckPoint NG Firewall or linux firewall > (iptables). Both CP and Linux > are "stateful" firewalls. If you want to stick with Pix, wait until > version 6.3 where it will support "NAT traversal (UDP encapsulation)". > > Edward Sohn wrote:nope, it won't work...ipsec needs it's own IP > address and not PAT. i've tested this extensively, and it won't > work...if anyone else can comment, please do. > > either way, best thing to do is get a few statics from your ISP and > statically translate... > > ed > > - -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf > Of Derek > Sent: Sunday, November 24, 2002 9:12 AM > To: [EMAIL PROTECTED] > Subject: PIX Client & WIN2000 Internet sharing [7:57988] > > > I have a home network which uses an ADSL line which is shared via > Internet Connection Sharing. I have 3 pc's in the network and they can > all access the internet. From these pc's i am trying to connect to my > office VPN.I Can ping the address but cannot connect via Dialer. The > VPN connection works when Internet Sharing is disabled. Is their > anyway around this ? Do you Yahoo!? Yahoo! Mail Plus - > Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58064&t=58062 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Client & WIN2000 Internet sharing [7:58062]
Guys, IPSec will work with PAT, with some caveats. On the device doing the NAT/PAT, you need a static NAT entry to send IKE and IPSec to the designated inside device. Like this: ip nat inside source list 100 interface Ethernet0/0 overload (Standard PAT statement) ip nat inside source static esp 192.168.0.2 interface Ethernet0/0 (IPSec) ip nat inside source static udp 192.168.0.2 500 interface Ethernet0/0 500 (IKE/ISAKMP) By doing this, inside device 192.168.0.2 can connect to an IPSec VPN, using the 3.x client. I'm doing it right now. Of course, if you've got more than 1 internal needing to dial, you'll need more external addresses. Now whether the M$ ICS can be told to send incoming ISAKMP and IPSec to a certain internal client is another question... Chuck Church CCIE #8776, MCNE, MCSE > > This is correct. IPSec will NOT through PAT. At the moment, Pix does > NOT > support "NAT traversal (udp encapsulation)". Therefore, trying to > connect > to a Pix behind a NAT device with vpn dialer will not work. VPN > concentrators, on the other hand will work. Or better yet, throw away > your Pix and put in either a CheckPoint NG Firewall or linux firewall > (iptables). Both CP and Linux > are "stateful" firewalls. If you want to stick with Pix, wait until > version 6.3 where it will support "NAT traversal (UDP encapsulation)". > > Edward Sohn wrote:nope, it won't work...ipsec needs it's own IP > address and not PAT. i've tested this extensively, and it won't > work...if anyone else can comment, please do. > > either way, best thing to do is get a few statics from your ISP and > statically translate... > > ed > > - -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Derek > Sent: Sunday, November 24, 2002 9:12 AM > To: [EMAIL PROTECTED] > Subject: PIX Client & WIN2000 Internet sharing [7:57988] > > > I have a home network which uses an ADSL line which is shared via > Internet Connection Sharing. I have 3 pc's in the network and they can > all access the internet. From these pc's i am trying to connect to my > office VPN.I Can ping the address but cannot connect via Dialer. The VPN > connection works when Internet Sharing is disabled. Is their anyway > around this ? Do you Yahoo!? Yahoo! Mail Plus - Powerful. > Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58062&t=58062 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Apparent packet loss... [7:57957]
Keith, Don't ever listen to a sales person. Ever! What is the ratio of collisions to frames output on that interface to the provider? Cisco recommends limiting collisions to 1 out of every 1000 frames, although 1 out of every 100 isn't bad. If it's worse than 1 out of every 100, definitely get them to make it full duplex. Frames queueing up on this interface could be causing problems with the others. Definitely turn on CEF. If they want to limit your network speed it should occur on their interface to their own equipment, not yours. NBAR (Network Based Application Recognition) is available on 12.2 and does a lot of what Packeteer can do. Assuming you've got adequate memory (do a 'sh mem', check how much is free), I'd bump up both the buffers a bit and the queues on the interfaces. Shouldn't be too much more CPU load. Do 200/300 per/max for small buffers, 100/150 for middle, and 75/150 for big. Double the size of the interface queues that have drops. Go with this for a day, and see how it looks. Also, do a 'sh int stat' to see the ratio of process to fast switched packets. This ratio should improve with CEF. Hope this helps. Let me know if you need more help. Chuck Church CCIE #8776, MCNE, MCSE Date: Sat, 23 Nov 2002 18:18:16 GMT From: "Keith Woodworth" Subject: Re: Apparent packet loss... [7:57922] On Sat, 23 Nov 2002, The Long and Winding Road wrote: |->> They have told us to config our ethernet port to half duplex so packets |->> will be retransmitted if they get lost in their ATM cloud so we have a |->> fairly high collison rate on this port. I dont know enough about ATM to |->> say if this is good or bad...? |-> |-> |->CL: huh? the retransmission is determined from and between the source and |->destination hosts, not by routers along the way. this half duplex |->instruction doesn't make sense to me. Nor does it to me either but before we put in the 7206, we had their 7204 as the gateway connected to a switch and it was set half-duplex even before I started here. I'm going to dig more into this. The part of this that annoys me is when I asked my boss about this he said the provider would charge us an xtra $2k/month to run the port full-duplextelus is hurting and are trying to squeeze as much as they can from us and everyone else. |->CL: have you considered doing traffic studies to determine if any qos type |->services could be of benefit? anything like traffic shaping, random early |->detect, things like that? We have started doing that because we started noticing that outbound traffic higher than inbound. About 6 weeks ago we moved the routers to a switch as a start just to look at sniffing the traffic via port spanning. 4pm in the afternoon we started and within an hour, we found that 50-60% of traffic outbound was riding on port 1214 (Kazaa etc) At that time outbound traffic was pushing 18Megs, inbound was about 15Megs. Historically traffic was 8-10Megs out and 15-18Megs in. P2P is killing us. A few simple ACL's have been put to rate-limit outgoing traffic on that port for P2P, which has helped. And we are looking at packet shaping possiblities. My boss wants a Packeteerbut I'd like to see if I can do something with the router instead of spending 20 grand. |->CL: according to the following link, up to 400,000 pps |-> |->http://www.cisco.com/warp/public/cc/pd/rt/7200/prodlit/c7200_ds.htm |-> |->your description doesn't indicate you have oversubscribed the back plane. |-> Yea I dont think we are either now that Ive seen some numbers. I was looking for specs on the NSE1 not the 7206. Thanks for the link. |->> Anyway to acutally tell for certain if the router is dropping packets? |-> |->show buffers |->show queueing |->show queue interface etc. Showing misses/failures on all buffers but these have the most: Small buffers, 104 bytes (total 50, permanent 50, peak 201 @ 7w0d): 44 in free list (20 min, 150 max allowed) 1991931468 hits, 98395 misses, 43142 trims, 43142 created 2371 failures (0 no memory) Middle buffers, 600 bytes (total 25, permanent 25, peak 92 @ 3d20h): 23 in free list (10 min, 150 max allowed) 43042905 hits, 2828 misses, 2508 trims, 2508 created 703 failures (0 no memory) Big buffers, 1524 bytes (total 50, permanent 50, peak 68 @ 6d12h): 50 in free list (5 min, 150 max allowed) 12398616 hits, 359 misses, 81 trims, 81 created 79 failures (0 no memory) so according to docs on CCO about buffers, misses/failures usually lead to dropped packets. This leads me to believe that data is coming in at a rate higher than the RP can keep up though. Will have to look at upping the # of permenant buffers and see if that helps. Thanks, Keith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57957&t=57957 ---
6509 Buffer problem - Fix [7:57009]
6509 dude, Sorry, don't remember the person's name who posted the original question, but I was dealing with the same thing. Installed 12.1.13E last night, now I'm getting nothing but hits, even with default buffer settings. Hope this helps. Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57009&t=57009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: buffer tuning 6509 [7:56906]
Mr. Joshua, This looks like a bug I'm working with: "Anyway, the issue might be related to the middle buffer "not populating" and there is a bug which was open for the similar issue (should be fixed in later IOS versions): CSCdx15857 (Buffer Failure). You couldn't change the middle buffers because of the same bug. In order to fix the issue you should upgrade the IOS but prior of doing this you would probably need to consult your Cisco NSA/SE." That came from a TAC guy I'm working with. He's telling me the 12.1.13E code will fix that problem, where you can't even configure medium buffers. Keep in mind that buffers use RAM, so occasionally do a 'sh mem' and make sure your 2 pools aren't running low. I'd install that code, and then run it for a few days. After that, set your permanent buffers to between 50 and 75% of what the peak was for that particular pool. Set the max to maybe 100 more than the permanent. So for below I'd start out with: buff sma per 750 buff sma max 850 buff med per 75 buff med max 150 buff mid per 300 buff mid max 400 buff big per 600 buff big max 700 buff very per 20 (use default for very max) buff large per 10 buff large max 25 buff huge per 10 buff huge max 20 Paste these in, see how it goes. Good luck. Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 Date: Tue, 5 Nov 2002 12:41:12 GMT From: "Mr Joshua" > Subject: buffer tuning 6509 [7:56891] Does anybody know of a good white paper on buffer tuning? I have read a couple of generic ones on Cisco's website, yet they are not good enough to satisfy what I need to know. Called TAC - not a whole lot of help this time! As you can see, there are a lot of misses on medium and middle buffers. I also see that total and permanent are not allocated. I know the general CCNP level of what those mean and commands to adjust them, but does anybody know this - the second line of output says that there are 500 max allowed. Does that mean that I need to break this number down into public buffer pool? Does that mean that the cumulative sum of all public pools can't be more than 500? (as you can see, the big buffers are 500). Does anybody know of a GOOD paper that gives examples of buffer tuning? Sorry if those are stupid questions. here is the output: Buffer elements: 499 in free list (500 max allowed) 898918875 hits, 0 misses, 0 created Public buffer pools: Small buffers, 104 bytes (total 73, permanent 50, peak 1501 @ 7w0d): 72 in free list (20 min, 150 max allowed) 609248534 hits, 201320 misses, 121659 trims, 121682 created 86630 failures (0 no memory) Medium buffers, 256 bytes (total 0, permanent 0, peak 123 @ 4d08h): 0 in free list (0 min, 0 max allowed) 705511 hits, 140644897 misses, 1414484 trims, 1414484 created 139937655 failures (0 no memory) Middle buffers, 600 bytes (total 150, permanent 25, peak 555 @ 7w0d): 149 in free list (10 min, 150 max allowed) 185320811 hits, 4615702 misses, 167032 trims, 167157 created 4439672 failures (0 no memory) Big buffers, 1524 bytes (total 500, permanent 500, peak 595 @ 7w0d): 500 in free list (5 min, 500 max allowed) 41418467 hits, 3577401 misses, 39229 trims, 39229 created 3540388 failures (0 no memory) VeryBig buffers, 4520 bytes (total 10, permanent 10, peak 20 @ 7w0d): 10 in free list (0 min, 100 max allowed) 1006090 hits, 3524469 misses, 22 trims, 22 created 3524458 failures (0 no memory) Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 3524458 misses, 0 trims, 0 created 3524458 failures (0 no memory) Huge buffers, 18024 bytes (total 2, permanent 0, peak 2 @ 7w0d): 2 in free list (0 min, 4 max allowed) 4580 hits, 3522061 misses, 120 trims, 122 created 3522000 failures (0 no memory) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56906&t=56906 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco PIX & Novell [7:51427]
Brian, A well-designed NW network is a very stable and secure environment. I used to work for a bank with over 400 NW 4.11 servers. The support team consisted of myself and two others. We spent all our free time studying Cisco! The major problem these days is VARs send their MCSE drones to try to fix these networks, and break all kinds of things. People who don't understand how NDS works shouldn't be touching it. You'll see issues in MS like this once (if ever) people start trying to install Active Directory. All the NW IP clients work great with the 1.1 and 3.x Cisco VPN clients also, so VPN shouldn't really be an issue. I know for a fact that the NW client will NOT work through NAT, but no one should be accessing a server over the internet without encryption anyways. MS uses tons of broadcasts and directed broadcasts for everything. It's actually worse than NW these days. Multicasting is the way to go. Just enable PIM, and all servers and clients can see each other. It's really easy compared to WINS. Security holes? You can't possibly think that NW has more security holes than MS. Even Gartner Group now recommends that companies stay away from IIS from any internet-accessible servers. Patching NT servers is a full time job (with no benefits). P.S. Cisco's stock is pretty crappy right now also (bought some of mine at $80 :(. But I'm not recommending Foundry to anyone either. Use what you like, Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 >If you believe any of this, you can spend $1.50 and own some of the >Novell Company (stock market). About the cost of a candy bar? My >experience with Novell you need to spend a lot of effort to get anything >to work, and there support is non-existant. I have heard of even >hardcore Novell shops switch to a different OS, after trying Novell 5 >with horror stories. Everything about Novell works with broadcasts that >flood the network. They are considered a step up from Apple networks >though, in the unnecessary traffic they create. Recently, I was told I >needed to make a VPN connection to another company using ADSL, the >problem is that Novell Client will not work with ADSL. It may work now >in Novell 6 client. There was a long laundry list of "work arounds", and >modifications you had to do to get it running. I really don't have this >kind of patience, so I think they dropped the idea of getting a VPN >connection into Novell. Some of the fixes were playing games with the >MTU size to get it to work. The problem with that, is the rest of my >network is using the ADSL line. >I think you will find issues with using Pix Firewall with Novell. Novell >requires so many modifications to make it work, that you will compromise >performance and security (i.e. "compatability mode), if you can get it >to work at all. With major security Vulnerabilities like "Denial of >Service" issues with the Novell VPN. >I find a lot of people like Novell (and other obsolete OS's) because >they have good memories of running the 3.xx box on a 386. Maybe back >then it was worth mentioning. Now, it is full of security holes, and >bugs that are in the Novell OS which no one bothers to fix. At this >point, they are just struggling to keep the lights on at Novell. >Novell got IPX from Xerox anyway, not so innovating at all. Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51427&t=51427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: Cisco PIX & Novell [7:51358]
John, Keep in mind that Pure IP NW uses multicasts as part of SLP to map server names to IP addresses and build a table. The PIX won't pass multicasts. I assume you're manually putting in the server IP address into the client. Otherwise you'll need a directory agent. Or replace it with MS. Now that's funny :) Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51358&t=51358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE#8903 [7:37511]
George, Way to go. I guess we were good partners for each other at NMC-1! Congratulations. Chuck Church CCIE #8776, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Zhang Sent: Wednesday, March 06, 2002 5:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: CCIE#8903 All, The title says it all. I took my first attempt at the CCIE lab test yesterday (March 5) in Halifax and received the "Congratulations on Passing the CCIE Lab!" this morning. I was the only person taking the lab test in Halifax yesterday. I was told that there was another person scheduled yesterday but did not show up. My test started about 8:15 AM in the morning. We broke for lunch at about 12:20PM. By then, I only finished all the IGP stuff and felt some pressure on time. But I have already reviewed rest of the test and knew that I could go through the rest quickly. After the 15 min lunch break, I worked through rest of the test very quickly. By about 3:00 PM, I finished every thing except one small requirement that I had no clue how to do it. I decided to skip that item. Then, I started reviewing and checking my config. Along the way of reviewing/checking, I spotted and fixed a few issues. Just about the time I finished reviewing every thing, the proctor walked in and told me that it' time. I looked at the watch. It was 4:30 PM. My proctor was Steve. Steve is a great proctor. He answered quite a few of my questions and cleared my mis-understanding and confusion about the requirements of the test. I would like to take this opportunity to thank all people who helped me to achieve my goal. First, I would like to thank my wife for her support and understanding. Without her support, there is no way I could achieve my goal. Next, I will give my thanks to Bruce, Val, and Fred of NetMasterClass. As I said earlier, the NMC1 class is the most important part of my final preparation. Thanks to Katie Wong of Cisco who scheduled me to access the ASET racks. Thats my primary resource for hands-on practices for the past couple of months. Thanks to Eric Fairfield for lending me a few routers when I was in Wisconsin. Also thanks to those that I've either studied with or have helped me one way or another. Thanks also to Paul for putting this great list together. As far as my story, I started my quest of the Cisco certifications a little over two and half years ago. I got my CCNA and CCNP in the first year. Three months later, I passed the CCIE written test. I wanted to take the lab a year ago. However, due to work and personal reasons, I did not get time to do it until now. Last year, I was too busy to do much study. At work, as a consultant, I was billing at least 40 hours/week for the whole year. At home, my second child was born in February, my wife finished school in July, and we moved to New Jersey from Wisconsin in September. In October of last year, I foresaw a window of opportunity for me to take the lab test early this year. Then, I lobbed my manager to let me go to the ECP1 class. By the time my manager approved my training request, I found that Mentor Technologies went belly up. However, I learned that Bruce and Val founded a new company called NetMasterClass, LLC (www.netmasterclass.net) and offering the NMC1 and NMC2 classes. I registered and took the NMC1 class by the end January. By the end of last year, the project I worked on finished. So since the beginning of this year I got a lot of time to study. For the past couple of months, I have studied 8-10 hours every day. As far as how I prepared, I have read most of the books (Doyle I & II, Caslow, Halabi, Tam-Nam-Kee, Solie, Satterlee, etc.) recommended by people on this list. Among this long list of books, the only one I dont like is Solies book because there are too many errors in the book. There are a few topics I was more confused after reading the book. I dont have a home lab. So my primary resource for hands-on practice is remote labs such as Mentor Technologies vlabs (not available any more), Cisco ASET lab. Because I dont have a home lab, my preparation included more reading than hands-on practice. That actually worked out very well for me. Above all, the most important part of my preparation is the NMC1 class taught by Bruce, Val and Fred. IF I HAD NOT TAKEN THE NMC1 CLASS, IT PROBABLY WOULD HAVE TAKEN ME ONE OR TWO MORE ATTEMPTS BEFORE I COULD GET MY NUMBER. There are a lot of things that just cannot be learned from reading books or practicing. So the NMC1 class helped me to fill in that gap very well. It also helped me to access my strength and weakness. So I know what to study on the last few weeks. I strongly recommend taking the NMC1 class a fe
Whew! CCIE 8776! [7:35257]
All, I think the title says it all. Took the lab today at RTP. 4th time was the charm. I don't know where to begin. Might as well start with the thank you's. Thanks to Bruce, Val, and Fred at NetMasterClass. Thanks also to those on the list that I've either studied with or have helped me out in the past with problems. Thanks also to Paul for putting this great list together. As far as how I prepared, I might as well give the whole story. Started working on Cisco about 2 1/2 years ago after going though the Novell and MS Certs. After getting NA, DA, NP, and DP, I passed the CCIE written in October 2000. Without really knowing how to study or what to prepare for, I got my butt handed to me in January at RTP. Didn't know much more than your average CCNP would. Tried again in April, but BGP killed me, and again I didn't make it to day 2. After that, I found a study partner (Thanks Boris) and we worked pretty hard last summer. Did all the bootcamp labs, thought I knew everything I needed to. November 4 of 2001, figured I'd breeze through the lab. I don't know if it's true, but I heard the first couple of months with the new 1 day format had a very low pass rate. I know I could have used a couple more hours to finish. If anyone took the lab in Oct or Nov of last year and failed, don't be discouraged. I think they've scaled it back a little nowadays. Fast forwarding to today. After spending a week with Val, Bruce, and Fred at the NMC-1 course, and doing nothing but working on my speed, I felt pretty prepared. Everything in the Doyle Volume 1 and Bruce/Val's book made sense. Though running a little low on sleep, I felt good this morning. Roughly 4.5 hours into the test, we got lunch. At that point I was done with the IGP's and almost done with the EGP's. In other words about 2/3 of the way done, by my estimate. At 1:30 I was done, but needed to go back and work on 3 things I couldn't figure out. A little discussing with the proctor, and 2 of them were fixed. But then I think I read too much. I had solved a problem one way, but realized the wording of the question might change what they were looking for. Checking with the proctor, I got the impression that he really didn't like my solution. So there I am, 1.5 hours to go, and I'm making a somewhat major change :( Looked OK, but with 1/2 an hour to go, I noticed a 'neighborship' bouncing up and down :o 10 minutes to go, got it all working, but didn't get a chance to completely double check all my other work as time expired. I know I left 1 thing unconfigured (a 2 pointer), but started wondering if I'd made other mistakes. They said to expect the results tomorrow afternoon. A plane flight back to New York, and there's the email waiting. 8776! If anyone's wondering what I used to study, here's the short list: Groupstudy! Paul's done a great job. There are certain people on this list that should be flagged as must-reads. I won't mention any last names, but there are a couple guys named 'Brian' (both long-time CCIEs) that are a huge asset to this list. Thanks guys. Doyle - Volumes 1 and 2 - Everything you ever wanted to know about IP, but were afraid to ask. Bridges, Routers, and Switches for CCIEs - Bruce Caslow and Val Pavlichenko - Used edition 2, but I understand 3 is coming out soon. This book covers most everything. I expect the new edition will cover more multicast and QOS, and drop Appletalk and DECnet. But still the most useful book I've found. Halabi - Used 1st edition, but everything I was asked to do with BGP is in that book. Bootcamp labs - Worked though these with a partner, because his company was cool enough to buy them for him, and my company wasn't! Great preparation and simulation for the test. Various docs from CCO - Might as well go to the source! Most importantly - NMC-1 http://www.netmasterclass.net/nmc/ Bruce and Val explain the most difficult subjects very well. A couple of things are a little lacking in the book, but they cover those very well in the class. Be prepared to work your a** off that week though. 8:30AM to 11PM is the norm that week. But I highly recommend it, especially if you've come close to passing before. Well, sorry to ramble on so much. I'm off to bed for a L O N G sleep. Thanks again, Chuck Church CCIE 8776 CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35257&t=35257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31107]
There's really two reasons to block access to these services. Managers don't want their employees wasting time, but the more important reason is network security. If you're providing email accounts for employees, what's the need to access Hotmail, etc? By doing so, they're bypassing your email virus scanning capabilities. That's how my company got stung with Nimda. Most companies already have a policy for computer use. Usually it's something along the lines of 'business use only'. Accessing your home/personal email account at work usually isn't business related. Now if I can just figure out how to block Media Player using NBAR... Chuck > What is the purpose of giving users access to the Internet when you will > be blocking even the hotmail for them? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31107&t=31107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to block MSN, and others. [7:31057]
All, I've had good luck blocking access by denying all traffic to the IP ranges of the login servers for those services. Currently I block all traffic to: AOL IM 152.163.0.0 /16 255.255.0.0 205.188.0.0 /16 64.12.0.0 /16 MSN Messenger 64.4.0.0/18 255.255.192.0 Yahoo Messenger 216.136.224.0 /22 255.255.252.0 This works currently. You might want to keep all 3 installed you your work PC, and check them once a week. If one starts working, they must have added another network. Open a DOS window, and do a 'netstat'. Look for the connection to login server, most likely will mention the company in the DNS name. Mine looked like this: TCPsuperdave:1530 msgr-ns56.msgr.hotmail.com:1863 ESTABLISHED If you then do a netstat -n, you'll get the address rather than the DNS name. Then look up that address in www.arin.net in the WHOIS utility. That will give you the block of addresses. Add that block of addresses, and you'll be blocking them all once again. Chuck P.S. Blocking MSN will also block Hotmail access, you you kill 2 birds with 1 stone! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31057&t=31057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Portfast
One of my customers had a problem only with W2K machines and DHCP. His NT4.0 and 98 machines didn't need port fast. Possibly W2K has less of a delay between loading the lan driver (and activating the link) and looking for a DHCP server? Or maybe they were just faster machines. Or maybe W2K has a shorter timeout for the DCHP lease request? Anyway, I've been using portfast on almost all workstation ports for the past few months. Thanks, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Scott Morris [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 4:44 PM To: 'Chuck Church'; ''Ccielab' (E-mail)'; 'Cisco@Groupstudy. Com (E-mail)' Subject: RE: Portfast It's not specific to Windows 2000 machines... Any machine that needs DHCP and boots up with any speed (less than 50 seconds), or any machine running a novell client where it would try a GetNearestServer and find nothing Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Church Sent: Thursday, March 01, 2001 4:22 PM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast If this bdpu guard works as it supposed to, I'll definitely use it. Windows 2000 machines seem to need portfast for DHCP, and almost all Windows machines need it for IPX. I've always pointed out to the customer about NEVER connecting other layer 2 devices to the ports I configured portfast on. This is good insurance. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Latimer, Keith [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 11:13 AM To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast Check out the new portfast bpdu guard feature. It can shut down ports that have portfast enabled when detecting bpdus on the line. Keith -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 10:44 AM To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast No, The problem occurs if he creates a loop i.e. you have a main switch a cable from the main switch goes to user A. User A decides to connect a hub and a few terminals - Outcome fine. User B then says hey user A can you access those terminals and the main network. User A says yeah how do you want to connect? User A says yes and inadvertently patches his own pc and the original connection that was from him to the main switch outcome is now main switch has 2 connections to the minihub. NOW spanning tree goes oh my and recalculates - outcome 30 second outage for everyone on that vlan. Then the users go home, switch off their kit and go to the pub. Next day. The mini hub is switched back on - because portfast is enabled the ports go whoosh straight into forwarding mode - result - spanning tree goes oh my!! and recalculates. Outcome -- You and every other support member run about like loonies trying to find this fault which occurs only when the user decides to switch on his equipment. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: 01 March 2001 15:34 To: McCallum, Robert Subject: RE: Portfast Let me see if I got this correct. If he only connects one mini-hub or mini-switch it is OK to have portfast on on the main switch. If he then connects another mini-hub or mini-switch onto the first mini-hub or mini-switch than there will be a problem. But when you connect 2 mini-hubs aren't you just extending the amount of ports and in a sense there is only one virtual mini-hub? At 03:24 PM 3/1/2001 +, you wrote: >yes, but only if he then connects another link to another hub / switch and >causes a bridging loop. > >-Original Message- >From: John Chang [mailto:[EMAIL PROTECTED]] >Sent: 01 March 2001 15:08 >To: [EMAIL PROTECTED] >Subject: Portfast > > >In the below website it says not to have portfast on if you connect >switches, hubs, or routers. I understand that point but what if a user >connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) >or unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he >could connect multiple computers. Would this cause any problems? Thank >you! > > >http://www-1.cisco.com/warp/public/473/12.html > >Note: The portfast feature should never be used on switch ports that >connect to other switches, hubs, or routers. These connections may cause >physical loops >and it is very important that spanning tree go through the full >initialization procedure
RE: Portfast
If this bdpu guard works as it supposed to, I'll definitely use it. Windows 2000 machines seem to need portfast for DHCP, and almost all Windows machines need it for IPX. I've always pointed out to the customer about NEVER connecting other layer 2 devices to the ports I configured portfast on. This is good insurance. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Latimer, Keith [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 11:13 AM To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast Check out the new portfast bpdu guard feature. It can shut down ports that have portfast enabled when detecting bpdus on the line. Keith -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 10:44 AM To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast No, The problem occurs if he creates a loop i.e. you have a main switch a cable from the main switch goes to user A. User A decides to connect a hub and a few terminals - Outcome fine. User B then says hey user A can you access those terminals and the main network. User A says yeah how do you want to connect? User A says yes and inadvertently patches his own pc and the original connection that was from him to the main switch outcome is now main switch has 2 connections to the minihub. NOW spanning tree goes oh my and recalculates - outcome 30 second outage for everyone on that vlan. Then the users go home, switch off their kit and go to the pub. Next day. The mini hub is switched back on - because portfast is enabled the ports go whoosh straight into forwarding mode - result - spanning tree goes oh my!! and recalculates. Outcome -- You and every other support member run about like loonies trying to find this fault which occurs only when the user decides to switch on his equipment. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: 01 March 2001 15:34 To: McCallum, Robert Subject: RE: Portfast Let me see if I got this correct. If he only connects one mini-hub or mini-switch it is OK to have portfast on on the main switch. If he then connects another mini-hub or mini-switch onto the first mini-hub or mini-switch than there will be a problem. But when you connect 2 mini-hubs aren't you just extending the amount of ports and in a sense there is only one virtual mini-hub? At 03:24 PM 3/1/2001 +, you wrote: >yes, but only if he then connects another link to another hub / switch and >causes a bridging loop. > >-Original Message- >From: John Chang [mailto:[EMAIL PROTECTED]] >Sent: 01 March 2001 15:08 >To: [EMAIL PROTECTED] >Subject: Portfast > > >In the below website it says not to have portfast on if you connect >switches, hubs, or routers. I understand that point but what if a user >connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) >or unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he >could connect multiple computers. Would this cause any problems? Thank >you! > > >http://www-1.cisco.com/warp/public/473/12.html > >Note: The portfast feature should never be used on switch ports that >connect to other switches, hubs, or routers. These connections may cause >physical loops >and it is very important that spanning tree go through the full >initialization procedure in these situations. A spanning tree loop can >bring your network down. If portfast >is turned on for a port that is part of a physical loop, it can cause a >window of time where packets could possibly be continuously forwarded (and >even multiply) in >such a way that the network cannot recover. > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX undocumented secrets....
Nigel, The purpose of the static SAPs you're creating is to create dummy entries pointing to dummy services. These dummy services need to have a socket number of what the service is trying to emulate. The socket number for SAP is what the router will use in the actual SAP packet sent out once a minute. This SAP packet will use a SAP socket number, but the records inside the SAP packet will reference the socket numbers that you entered in the static entry. Hope this helps. Chuck Church -Original Message- From: Nigel Taylor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 23, 2001 6:45 PM To: Cisco Group Study; CCIE_Lab Group Study Cc: Bryant Andrews Subject: IPX undocumented secrets Hi All, I've just begun to place a spin on my IPX preparation and I must = admit things seem a little more confusing now more than ever. Caslow's = book gives a lot of very specific information on IPX itself which is = been helpful but now I'm trying to understand how most of what I'm = currently looking at comes together to enable IPX as a routing protocol. = =20 What I'm trying to understand is in creating static SAP entries the = command is ipx sap Now in looking at Caslow's book pg. 499 he list the IPX Socket Numbers = that direct data encapsulation to the appropriate upper layer protocols = as follows; 0x451 - NCP 0x452 - SAP 0x453 - RIP=20 0x455 - NETBIOS 0x456 - Diagnostic 0x457 - Serialization 0x4001 - =20 0x7FFF - Client Socket Numbers 0x85BE - IPX EIGRP 0x9001 - NLSP 0x9004 - IPXWAN 0x9086 - IPX PING In listing this I'm trying to understand lab examples where the = requirement calls for static SAP entries that make use of various IPX = sockets namely 0x451. I'm thinking since there's a socket for SAP why = and how come the other IPX sockets are used in SAP entries? Nigel.. ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OFF TOPIC - Where is everyone?
If there's one thing tougher than the lab exam, it's winning in Oakland. Here's hoping that the Ravens don't go onto day 2 either. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 14, 2001 12:03 PM To: Cisco Mail List; CCIE_Lab Groupstudy List Subject: OFF TOPIC - Where is everyone? You bad boys and girls watching football today instead of studying? GO RAIDERS! :-> Chuck http://www.1112.net/lastpage.html ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cool DDoS (Distributed Denial of Service) link
It sounds like an anti-spoofing mechanism, much like not allowing packets from the internet into your network with a source address of your network. This goes a little beyond that by verifying that the source is reachable from the interface it was received on. I've always done this with an access list, which is easy with only 1 connection to the 'Net. Doing it with CEF rather than process switching has got to offer some big performance benefits. Now, if I could only remember which platforms support CEF... Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 02, 2001 3:58 PM To: Chuck Church; '[EMAIL PROTECTED]' Subject: Re: Cool DDoS (Distributed Denial of Service) link At 08:49 AM 1/2/01, Chuck Church wrote: > From Network Computing: > >http://www.nwc.com/1201/1201f1c1.html Indeed, very nicely-written article. The best thing in it was the link to the Cisco site on Unicast Reverse Path Forwarding, which I'd never heard of. (I'd heard of Multicast RPF, but not unicast.) I'm curious, is anyone using Unicast RPF? Does it work well? Any performance problems with it? Here's what it does: "When Unicast RPF is enabled on an interface, the router examines all packets received as input on that interface to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This 'look backwards' ability is available only when Cisco express forwarding (CEF) is enabled on the router, because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation." For more info see: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt5/scdrpf.htm Priscilla >Chuck Church >CCNP, CCDP, MCNE, MCSE >Sr. Network Engineer >Magnacom Technologies >140 N. Rt. 303 >Valley Cottage, NY 10989 >845-267-4000 x218 > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cool DDoS (Distributed Denial of Service) link
>From Network Computing: http://www.nwc.com/1201/1201f1c1.html Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE LAB Groupstudy list
Sam, This URL should cover both. http://www.cisco.com/warp/public/625/ccie/exam_preparation/preparation.html Chuck - Original Message - From: "SAM Meng Wai" <[EMAIL PROTECTED]> To: "'ElephantChild'" <[EMAIL PROTECTED]>; "Brian" <[EMAIL PROTECTED]> Cc: "Paul Borghese" <[EMAIL PROTECTED]>; "Nigel Taylor" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, December 04, 2000 1:08 AM Subject: RE: CCIE LAB Groupstudy list > Do anyboody have any information of taking CCIE Lab Test. How can > i prepare for this exam ? > > Rgds, > Sam > > > -Original Message- > > From: ElephantChild [SMTP:[EMAIL PROTECTED]] > > Sent: Monday, December 04, 2000 11:45 AM > > To: Brian > > Cc: Paul Borghese; Nigel Taylor; [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Subject: Re: CCIE LAB Groupstudy list > > > > On Sun, 3 Dec 2000, Brian wrote: > > > > > On Sun, 3 Dec 2000, Paul Borghese wrote: > > > > > > > For the last two weeks I have been fighting them to get > > > > more bandwidth. The end result is going to be we need to move the > > server to > > > > a new location. Any ideas? > > > > > > You could put it at ShreveNet :) We have transit to Sprint, Qwest, > > Global > > > Crossing, UUNet and Cable and Wireless. > > > > > > I would offer you free colo at shreve.net, we have plenty of > > > bandwidth. > > > > Or you could ask cdrom.com (aka Walnut Creek). IIRC their own traffic, I > > doubt that they would notice a 5GB/day increase. :-) (Sorry, I don't > > have any contact there.) > > > > -- > > "Airplane travel is nature's way of making you look like your passport > > photo." --- Al Gore > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE LAB Groupstudy list
Does anyone know how to get in touch with the admin for the CCIE Lab list? I've sent a couple requests and never got a response. Thanks, Chuck Church _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CD used in CCIE LAB
Recent lab takers, Is the Cisco CD that they provide for the lab exam always the most current? If not, how old is it? TIA, Chuck Church _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4 NET WORK CARDS IN ONE SERVER
>I have done some extensive >performance tests of aggregating 100Mbs cards using FEC (Fast Ether >ChannelThis was the Intel Server Card) and the increased CPU load >managing the FEC negated the minimal increase in throughput...not to mention >the major Disk Array bottleneck. I've got to agree here. NT has never been known as a "bandwidth-taxing" OS, unlike NetWare. Remember that 100 mbps equates to about 9 megabytes per second, in each direction if full duplex. Not much reason to go beyond 2 NICs, in my opinion. FEC with 2 cards is a good idea for redundancy, but the last time I checked, the channel ports needed to be on the same line card of the switch. If you've got redundant switches, FEC won't help with 2 NICs. If you're doing redundant switches, the 3Com and Intel "virtual address" teaming methods seem to work good. They give immediate fail over if a NIC fails, and they do load balancing in transmitting. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IS-IS use??
All, I'm just curious as to when and why you'd use IS-IS rather than OSPF or EIGRP? I've never seen IS-IS in any business I've worked with or for in the 6 years I've been doing this. Do any other router manufacturers support it? Is it eventually going to go away? Thanks, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE R&S lab prep
All, I was talking to a Cisco SE Tuesday and he mentioned that the All-In-One Cisco CCIE Lab Study Guide by Stephen Hutnik and Michael Satterlee was the book to use. Apparently many internal Cisco people in RTP use this book for preparation. I've ordered it, and am currently using the Doyle and Halabi books as well. Has anyone used this all in one guide to prepare? Was it useful? Also, I found out for sure there will be a small amount of voice on the test - FXS/FXO on a couple of routers. Any idea on where to start or what to read? Maybe some CCO URLs? TIA, Chuck Church R&S Lab - Jan 12/13 RTP (AKA D-Day) CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:enabling WCCP
Ref, I think for most platforms, WCCP requires the IP Plus feature set. Straight IP doesn't have it. Chuck > Dear All, > > I'm trying to issue the command " IP WCCP ENABLE" but not accepted by router. > It keeps on saying "Invaslid " > > The router IOS ver is 12.0(7)t and should support WCCP > > Any help please > > Ref _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping HSRP 224.0.0.2 Strange reply ?
I thought SLP used something in the 10 or 20s range for the last octet. HSRP uses 0100 5E00 0002 for the destination MAC address. Is this what ARP is resolving? Chuck >Jeff, > It is a Novell 5 Server. Think it may have >something to do with SLP protocol on this box using >the same multicast address 224.0.0.2 >Regards, >Phil. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT timeout
Have you done a 'sh ip nat tra' on the router? What does the output look like? Can you ping either DNS names or addresses from the workstations? Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
R&S lab - ATM gone?
All, I'm a little curious about them taking ATM LANE off the lab. Why didn't they just say ATM? Is ATM without the LAN emulation supported on any Cisco devices that are part of the lab? I know they don't require you to set up ATM switching, but is it used in native mode on any of the AVVID products? Thanks, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check what's new on CCIE R/S Webpage, right now!
Based on the amount of voice/multiservice on the written, it looks like AVVID will be plentiful on the lab. That, and the fact that Cisco wants us, as a reseller, to really push IP telephony. I just hope this doesn't make the CCIE "easier" to obtain. I'd rather have to take it twice than having it become easy enough so that most people pass it the first time. My MCSE (which I got in '96 when it was harder) is so easy to get these days, it's ridiculous. (Please no flames from those who just got their MCSEs) I'd just rather see it remain the high-paying, hard to obtain cert that it is. Just my .02, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >Hello, >That is pretty nice for the new folks to Internetworking like myself. I >just passed the CCIE written a few days ago and am about to schedule my lab >date. I wonder what kind of configs we will see on the lab to replace the >waning technologies. >I guess in retrospect this is both good and bad. Good in the fact that >Cisco is keeping up with all the new technologies but bad because the study >materials and equipment to setup and practice for things like VOIP and AVVID >are not easily accessible. >I guess we cannot have our cake and eat it too :( >Hunter Dorroh >MCSE, CCNP, CCDP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Yet another "CCIE R/S Written Passed" message...
Wow, Nice score for not studying in a month. I assume you cleaned house in the BGP section, working for an ISP. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written passed - Must be a Chuck thing!
All, I guess it was a good weekend to be taking the CCIE Written if your name was Chuck! This morning I passed with a 75%. Had but 5 minutes to spare, but never really felt rushed. It was a fair but mentally draining test. None of the questions were ambiguous. I could have spent more time studying BGP, IS-IS, and DECnet, but everything else was fairly familiar. My score sheet doesn't list the number of questions in each section, but I'll list my percentages for the possible benefit of the group. Things that I used to prepare were: 1. On the job experience - I worked with Cat 5000 and 72xx extensively at my last job which was a bank. Currently working for a reseller where I'm doing everything from PIX to Aironet wireless. I can't imagine passing the test without lots of hands-on experience. 2. Cisco Press books - Used the Halabi BGP book, and most of the actual courseware from the CCNP track. Also used some of the titles from the CCIE development series. 3. Giles CCIE prep book. Has some amazing (and amazingly boring) details on token ring and FDDI. I think the Cisco Press books are much better, though. 4. Certification Zone - Practice written tests and the white papers are great. Well worth the money. The practice written tests are tougher than the real one. I had scores of 600, 750, 700, and 710 these last 4 months. Great preparation. Now I just got that little lab thingy to pass :) What's the lead time for scheduling? I'm thinking I might be ready by January? If there's anyone in the NYC area looking for a CCIE lab study partner, let me know. SCORES: Cisco device operation - 71% Networking Theory - 83% Bridging and LAN switching - 70% Ughh, token ring TCP/IP - 75% IP Routing Protocols- 80% Desktop Protocols- 87% Knowledge of NetWare helped here Performance Management - 33% I have no idea what happened here WAN - 83% LAN - 60% I always thought I was better with LAN than WAN... Security- 100% This is more of a mystery than the 33% above Multiservice- 0% I assume there was only a couple questions here. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffer Pro 3.5
Surprise. This has nothing to do with this highly annoying flame-fest. My question is about Sniffer Pro 3.5. Is this a typo, or is 3.5 out now? I've been waiting for the new version that runs on W2K, but I was told late November. Their web site says nothing about 3.5 yet. TIA, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lost config on 5505
Rick, Are you running VTP? If all your switches are VTP servers, meaning they mutually agree on the set of VLANs, it's important that all switches are reachable while making changes. If a switch was added to your network and had a higher database version of VTP, it will overwrite the VLAN configuration of the other switches, even if it's an empty configuration. You're better off having 1 or 2 servers, and the rest clients. Then only make changes to the servers. Hope this helps. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >What would cause the configuration to be "wiped out" from a 5505, besides >the obvious "clear config all"...? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Certification Zone CCIE written results
All, Did anyone who took the Certification Zone CCIE written this month find your scores really low? I'm taking the real exam in a couple weeks, but was real disappointed to get a much lower (100 points less than my previous worst) score this month. I'm hoping it was just the test. Slightly worried, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Phony CCIE
Doesn't the 'E' in CCIE actually stand for Expert? Not only is this guy a phony, but kind of a bonehead as well. Definitely let Cisco (mail address is [EMAIL PROTECTED]) know. See http://www.cisco.com/warp/public/625/ccie/ for the logo. Good luck, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >I recently worked on a project with a fellow who claimed to be a CCIE. He >even gave me his card with the CCIE logo on it. At least I think it is the >CCIE logo. It is a router symbol surrounded with laurels and has the words >Cisco Certified Internetwork Engineer circling it as well. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Linux, terminal emulation for console port
All, My coworker is playing with Red Hat Linux, but he can't find the Linux command or application for terminal emulation though the serial port, much like HyperTerminal. Does such a thing exist, or can anyone recommend an equivalent? TIA, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE question about buffers being used up on router
Wouldn't the answer to this depend on the speed of the router, and which switching method is used? A 16xx or 25xx using access lists might not be able to handle 5000 pps. I thought a process switched 2500 was actually in the sub-1000 range for pps. What's the actual answer? Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NTP support
Hey, Is there any easy way to know which IOS feature sets support NTP (network time protocol)? I need correct time on our customer's routers for logging (datetime) purposes. TIA, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP protocol numbers - found them
All, I found a link to my question about IP protocol numbers - http://www.isi.edu/in-notes/iana/assignments/protocol-numbers It's pretty interesting. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP protocol numbers
All, Does anyone have a link to or list of IP protocol numbers? I'm not looking for TCP or UDP port numbers, but actually what protocol numbers that TCP, UDP, ESP, etc use. I've looked through all my Cisco books and can't find a definitive list. The IETF.org site doesn't have much as far as search capabilities either. TIA, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
I think the key is to allow outbound packets to the Napster servers and other PCs on the Internet, but not allowing external PCs to establish a connection to your users' PCs. Find out the ports that a PC running Napster is listening on, and then block those at the FW. A PIX should do this by default, unless you specifically added a conduit statement to allow Napster. The access list on the outside interface of a router with FW FS should not allow inbound Napster connections. On the Napster client, you'll need to pick the 'I'm behind a firewall, and can't do anything about it' (or something like that) option. I'm blocking Napster both ways at work, so I can't test it for you. HTH Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >Hello everyone, > >I searched through the archives and found lots of good information on >blocking but I did not see anything on the possibility of allowing users to >connect to Napster and download music but NOT be permitted to upload. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Secure VPN client
Ken, I'm not sure about a part number, but it is downloadable from CCO - http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-crypto watch the wrap. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >Anyone knows the product number for the software? >I have VPN-SW-DES-100= but it is just the license. >TIA. >Ken **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
In picking out a hardware firewall, make sure it supports DHCP on the external side. Most cable and DSL providers use DHCP. You could hardcode the DHCP-given address on a firewall, but when the lease is up, your firewall won't respond to the re-lease requests. Your current address will be given out to someone else, causing a conflict and really annoying your ISP. Best bet is to get a static address from the ISP. Also, Cisco has a new PIX - the 506 which is targeted for SOHO. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 > >Any recommendation on a good hardware personal > >firewall? I'm looking for a not too expansive, easy to > >configure, can support NAT one. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Analyzer - Slightly OT
All, I'm in the process of specing a new laptop for our company to use for protocol analysis. I plan on running NT or 2000. Sniffer will have a version for 2000 in November, a NAI rep told me. Has anyone used Etherpeek, and it's upper-layer portion - Netsense? How does it compare to Sniffer Pro, which I've used quite a bit. Also, I'm looking for a Cardbus PCCard to use with it. I've heard rumors that 3Com cards perform hardware layer error filtering, so that errors aren't passed up the stack, hence the analyzer won't see see any runts, collisions, etc. Using Sniffer Pro with a 3Com card seems to verify this. Does anyone have any recommendations on a Cardbus 10/100 card that doesn't filter errors. NAI told me they sell their own "version" of a Xircom card, but they want $500 for it. Any idea if it's different from a retail version? TIA, Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BYE
Dude, You are way too good for us. You should just schedule your CCIE written for Monday. I'm sure you'll do great. Just read the book. While you've got them on the phone, might as well schedule the CCIE lab. Let us know how you do. Chuck CCNP, CCDP, MCNE, MCSE >Well the past couple weeks have been fun but reading through over 100 emails >a day is too much. I thought this list might have helped me along but >mostly it just wasted valuable time. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem in 2948g switch
Whoa! Doesn't bridging defeat the purpose of buying a layer 3 switch? I'd only recommend that as a last resort. Get off of Netbeui if you're using it, and go with IP and WINS. I think this should fix your problem. This might not fix the problem with MS's crappy Master browser process, but some creative IP helper statements should help there. Good luck; Chuck Church CCNP, CCDP, MCNE, MCSE **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie r/s practice tests>?
Lauren, How did you find the CertificationZone tests different? I'm shooting to take the written (first attempt) in last October/early November timeframe. I've been using those tests to gauge my understanding of the material. Would I be better off with something else? What did other "Written-Passers" use to study or test themselves with? Thanks, Chuck Church CCNP, CCDP, MCNE, MCSE jason wrote: > > anyone on the list seen some new practice tests for the written recently.? > I have been seeing a bunch of the same test questions floating around. some > stuff on atm, voip, etc, would be nice. > www.certificationzone.com has CCIE written practice tests, but personally I didnt find them that close to the real thing. TTFN Lauren **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCDA passed
All, Decided to take a break from preparing for CCIE written and took the CCDA test Friday. Just used the Cisco Press CCDA book. Passed with a 931, but I honestly thought I was going to fail about half way through. There were many questions where they showed you an exhibit consisting of 4 - 5 paragraphs about a company's existing network. Then you had to parse through it and find what they were looking for. They were quite time consuming and annoying. They didn't really seem to test you on actually designing networks. Perhaps having finished the CCNP track, I was reading too much into each question. Finished in about an hour. If you've recently passed the ACRC (or it's newer equivalent, which I can't remember the name of), I'd recommend taking this and getting it out of the way. The questions other than those mentioned above closely match ACRC questions, such as which protocols are Distance Vector vs. Link State, and what is better to use when. Thinking about taking the CID this Friday, and getting CCDP out of the way. Does anyone have any suggestions or pointers on this test? Thanks, Chuck Church CCNP, MCNE, MCSE, (CCDA) **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Printer
Amjad, MS's IP printing relies on LPR on the workstation/server and LPD on the print server itself. When you install the printer, Windows will check for a response from the printer on the LPD port - TCP 515. Make sure you're using a valid queue name - usually 'raw' or 'auto' works, but check with the Print server docs. Check your NT/2000 event viewer - Application for errors. Make sure your server does not have a space in the name. This seems to make LPR fail, from a WS I worked on last week. Neither MS nor Xerox had an explanation. Typical MS problem... Chuck Church Network Engineer CCNP, MCNE, MCSE Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Email:[EMAIL PROTECTED] Voice: 914 267-4000 ext 218 Fax: 914 267-1034 >I have network printer in one segment and wanted to print to it from remote >computers across a router (2 hops away). The printer is attached to an Intel >EtherExpress Pro 100 box and is configured to use TCP/IP printing. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Upgrade from 4.4(1) to 5.1(2)
I finally did the upgrade on our 515R. No problems at all. Just a few new defaults. I know this is a dumb question, but did you save the current configuration before reloading it for the upgrade? Chuck Church CCNP, MCNE, MCSE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Upgrade from 4.4(1) to 5.1(2)
I'd compare the old 4.4.1 configuration (which you hopefully still have) to current one. I'm planning the same upgrade on ours to get VPN capability, so I'm kind of interested in the problem. Chuck Church CCNP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 >Hello, >I was just curious if any body have any problems when upgrading the pix >software from Ver. 4.4(1) to 5.1(2). When I performed the above upgrade >traffic would no longer flow through the pix. I could ping it from inside >but I could not surf out. Also from outside I could not surf into my >website. >Any suggestions, thoughts, comments would be appreciated. >Thanks >Ronnie John ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: collision - Load counters
Keep in mind that when Cisco puts 'load' on an interface, it's only refering to transmit, not total. It seems like the versions of IOS ending in 'T' list both 'tx load' and 'rx load' for convenience. Also, since this is ethernet, does packets and bytes received on the interface refer to all traffic on the wire, or just that destined to this router. I'm thinking that it's only traffic destined to the router, so there might be much more traffic on the wire than the rx counters are telling you. Get a sniffer and look at utilization with that. Or if your hubs have a little utilization meter (most 3Com's do), what does it show? If you're hitting 50% frequently, it's time for a switch or 100 mb. Chuck Church CCNP, MCNE, MCSE >Ok, not sure what everyone has recommended here, but the load you have on >the interface is 4/255 which I believe is a running 5 minute average so >taking workstations off the segment is not correct IMHO. Also where you are >right now is .03% which is below the .1% tolerance acceptable. So... >reset the counters, and see over the next 10 to 30 minutes what happens, >(resend the show int to us). ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sysco cert question
Hopefully something. My little sister poured my lab equipment on a hamburger, and to my utter disbelief, ate it. But it was probably a good thing. Without a serious hardware upgrade, I was only capable of running COS (condiment operating system) version 11.3.8, which lacks support for salsa, and some varieties of squash. I was on site at a family picnic for hours trying to figure out that one. Luckily my CAC case is a level one priority, so I'm updated daily. Gotta go study (have the munchies!) Chuck P.S. I heard that the SCCE lab is a 2 day buffet. M > > Date: Tue, 01 Aug 2000 16:57:35 -0400 > From: Rodney <[EMAIL PROTECTED]> > Subject: RE: Sysco cert question > > Hey Brad, I know you're the one to come to about equipment, what do you have > available for this lab? > > Rodney > > - -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan > Ward > Sent: Tuesday, August 01, 2000 1:41 PM > To: Stephen Skinner; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: Sysco cert question > > ok I was thinking of doing the exam but can anyone recommend the best books > or willing to give up the course material in exchange for a no name brand > ketchup bottle? Has anyone used the Boson practice tests? > > also my boss pays me squat and need to know how much you condiment engineers > make blah blah blah ;) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco specializations - Which?
Hopefully this won't cause a huge thread, but my company (a reseller) naturally want's to sell everything Cisco makes, so I'm being asked to learn the Aironet wireless, VPNs and firewall, and IP telephony. This is all in addition to my current pursuit of the R&S CCIE. Since it's pretty hard to be an expert in everything, what's the consensus on these three product categories? I've done some VPN and Firewall with PIX, but haven't really touched wireless or VoIP. Thanks, Chuck Church CCNP, MCNE, MCSE P.S. Today diagnosing a frame internet connection, I saw packets with an IP protocol number 89 and multicast destination 224.0.0.9. Any idea what these were? I didn't get a capture, saw them in a 'deb ip pack det'. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: no access to router
I had the same problem with a 2501. Must have something to do with the console port chips that Cisco uses. Certain versions don't like Win 98 Hyperterm. If you're using Win98, go to the advanced settings, and tell it not to use FIFO buffers. Chuck Church CCNP, MCNE, MCSE groupstudy wrote: > too bad , i will throw my 2503 out of window ,kiding..,thanks anyway > ElephantChild wrote in message ... > >On Sat, 29 Jul 2000, groupstudy wrote: > > > >>I got a cisco 2503 . I can't get access to the console except that i > can > >> see the information in the terminal window but can't not type .and > >> unfortunately I lost the telnet password and enable password. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2500 flash and RAM
Does anyone know of a good source for 2500 flash and RAM? I'm looking for something cheap for a home lab, so I don't really care if it voids the Cisco warranty. Thanks, Chuck Church CCNP, MCNE, MCSE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco CCIE All-in-one Lab Study Guide
In Brad's defense, he's helped me with a couple problems. A lot of CCIE's don't bother helping other people after they cross over to CCIE land. He's still on the list helping others, in addition to selling stuff. If I had a way to help other people learn Cisco and also make money, I'd do it. Chuck Church CCNP, MCNE, MCSE >Date: Fri, 28 Jul 2000 21:16:20 -0400 >From: "RingLord" <[EMAIL PROTECTED]> >Subject: RE: Cisco CCIE All-in-one Lab Study Guide >Tell me Brad do you ever post anything useful to the group or are you just >into advertising your company? Are you affiliatated with CCIE BootCamp? I >thought this list was about certification and studying. You working towards >a meaningful goal in life. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reverse telneting to a console port
All, Can anyone tell me how to setup reverse telnet on a 2511 to connect to the console port of another router? I have the octal cable with RJ45 directly plugged into the console port of another. Is a x-over needed on this cable? I can't seem to find how to do it on CCO. I did notice that if I have the first 3 lines connected to routers, and do a port scan on the 2511, I don't see it listening on ports 2001-2003. If I unplug the RJ45s from the other routers, the port is listening. Here's my partial 2511 config: interface Loopback0 ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast ! . ! line con 0 password cisco login transport input none line 1 modem InOut transport input telnet stopbits 1 speed 38400 flowcontrol hardware line 2 16 modem InOut transport input all stopbits 1 flowcontrol hardware line aux 0 line vty 0 4 password cisco login ! SH LINE 1 looks like this: 2511# sh line 1 Tty Typ Tx/RxA Modem Roty AccO AccI Uses Noise Overruns Int * 1 TTY 38400/38400 - inout --- 0 0 0/0 - Line 1, Location: "", Type: "" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 38400/38400, no parity, 1 stopbits, 8 databits Status: Ready, Active, No Exit Banner Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out Modem Callout, Modem RI is CD Modem state: Ready Group codes:0 Modem hardware state: CTS DSR DTR RTS Special Chars: Escape Hold Stop Start Disconnect Activation ^^xnone - - none Timeouts: Idle EXECIdle Session Modem Answer Session Dispatch 00:10:00nevernone not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set Modem type is unknown. Session limit is not set. Time since activation: 00:04:12 Editing is enabled. History is enabled, history size is 10. DNS resolution in show commands is enabled Full user help is disabled Allowed transports are lat pad v120 mop telnet rlogin nasi. Preferred is lat. No output characters are padded No special data dispatching characters Thanks in advance, Chuck Church CCNP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fixed - 2500 - Doesn't accept console input
Thanks Brad, Brian, and Darrin. I tried Hyperterm from NT, and it worked. I eventually got it to work under 98. On the port configuration, I went to advanced, and unchecked the 'Use FIFO buffers' This particular 2501 had a system board dated 1993. My other ones were '96 and '98. Must be the older ones don't like fast bursts of characters. Thanks again. Chuck Church CCNP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2500 - Doesn't accept console input
All, I picked up a used 2501, but I'm having some problems. I can see it boot up and it looks ok, but it doesn't accept any keystrokes from the console port. Hyperterm settings are ok, no problems with same configuration on other 2500s. I can break into ROM monitor mode, but then cannot enter anything again at the prompt. I tried taking out both the flash and the ram, relying on the ROM IOS and the 1 Mb of system board RAM, but it made no difference. Can anyone think of anything else to try before I return it? I'm going to attempt to view it's IP address from cdp nei det, but without a password, I'm probably stuck again. Any ideas? Thanks, Chuck Church CCNP, MCNE, MCSE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DCE cables
All, Does anyone know of a good V.35 cable source? I'm in the process of building my home lab for CCIE, and all the routers I've got have DTE cables. I guess I need some DCE cables to go back-to-back, right? All the routers are 2500s with 60 pin serial. I know I should know this, but I've always dealt with integrated CSU/DSU WICs, so I've never touched a CSU. I checked Black Box, but they only had Cisco brand cables, for about $95 each. I'm looking for something cheaper. Thanks, Chuck Church CCNP, MCNE, MCSE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MS Exchange and Outlook 97
Daryn, Are you using 3Com NICs on any devices? I've noticed that 3Coms DO NOT autonegotiate correctly with Cisco set-based switches. One side will always come up half duplex, the other side full. Intel and Compaq NICs don't seem to have this problem. You're better off hardcoding everything to 100 full, switch ports and NICs, assuming everything is capable of it. Do a 'sh port count' and 'sh port' on the switches, make sure there's no errors on any port. Check the servers first. Very slow response is a symtom of mismatched duplexity (is that a word?). Chuck Church Network Engineer CCNP, MCNE, MCSE Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Voice: 914 267-4000 ext 218 Fax: 914 267-1034 <mailto:[EMAIL PROTECTED]> - - Original Message - From: "Bartlett, DS1" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, July 09, 2000 6:34 PM Subject: > After our recent upgrade to our backbone (6500's) we are now pushing traffic > at incredible speeds. Unfortunately my users only notice that it now takes > forever for their outlook to open up. We use Exchange 5.5 (sp2) and Outlook > 97. We do not have messenger services loaded. We have Novell servers > on-line, but the Exchange servers do not have IPX client software loaded. > Sometimes it takes as much as 2 minutes for mail to come up. I have allowed > all udp traffic to be forwarded so netbios will work. > > Any thoughts would be appreciated to an extremely frustrated administrator > who is fed up with users. > > Daryn > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
!!!!! WHAT IS WITH THIS INDIVIDUAL MESSAGE DISTRIBUTION ?????
Is everyone getting each individual message? I'm getting them faster than I can delete them. I know Paul had some sendmail problems. Is this an aftereffect? Chuck Church Network Engineer CCNP, MCNE, MCSE Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Email:[EMAIL PROTECTED] Voice: 914 267-4000 ext 218 Fax: 914 267-1034 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Micosoft 'routers'
The routing table is a good question. There's also all the features that Cisco supports with IOS. Can MS do bridging, access-lists, HSRP, redistribution, and ISL? Plus if you've got backup hardware and a copy of your config, a totally dead router can be replaced with another in 5 minutes. How fast can a server be built? I'm thinking MS may be useful for adding a couple segments to an existing net, but basing an enterprise on all MS routers seems almost comical. With the cost of layer 3 switching coming down, and performance going through the roof, it looks like switches are going to be running the core from here on out. Chuck Church CCNP, MCNE, MCSE Network Engineer Magnacom Technologies 140 N. Rt 303 Valley Cottage, NY 10989 >I see that Microsoft has provided resources to configure OSPF and RIP in >Windows 2000 servers >to provide routing capabilities. >Has anybody evaluate this ? Do you think this could substitute 'real' >routers ? >Thanks, ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed CIT, now a CCNP - Woohoo!
All, Passed CIT 4.0 today with a 861. Needed 720. Used just the Cisco Press CIT 4.0 book, and a lot of work experience with Cat 5000 and 7200 routers (Routers only routed Ethernet, not WAN). I scored an incredible 0% on the AppleTalk section, but made up for it on the Frame, IPX, and switching sections. Lots of ISDN questions, including 1 that I didn't know that was asked 3 times with slightly different wording. As usual, there was lots of poorly worded questions. I'm guessing the test questions are all a couple years old, based on the amount of AppleTalk questions, and lack of ISL questions. Very little questions on routing protocols. Now on to CCIE - R&S. P.S. Any recommendations on CCIE? I'm thinking I should start building my home lab. Chuck Church Network Engineer CCNP, MCNE, MCSE Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Email:[EMAIL PROTECTED] Voice: 914 267-4000 ext 218 Fax: 914 267-1034 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed CMTD today
All, I passed my CMTD 8.0 test today with a 914 out of 1000. Took about 35 minutes out of the 90 allowed. I used the BCRAN book, and the Boson CMTD/BCRAN test set #1. A couple questions were kind of ambiguous, but overall very easy. All of the 21 topic areas from the Exam Objectives PDF file are covered. Some a little, some a lot. Now on to CIT... Chuck Church MCNE, MCSE, CCNA, (CCNP this month, hopefully :) Network Engineer Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Email:[EMAIL PROTECTED] Voice: 914 267-4000 ext 218 Fax: 914 267-1034 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HTML mail
All, I try not to complain, but could we get out of the habit of sending HTML mail to this list? It seems like lately there's about 10 pages of I in every digest. If you're using Outlook, just go to 'Format', and pick 'Plain Text'. 'Ok' to any warning, and it'll be plain text. I've already warn the letters off my 'page down' key, but maybe it's not too late for others on this list :) Thanks, Chuck Church MCNE, MCSE, CCNA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CMTD with using BCRAN study material
All, I'm taking the CMTD 8.0 test on Thursday. I was unable to find any original course material or Cisco Press books for CMTD when I finished CLSC 6 weeks ago. I didn't want to sit idle waiting for the BCRAN test release so I've gone through the new BCRAN Cisco Press book, but since this isn't the right book for this test, I'm a little nervous. I'm getting about 80% on the Boson tests I purchased the first time I take them, but they seem geared for BCRAN more than CMTD. Any last minute pointers? I think I've got the CMTD objectives down, but I need a little reassurance. Thanks, Chuck Church MCNE, MCSE, CCNA, CCNP hopefully 1 test away after Thursday ;) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]