Word wrap - was Re: MCNS (v2.0) questions
OK, I'll bite and assume this is a genuine question and not a leg-pull, since nobody else seems to have answered it. Many mail programs will automatically turn a URL into a hot-spot so you can open the URL directly from email. However if the URL is long enough to wrap over more than one line, usually only the first line is turned into the hot-spot, so if you click on it it won't work because it's missing part of the URL. "Watch the word wrap" just means that if the URL is longer than one line, you may need to cut and paste it into your browser. Otherwise the mailing list gets clogged up with comments like "but this URL doesn't work for me"... I was going to make some smart comment about word wrap being encapsulation of words in sentences, but I'm a bit too braindead to think it out properly... JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 08/08/2000 16:30 --- [EMAIL PROTECTED] on 08/08/2000 05:38:15 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: JENNY MCLEOD/NSO/CSDA) Subject: Re: MCNS (v2.0) questions In a message dated 8/7/00 3:30:02 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: << Haven't taken the exam but there's an outline for the MCNS course on the Cisco site. http://www.cisco.com/pcgi-bin/front.x/wwtraining/course_description.pl?Course= TRN-MCNS&Version=2.0&From=Network_Management watch the word wrap Karen E Young Network Engineer ELF Technologies, Inc [EMAIL PROTECTED] >> OK, I've tried not to ask this for a long time but it's really starting to drive me crazy!!! what is this "word wrap". Whenever I go to cisco's site from a post like this I try to look for something unusual, hoping that it will be this "word wrap". But I haven't seen it yet. Could someone please fill me in... Mark Zabludovsky ~ CCNA, CCDA [EMAIL PROTECTED] If the automobile had followed the same development as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year killing everyone inside. ~Robert Cringely, InfoWorld~ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1, FT1 and Channelized T1
Hello, Can someone tell a little on the difference among T1, Fractional T1 and Channelized T1? I'm bit confused. Thanks in advance. Jim __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Editing ACL's
STRAND Scott wrote: > > Is it possible to edit only one line of an access list without > removing the entire ACL. I heard that it is possible now with > having to cut and paste. It is possible only to remove lines from named ip access-list. But, all new lines will go to the one of access-list. Saa ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2501 Question
Hi: Does anyone know the address for a web site that will walk you though the installation of a Cisco 2501 Router? Also, does anyone have any good lab projects that use this router and would help me prepare for my CCNA exam. Regards, KF ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed 507???
I am working on a project and need input from people who have taken the 507 exam. I am NOT asking anyone to breech the NDA. I am trying to determine 3 things: 1) Your general thoughts on the difficulty of the exam as a whole - wording, coverage of objectives, et al? 2) What study materials and resources you feel were of the most benefit and which were not? 3) Your comparison of the exam in relation to other certification exams - MCSE, CNE, et al.? Please do NOT make any statement(s) regarding exam content or any other statement that could even remotely breech the NDA. I am a party to the NDA and I have full respect for it. Your help is appreciated. Please do NOT reply to the group. Instead, reply only to me or to [EMAIL PROTECTED] Thanks, john ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP classless/Default routes
You are correct, equal cost static routes are load balanced on Cisco routers. That's why in a case like that you would want 1 of the statics to have a higher admin weight assigned to it. So the wireless could be ip route 0.0.0.0 0.0.0.0 172.16.2.10 200 and the fiber could be ip route 0.0.0.0 0.0.0.0 192.168.2.10 The static with the lower admin cost will be installed in the route table until the link goes down. Then the other will be installed. Every routing protocol has an admin weight assigned to it. Static and connected routes also have them. Take a look in the docs and you'll find all the defaults. Kenny - Original Message - From: "Emilia Lambros" <[EMAIL PROTECTED]> To: "'Dave Page '" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, August 07, 2000 7:55 PM Subject: RE: IP classless/Default routes > in my experience with having two default routes on a router, they've > load-shared across those two interfaces/links. > > For example, we had a router with a fibre connection and also a wireless > connection. The router had two default routes - one across fibre, one > across wireless. The fibre went down and half the packets were getting > lost, which screamed "load-sharing" to me. I removed the default route > across fibre and it worked fine. > > Cheers, > > Em > > > -Original Message- > From: Dave Page > To: 'Cisco List' > Sent: 8/8/00 10:05 AM > Subject: IP classless/Default routes > > > In Todd Lammle's book for CCNA 640-407, on p. 202 he has set a default > route > of BOTH 172.16.40.2 and 172.16.20.1. How does one do this, just enter > the > IP route command as such, one right after the other (??): > > ip route 0.0.0.0 0.0.0.0 162.16.40.2 > ip route 0.0.0.0 0.0.0.0 162.16.20.1 > > ??? > > > The reason I ask is that in his book for CCNA 640-507, he states on page > 253, "Default routing is used to send packets with a remote destination > network not in the routing table to the next hop router. You can only > use > default routing on stub networks, which means that they have only one > exit > port out of the network." > > The two books seem to say contradictory things. Is it because the 507 > exam > is based on a different IOS? What gives? > > > Dave Page > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: just pass BSCN
What materials did you use to pass BSCN? "news.groupstudy.com" <[EMAIL PROTECTED]>@groupstudy.com on 08/08/2000 02:32:01 PM Please respond to "news.groupstudy.com" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: just pass BSCN I feel ti is easier than i expect ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
just pass BSCN
I feel ti is easier than i expect ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how to monitor the traffice by cisco works
I want to get the traffic of the serial port which connected the internet by cisco work,and i aslo install the sniffer in my outside area,but i don't think sniffer can get the traffic of the serial port? any good advice?
Re: passed CCIE R&S written
congratulations! ""Daniel Ji"" <[EMAIL PROTECTED]> wrote in message 8mng64$776$[EMAIL PROTECTED]">news:8mng64$776$[EMAIL PROTECTED]... > Hi, everybuddy: > > Just want to let all of you know that I passed CCIE written the first try > today with a score of 75%, although not skyhigh, but I'm happy It's behind > me now, from now on I can focus on my LAB prep. ^_^ My test software crashed > once during my test, lucky thing I didn't lose the test and all the answers > I entered was still there. > > I think I was relaxed during the test, that's really important for such a > test as the stress and 100 questions would overwhelm you if you get nervous. > I finished the whole test with only 5 mins left, but I didn't feel rushed > coz I was trying to make sure I gave the right answers as I proceeded, just > as what I did with all the CCNP tests, hehe > > Somehow I feel the Internetwork Technology handbook was not very useful > because it dose not provide the depth needed for passing CCIE written. I > think the test is a good and fair one because it test your "network common > sense" or ability to apply basic concepts into networking senarios, not just > test your knowledge based on remembering stuff or certain facts. So try to > establish a logical "networking common sense" is my suggestion, trying to > really understand networking is important because that's exactly what Cisco > is trying to test in their written and Lab exams. > > Books I read and found useful: > Routing TCP/IP by Jeff Dole, I love this book, I should call it a Routing > bible! > Cisco Lan Switching by Kenndy Clark, Switching Bible! > Internet Routing Archetecture by Bassam Halabi, great and fun book on BGP! > CCNP series: ACRC, CIT, BCRAN. > White papers about Token ring, Bridging. > Internetwork Technology handbook, good for looking up something you never > heard of. > Plus anything you find youself are weak on when taking a simulated test. > > That's about it, thanks for everyone who had offered me help from CCNA to > CCNP, and now CCIE written. I do love this list because it not only provides > good information about test prepration, but also gives me motivation and > confidence to face tough task. Special thanks to Priscilla Oppenheimer, she > gave me the encouragement in one of her postings(an old posting regarding > CCIE written), I finally decided to book the test. > > Now, Heading on to the LAB, any comments and suggestions from you Cisco > Gurus? Anything about LAB prep is greatly appreciated! > > Good luck to all of us!!! > > Daniel Ji. > CCNP 2.0, CCIE written, CCIE Lab not scheduled yet. > > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FrameSwitch Lab
I'm not sure if this works but I think both serial interfaces of the DTEs should be on the same subnet, right? on router B, try changing the ip address to 192.168.3.2... I think it might work that way. Kenneth "Barry Reyes" <[EMAIL PROTECTED]> wrote in message EB42F51E5B65D411BF2E0008C73B48011EAFB2@BSTNT1000">news:EB42F51E5B65D411BF2E0008C73B48011EAFB2@BSTNT1000... > Hello Everyone, > > I am having an issue with configuring my Frame Relay Switch. This seemed to > have worked before I physically moved the equipment. The reason I say this > is because typing 'show frame-relay pvc' from the switch produces PVC STATUS > = INACTIVE now after the move. > > Could my ports be damaged? Maybe I am overlooking something in my > configuration. Here are the configurations I am using for my testing > environment: > > Cisco 2503 > > Current configuration: > ! > version 11.2 > no service password-encryption > no service udp-small-servers > no service tcp-small-servers > ! > hostname FrameSwitch > ! > ! > frame-relay switching > ! > interface Ethernet0 > no ip address > no shutdown > ! > interface Serial0 > no ip address > encapsulation frame-relay ietf > clockrate 64000 > frame-relay lmi-type ansi > frame-relay intf-type dce > frame-relay route 100 interface serial1 101 > no shutdown > ! > interface Serial1 > no ip address > encapsulation frame-relay ietf > clockrate 64000 > frame-relay lmi-type ansi > frame-relay intf-type dce > frame-relay route 101 interface serial0 100 > no shutdown > ! > interface bri0 > no ip address > shutdown > ! > no ip classless > ! > ! > line con 0 > line aux 0 > line vty 0 4 > login > ! > end > > > Cisco 2102 > > Current configuration: > ! > version 11.2 > sevice timestamps debug datetime localtime > no service password-encryption > no service udp-small-servers > no service tcp-small-servers > ! > hostname RouterA > ! > ! > ! > interface Ethernet0 > no ip address > shutdown > ! > interface Serial0 > ip address 192.168.2.1 255.255.255.0 > encapsulation frame-relay ietf > frame-relay lmi-type ansi > frame-relay route map ip 192.168.3.1 100 broadcast > no keepalive > no shutdown > ! > no ip classless > ! > ! > line con 0 > line aux 0 > line vty 0 4 > login > ! > end > > > Cisco 3102 > Current configuration: > ! > version 11.1 > service udp-small-servers > service tcp-small-servers > ! > hostname RouterB > ! > ! > ! > interface Serial0 > ip address 192.168.3.1 255.255.255.0 > encapsulation frame-relay ietf > frame-relay lmi-type ansi > frame-relay route map ip 192.168.2.1 101 broadcast > no keepalive > no shutdown > ! > interface TokenRing0 > no ip address > shutdown > ! > no ip classless > logging buffered > ! > line con 0 > line aux 0 > line vty 0 4 > login > ! > end > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New Genuine Cisco and MCSE books for sale @ 50% off coverprice
Hello GroupStudy list members, I hope this isn't an inappropriate post for this list, but I've got Cisco and MCSE books available at 50% of cover price. If you have questions, don't reply to this list, but instead email me at [EMAIL PROTECTED] See my links below: Thanks. --- http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395841379 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395856384 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395863766 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395872538 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395889837 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395896393 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395904244 http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=395912252 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2 2501's as a frame relay switch - Once and For All
I've been saving this one for a while also. Originally I was going to write this off as another one of those questions. Then I got to wondering about the genesis of it. Did a bit of research. Interesting. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_ c/wcdfrely.htm#xtocid15531103 watch this word wrap... the short answer to Mr. Ozbourne's question is yes it can be done. The question itself indicates a bit of uncertainty. I know when I was considering it, and poking around CCO, my thought was that tunnels are layer three and frame relay is layer two and therefore no it can't be done. But Cisco continues to be full of surprises. The IOS is very rich in features that allow one to do a wide variety of things in any number of ways. Sometimes I'm too dense to understand the reasons behind the possibilities. So 1) One may use Cisco routers as frame relay switches. 2) One may use Cisco routers as X.25 switches 3) One may tunnel frame relay and X.25 and SNA and any number of other things over IP networks. For example, if one were migrating an enterprise to an IP only backbone, but one had an extensive embedded base of whatever, one would take advantage of the rich Cisco feature set to make this possible. So I have a New York office, a Los Angeles office, and Fargo office. I want a high speed core, using DS3. Can't do X.25 over DS3, so I have to fake out my existing X.25 network by making my Cisco edge routers X.25 switches and tunnelingX.25 across the backbone. OK I understand the theory. Same for SNA. But for frame-relay I'm scratching my head. Network-frame_relayrouter--IP_Core_Networkrouter-fra me-relay-network Possibly there might be some advantage to create such tunnels so that routers are but one hop away from eachother? Possibly I am looking at this the wrong way, and the issue is one of a large organization with a bunch of Stratacom switches in various locations, and wanting to take advantage of a high speed core somehow? I get the feeling that this feature exists as a means of helping transition from one structure to another. I just don't understand the structures involved. Chuck P.S. Yes Dave, your configurations will work. They are almost identical to configurations found in the link above. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Ozbourne Sent: Thursday, July 13, 2000 8:48 PM To: [EMAIL PROTECTED] Subject:2 2501's as a frame relay switch - Once and For All Searched the archives on Groupstudy and found varying answers on the follwoing config, for 2 2501's connecting through a tunnel to simulate a frame relay switch. Does it work yes or no? Thanks Cisco 2501 # 1 ! version 11.2 service udp-small-servers service tcp-small-servers ! hostname r1 ! ! frame-relay switching ! interface Tunnel0 no ip address tunnel source Ethernet0 tunnel destination 192.168.1.1 ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay clockrate 100 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 112 interface Serial1 211 frame-relay route 113 interface Tunnel0 311 frame-relay route 114 interface Tunnel0 411 ! interface Serial1 no ip address encapsulation frame-relay clockrate 100 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 211 interface Serial0 112 ! no ip classless ! line con 0 line aux 0 line vty 0 4 login ! end Cisco 2501 # 2 ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname r2 ! ! frame-relay switching ! interface Tunnel0 no ip address tunnel source Ethernet0 tunnel destination 192.168.1.2 ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay clockrate 100 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 311 interface Tunnel0 113 ! interface Serial1 no ip address encapsulation frame-relay clockrate 100 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 411 interface Tunnel0 114 ! no ip classless ! ! line con 0 line aux 0 line vty 0 4 login ! end Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP classless/Default routes
in my experience with having two default routes on a router, they've load-shared across those two interfaces/links. For example, we had a router with a fibre connection and also a wireless connection. The router had two default routes - one across fibre, one across wireless. The fibre went down and half the packets were getting lost, which screamed "load-sharing" to me. I removed the default route across fibre and it worked fine. Cheers, Em -Original Message- From: Dave Page To: 'Cisco List' Sent: 8/8/00 10:05 AM Subject: IP classless/Default routes In Todd Lammle's book for CCNA 640-407, on p. 202 he has set a default route of BOTH 172.16.40.2 and 172.16.20.1. How does one do this, just enter the IP route command as such, one right after the other (??): ip route 0.0.0.0 0.0.0.0 162.16.40.2 ip route 0.0.0.0 0.0.0.0 162.16.20.1 ??? The reason I ask is that in his book for CCNA 640-507, he states on page 253, "Default routing is used to send packets with a remote destination network not in the routing table to the next hop router. You can only use default routing on stub networks, which means that they have only one exit port out of the network." The two books seem to say contradictory things. Is it because the 507 exam is based on a different IOS? What gives? Dave Page ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
I stand duly corrected sir. I was not aware of the product. I must confess I haven't been keeping up on my cisco, new job and all... Thanks for your positive input as always... --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > Since this is a Cisco list, Robert, the least you > could have done is name > the Cisco CVPN ( formerly Altiga ) boxes! :-> > > Say, where you been? Haven't seen your name here in > several months. Good to > hear from you. I'm still eating my blueberries! :-> > > Other dedicated VPN boxes include VPNet ( > www.vpnet.com ) and Checkpoint > makes a pretty good one, particularly when running > on the Nokia hardware > platform ( www.checkpoint.com ) > > And yes I concur. Customers continue to say to me "I > have and existing Cisco > router. Can't we just use that for our VPN?" And I > always respond "you sure > can. But you won't like what happens!" When > designing a VPN, the temptation > is great to try to be cheap. And with VPNs > particularly, it can end up being > a LOT more expensive in the long run. > > Keep in touch, Robert. Your insight is welcome and > missed. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Robert Hanley > Sent: Monday, August 07, 2000 12:06 AM > To: Chuck Larrieu; [EMAIL PROTECTED] > Subject: Re: VPN 3DES ON 2MB Link with 25XX > > With respect for the fact that this is a cisco list > I > would still like to point out that it is precisely > because of the cpu intensive nature of crypto that > the > most popular solution is not a router per se but a > dedicated VPN box such as the Nortel Contivity. > > For the curious: > http://www.nortelnetworks.com/products/01/contivity/doclib.html > > In the same vein I must point out that it is the > central cpu cisco router architecture and top down > nature of IOS that makes any kind of additional > processing problematic. Other router architectures > that utilize distributed processing can handle these > additional chores much more gracefully. > > Chuck...any guess as to where I wound up working ? > > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > > Have fiannly gotten around to printing out the > IPSec > > Design Guide published > > on the Cisco site. > > > > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/ipsecur/ips > > ec/tech/ > > watch the word wrap > > need a CCO login to get there > > > > rather interesting publication, with 15 pages on > > IPSec, 27 pages on design > > considertions, and over 370 pages of case > > studies/configurations! > > > > the relevant protion to this conversation is the > > design guide, which does > > talk about performance, memory usage, and > processor > > impact. The information > > presented is not a complete as I would hope, but > it > > is indicative. > > > > for example, using a 16xx router, and a 125K > > clockrate on a back to back > > serial link, a file transfer that took 10 minutes > > with no encryption took > > only 18 seconds longer using IPSec. CPU usage was > at > > 29% on average during > > the tests. ( The publication states that "the same > > test was run several > > times and the times were averaged together") > > > > Although there are several charts measuring > > bandwidth % used with different > > size packets on several router platforms, I am > > disappointed to find that > > this presentation is not particularly detailed, > nor > > particularly rigorous. > > > > One chart compares performnce in megabits per > second > > of several routers, one > > of which is a 2514 ( no 2501's ). Said router > > without encryption perfermed > > in the range of 2.4-9.9 mbs, and with AH and ESP > > enabled dropped to 01.-0.2 > > mbs. there is a column labeled "suggested > bandwidth" > > but no explaination in > > the text. There is a rather interesting line > stating > > that "the suggested > > bandwidth is reduced from the maximum possible to > > bring the CPU utilization > > more within accepted limits" > > > > the same table states that a 7505 popping AH and > ESP > > was filling a 6 mbs > > serial link with a 70-75% CPU usage rate. > > > > All this leads me to infer that the chances are > very > > good that doing what > > you are planning to do will be bad for the router. > > IPSec checws up processor > > cycles. With a T-1 to fill, your poor CPU's are > > going to burn along at 100% > > utilization to fiull that bandwidth. Not good for > > router! > > > > Given these kinds of numbers, you may find your > > remote users complaining a > > lot about "slow performance" and with good reason. > > your 2 meg pipe becomes a > > 100K pipe, assuming the router doesn't shut down a > > lot due to overload. > > > > Anyone got some other good reads on IPSec and > router > > resource utilization? > > > > Chuck > > > > <[EMAIL PROTECTED]> wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello, > > > > > > I wish to setup a 3DES VPN between two sites (a > > local
Re: CATM score 951
I do have ATM Theory and Application book, that thick signature edition. But that contains too much gory details than you need for exam. I will suggest you get course material, read based on that, it will give you enough info to pass that exam. Hope it helps. "Kenneth" wrote in message <8mnckc$tos$[EMAIL PROTECTED]>... >what book did you use? > >""Sean Wu"" <[EMAIL PROTECTED]> wrote in message >8mnbkj$p0f$[EMAIL PROTECTED]">news:8mnbkj$p0f$[EMAIL PROTECTED]... >> It was easy, and it even allows mark. I took CATM class from Jul 24-28, >and >> then my boss asked me to be on-call 24x7 for a week until 8/4. Read course >> materials for the whole weekend. Took exam this afternoon. Everything you >> need is in the course materials. Not many real commands, mostly theory. >> >> >> ___ >> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >> FAQ, list archives, and subscription info: http://www.groupstudy.com >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >> --- > > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >--- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Debugging tool
Use the Cisco Stack Decoder J K wrote: > Hello Group > > Does anyone know of the webpage that could decode router errors such as > stack errors . I have tried on TAC and i know i have seen it before . > > But i am not sure if i had seen it on cisco's internal network . That may be > the case . IF someone has any ideas Please let me know > > Jim K > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: About ping on router
I bet because of the way your ISP has it set up you are sourcing from an IP that is not being routed on the Internet. Do you have a separate IP range for your serial and gateway address that your ethernet LAN side is? If so, try doing an extended ping and sourcing your Ethernet IP address and see what happens. The problems with having the ip name-server command and being set up for that range is that you can not force a source an IP address. You might be able to set up NAT and create an internal IP translation for the DNS server and then force the source address, but have fun with that one.. Nathan frank wrote: > I could ping IP address in windows 98 dos window successfully,but when i > telnet on my router (2610) > i could not ping IP address outside of my router,and if i ping > www.ibm.com,for example ,i could not get right DNS resolution,but i have set > up DNS server on router by "ip name-server a.b.c.d " > Router#ping www.ibm.com > Translating "www.ibm.com"...domain server (a.b.c.d) > % Unrecognized host or address, or protocol not running. > > Any help would be greatly appreciated. > > frank > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Prerequisites
On a similar, though less lofty note, I know little about Windows outside of how to make it nice in the IP/IPX world, yet I made it through the CCIE program. Getting to Howards level is more of a lifelong battle :) *** REPLY SEPARATOR *** On 8/7/00 at 2:01 PM Howard C. Berkowitz wrote: >>SNIP >>" everyone seemed to at least have an MCSE before attempting the cisco >>route. Is this highly essential to succeed? " >>SNIP > >Let's see...I can set the IP parameters on a Windows host. I have a >reasonable understanding of the traffic effects. System >administration on Windows? Nahhh. > >UNIX, MacOS, IBM MVS, VMS, sure, as well as assorted real-time code. >Really Obscure Things like IBSYS, EXEC 8, IBM 1130 Disk Monitor, >AHS-11, IBM 360 DOS, PRIMOS, etcyep. > >Somehow, I have managed to eke out a networking existence. > > > >> >>No, I dont believe it is highly essential... however, I believe most that >>working in the Networking Infrastructure area have been brought up through >>the LAN/Server Administration area. >> >>MCSEs should have a better understanding of the associated Windows >>protocols. The same is true CNEs, they should have a better understanding of >>the Novell networking model and protocols. >> >>It boils down to experiance not letters or certifications. Just like >>anything else, you can work through the Cisco certifications with dedication >>and commitment, but experience will make this much easier to relate to. >> >>Ed >> >>Edward Moss >>CCNP, CCDP, CNE > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip header question
Atif... it seems nobody answered your question. It is a topic of good discussion. Lets talk about it. Nate ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP and Unnumber IP Problem
It is Ok. Thanks for your help -- - Click here for Free Video!! http://www.gohip.com/free_video/ "Kent" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > you need to configure 'async default routing' > > > --- vtam <[EMAIL PROTECTED]> wrote: > > The following is the 3620 config: > > > > interface Loopback0 > > ip address 40.126.249.1 255.255.255.255 > > no ip directed-broadcast > > > > interface Serial0/0 > > physical-layer async > > ip unnumbered Loopback0 > > no ip directed-broadcast > > encapsulation ppp > > dialer in-band > > dialer string 3398102 > > dialer-group 1 > > async mode dedicated > > priority-group 1 > > > > interface Serial1/3 > > backup delay 0 60 > > backup interface Serial0/0 > > ip address 40.126.247.2 255.255.255.252 > > no ip directed-broadcast > > priority-group 1 > > > > router eigrp 100 > > network 40.0.0.0 > > no auto-summary > > > > > > This is the centre 3640 config > > > > interface Loopback0 > > ip address 40.126.248.251 255.255.255.255 > > no ip directed-broadcast > > > > interface Group-Async0 > > ip unnumbered Loopback0 > > no ip directed-broadcast > > encapsulation ppp > > dialer in-band > > async mode dedicated > > group-range 65 80 > > > > router eigrp 100 > > network 40.0.0.0 > > no auto-summary > > > > line 65 80 > > modem InOut > > modem autoconfigure discovery > > transport input all > > flowcontrol hardware > > > > > > Thanks for your help. > > > > > > > > > > > > ___ > > UPDATED Posting Guidelines: > > http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX routing question (resolved)
Thanks for everyone who contribute into my question. I managed to resolve the problem with Cisco engineer on the phone after struggling for about an hour (yeap, I open a TAC case). The problem lies on the client. The Novell server 3.12 were using both 802.3 & 802.2 but in our router we only encap 802.3. However on the client most of them set the frame-type to 802.2 so if I login or do rconsole to the remote server, I can see the IPX traffic (sh ipx traffic) is receiving tons of mismatch frame type. Just some additional info for you guys, ever think of how to encapsulate 2 type of frame-type over a physical interface? Use sub-interface! Maybe this is a common answer but it's worth to learn this way. Jmata: You were right and I left out the serial ipx number. It's a very helpful info. Thanks! Oh btw they are removing the analogue circuit (bridging) and of course with the same external IPX network number will not work with router. Reason? Please read the next line. whatshakin: I could view all the servers remotely back and forth (only between servers). Sorry that I didn't include this on my question. However I did not quite agree with your opinion, I feel that the external IPX network number should be different over WAN with router. If client A sent a packet to client B through a same IPX network number, the router will treat it as local thus no packet will forward to the remote B router. Similar to IP if the IP subnet belong to local, it will not route it over the other site. Dave: Thanks for the reminder. Glad to be in this group. Ryan -- Forwarded by Ryan Ngai Hon Kong/GHL Technologies/MY on 08-08-2000 09:27 AM --- To: Ryan Ngai Hon Kong/GHL Technologies/MY cc: Subject: Re: IPX routing question. (ScanMail Checked: Virus Free!) Not entirely versed in routing IPX, but I am going through the same thing and came across the same problem. What one of my very high paid consultants told me was that I was missing an IPX network number on my serial ports. In your case I'm picturing the following: Before: Novell A (802.3, Net 888) -Microm --Analogue lease --Microm - Novell B(802.3, Net 888) After: Novell A (802.3, Net 888) --- 1602 -64k --1602 Novell B (802.3, Net 887) Recommendation Novell A (802.3, Net 888) --- 1602(ENCAP SAP, NET 889) -64k --(ENCAP SAP, NET 889)1602 Novell B (802.3, Net 887) I'm currently running Netware 4.11 and will soon be upgrading to 5.0 and converting to IP. Also look at the configurations and make sure that the IPX ROUTING (net #) is unique on each of your routers and that they represent you individual router. I got caught with this one when I was following a printed sample off one of the books I was using and after hours of troubleshooting, I disabled IPX ROUTING and re-enabled it and saw that the number had changed. Once I had that and the IPX NET #s on each of the interfaces things started working. Just out of curiosity, did the bridging keep working after they changed the circuit type and before you made the bridging to routing changes? Hope this helps. -- Forwarded by Ryan Ngai Hon Kong/GHL Technologies/MY on 08-08-2000 09:27 AM --- Please respond to "whatshakin" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc:(bcc: Ryan Ngai Hon Kong/GHL Technologies/MY) Subject: Re: IPX routing question. I guess your problem is that now the computers on one network cannot see those on opposite network right? Anyhow, Novell 3.X and 4.X require the same identical EXTERNAL network numbers. By the looks of what you have given us you need to revert the 887 network back to 888. Make sure your frame type is consistent across the network too. Changing hardware should not make any difference. Perhaps someone with first hand experience can confirm this. Do some double checking on the modems to make sure they are working correctly. HTH Let us know how you fare. To: "'whatshakin'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] cc:(bcc: Ryan Ngai Hon Kong/GHL Technologies/MY) Subject: RE: IPX routing question. Each lan has to have its own IPX network number. Then on the serial interfaces of your routers (or subinterfaces), you have to have an ipx network on those as well. On the serial interfaces though, the ipx network number has to be the SAME between two sites. You also need to make sure you're using the same frame format, i.e. novell-ether, sap (802.2 or 802.3)See below: Site A, lan ipx 1234 Cisco Wan ipx 3456 --- Cisco Wan ipx 3456 - Site B, lan ipx 7890 HTH, Dave ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Editing ACL's
I think it may be possible when using named access-lists instead of numbered. STRAND Scott wrote: > Is it possible to edit only one line of an access list without removing the entire >ACL. I heard that it is possible now with having > to cut and paste. Can you advise. > > Thanks, > Scott > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX versus Firewall-1 comparison
Here's a good one. http://www.idg.se/sartryck/art/firewall1_eng.html Ryan Phil Barker <[EMAIL PROTECTED]> on 07-08-2000 04:27:54 PM Please respond to Phil Barker <[EMAIL PROTECTED]> To: cisco GroupStudy <[EMAIL PROTECTED]> cc:(bcc: Ryan Ngai Hon Kong/GHL Technologies/MY) Subject: PIX versus Firewall-1 comparison Hi Gang, Does anyone know where I can get a decent white paper comparing these two firewall solutions from a neutral standpoint ? I've been in a meeting recently where it has been claimed that we would always prefer Firewall-1 to PIX. Would anyone like to comment technically why this should be ? Regards, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Prerequisites
I bow to your superior knowledge. I know how to sweep the data center, but I pay someone to do that for me too. FYI, I started using windows in the Lanmanager days, I've waded through enough netbios traffic to choke an OC-192. I wish I spent more time honing my UNIX skills so I could be where I am a couple years earlier. In my neighborhood, A good UNIX SA costs about 95-140k/yr A good NT admin costs about 60-85k/yr Erik Mintz Director, IT operations Crosslinks systems 1 Silicon Alley plaza New York, NY 10038 212-363-4100 [EMAIL PROTECTED] - Original Message - From: Oz <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 06, 2000 1:43 AM Subject: Re: Cisco Prerequisites | Erik, | | That took about 2 minutes to find on the web and you probably needed | service pack applied .. | Thats what the hell that means and we all know you hate windows and thats | fine . | But please you cannot tell new folks to forget it .. I have worked in | huge enviroments that had lots of NT and windows and many issues would | not have been solved if my knowledge of NT was not there.. | As a router dude you can get a lot of issues that can SEEM to be wan | related when in fact it can be simple desktop/server issues.. | Sure there are many folks out there that know networking and unix but also | by not knowing NT windows could limit those same folks too . | Just like my limited Unix limits me .too. | And for folks just starting up NT is fine as chances are they will start | at the desktop anyhow .. | And there is not many unix desktops around these days . | And whether you like it or not Cisco is making more stuff for NT all the | time and there are some that are NT windows only .. | I don't care for any particular OS to me they all are the same.. But I | have to care because many places are multi OS environments and you need to | know a little about them all. | And I am not trying to start an OS war here just trying to give some | balance here.. | The market has shifted and thats a fact and so will the workforce have to | shift in the direction of the market it's just that simple.. | For someone on a limited budget NT can help them out sure they can do | Linux but right now there is not much market for entry level Linux folks. | Whereas win NT desktop there is tons of work.. | | | And for Adedapo MTA errors usually are due to corrupted databases but I | have not played with exchange for a long time. But usally running MTACHECK | will fix it | | | | | A fatal MTA database server error was encountered. A bad list member | > >length is on object 0646. File offset: 3134. Attribute ID: 79. | > >Referenced object (0 => N/A). Referenced object error: 0. [DB | > >Server DISP:ROUTER 8 42] (16) | Oz | http://www.mcseco-op.com/helpfull_links.htm | | ___ | UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html | FAQ, list archives, and subscription info: http://www.groupstudy.com | Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] | ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sharing Win95/98 to Win 2000 Pro
It does work thanks to a few, all you have to do is setup a user in Win2000 pro and make sure both machines are in the same workgroup and with the 95/98 make sure you don't have login into Domain click in network properties. Make sure both machines are on the same subnet to. Brian Email Address [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Thanks - CID passed
Great job, I will be joining your ranks by Wednesday thanks to the great insight this group has provided... Only the CIT is left! Jim Croyle Network Engineer -Original Message- From: Ed Moss [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 1:26 PM To: [EMAIL PROTECTED] Subject: Thanks - CID passed Thanks to everyone in the group... I passed CID this morning which completes the CCDP track. I completed the test in one hour They provide two hours to obtain a minimum 65% on 100 questions. To study, I used only the Cisco Press Books "Cisco Internetwork Design", and followed this up with "Advanced Network Design". I also used Cisco's Self Paced Training "SNA/IP Solutions for Systems Engineers". CCO was invaluable as I also read through the document "ATM Network Design" and reviewed the overviews and specs of various ATM products since the Cisco Press books leave much of this information out. As many have stated on the list, the majority of the test centers around Network/Protocol/WAN design. The test objectives published by Cisco are an accurate representation of what is on the test. This test was "easier" than DCN as I didn't have to worry about case studies, however there wasn't as much networking theory, but much more info to recall. If you didn't read it... or don't know it... you most likely wont get the correct answer. General test taking... trying to eliminate obvious wrong answers wont help much since most of the statements or potential answers are correct, but may not relate to the question. For example... a question may be related to the distribution layer but makes accurate statements about all three layers... end result... you have to know which one fits into each layer. Now its off to CCIE Again... thanks for everyone's help. Ed Edward Moss CCNP, CCDP, CNE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FrameSwitch Lab
Hello Everyone, I am having an issue with configuring my Frame Relay Switch. This seemed to have worked before I physically moved the equipment. The reason I say this is because typing 'show frame-relay pvc' from the switch produces PVC STATUS = INACTIVE now after the move. Could my ports be damaged? Maybe I am overlooking something in my configuration. Here are the configurations I am using for my testing environment: Cisco 2503 Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname FrameSwitch ! ! frame-relay switching ! interface Ethernet0 no ip address no shutdown ! interface Serial0 no ip address encapsulation frame-relay ietf clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 100 interface serial1 101 no shutdown ! interface Serial1 no ip address encapsulation frame-relay ietf clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 101 interface serial0 100 no shutdown ! interface bri0 no ip address shutdown ! no ip classless ! ! line con 0 line aux 0 line vty 0 4 login ! end Cisco 2102 Current configuration: ! version 11.2 sevice timestamps debug datetime localtime no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname RouterA ! ! ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 192.168.2.1 255.255.255.0 encapsulation frame-relay ietf frame-relay lmi-type ansi frame-relay route map ip 192.168.3.1 100 broadcast no keepalive no shutdown ! no ip classless ! ! line con 0 line aux 0 line vty 0 4 login ! end Cisco 3102 Current configuration: ! version 11.1 service udp-small-servers service tcp-small-servers ! hostname RouterB ! ! ! interface Serial0 ip address 192.168.3.1 255.255.255.0 encapsulation frame-relay ietf frame-relay lmi-type ansi frame-relay route map ip 192.168.2.1 101 broadcast no keepalive no shutdown ! interface TokenRing0 no ip address shutdown ! no ip classless logging buffered ! line con 0 line aux 0 line vty 0 4 login ! end ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP classless/Default routes
In Todd Lammle's book for CCNA 640-407, on p. 202 he has set a default route of BOTH 172.16.40.2 and 172.16.20.1. How does one do this, just enter the IP route command as such, one right after the other (??): ip route 0.0.0.0 0.0.0.0 162.16.40.2 ip route 0.0.0.0 0.0.0.0 162.16.20.1 ??? The reason I ask is that in his book for CCNA 640-507, he states on page 253, "Default routing is used to send packets with a remote destination network not in the routing table to the next hop router. You can only use default routing on stub networks, which means that they have only one exit port out of the network." The two books seem to say contradictory things. Is it because the 507 exam is based on a different IOS? What gives? Dave Page ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
Currently the CPU usage at the central office is topping out at around 30 to 40 percent. The router itself is terminating 2 frame connections with a 256k cir burstable to 1.5meg the other 4 connections are coming in over a 7/1meg DSL connection. I believe that Cisco in, it's usual fashion, is extremely conservative in what its routers can handle. Our PIX at the office here that is terminating our 5 other VPNs is the busy one. The two main T'1 we have coming in are running around 60 to 70%. The PIX does all of the encryption for the tunnels as well as filtering our internal webserfing out of another dedicated link and routing the internal stuff between four different DMZ areas, our internal network, and the rest of the world. If it gets any busier, or we start doing and 3DES, we are going to get the DES acceleration card to move some of it off of the cpu. > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 07, 2000 10:36 AM > To: Darren Johnson; [EMAIL PROTECTED] > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > > What are you seeing in the way of CPU usage during business > hours? Are your > results along the lines of what the Cisco document I quoted is indicating? > > Also, when you say you have 6 offices terminating, I presume you are doing > frame relay. What are your port speeds and CIRs? The Cisco doc is rather > unspecific in terms of the kinds of information that would be > beneficial in > understanding the relationship of bandwidth to CPU usage. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Darren Johnson > Sent: Monday, August 07, 2000 8:07 AM > To: [EMAIL PROTECTED] > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > Also the hated ones (Nortel) have a fairly good VPN box that seems to work > ok. About the only real problem I have had with it is the > interface is GUI > only also they say they are working on a BCR (blatant Cisco > rip-off) command > line also. > As to VPN's being to cpu intensive, at our corporate office we have 6 > satellite offices that are terminating into a 2600. Of course the traffic > over those links doesn't really amount to that much and it is > only DES. At > our site we have a total of 5 DES vpns terminating into a PIX and it is > running fine. Once again though if we were doing 3DES I would > want to find > some sort of hardware accelerator or way to offload the encryption off of > the CPU. > Just my .02 > Darren > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Chuck Larrieu > > Sent: Monday, August 07, 2000 9:40 AM > > To: Robert Hanley; [EMAIL PROTECTED] > > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > > > > > Since this is a Cisco list, Robert, the least you could have > done is name > > the Cisco CVPN ( formerly Altiga ) boxes! :-> > > > > Say, where you been? Haven't seen your name here in several > > months. Good to > > hear from you. I'm still eating my blueberries! :-> > > > > Other dedicated VPN boxes include VPNet ( www.vpnet.com ) and Checkpoint > > makes a pretty good one, particularly when running on the Nokia hardware > > platform ( www.checkpoint.com ) > > > > And yes I concur. Customers continue to say to me "I have and > > existing Cisco > > router. Can't we just use that for our VPN?" And I always > > respond "you sure > > can. But you won't like what happens!" When designing a VPN, the > > temptation > > is great to try to be cheap. And with VPNs particularly, it can > > end up being > > a LOT more expensive in the long run. > > > > Keep in touch, Robert. Your insight is welcome and missed. > > > > Chuck > > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > > Robert Hanley > > Sent: Monday, August 07, 2000 12:06 AM > > To: Chuck Larrieu; [EMAIL PROTECTED] > > Subject:Re: VPN 3DES ON 2MB Link with 25XX > > > > With respect for the fact that this is a cisco list I > > would still like to point out that it is precisely > > because of the cpu intensive nature of crypto that the > > most popular solution is not a router per se but a > > dedicated VPN box such as the Nortel Contivity. > > > > For the curious: > > http://www.nortelnetworks.com/products/01/contivity/doclib.html > > > > In the same vein I must point out that it is the > > central cpu cisco router architecture and top down > > nature of IOS that makes any kind of additional > > processing problematic. Other router architectures > > that utilize distributed processing can handle these > > additional chores much more gracefully. > > > > Chuck...any guess as to where I wound up working ? > > > > > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > > > Have fiannly gotten around to printing out the IPSec > > > Design Guide published > > > on the Cisco site. > > > > > > > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/i > > pse
passed CCIE R&S written
Hi, everybuddy: Just want to let all of you know that I passed CCIE written the first try today with a score of 75%, although not skyhigh, but I'm happy It's behind me now, from now on I can focus on my LAB prep. ^_^ My test software crashed once during my test, lucky thing I didn't lose the test and all the answers I entered was still there. I think I was relaxed during the test, that's really important for such a test as the stress and 100 questions would overwhelm you if you get nervous. I finished the whole test with only 5 mins left, but I didn't feel rushed coz I was trying to make sure I gave the right answers as I proceeded, just as what I did with all the CCNP tests, hehe Somehow I feel the Internetwork Technology handbook was not very useful because it dose not provide the depth needed for passing CCIE written. I think the test is a good and fair one because it test your "network common sense" or ability to apply basic concepts into networking senarios, not just test your knowledge based on remembering stuff or certain facts. So try to establish a logical "networking common sense" is my suggestion, trying to really understand networking is important because that's exactly what Cisco is trying to test in their written and Lab exams. Books I read and found useful: Routing TCP/IP by Jeff Dole, I love this book, I should call it a Routing bible! Cisco Lan Switching by Kenndy Clark, Switching Bible! Internet Routing Archetecture by Bassam Halabi, great and fun book on BGP! CCNP series: ACRC, CIT, BCRAN. White papers about Token ring, Bridging. Internetwork Technology handbook, good for looking up something you never heard of. Plus anything you find youself are weak on when taking a simulated test. That's about it, thanks for everyone who had offered me help from CCNA to CCNP, and now CCIE written. I do love this list because it not only provides good information about test prepration, but also gives me motivation and confidence to face tough task. Special thanks to Priscilla Oppenheimer, she gave me the encouragement in one of her postings(an old posting regarding CCIE written), I finally decided to book the test. Now, Heading on to the LAB, any comments and suggestions from you Cisco Gurus? Anything about LAB prep is greatly appreciated! Good luck to all of us!!! Daniel Ji. CCNP 2.0, CCIE written, CCIE Lab not scheduled yet. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Thanks for the help, DHCP over WAN
Ladies and Gentleman, Thank you all for the info on DNCP over a WAN Link. It worked like a charm. Now my next goal is to set it up for our internal networking using VLANs. I have included the important parts of the router config for anyone else that would like to set it up. Thanks again everyone. Global commands ip bootp server ip dhcp-server xxx.xxx.xxx.xxx(ip address of your DHCP server) int e0 or e0/0 ip address xxx.xxx.xxx.xxx XXX.XXX.XXX.XXX ip helper-address xxx.xxx.xxx.xxx(DHCP Server) As far as the DHCP server, I am using Windows NT, and our systems engineer set that up, scope 10.xxx.xxx.100 - 10.xxx.xxx.199and he said it will automatically only answer to an address on that network i.e. the router interface. Patrick Stiever Communications Engineer 24 Hour Fitness (760) 918 4459 [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: --- Not own broadcast
What the heck. I'll throw in my two cents. I think the answer is "none of the above". :-) Here are the steps I think would happen: 1) .18 host checks if 192.168.1.255 is on local subnet. It is not. So, 2) .18 host sends packet to proper gateway. Assume there's only one gateway defined (R1) for .18 and it's a default for all traffic. .18 forwards the IP packet to R1's interface on the 192.168.1.16/29 subnet. Note this is done using unicast ethernet forwarding. .18 has no clue that .255 may represent a broadcast address on some other remote subnet. Thus, no hosts on the .16/29 network would receive this as a broadcast frame. 3) R1 receives frame, extracts the IP packet and sees the destination is for 192.168.1.255. R1 sees that this IP address falls within the subnet defined on its R1-R2 interface. 4a) If broadcast forwardng is enabled on R1's R1-R2 interface, the packet is queued onto the R1-R2 interface. Before the packet is forwarded, the destination IP address (192.168.1.255) in the packet is changed to 255.255.255.255 (the default physical IP broadcast address) 4b) All devices (basically just R2) on the R1-R2 subnet receive the packet. Unless R2 has some form of bridging enabled, the 255.255.255.255 packet does not get forwarded to any other interfaces/subnets. 5) If broadcast forwarding is not enabled on R1's R1-R2 interface, the packet would get dropped by R1. I didn't realize a directed broadcast was converted into an interface specific IP broadcast address (default is the all ones broadcast address [255.255.255.255]) when the physical broadcast translation occurs. I had instead throught the packet would maintain its IP dst of the subnet broadcast address and appear on the wire with the broadcast ethernet destination address... But the mapping to the specified IP broadcast address (255.255.255.255) is what's suggested in the CCO docs and that's what I'm see in my lab... Which, if true, is interesting in that when overlaying multiple logical subnets on a network, one would lose the subnet broadcast information and all clients would have to process the now broadcast IP packet. That is, a client would receive the ethernet broadcast, extract the IP packet, and now see 255.255.255.255 as the dst. If the dst IP address remained the directed subnet broadcast, one could still broadcast to just the target set of clients (those on that subnet). Brian -Original Message- From: Bob Vance [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 05, 2000 10:15 AM To: CISCO_GroupStudy List (E-mail) Subject: RE: --- Not own broadcast I found this question interesting. Maybe, I missed it, but I'm surprised that there wasn't more discussion on this one. > 192.168.1.16/29 - R1 - 192.168.1.32/29 >| >|192.168.1.252/30 >| > 192.168.1.48/29 - R1 - 192.168.1.64/29 > >node at address 192.168.1.18 sends a packet to address > 192.168.1.255. >which node or nodes will receive the packet? > a) All nodes on all subnetworks > b) Only the node at address 192.168.1.255 > c) Only the nodes on subnetwork 192.168.1.16 that have broadcast reception >enabled > d) All nodes on subnetwork 192.168.1.16 > e) All nodes on subnetworks 192.168.1.16, 192.168.1.32, and 192.168.1.48 My answer is D. The question says nothing about *accepting* the packet, so it's reduced to a routing question: Onto which segments, if any, will the routers send this packet? I believe that the question, as stated, doesn't have enough information to be answered absolutely (but, then which ones do ;>). Certainly, all nodes on the local segment, 192.168.1.16, will receive the packet (whether or not they accept the packet is entirely another question, although we hope that the author understands the distinction |>) So, D) could be a correct answer. B is out, since it is at a minimum a subnet broadcast address, not a specific node address. E and C (Let's leave out the question of, "...what the meaning of "is", is." ) are also right out. So, we are left with whether A is correct. Under classful rules, with subnet prefix length /29, the address 192.168.1.255 is host 7 on subnet 192.168.1.248/29. This 7/-3 is a subnet broadcast address, -1. In addition, 248/5 is the -1 subnet. So we have the address: network=192.168.1 subnet=-1 host=-1 . This is supposed to be *recognized* as an "all-subnets" broadcast by hosts and must be accepted (RFC1122) by all hosts in all subnets of 192.168.1.0/24 network. But, again, but this is irrelevant to the question of who *receives* the packet. Under classless rules, the address 192.168.1.255 is simply host 7 on network prefix 192.168.1.248/29. Thus, this would simply be a directed broadcast. The question is what will R1 (and R2) do with the packet? At least two questions remain for the diagram: . are the routers configured to forward directed subnet broadcasts? . do th
Re: CATM score 951
what book did you use? ""Sean Wu"" <[EMAIL PROTECTED]> wrote in message 8mnbkj$p0f$[EMAIL PROTECTED]">news:8mnbkj$p0f$[EMAIL PROTECTED]... > It was easy, and it even allows mark. I took CATM class from Jul 24-28, and > then my boss asked me to be on-call 24x7 for a week until 8/4. Read course > materials for the whole weekend. Took exam this afternoon. Everything you > need is in the course materials. Not many real commands, mostly theory. > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
What are you seeing in the way of CPU usage during business hours? Are your results along the lines of what the Cisco document I quoted is indicating? Also, when you say you have 6 offices terminating, I presume you are doing frame relay. What are your port speeds and CIRs? The Cisco doc is rather unspecific in terms of the kinds of information that would be beneficial in understanding the relationship of bandwidth to CPU usage. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darren Johnson Sent: Monday, August 07, 2000 8:07 AM To: [EMAIL PROTECTED] Subject:RE: VPN 3DES ON 2MB Link with 25XX Also the hated ones (Nortel) have a fairly good VPN box that seems to work ok. About the only real problem I have had with it is the interface is GUI only also they say they are working on a BCR (blatant Cisco rip-off) command line also. As to VPN's being to cpu intensive, at our corporate office we have 6 satellite offices that are terminating into a 2600. Of course the traffic over those links doesn't really amount to that much and it is only DES. At our site we have a total of 5 DES vpns terminating into a PIX and it is running fine. Once again though if we were doing 3DES I would want to find some sort of hardware accelerator or way to offload the encryption off of the CPU. Just my .02 Darren > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Monday, August 07, 2000 9:40 AM > To: Robert Hanley; [EMAIL PROTECTED] > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > > Since this is a Cisco list, Robert, the least you could have done is name > the Cisco CVPN ( formerly Altiga ) boxes! :-> > > Say, where you been? Haven't seen your name here in several > months. Good to > hear from you. I'm still eating my blueberries! :-> > > Other dedicated VPN boxes include VPNet ( www.vpnet.com ) and Checkpoint > makes a pretty good one, particularly when running on the Nokia hardware > platform ( www.checkpoint.com ) > > And yes I concur. Customers continue to say to me "I have and > existing Cisco > router. Can't we just use that for our VPN?" And I always > respond "you sure > can. But you won't like what happens!" When designing a VPN, the > temptation > is great to try to be cheap. And with VPNs particularly, it can > end up being > a LOT more expensive in the long run. > > Keep in touch, Robert. Your insight is welcome and missed. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Robert Hanley > Sent: Monday, August 07, 2000 12:06 AM > To: Chuck Larrieu; [EMAIL PROTECTED] > Subject: Re: VPN 3DES ON 2MB Link with 25XX > > With respect for the fact that this is a cisco list I > would still like to point out that it is precisely > because of the cpu intensive nature of crypto that the > most popular solution is not a router per se but a > dedicated VPN box such as the Nortel Contivity. > > For the curious: > http://www.nortelnetworks.com/products/01/contivity/doclib.html > > In the same vein I must point out that it is the > central cpu cisco router architecture and top down > nature of IOS that makes any kind of additional > processing problematic. Other router architectures > that utilize distributed processing can handle these > additional chores much more gracefully. > > Chuck...any guess as to where I wound up working ? > > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > > Have fiannly gotten around to printing out the IPSec > > Design Guide published > > on the Cisco site. > > > > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/i > psecur/ips > > ec/tech/ > > watch the word wrap > > need a CCO login to get there > > > > rather interesting publication, with 15 pages on > > IPSec, 27 pages on design > > considertions, and over 370 pages of case > > studies/configurations! > > > > the relevant protion to this conversation is the > > design guide, which does > > talk about performance, memory usage, and processor > > impact. The information > > presented is not a complete as I would hope, but it > > is indicative. > > > > for example, using a 16xx router, and a 125K > > clockrate on a back to back > > serial link, a file transfer that took 10 minutes > > with no encryption took > > only 18 seconds longer using IPSec. CPU usage was at > > 29% on average during > > the tests. ( The publication states that "the same > > test was run several > > times and the times were averaged together") > > > > Although there are several charts measuring > > bandwidth % used with different > > size packets on several router platforms, I am > > disappointed to find that > > this presentation is not particularly detailed, nor > > particularly rigorous. > > > > One chart compares performnce in megabits per second > > of several routers, one > > of which is a 2514 ( no 2501's ). Said router > > without encryption perfermed >
RE: Editing ACL's
See if you can start using "prefix-list"s as you can change particular lines of code without taking out the whole prefix-list. (just space out your "seq" as you need to leave enough room for growth and editing) You can also start using extended access-lists, certain IOS(12?) versions allow you to edit lines of an exteneded access-list. Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McCallum, Robert Sent: Tuesday, August 08, 2000 1:13 AM To: 'David Jones'; 'STRAND Scott'; [EMAIL PROTECTED] Subject: RE: Editing ACL's I follow this rule all the time too. BUT I have never been cut off when deleting the existing access-list. I do it remotely all the time! -Original Message- From: David Jones [mailto:[EMAIL PROTECTED]] Sent: 07 August 2000 15:46 To: 'STRAND Scott'; [EMAIL PROTECTED] Subject: RE: Editing ACL's Typically what I do, is do a wri t, copy the acl's to notepad, edit the lines that I want to change, copy that to the clipboard, on the router, say 'no access-list xxx', then edit and paste. Just keep in mind that if you are accessing it remotely and removing the entire access-list will cut your connection, you will either need to be local on the console either physically or via modem. Dave -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 9:51 AM To: [EMAIL PROTECTED] Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CATM score 951
It was easy, and it even allows mark. I took CATM class from Jul 24-28, and then my boss asked me to be on-call 24x7 for a week until 8/4. Read course materials for the whole weekend. Took exam this afternoon. Everything you need is in the course materials. Not many real commands, mostly theory. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX versus Firewall-1 comparison
Checkpoint is an OK firewall and is actually an excellent firewall when run off of Nokia's IP400 series. I definitely wouldn't use it on NT since I hate Windows as it is and under Sun is the choice out of Sun, NT, or AIX. As for Cisco Pix that too is pretty nice and the only reason I would go with it at this point in time would be the fact that their has been fewer security advisories regarding the product. One benefit over Pix that Checkpoint has is its not hardware based which means if your server dies... Its dead... Go buy another PIX, Checkpoint... Just plop in the CD and your in business. /* my two cents */ --Original Message-- From: "Oz" <[EMAIL PROTECTED]> To: "cisco GroupStudy" <[EMAIL PROTECTED]> Sent: August 7, 2000 3:48:13 PM GMT Subject: Re: PIX versus Firewall-1 comparison Yup thats about what I found playing with both And checkpoint has some nice features and does dubbuging for you . And lot cheaper to play around on a NT box AIX SUN than a PIX box.. Oz 1) Cisco PIX is far superior in terms of throughput. 2) Checkpoint GUI / management, particularly of multiple security domains, multiple firewalls, and policy management, is far superior to anything Cisco has. 3) Both companies maintain that their product is superior in terms of general firewall features and functionality. Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Software Based Traffic Generator
try www.shunra.com ""Timothy Harkin"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am looking for a software based traffic generator. Any suggestions, > comments, warnings, etc.TIA > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ECP1 enyone taken ?
Hi list I am putting together the plan of attack on passing the R/S lab, I have quite a lab at work and can work most of the labs on my own, however, I would like to take a training when I am about ready to reinforce and hard code the approaches to the labs. Basically I wish to have some training similar to a real thing, and know it all mentor that will ensure I know all I need to know and will asses my readiness. If there is a gentelman or a lady who took Carslow's ECP1 or has better suggestins can you, please, voice you opinion. Some people at work took the ANEW I and II with Global Knowledge, but I think I can do these on my own. Appreciate any help, Anna ___ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UK2USA
Try the big cities like Chicago, LA, San Jose, Texas, Dallas, although I don't live in any of these cities, just by visiting, I think LA is pretty nice. I just moved from Chicago and the job market there is pretty big. You'll have to endure the cold winter though which sucks. ""Stephen Skinner"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys, > Your help is required. > I am sick to the back teeth with the UK and want out! > > any advise on where to go ,moving over,places with good job ops. > or anything else. > > Thanks in advance > > Steve Skinner > > MCSE ,CCNA ,CCDA ,PSS ,ACT ,CLS > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
Just depends on the access-list. I've had to have a user reboot the router for me ONCE. I learned my lesson to check the list out before I make that kind of change. Dave -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 11:13 AM To: 'David Jones'; 'STRAND Scott'; [EMAIL PROTECTED] Subject: RE: Editing ACL's I follow this rule all the time too. BUT I have never been cut off when deleting the existing access-list. I do it remotely all the time! -Original Message- From: David Jones [mailto:[EMAIL PROTECTED]] Sent: 07 August 2000 15:46 To: 'STRAND Scott'; [EMAIL PROTECTED] Subject: RE: Editing ACL's Typically what I do, is do a wri t, copy the acl's to notepad, edit the lines that I want to change, copy that to the clipboard, on the router, say 'no access-list xxx', then edit and paste. Just keep in mind that if you are accessing it remotely and removing the entire access-list will cut your connection, you will either need to be local on the console either physically or via modem. Dave -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 9:51 AM To: [EMAIL PROTECTED] Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Telnet Question....from the Sybex text
Actually, I think the question meant: What is the 1st line of command you should enter to assign the telnet password bob. hence, "line vty 0 4" I just checked the book. Hope this helps. If it was phrased the way you thought it was, then your answer is correct. ""Chuck"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know that this is a trivial question, but I want to see that I get these > questions and commands down pat. The Sybex CCNA 2.0 Study Guide text poses > this question. > > Q."How do you only set your Telnet line 1 to a password of bob?" > > A. A. line vty 0 1 > Login > Password bob > > B. line vty 0 4 > Login > Password bob > > C. line vty 1 > Login > Password bob > > D. line vty 1 > Password bob > Login > > I answered with "C". The text says "B". The question asks for the telnet > passwrod of "only" line 1. I checked the errata. I agree that B would set > the password, but for lines 0-4 inclusive. Wouldn't "C" be the more correct > answer? > > Thanks, > Chuck > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pls help me on the 5505 back bone switch and access list question
Dear Friends, I have some question on 5505 back bone switches, pls help me 1)I received 2 configuration file of the 5505 switch from my tokyo counterpart. One of them is show A 5505#sh conf another is B 5505> (enable) sh conf which one is the correct syntax to show the configuration file? and two of them giving different output. 2)Whether the 5505 have 2 module? For the two conf files, For A, the conf is like interface Vlan1 ip address 57.198.45.251 255.255.255.0 For B, the conf is like #ip set interface sc0 1 57.198.45.252 255.255.255.0 Which one is correct? 3)what is the difference among access-list 100 deny ip x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255 access-list 100 deny tcp x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255 access-list 100 deny icmp x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255 if I deny ip , will it deny the tcp and udp as well? 4)For the configuration below, router rip network 57.0.0.0 ! no ip classless whether the default route can work?? ip route 0.0.0.0 0.0.0.0 59.198.28.76 &&& Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UK2USA
Guys, Your help is required. I am sick to the back teeth with the UK and want out! any advise on where to go ,moving over,places with good job ops. or anything else. Thanks in advance Steve Skinner MCSE ,CCNA ,CCDA ,PSS ,ACT ,CLS Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: remove olden.pieterse@dns.co.za from mailing list
You can it yourself by going to www.groupstudy.com. -- Regards, --- Marco Paulo Rodrigues Unix Administrator Axxent Corporation Email: [EMAIL PROTECTED] CompTia: A+, Network+, i-Net+ Cisco: CCDA --- "Virtually All Internet Porno flows through the systems of one company. Cisco Systems. Imporning the Internet Generation." - Marco Rodrigues '99 On Mon, 7 Aug 2000, Olden Pieterse wrote: > Hi there > Please stop sending messages to [EMAIL PROTECTED] > > Not to fear , I will be subscribing in a day or two from my new work mail > address . > > Regards > Olden > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
remove olden.pieterse@dns.co.za from mailing list
Hi there Please stop sending messages to [EMAIL PROTECTED] Not to fear , I will be subscribing in a day or two from my new work mail address . Regards Olden ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBT Training Options - Forefront
Besides, I think ForeFront (now SmartCertify) sales guys are TOO PUSHY AND PERSISTENT - they kept calling me repeatedly inspite of the fact that I got really annoyed with them and clearly asked them never to call me again and that I'm NOT interested at all in their product any more. I write this to the group so that everyone thinks twice before leaving their name/address/phone number/e-mail on their web site before downloading the demos - earlier today I was woken up by the same over-zealous sales guy from Forefront and it wasn't the first time grrr ("Oh, I was wondering if you're still interested in the CCNA CBT NO, I'M NOT - REPEAT - NOT INTERESTED IN THE DAMN CCNA CBT FROM YOUR COMPANY.. NOW WHAT PART OF THAT DON'T YOU UNDERSTAND ???") The sales tactics used : The list price of the CCNA CBT is $1800, but they'll give you all kinds of discounts (bring the price down to about $1200 or so), and if you express your inability to buy an expensive CBT product (which isn't worth the money, imho, going by the demo I downloaded), they will try to sell you all kinds of installment plans to sell you the CBT, throw in freebies (buy CCNA 1.0 now and we'll throw in CCNA 2.0/ICND for free)... anything to make you buy! CAVEAT EMPTOR My $0.02 worth... :-) Bharat Suneja ""Guyler, Rik [EESUS]"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have to agree here. My company purchased the ForeFront CCNA CBT last year for my training. The cost was $1800 (US), which also included ACRC. While not bad for an overview, there were gaps left open in the end. What I did find useful was the visualization that the CBT provided. I used the books to get the complete coverage of the material and then the CBT for visualization of some of the more complex topics. All in all, however, I don't think I would waste that much money again for CBTs. I passed my next 3 CCNP tests with only books and resources from the web (well, this group too, of course!) and found this method, while somewhat lengthier, to be more complete. If time is critical, take the class and get it over with. You'll get class materials to continue your studies as well as an instructor to answer questions all day long (hopefully). Good luck! Rik -Original Message- From: Marshal Schoener [SMTP:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 4:44 PM To: 'Montgomery, Robert WARCOM Contractor'; CiscoGroupstudy Subject:RE: CBT Training Options (CCNP) I had the one for the CCNA. I really didn't like it much... It had some good info, but it's too slow. Too much clicking for the next screen and stuff :-) I just can't stand the format, I would rather read a book. If you can't take the actual class, buy a few good books :-) -Original Message- From: Montgomery, Robert WARCOM Contractor [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 1:02 PM To: CiscoGroupstudy Subject: CBT Training Options (CCNP) I've been battling it out with a local company here in San Diego to begin night classes geared towards CCNP. But thus far they're sticking to their day only schedule. They've instituted that e-learning program but still, if you can't get the time off to go to their site, you also can't get the time to sit at work and do it. This leads me to ask if anyone knows about good CBT training that covers the tests for CCNP? ___ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBT Training Options (CCNP)
Besides, I think ForeFront (now SmartCertify) sales guys are TOO PUSHY AND PERSISTENT - they kept calling me repeatedly inspite of the fact that I got really annoyed with them and clearly asked them never to call me again and that I'm NOT interested at all in their product any more. I write this to the group so that everyone thinks twice before leaving their name/address/phone number/e-mail on their web site before downloading the demos - earlier today I was woken up by the same over-zealous sales guy from Forefront and it wasn't the first time grrr ("Oh, I was wondering if you're still interested in the CCNA CBT NO, I'M NOT - REPEAT - NOT INTERESTED IN THE DAMN CCNA CBT FROM YOUR COMPANY.. NOW WHAT PART OF THAT DON'T YOU UNDERSTAND ???") The sales tactics used : The list price of the CCNA CBT is $1800, but they'll give you all kinds of discounts (bring the price down to about $1200 or so), and if you express your inability to buy an expensive CBT product (which isn't worth the money, imho, going by the demo I downloaded), they will try to sell you all kinds of installment plans to sell you the CBT, throw in freebies (buy CCNA 1.0 now and we'll throw in CCNA 2.0/ICND for free)... anything to make you buy! CAVEAT EMPTOR My $0.02 worth... :-) Bharat Suneja ""Guyler, Rik [EESUS]"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have to agree here. My company purchased the ForeFront CCNA CBT last year for my training. The cost was $1800 (US), which also included ACRC. While not bad for an overview, there were gaps left open in the end. What I did find useful was the visualization that the CBT provided. I used the books to get the complete coverage of the material and then the CBT for visualization of some of the more complex topics. All in all, however, I don't think I would waste that much money again for CBTs. I passed my next 3 CCNP tests with only books and resources from the web (well, this group too, of course!) and found this method, while somewhat lengthier, to be more complete. If time is critical, take the class and get it over with. You'll get class materials to continue your studies as well as an instructor to answer questions all day long (hopefully). Good luck! Rik -Original Message- From: Marshal Schoener [SMTP:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 4:44 PM To: 'Montgomery, Robert WARCOM Contractor'; CiscoGroupstudy Subject:RE: CBT Training Options (CCNP) I had the one for the CCNA. I really didn't like it much... It had some good info, but it's too slow. Too much clicking for the next screen and stuff :-) I just can't stand the format, I would rather read a book. If you can't take the actual class, buy a few good books :-) -Original Message- From: Montgomery, Robert WARCOM Contractor [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 1:02 PM To: CiscoGroupstudy Subject: CBT Training Options (CCNP) I've been battling it out with a local company here in San Diego to begin night classes geared towards CCNP. But thus far they're sticking to their day only schedule. They've instituted that e-learning program but still, if you can't get the time off to go to their site, you also can't get the time to sit at work and do it. This leads me to ask if anyone knows about good CBT training that covers the tests for CCNP? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan with access list problem on my 5505 back bone switch pls help
1. If you are trying to block access to both of the rsms then yes. 2. In the HSRP statment the highest priority will be the active gateway. in this case Router A will be the active gateway. In your config you show both with priority 100. Pick which router you want to be active and set its priority High. 3. Since A is the active gateway all outbound traffic will exit at A. Inbound traffic is tricky. If load balancing is enabled then the traffic could come in both. If the packet comes in on the B router on its way to A, B will not send it to A but place it directly on the 57 network. My Question are > 1)The Vlan2 span accross two switches, should they > used the same > access-list? > > 2)switch B has standby 1 priority 100, and switch A > has standby 1 > priority 110, what does it mean? > > 3)Can traffic from 57.198.171.0 network pass thru > switch B or A? --- Chee Tong Sim <[EMAIL PROTECTED]> wrote: > Dear friends, > > I have Vlan with access list problem on my 5505 back > bone switch, Pls > help me. > > Conf shown below > > 5505 switch A > ## > interface Vlan2 > ip address 57.198.170.251 255.255.255.0 > ip broadcast-address 57.198.170.255 > ip access-group 100 in > no ip redirects > standby 1 priority 100 > standby 1 preempt > standby 1 ip 57.198.170.250 > ! > access-list 100 deny ip 57.198.170.0 0.0.0.255 > 57.198.171.0 0.0.0.255 > access-list 100 deny icmp 57.198.170.0 0.0.0.255 > 57.198.171.0 0.0.0.255 > access-list 100 permit ip any any > > 5505 switch B > ## > interface Vlan2 > ip address 57.198.170.253 255.255.255.0 > ip broadcast-address 57.198.170.255 > ip access-group 2 out > ip helper address 57.198.45.0 > no ip redirects > standby 1 priority 100 > standby 1 preempt > standby 1 ip 57.198.170.250 > ! > access-list 2 deny 57.198.171.0 0.0.0.255 > access-list 2 permit any > ### > > My Question are > 1)The Vlan2 span accross two switches, should they > used the same > access-list? > > 2)switch B has standby 1 priority 100, and switch A > has standby 1 > priority 110, what does it mean? > > 3)Can traffic from 57.198.171.0 network pass thru > switch B or A? > > > > Thannk you > > > > > > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > = William Swedberg CCNP CCDP __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fw: Cisco Prerequisites
- Original Message - From: "Adedapo Ola" <[EMAIL PROTECTED]> To: "Howard C. Berkowitz" <[EMAIL PROTECTED]> Sent: Monday, August 07, 2000 3:56 PM Subject: Re: Cisco Prerequisites > Point well understood. I have been reading through the basics of networking > and can frankly say, knowledge is bliss. > Sure I already know about a bit about networking, but it's amazing how much > can be acquired through reading since I have always been a more practical > i.e hands on , than theory type person. > As far as NT is concerned, I have toyed with it a lot and being that I have > not read up on troubleshooting the registry and solving blue screen issues, > I can't quite call my self the expert on it, but if getting an MCSE title is > what is required, hey, I'm all game. > When I started out in becoming a computer Engineer, I had no idea what this > meant, but in my last year I now realise that I don't want to be designing > FPGA's or debugging code. Plus, the industry still requires you to get all > these other certifications in addition to that, so what have I been doing in > school all these years then.? > But, my interests lie in cisco. I can sit in front of a terminal for 24 > hours without a flinch if given a command line interface and a donut and I > can almost gaurantee success before I leave. Now, unfortunately, I can't say > the same of NT, hence Linux has become my toy. > > But, since one has to make sacrifices, I'll get the MCSE and the CCNA and > hopefully get a job with a firm that at least exposes me to routers and pray > to God It all happens before the end of September to be able to meet all my > deadlines. > > Okay, I will take all the flames now positively, after all that's what > menthors are for. Thanks Adedapo > > - Original Message - > From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 07, 2000 2:01 PM > Subject: Re: Cisco Prerequisites > > > > >SNIP > > >" everyone seemed to at least have an MCSE before attempting the cisco > > >route. Is this highly essential to succeed? " > > >SNIP > > > > Let's see...I can set the IP parameters on a Windows host. I have a > > reasonable understanding of the traffic effects. System > > administration on Windows? Nahhh. > > > > UNIX, MacOS, IBM MVS, VMS, sure, as well as assorted real-time code. > > Really Obscure Things like IBSYS, EXEC 8, IBM 1130 Disk Monitor, > > AHS-11, IBM 360 DOS, PRIMOS, etcyep. > > > > Somehow, I have managed to eke out a networking existence. > > > > > > > > > > > >No, I dont believe it is highly essential... however, I believe most that > > >working in the Networking Infrastructure area have been brought up > through > > >the LAN/Server Administration area. > > > > > >MCSEs should have a better understanding of the associated Windows > > >protocols. The same is true CNEs, they should have a better understanding > of > > >the Novell networking model and protocols. > > > > > >It boils down to experiance not letters or certifications. Just like > > >anything else, you can work through the Cisco certifications with > dedication > > >and commitment, but experience will make this much easier to relate to. > > > > > >Ed > > > > > >Edward Moss > > >CCNP, CCDP, CNE > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rent a CCIE lab Kit
www.ccbootcamp.com BEST ONLINE RACK around. Not to mention his labs are fabulous! -Brad Ellis CCIE#5796 "timand" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > Does anyone know a company who rents a rack of routers for studing > for the ccie lab? > > Thanks > -- > Andrea Timpanaro > CCNP > Email: [EMAIL PROTECTED] > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MCNS (v2.0) questions
In a message dated 8/7/00 3:30:02 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: << Haven't taken the exam but there's an outline for the MCNS course on the Cisco site. http://www.cisco.com/pcgi-bin/front.x/wwtraining/course_description.pl?Course= TRN-MCNS&Version=2.0&From=Network_Management watch the word wrap Karen E Young Network Engineer ELF Technologies, Inc [EMAIL PROTECTED] >> OK, I've tried not to ask this for a long time but it's really starting to drive me crazy!!! what is this "word wrap". Whenever I go to cisco's site from a post like this I try to look for something unusual, hoping that it will be this "word wrap". But I haven't seen it yet. Could someone please fill me in... Mark Zabludovsky ~ CCNA, CCDA [EMAIL PROTECTED] If the automobile had followed the same development as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year killing everyone inside. ~Robert Cringely, InfoWorld~ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Subject
__ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
study material
Looking for the following cisco course material: (1) AS5200 configuration and installation (2) MCNS - Managing Cisco Network Security ..if you have them and are willing to trade or anything please get in touch with me @ [EMAIL PROTECTED] i have a lot of study material, let me know what you are looking for. thanks, jay. __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Prerequisites
most networks (small and medium size business/networks) use NT. So mcse is good to have, especially if your new in the field. In the MCSE course they'll tell u a bit about networking, ie packets, frame headers and suchput it this way, if u dident know that sorta stuff, and when u take the ICND courseyou'll get completely blown away, b/c ICND crams everything in your head for 1 week straightand by mid 3rd dayyour brainand i dont care if you were working as a mr. big shot A+ techy from some computer shop for 5 years!!!..lol.you'll still get blown away!!..so yay MCSE go for it!!!..=) p.s., im not really a BIG Microsucki mean Microsoft fanbut hey...its graphic friendly with users! my 1.4242343 cents Deepak Sharma MCSE CCNA ACT A+ Computer Dude =b Ceridian Canada "Howard C. Berkowitz" wrote: > >SNIP > >" everyone seemed to at least have an MCSE before attempting the cisco > >route. Is this highly essential to succeed? " > >SNIP > > Let's see...I can set the IP parameters on a Windows host. I have a > reasonable understanding of the traffic effects. System > administration on Windows? Nahhh. > > UNIX, MacOS, IBM MVS, VMS, sure, as well as assorted real-time code. > Really Obscure Things like IBSYS, EXEC 8, IBM 1130 Disk Monitor, > AHS-11, IBM 360 DOS, PRIMOS, etcyep. > > Somehow, I have managed to eke out a networking existence. > > > > >No, I dont believe it is highly essential... however, I believe most that > >working in the Networking Infrastructure area have been brought up through > >the LAN/Server Administration area. > > > >MCSEs should have a better understanding of the associated Windows > >protocols. The same is true CNEs, they should have a better understanding of > >the Novell networking model and protocols. > > > >It boils down to experiance not letters or certifications. Just like > >anything else, you can work through the Cisco certifications with dedication > >and commitment, but experience will make this much easier to relate to. > > > >Ed > > > >Edward Moss > >CCNP, CCDP, CNE > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- \\|// (o o) oOOo-(_)-oOOo *@ bcz finest @* ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Vlan with access list problem on my 5505 back bone switch pls help
Dear friends, I have Vlan with access list problem on my 5505 back bone switch, Pls help me. Conf shown below 5505 switch A ## interface Vlan2 ip address 57.198.170.251 255.255.255.0 ip broadcast-address 57.198.170.255 ip access-group 100 in no ip redirects standby 1 priority 100 standby 1 preempt standby 1 ip 57.198.170.250 ! access-list 100 deny ip 57.198.170.0 0.0.0.255 57.198.171.0 0.0.0.255 access-list 100 deny icmp 57.198.170.0 0.0.0.255 57.198.171.0 0.0.0.255 access-list 100 permit ip any any 5505 switch B ## interface Vlan2 ip address 57.198.170.253 255.255.255.0 ip broadcast-address 57.198.170.255 ip access-group 2 out ip helper address 57.198.45.0 no ip redirects standby 1 priority 100 standby 1 preempt standby 1 ip 57.198.170.250 ! access-list 2 deny 57.198.171.0 0.0.0.255 access-list 2 permit any ### My Question are 1)The Vlan2 span accross two switches, should they used the same access-list? 2)switch B has standby 1 priority 100, and switch A has standby 1 priority 110, what does it mean? 3)Can traffic from 57.198.171.0 network pass thru switch B or A? Thannk you Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MCNS (v2.0) questions
Haven't taken the exam but there's an outline for the MCNS course on the Cisco site. http://www.cisco.com/pcgi-bin/front.x/wwtraining/course_description.pl?Course=TRN-MCNS&Version=2.0&From=Network_Management watch the word wrap Karen E Young Network Engineer ELF Technologies, Inc [EMAIL PROTECTED] "Robert Good" tmail.com> cc: Sent by: Subject: MCNS (v2.0) questions nobody@groups tudy.com 08/07/00 10:56 AM Please respond to "Robert Good" Hi, I've been asked to do the MCNS (v2.0) exam 640-422 on Wednesday. There are no exam guidelines on the training web-site. Any of you folks out there sat the test yet? Can you give me pointers on which areas to focus. Also, does anyone know what the pass mark is and whether the test is adaptive? Thanks Bob [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: If u had to take one class
Likelihood of passing without ECP1? 10-20% first time is average. With ECP1, maybe 30 or 40 given good prep and a favour able exam. Cost of doing test? 1000 Travel, 1000 Lab, 2000+ lost work or billing, ??? lost to concentration on test instead of work. Seems to justify an extra couple k for the course. If you can get there in 1 or 2 instead of 3 or 4 you will save considerable dollars and ECP1 is about as lifelike and intense as it gets and is highly recommended by many. Pete *** REPLY SEPARATOR *** On 8/6/00 at 11:01 PM Dennis E. Bates wrote: >Thanks, > >I checked out the link, ECP1 seems to be exactly what I am looking for. >Now the question becomes How do I sell my company on spending $3600 + travel >to prepare me so they can spend another $1000 + travel (probably more than >once) to send me to San Jose ??? > >I am sitting here filling out my training request form. This is not going to >help my managers ulcers > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Peter A van Oene >Sent: Sunday, August 06, 2000 9:32 PM >To: [EMAIL PROTECTED] >Subject: Re: If u had to take one class > > > >Prep like normal and then take Bruce Caslow's CCIE Lab prep course, Expert >CCIE Prep Class 1, or ECP1 from MentorTech. Its a little more costly than >some, but will give you the scenario practise you need. Until then, read >books and make routers do wierd things. > >Heres a link to the ECP course. > >http://www.mentortech.com/learn/desc_ECP1.shtml > >Pete > > >*** REPLY SEPARATOR *** > >On 8/6/00 at 3:33 PM Dennis E. Bates wrote: > >>Hi Group !!! >> >>Just a question. If your employer had agreed to pay for one and only one >>class to help you prepare for your CCIE lab exam (you have already passed >>your written). What class would you take and where ? I would like to use >>the money to buy equipment, but unfortunatly, thats not my call. I'm >>thinking CATM or CVOICE since, i don't get much of a chance to put my hands >>on ATM or Voip gear. But then again maybe I should reinforce the meat and >>potatoes topics like advanced OSPF or BGP ? Any suggestions as to the best >>use of the one class? >> >>Thanks, >> >>Dennis >> >> >>___ >>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >>FAQ, list archives, and subscription info: http://www.groupstudy.com >>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SERIAL is UP, but no routes to destn
Imran, I am no expert but would to put in my 0.02. Do you have logging setup on the HO router? Had the serial interface went down and came back up. Is the branch connect to any other subnet? If not, maybe you could use a static route and see what happens. But first check the log of both routers and see what had happened. Hope its helps. Albert -Original Message-From: msasif [mailto:[EMAIL PROTECTED]]Sent: Monday, August 07, 2000 8:15 AMTo: [EMAIL PROTECTED]Subject: SERIAL is UP, but no routes to destn HI, I have strange problem with one of my customer router. The users in the branch will not be able to connect to the HO for sometimes and when I checked the serial it shows (serial is up and line protocol is up) but when I gave(show ip route) I could not see the branch n/w subnet route, I could not be able to ping the ethernet ip address of the branch from HO. When I gave shutdown and no shutdown at the HO serial, I can see the branch subnet and the users can access the server. Iam using RIP. I tried changing the keepalive to 5sec but no use. Is it h/w problem, but Iam getting this very rarely(twice, sometime in a week). thanks imran
IAN
How come the only time we hear from IAN is to yell about HTML. I dont even know what that is can anybody tell me DUCK ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rent a CCIE lab Kit
You can rent lab time at www.nantech.com ..very reasonable prices :). As for physically having the equipment in your house, I doubt you'll be very pleased with the rates if you do find someone to rent from Nnanna -- www.nantech.com online lab for CCIE preparation "timand" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > Does anyone know a company who rents a rack of routers for studing > for the ccie lab? > > Thanks > -- > Andrea Timpanaro > CCNP > Email: [EMAIL PROTECTED] > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure - Original Message - From: "timand" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Monday, August 07, 2000 12:39 PM Subject: Rent a CCIE lab Kit > Hi, > Does anyone know a company who rents a rack of routers for studing > for the ccie lab? > > Thanks > -- > Andrea Timpanaro > CCNP > Email: [EMAIL PROTECTED] > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: bandwidth analysis
does anyone have a model for bandwidth forecasting based upon user classification (ie. Residential vs SOHO vs Business)? TIA. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Prerequisites
>SNIP >" everyone seemed to at least have an MCSE before attempting the cisco >route. Is this highly essential to succeed? " >SNIP Let's see...I can set the IP parameters on a Windows host. I have a reasonable understanding of the traffic effects. System administration on Windows? Nahhh. UNIX, MacOS, IBM MVS, VMS, sure, as well as assorted real-time code. Really Obscure Things like IBSYS, EXEC 8, IBM 1130 Disk Monitor, AHS-11, IBM 360 DOS, PRIMOS, etcyep. Somehow, I have managed to eke out a networking existence. > >No, I dont believe it is highly essential... however, I believe most that >working in the Networking Infrastructure area have been brought up through >the LAN/Server Administration area. > >MCSEs should have a better understanding of the associated Windows >protocols. The same is true CNEs, they should have a better understanding of >the Novell networking model and protocols. > >It boils down to experiance not letters or certifications. Just like >anything else, you can work through the Cisco certifications with dedication >and commitment, but experience will make this much easier to relate to. > >Ed > >Edward Moss >CCNP, CCDP, CNE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MCNS (v2.0) questions
Hi, I've been asked to do the MCNS (v2.0) exam 640-422 on Wednesday. There are no exam guidelines on the training web-site. Any of you folks out there sat the test yet? Can you give me pointers on which areas to focus. Also, does anyone know what the pass mark is and whether the test is adaptive? Thanks Bob [EMAIL PROTECTED]
Thanks - CID passed
Thanks to everyone in the group... I passed CID this morning which completes the CCDP track. I completed the test in one hour They provide two hours to obtain a minimum 65% on 100 questions. To study, I used only the Cisco Press Books "Cisco Internetwork Design", and followed this up with "Advanced Network Design". I also used Cisco's Self Paced Training "SNA/IP Solutions for Systems Engineers". CCO was invaluable as I also read through the document "ATM Network Design" and reviewed the overviews and specs of various ATM products since the Cisco Press books leave much of this information out. As many have stated on the list, the majority of the test centers around Network/Protocol/WAN design. The test objectives published by Cisco are an accurate representation of what is on the test. This test was "easier" than DCN as I didn't have to worry about case studies, however there wasn't as much networking theory, but much more info to recall. If you didn't read it... or don't know it... you most likely wont get the correct answer. General test taking... trying to eliminate obvious wrong answers wont help much since most of the statements or potential answers are correct, but may not relate to the question. For example... a question may be related to the distribution layer but makes accurate statements about all three layers... end result... you have to know which one fits into each layer. Now its off to CCIE Again... thanks for everyone's help. Ed Edward Moss CCNP, CCDP, CNE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Prerequisites
SNIP " everyone seemed to at least have an MCSE before attempting the cisco route. Is this highly essential to succeed? " SNIP No, I dont believe it is highly essential... however, I believe most that working in the Networking Infrastructure area have been brought up through the LAN/Server Administration area. MCSEs should have a better understanding of the associated Windows protocols. The same is true CNEs, they should have a better understanding of the Novell networking model and protocols. It boils down to experiance not letters or certifications. Just like anything else, you can work through the Cisco certifications with dedication and commitment, but experience will make this much easier to relate to. Ed Edward Moss CCNP, CCDP, CNE ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE-Qual...
hey, good luck to you in your test! knock 'em dead! Chuck -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco GroupSent: Monday, August 07, 2000 9:48 AMTo: [EMAIL PROTECTED]Subject: CCIE-Qual... Hi ! Am planning to take my CCIE-Qual exam next week...I have a few clarifications reg that..Could someone pls help me.. 1. Do we need to study VoIP & VoFr ? 2. Do we need to study VPN & IPSec ? 3. What is the passing score for the exam ?. 4. What are all the important areas to concentrate on for the exam ? If someone could help me with these info..It would be helpful.. Thanx for ur help Regards, Nandu
Free Books or T-shirts?
I haven't seen any free t-shirts or books in a while? Does anyone have any links?
CCIE-Qual...
Hi ! Am planning to take my CCIE-Qual exam next week...I have a few clarifications reg that..Could someone pls help me.. 1. Do we need to study VoIP & VoFr ? 2. Do we need to study VPN & IPSec ? 3. What is the passing score for the exam ?. 4. What are all the important areas to concentrate on for the exam ? If someone could help me with these info..It would be helpful.. Thanx for ur help Regards, Nandu
I stand corrected.
I stand corected. BPDU's are multicast and the source address is 01:80:c2:00:00:00 Sorry for the confusion. Duck
FDDI/Ring Transitioning
Could someone please explain to me (or tell me where I may be able to find info.) what "T-bid time" is pertaining to FDDI. Any help/comments are appreciated Thanks Rahul ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rent a CCIE lab Kit
Hi, Does anyone know a company who rents a rack of routers for studing for the ccie lab? Thanks -- Andrea Timpanaro CCNP Email: [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Software Based Traffic Generator
I am looking for a software based traffic generator. Any suggestions, comments, warnings, etc.TIA Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNA 2.0
Hi Can anybody tell me what is the best way to start preparing for CCNA 2.0 I have the complete material for CCNA 1.0 but at that time I could not study. Everybody says, CCNA 1.0 and 2.0 are totally different and I need to buy new books and all. I have access to a 7200 router. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX versus Firewall-1 comparison
Yup thats about what I found playing with both And checkpoint has some nice features and does dubbuging for you . And lot cheaper to play around on a NT box AIX SUN than a PIX box.. Oz 1) Cisco PIX is far superior in terms of throughput. 2) Checkpoint GUI / management, particularly of multiple security domains, multiple firewalls, and policy management, is far superior to anything Cisco has. 3) Both companies maintain that their product is superior in terms of general firewall features and functionality. Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SERIAL is UP, but no routes to destn
Can you just use a static route and see if that has any affect? Dave -Original Message-From: msasif [mailto:[EMAIL PROTECTED]]Sent: Monday, August 07, 2000 11:15 AMTo: [EMAIL PROTECTED]Subject: SERIAL is UP, but no routes to destn HI, I have strange problem with one of my customer router. The users in the branch will not be able to connect to the HO for sometimes and when I checked the serial it shows (serial is up and line protocol is up) but when I gave(show ip route) I could not see the branch n/w subnet route, I could not be able to ping the ethernet ip address of the branch from HO. When I gave shutdown and no shutdown at the HO serial, I can see the branch subnet and the users can access the server. Iam using RIP. I tried changing the keepalive to 5sec but no use. Is it h/w problem, but Iam getting this very rarely(twice, sometime in a week). thanks imran
RE: PIX versus Firewall-1 comparison
My understanding is there is some software that makes it much easier to configure a PIX. My company has an NFR on order now. Will have to wait until I get it to see how good it is. I'll update this list after I test it out. Just FYI. Dave -Original Message- From: Ben Lovegrove [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 10:48 AM To: Phil Barker; cisco GroupStudy Subject: Re: PIX versus Firewall-1 comparison Phil, I would imagine that the preference for Firewall-1 was expressed because the administration of it is far more user friendly that a PIX. Admin of FW-1 can be carried out using a Windows GUI with all the rules laid out in glorious technicolour, while admin of a PIX involves a CLI (command line interface). But then again if you're a die-hard Cisco engineer you might think that Windows GUIs are a bit of a soft option, and that you prefer to do things in raw CLI fashion. Regards, Ben --- Phil Barker <[EMAIL PROTECTED]> wrote: > Hi Gang, > Does anyone know where I can get a decent white > paper comparing these two firewall solutions from a > neutral standpoint ? > > I've been in a meeting recently where it has been > claimed that we would always prefer Firewall-1 to PIX. > > Would anyone like to comment technically why this > should be ? > > Regards, > > Phil. > > > > Do You Yahoo!? > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > or your free @yahoo.ie address at http://mail.yahoo.ie > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Ben Lovegrove, CCNP Redspan Solutions Ltd http://www.redspan.com Cisco: Products, Training, Jobs, Study Guides, Resources. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
>Also the hated ones (Nortel) have a fairly good VPN box that seems to work >ok. About the only real problem I have had with it is the interface is GUI >only also they say they are working on a BCR (blatant Cisco rip-off) command >line also. Harrumph from the hated side. Yes, I agree, I hate menus other than in restaurants. I have a friend who recently moved to the Contivity VPN box group so I can check on things if need be. I do use the Contivity extranet client on my PC, and it's far more reliable than Outlook. Is that a recommendation? :-) But a Cisco ripoff? Where did Cisco get CLI other than from UNIX and EMACS? >As to VPN's being to cpu intensive, at our corporate office we have 6 >satellite offices that are terminating into a 2600. Of course the traffic >over those links doesn't really amount to that much and it is only DES. At >our site we have a total of 5 DES vpns terminating into a PIX and it is >running fine. Once again though if we were doing 3DES I would want to find >some sort of hardware accelerator or way to offload the encryption off of >the CPU. >Just my .02 >Darren > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Chuck Larrieu > > Sent: Monday, August 07, 2000 9:40 AM > > To: Robert Hanley; [EMAIL PROTECTED] > > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > > > > > Since this is a Cisco list, Robert, the least you could have done is name > > the Cisco CVPN ( formerly Altiga ) boxes! :-> > > > > Say, where you been? Haven't seen your name here in several > > months. Good to > > hear from you. I'm still eating my blueberries! :-> > > > > Other dedicated VPN boxes include VPNet ( www.vpnet.com ) and Checkpoint > > makes a pretty good one, particularly when running on the Nokia hardware > > platform ( www.checkpoint.com ) > > > > And yes I concur. Customers continue to say to me "I have and > > existing Cisco > > router. Can't we just use that for our VPN?" And I always > > respond "you sure > > can. But you won't like what happens!" When designing a VPN, the > > temptation > > is great to try to be cheap. And with VPNs particularly, it can > > end up being > > a LOT more expensive in the long run. > > > > Keep in touch, Robert. Your insight is welcome and missed. > > > > Chuck > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] >On Behalf Of > > Robert Hanley > > Sent: Monday, August 07, 2000 12:06 AM > > To:Chuck Larrieu; [EMAIL PROTECTED] > > Subject: Re: VPN 3DES ON 2MB Link with 25XX > > > > With respect for the fact that this is a cisco list I > > would still like to point out that it is precisely > > because of the cpu intensive nature of crypto that the > > most popular solution is not a router per se but a > > dedicated VPN box such as the Nortel Contivity. > > > > For the curious: > > http://www.nortelnetworks.com/products/01/contivity/doclib.html > > > > In the same vein I must point out that it is the > > central cpu cisco router architecture and top down > > nature of IOS that makes any kind of additional > > processing problematic. Other router architectures > > that utilize distributed processing can handle these > > additional chores much more gracefully. > > > > Chuck...any guess as to where I wound up working ? > > > > > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > > > Have fiannly gotten around to printing out the IPSec > > > Design Guide published > > > on the Cisco site. > > > > > > > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/i > > psecur/ips > > > ec/tech/ > > > watch the word wrap > > > need a CCO login to get there > > > > > > rather interesting publication, with 15 pages on > > > IPSec, 27 pages on design > > > considertions, and over 370 pages of case > > > studies/configurations! > > > > > > the relevant protion to this conversation is the > > > design guide, which does > > > talk about performance, memory usage, and processor > > > impact. The information > > > presented is not a complete as I would hope, but it > > > is indicative. > > > > > > for example, using a 16xx router, and a 125K > > > clockrate on a back to back > > > serial link, a file transfer that took 10 minutes > > > with no encryption took > > > only 18 seconds longer using IPSec. CPU usage was at > > > 29% on average during > > > the tests. ( The publication states that "the same > > > test was run several > > > times and the times were averaged together") > > > > > > Although there are several charts measuring > > > bandwidth % used with different > > > size packets on several router platforms, I am > > > disappointed to find that > > > this presentation is not particularly detailed, nor > > > particularly rigorous. > > > > > > One chart compares performnce in megabits per second > > > of several routers, one > > > of which is a 251
RE: about the utilization rate of bandwith
I would be concerned with the CRC's and input errors. It looks like there may be a issue with the circuit, cable? Just something to check out. It looks like the counters were cleared 4 days ago and with the amount of data going through this interface the number of CRC's is worth looking at. David -Original Message-From: frank [mailto:[EMAIL PROTECTED]]Sent: Sunday, August 06, 2000 6:22 AMTo: [EMAIL PROTECTED]Subject: Re: about the utilization rate of bandwith Do you mean we should pay attention to "txload" and "rxload"?Could you explain in details? Thanks. frank Router#sh int s0/0Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is ** MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:01, output 00:00:00, output hang never Last clearing of "show interface" counters 4d05h Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 987106 packets input, 430840629 bytes, 0 no buffer Received 36273 broadcasts, 0 runts, 0 giants, 0 throttles 677 input errors, 528 CRC, 146 frame, 0 overrun, 0 ignored, 3 abort 1103552 packets output, 120751866 bytes, 0 underruns 0 output errors, 0 collisions, 39 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up "Rishard Chapoteau" <[EMAIL PROTECTED]> wrote in message 8mfalt$e6t$[EMAIL PROTECTED]">news:8mfalt$e6t$[EMAIL PROTECTED]... Easy enough to check. Do a sho int s0, and look at the load. Take that # / # and divide them. That will give u the utilization on that line. Risard ""gary"" <[EMAIL PROTECTED]> wrote in message 000a01bffd11$cdffd4b0$4c5a@gary">news:000a01bffd11$cdffd4b0$4c5a@gary... anyone can tell me how to get the utilization rate of bandwith of cisco router's0 my client complain the speed is very slow. i just want to check whether the bandwith is enough, otherwise, i will improve the bandwith
RE: where do live
If it is Southern NH, you at least can end up with many places in Northern Mass. Kent --- Timothy Harkin <[EMAIL PROTECTED]> wrote: > Going off of the off topic... > > Does anyone know about life in Southern New > Ha,mpshire - networking > opportunities, quality of life, etc... > > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
you can copy the acl to your PC , edit the lines you want, delete the acl in the router , and then paste it in the router a word of advice if you are not connected to the console port , first disable the acl in the ports of the router , paste the acl , and then activate the acl . to avoid unpleasent surprises Cumprimentos (Regards) Rui Fonseca _ > -Mensagem original- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Em nome de > STRAND Scott > Enviada: Segunda-feira, 7 de Agosto de 2000 14:51 > Para: [EMAIL PROTECTED] > Assunto: Editing ACL's > > > Is it possible to edit only one line of an access list without > removing the entire ACL. I heard that it is possible now with having > to cut and paste. Can you advise. > > Thanks, > Scott > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
I follow this rule all the time too. BUT I have never been cut off when deleting the existing access-list. I do it remotely all the time! -Original Message- From: David Jones [mailto:[EMAIL PROTECTED]] Sent: 07 August 2000 15:46 To: 'STRAND Scott'; [EMAIL PROTECTED] Subject: RE: Editing ACL's Typically what I do, is do a wri t, copy the acl's to notepad, edit the lines that I want to change, copy that to the clipboard, on the router, say 'no access-list xxx', then edit and paste. Just keep in mind that if you are accessing it remotely and removing the entire access-list will cut your connection, you will either need to be local on the console either physically or via modem. Dave -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 9:51 AM To: [EMAIL PROTECTED] Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX versus Firewall-1 comparison
Hey, Ben, I have recently sat in different seminars sponsored by Cisco and Checkpoint. From statements made by the presenters, I gathered that both companies agree on the following points: 1) Cisco PIX is far superior in terms of throughput. 2) Checkpoint GUI / management, particularly of multiple security domains, multiple firewalls, and policy management, is far superior to anything Cisco has. 3) Both companies maintain that their product is superior in terms of general firewall features and functionality. Is this your impression as well? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ben Lovegrove Sent: Monday, August 07, 2000 7:48 AM To: Phil Barker; cisco GroupStudy Subject:Re: PIX versus Firewall-1 comparison Phil, I would imagine that the preference for Firewall-1 was expressed because the administration of it is far more user friendly that a PIX. Admin of FW-1 can be carried out using a Windows GUI with all the rules laid out in glorious technicolour, while admin of a PIX involves a CLI (command line interface). But then again if you're a die-hard Cisco engineer you might think that Windows GUIs are a bit of a soft option, and that you prefer to do things in raw CLI fashion. Regards, Ben --- Phil Barker <[EMAIL PROTECTED]> wrote: > Hi Gang, > Does anyone know where I can get a decent white > paper comparing these two firewall solutions from a > neutral standpoint ? > > I've been in a meeting recently where it has been > claimed that we would always prefer Firewall-1 to PIX. > > Would anyone like to comment technically why this > should be ? > > Regards, > > Phil. > > > > Do You Yahoo!? > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > or your free @yahoo.ie address at http://mail.yahoo.ie > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Ben Lovegrove, CCNP Redspan Solutions Ltd http://www.redspan.com Cisco: Products, Training, Jobs, Study Guides, Resources. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
Also the hated ones (Nortel) have a fairly good VPN box that seems to work ok. About the only real problem I have had with it is the interface is GUI only also they say they are working on a BCR (blatant Cisco rip-off) command line also. As to VPN's being to cpu intensive, at our corporate office we have 6 satellite offices that are terminating into a 2600. Of course the traffic over those links doesn't really amount to that much and it is only DES. At our site we have a total of 5 DES vpns terminating into a PIX and it is running fine. Once again though if we were doing 3DES I would want to find some sort of hardware accelerator or way to offload the encryption off of the CPU. Just my .02 Darren > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Monday, August 07, 2000 9:40 AM > To: Robert Hanley; [EMAIL PROTECTED] > Subject: RE: VPN 3DES ON 2MB Link with 25XX > > > Since this is a Cisco list, Robert, the least you could have done is name > the Cisco CVPN ( formerly Altiga ) boxes! :-> > > Say, where you been? Haven't seen your name here in several > months. Good to > hear from you. I'm still eating my blueberries! :-> > > Other dedicated VPN boxes include VPNet ( www.vpnet.com ) and Checkpoint > makes a pretty good one, particularly when running on the Nokia hardware > platform ( www.checkpoint.com ) > > And yes I concur. Customers continue to say to me "I have and > existing Cisco > router. Can't we just use that for our VPN?" And I always > respond "you sure > can. But you won't like what happens!" When designing a VPN, the > temptation > is great to try to be cheap. And with VPNs particularly, it can > end up being > a LOT more expensive in the long run. > > Keep in touch, Robert. Your insight is welcome and missed. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Robert Hanley > Sent: Monday, August 07, 2000 12:06 AM > To: Chuck Larrieu; [EMAIL PROTECTED] > Subject: Re: VPN 3DES ON 2MB Link with 25XX > > With respect for the fact that this is a cisco list I > would still like to point out that it is precisely > because of the cpu intensive nature of crypto that the > most popular solution is not a router per se but a > dedicated VPN box such as the Nortel Contivity. > > For the curious: > http://www.nortelnetworks.com/products/01/contivity/doclib.html > > In the same vein I must point out that it is the > central cpu cisco router architecture and top down > nature of IOS that makes any kind of additional > processing problematic. Other router architectures > that utilize distributed processing can handle these > additional chores much more gracefully. > > Chuck...any guess as to where I wound up working ? > > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > > Have fiannly gotten around to printing out the IPSec > > Design Guide published > > on the Cisco site. > > > > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/i > psecur/ips > > ec/tech/ > > watch the word wrap > > need a CCO login to get there > > > > rather interesting publication, with 15 pages on > > IPSec, 27 pages on design > > considertions, and over 370 pages of case > > studies/configurations! > > > > the relevant protion to this conversation is the > > design guide, which does > > talk about performance, memory usage, and processor > > impact. The information > > presented is not a complete as I would hope, but it > > is indicative. > > > > for example, using a 16xx router, and a 125K > > clockrate on a back to back > > serial link, a file transfer that took 10 minutes > > with no encryption took > > only 18 seconds longer using IPSec. CPU usage was at > > 29% on average during > > the tests. ( The publication states that "the same > > test was run several > > times and the times were averaged together") > > > > Although there are several charts measuring > > bandwidth % used with different > > size packets on several router platforms, I am > > disappointed to find that > > this presentation is not particularly detailed, nor > > particularly rigorous. > > > > One chart compares performnce in megabits per second > > of several routers, one > > of which is a 2514 ( no 2501's ). Said router > > without encryption perfermed > > in the range of 2.4-9.9 mbs, and with AH and ESP > > enabled dropped to 01.-0.2 > > mbs. there is a column labeled "suggested bandwidth" > > but no explaination in > > the text. There is a rather interesting line stating > > that "the suggested > > bandwidth is reduced from the maximum possible to > > bring the CPU utilization > > more within accepted limits" > > > > the same table states that a 7505 popping AH and ESP > > was filling a 6 mbs > > serial link with a 70-75% CPU usage rate. > > > > All this leads me to infer that the chances are very > > good that doing what > > you are planning to do will be bad for the router. > > IPSec checws up processor >
SERIAL is UP, but no routes to destn
HI, I have strange problem with one of my customer router. The users in the branch will not be able to connect to the HO for sometimes and when I checked the serial it shows (serial is up and line protocol is up) but when I gave(show ip route) I could not see the branch n/w subnet route, I could not be able to ping the ethernet ip address of the branch from HO. When I gave shutdown and no shutdown at the HO serial, I can see the branch subnet and the users can access the server. Iam using RIP. I tried changing the keepalive to 5sec but no use. Is it h/w problem, but Iam getting this very rarely(twice, sometime in a week). thanks imran
Re: Technical Book Editing
In Word you could create your own custom.dic, otherwise I don't know of any. >From: "Oz" <[EMAIL PROTECTED]> >Reply-To: "Oz" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: Re: Technical Book Editing >Date: Mon, 7 Aug 2000 09:57:38 -0400 > >On this topic is there such a think a technical add on for spell checker >??? > > Not that this makes it right but my meager understanding of the >publishing >biz is such that many corps hold off to see what the other folks put out >and then it's becomes a big catch up scramble. >All the tech edits I have done have been on a real super rush rush basis >and it's very easy to miss typo's >I have written about 15 tests for a class and I did not touch them for a >week and I was really astounded at all the boo boo's I found.. >me being a little dislexic and fat fingered in all hehe >Oz >http://www.mcseco-op.com/helpfull_links.htm > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How many routers in an ISIS area??
>Yes its that IS-IS question again. > >I am at the moment working on a National Management Network. Marconi >telecomms switches (SDH muxes) only talk to each other using the favourite >IS-IS protocol. Most of the design features / problems have been done BUT >there is one question that remains unanswered. HOW many Level 2 only >routers can you have in one area. If they are using IS-IS under CMIP, they only talk L1. > >The situation is because the SDH is obviously in rings then the areas cannot >be geographically based. One ring can stretch through around 30 node sites. >There is more than one ring in each site (diversity). Anyway, the design is >going to be that all of the Cisco routers will be logically THE ISIS core >with the marconi ad-muxes the distribution layer (L1-L2) and the elements >on the ring the access layer (L1 only). This will then cause there to be >around 100 routers in the core all at LEVEL 2. > >Does anyone know out there how many routers you can have in one area. I >have tried the Advanced IP Design and Routing TCP/IP volumes which were >advised from past emails (thanks Howard). In the real world, I know of several provider networks that are operational with 1000 or more IS-IS routers in a single area. I will emphasize that these networks are very well designed from a physical reliability standpoint, and don't thrash often. There's no hard limit to the number of L2 routers. In Cisco's implementation, there is a limit of three NSAP prefixes per L2 router box, and one prefix per interface. I really have to find some place to post the tutorial I didn't present at NANOG. If you go to www.nanog.org, and navigate to the last meeting, there is also a presentation by Dave Katz. Dave works for Juniper now, but wrote or modified most of the IS-IS code in the Internet...in fairness, Shantam Biswas wrote the first Bay RS IS-IS code. > >Any help as per usual will be well received. > >Cheers > >Robert McCallum ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS number
>basically bgp, and the ip addresses are class C addresses, which our network >have class C addresses as well. We are an ISP, and my partner is a system >integrator. First, if you expect to play seriously in the ISP space, you need to get used to thinking of them as /24 prefixes, not class C, and the set of them as appropriate aggregates. Second, the next question is to what extent your addresses and your partners' addresses are contiguous and can be aggregated, and if there are multihoming requirements that dictate you advertise more specifics as well as the aggregate. Third, if the addresses do not aggregate well, you may seriously consider turning in the present addresses in return for a contiguous CIDR block. The goal is to justify a /19 or /20 for a reasonable chance of getting by provider length filters. Fourth, in addition to address space and AS, you need to develop a routing policy and, in my strong recommendation, register the routing policy in an appropriate routing registry. Also, your DNS and reverse DNS needs to be coordinated. As the allocations change, SWIP needs to be updated. Your routing policy needs to consider, among other things, the number of upstreams to which you will have BGP connectivity. You need to consider how you will connect to downstream customers, if they will home to providers other than you, and whether their address space is a subset of yours. Other considerations include whether you want to do the default of hot-potato/closest exit routing, or cold-potato/optimal exit inside your AS. Do you have iBGP scalability issues? If so, should they be solved with route reflectors, confederations, hierarchies of route reflectors, or possibly an MPLS core? Do your applications have QoS requirements? With multiple providers, asymmetrical routing is virtually certain to take place. Are you ready for it? If I'm giving the impression this is more complex than configuring BGP, you're correct. Seriously, though, if this discussion is incomprehensible, you are really not ready to do it yourself. Most starting ISPs get considerable technical support from their upstreams. > > >""McCallum, Robert"" <[EMAIL PROTECTED]> wrote in message >news:[EMAIL PROTECTED] >.uk... > > Firstly, we would all need to know what routing protocols are in use here, > > then what are the ip addresses of you and your partner. Secondly what >type > > of vendor are you both using. > > > > Until then I and I expect no one else can answer your question. > > > > -Original Message- > > From: Ronald James [mailto:[EMAIL PROTECTED]] > > Sent: 03 August 2000 12:38 > > To: [EMAIL PROTECTED] > > Subject: AS number > > > > > > we have our own AS number with class C addresses, now if my partner has a > > few class C addresses which they want to migrate to our AS, is it >possible? > > if so, how(any examples may hlep)? what other factors I should aware of ? > > > > thanks in advance!! > > > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > --- > > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX versus Firewall-1 comparison
Phil, I would imagine that the preference for Firewall-1 was expressed because the administration of it is far more user friendly that a PIX. Admin of FW-1 can be carried out using a Windows GUI with all the rules laid out in glorious technicolour, while admin of a PIX involves a CLI (command line interface). But then again if you're a die-hard Cisco engineer you might think that Windows GUIs are a bit of a soft option, and that you prefer to do things in raw CLI fashion. Regards, Ben --- Phil Barker <[EMAIL PROTECTED]> wrote: > Hi Gang, > Does anyone know where I can get a decent white > paper comparing these two firewall solutions from a > neutral standpoint ? > > I've been in a meeting recently where it has been > claimed that we would always prefer Firewall-1 to PIX. > > Would anyone like to comment technically why this > should be ? > > Regards, > > Phil. > > > > Do You Yahoo!? > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > or your free @yahoo.ie address at http://mail.yahoo.ie > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Ben Lovegrove, CCNP Redspan Solutions Ltd http://www.redspan.com Cisco: Products, Training, Jobs, Study Guides, Resources. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
Typically what I do, is do a wri t, copy the acl's to notepad, edit the lines that I want to change, copy that to the clipboard, on the router, say 'no access-list xxx', then edit and paste. Just keep in mind that if you are accessing it remotely and removing the entire access-list will cut your connection, you will either need to be local on the console either physically or via modem. Dave -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, August 07, 2000 9:51 AM To: [EMAIL PROTECTED] Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN 3DES ON 2MB Link with 25XX
Since this is a Cisco list, Robert, the least you could have done is name the Cisco CVPN ( formerly Altiga ) boxes! :-> Say, where you been? Haven't seen your name here in several months. Good to hear from you. I'm still eating my blueberries! :-> Other dedicated VPN boxes include VPNet ( www.vpnet.com ) and Checkpoint makes a pretty good one, particularly when running on the Nokia hardware platform ( www.checkpoint.com ) And yes I concur. Customers continue to say to me "I have and existing Cisco router. Can't we just use that for our VPN?" And I always respond "you sure can. But you won't like what happens!" When designing a VPN, the temptation is great to try to be cheap. And with VPNs particularly, it can end up being a LOT more expensive in the long run. Keep in touch, Robert. Your insight is welcome and missed. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robert Hanley Sent: Monday, August 07, 2000 12:06 AM To: Chuck Larrieu; [EMAIL PROTECTED] Subject:Re: VPN 3DES ON 2MB Link with 25XX With respect for the fact that this is a cisco list I would still like to point out that it is precisely because of the cpu intensive nature of crypto that the most popular solution is not a router per se but a dedicated VPN box such as the Nortel Contivity. For the curious: http://www.nortelnetworks.com/products/01/contivity/doclib.html In the same vein I must point out that it is the central cpu cisco router architecture and top down nature of IOS that makes any kind of additional processing problematic. Other router architectures that utilize distributed processing can handle these additional chores much more gracefully. Chuck...any guess as to where I wound up working ? --- Chuck Larrieu <[EMAIL PROTECTED]> wrote: > Have fiannly gotten around to printing out the IPSec > Design Guide published > on the Cisco site. > > http://www.cisco.com/cpropart/sync-src/ccstcp/cc/techno/protocol/ipsecur/ips > ec/tech/ > watch the word wrap > need a CCO login to get there > > rather interesting publication, with 15 pages on > IPSec, 27 pages on design > considertions, and over 370 pages of case > studies/configurations! > > the relevant protion to this conversation is the > design guide, which does > talk about performance, memory usage, and processor > impact. The information > presented is not a complete as I would hope, but it > is indicative. > > for example, using a 16xx router, and a 125K > clockrate on a back to back > serial link, a file transfer that took 10 minutes > with no encryption took > only 18 seconds longer using IPSec. CPU usage was at > 29% on average during > the tests. ( The publication states that "the same > test was run several > times and the times were averaged together") > > Although there are several charts measuring > bandwidth % used with different > size packets on several router platforms, I am > disappointed to find that > this presentation is not particularly detailed, nor > particularly rigorous. > > One chart compares performnce in megabits per second > of several routers, one > of which is a 2514 ( no 2501's ). Said router > without encryption perfermed > in the range of 2.4-9.9 mbs, and with AH and ESP > enabled dropped to 01.-0.2 > mbs. there is a column labeled "suggested bandwidth" > but no explaination in > the text. There is a rather interesting line stating > that "the suggested > bandwidth is reduced from the maximum possible to > bring the CPU utilization > more within accepted limits" > > the same table states that a 7505 popping AH and ESP > was filling a 6 mbs > serial link with a 70-75% CPU usage rate. > > All this leads me to infer that the chances are very > good that doing what > you are planning to do will be bad for the router. > IPSec checws up processor > cycles. With a T-1 to fill, your poor CPU's are > going to burn along at 100% > utilization to fiull that bandwidth. Not good for > router! > > Given these kinds of numbers, you may find your > remote users complaining a > lot about "slow performance" and with good reason. > your 2 meg pipe becomes a > 100K pipe, assuming the router doesn't shut down a > lot due to overload. > > Anyone got some other good reads on IPSec and router > resource utilization? > > Chuck > > <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > I wish to setup a 3DES VPN between two sites (a > local and a remote site) > on > > a 2MB serial link using 2 2502 cisco routeurs. I > will have 30 people > > working on the remote site using telnet session, > NT file and print with > > servers in the local site. > > > > Do you think the 25XX could handle such > calculation (3DES processing) for > > such amount of user. If yes is someone already > setup such thing ? > > > > regards, > > Christophe. > > > > ___ > > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > > FAQ,
Syncro
Hi Yah, I'm working for Conexion in Europe : we supply transit IP service and "just" bandwidth as well. Most of our connections are NO SYNC because we use Route Reflector or confedarations to get lost of the full-mesh approach in BGP. So if you have a "healthy" provider he's going to built his structure that intelligent that you don't need the synchronisation. Geert CCNP, CCDP, CVOICE, CATM, MCP, CCIE written ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIT in a nutshell ?
Did I miss anything troubleshooting wise ? define What facts When analyze Why plan Whichway implementWork evaluateWonder resolution Wesult ( sorry Barbara Walters ) document Write the 8 step road to trouble shooting success You need to know WHAT went WHEN and WHY, WHICHWAY will WORK and WONDER the WESULT and WRITE about it. CIT in a nut shell (kinda) Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Editing ACL's
Have you try to use Cisco ConfigMaker, it can download router config file and display in CM. So you can edit ACL in CM and after you modified upload back to router. Hope this help. $$$ Surf the web and get paid $$$ http://www.spedia.net/cgi-bin/dir/tz.cgi?run=show_svc&fl=8&vid=vntnet - Original Message - From: "STRAND Scott" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 07, 2000 6:50 AM Subject: Editing ACL's > Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having > to cut and paste. Can you advise. > > Thanks, > Scott > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCRAN exam and Hats off to all participants!
I suggest ignoring altogether what was in or not in exam. I presumed on advice from Bcran book and was taken aback to find it in the exam (2 weeks ago) Cover yourself and learn the full agenda. Pat Duggan -Original Message- From: NoOneYouKnow [mailto:[EMAIL PROTECTED]] Sent: Friday, August 04, 2000 12:48 PM To: [EMAIL PROTECTED] Subject: Re: BCRAN exam and Hats off to all participants! I did not see any questions about these subjects on my recent BCRAN test. There were several in the Boson BCRAN test #1, but none in the real test (the Boson test is both for BCRAN and the older CMTD test). Also, the BCRAN official study guide from Cisco Press didn't have these subjects either IIRC (at least in the main sections - I didn't read the appendices). All that being said, however, if its on the exam objectives/outline, then it is fair game. So, at the very least, find some info on them and read it over so you understand the concepts. Try the Cisco web site. ---JRE--- ""Daniel Boutet"" <[EMAIL PROTECTED]> wrote in message 8mesng$uqk$[EMAIL PROTECTED]">news:8mesng$uqk$[EMAIL PROTECTED]... > First I would like to say that I have been reading posting from this > newsgroup now for almost a month and I have to congadulate > all the participants for the great postings. > > Back to subject: Nothing is covered on these subject in my BCRAN book from > McGraw Hill/Syngress ISDN 0-07-211908-X > (it is not a very good book anyhow) > > dmz (do not know what that is) > TAG switching > VPN/VPDN > VoIP > > I have read that these are not covered on the BCRAN exam but they are part > of the outline from Cisco! > Can anyone clarify if these are covered subject? > > Thanks a million! > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
copy the list on your local pc edit the lines you want out then re-tftp it if I'm not mistaken. Also remember to check the bottom line and make sure everything is in order minus the line you deleted. If your on a Unix sys you can use the diff command to make sure nothing but the deleted entry was changed. --Original Message-- From: STRAND Scott <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: August 7, 2000 1:50:43 PM GMT Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Technical Book Editing
On this topic is there such a think a technical add on for spell checker ??? Not that this makes it right but my meager understanding of the publishing biz is such that many corps hold off to see what the other folks put out and then it's becomes a big catch up scramble. All the tech edits I have done have been on a real super rush rush basis and it's very easy to miss typo's I have written about 15 tests for a class and I did not touch them for a week and I was really astounded at all the boo boo's I found.. me being a little dislexic and fat fingered in all hehe Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP and Unnumber IP Problem
you need to configure 'async default routing' --- vtam <[EMAIL PROTECTED]> wrote: > The following is the 3620 config: > > interface Loopback0 > ip address 40.126.249.1 255.255.255.255 > no ip directed-broadcast > > interface Serial0/0 > physical-layer async > ip unnumbered Loopback0 > no ip directed-broadcast > encapsulation ppp > dialer in-band > dialer string 3398102 > dialer-group 1 > async mode dedicated > priority-group 1 > > interface Serial1/3 > backup delay 0 60 > backup interface Serial0/0 > ip address 40.126.247.2 255.255.255.252 > no ip directed-broadcast > priority-group 1 > > router eigrp 100 > network 40.0.0.0 > no auto-summary > > > This is the centre 3640 config > > interface Loopback0 > ip address 40.126.248.251 255.255.255.255 > no ip directed-broadcast > > interface Group-Async0 > ip unnumbered Loopback0 > no ip directed-broadcast > encapsulation ppp > dialer in-band > async mode dedicated > group-range 65 80 > > router eigrp 100 > network 40.0.0.0 > no auto-summary > > line 65 80 > modem InOut > modem autoconfigure discovery > transport input all > flowcontrol hardware > > > Thanks for your help. > > > > > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Editing ACL's
Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]