RE: Switches !!!

[Chris Larson]

You will always need to have a router or a route processor to router between
VLANS. At least with current technology. Layer 3 switching is really just
being able to processes a route and then forward at switch or wire speeds.
It still needs to process a route, and is routing between lan segments.


In the second part I believe Sean is speaking about Netflow switching where
the router determines how to route a source/destinatioon once, and once the
switch learns how that packet was routed through the switch, the next time
it recieves a similiar source/destination that normaly would require route
processing it will just switch the packet to the appropriate port based on
what it learned the last time without asking the router to process a route.



-Original Message-
From: Frank Wells [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 12:30 PM
To: [EMAIL PROTECTED]
Subject: RE: Switches !!!


Hey Sean.
This is regarding the following passage taken from the your previous reply 
to this thread:

If C. If the destination and source node reside on ports assigned to
different VLANs on the switch,  the switch requires an external router to 
resolve the address and send the packet back to the switch. <*** If the 
switch contains an internal route processor, the external router needs to 
only resolve the first packet and then the internal route processor can 
finish the job from there. ***> (An external router needs to be used so that

a routing protocol can be used to map the network topology to base it's 
routes.)

The second sentence implies that there will always need to be at least one 
router in any switched network. Is this actually correct?  I seem to 
remember reading that there are fully switched networks utilizing layer 
three switching as the routing mechanism.  What I am getting at is I thought

Route Switch Processors are layer three devices and fully capable of making 
their own routing decisions, in which case there would be no need for a 
router.  Can you shed some more light please.

Thanks a lot.


>From: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>Reply-To: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>CC: "'Raees Ahmed Shaikh'" <[EMAIL PROTECTED]>
>Subject: RE: Switches !!!
>Date: Fri, 11 Aug 2000 09:46:12 -0600
>
>a1. How are MAC addresses used on a switch: The MAC address of the switch,
>depending on the interface being used, handle this in different ways.  Some
>Catalyst switches assign a global MAC address, some switches use a pool of
>addresses assigning one to each interface(You can assign one manually), and
>sometimes the MAC address can be a virtual MAC address when using HSRP on
>mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC, 
>NFFCII
>or the MSFC.  The switch is assigned an IP address and default gateway 
>which
>allows you to telnet to the switch.  On most switches you can also use the
>your webrowser to access the switches configuration and make changes simply
>by typing in the switches IP address.
>
>a2. If two nodes on the same switch want to communicate on the same switch:
>(This question requires a long answer!)
>
>If: A. They are connected to the same port on the switch the switch does
>nothing since the two nodes are in the same collision domain they will see
>each others traffic.
>
>If B. They are in the same VLAN and reside on the same switch, the switch
>learns the location of each node attached by reading the first frame
>received and logging the source address and port of arrival in it's Content
>Addressable Memory(CAM) table. When the switch receives another frame it
>checks the CAM table and if it knows the port the destination node resides
>on it forwards the frame directly to that port.   If it does not know the
>port, it broadcasts the frame to every port which are members of the same
>VLAN with the exception to the port of arrival.
>
>If C. If the destination and source node reside on ports assigned to
>different VLANs on the switch,  the switch requires an external router to
>resolve the address and send the packet back to the switch.  If the switch
>contains an internal route processor, the external router needs to only
>resolve the first packet and then the internal route processor can finish
>the job from there.  (An external router needs to be used so that a routing
>protocol can be used to map the network topology to base it's routes.)
>
>Hope this answers your questions.
>
>Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
>GlobalNet Training Solutions
>[EMAIL PROTECTED] 
>www.TheQuestForCertication.Com 
>  -Original Message-
>From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]
>Sent: August 08, 2000 11:50 PM
>To: '[EMAIL PROTECTED]'
>Subject: Switches !!!
>
>
>
>
>  If all the ports of the switches have mac addresses than
>
>q.1  If somebody telnets to swithes the actual physical communication 
>occurs
>through wh

RE: Switches !!!

[Chuck Larrieu]

I've just been doing some research for a customer proposal. What I have
found is that the Cisco's so-called layer three switches will natively route
RIP, but if you want more capability you pay for a software enhancement that
will permit OSPF, IGRP, and EIGRP, or in other words, turns the L3 switch
into a real router :->

Is this more or less what you folks are talking about?

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Frank Wells
Sent:   Friday, August 11, 2000 11:15 AM
To: [EMAIL PROTECTED]
Subject:RE: Switches !!!

What Sean implied here is you will always need a router to route between
VLAN's. I thought you could use a router (router on a stick)OR
a RSP. He claims that the initial route needs to be found by a router and
then the RSP can take over.  I still have a problem with this concept
because I have read about networks consisting entirely of switches from
access layer up to the core layers, and switched across WAN's too!!!



>From: Chris Larson <[EMAIL PROTECTED]>
>To: 'Frank Wells' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>Subject: RE: Switches !!!
>Date: Fri, 11 Aug 2000 14:04:36 -0400
>
>You will always need to have a router or a route processor to router
>between
>VLANS. At least with current technology. Layer 3 switching is really just
>being able to processes a route and then forward at switch or wire speeds.
>It still needs to process a route, and is routing between lan segments.
>
>
>In the second part I believe Sean is speaking about Netflow switching where
>the router determines how to route a source/destinatioon once, and once the
>switch learns how that packet was routed through the switch, the next time
>it recieves a similiar source/destination that normaly would require route
>processing it will just switch the packet to the appropriate port based on
>what it learned the last time without asking the router to process a route.
>
>
>
>-Original Message-
>From: Frank Wells [mailto:[EMAIL PROTECTED]]
>Sent: Friday, August 11, 2000 12:30 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Switches !!!
>
>
>Hey Sean.
>This is regarding the following passage taken from the your previous reply
>to this thread:
>
>If C. If the destination and source node reside on ports assigned to
>different VLANs on the switch,  the switch requires an external router to
>resolve the address and send the packet back to the switch. <*** If the
>switch contains an internal route processor, the external router needs to
>only resolve the first packet and then the internal route processor can
>finish the job from there. ***> (An external router needs to be used so
>that
>
>a routing protocol can be used to map the network topology to base it's
>routes.)
>
>The second sentence implies that there will always need to be at least one
>router in any switched network. Is this actually correct?  I seem to
>remember reading that there are fully switched networks utilizing layer
>three switching as the routing mechanism.  What I am getting at is I
>thought
>
>Route Switch Processors are layer three devices and fully capable of making
>their own routing decisions, in which case there would be no need for a
>router.  Can you shed some more light please.
>
>Thanks a lot.
>
>
> >From: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
> >Reply-To: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> >CC: "'Raees Ahmed Shaikh'" <[EMAIL PROTECTED]>
> >Subject: RE: Switches !!!
> >Date: Fri, 11 Aug 2000 09:46:12 -0600
> >
> >a1. How are MAC addresses used on a switch: The MAC address of the
>switch,
> >depending on the interface being used, handle this in different ways.
>Some
> >Catalyst switches assign a global MAC address, some switches use a pool
>of
> >addresses assigning one to each interface(You can assign one manually),
>and
> >sometimes the MAC address can be a virtual MAC address when using HSRP on
> >mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC,
> >NFFCII
> >or the MSFC.  The switch is assigned an IP address and default gateway
> >which
> >allows you to telnet to the switch.  On most switches you can also use
>the
> >your webrowser to access the switches configuration and make changes
>simply
> >by typing in the switches IP address.
> >
> >a2. If two nodes on the same switch want to communicate on the same
>switch:
> >(This question requires a long answer!)
> >
> >If: A. They are connected to the same port on the switch the switch does
> >nothing since the two nodes are in the same collision domain they will
>see
> >each others traffic.
> >
> >If B. They are in the same VLAN and reside on the same switch, the switch
> >learns the location of each node attached by reading the first frame
> >received and logging the source address and port of arrival in it's
>Content
> >Addressable Memory(CAM) table. When the switch receives another frame it
> >checks the CAM table and if it knows the port the destination node
>

RE: Switches !!!

[Odom, Sean/SAC]

Fred
Switches even with an internal route processor cannot take the place of a
router.  The first packet in Multilayer switching is resolved by the
external router.  The internal route processor learns from the forwarding
decision made by the external router and then uses that resolution for the
remainder of the flow from the source to the destination without using the
external route processor.  Unless the external route router must be used as
a gateway to leave the local boundaries.  To answer your question,  a
switched network must still use an external router for Layer 3 resolution.
Switches using Layer 3 modules merely releive the router of precious
processing power.  Hope this helps.  I have two books on switching which can
be used to answer your questions.  Visit my website
www.TheQuestForCertification.Com.  -Sean

>Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
>GlobalNet Training Solutions
>[EMAIL PROTECTED] 
>www.TheQuestForCertication.Com 

-Original Message-
From: Frank Wells [mailto:[EMAIL PROTECTED]]
Sent: August 11, 2000 9:30 AM
To: [EMAIL PROTECTED]
Subject: RE: Switches !!!


Hey Sean.
This is regarding the following passage taken from the your previous reply 
to this thread:

If C. If the destination and source node reside on ports assigned to
different VLANs on the switch,  the switch requires an external router to 
resolve the address and send the packet back to the switch. <*** If the 
switch contains an internal route processor, the external router needs to 
only resolve the first packet and then the internal route processor can 
finish the job from there. ***> (An external router needs to be used so that

a routing protocol can be used to map the network topology to base it's 
routes.)

The second sentence implies that there will always need to be at least one 
router in any switched network. Is this actually correct?  I seem to 
remember reading that there are fully switched networks utilizing layer 
three switching as the routing mechanism.  What I am getting at is I thought

Route Switch Processors are layer three devices and fully capable of making 
their own routing decisions, in which case there would be no need for a 
router.  Can you shed some more light please.

Thanks a lot.


>From: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>Reply-To: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>CC: "'Raees Ahmed Shaikh'" <[EMAIL PROTECTED]>
>Subject: RE: Switches !!!
>Date: Fri, 11 Aug 2000 09:46:12 -0600
>
>a1. How are MAC addresses used on a switch: The MAC address of the switch,
>depending on the interface being used, handle this in different ways.  Some
>Catalyst switches assign a global MAC address, some switches use a pool of
>addresses assigning one to each interface(You can assign one manually), and
>sometimes the MAC address can be a virtual MAC address when using HSRP on
>mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC, 
>NFFCII
>or the MSFC.  The switch is assigned an IP address and default gateway 
>which
>allows you to telnet to the switch.  On most switches you can also use the
>your webrowser to access the switches configuration and make changes simply
>by typing in the switches IP address.
>
>a2. If two nodes on the same switch want to communicate on the same switch:
>(This question requires a long answer!)
>
>If: A. They are connected to the same port on the switch the switch does
>nothing since the two nodes are in the same collision domain they will see
>each others traffic.
>
>If B. They are in the same VLAN and reside on the same switch, the switch
>learns the location of each node attached by reading the first frame
>received and logging the source address and port of arrival in it's Content
>Addressable Memory(CAM) table. When the switch receives another frame it
>checks the CAM table and if it knows the port the destination node resides
>on it forwards the frame directly to that port.   If it does not know the
>port, it broadcasts the frame to every port which are members of the same
>VLAN with the exception to the port of arrival.
>
>If C. If the destination and source node reside on ports assigned to
>different VLANs on the switch,  the switch requires an external router to
>resolve the address and send the packet back to the switch.  If the switch
>contains an internal route processor, the external router needs to only
>resolve the first packet and then the internal route processor can finish
>the job from there.  (An external router needs to be used so that a routing
>protocol can be used to map the network topology to base it's routes.)
>
>Hope this answers your questions.
>
>Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
>GlobalNet Training Solutions
>[EMAIL PROTECTED] 
>www.TheQuestForCertication.Com 
>  -Original Message-
>From: Raees Ahmed Sh

RE: SDSL statement : True or False ?

[Jonn Martell]

SDSL is not a true standard. It's a "industry standard".  If the ISP uses
CooperMountain at the DSLAM (CO), then you have to use CopperEdge
certified products.  xDSL is a mess right now because of the number of
current and upcoming "standards".

Cisco is a little behind as far as DSL.  I was AMAZED to hear the Product
Manager for Cisco DSL saying at the DSLCON 2000 conference in March to
"Watch ATM 25 for home networking on DSL".  I even asked him to repeat
what he was saying. Yeah right, with the flood of 10/100 products for
home, we'll start using ATM 25!  I still have not recovered!

To me, that said it all.  Maybe something has changed in 5 months but you
can't assume that that Cisco is the leader in all technologies.

Netopia probably has a lot more CPE equipment sold than Cisco. 3Com is
also a large SDSL vendor compatible with coppermountain.  Check the
CopperMountain.com site.

On a related note:

I'm having trouble finding a good standard-based (G.Lite, ADSL DMT) DSLAM
that has a 10/100 interface on it (as WAN link).  I think that
CopperMountain has the lead in this area.

If anyone has information in this area, I would greatly appreciate it.

...
Jonn Martell - Network Engineering-ITServices UBC/BCNet http://www.ubc.ca 
Instructor - Internet  Technology http://www.cstudies.ubc.ca/internet/
mail: University of British Columbia, Vancouver, Canada, V6T 1Z2


On Fri, 11 Aug 2000, Chris Larson wrote:

> Date: Fri, 11 Aug 2000 09:14:35 -0400
> From: Chris Larson <[EMAIL PROTECTED]>
> To: 'Ole Drews Jensen' <[EMAIL PROTECTED]>
> Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: SDSL statement : True or False ?
> 
> It is surprising since Netopia and Cisco equipment work very well together
> (in my opinion). You can request from them a regular DSL modem and plug the
> Cisco into that letting them handle everything up to and including the
> modem.
> 
> Also,
> I am not saying Cisco is god and everyone should use them, but I would be a
> little concerned that a vendor is shutting out a supplier of network
> products that has an 80% or better market share, even if they were a little
> slow in bringing DSL products to market.
> 
> 
> 
>  
> 
> -Original Message-
> From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 10, 2000 5:29 PM
> To: ''
> Subject: SDSL statement : True or False ?
> 
> 
> I would like to convert our branch offices from ISDN connections to SDSL,
> but the carrier that I would like to use want's me to use Netopia routers
> instead of Cisco. When I told them that I would like to use Cisco to
> standalize our equipment and since I know how to operate Cisco routers, I
> got this message:
> 
> =/=
> We checked with our dsl partner and unfortunately their Copper Mountain
> DSLAMS do not work with Cisco routers for dsl service. We have plenty of
> customers with Cisco routers for their frame, Internet, etc. along with
> Netopia routers for DSL and we've had no problems. But if you
> want to look at a metro frame relay solution, we can work up something
> there. Let me know.
> =/=
> 
> Can that be true, or are they just trying to force me into Netopia
> equipment?
> 
> Any comments to this is greatly appreciated.
> 
> Thanks,
> 
> Ole
> 
> 
>  Ole Drews Jensen
>  Systems Network Manager
>  CCNA, MCSE, MCP+I
>  RWR Enterprises, Inc.
>  [EMAIL PROTECTED]
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Teltone ILS-2000 SPID & LDN Numbers

[Patrick Murphy]

Brad,

Do you know where I might get a ISDN simulator?

<[EMAIL PROTECTED]> wrote in message 8mub12$7kt$[EMAIL PROTECTED]">news:8mub12$7kt$[EMAIL PROTECTED]...
> have you tried looking on Teltone's site?  that might be a really good
place
> to start.
>
> -brad
>
> port 1
> 0835866101   /  8358661
> 0835866301
>
> port 2
> 0835866201
> 0835866401
>
> (yes, I do have these memorized by now...scary, eh?)
>
>
> <[EMAIL PROTECTED]> wrote in message
>
news:H33700ed1f26*/PN=IST.EPNL-CT-PPC-DAT/OU=port-harcourt/PRMD=ELF5/ADM
> [EMAIL PROTECTED]
> > Hi Guys,
> >
> > I need the SPID and LDN numbers of TELTONE ILS-2000 ISDN line simulator
> > for a LAB session.
> >
> > Regards,
> >
> >
> > Preye.
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > ---
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2948G-L3 troubles

[Rampley, Jim]

Your right about putting the bridge groups on the subinterfaces.  It just
didn't look right to me when I first looked at it.  After reading the doc CD
I agree with you.  You should be able to do a show vlan on the 2948G-L3 and
see all the vlans from the 2948G.

Jim

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lorenzo Montezemolo
Sent: Thursday, August 10, 2000 11:14 PM
To: [EMAIL PROTECTED]
Subject: Re: 2948G-L3 troubles


Hmmm.  I figured that a bridge group was the router equivalent of a VLAN on
a switch, which is to say that it creates a broadcast domain that spans
multiple interfaces.  This is why I put each subinterface on the trunk port
in a different bridge group - I figured doing this would allow me to then
assign 10/100 ports to the same bridge group and have the whole group act as
a VLAN.  I haven't had a chance to look at the Cisco info you gave me, but I
will first thing tomorrow.

What is the 2948G-L3 equivalent of the spantree portfast command on the
2948G?

Thanks,
Lorenzo

""Jim Rampley"" <[EMAIL PROTECTED]> wrote in message
004a01c00332$e1a048c0$1b2290d1@dougy">news:004a01c00332$e1a048c0$1b2290d1@dougy...
| Lorenzo,
|
| Well the first thing I'm thinking is that your trunk ports on the
2948-G-L3
| should not be in a specific bridge group.  You might want to look and see
| how spanning tree is looking on both devices.  Show span on the 2948g-L3
and
| show spantree  on the 2948g.  There are several other show commands
| that are handy.
|
| How long did you wait after plugging the PC in to the port before pinging?
| Spanning tree may not have finished running before you tried to ping.
Give
| it at least 45 seconds after plugging it in.
|
| The other thing you will probably want to do is integrated routing and
| bridging on the 2948-G-L3.  This uses the interface BVI.
|
|
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/2948g-l3/rel_12_0/7wx51
| 5a/config_g/bridging.htm#xtocid38394
|
| Jim
|
| ___
| UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
| FAQ, list archives, and subscription info: http://www.groupstudy.com
| Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
| ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reference and Preparation for CCDA

[Tom Milliner]

See this link for exam objectives and preparation.

 http://www.ccxxproductions.bigstep.com/



Tom Milliner, CPA, MCSE+I, CNE
Greater Dallas Association of REALTORS
8201 N. Stemmons Frwy,  Dallas,  TX  75247
[EMAIL PROTECTED] www.dallasrealtor.com
Phone:  214-637-6660

 

 CCxx Productions - Home.url

RE: Thanks to Group Members

[Ole Drews Jensen]

Congratulations Maria - best wishes for the future.

Have a great weekend,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]


-Original Message-
From: Ms. Maria [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 11:07 AM
To: [EMAIL PROTECTED]
Subject: Thanks to Group Members


Hello Group,

I have finished CCNP. It's all because of support and encouragement I got 
from many members of Groupstudy. I am very thankful to you guys.  I am up to

CCIE Written now, and hopefully will be going after a full- time cisco job, 
after I am done with written. This world looks a lot bright to me now. I 
hope that I keep doing well with all good luck wishes I got, and people like

me (who are sturggling hard to get a good life) get successful one day.

Thanks again!  :>

Maria

p.s. This mail is in reference to the mail that I sent way back with the 
subject "Cisco for Women?"

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2 Ethernet ports in a Router

[Daniel Cotts]

1) Large number of users at site. Segment network to create seperate
broadcast domains.
2) Security. Access lists can limit traffic between interfaces. For example:
HR and Finance on Ethernet0 are not accessible to other users on Ethernet1.

> -Original Message-
> From: Khwaja N [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 11, 2000 12:52 PM
> To: [EMAIL PROTECTED]
> Subject: 2 Ethernet ports in a Router
> 
> 
> What is the main purpose of having 2 LAN ports in a Router?
> Please reply to
> [EMAIL PROTECTED]
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Access list

[Jianfeng Wang]

Hi all,

I have a router that has 2 ether interface - 0 and 1. 0 connect to
outside and 1 to inside.

I set up an access list like below:

access-list 101 deny any any
interface Ethernet0
ip access-group 101 in

I expect that will only allow applications like web browser initiate
connection from inside but not outside. However, I find both end failed
browse through the router. Should I add something like "access-list 101
permit any eq www any" to allow www traffic from ether1 to ether0?

Any advice is appreciated.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Thanks to Group Members

[RamanG]

Congrats.

Hard efforts should pay back now.  But the world is not that way.  I had
finished CCNP in March and have also finished CCIE written, but unable to
find an entry level job.  That is how the certified people without exp are
treated in Toronto (Canada).  My best advise would be try to gain hands-on
exp as much possible.

All the best.


RamanG

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ACLs

[Chris Stocker]

Is there away to make an access list to only allow telnet from the serial
interface (ex: the /30 address on that interface) or default gateway, if the
ip address or gateway isn't known. I want to know this because I have about
500 routers I need to put this on and I want to tftp a standard config to
each one and the default gateway is different for them.

Chris Stocker
Network Admin - ISC
Cablevision Systems

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN problem

[Peace, Jeremiah J (Jeremiah)]

Two things
1. This is a PPP error, not associated with ISDN part at all
2. Protocol x8031, according to RFC 1331 (PPP protocol), is
a Network Connection Protocol, the portion of the PPP setup 
that negotiates Layer 3 protocols. and is specifically associated 
with "Bridging NCP".

More then likely you have Integrated Route Bridging turned on at one
router, but not the other. If both ends are Cisco box's, turn IRB off,
and 
use IP for your traffic.

Hope this helps

-- Jeremiah Peace
-- Lucent Technologies
-- Systems Engineer
-- A+, MCSE,CNA,CCNA,LCTE VoIP,Definity G3


> Hi All,
> 
> Does anyone came across with the error message:
> 
> PPP Serialx/0:5 protocol reject received for protocol = 0x8031
> 
> on ISDN line where the remote router is making the call but the data
> won't pass.
> 
> The message  is coming when I am doing debug: isdn q931, ppp neg., isdn 
> events...into the main router.
> 
> Thank you,
> 
> Mike
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Design good book

[Chuck Larrieu]

Does the name Priscilla Oppenheimer ring a bell :->

Top Down Network Design

The book of the name you mentioned below would be a third choice.

For more general ( and also specific )  high level design education, you
can't beat Howard Berkowitz' Designing Addressing Architectures  this book
has a LOT packed into it.

HTH

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
mindiani mindiani
Sent:   Friday, August 11, 2000 11:23 AM
To: [EMAIL PROTECTED]
Subject:Cisco Design good book

Who knows of any good book for designing Cisco networks.




Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Design good book

[mindiani mindiani]

Who knows of any good book for designing Cisco networks.




Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Switches !!!

[Frank Wells]

What Sean implied here is you will always need a router to route between 
VLAN's. I thought you could use a router (router on a stick)OR
a RSP. He claims that the initial route needs to be found by a router and 
then the RSP can take over.  I still have a problem with this concept 
because I have read about networks consisting entirely of switches from 
access layer up to the core layers, and switched across WAN's too!!!



>From: Chris Larson <[EMAIL PROTECTED]>
>To: 'Frank Wells' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>Subject: RE: Switches !!!
>Date: Fri, 11 Aug 2000 14:04:36 -0400
>
>You will always need to have a router or a route processor to router 
>between
>VLANS. At least with current technology. Layer 3 switching is really just
>being able to processes a route and then forward at switch or wire speeds.
>It still needs to process a route, and is routing between lan segments.
>
>
>In the second part I believe Sean is speaking about Netflow switching where
>the router determines how to route a source/destinatioon once, and once the
>switch learns how that packet was routed through the switch, the next time
>it recieves a similiar source/destination that normaly would require route
>processing it will just switch the packet to the appropriate port based on
>what it learned the last time without asking the router to process a route.
>
>
>
>-Original Message-
>From: Frank Wells [mailto:[EMAIL PROTECTED]]
>Sent: Friday, August 11, 2000 12:30 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Switches !!!
>
>
>Hey Sean.
>This is regarding the following passage taken from the your previous reply
>to this thread:
>
>If C. If the destination and source node reside on ports assigned to
>different VLANs on the switch,  the switch requires an external router to
>resolve the address and send the packet back to the switch. <*** If the
>switch contains an internal route processor, the external router needs to
>only resolve the first packet and then the internal route processor can
>finish the job from there. ***> (An external router needs to be used so 
>that
>
>a routing protocol can be used to map the network topology to base it's
>routes.)
>
>The second sentence implies that there will always need to be at least one
>router in any switched network. Is this actually correct?  I seem to
>remember reading that there are fully switched networks utilizing layer
>three switching as the routing mechanism.  What I am getting at is I 
>thought
>
>Route Switch Processors are layer three devices and fully capable of making
>their own routing decisions, in which case there would be no need for a
>router.  Can you shed some more light please.
>
>Thanks a lot.
>
>
> >From: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
> >Reply-To: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> >CC: "'Raees Ahmed Shaikh'" <[EMAIL PROTECTED]>
> >Subject: RE: Switches !!!
> >Date: Fri, 11 Aug 2000 09:46:12 -0600
> >
> >a1. How are MAC addresses used on a switch: The MAC address of the 
>switch,
> >depending on the interface being used, handle this in different ways.  
>Some
> >Catalyst switches assign a global MAC address, some switches use a pool 
>of
> >addresses assigning one to each interface(You can assign one manually), 
>and
> >sometimes the MAC address can be a virtual MAC address when using HSRP on
> >mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC,
> >NFFCII
> >or the MSFC.  The switch is assigned an IP address and default gateway
> >which
> >allows you to telnet to the switch.  On most switches you can also use 
>the
> >your webrowser to access the switches configuration and make changes 
>simply
> >by typing in the switches IP address.
> >
> >a2. If two nodes on the same switch want to communicate on the same 
>switch:
> >(This question requires a long answer!)
> >
> >If: A. They are connected to the same port on the switch the switch does
> >nothing since the two nodes are in the same collision domain they will 
>see
> >each others traffic.
> >
> >If B. They are in the same VLAN and reside on the same switch, the switch
> >learns the location of each node attached by reading the first frame
> >received and logging the source address and port of arrival in it's 
>Content
> >Addressable Memory(CAM) table. When the switch receives another frame it
> >checks the CAM table and if it knows the port the destination node 
>resides
> >on it forwards the frame directly to that port.   If it does not know the
> >port, it broadcasts the frame to every port which are members of the same
> >VLAN with the exception to the port of arrival.
> >
> >If C. If the destination and source node reside on ports assigned to
> >different VLANs on the switch,  the switch requires an external router to
> >resolve the address and send the packet back to the switch.  If the 
>switch
> >contains an internal route processor, the external router needs to only
> >resolve the first packet and then the internal rout

Re: Checkpoint question

[J. Oquendo]

If your referring to what Dug Song did 
(http://www.zdnet.com/sp/stories/news/0,4538,2610719,00.html) you should be advised 
that this was done on off the shelf install and should not be compared to a properly 
configured firewall.

If your company can't afford a Pix then Checkpoint would be the way to go because I 
can tell you off hand interceptor appliances totally suck.

--Original Message--
From: "vr4drvr ." <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Sent: August 11, 2000 4:03:50 PM GMT
Subject: Re: Checkpoint question


I wouldn't actually recommend checkpoint to any client.  Check out some of 
the hacker sites to see how easily it can be breached.  If you need more 
info let me know.


>From: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Checkpoint question
>Date: Fri, 11 Aug 2000 10:57:13 EDT
>
>Hi:
>
>
>Do any of you have any experience with the Checkpoint training. Is it worth
>it?
>Thanks, KF
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Your Switching Exam Prep

[Carl Hagan, CCNP, MCSE, Excite.Com IS Dept.]

Sean,

I just wanted you to know that I got your book and used it to pass the
Switching Exam.  You and Doug did so much better at describing the switching
and putting it into plain English than the Cisco Press book did.   

I can't wait until your Switching Black Book comes out! Are you going to be
in the Bay Area sometime soon? I would like to meet you.  

Carl Hagan





___
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: I s groupstudy down?

[Lorenzo Montezemolo]

No. ;-)

"Larry Osei-Kwaku" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
| Is groupstudy down ?
|
| Larry
|
| __
| Do You Yahoo!?
| Kick off your party with Yahoo! Invites.
| http://invites.yahoo.com/
|
| ___
| UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
| FAQ, list archives, and subscription info: http://www.groupstudy.com
| Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
| ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Your Switching Exam Prep

[Sean Odom]

Carl,
I am glad you liked it! The Switching Black Book won'e be done until October.
 I have put it on hold for a few weeks to finish the Routing Study Guide with
Todd Lammle.  We just finished the Remote Access Study Guide together. I am
an instructor for Todd Lammles training school,  Globalnet Training Solutions.
 I will be teaching the CCNA/CCDA course at Learn It in downtown San Francisco
August 21-26.  You can drop by if you'd like.  Make it just before lunch at
12:00 or around 5:45 in the evening. I am always willing to take time for those
who give such great comments!  Keep up with your studies and let me know if
there is anything else I can do to help.  -Sean

Sean Odomm CCNP, MCSE, CNX-EtherII
Instructor/GlobalNet Training Solutions (www.lammle.com)
www.TheQuestForCertification.Com


>Sean,
>
>I just wanted you to know that I got your book and used it to pass the
>Switching Exam.  You and Doug did so much better at describing the switching

>and putting it into plain English than the Cisco Press book did.   
>
>I can't wait until your Switching Black Book comes out! Are you going to be

>in the Bay Area sometime soon? I would like to meet you.  
>
>Carl Hagan
>
>
>
>
>
>___
>Say Bye to Slow Internet!
>http://www.home.com/xinbox/signup.html
>
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSU/DSU manufacturers

[Jean Stockton]

Rob;

following is a partial list of csu/dsu vendors that i have:

3COM, ADC KENTROX, ADTRAN, ASTROCOM, BayNetworks, GDC, MOTOROLA, NETOPIA,
OpenRoute, Paradyne, SYNC, TELINC, TYLINK, LARSCOM, CISCO, ORION, Visual
Network, Wescom, VINA T1.

basically, you need to research their websites and find what you need.

mjs

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Rob Mattews
> Sent: Friday, August 11, 2000 11:01 AM
> To: [EMAIL PROTECTED]
> Subject: CSU/DSU manufacturers
>
>
> Hallo,
>
> I'm looking for manufacturers of E1 CSU/DSU's.
>
> Can anyone recommend any ?
>
> Rob
>
> [EMAIL PROTECTED]
>
>
> ---
> Brought to you by Ananzi Mail
> http://mail.ananzi.co.za
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Openview default object colors

[Quadri, Habeeb]

Hi,

I am wondering if somebody knows what is the meaning of different colors
used in openview maps. 
Probably colors can be manipulated but what is the default color scheme used
on the maps.
If object color is 
green - up
red - down
brown - ???

I am particularly interested in finding what is default for brown as standby
router is showing brown and primary is green on
openview map i am using. 

Any help is appreciated.

Thanks.


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

I s groupstudy down?

[Larry Osei-Kwaku]

Is groupstudy down ?

Larry

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet Troubleshooting Woes

[Cthulu, CCIE Candidate]

Do both the file servers adn the PCs use same the primary IPX frame
encapsulation?

Also, try this:

Pick a PC, and patch it directly into the NIC of the server (that is, make a
cross over cable, and path the drop from the PC to the drop for the server).
You'll remove alot of factors from teh equation.

If it doesn't work, then I would suspect a configuration problem:  also,
check the drivers for the NIC card:  you may need an update.

You may also want to get some CAT5, and connect the server directly to the
switch using CAT5...CAT3 makes me feel queasy!

Good luck, and HTH,

Charles







""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message
009301c0032c$66728740$[EMAIL PROTECTED]">news:009301c0032c$66728740$[EMAIL PROTECTED]...
> I had a similar incident recently with a W2K server.
>
> If it had to be rebooted, it came back up ok but the weirdest thing was
that
> Win95/98 clients couldn't log in but W2K Pro clients could.
>
> To top it off, Win95/98 clients could ping the server so "IP" was good.
>
> To fix it we would just reboot the server again until it "took".  Of
course
> this wasn't very satisfactory.
>
> The end story was that the nic on the server was set to auto.  Once we set
> it to manual on 10BaseT everything worked fine.
>
> I have always suspected anything that has "auto" associated with it.
>
> Kevin Wigle
>
> - Original Message -
> From: "David Jones" <[EMAIL PROTECTED]>
> To: "'John Neiberger'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, 10 August, 2000 17:20
> Subject: RE: Ethernet Troubleshooting Woes
>
>
> > The first thing I would suggest is don't assume too much.  Usually, when
> > you're getting alignment errors and CRC's on a Cisco switch, it means
that
> > there is a mismatch between the switch port and the NIC's speed/duplex
> > settings.  Configure the switch port that the server is on and hardcode
it
> > for speed/duplex settings.  Here's an example:
> > conf t
> > int fa0/1
> > speed 100
> > dup full
> >
> > Try one thing at a time.  You would be amazed at what something so
simple
> > can affect you.
> >
> > HTH
> >
> > Dave
> >
> > -Original Message-
> > From: John Neiberger [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 10, 2000 3:56 PM
> > To: [EMAIL PROTECTED]
> > Subject: Ethernet Troubleshooting Woes
> >
> >
> > Okay, I'm going completely out of my mind.  I am at the end of my rope
> with
> > this problem and I have no idea where to go from here.  Basically, I'm
> > begging for suggestions!
> >
> > Several PCs at one of our branches are having difficulty running a
certain
> > application, which uses IPX on 802.3 frames.  We are also running IP on
> this
> > LAN with arpa frames.  There is a file server and printer on this LAN,
and
> > all IPX traffic is between the hosts and that file server.
> >
> > We are have ZERO problems with IP traffic on this LAN.  I've been
pinging
> > the tar out the hosts and they act perfectly normal, except for the file
> > server which had, at worst, a 98% success rate over time.
> >
> > On our ethernet switch, we are seeing alignment errors and CRC errors
> coming
> > from the file server.  The cable has been replaced and we verified that
it
> > is cat 5, but the problems still exist.  This is a new file server with
a
> > new NIC.
> >
> > Okay, the problem is that this particular application takes forever to
run
> > from a desktop out in the building.  yet, if you bring that very PC back
> to
> > the room where the switch is, the application runs very quickly.  This
led
> > us to believe that the cabling was bad.  However, if the cabling were
bad,
> > why are we having no problems with IP traffic?  None at all!  That just
> > doesn't make any sense to me.
> >
> > Granted, the cabling out to the desks is Cat 3 and this branch has had
> some
> > previous EMI problems in the room, but I just don't see how EMI could
> > selectively cause one application to fail without there being some
> > indication of problems with other applications.
> >
> > I've considered replacing the switch, but the problem only happens when
a
> PC
> > out in the main room uses the application, no matter what port it is
> > connected to.  Bring a PC back to the switch room and connect it to any
> port
> > and the program runs as advertised.  So, I'm not going to waste my time
> with
> > that.  I've also considered replacing the NIC in the server since we're
> > seeing errors coming from it, but that would not explain the problems
> we're
> > having, anyway, so that is probably pointless.
> >
> > any ideas?  Our next step is to hire a very expensive data center design
> > company to go up there and check things out.  We've had electricians
check
> > the room and they said they could find no obvious sources of EMI, even
> > though we know that it is prevalent there.
> >
> > Help...please helpI'm dying here, and I'm quickly losing faith in my
> > troubleshooting skills!
> >
> > TIA,
> > John
> >
> >
> >
> >
> >
> > __

global knowledge NETGUN Program

[Hubert Pun]

Anyone has take that?

and how about the Advanced CCIE Preparation Program (ACPP)?  Anyone take
that?


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Thanks to Group Members

[Montgomery, Robert WARCOM Contractor]

Congratulations Maria!

You seem like a good hearted person and I hope you well!

Rob

-Original Message-
From: Ms. Maria [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 9:07 AM
To: [EMAIL PROTECTED]
Subject: Thanks to Group Members


Hello Group,

I have finished CCNP. It's all because of support and encouragement I got 
from many members of Groupstudy. I am very thankful to you guys.  I am up to

CCIE Written now, and hopefully will be going after a full- time cisco job, 
after I am done with written. This world looks a lot bright to me now. I 
hope that I keep doing well with all good luck wishes I got, and people like

me (who are sturggling hard to get a good life) get successful one day.

Thanks again!  :>

Maria

p.s. This mail is in reference to the mail that I sent way back with the 
subject "Cisco for Women?"

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Checkpoint question

[vr4drvr .]

I wouldn't actually recommend checkpoint to any client.  Check out some of 
the hacker sites to see how easily it can be breached.  If you need more 
info let me know.


>From: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Checkpoint question
>Date: Fri, 11 Aug 2000 10:57:13 EDT
>
>Hi:
>
>
>Do any of you have any experience with the Checkpoint training. Is it worth
>it?
>Thanks, KF
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2948G-L3 troubles

[Lorenzo Montezemolo]

I'm quite sure I'm doing something wrong.  I'm going to clear the configs on 
both the L3 and the 2948G and take it step-by-step.  I'll let you know where 
I made the mistake.

Thanks,
Lorenzo


>From: "Rampley, Jim" <[EMAIL PROTECTED]>
>To: 'Lorenzo Montezemolo' <[EMAIL PROTECTED]>, 
>"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: RE: 2948G-L3 troubles
>Date: Fri, 11 Aug 2000 10:27:57 -0400
>
>Your right about putting the bridge groups on the subinterfaces.  It just
>didn't look right to me when I first looked at it.  After reading the doc 
>CD
>I agree with you.  You should be able to do a show vlan on the 2948G-L3 and
>see all the vlans from the 2948G.
>
>Jim
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Lorenzo Montezemolo
>Sent: Thursday, August 10, 2000 11:14 PM
>To: [EMAIL PROTECTED]
>Subject: Re: 2948G-L3 troubles
>
>
>Hmmm.  I figured that a bridge group was the router equivalent of a VLAN on
>a switch, which is to say that it creates a broadcast domain that spans
>multiple interfaces.  This is why I put each subinterface on the trunk port
>in a different bridge group - I figured doing this would allow me to then
>assign 10/100 ports to the same bridge group and have the whole group act 
>as
>a VLAN.  I haven't had a chance to look at the Cisco info you gave me, but 
>I
>will first thing tomorrow.
>
>What is the 2948G-L3 equivalent of the spantree portfast command on the
>2948G?
>
>Thanks,
>Lorenzo
>
>""Jim Rampley"" <[EMAIL PROTECTED]> wrote in message
>004a01c00332$e1a048c0$1b2290d1@dougy">news:004a01c00332$e1a048c0$1b2290d1@dougy...
>| Lorenzo,
>|
>| Well the first thing I'm thinking is that your trunk ports on the
>2948-G-L3
>| should not be in a specific bridge group.  You might want to look and see
>| how spanning tree is looking on both devices.  Show span on the 2948g-L3
>and
>| show spantree  on the 2948g.  There are several other show commands
>| that are handy.
>|
>| How long did you wait after plugging the PC in to the port before 
>pinging?
>| Spanning tree may not have finished running before you tried to ping.
>Give
>| it at least 45 seconds after plugging it in.
>|
>| The other thing you will probably want to do is integrated routing and
>| bridging on the 2948-G-L3.  This uses the interface BVI.
>|
>|
>http://www.cisco.com/univercd/cc/td/doc/product/l3sw/2948g-l3/rel_12_0/7wx51
>| 5a/config_g/bridging.htm#xtocid38394
>|
>| Jim
>|
>| ___
>| UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>| FAQ, list archives, and subscription info: http://www.groupstudy.com
>| Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>| ---
>
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cat5 series switch

[Odom, Sean/SAC]

Hi Ron and Karen,
The Catalyst 2926G, 2948G, 2980G, 5000 and 6000 Family use the Set/Clear
based IOS.  The IOS called this because a majority of the commands start
with set, clear, or show.  The cheapest way to get this IOS is to put the
Enterprise Edition IOS on a 2926G.  Many of these are coming off lease so
they are widely available.  I have seen these for about $2500 on e-Bay.  The
2926G looks just like a 5002 and uses the same chassis.The Enterprise
Edition IOS will work on the 2926G.  Hope this helps you out.  Of you need
more help, feel free to e-mail me at [EMAIL PROTECTED]  -Sean

Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
GlobalNet Training Solutions
[EMAIL PROTECTED] 
www.TheQuestForCertication.Com 


:
:anyone can explain the differences between cat5 series IOS and the rest of
:cat models?
:what IOS the cat5 is running?
:any lower models which supports the same IOS as cat5 with lower price?
:Is the enterprise version IOS is the same as what cat5 series can provide?
:
:

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Preventing password recovery

[Ajaz Nawaz]

Open the router and unplug the console port. Plug it beck in when you want
to use it.



"Michael Fountain" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, I put the question to Cisco's open forum Q&A board, and got about
the
> same answer there - it can't be done.
>
> So, I guess it is time to threaten to have the legal guys shake a stick at
> them and then lock the router up in a big metal box with a little tiny
hole
> for the cable.
>
> Mike
>
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSU/DSU manufacturers

[Jean Stockton]

Rob;

following is a partial list of csu/dsu that i have:

3COM, ADC KENTROX, ADTRAN, ASTROCOM, BayNetworks, GDC, MOTOROLA, NETOPIA,
OpenRoute, Paradyne, SYNC, TELINC, TYLINK, LARSCOM, CISCO, ORION, Visual
Network, Wescom, VINA T1.

basically, you need to research their websites and find what you need.

mjs


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Rob Mattews
> Sent: Friday, August 11, 2000 11:01 AM
> To: [EMAIL PROTECTED]
> Subject: CSU/DSU manufacturers
>
>
> Hallo,
>
> I'm looking for manufacturers of E1 CSU/DSU's.
>
> Can anyone recommend any ?
>
> Rob
>
> [EMAIL PROTECTED]
>
>
> ---
> Brought to you by Ananzi Mail
> http://mail.ananzi.co.za
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Switches !!!

[Frank Wells]

Hey Sean.
This is regarding the following passage taken from the your previous reply 
to this thread:

If C. If the destination and source node reside on ports assigned to
different VLANs on the switch,  the switch requires an external router to 
resolve the address and send the packet back to the switch. <*** If the 
switch contains an internal route processor, the external router needs to 
only resolve the first packet and then the internal route processor can 
finish the job from there. ***> (An external router needs to be used so that 
a routing protocol can be used to map the network topology to base it's 
routes.)

The second sentence implies that there will always need to be at least one 
router in any switched network. Is this actually correct?  I seem to 
remember reading that there are fully switched networks utilizing layer 
three switching as the routing mechanism.  What I am getting at is I thought 
Route Switch Processors are layer three devices and fully capable of making 
their own routing decisions, in which case there would be no need for a 
router.  Can you shed some more light please.

Thanks a lot.


>From: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>Reply-To: "Odom, Sean/SAC" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>CC: "'Raees Ahmed Shaikh'" <[EMAIL PROTECTED]>
>Subject: RE: Switches !!!
>Date: Fri, 11 Aug 2000 09:46:12 -0600
>
>a1. How are MAC addresses used on a switch: The MAC address of the switch,
>depending on the interface being used, handle this in different ways.  Some
>Catalyst switches assign a global MAC address, some switches use a pool of
>addresses assigning one to each interface(You can assign one manually), and
>sometimes the MAC address can be a virtual MAC address when using HSRP on
>mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC, 
>NFFCII
>or the MSFC.  The switch is assigned an IP address and default gateway 
>which
>allows you to telnet to the switch.  On most switches you can also use the
>your webrowser to access the switches configuration and make changes simply
>by typing in the switches IP address.
>
>a2. If two nodes on the same switch want to communicate on the same switch:
>(This question requires a long answer!)
>
>If: A. They are connected to the same port on the switch the switch does
>nothing since the two nodes are in the same collision domain they will see
>each others traffic.
>
>If B. They are in the same VLAN and reside on the same switch, the switch
>learns the location of each node attached by reading the first frame
>received and logging the source address and port of arrival in it's Content
>Addressable Memory(CAM) table. When the switch receives another frame it
>checks the CAM table and if it knows the port the destination node resides
>on it forwards the frame directly to that port.   If it does not know the
>port, it broadcasts the frame to every port which are members of the same
>VLAN with the exception to the port of arrival.
>
>If C. If the destination and source node reside on ports assigned to
>different VLANs on the switch,  the switch requires an external router to
>resolve the address and send the packet back to the switch.  If the switch
>contains an internal route processor, the external router needs to only
>resolve the first packet and then the internal route processor can finish
>the job from there.  (An external router needs to be used so that a routing
>protocol can be used to map the network topology to base it's routes.)
>
>Hope this answers your questions.
>
>Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
>GlobalNet Training Solutions
>[EMAIL PROTECTED] 
>www.TheQuestForCertication.Com 
>  -Original Message-
>From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]
>Sent: August 08, 2000 11:50 PM
>To: '[EMAIL PROTECTED]'
>Subject: Switches !!!
>
>
>
>
>  If all the ports of the switches have mac addresses than
>
>q.1  If somebody telnets to swithes the actual physical communication 
>occurs
>through which mac address.
>q.2  If two pcs are connected to the same swithc, and they want to
>communicate  the real communication should go like this ( pc mac- switch
>port mac - destination switch port mac - destination pc).
>
>Totally confused arp arp arp.
>
>Please Help.
>
>
>Shaikh Raees Ahmed,
>Microsoft Certified Systems Engineer,
>Systems & Network,
>IT Division.
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http:/

RE: CCDA

[Odom, Sean/SAC]

There are several good books.  Todd Lammle puts out a good CCDA book and
also there is a very good book that follows the objectives pretty good on
CertificationZone.Com.   I think it is 19.95 for that one.  
 
-Sean Odom
Coriolis Author
www.TheQuestForCertification.Com  

-Original Message-
From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]
Sent: August 11, 2000 4:16 AM
To: '[EMAIL PROTECTED]'
Subject: CCDA




 Can anyone refer to me a good book for preparing for CCDA, currently i am
referring to the official cisco press study kit, but I feel it wouldn't be
sufficient.

Thanks in advance. 

Shaikh Raees Ahmed, 
Microsoft Certified Systems Engineer, 
Cisco Certified Network Associate, 
Systems & Network, 
IT Division. 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Thanks to Group Members

[Ms. Maria]

Hello Group,

I have finished CCNP. It's all because of support and encouragement I got 
from many members of Groupstudy. I am very thankful to you guys.  I am up to 
CCIE Written now, and hopefully will be going after a full- time cisco job, 
after I am done with written. This world looks a lot bright to me now. I 
hope that I keep doing well with all good luck wishes I got, and people like 
me (who are sturggling hard to get a good life) get successful one day.

Thanks again!  :>

Maria

p.s. This mail is in reference to the mail that I sent way back with the 
subject "Cisco for Women?"

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2 Ethernet ports in a Router

[Lorenzo Montezemolo]

The main purpose is so that you can route between two LAN segments.


""Khwaja N"" <[EMAIL PROTECTED]> wrote in message
8n179k$1du$[EMAIL PROTECTED]">news:8n179k$1du$[EMAIL PROTECTED]...
| What is the main purpose of having 2 LAN ports in a Router?
| Please reply to
| [EMAIL PROTECTED]
|
|
| ___
| UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
| FAQ, list archives, and subscription info: http://www.groupstudy.com
| Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
| ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSU/DSU manufacturers

[Lorenzo Montezemolo]

Try ADTRAN or KENTROX.


""Rob Mattews"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
| Hallo,
|
| I'm looking for manufacturers of E1 CSU/DSU's.
|
| Can anyone recommend any ?
|
| Rob
|
| [EMAIL PROTECTED]
|
|
| ---
| Brought to you by Ananzi Mail
| http://mail.ananzi.co.za
|
| ___
| UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
| FAQ, list archives, and subscription info: http://www.groupstudy.com
| Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
| ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccie design written

[Phil Lerner]

Has anyone taken this yet? Harder than CID?

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Checkpoint question

[J. Oquendo]

IMHO Its not worth it unless you just want to add the title of CCSE, CSE to your 
signature. If you know your stuff regarding firewalls you won't need a cert. Besides 
how good can a CCSE be when its only generally a 5 day course in which the pass ratio 
is about 95%?

Doesn't mean someone knows checkpoint in and out it could mean they listened, 
memorized, and answered properly. Real world experience along with the cert is a 
different issue. So if you've used it and understand it thoroughly then go for it... 
But if you just want to sit in a class and pass the exam then its not worth it because 
it only shows you GUI stuff, installation procedures, etc... It will not show you how 
to configure massive networks of different specifications.

--Original Message--
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: August 11, 2000 2:57:13 PM GMT
Subject: Checkpoint question


Hi:


Do any of you have any experience with the Checkpoint training. Is it worth 
it?
Thanks, KF

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2 Ethernet ports in a Router

[Khwaja N]

What is the main purpose of having 2 LAN ports in a Router?
Please reply to
[EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

AVVID Certification

[Khwaja N]

Is AVVID part of CCIE Lab? Or is their a separate AVVID certification?
Thanks,
[EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Switches !!!

[Odom, Sean/SAC]

a1. How are MAC addresses used on a switch: The MAC address of the switch,
depending on the interface being used, handle this in different ways.  Some
Catalyst switches assign a global MAC address, some switches use a pool of
addresses assigning one to each interface(You can assign one manually), and
sometimes the MAC address can be a virtual MAC address when using HSRP on
mulitiple internal route processors such as the MSM, RSM, RSFC, NFFC, NFFCII
or the MSFC.  The switch is assigned an IP address and default gateway which
allows you to telnet to the switch.  On most switches you can also use the
your webrowser to access the switches configuration and make changes simply
by typing in the switches IP address.
 
a2. If two nodes on the same switch want to communicate on the same switch:
(This question requires a long answer!)
 
If: A. They are connected to the same port on the switch the switch does
nothing since the two nodes are in the same collision domain they will see
each others traffic.
 
If B. They are in the same VLAN and reside on the same switch, the switch
learns the location of each node attached by reading the first frame
received and logging the source address and port of arrival in it's Content
Addressable Memory(CAM) table. When the switch receives another frame it
checks the CAM table and if it knows the port the destination node resides
on it forwards the frame directly to that port.   If it does not know the
port, it broadcasts the frame to every port which are members of the same
VLAN with the exception to the port of arrival.  
 
If C. If the destination and source node reside on ports assigned to
different VLANs on the switch,  the switch requires an external router to
resolve the address and send the packet back to the switch.  If the switch
contains an internal route processor, the external router needs to only
resolve the first packet and then the internal route processor can finish
the job from there.  (An external router needs to be used so that a routing
protocol can be used to map the network topology to base it's routes.)
 
Hope this answers your questions.
 
Sean Odom, CCNP, MCSE, CNX-EtherII, Author, Instructor
GlobalNet Training Solutions
[EMAIL PROTECTED]  
www.TheQuestForCertication.Com   
 -Original Message-
From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]
Sent: August 08, 2000 11:50 PM
To: '[EMAIL PROTECTED]'
Subject: Switches !!!




 If all the ports of the switches have mac addresses than 

q.1  If somebody telnets to swithes the actual physical communication occurs
through which mac address. 
q.2  If two pcs are connected to the same swithc, and they want to
communicate  the real communication should go like this ( pc mac- switch
port mac - destination switch port mac - destination pc).

Totally confused arp arp arp. 

Please Help. 


Shaikh Raees Ahmed, 
Microsoft Certified Systems Engineer, 
Systems & Network, 
IT Division. 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 8540

[Evan You]

Hey all,

Can a Catalyst 8540 handle 5 OC-3 ATM ports and also 2 Gigabits Ethernet all
at once?

Basically, will it have enough horsepower to do ATM Switching and Routing?

Thanks,


Evan You - CCNA

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM Lane & Gigabit Ethernet

[Croyle, James]

I will just send this about a security vulnerability we found out about in
our implementation from 10 MB broadcast domain to a 3 layer model switched
and routed network with Gigabit backbone...

Jim


Cisco Gigabit Switch Routers (GSRs), when used with configured Fast
 Ethernet/Gigabit Ethernet cards may forward traffic bypassing ACLs.
 This could lead to exploitation of vulnerabilities that would normally have
 been protected by the access control lists. It may also be possible for an
 attacker to cause an interface on the target GSR to stop forwarding
 packets, resulting in a denial of service. The evasion of ACLs has to do
 with optimizations in handling of various packet types and occurs only
 on the affected interfaces. This vulnerability only exists when Fast
 Ethernet/Gigabit Ethernet network interface cards are used with Gigabit
 Switch Routers. All versions of IOS greater than 11.2 on GSRs are
 assumed to be vulnerable.


 class
 Failure to Handle Exceptional Conditions
 cve
 GENERIC-MAP-NOMATCH
 remote
 Yes
 local
 No
 published
 August 03, 2000
 updated
 August 03, 2000
 vulnerable
 Cisco Gigabit Switch Router 12016
 Cisco Gigabit Switch Router 12012
 Cisco Gigabit Switch Router 12008
 Cisco IOS 12.1
 Cisco IOS 12.0.7
 Cisco IOS 12.0.6
 Cisco IOS 12.0.5
 Cisco IOS 12.0.4
 Cisco IOS 12.0.3
 Cisco IOS 12.0.2
 Cisco IOS 12.0.1
 Cisco IOS 12.0
 Cisco IOS 11.3.1
 Cisco IOS 11.3
 Cisco IOS 11.2.8
 Cisco IOS 11.2.10
 Cisco IOS 11.2P
 Cisco IOS 11.2
 not vulnerable
 Cisco IOS 12.0(8.3)SC
 Cisco IOS 12.0(8.0.2)S
 Cisco IOS 12.0(7.4)S
 Cisco IOS 12.0(7)SC
 Cisco IOS 12.0(7)S1
 Cisco IOS 11.2(19)GS0.2


The following versions of IOS contain the fix for this vulnerability:

 * 11.2(19)GS0.2
 * 12.0(8.0.2)S
 * 12.0(7)S1
 * 12.0(7.4)S
 * 12.0(8.3)SC
 * 12.0(7)SC

 Upgrade the firmware in your GSRs to any of the applicable versions
 listed above.

-Original Message-
From: Douglas McConnell [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 9:50 AM
To: Cisco Groupstudy
Cc: [EMAIL PROTECTED]
Subject: ATM Lane & Gigabit Ethernet


Team:

We are upgrading our network to Gigabit Ethernet from
ATM Lane.  Are any of you aware of any known problems
or caveats in implementing this migration
successfully?



=
Please Reply to: [EMAIL PROTECTED]
---
Douglas A. McConnell
BV Solutions Group, Inc. - A Black & Veatch Company
Network Communications Specialist IV
Cisco Certified Network Associate
A+ Certified Technician

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help needed with IPSec and NAT Configuration

[George Zhang]

Hi Group,

I gave a question regarding IPSec and NAT configuration.  I am trying to
configure IPSec between a 3640 and 1605.  The diagram of the network is
shown below:


--
--
||
150.26.154.249/30||
  ---fa0/0--|||3640
|||--S0/0---S0--|||1605   |||--E0---
 192.168.64.1/24 | |
150.26.154.250/30 ||  192.168.128.1/24
--   IPSec
channel--

IPSec needs to be configured between the 3640: S0/0 interface and 1605:
S0 interface.
Both 3640:S0/0 and 1605:S0 are using global IP address.  Both 3640:fa0/0
and 1605:E0 are using private IP address.  NAT is configured on both
3640 and 1606 to translate between the private and global IP addresses.

According to Cisco CCO, "If you use network address translation (NAT),
you should configure static NAT translations so that IPSec will work
properly.  In general, NAT translation should occur before the router
performs IPSec encapsulation;in other word, IPSec should be working with
global address".

My questions are that,

(1) What does it mean by "NAT translation should occur before the router
performs IPSec encapsulation;in other word, IPSec should be working with
global address"?  Does that mean I need one more router at both end to
do the NAT?

(2) Can I do IPSec with the diagram show above?  If I can, how should I
configure the access-list?  Should I be using the global or private IP
address in the acess-list, i.e. which one of the next two is correct,

A.  access-list 120 permit ip 192.168.64.0 0.0.0.255 192.168.128.0
0.0.0.255
B.  access-list 120 permit ip 150.26.154.249 0.0.0.0 150.26.154.250
0.0.0.0


I know quite a few people out there are CCNP-Security certified.  Please
help me out.  Thank you very much for your help in advance.

George Zhang, CCNP

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Checkpoint question

[ROUTHIER, YVES]

Hi:

If you are from montreal, Maxon offert a good course , basic and advance
one about Firewall 1

Yves R.

[EMAIL PROTECTED] wrote:
> 
> Hi:
> 
> Do any of you have any experience with the Checkpoint training. Is it worth
> it?
> Thanks, KF
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSU/DSU manufacturers

[Rob Mattews]

Hallo,

I'm looking for manufacturers of E1 CSU/DSU's.

Can anyone recommend any ?

Rob

[EMAIL PROTECTED]


---
Brought to you by Ananzi Mail
http://mail.ananzi.co.za

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Checkpoint question

[Karlflem]

Hi:


Do any of you have any experience with the Checkpoint training. Is it worth 
it?
Thanks, KF

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT Problems

[Chris Larson]

You can set the amount of time a translation times out and get's cleared. It
sounds like yours are sitting around for longer then normal.

ip nat translation timeout 

When port translation is not configured, translation entries time out after
24 hours. This time can be adjusted with the above command or the following
variations: 


ip nat translation udp-timeout 
ip nat translation dns-timeout 
ip nat translation tcp-timeout 
ip nat translation finrst-timeout 






-Original Message-
From: Tai Ngo [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 8:37 PM
To: [EMAIL PROTECTED]
Subject: NAT Problems


Hi All,

I am having problems using NAT on my Cisco 3620 router.  NAT translations
works fine but for some reason, the cpu utilization on my router starts
increasing to about 91% after a few days.  When access to the Internet gets
slow, I also notice that I have lots of dynamic address translation when I
do a "show ip nat stat", over 1000 active translation with dyanmic
translations being the majority and when my router is really slow, around
6000 dynamic translation.  When I do a "clear ip nat trans *", the router
returns to normal, cpu utilization also drops to around 10%.  Should I have
to do this every so often or am I missing something from my config file.  

I am currently running IOS 12.0(5) and have 48MB RAM on my router.

Any hints/tips would be greatly appreciated.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix-to-pix tunnel...somebody make it work!!!

[Chris Larson]

Hi Chris,

Thanks for the contact info. BCRAN's ISBN is 1-928994-13-X  Promote
shamelessly!! We expect it to be available at the beginning of October (it's
printing early Sept).

Sorry for the delay in getting the chapter back to you for revisions; the
tech editor currently has most of the book on his plate, and he's plowing
through it as best he can. If you have schedule constraints for revisions,
let me know asap and I'll make it a priority.



-Original Message-
From: Kenneth [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 10:36 PM
To: [EMAIL PROTECTED]
Subject: Re: pix-to-pix tunnel...somebody make it work!!!


hi chris. what's the title of this book? or isbn#?

"Chris Larson" <[EMAIL PROTECTED]> wrote in message
009AE8FD8584D3119A2E0008C7F4A8492A63@WEBSERVER">news:009AE8FD8584D3119A2E0008C7F4A8492A63@WEBSERVER...
> Are you trying to use NAT with the tunnel?
>
>  I find the stuff on CCO about VPN to be overkill, so I will include a
piece
> of a Chapter on VPN I wrote for Syngress media, that I may simplify what
you
> found on CCO for pix to pix VPN. You can take it or leave it, but the
config
> should work just replace the addresses I have in the text with your own.
>
>
>
> Extranet Solution Example
>
> Figure 4.3
>
>
> We have taken care of our remote office so let's take a look at adding a
> business partner communicating through the Internet. This will be very
> similar to the previous scenario. Most companies would do this on the
> firewall or a special VPN concentrator (we will discuss this later) for
> security reasons. This being the case, in this scenario we will look at
> configuring PIX to PIX firewall VPN. You could do this on the router, and
> would follow the same principles as in the previous scenario. You could
use
> the same pre-shared key with different ISAKMP and IPSEC policies if you
> wish, however It is advisable NOT to use the same key for different peers
> for security reasons.
> Configuring the PIX firewall for VPN can be done in many different ways.
You
> can configure the a VPN to use the NAT address of the inside or DMZ hosts
or
> you can configure the PIX to allow your peer to use the actual IP of the
> inside or DMZ hosts. The latter is the simpler of the two and is what we
> will be configuring here. Just keep I mind that you can use NAT when
> configuring a firewall VPN if needed. Let's start with the corporate
> firewall.
>
> Preparing your Perimeter Router
> If you are explicitly blocking traffic on your perimeter router, it may be
> necessary to build an access list allowing IPSEC protocols through to the
> firewall. This can be done by permitting the ahp and esp protocol types
and
> udp isakmp port. Example:
> access-list 100 permit ahp host 172.1.16.1 host 192.168.52.1
> access-list 100 permit esp host 172.1.16.1 host 192.168.52.1
> access-list 100 permit udp host 172.1.16.1 host 192.168.52.1 eq isakmp
>
>
> 1. First we need to configure the firewall to allow IPSEC connections.
> If we don't explicitly allow IPSEC connections then we must use the
conduit
> command to allow IPSEC traffic to flow to the destination. For our
> configuration we will implicitly allow IPSEC connetions with the following
> command.
>
> Sysopt connection permit-ipsec
>
>
>
>
>
> 2. Define an list specifying what needs to be encrypted. In this case
> we will encrypt all communications between networks. If you wanted to only
> allow and encrypt data between a single host on Corporate and a single
host
> on the Business prtnet network you would define that here in this
> access-list. The list should have the inside source of your network and
> inside destination of the remote.
>
>
> Access-list 100 permit ip 10.2.3.0 0.0.0.255 192.168.50.0 0.0.0.255
>
>
> 3. This states that anything passing the list should not have to use
> NAT. This command does not get applied to any interface but is associated
> with the crypto map so that only traffic that is already encrypted uses
this
> feature.
>
> Nat (inside) 0 access-list 100
>
> 4. Like the router based VPN you must define a transform-set to tell
> the firewall what type of algorithm to use for encryption and
> authentication.
>
> Crypto ipsec transform-set myset esp-des esp-md5-hmac
>
> 5. Now define your crypto map to allow IPSEC keys and security
> association negotiation to be done using ISAKMP
>
> Crypto map mymap 5 ipsec-isakmp
>
> 6. This tells the firewall that traffic matching access-list 100 should
> use this crypto map.
>
> Crypto map mymap 5 match address 100
>
> 7. Set the address of your peer encrypting device.
>
> Crypto map mymap 5 set peer 172.16.16.1
>
> 8. Configure the crypto map to use the transform set you created in
> step 4.
>
> Crypto map mymap 5 set transform-set myset
>
> 9. Configure the firewall to use the crypto map on traffic passing the
> outside interface.
>
> Crypto map mymap interface outside
>
> 10. To use ISAKMP for SA negotiation you must enable ISAKMP on the
> particular interface where it 

CCDA

[chan]

Hi All

i would like to take my CCDA exam next month. Will anyone know when i can
get study materials from the  WEB.

Thank
Chan


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SDSL statement : True or False ?

[Maccubbin, Duncan]

 Sigh, why do ppl make such assumptions? Actually, Netopia tries to make
their equipment work with everyone they can. When I worked with one of the
larger DSL ISPs in the DC area they were very helpful. You could call them
with an issue and if they could fix the issue without a major overhaul they
would. I know, for example, their T1 router supports Cisco HDLC.

Duncan

-Original Message-
From: Oz [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 10:17 AM
To: [EMAIL PROTECTED]
Subject: Re: SDSL statement : True or False ?


I think some comes down to a control issue the ISP's  don't want you playing
with their  Dslam  etc  and also they get very sweet deals on the last mile
stuff.
 So why should they and there are compatability issues  I forget right now
what the issue  was

Als look at it from netopia's point  why should they try to work with cisco
if they don't they get to place stuff all the way to the end.
 If they do  their sales end at the  demark.
  It's called marketing ,
I have had this problem and created a need for a firewall after the netopia
so  lost a router and gained a firewall.
 Not a bad trade  (heh)
Oz
http://www.mcseco-op.com/helpfull_links.htm

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BCMSN

[Rishard Chapoteau]

I had a few of them. . . not to many and not to complicated.

rishard


"OLUREMI DAWODU" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>   Hello all,
>
>   I have the BCMSN on sunday and I was wondering if
> anyone out there who has  taken the test knows if you
> get fill in  the blank question, no flames please  I
> 'm not asking for questions.
>
> Thanks in advance
>
> Remi
>
> 
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Great CCDA Study Site (CCDA exam length)

[sougata maitra]

If you give a prometric test (English) in a non
english speaking country they give you 30 mins extra.
regards
mike
--- Shane McMordie <[EMAIL PROTECTED]>
wrote:
> This Web site says the new CCDA is 72 questions in
> 120 minutes, with 3
> case studies.
> 
> I did CCDA 640-441 2 days ago in Frankfurt, Germany.
> (Pass.)  There
> were 72 questions, all right, but 4 case studies and
> the time allowed
> was 150 minutes.   And there is this annoying survey
> at the start which
> chews up an extra 15 minutes.
> 
> Maybe the exam time is variable?  120 mins for 3
> cases, 150 mins for 4?
> 
> Shane
> 
> 
> >From: Paul Immo <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Great CCDA Study Site
> >Date: Tue, 8 Aug 2000 09:21:18 -0700 (PDT)
> >
> >I just passed my CCDA yesturday, I used mainly the
> >material from this site!
> >
> >http://www.ccxxproductions.bigstep.com/
> >
> >Check them out
> >
> 
> 
> 
> ___
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ADDITIONAL DRAWINGS FOR VISIO

[Poyerd, Denis]

The ones I have bookmarked are:

http://www.dtool.com/cisco_visio.zip
www.cisco.com/warp/public/503/2.html

Denis



-Original Message-
From: Leon Bass [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 10:10 AM
To: [EMAIL PROTECTED]
Subject: ADDITIONAL DRAWINGS FOR VISIO


At one time someone on this site located a web sight where you could
download additional network diagrams to be used in visio, ANYONE STILL
KNOW OF THIS SIGHT???

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SDSL statement : True or False ?

[Oz]

I think some comes down to a control issue the ISP's  don't want you playing
with their  Dslam  etc  and also they get very sweet deals on the last mile
stuff.
 So why should they and there are compatability issues  I forget right now
what the issue  was

Als look at it from netopia's point  why should they try to work with cisco
if they don't they get to place stuff all the way to the end.
 If they do  their sales end at the  demark.
  It's called marketing ,
I have had this problem and created a need for a firewall after the netopia
so  lost a router and gained a firewall.
 Not a bad trade  (heh)
Oz
http://www.mcseco-op.com/helpfull_links.htm

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet Troubleshooting Woes

[John Neiberger]

I agree that this appears to be a cabling issue, but if that were the case
why does our IP traffic not suffer at all?  There are zero errors with our
IP traffic, but this one single application that uses IPX doesn't function
well over that cabling.  So, does that necessarily mean that the problem is
cabling?  I'm not 100% sure.

If we had bad cabling, I would expect to see frame errors regardless of
frame type.  I'm not sure about this, but wouldn't it be unusual only to see
frame errors with 802.3 frames but not arpa frames?  

anyone know about that one?

Thanks,
John

>  John,
>  
>  You may have already answered your question by asking it to the group.
>  "Bring a PC back to the switch room and connect it to any port and the
>  program runs as advertised.  So, I'm not going to waste my time with
that.
>  I've also considered replacing the NIC in the server since we're seeing
>  errors coming from it, but that would not explain the problems we're
having,
>  anyway, so that is probably pointless. any ideas?"
>  
>  What is the one thing that you are eliminating when you brind the PC to
the
>  back room with the switch??  Yes, that's right-CABLING!  I am going to
>  assume that you are using fresh cable for this and the cable happens to
be
>  Cat5.
>  
>  As far as an expensive company to install this, do it yourself or find
>  someone.  I used to work for a company that installs cabling in nearly
any
>  part of the US.  If you are interested, I can have someone from the
>  organization call you and quote a price to you.  Install some new
cabling,
>  Cat5, and spend about $20 a NIC and viola-you have 100 full to the
desktop.
>  Users will love you; and, then you will able to spend more time studying
or
>  cruising the Internet
>  
>  Let me know if I can be of any assistance.
>  
>  Stevan Pierce
>  
>  You
>  "John Neiberger" <[EMAIL PROTECTED]> wrote in message
>  12522145.965944221954.JavaMail.imail@tiptoe">news:12522145.965944221954.JavaMail.imail@tiptoe...
>  > Yes, the file server is in the same room as the switch and it's
connected
>  at
>  > 100/full.  All other hosts are in a different room connected via cat3
>  > cabling and running at 10/half (no autonegotiation).  We have checked
the
>  > cabling distances are the longest cable was about 100 feet.
>  >
>  > I have been pinging the hosts and server from a router that is also
>  > connected to the switch at 10/half, and is also in the same room.
>  >
>  > The switch is a Baystack 303, but i think just for grins I'll run up
there
>  > and replace it with a newer 310 to see what happens.
>  >
>  > I would LOVE to have a sniffer and/or RMON probe right now, but alas,
we
>  > have neither.  :-(  I've got the software to analyze rmon information,
but
>  > nothing to analyze!
>  >
>  > >  Hmm, I can think of several things that may be going wrong, and
>  (perhaps
>  > >  taken together) cause your problem. But first a few questions and
>  > >  suggested experiments (some of which you may have tried already):
>  > >
>  > >  - Is the file server in the same room as the switch?
>  > >  - What are the endpoints of the IP traffic on the LAN? Clients and
>  > >router (on the way to a remote server)? Clients and local server?
>  > >  - Where have you been pinging the hosts from?
>  > >  - Do you have port error stats with an IPX client going straight
into
>  > >the hub vs. at its appointed location? Packet captures under the
same
>  > >conditions that may throw some light on the sluggishness?
>  > >
>  > >  Now for some possible causes:
>  > >
>  > >  - Bad or marginal cable or connectors
>  > >  - Bad or marginal switch ports, cards, or backplane connectors
>  > >  - EMI from unexpected sources such as the switch's own power supply
>  > >  - Network diameter issues (you didn't specify 10/100/1000baseT)
>  > >
>  > >  HTH.
>  > >
>  > >  On Thu, 10 Aug 2000, John Neiberger wrote:
>  > >
>  > >  > Okay, I'm going completely out of my mind.  I am at the end of my
>  rope
>  > with
>  > >  > this problem and I have no idea where to go from here.  Basically,
>  I'm
>  > >  > begging for suggestions!
>  > >  >
>  > >  > Several PCs at one of our branches are having difficulty running a
>  > certain
>  > >  > application, which uses IPX on 802.3 frames.  We are also running
IP
>  on
>  > this
>  > >  > LAN with arpa frames.  There is a file server and printer on this
>  LAN,
>  > and
>  > >  > all IPX traffic is between the hosts and that file server.
>  > >  >
>  > >  > We are have ZERO problems with IP traffic on this LAN.  I've been
>  > pinging
>  > >  > the tar out the hosts and they act perfectly normal, except for
the
>  > file
>  > >  > server which had, at worst, a 98% success rate over time.
>  > >  >
>  > >  > On our ethernet switch, we are seeing alignment errors and CRC
errors
>  > coming
>  > >  > from the file server.  The cable has been replaced and we verified
>  that
>  > it
>  > >  > is cat 5, but the problems still exist.  This is 

RE: Telco ATM to Frame conversion

[Poyerd, Denis]

I'm 
working a similar project migrating from Frame Relay to ATM, where the Frame 
Relay cloud (Sprint/Bell South) is attached to Cisco 4700s on the local 
campuses with Xylan or Cabletron at the core and the ATM is Marconi/FORE 
9500s(also Sprint/Bell South). 
 
What 
I'm finding out about the Xylan switches is that you have to be careful how the 
vlans are auto-configured. IP addresses will be automatically grouped in a vlan 
you may not want it to be with. You may have to manually change the vlans. The 
problem I'm working out right now are the routing tables in the ATM cloud being 
totally bypassed because of vlan groupings off the Xylans. As the routing table 
is bypassed, I get a ping-pong effect from the ATM router(FORE) to the 
local Xylan switch.
 
BTW: I 
came in on this project just before integration and take no responsibility 
for the recommendation of FORE equipment. Although FORE is superb in the layer 2 
world, I'm not impressed with layer 3 and its lack of features (like no NAT 
capability).
 
Denis

  -Original Message-From: BIKEMAN 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, August 11, 2000 5:34 
  AMTo: [EMAIL PROTECTED]Subject: Telco ATM to Frame 
  conversion
  Hi all
   
  I'm currently desgning a network with 200 sites 
  connecting via frame relay to the three core sites with the core being a 
  fully meshed ATM switched network (Xylan layer 2 and 3 ATM switches). 
  
   
  What I'm wondering about and haven't had much 
  luck finding out from the telco's is whether inverse arp will still be 
  working ? My opinion is that the inverse arp might have some 
  problems - with the layer 3 switches I think things might get a little 
  complicated (I am disabling inverse arp on the routers)
   
  I realise this depends mostly on what the telco 
  is doing to convert the frame to ATM, but any info or anecdotes you might 
  have about similar things would be welcome. 
   
  Regards
   
  Rudi Meyer
   

ADDITIONAL DRAWINGS FOR VISIO

[Leon Bass]

At one time someone on this site located a web sight where you could
download additional network diagrams to be used in visio, ANYONE STILL
KNOW OF THIS SIGHT???

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM Lane & Gigabit Ethernet

[Douglas McConnell]

Team:

We are upgrading our network to Gigabit Ethernet from
ATM Lane.  Are any of you aware of any known problems
or caveats in implementing this migration
successfully?



=
Please Reply to: [EMAIL PROTECTED]
---
Douglas A. McConnell
BV Solutions Group, Inc. - A Black & Veatch Company
Network Communications Specialist IV
Cisco Certified Network Associate
A+ Certified Technician

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Masterbowser, netbios name, wins

[Chris Larson]

WINS is used to register netbios names and map them to ip addresses.
Similiar to DNS except DNS is a Host name to ip address system. The netbios
name is of course the name you give to your machine. The master browser is
and backup master browser keep a list of available network resources. Master
browser and backup master is done through an election process which on large
networks can create a large amount of traffic and create problems.

In a PDC BDC anvironment it is supposed to default to making hte PDC the
master browser although I personally have at times found it better to force
a master as when you shutdown the PDC , sometimes things get fouled. 
To force a master on a machine edit that machines registry to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters

Value= IsDomainMaster   True

-Original Message-
From: jeongwoo park [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 6:52 PM
To: Groupstudy
Subject: Masterbowser, netbios name, wins


Hi all
I have a question.
What is Master browser? and what does it have to do
with netbios name and wins server?

Can somebody clarify this?

I will appreciate your help.

Thanks.

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco compatible memory

[Brian]

www.crucial.com


On Fri, 28 Jul 2000, Barrett wrote:

> Any links to cheap cisco compatible memory is appreciated.  Thanks
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

---
Brian Feeny, CCNA, CCDA   [EMAIL PROTECTED]   
Network Administrator 
ShreveNet Inc. (ASN 11881)

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SDSL statement : True or False ?

[Ole Drews Jensen]

Thanks Scott,

P.S. What does YMMV stand for? - ("You Make Me Vomit" ???)

  :-)

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]


-Original Message-
From: Scott Nelson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 6:41 PM
To: Cisco -L post
Cc: Chuck Larrieu
Subject: Re: SDSL statement : True or False ?


SDSL routers/bridges only work with the DSLAM that is advertised. The line
coding is slightly different from each other.

Is there a specific requirement that Cisco provides that Netopia doesn't?
There isn't much to configuring Netopia Routers. They are fairly easy.

The most common DSLAM's that I have seen are Westel, Copper Mountain and
Nokia. The xDSL modem usually supports only of of these DSLAMs.
In my experience anyway

YMMV

Scott



> In my experience with two different DSL providers ( Northpoint and Covad,
if
> you must know ) On the provider side they test for compatibility, ease of
> use, setup etc. they want their installers to be able to walk into your
> home, pop in the equipment, spend five minutes setting it up and testing,
> and then be on their way. Oh yeah, they want to make a buck on this stuff
> without having their customers balk at high cost of equipment. Their QA
> people have looked at the market, done their testing, negotiated their
> pricing, and they are done with it.
>
> You can put in your own stuff and chances are it will work. But if there
are
> any problems, you know what happens.
>
> It is best go with what the carrier says. If you have other issues, such
as
> firewall or NAT,  you can always install another device into the mix.
>
> ISP-DSLRouter-CiscoRouter--insideNetwork
>
> And use the IOS firewall feature set. Or some other combination.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Ole
> Drews Jensen
> Sent: Thursday, August 10, 2000 2:29 PM
> To: '[EMAIL PROTECTED]'
> Subject: SDSL statement : True or False ?
>
> I would like to convert our branch offices from ISDN connections to SDSL,
> but the carrier that I would like to use want's me to use Netopia routers
> instead of Cisco. When I told them that I would like to use Cisco to
> standalize our equipment and since I know how to operate Cisco routers, I
> got this message:
>
> =/=
> We checked with our dsl partner and unfortunately their Copper Mountain
> DSLAMS do not work with Cisco routers for dsl service. We have plenty of
> customers with Cisco routers for their frame, Internet, etc. along with
> Netopia routers for DSL and we've had no problems. But if you
> want to look at a metro frame relay solution, we can work up something
> there. Let me know.
> =/=
>
> Can that be true, or are they just trying to force me into Netopia
> equipment?
>
> Any comments to this is greatly appreciated.


--
Scott Nelson - Network Engineer
Wash DC +1202-270-8968 & +1202-352-6646
Los Angeles +1310-367-6646
mailto:[EMAIL PROTECTED]
http://www.bnmnetworks.net

PGP Public Key:
http://home.earthlink.net/~scottnelson/keys/srnbnm.txt
--

"The better the customer service, the sooner you get to speak
with someone who can't help you."
--

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SDSL statement : True or False ?

[Chris Larson]

It is surprising since Netopia and Cisco equipment work very well together
(in my opinion). You can request from them a regular DSL modem and plug the
Cisco into that letting them handle everything up to and including the
modem.

Also,
I am not saying Cisco is god and everyone should use them, but I would be a
little concerned that a vendor is shutting out a supplier of network
products that has an 80% or better market share, even if they were a little
slow in bringing DSL products to market.



 

-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 5:29 PM
To: ''
Subject: SDSL statement : True or False ?


I would like to convert our branch offices from ISDN connections to SDSL,
but the carrier that I would like to use want's me to use Netopia routers
instead of Cisco. When I told them that I would like to use Cisco to
standalize our equipment and since I know how to operate Cisco routers, I
got this message:

=/=
We checked with our dsl partner and unfortunately their Copper Mountain
DSLAMS do not work with Cisco routers for dsl service. We have plenty of
customers with Cisco routers for their frame, Internet, etc. along with
Netopia routers for DSL and we've had no problems. But if you
want to look at a metro frame relay solution, we can work up something
there. Let me know.
=/=

Can that be true, or are they just trying to force me into Netopia
equipment?

Any comments to this is greatly appreciated.

Thanks,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Trace route over PIX

[Andrew Twigger]

Hi Group

Been working on a  pix and have come across a strange issue.

Have ICMP allowed via the pix, but when a trace route is passed over it, all
host names after the pix are replaced with the final address and name.

So if the destination is 5 hops behind a pix and is called mail1, then on
your trace route you see all the correct entry's up to the PIX but after it
where you would expect to see entry's for each of the five hops you see
duplicate lines with the name mail1.

I take it that this is the PIX hiding the networks behind it and doing
something similar to the fixup that it does to such things as SMTP.

Have I got this right and is there some documentation from CISCO as to this
type of operation.

Thanks for your time and help

Andrew

> Andrew S. Twigger
> Snr Systems Engineer
> Technical Service's
> DIALnet PLC
> e : [EMAIL PROTECTED]
> t : 0121 624 5050
> m : 07967 470 964
> 
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE

[BIKEMAN]

Some days it feels like all of them

Read everything on the docco cd thoroughly - if youre still hungry after
that you'll know what you need.

- Original Message -
From: "BB" <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 09, 2000 11:22 PM
Subject: CCIE


> What books should I read?
>
> Baron
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson tests are poor for preparation!

[Orion]

as expectedstill in Beta mode ...that's why
"rtc" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>
> Do not use Boson tests. They do not prepare you for the BSCN exam! They
> simply have no resemblence to the real thing.
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Q on Perl

[Ben Lovegrove]

Have you been to http://www.perl.com/

Good place to start.  O'Reilly publish some books on the subject.

Ben
--- Hixon Sgt James R Jr <[EMAIL PROTECTED]> wrote: > Does
anyone know a good foundation book on how to write Perl scripts,
> and to
> start learning them?
> Thanks
> 
> Sgt James R Hixon
> Network Engineer
> MCB G-6 Network Engineering
> DSN 645-0615
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Ben Lovegrove, CCNP
Redspan Solutions Ltd
http://www.redspan.com
Cisco: Products, Training, Jobs, Study Guides, Resources.


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: WICs

[Andrew Lennon]

WIC's are NOT hot-swappable, but port adapters are 7200's are. On 7500's
port adapters connected via VIP cards are not hot swappable either (even if
they are not screwed in).

Andy Lennon



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tim O'Brien
Sent: 11 August 2000 12:29
To: McCallum, Robert; [EMAIL PROTECTED]
Subject: Re: WICs


That depends on the router, on the 7206VXR's that I run the modules are hot
pluggable and ready upon insertion.

Tim

- Original Message -
From: "McCallum, Robert" <[EMAIL PROTECTED]>
To: "'Montgomery, Robert WARCOM Contractor'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, August 11, 2000 4:01 AM
Subject: RE: WICs


It is a very simple job.  BUT although it is hot swappable (in the sense you
can plug it in while the router is still running) it will not burst into
life until the router is rebooted.

-Original Message-
From: Montgomery, Robert WARCOM Contractor
[mailto:[EMAIL PROTECTED]]
Sent: 10 August 2000 16:31
To: [EMAIL PROTECTED]
Subject: WICs


Is installing a WIC and/or memory in routers typically a simple job or a
tedious, drawn-out process?  I guess I'm looking for the horror stories...

Rob Montgomery CCNA MCP
IA Systems Analyst
Sytex, Inc./ Naval Special Warfare Command

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Disclaimer 
-- 
This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. This communication represents the originator's personal views and
opinions, which do not necessarily reflect those of the NSC Group. If you
are not the original recipient or the person responsible for delivering the
email to the intended recipient, be advised that you have received this
email in error, and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited. If you received this email in
error, please immediately notify [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCDA

[Croyle, James]

You can't go wrong with Top Down Network Design, (and the author is on this
list too) and the Cisco Press book.
 
Jim
 
 

-Original Message-
From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 7:16 AM
To: '[EMAIL PROTECTED]'
Subject: CCDA




 Can anyone refer to me a good book for preparing for CCDA, currently i am
referring to the official cisco press study kit, but I feel it wouldn't be
sufficient.

Thanks in advance. 

Shaikh Raees Ahmed, 
Microsoft Certified Systems Engineer, 
Cisco Certified Network Associate, 
Systems & Network, 
IT Division. 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCDA

[Raees Ahmed Shaikh]

Title: CCDA






 Can anyone refer to me a good book for preparing for CCDA, currently i am referring to the official cisco press study kit, but I feel it wouldn't be sufficient.

Thanks in advance.


Shaikh Raees Ahmed,
Microsoft Certified Systems Engineer,
Cisco Certified Network Associate,
Systems & Network,
IT Division.

RE: Great CCDA Study Site (CCDA exam length)

[Gabriel . Neagoe]

there is a 30 min. extension for the non-english natives.
The difference may come from there.



---
Gabriel Neagoe, GN379-RIPE
Networking solutions consultant
Cisco product manager, CCNP, CCDA
S&T Romania
tel: +401 20 40 300
fax: +401 20 40 310
---

> -Original Message-
> From: Shane McMordie [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, August 11, 2000 1:30 PM
> To:   [EMAIL PROTECTED]
> Subject:  Re: Great CCDA Study Site (CCDA exam length)
> 
> This Web site says the new CCDA is 72 questions in 120 minutes, with 3
> case studies.
> 
> I did CCDA 640-441 2 days ago in Frankfurt, Germany. (Pass.)  There
> were 72 questions, all right, but 4 case studies and the time allowed
> was 150 minutes.   And there is this annoying survey at the start which
> chews up an extra 15 minutes.
> 
> Maybe the exam time is variable?  120 mins for 3 cases, 150 mins for 4?
> 
> Shane
> 
> 
> >From: Paul Immo <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Great CCDA Study Site
> >Date: Tue, 8 Aug 2000 09:21:18 -0700 (PDT)
> >
> >I just passed my CCDA yesturday, I used mainly the
> >material from this site!
> >
> >http://www.ccxxproductions.bigstep.com/
> >
> >Check them out
> >
> 
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WICs

[Tim O'Brien]

That depends on the router, on the 7206VXR's that I run the modules are hot
pluggable and ready upon insertion.

Tim

- Original Message -
From: "McCallum, Robert" <[EMAIL PROTECTED]>
To: "'Montgomery, Robert WARCOM Contractor'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, August 11, 2000 4:01 AM
Subject: RE: WICs


It is a very simple job.  BUT although it is hot swappable (in the sense you
can plug it in while the router is still running) it will not burst into
life until the router is rebooted.

-Original Message-
From: Montgomery, Robert WARCOM Contractor
[mailto:[EMAIL PROTECTED]]
Sent: 10 August 2000 16:31
To: [EMAIL PROTECTED]
Subject: WICs


Is installing a WIC and/or memory in routers typically a simple job or a
tedious, drawn-out process?  I guess I'm looking for the horror stories...

Rob Montgomery CCNA MCP
IA Systems Analyst
Sytex, Inc./ Naval Special Warfare Command

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: BCMSN

[Andy Manuel]

Remi

I didn't when I passed mine this week.

Andy 

> -Original Message-
> From: OLUREMI DAWODU [SMTP:[EMAIL PROTECTED]]
> Sent: 11 August 2000 09:58
> To:   [EMAIL PROTECTED]
> Subject:  BCMSN
> 
> 
>   Hello all,
> 
>   I have the BCMSN on sunday and I was wondering if
> anyone out there who has  taken the test knows if you 
> get fill in  the blank question, no flames please  I
> 'm not asking for questions.
> 
> Thanks in advance
> 
> Remi
> 
> 
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Great CCDA Study Site (CCDA exam length)

[Shane McMordie]

This Web site says the new CCDA is 72 questions in 120 minutes, with 3
case studies.

I did CCDA 640-441 2 days ago in Frankfurt, Germany. (Pass.)  There
were 72 questions, all right, but 4 case studies and the time allowed
was 150 minutes.   And there is this annoying survey at the start which
chews up an extra 15 minutes.

Maybe the exam time is variable?  120 mins for 3 cases, 150 mins for 4?

Shane


>From: Paul Immo <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Great CCDA Study Site
>Date: Tue, 8 Aug 2000 09:21:18 -0700 (PDT)
>
>I just passed my CCDA yesturday, I used mainly the
>material from this site!
>
>http://www.ccxxproductions.bigstep.com/
>
>Check them out
>



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Telco ATM to Frame conversion

[BIKEMAN]

Hi all
 
I'm currently desgning a network with 200 sites 
connecting via frame relay to the three core sites with the core being a 
fully meshed ATM switched network (Xylan layer 2 and 3 ATM switches). 

 
What I'm wondering about and haven't had much luck 
finding out from the telco's is whether inverse arp will still be working ? 
My opinion is that the inverse arp might have some problems - with the 
layer 3 switches I think things might get a little complicated (I am 
disabling inverse arp on the routers)
 
I realise this depends mostly on what the telco is 
doing to convert the frame to ATM, but any info or anecdotes you might have 
about similar things would be welcome. 
 
Regards
 
Rudi Meyer
 

RE: Static, Conduit question.

[Abdul_Mateen]

I think with ur configuration u have enabled only Inbound. The same neexds to be
enabled for Outbound as wel with NAT and Global configuration pair and Outbound
(Optional).

Try these and give us the feedback




[EMAIL PROTECTED] on 08/11/2000 03:08:22 AM

Please respond to [EMAIL PROTECTED]

To:   [EMAIL PROTECTED], [EMAIL PROTECTED]
cc:(bcc: Abdul Mateen/Satyam)

Subject:  RE: Static, Conduit question.




Hi,

   I suppose these aren't the real addresses and the real addresses are
valid ones what actualy you did hear is allowed every one to reach those
addresses, but you need to disable the nat with NAT 0 command or if these
are the real addresses to use static nat statments.


   I hope it helps..


   GIL
CCNA,CCDA

-Original Message-
From: Richard Tran [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 7:37 AM
To: [EMAIL PROTECTED]
Subject: PIX: Static, Conduit question.


We have an ip address(a.b.c.d) registered with an internet domain name. This
domain is served both as our email and website domain. We have one internal
web(192.168.1.222) and one internal mail server(192.168.1.223). I have a
question about the pix configuration below.

static (inside,outside) a.b.c.d 192.168.1.222 netmask 255.255.255.255 0 0
static (inside,outside) a.b.c.d 192.168.1.223 netmask 255.255.255.255 0 0
conduit permit tcp host a.b.c.d eq www any
conduit permit tcp host a.b.c.d eq smtp any

Is this the right configuration for the pix to redirect the appropriate
traffic to the internal servers?

Any response is greatly appreciated.



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This email was scanned using ESPG @ PubliCom Haifa.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]






___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCMSN

[OLUREMI DAWODU]

  Hello all,

  I have the BCMSN on sunday and I was wondering if
anyone out there who has  taken the test knows if you 
get fill in  the blank question, no flames please  I
'm not asking for questions.

Thanks in advance

Remi


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

passwd CCDA today

[Adam Obszynski]

hard test imho becouse a lot of case studies.. and my english is poor 8-<


-- 
POLBOX ON-Line
Network Admin (CCDA, CCNA 2.0)

Death is Only The Beginning...
PGP-key http://www.szczecin.mtl.pl/~awo/awo-asc.pgp
D2 E3 0B B4 D8 F0 EE A6  48 33 AD 33 F7 B5 E9 B1

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP & IGRP

[sniffer]

default=100, you can configure that value to 255 using command " mertic
maximum-hops *** "


"Tapas Das" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> what is max hop count for EIGRP & IGRP for IP
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Q on Perl

[Phill Jolliffe]

The O'Reilly Books are by far the best.

You can get the list of books below on one CD... great for quickly reading
up and then cut and pasting code
Learning Perl
Programming Perl
The Perl Cook Book
Advance Perl Programming

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Kiarash Bodouhi
Sent:   11 August 2000 09:16
To: [EMAIL PROTECTED]; Hixon Sgt James R Jr
Subject:Re: Q on Perl


Teach yourself PERL in 24 days,
www.informit.com , www.itknowledge.com


Hixon Sgt James R Jr wrote:
>
> Does anyone know a good foundation book on how to write Perl scripts, and
to
> start learning them?
> Thanks
>
> Sgt James R Hixon
> Network Engineer
> MCB G-6 Network Engineering
> DSN 645-0615
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: WICs

[McCallum, Robert]

It is a very simple job.  BUT although it is hot swappable (in the sense you
can plug it in while the router is still running) it will not burst into
life until the router is rebooted.

-Original Message-
From: Montgomery, Robert WARCOM Contractor
[mailto:[EMAIL PROTECTED]]
Sent: 10 August 2000 16:31
To: [EMAIL PROTECTED]
Subject: WICs


Is installing a WIC and/or memory in routers typically a simple job or a
tedious, drawn-out process?  I guess I'm looking for the horror stories...

Rob Montgomery CCNA MCP
IA Systems Analyst
Sytex, Inc./ Naval Special Warfare Command

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SDSL statement : True or False ?

[Chuck Larrieu]

I presume there is still the issue of cost of equipment and profit to the
carrier. Most you guys ( ISP's and DSL providers ) still pretty much think
in terms of home user with one computer, and you want your installers in and
out quickly with no problem. Your customers want it cheap and want it to
work with no problems. Net result - your QA people have tested and state
"this works and is cheap"

As I said, chances are that most of this stuff is substitutable (?) But when
the customer calls in a trouble, and his DSL router/bridge is not on the
list of supported equipment, what happens?  :->

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
regg4
Sent:   Thursday, August 10, 2000 8:13 PM
To: Scott Nelson; Cisco -L post
Subject:Re: SDSL statement : True or False ?

This is surprising that this provider is recommending Netopia over Cisco.
The provider has to be using a DSLAM that is one of the more obscure ones on
the market.  Cisco's CPE has reached the point to where it is compatible
with most of the larger selling DSLAMs in the business (i.e., Alcatel,
Lucent, Copper Mountain).

By the way, I agree Westel is becoming a player with their DSLAMs and CPEs
since they migrated to the Alcatel chipsets.

Hopefully by this time next year, the "self-install" programs will be
heavily utilized in the industry and some of these type of headaches will be
a memory.

Reggie Wilson
DSL Product Consultant
Verizon Online (GTE Internet)




- Original Message -
From: Scott Nelson <[EMAIL PROTECTED]>
To: Cisco -L post <[EMAIL PROTECTED]>
Cc: Chuck Larrieu <[EMAIL PROTECTED]>
Sent: Thursday, August 10, 2000 6:41 PM
Subject: Re: SDSL statement : True or False ?


> SDSL routers/bridges only work with the DSLAM that is advertised. The line
> coding is slightly different from each other.
>
> Is there a specific requirement that Cisco provides that Netopia doesn't?
> There isn't much to configuring Netopia Routers. They are fairly easy.
>
> The most common DSLAM's that I have seen are Westel, Copper Mountain and
> Nokia. The xDSL modem usually supports only of of these DSLAMs.
> In my experience anyway
>
> YMMV
>
> Scott
>
>
>
> > In my experience with two different DSL providers ( Northpoint and
Covad, if
> > you must know ) On the provider side they test for compatibility, ease
of
> > use, setup etc. they want their installers to be able to walk into your
> > home, pop in the equipment, spend five minutes setting it up and
testing,
> > and then be on their way. Oh yeah, they want to make a buck on this
stuff
> > without having their customers balk at high cost of equipment. Their QA
> > people have looked at the market, done their testing, negotiated their
> > pricing, and they are done with it.
> >
> > You can put in your own stuff and chances are it will work. But if there
are
> > any problems, you know what happens.
> >
> > It is best go with what the carrier says. If you have other issues, such
as
> > firewall or NAT,  you can always install another device into the mix.
> >
> > ISP-DSLRouter-CiscoRouter--insideNetwork
> >
> > And use the IOS firewall feature set. Or some other combination.
> >
> > Chuck
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Ole
> > Drews Jensen
> > Sent: Thursday, August 10, 2000 2:29 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: SDSL statement : True or False ?
> >
> > I would like to convert our branch offices from ISDN connections to
SDSL,
> > but the carrier that I would like to use want's me to use Netopia
routers
> > instead of Cisco. When I told them that I would like to use Cisco to
> > standalize our equipment and since I know how to operate Cisco routers,
I
> > got this message:
> >
> > =/=
> > We checked with our dsl partner and unfortunately their Copper Mountain
> > DSLAMS do not work with Cisco routers for dsl service. We have plenty of
> > customers with Cisco routers for their frame, Internet, etc. along with
> > Netopia routers for DSL and we've had no problems. But if you
> > want to look at a metro frame relay solution, we can work up something
> > there. Let me know.
> > =/=
> >
> > Can that be true, or are they just trying to force me into Netopia
> > equipment?
> >
> > Any comments to this is greatly appreciated.
>
>
> --
> Scott Nelson - Network Engineer
> Wash DC +1202-270-8968 & +1202-352-6646
> Los Angeles +1310-367-6646
> mailto:[EMAIL PROTECTED]
> http://www.bnmnetworks.net
>
> PGP Public Key:
> http://home.earthlink.net/~scottnelson/keys/srnbnm.txt
> --
>
> "The better the customer service, the sooner you get to speak
> with someone who can't help you."
> --
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, 

RE: ISDN problem

[McCallum, Robert]

Do you have chap auth running?

-Original Message-
From: Mike Popescu [mailto:[EMAIL PROTECTED]]
Sent: 11 August 2000 04:51
To: [EMAIL PROTECTED]
Subject: ISDN problem




Hi All,

Does anyone came across with the error message:

PPP Serialx/0:5 protocol reject received for protocol = 0x8031

on ISDN line where the remote router is making the call but the data
won't pass.

The message  is coming when I am doing debug: isdn q931, ppp neg., isdn 
events...into the main router.

Thank you,

Mike

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP & IGRP

[Tapas Das]

what is max hop count for EIGRP & IGRP for IP

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Booting In Bootrom with the TFTP command (Urgent)

[Andrew Lennon]

Hi,

The 2500 does not do xmodem.  If when in boot mode you cannot erase the
flash manually it is either knackered or there is also the possibility that
the main-board jumper for the flash has been set to write-protect. Fwom the
message that you are getting, I would check this.

HTH

Andy Lennon
CCDP, CCNP, MCSE

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: 10 August 2000 21:13
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Booting In Bootrom with the TFTP command (Urgent)


Hi,


It seems like your image is corrupted and you lost the ability to load it my
suggestion is load it with XMODEM if you need the procedure send me an
E-mail and I will get it for you.


  GIL 
CCNA,CCDA


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 6:57 PM
To: [EMAIL PROTECTED]
Subject: Booting In Bootrom with the TFTP command (Urgent)


Scenario:

A Cisco 2500 series router boots in bootrom mode, has serial link
connectivity, but no images found in flash.  Flash is presently in RO mode.
We attempt to bring the IOS onto the box, but fail.  We believe the flash is
fubarred. Any attempts to tftp fail w/ "not programmable" We believe that
this is due to the RO limitaion of the present flash memory.  There is the
limitation of the 2500 series where the image is run from flash, not NVRAM.
Is our presumption correct about the corrupt Flash module?

Excerpt from techs worklog.

I had the site console into the router and remove the aaa new-model
settings.  I was then able to telnet into the router via the s0 interface.
The router was in boot mode.  I checked the flash and there wasn't an image
there.  I tried to  TFTP a new image over but I got and error message (ERR:
Device in READ-ONLY state) so I believe that the flash was damaged by the
lightning hit.  I inserted a "boot system tftp" command into the config so
the router could use the IOS image from site.  I reloaded the router.  I
can't telnet to it anymore, but I can ping the serial.  on site the
TFTP-server process is using 2.34% of the cpu, so it appears to be sending
the image over.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Disclaimer 
-- 
This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. This communication represents the originator's personal views and
opinions, which do not necessarily reflect those of the NSC Group. If you
are not the original recipient or the person responsible for delivering the
email to the intended recipient, be advised that you have received this
email in error, and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited. If you received this email in
error, please immediately notify [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boson tests are poor for preparation!

[rtc]

Do not use Boson tests. They do not prepare you for the BSCN exam! They
simply have no resemblence to the real thing.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Microsoft Radius (IAS)

[Kiarash Bodouhi]

Two things you should check one is the radius port address which should
match to those of the router, second you should use only PAP not CHAP.

Cheers
Kiarash

Tony Russell wrote:
> 
> Has any successfully used Microsoft Radius (Internet Authentication Server)
> with a cisco router.  If so, what is the trick.  Any special things to know
> about.
> 
> I installed IAS and configured and started the service on  my NT box.  Set
> the shared secret and client address fields.
> 
> I also setup the router using the approriate radius server, key and aaa
> commands.
> 
> When ever I try to authenticate, it fails.  I can check my event log in NT
> to see that the router did try to use the Radius server for authentication,
> but it fails everytime.  Any tips.
> 
> Tony Russell
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Q on Perl

[Kiarash Bodouhi]

Teach yourself PERL in 24 days,
www.informit.com , www.itknowledge.com


Hixon Sgt James R Jr wrote:
> 
> Does anyone know a good foundation book on how to write Perl scripts, and to
> start learning them?
> Thanks
> 
> Sgt James R Hixon
> Network Engineer
> MCB G-6 Network Engineering
> DSN 645-0615
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]