Security and multiservice
Hii heyy guyz i've been looking for some online material on security and multiservice but i wasnt able to find any thing of my interest from ccie written point of view. I would be gratefull if someone can guide me Thanx in advance Regards, Bilal _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Not receiving ICMP messages
All, I am facing a similar issue and did some preliminary research. Hope you have already tried this!? 1. PMTU Black hole detection on the NT Server 2. Upgrade the NT server to latest Service Pack 3. Verifying that ICMP unreachable are reaching back to the NT Server 4. Decreasing the MTU size on NT server 5. Increasing the MTU size on the Routers Out of the above option 4 and 5 depends/impacts the other system an LAN and WAN. But option 1, 2 and 3 can be tried. The following links provide sufficient information to implement the same. Why Can't I Browse the Internet when Using a GRE Tunnel? http://www.cisco.com/warp/public/105/56.html PMTU Black Hole Detection Algorithm Change for Windows NT 3.51 http://support.microsoft.com/support/kb/articles/q136/9/70.asp Adjusting IP MTU, TCP MSS, and PMTUD on Windows and Sun Systems http://www.cisco.com/warp/public/105/38.shtml Windows TCP/IP Registry Entries http://support.microsoft.com/support/kb/articles/q158/4/74.asp Vijay From: Priscilla Oppenheimer [EMAIL PROTECTED] Reply-To: Priscilla Oppenheimer [EMAIL PROTECTED] To: "Donohue, Steve" [EMAIL PROTECTED],"'Phil Barker'" [EMAIL PROTECTED],"Gareth Hinton" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Not receiving ICMP messages Date: Wed, 25 Oct 2000 11:44:15 -0700 At 07:36 AM 10/25/00, Donohue, Steve wrote: I found this link as well that is why I am wondering about the lack of ICMP messages. I realize that when you enable HSRP on an interface it disables ICMP redirects. Would the ICMP messages requesting a smaller MTU size fall under this category? No (unless there's a bug, which I haven't heard is the case) Thanks again all. Steve -Original Message- From: Phil Barker [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 25, 2000 7:22 AM To: Gareth Hinton; [EMAIL PROTECTED] Subject: Re: Not receiving ICMP messages Gareth, This is a better link. http://www.cisco.com/warp/public/105/56.html HTH, Phil. --- Gareth Hinton [EMAIL PROTECTED] wrote: Hi Steve, Is the MTU size of 1476 a limitation of the encryption, or merely because of the overheads added by the encryption knocking it down from 1500. Is it a possibility to increase the MTU size on the link? Gaz "Phil Barker" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Steve, Without CLI access your going to struggle. Q : How far does the traceroute get, from the send node ? try rfc 792 ICMP http://www.landfield.com/rfcs/rfc792.html SNIP from RFC 792 If a host reassembling a fragmented datagram cannot complete the reassembly due to missing fragments within its time limit it discards the datagram, and it may send a time exceeded message. If fragment zero is not available then no time exceeded need be sent at all. Good luck, Phil. --- "Donohue, Steve" [EMAIL PROTECTED] wrote: Good Afternoon All, I am currently trying to resolve an issue where we are having trouble sending data across a tunnel running GRE encryption. With this encryption employed the MTU size allowed is decreased to 1476. When we attempt to send traffic (email, ftp, etc...) through the tunnel, we are finding that it does not work. My sniffer trace is showing that the frames being sent are setting the DF bit, which I would expect. I would then expect that if the router is unable to send the packet, it would drop it and return an ICMP message back to the source telling it to decrease the packet size and try it again. I am not seeing any of these messages. We are running HSRP on the ethernet interfaces that connect to my LAN. I believe we are running a 12.0 IOS release, although I am not sure of the actual version. Does anyone have any ideas why this might be happening? I am trying to resolve this issue while having no CLI access to the routers. I have been informed by the controlling body that there are no access lists prohibiting ICMP messages from being sent, and there are no firewall rules in place that would be dropping the ICMP messages. Any and all explanations of possible causes/resolutions would be appreciated. Steve D. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info:
No Subject
_ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Subject
Hi Yall, I looking for a way to connect windows 2000 clients over VPN. Cisco does not have a VPN client for Windows 2000 at present. Is PPTP with 128 encryption being used out there at an enterprise level? What is the difference between using PPTP and IPSEC, security wise? Thanks ECCNP
Re:
Hi, If I am not mistaken, PPTP operate at layer two, which makes it possible to support other things then IP, which IPSec operates on layer 3, and it only work on IP. Thanks. At 10:06 PM 10/28/2000 -0700, Vinush Raj wrote: Hi Yall, I looking for a way to connect windows 2000 clients over VPN. Cisco does not have a VPN client for Windows 2000 at present. Is PPTP with 128 encryption being used out there at an enterprise level? What is the difference between using PPTP and IPSEC, security wise? Thanks ECCNP Boo Kheng Professional Services Cisco Systems _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Who reinvented the Internet
Bhrat , Nelson That was a good one from you. I guess , the better phrase could be " Reinvented the Internet" Cheers for a change -Original Message- From:Bharat Suneja [EMAIL PROTECTED] Sent:Sat, 28 Oct 2000 19:13:05 -0700 To: [EMAIL PROTECTED] Subject: Re: Please don't lie on resumes This probably qualifies for one of the funniest wise cracks I've read in this newsgroup keep those coming Lou! Bharat ""Lou Nelson"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does this mean I have to take "Invented the Internet" off my resume' Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charlemagne Sent: Friday, October 27, 2000 6:10 PM To: [EMAIL PROTECTED] Subject: Please don't lie on resumes Everyone, Don't put down lies or exaggerate on your resumes. You will be uncovered. Things like, "Very Familiar with OSPF" leave you open to questions like "Explain the problems with OSPF over Frame-Relay partial mesh networks". If your very familiar, then you know the answer to that question. If you have OSPF all over your resume and can't answer that, potential employers will probably not hire you. Be honest, and your chances of getting that job become greater. Regards Kamoto __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Visit http://www.visto.com/info, your free web-based communications center. Visto.com. Life on the Dot. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written - Preparation Materials
Chuck Thanks for your time and such detailed and clear "instructions". Up Up Chuck Regards Pradeep -Original Message- From:Brian [EMAIL PROTECTED] Sent:Sat, 28 Oct 2000 18:48:46 -0500 (CDT) To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: CCIE Written - Preparation Materials I used just about the same exact stuff as you chuck, but I didn't really poor over any RFC's. I did use the Boson test, which is ok. On Sat, 28 Oct 2000, Chuck Larrieu wrote: My recommendation for preparation materials for the CCIE written ( routing and switching 350-001 ) 1) Cisco's own web site. There is a WEALTH of excellent materials to be found there, all FREE. Check under the CCIE section of career certifications. 2) Jeff Doyle - TCP/IP routing. There is NO substitute 3) The token ring white paper available for download FREE from www.ccprep.com, written by Lou Rossi Sr. 4) The RIF paper available for download FREE from our very own groupstudy site: http://www.groupstudy.com/notes/notepages/rif2.html Written by Fred Ingham 5) Bassam Halabi - Internet Routing Architectures. Contains a bit of fluff, but has a lot of good BGP information and a lot of BGP configurations for study 6) RFC's can't hurt: http://www.rfc-editor.org/rfcsearch.html 7) Certification Zone www.certificationzone.com costs some money, but the study materials and practice tests are worth the price ( disclosure - I have been compensated by Cert Zone for services rendered ) 8) CCIE Exam Cram ( Thomas and Benjamin ) Great way to send your last week of review. The practice test is a very good indicator of the real thing. 9) Last but not least - this mailing list. Used judiciously, it can and will provide you with almost all of what you need to know. Best wishes in your studies Chuck -- I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as it has been is over ( if you hope to pass ) From this time forward, you will study US! ( apologies to the folks at Star Trek TNG ) www.chuck.to/Locutus.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Visit http://www.visto.com/info, your free web-based communications center. Visto.com. Life on the Dot. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:
Hai Vinush, I here by giving the address of the link where I hope u can get the answer for ur query on diff. between PPTP and IPSEC security wise.The link is http://idm.internet.com/foundation/tunneling.shtml. N.Anand - Original Message -- "Vinush Raj" [EMAIL PROTECTED] wrote: To:[EMAIL PROTECTED] From:"Vinush Raj" [EMAIL PROTECTED] Date:Sat, 28 Oct 2000 22:06:23 -0700 Subject: Hi Yall, I looking for a way to connect windows 2000 clients over VPN. Cisco = does not have a VPN client for Windows 2000 at present. Is PPTP with = 128 encryption being used out there at an enterprise level? What is the = difference between using PPTP and IPSEC, security wise? Thanks ECCNP _ Chat with your friends as soon as they come online. Get Rediff Bol at http://bol.rediff.com Participate in crazy auctions at http://auctions.rediff.com/auctions/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Supernetting??
Supernetting, CIDR, aggregation - all different names for the beast. It is the way of representing multiple networks with a single mask. You already know that you can subnet a class C, breaking it into multiple /27's or /30's, for example. So you can have 192.168.100.0/27, resulting in subnets 192.168.100.32/27, 192.168.100.64/27 etc. one might then think of 192.168.00.0 as the "supernet" or "aggregation" of all these subnets. Not technically correct, but for educational purposes it serves. Suppose you have several class C's /24's. It is possible to advertise them as a single network, given the right range. 192.168.8.0 192.168.9.0 192.168.10.0 192.168.11.0 192.168.12.0 192.168.13.0 192.168.14.0 192.168.15.0 can be summarized as 192.168.8.0 /21 - mask of 255.255.248.0 and advertised as a single network. Write that third octet out in binary and see what it looks like. Makes life easier for your router, keeps your routing table smaller, helps control problems associated with route flapping. With some 90,000 routes being advertised on the internet right now, this is one way to help contain things. HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Deepak Sharma Sent: Saturday, October 28, 2000 7:53 PM To: cisco Subject:Supernetting?? Hey all Its been 2 weeks since ive check back with the group...(ive been on holidays =) I see these questions on "Supernetting"...what is it...im guessing a way to extend the bit masks on subnets???,.yes or no?? any links or book references will help thanks Deepak _ Deepak Sharma Technical Analyst MCSE CCNA ACT A+ Ceridian Canada Ltd. Tel: 604/267.6231 Fax: 604/267.6201 [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnetting questions - off topic
As an offshoot of the original question, among the IP crowd, "host" refers to any device with an IP address. This is different than in the IMB world, where "host" was the mainframe, which "hosted" the applications one accessed via the 32xx terminal on your desk. This terminology spilled over into the Microsoft world in the guise of "host" and "client" terms used in applications like Carbon Copy, where the "host" was the PC that let you control it and the "client" was the PC you were using to call in. I.e. the one PC "hosted" your session. This is not necessarily accurate in terms of origin, but the original sense of the terms "download" and "upload" came out of the IBM world, where one copied things "down" from on high - i.e. the mainframe, and "uploaded" i.e. copied from your lowly connected terminal up to the mighty central machine. The internet was designed around the idea of sharing among equals, which is I suppose why all connected devices became "hosts" (of their own parties?) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Cotts Sent: Saturday, October 28, 2000 7:32 PM To: '.'; '[EMAIL PROTECTED]' Subject:RE: Subnetting questions It would include the routers IP address. The trick to the question is that number of hosts are a power of two. Within the range of addresses the first address refers to the subnet and the last address is the broadcast address of the subnet. So a 255.255.255.240 mask will only yield 14 host addresses. You have to go to a 255.255.255.224 mask that gives 32 addresses with 30 usable for hosts. -Original Message- From: . [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 28, 2000 6:46 AM To: [EMAIL PROTECTED] Subject: Subnetting questions Hi Friends In a subnetting scenario, say for example they say that "Configure the ethernet network so that it can support 16 hosts." Do they mean 16 hosts including all the IP's for the routers in the network, or does it mean 16 host IP's in addition to the router IP's. Please let me know Thanks SV _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIP v1 or RIP v2?
I think I read somewhere that by default the router sends only RIP v1 but listens to both RIP v1 and RIP v2. Anything else has to be manually configured. Winston. -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 2:27 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: RIP v1 or RIP v2? By default it will be RIP v1. You have to specifically tell it to use RIP v2. Sincerely, Peter Kurdziel CCNA, CCDA, MCSE, MCP+I http://www.inotez.com http://www.inotez.com/ Cisco QA http://www.inotez.com/discus http://www.inotez.com/discus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2000 10:26 AM To: [EMAIL PROTECTED] Subject: RIP v1 or RIP v2? If you enable rip on a router by defualt will it be RIP v1 or RIP v2? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Attn: Corporate Traing Coordinator - Windows 2000 Courseware Content
As you restructure your IT training program and consider how you might imagine the best way of providing content for your courses, you'll find yourself appreciating course content that is already prepared and ready for immediate use in your curriculum. We design and develop books and curriculum that support Systems Engineering technologies and certifications including: · A+ · Network+ · i-Net+ · MCSE · MCDBA (Full course descriptions are available) Some of our books have been top 10 best sellers through Amazon.com. Included with this letter are descriptions of the books that we sell (see Study Guide Descriptions). I thought you might also be interested to hear about our adaptive and non-adaptive test engine slated to be available 3rd quarter, 2000. The engine is designed for practice and study. Test questions and answers are easily added, edited or deleted. We can help you with your high-tech training needs including books, books on CD, Instructor led classes and distance learning products. We also create custom high-tech curriculum for companies. We are a one-stop solution for high-tech educational content, training and resources. We offer distance learning and instructor lead products for both individuals and groups and our education solutions meet typical corporate and learning center needs. We are a Microsoft Solution Provider (MSP), Microsoft Certified Technical Education Center (CTEC) and a Computer Technology Industry Association Certified Training Center (CompTIA). We partner with a major University, an international leader in adult-instructor-lead and distance learning, to offer graduate and undergraduate credit for many of our courses. Please feel free to contact me in the mean time. I look forward speaking with you further. Casey Lea, Creative Director or Domhnall Adams, CS DCGNA, CS and Associates 780-998-4066 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Switch
High speed (synchronous) ports are good for 2.048mb/s and the low speed (asynchronous) ports max out at 115.2 Kb/s. - Original Message - From: Brian [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: Austin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 7:47 PM Subject: Re: Frame Switch On Sat, 28 Oct 2000, Austin wrote: I have a 2523 in my lab configured as a Frame Relay Switch. All the serial ports are acting as DCE providing clocking to the routers. Initially, all clock rates were set to 64000 but I changed it to 100 .. for some reason, only serial0 and serial1 accepted the new clockrate speed f 100 ... when i tried to enter the clock rate command on the others it says ... %Error: Unsupported clock rate for this interface . When I do a show interfaces the output for serial0 and serial 1 ... the second line of the output says Hardware is HD64570 . for all the other serial interfaces . the second line of the output says Hardware is CD2430 in sync mode . The keywords being "in sync mode" ... I am guessing that this might be a reason I cannot set the clock rate on the other serial interfaces at 100 Any ideas from anyone as to what is happening and why it is like that? on 252x routers, you have 2 "high speed" serial interfaces, and 2 "low speed" serial interfaces. High speed usually means that it can goto 4Mbps I believe. Cisco usually denotes a modular high speed interface with "T", as in like a NP-2T, or a NM-4T. Low speed usually means that it can goto 64kps. Low speed interfaces are denoted with an "S", like CSC-4S on a AGS+ is 4 low speed ports. Don't fret though, in a home lab this is fine usually. Even 4 low speed interfaces would allow you to do everything. Brian Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIP v1 or RIP v2?
I agree. If one wants the router to do anything useful with the V2 updates it hears one must specifically use the version 2 and/or the ip rip receive version 2 commands. Winston. -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 11:26 AM To: Shaw, Winston Mr.; 'Pete'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: RIP v1 or RIP v2? I believe that listening for RIP v2 must be done on an interface by interface basis using the "ip rip receive version 2" command. If memory serves, I did a quick and dirty lab and reported the results some time back. Those with no lives (:-) may want to check the archives. Which reminds me, anybody seen or heard from that bad boy Bob Vance lately? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shaw, Winston Mr. Sent: Sunday, October 29, 2000 1:48 AM To: 'Pete'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject:RE: RIP v1 or RIP v2? I think I read somewhere that by default the router sends only RIP v1 but listens to both RIP v1 and RIP v2. Anything else has to be manually configured. Winston. -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 2:27 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: RIP v1 or RIP v2? By default it will be RIP v1. You have to specifically tell it to use RIP v2. Sincerely, Peter Kurdziel CCNA, CCDA, MCSE, MCP+I http://www.inotez.com http://www.inotez.com/ Cisco QA http://www.inotez.com/discus http://www.inotez.com/discus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2000 10:26 AM To: [EMAIL PROTECTED] Subject: RIP v1 or RIP v2? If you enable rip on a router by defualt will it be RIP v1 or RIP v2? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Token Ring explorer frames...
Hi All, As I tie up my studying in light of the big day I was looking for some clarity on the issue of token ring explorer frames. Within the RCF(Routing Control Field) bits 15-13 define the valid types of explorer frames; 000 - Specifically routed frames(unicast) 100 - All Route explorer frames 110 - Spanning-tree or single route explorer frames. My question has to do with the fact that I'm also reading or seeing references to 000asa Single route explorer. My understanding if I'm not mistaken thinking that a Spanning-tree/single route explorer are the same. Could someone help me clear up my thinking on this issue. TIA Nigel.
Difference in old new CIT Exam
Hi! I was wondering if there was much difference betwixt the CIT V1 and V2 exams. I am studying from the older materials, but will be giving the new exam. Thanx. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Simulator - Wanted
I am looking for a used ISDN simulator. Pls. mail me if you have one or know where one can be sourced. Thanks Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX question
If you have enough external IP addresses, then yes, you can have an entire subnet be accessible from the outside world. If you check the static (inside,outside) command, there is a way to specify a network address and subnet mask for the translation. However, if you only have a few addresses then no, it isn't possible. If you think about it... if you have 200 web servers, and only 10 external addresses... if a request comes in on one of those 10 external addresses, how would the PIX know which server to send it to? Travis - Original Message - From: "Jim Bond" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 2:44 PM Subject: PIX question Hello, Is there any way to have outside users access an internal subnet? I see from CCO that you can only have ouside users access a particular internal host. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Classless
Hi, Can someone pls. give me a simple explanation of the IP Classless command and why/when it is necessary. Thanks Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Switch
On Sun, 29 Oct 2000, whatshakin wrote: High speed (synchronous) ports are good for 2.048mb/s and the low speed (asynchronous) ports max out at 115.2 Kb/s. we aren't talking about async ports though. The 252x is 4 syncrhonous ports. 2 low speed synchronous, and 2 high speed. I believe high speed sync ports can goto 4Mbps, and low speed to 64kpsI may be wrong though. Brian - Original Message - From: Brian [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: Austin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 7:47 PM Subject: Re: Frame Switch On Sat, 28 Oct 2000, Austin wrote: I have a 2523 in my lab configured as a Frame Relay Switch. All the serial ports are acting as DCE providing clocking to the routers. Initially, all clock rates were set to 64000 but I changed it to 100 .. for some reason, only serial0 and serial1 accepted the new clockrate speed f 100 ... when i tried to enter the clock rate command on the others it says ... %Error: Unsupported clock rate for this interface . When I do a show interfaces the output for serial0 and serial 1 ... the second line of the output says Hardware is HD64570 . for all the other serial interfaces . the second line of the output says Hardware is CD2430 in sync mode . The keywords being "in sync mode" ... I am guessing that this might be a reason I cannot set the clock rate on the other serial interfaces at 100 Any ideas from anyone as to what is happening and why it is like that? on 252x routers, you have 2 "high speed" serial interfaces, and 2 "low speed" serial interfaces. High speed usually means that it can goto 4Mbps I believe. Cisco usually denotes a modular high speed interface with "T", as in like a NP-2T, or a NM-4T. Low speed usually means that it can goto 64kps. Low speed interfaces are denoted with an "S", like CSC-4S on a AGS+ is 4 low speed ports. Don't fret though, in a home lab this is fine usually. Even 4 low speed interfaces would allow you to do everything. Brian Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub Interfaces (hmmm?)
I am configuring 2 sub-interfaces on the router. One subinterface for the connection to router1 and 1 subinterface for the connection to router2 and router3. I will not be configuring subinterfaces on router1, router2 and router3. Hope this gives you some more information and it is a Frame Relay environment yes. You guys rock! [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In a message dated 10/29/00 12:51:45 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: On Sat, 28 Oct 2000, Austin wrote: Hi Group (Brian, Tim Brad, et al.) Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? can you be more specific? I am going to make the assumption you are talking about Frame Relay, in which case yes you can configure a sub interface as "point to multipoint" and it can communicate with many routers within that same subnet. brian Hey, you know what. I was going to try to answer this question but wasn't too sure and didn't want to steer him in the wrong way. What you said is what I thought but something is bothering me. Point-to-multipoint. Lets say you have the head, and it's connected to 5 remote ends. On the head you would use basically 5 subinterfaces. Each for a different remote end. This is easy to me and normal. His question makes me think though because he is asking if, instead of having one sub-int for each remote end, to have 4 interfaces and lets say one of those sub-int's for 2 of the remote ends. I haven't ever seen this done and I'm wondering if it would work??? Hmmm, interesting thought. Anybody up for it? Mark Zabludovsky ~ CCNA, CCDA, 1/4-NP A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A "If you need luck, apparently you're not prepared...Go study!" ~Mark Zabludovsky~ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub Interfaces (hmmm?)
On Sun, 29 Oct 2000, Austin wrote: I am configuring 2 sub-interfaces on the router. One subinterface for the connection to router1 and 1 subinterface for the connection to router2 and router3. I will not be configuring subinterfaces on router1, router2 and router3. Hope this gives you some more information and it is a Frame Relay environment yes. You guys rock! Yes this is fine. The best way to answer these questions is to just try ityou usually learn alot doing it. It is perfectly fine to use a subinterface on router 1 (in point to multipoint) to talk to an interface on routers 2 and 3 (not subinterface). The fact you are using subinterfaces or not using sub interfaces is trasparent to the distant end. Brian [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In a message dated 10/29/00 12:51:45 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: On Sat, 28 Oct 2000, Austin wrote: Hi Group (Brian, Tim Brad, et al.) Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? can you be more specific? I am going to make the assumption you are talking about Frame Relay, in which case yes you can configure a sub interface as "point to multipoint" and it can communicate with many routers within that same subnet. brian Hey, you know what. I was going to try to answer this question but wasn't too sure and didn't want to steer him in the wrong way. What you said is what I thought but something is bothering me. Point-to-multipoint. Lets say you have the head, and it's connected to 5 remote ends. On the head you would use basically 5 subinterfaces. Each for a different remote end. This is easy to me and normal. His question makes me think though because he is asking if, instead of having one sub-int for each remote end, to have 4 interfaces and lets say one of those sub-int's for 2 of the remote ends. I haven't ever seen this done and I'm wondering if it would work??? Hmmm, interesting thought. Anybody up for it? Mark Zabludovsky ~ CCNA, CCDA, 1/4-NP A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A "If you need luck, apparently you're not prepared...Go study!" ~Mark Zabludovsky~ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A unbelieveable experence!!!!
I've had win2k's Serial port Device detect autoprobe cause a switch to reboot before. It's not just you. Original Message Follows From: Á«ئ¨ [EMAIL PROTECTED] Reply-To: Á«ئ¨ [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: A unbelieveable experence Date: Sun, 29 Oct 2000 10:16:50 +0800 Hi, Yesterday , I went to replace a Catalyst 3524 with a Catalyst 3548 in a bank. I promised them I won't power off the switch until they finish their work. But I want to check the config file in the running 3524 switch, I connect the console to my notebook. When I press the "Enter" key in my hyperterm window, I expected to see the enter passwrod prompt. But I saw the switch was rebooting. All the ports were turn green!!! Then I got a lot of serious complains Is this possible happened? Or somebody issued a "reload" command without enter and left the console ? Could anyone can tell me the possible answers? Thanks!! Todd [EMAIL PROTECTED] CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Switch
Normally I would make some righteous comment about looking it up on CCO, but I find that as usual, the information is not necessarily readily found. From CCO: Asynchronous/Synchronous Port Features The low-speed asynchronous/synchronous ports connect terminals, printers, modems, microcomputers, and remote LANs over asynchronous serial lines to an internetwork, or to synchronous devices such as DSU/CSUs on the same ports. The asynchronous/ synchronous ports support data transmission rates of up to 115.2 kbps on the following serial interfaces: * EIA/TIA-232 * EIA/TIA-449 * EIA-530 * V.35 * X.21 Does this help? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Sent: Sunday, October 29, 2000 7:04 AM To: whatshakin Cc: [EMAIL PROTECTED] Subject:Re: Frame Switch On Sun, 29 Oct 2000, whatshakin wrote: High speed (synchronous) ports are good for 2.048mb/s and the low speed (asynchronous) ports max out at 115.2 Kb/s. we aren't talking about async ports though. The 252x is 4 syncrhonous ports. 2 low speed synchronous, and 2 high speed. I believe high speed sync ports can goto 4Mbps, and low speed to 64kpsI may be wrong though. Brian - Original Message - From: Brian [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: Austin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 7:47 PM Subject: Re: Frame Switch On Sat, 28 Oct 2000, Austin wrote: I have a 2523 in my lab configured as a Frame Relay Switch. All the serial ports are acting as DCE providing clocking to the routers. Initially, all clock rates were set to 64000 but I changed it to 100 .. for some reason, only serial0 and serial1 accepted the new clockrate speed f 100 ... when i tried to enter the clock rate command on the others it says ... %Error: Unsupported clock rate for this interface . When I do a show interfaces the output for serial0 and serial 1 ... the second line of the output says Hardware is HD64570 . for all the other serial interfaces . the second line of the output says Hardware is CD2430 in sync mode . The keywords being "in sync mode" ... I am guessing that this might be a reason I cannot set the clock rate on the other serial interfaces at 100 Any ideas from anyone as to what is happening and why it is like that? on 252x routers, you have 2 "high speed" serial interfaces, and 2 "low speed" serial interfaces. High speed usually means that it can goto 4Mbps I believe. Cisco usually denotes a modular high speed interface with "T", as in like a NP-2T, or a NM-4T. Low speed usually means that it can goto 64kps. Low speed interfaces are denoted with an "S", like CSC-4S on a AGS+ is 4 low speed ports. Don't fret though, in a home lab this is fine usually. Even 4 low speed interfaces would allow you to do everything. Brian Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Switch
Here is a good link as well: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/inter_c/icserint.htm#xtocid241488 On Sun, 29 Oct 2000, Chuck Larrieu wrote: Normally I would make some righteous comment about looking it up on CCO, but I find that as usual, the information is not necessarily readily found. From CCO: Asynchronous/Synchronous Port Features The low-speed asynchronous/synchronous ports connect terminals, printers, modems, microcomputers, and remote LANs over asynchronous serial lines to an internetwork, or to synchronous devices such as DSU/CSUs on the same ports. The asynchronous/ synchronous ports support data transmission rates of up to 115.2 kbps on the following serial interfaces: * EIA/TIA-232 * EIA/TIA-449 * EIA-530 * V.35 * X.21 Does this help? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Sent: Sunday, October 29, 2000 7:04 AM To: whatshakin Cc: [EMAIL PROTECTED] Subject: Re: Frame Switch On Sun, 29 Oct 2000, whatshakin wrote: High speed (synchronous) ports are good for 2.048mb/s and the low speed (asynchronous) ports max out at 115.2 Kb/s. we aren't talking about async ports though. The 252x is 4 syncrhonous ports. 2 low speed synchronous, and 2 high speed. I believe high speed sync ports can goto 4Mbps, and low speed to 64kpsI may be wrong though. Brian - Original Message - From: Brian [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: Austin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 7:47 PM Subject: Re: Frame Switch On Sat, 28 Oct 2000, Austin wrote: I have a 2523 in my lab configured as a Frame Relay Switch. All the serial ports are acting as DCE providing clocking to the routers. Initially, all clock rates were set to 64000 but I changed it to 100 .. for some reason, only serial0 and serial1 accepted the new clockrate speed f 100 ... when i tried to enter the clock rate command on the others it says ... %Error: Unsupported clock rate for this interface . When I do a show interfaces the output for serial0 and serial 1 ... the second line of the output says Hardware is HD64570 . for all the other serial interfaces . the second line of the output says Hardware is CD2430 in sync mode . The keywords being "in sync mode" ... I am guessing that this might be a reason I cannot set the clock rate on the other serial interfaces at 100 Any ideas from anyone as to what is happening and why it is like that? on 252x routers, you have 2 "high speed" serial interfaces, and 2 "low speed" serial interfaces. High speed usually means that it can goto 4Mbps I believe. Cisco usually denotes a modular high speed interface with "T", as in like a NP-2T, or a NM-4T. Low speed usually means that it can goto 64kps. Low speed interfaces are denoted with an "S", like CSC-4S on a AGS+ is 4 low speed ports. Don't fret though, in a home lab this is fine usually. Even 4 low speed interfaces would allow you to do everything. Brian Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sub Interfaces (hmmm?)
Be sure to turn off ip split horizon (or apple, or ipx eigrp) on the multipoint interface. Also remember, over frame, if you are no using a sub interface on a physical interface, split horizon is off by default, always enable it on any "spoke" routers. Additionally be aware of the issues that each routing protocol has with a multipoint interface (i.e. - setting the ospf network type on the spokes and hub). Louie Since time immemorial and pre-industrial, 'greed' has been the accusation hurled at the rich by the concrete-bound illiterates who were unable to conceive of the source of wealth or of the motivation of those who produce it. -- Ayn Rand -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Sunday, October 29, 2000 9:01 AM To: [EMAIL PROTECTED] Subject: Re: Sub Interfaces (hmmm?) I am configuring 2 sub-interfaces on the router. One subinterface for the connection to router1 and 1 subinterface for the connection to router2 and router3. I will not be configuring subinterfaces on router1, router2 and router3. Hope this gives you some more information and it is a Frame Relay environment yes. You guys rock! [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In a message dated 10/29/00 12:51:45 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: On Sat, 28 Oct 2000, Austin wrote: Hi Group (Brian, Tim Brad, et al.) Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? can you be more specific? I am going to make the assumption you are talking about Frame Relay, in which case yes you can configure a sub interface as "point to multipoint" and it can communicate with many routers within that same subnet. brian Hey, you know what. I was going to try to answer this question but wasn't too sure and didn't want to steer him in the wrong way. What you said is what I thought but something is bothering me. Point-to-multipoint. Lets say you have the head, and it's connected to 5 remote ends. On the head you would use basically 5 subinterfaces. Each for a different remote end. This is easy to me and normal. His question makes me think though because he is asking if, instead of having one sub-int for each remote end, to have 4 interfaces and lets say one of those sub-int's for 2 of the remote ends. I haven't ever seen this done and I'm wondering if it would work??? Hmmm, interesting thought. Anybody up for it? Mark Zabludovsky ~ CCNA, CCDA, 1/4-NP A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A "If you need luck, apparently you're not prepared...Go study!" ~Mark Zabludovsky~ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Cincinnati Study Group
I'm interested, possibly one other tag-along with me on the drive down from Dayton. Contact me offline: 937-847-0085 I check the machine daily. Original Message Follows From: "Mike" [EMAIL PROTECTED] Reply-To: "Mike" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: CCIE Cincinnati Study Group Date: Fri, 27 Oct 2000 11:07:50 -0400 Hi all, I am wondering if there are list members that are interested in starting a CCIE Study Group in Cincinnati. We will get together maybe once a week and go through Lab Scenarios. I am thinking that we could have 2 Study Groups. A CCIE Written Study Group and CCIE Lab Study Group for members that have passed the Qualification exam, with members helping each other get to the next level, ie. members who have passed the Lab spend some time with the CCIE Written Group in coaching them, and maybe a CCIE in Cincinnati kind enough to coach the CCIE Lab Study Group. The idea I am getting to is that it has to be a consistent regular meeting class. All comments and input appreciated, and if there is a CCIE in Cincinnati that is willing to help us, coach us and proctor us as we prepare for the Lab, please let us know. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT with VPN doesn't work with PIX
Hi, First of all, who is the termination point ? the ROUTER or the PIX ? What kind of VPN client topology you are using, a mode-config or no mode-config, if you are using a mode config what is the ip pool range that you have assigned ??? In the case that you are using a config-mode with nat don't forget to add the "sysopt pl-compatible" command. Second of all, he statement that you wrote about the NAT that it is either enabled or disabled is not correct you can assign an ACL to a nat statement and to determine by it the nat policy. GIL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: ??? ? 26 ??? 2000 18:32 To: [EMAIL PROTECTED] Subject: NAT with VPN doesn't work with PIX Here's an interesting situation I've run across, and I'm curious to see if anyone has seen anything similar. I've got a PIX firewall that is doing static translation of several servers in our DMZ. These servers each have one NIC, with an inside 172.16.x.x address. On the outside, they have a 64.x.x.x address that works fine. Normally, when people who dial into our network, or are at corporate headquarters query DNS for these servers, they'll get the inside address, 172.16.x.x. When people outside the company query DNS for the same server, they get the outside address 64.x.x.x. This seems to work fine. The problem comes when a user VPN's into our network. They already have a connection with their ISP, and are using the ISP's name servers. Therefore, when they try to resolve our server name, they get the 64.x.x.x address. However, since they are VPN'ed into our network, the 64.x.x.x address is not valid. This problem exists even if we provide them with a DNS server internally...it seems that they resolve from their ISP's servers first. The only thing I've thought of so far is to have two different names for each box, but our developers are screaming about that idea. Is there anyway for the PIX to do address translation on some boxes, but not all? If we could leave these servers in the DMZ with only an outside address, that would be fantastic. Is this possible with PIX? I've been told that address translation is an all or nothing proposition. Thanks for any suggestions yall can provide. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
If you're setting up w/o nat why the pool? Also, you need 'NAT 0' to keep the in/out from getting a translation. At 07:00 PM 10/28/00 -0700, Jim Bond wrote: Hello, I'm trying to set up PIX PPTP without NAT but no success. Cisco gives a sample config using NAT http://www.cisco.com/warp/public/110/pptppix.html but I don't understand why they use 192.168.1.0. Here is my topology: 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 I create a pool 172.16.1.100-172.16.1.200, but users from outside can't reach internal network. Any suggestion? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Classless
With "no ip classless" the router looks for an exact match for a route. If not found the packet is dropped. So if the packet destination is 172.16.33.1 and 172.16.33.0 /24 is not in the table then it goes into the bit bucket. With "ip classless" if an exact match is not found then a less specific route will be chosen. In this case if 172.16.33.0 /24 is not in the table but 172.16.0.0 /16 is in the table then the packet will be routed towards 172.16.0.0. The hope is that at that destination there is a more specific route. Supports route summarization. -Original Message- From: Cisco Kid [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 7:40 AM To: [EMAIL PROTECTED] Subject: IP Classless Hi, Can someone pls. give me a simple explanation of the IP Classless command and why/when it is necessary. Thanks Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: total bit rate for BRI
Speaking of evil test creators, the one I've always wondered about is actual T1/DS1 throughput. I believe serial lines are full duplex. So NOW what is the REAL bit rate? ;- Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Sent: Saturday, October 28, 2000 4:52 PM To: Patrick Bass Cc: [EMAIL PROTECTED] Subject:Re: total bit rate for BRI On Sat, 28 Oct 2000, Patrick Bass wrote: In Cisco internetworking Technology Overview it states... "BRI also provides for framing control and other overhead, brining its total bit rate to 192 kbps." In Cisco Internetwork Design it states... "The D channel signaling protocol comprises Layers 1 through 3 of the OSI reference model, brining its total bit rate to 144 kbps." If I'm taking a Cisco certification exam and the question is "What is the total bit rate of a BRI" and the answers are a) 128 b) 144 c) 192 d) whatever...what's the correct answer? Is it 144 kbps or 192 kbps? You won't have those two answers :) This is sort of like the argument is a T1 1.544 or 1.536. Only the most evil test creator would put both those answers on a test... You seem to understand it quite well. 192 is with framing, 144 is just 2B+D. You can actually use the D channel, but you can't use the framing bits. I realize that it is 192 kbps when you take the 48 kbps for framing into account but considering the fact that two Cisco sources give different totals for "total bit rate" what am I to answer if I wish to get the answer correct? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring explorer frames...
IEEE lingo = Spanning-tree explorer. IBM lingo = Single-route explorer. IEEE standardized source-route transparent bridging in Annex C of 802.1d. (Don't believe the books that claim it's in 802.5; it's not). IEEE specifies the bits in the Routing Type (RT) field slightly differently than IBM did in their documentation on source-route bridging. Here's what the IEEE document says: Specifically routed frame (RT = 0XX). If the most significant RT bit is set to 0, the RD fields contain a specific route through the network. All routes explorer frame (RT = 10X). If the RT bits are set to 10X, the frame will be routed along every route in the network. Spanning tree explorer frame (RT = 11X). If the RT bits are set to 11X, only SRT bridges with ports in the transparent-bridging forwarding state relay the frame from one LAN to another. Long before IEEE jumped on the bandwagon, IBM had already "standardized" source-route bridging. IBM calls the route type 11X a "single-route explorer" frame. With IBM bridges, the network administrator had to manually configure bridges to make sure that no more than one redundant bridge forwards single-route explorers. With IEEE's standard, the spanning tree does this for you. (IBM later added support for spanning tree also. They called it "automatic mode.") One more picky thing regarding the "Specifically routed frames (unicast)" and "Single route broadcast" wording: On a specifically routed frame, the destination address could theoretically be unicast, broadcast, or multicast. On a single route explorer, the frame could have a unicast MAC destination address. This source routing stuff is a layer up from MAC destination addresses, or at least a sub-layer up. Anyway, I just stopped by my computer to see if it set the clock correctly. I gotta get out of here! ;-) Priscilla At 08:06 AM 10/29/00, Nigel Taylor wrote: Hi All, As I tie up my studying in light of the big day I was looking for some clarity on the issue of token ring explorer frames. Within the RCF(Routing Control Field) bits 15-13 define the valid types of explorer frames; 000 - Specifically routed frames(unicast) 100 - All Route explorer frames 110 - Spanning-tree or single route explorer frames. My question has to do with the fact that I'm also reading or seeing references to 000 as a Single route explorer. My understanding if I'm not mistaken thinking that a Spanning-tree/single route explorer are the same. Could someone help me clear up my thinking on this issue. TIA Nigel. Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: total bit rate for BRI
On Sun, 29 Oct 2000, Chuck Larrieu wrote: Speaking of evil test creators, the one I've always wondered about is actual T1/DS1 throughput. I believe serial lines are full duplex. So NOW what is the REAL bit rate? ;- 1.536Mbps is the actual usable bit rate of a clear channel t1. 8 bits is used for framing. Yes that is in each direction. But if a circuit has 1Mbps incoming and 1Mbps outgoing, you still usually just call it a 1Mbps fdx, instead of 2Mbpsat least I do. I know some peole refer to 100bT fdx as 200Mbpsbut I think its more accurate to say 100Mb/s fdx. Brian Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Sent: Saturday, October 28, 2000 4:52 PM To: Patrick Bass Cc: [EMAIL PROTECTED] Subject: Re: total bit rate for BRI On Sat, 28 Oct 2000, Patrick Bass wrote: In Cisco internetworking Technology Overview it states... "BRI also provides for framing control and other overhead, brining its total bit rate to 192 kbps." In Cisco Internetwork Design it states... "The D channel signaling protocol comprises Layers 1 through 3 of the OSI reference model, brining its total bit rate to 144 kbps." If I'm taking a Cisco certification exam and the question is "What is the total bit rate of a BRI" and the answers are a) 128 b) 144 c) 192 d) whatever...what's the correct answer? Is it 144 kbps or 192 kbps? You won't have those two answers :) This is sort of like the argument is a T1 1.544 or 1.536. Only the most evil test creator would put both those answers on a test... You seem to understand it quite well. 192 is with framing, 144 is just 2B+D. You can actually use the D channel, but you can't use the framing bits. I realize that it is 192 kbps when you take the 48 kbps for framing into account but considering the fact that two Cisco sources give different totals for "total bit rate" what am I to answer if I wish to get the answer correct? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub Interfaces
you can define a subinterface to be "point-to-multipoint". then instead of using "frame-relay interface-dlci x" use multiple "frame-relay map" commands under that subinterface definition. Mike Balistreri "Austin" wrote in message 8tg5qi$a9m$[EMAIL PROTECTED]... Hi Group (Brian, Tim Brad, et al.) Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? Thanks in advance, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Classless
IP Classless is used for route summarization and for further subnetting a subnet for point-to-point WAN links using VLSM.It is important because by using ip classless u can perform route summarization thereby saving on bandwidth utilization,router processing and reduce the size of routing tables.With regards to VLSM you will be better utilising your IP addressing structure. It also supports discontiguous subnets,thereby letting the subnets communicate with each other. These I think are probably the most common reasons for using ip classless. N.B IP Classful also has something called automatic summarization,but this does not support discontiguous subnets. EIGRP,OSPF,IS-IS,RIPv2,BGP are all classless routing protocols Hope this explains what you want to know From: "Cisco Kid" [EMAIL PROTECTED] Reply-To: "Cisco Kid" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP Classless Date: Sun, 29 Oct 2000 13:40:01 - Hi, Can someone pls. give me a simple explanation of the IP Classless command and why/when it is necessary. Thanks Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written - Preparation Materials
Congratulation Chuck .. :) Does the Cisco Lan Switching "Kennedy Hamilton" help with the CCIE R/S .. or it is for the Lab Exam Good Luck on the Lab Mohammed Hakim CCNA R/S - Original Message - From: Chuck Larrieu [EMAIL PROTECTED] To: Cisco Mail List [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 12:01 AM Subject: CCIE Written - Preparation Materials My recommendation for preparation materials for the CCIE written ( routing and switching 350-001 ) 1) Cisco's own web site. There is a WEALTH of excellent materials to be found there, all FREE. Check under the CCIE section of career certifications. 2) Jeff Doyle - TCP/IP routing. There is NO substitute 3) The token ring white paper available for download FREE from www.ccprep.com, written by Lou Rossi Sr. 4) The RIF paper available for download FREE from our very own groupstudy site: http://www.groupstudy.com/notes/notepages/rif2.html Written by Fred Ingham 5) Bassam Halabi - Internet Routing Architectures. Contains a bit of fluff, but has a lot of good BGP information and a lot of BGP configurations for study 6) RFC's can't hurt: http://www.rfc-editor.org/rfcsearch.html 7) Certification Zone www.certificationzone.com costs some money, but the study materials and practice tests are worth the price ( disclosure - I have been compensated by Cert Zone for services rendered ) 8) CCIE Exam Cram ( Thomas and Benjamin ) Great way to send your last week of review. The practice test is a very good indicator of the real thing. 9) Last but not least - this mailing list. Used judiciously, it can and will provide you with almost all of what you need to know. Best wishes in your studies Chuck -- I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as it has been is over ( if you hope to pass ) From this time forward, you will study US! ( apologies to the folks at Star Trek TNG ) www.chuck.to/Locutus.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: total bit rate for BRI
At 12:37 PM 10/29/00, Brian wrote: On Sun, 29 Oct 2000, Chuck Larrieu wrote: Speaking of evil test creators, the one I've always wondered about is actual T1/DS1 throughput. I believe serial lines are full duplex. So NOW what is the REAL bit rate? ;- 1.536Mbps is the actual usable bit rate of a clear channel t1. 8 bits is used for framing. Yes that is in each direction. But if a circuit has 1Mbps incoming and 1Mbps outgoing, you still usually just call it a 1Mbps fdx, instead of 2Mbpsat least I do. I know some peole refer to 100bT fdx as 200Mbpsbut I think its more accurate to say 100Mb/s fdx. Brian Brian, I completely agree. If you're at Server A and need to get to Server B through a T1 wan link as seen below: Server A--- Router AT1Router BServer B your data can still only be sent at 1MB/sec. For those that would call it a 2MB/sec connectionWhat would you call the speed limit on a major highway, is it 65mph or 130 mph? Traffic does flow at 65mph in each direction ;-) Chuck's question prompts an even bigger question...What is real? LOL AQ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCMSN - Topics
In my opinion it would be beneficial for you to be at least familiar with these before the test. I didn't have any direct questions referring to them, but there were some answer options that you can eliminate because you know they're talking about ATM or FDDI. At 09:39 AM 10/29/00 +, you wrote: Can somebody who took this test clear my doubt. The BCMSN course topics does not include the ATM-LANE and FDDI and many other topics, whereas these are listed as topics for exam in the cisco site. Can somebody let me know if these topics are really covered in the exam...? TIA Venkat "The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback address on serial subinterface
Hi There, Does any one knows how to assign a loopback ip address to a serial subinterface? Please look at the output of the show command below so that you understand what I mean thanks. Routersh int s0/0.1 Serial0/0.1 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Description: frame-relay PVC to Interlocken Interface is unnumbered. Using address of Loopback99 (10.66.0.161) MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF Router _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Design Candidates
A couple of weeks ago there were some posts from people who were about to take the CCIE Design. How did you do? What study materials did you use? Bruce [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub Interfaces
Austin, This response is in a bit more detail than the others but I think it's worth it. As another option you can also specify multiple dlci's and still use the "frame-relay interface-dlci xxx" -- once for each dlci. This will allow you to continue to use dynamic mapping vice static map statements. The "hub router's" subinterface which communicates with the others would be multipoint and the "spoke" subinterfaces would be point-to-point. To try this example, you can use a router to act as a frame relay switch with 3 other routers hanging off--the "frame-relay route" commands on the frame-switch (a 4500 in this case) would look like this: hostname FrameSwitch ! int s0 ! Spoke A hangs off here frame-relay route 100 interface s2 200 ! int s1 ! Spoke B hangs off here frame-relay route 300 interface s2 400 ! int s2 ! "Hub router C" with point-to-miltipoint sub-int ! frame-relay route 200 interface s0 100 frame-relay route 400 interface s1 300 ! Note there's a frame route to AND from each dlci--also keep in mind using a router as a frame relay switch is a practice for a lab enviornment. ! ! interface commands and the result of a sh frame-relay map on the hub router: ! interface Serial0.3 multipoint ip address 172.0.5.1 255.255.255.0 frame-relay interface-dlci 200 frame-relay interface-dlci 400 ! Serial0.3 (up): ip 172.0.5.2 dlci 200(0x1F7,0x7C70), dynamic, broadcast,, status defined, active Serial0.3 (up): ip 172.0.5.3 dlci 400(0x1F6,0x7C60), dynamic, broadcast,, status defined, active ! !interface commands and sh frame-relay map on the Spoke A ! interface Serial1.3 point-to-point ip address 172.0.5.2 255.255.255.0 frame-relay interface-dlci 100 ! sh fr map Serial1.3 (up): point-to-point dlci, dlci 100(0x1F5,0x7C50), broadcast status defined, active ! !interface commands and sh frame-relay map on Spoke B ! interface Serial0.3 point-to-point ip address 172.0.5.3 255.255.255.0 frame-relay interface-dlci 300 ! sh fr map Serial0.3 (up): point-to-point dlci, dlci 300(0x1F4,0x7C40), broadcast status defined, active I hand jammed some of these commands but I have working lab configs if you're sincerely interested. The best description of just about all frame-relay options known to man is in Caslow's book "Cisco Certification: Bridges, Routers and Switches for CCIEs. If you're working with frame I hihgly recommend reading this book whether or not being a CCIE is on your list of "things-to-do" or not. Also the Cisco docs have some great examples you can work after reading the clear explanations by Caslow. Hope this helps...Aloha, Frank "Austin" wrote in message 8tg5qi$a9m$[EMAIL PROTECTED]... Hi Group (Brian, Tim Brad, et al.) Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? Thanks in advance, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback address on serial subinterface
On your printout, someone first configured an ip address on loopback99 and then issued the following command under the subinterface: ip unnumbered loopback99 Winston. -Original Message- From: Lists Wizard [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 8:44 PM To: [EMAIL PROTECTED]; 'Cisco group study'; [EMAIL PROTECTED] Subject: Loopback address on serial subinterface Hi There, Does any one knows how to assign a loopback ip address to a serial subinterface? Please look at the output of the show command below so that you understand what I mean thanks. Routersh int s0/0.1 Serial0/0.1 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Description: frame-relay PVC to Interlocken Interface is unnumbered. Using address of Loopback99 (10.66.0.161) MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF Router _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Classless
By default, when performing a look-up in the route table a router will first try to match the major network then the subnet--if there's no match and no default network route, the packet's dropped. Again this is the default behavior. With ip classless, you enable the router to forward the packet to the route with the best match without regard to the class of the destination. Many examples and explanations are available on Cisco's web page and in numerous books on IP routing. Personally I like those in Jeff Doyle's Routing TCP/IP Vol. I Good luck. Aloha, Frank Cisco Kid wrote: Hi, Can someone pls. give me a simple explanation of the IP Classless command and why/when it is necessary. Thanks Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub Interfaces
you can define a subinterface to be "multipoint" instead of " point-to-point". then instead of using "frame-relay interface-dlci x" use multiple "frame-relay map" commands under that subinterface definition. apply an IP address to the subinterface, and the IP addresses on the other side of the PVCs must all be in the same subnet. Mike Balistreri " Thank you all for your help. I have one more question though :) Can you configure one subinterface to communicate with 2 different routers? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback address on serial subinterface
mlists, I went ahead and tried to do this on my 2501 router. Basically create your subinterface "int sx.x". the give it the command "ip unnumbered loopback #". You must have created the loopback interface ahead of time. Sincerely, Raul I went into one of my routers and - Original Message - From: "Lists Wizard" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; "'Cisco group study'" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 2:44 PM Subject: Loopback address on serial subinterface Hi There, Does any one knows how to assign a loopback ip address to a serial subinterface? Please look at the output of the show command below so that you understand what I mean thanks. Routersh int s0/0.1 Serial0/0.1 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Description: frame-relay PVC to Interlocken Interface is unnumbered. Using address of Loopback99 (10.66.0.161) MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF Router _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written - Preparation Materials
IMHO...this is an overall outstanding book! I higly recommend it. As far as a good test reference...I used it as my sole reference to pass the Switching-beta and many of the topics covered in this book are also in the CCIE test 350-001 blueprint ;-) You just may see some of those topics on the CCIE written test--but of course I couldn't say for sure (read NDA) Good luck! Aloha, Frank Mohammed Hakim wrote: Congratulation Chuck .. :) Does the Cisco Lan Switching "Kennedy Hamilton" help with the CCIE R/S .. or it is for the Lab Exam Good Luck on the Lab Mohammed Hakim CCNA R/S - Original Message - From: Chuck Larrieu [EMAIL PROTECTED] To: Cisco Mail List [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 12:01 AM Subject: CCIE Written - Preparation Materials My recommendation for preparation materials for the CCIE written ( routing and switching 350-001 ) 1) Cisco's own web site. There is a WEALTH of excellent materials to be found there, all FREE. Check under the CCIE section of career certifications. 2) Jeff Doyle - TCP/IP routing. There is NO substitute 3) The token ring white paper available for download FREE from www.ccprep.com, written by Lou Rossi Sr. 4) The RIF paper available for download FREE from our very own groupstudy site: http://www.groupstudy.com/notes/notepages/rif2.html Written by Fred Ingham 5) Bassam Halabi - Internet Routing Architectures. Contains a bit of fluff, but has a lot of good BGP information and a lot of BGP configurations for study 6) RFC's can't hurt: http://www.rfc-editor.org/rfcsearch.html 7) Certification Zone www.certificationzone.com costs some money, but the study materials and practice tests are worth the price ( disclosure - I have been compensated by Cert Zone for services rendered ) 8) CCIE Exam Cram ( Thomas and Benjamin ) Great way to send your last week of review. The practice test is a very good indicator of the real thing. 9) Last but not least - this mailing list. Used judiciously, it can and will provide you with almost all of what you need to know. Best wishes in your studies Chuck -- I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as it has been is over ( if you hope to pass ) From this time forward, you will study US! ( apologies to the folks at Star Trek TNG ) www.chuck.to/Locutus.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
4 Cisco Press Books for Sale
I have 4 Cisco Presse books for sale. They are brand new. ISBN: 1578700841 CCIE PROFESSIONAL DEVELOPMENT: LARGE SCALE IP NETWORK SOLUTIONS ISBN: 1578701805 PERFORMANCE FAULT MGMT ISBN: 1578700469 OSPF NETWORK DESIGN SOLUTIONS ISBN: 1578700949 CCIE PROFESSIONAL DEVELOPMENT: CISCO LAN SWITCHING I am not from bookstore, just over orderd them. It costs me US$ 180 plus shipping and handling. I'm asking for US$ 120. If you are interested, please write me an e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do I verify that priority queuing works ?
Well you can do a quick check of your queue config with "show queuing." But to actually see the results on an active link try running "debug priority" from the console. If you're telnetting to the box don't forget to turn on "term mon" or you won't see the results from your telnet session. Aloha, Frank Piatnitchi Cristian wrote: Hi all I set-up the priority queuing. How do I verify that priority queuing works on a serial interface (or on any other kind of interface ) ? Is there any IOS command for that ? Does anybody want to explain me ? Thanks in advance Cristian Piatnitchi _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Passed
CONGRATULATIONS!!! Chuck... Now good luck to your lab. Daniel San Jose Dec 7-8. "Chuck Larrieu" [EMAIL PROTECTED] wrote in message 000b01c04116$3478ecc0$[EMAIL PROTECTED]">news:000b01c04116$3478ecc0$[EMAIL PROTECTED]... Hi, guys and gals! Miss me while I was gone? :- I am quite pleased and very proud to announce that I passed my CCIE written this morning. I won't bore you with my score, let alone the number of questions on the test and the passing score. This sort of thing information is available elsewhere. My own score is irrelevant, except to say that it wasn't even close. ;- All in all, this was a very good test, in my opinion. There were a couple of questions that might be considered ambiguous. There was certainly a bit of whimsy to be found. I nearly broke out laughing at a couple of the totally discongrous things I saw. I have to wonder how many test takers even realize the humor that is to be found in a couple of places? :- In terms of preparation, let me state that in my experience, there is NO substitute for Jeff Doyle's TCP/IP Routing, nor Bassam Halabi's Internet Routing Architectures. I also used the CCIE Exam Cram book, with good effect. Heresy as it is to suggest this, I believe that in terms of pure test preparation, that with regards to Radia Perlman's Interconnections, one might find better ways to spend one's time. ( this is NOT to say there is no value to be found, NOR is it to say that one should NOT read the book. It is only to say that in terms of pure preparation for the CCIE written as I saw it, there are better sources available ) I also took advantage of a number of study materials freely available from CCO, CCPrep, and our own groupstudy web site. The latter two sites have some token ring / RIF information that was invaluable. I also spent a LOT of time with the materials one can obtain by subscribing to Certification Zone ( disclosure - I have been compensated for services rendered to Certification Zone ) If I were to tabulate, I would say that the plurality of questions involved OSPF and bridging of various kinds. There was far less BGP than I would have expected, given what the Blueprint describes. In terms of a couple of areas, such as router operation, protocol behavior fundamentals, and so on, that Exam Cram proved to be quite useful. One might consider investing in this one even at the CCNA level, and growing into it. Also, when you read my signature, your will understand that I am embarrassed to report that my worst score by far fell under the category of security Lastly, I wanted to mention that I saw several questions on my test that I have also seen posed here on Groupstudy - almost word for word, and right down to some very accurate representations of the diagrams. Some of you bad boys and girls have been violating the NDA. Shame on you ;- I am aware that Nigel, Bernard, and the other Chuck will be taking their written's over the next couple of days. It is definitely looking like the class of 2001 is shaping up quite well. Hey, guys, I look forward to seeing your announcements of your own success Monday and Tuesday. There is no doubt in my mind. If I can do it, you certainly can. Just don't outsmart yourselves. Always THINK! :- I kinda look at it this way. I began the climb to Everest at the shoreline of India. CCNA/CCDA = Delhi. CCNP/CCDP = Katmandu. CCIE Written = Base Camp 18,000 feet. The rest of the climb looks real steep, real tough. But I can look back along my route and see that I have come a long way. And like the Little Engine of lore, I Think I Can! There are too many of you who are entitled to and deserving of my thanks for your advice, your wisdom, your good humor, your knowledge. I can only say that it is indeed my privilege to know and associate with each and every one of you. See you all up on the top of Everest! Chuck BA, MS, CCNA, CCDA, CCNP/Security(!), CCDP CCIE Written, CCIE Candidate! ( save this e-mail as a collector's item - I will never sign this way again ;- ) -- I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as it has been is over ( if you hope to pass ) From this time forward, you will study US! ( apologies to the folks at Star Trek TNG ) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Challenge
ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. I have two 6509s, each connecting through hssi interface to seperate SONET rings to separate providers. We basically run like an ASP, and have several networks we're advertising. One of our provider's OC-12 ring is not currentlyimplented yet, but this shouldn't make any difference in the configuration. So, here's my sample BGP config: ! 6509Arouter bgp My AS numberno synchronization ! list networks to advertisenetwork network1 mask 255.255.255.0network network2 mask 255.255.255.240 ! define provider1 and second 6509 as neighborsneighbor Genuity ip address remote-as 1neighbor ip address of 6509B remote-as My AS number ! Add filter list to only advertise internal routes so that we don't become transitiveneighbor Genuity ip address filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to network that is on 6509B. This should help to 'load-balance' some.access-list 1 permit network3 255.255.255.0access-list 1 permit network4 255.255.255.0neighbor genuity ip address route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend My AS My AS ---! 6509Brouter bgp My AS number! list networks to advertisenetwork network3 mask 255.255.255.0network network4 mask 255.255.255.0 ! define provider2 and first 6509 as neighborsneighbor Sprint ip address remote-as sprint AS numberneighbor ip address of 6509A remote-as my AS number ! Add filter list to only advertise internal routes so that we don't become transitive neighbor Sprint ip address filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to networks that are on 6509A. This should help to 'load-balance' some.access-list 1 permit network1 mask 255.255.255.0 access-list 1 permit network2 mask 255.255.255.240neighbor sprint ip address route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend My AS My AS Here's my questions:* Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? * Will this configuration help to balance out the traffic some across the two 6509s?
BGP Challenge
ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. I have two 6509s, each connecting through hssi interface to seperate SONET rings to separate providers. We basically run like an ASP, and have several networks we're advertising. One of our provider's OC-12 ring is not currentlyimplented yet, but this shouldn't make any difference in the configuration. So, here's my sample BGP config: ! 6509Arouter bgp My AS numberno synchronization ! list networks to advertisenetwork network1 mask 255.255.255.0network network2 mask 255.255.255.240 ! define provider1 and second 6509 as neighborsneighbor Genuity ip address remote-as 1neighbor ip address of 6509B remote-as My AS number ! Add filter list to only advertise internal routes so that we don't become transitiveneighbor Genuity ip address filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to network that is on 6509B. This should help to 'load-balance' some.access-list 1 permit network3 255.255.255.0access-list 1 permit network4 255.255.255.0neighbor genuity ip address route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend My AS My AS ---! 6509Brouter bgp My AS number! list networks to advertisenetwork network3 mask 255.255.255.0network network4 mask 255.255.255.0 ! define provider2 and first 6509 as neighborsneighbor Sprint ip address remote-as sprint AS numberneighbor ip address of 6509A remote-as my AS number ! Add filter list to only advertise internal routes so that we don't become transitive neighbor Sprint ip address filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to networks that are on 6509A. This should help to 'load-balance' some.access-list 1 permit network1 mask 255.255.255.0 access-list 1 permit network2 mask 255.255.255.240neighbor sprint ip address route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend My AS My AS Here's my questions:* Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? * Will this configuration help to balance out the traffic some across the two 6509s?
RE: personal firewall verification
If you use a Checkpoint firewall, you can install the Checkpoint VPN client and block Internet access to the VPN client whilst it has a connection to the internal network. THis is called Desktop Policy and is configurable from the firewall. Regards, Justin Menga MCSE+I CCNP CCSE ASE WAN Specialist Computerland New Zealand PO Box 3631, Auckland DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599 mailto: [EMAIL PROTECTED] -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Friday, 20 October 2000 12:22 p.m. To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: personal firewall verification Hello, My company is going to deploy VPN. Their concern is that hackers can get into users PC and then from there get into coporate network. They want to make sure all VPN users connect to coporate network use personal firewall (sonicwall or linksys). My question is: how can I verify that users use or not use firewall? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Challenge
At 3:35 PM -0800 10/29/2000, whitaker wrote: ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. While your comments are informative, I strongly suggest you write out your routing policy in RPSL. It's good practice, in any case, to write the policy and register it with an appropriate routing registry. see http://www.radb.net. There are some tutorials at this site, there's the RPSL and the "Using RPSL in Practice" RFCs, my BGP series at CertificationZone, etc. Lots of material at http://www.nanog.org -- in particular, look for Avi Friedman's BGP 102 tutorial for more about filters. AS path prepend, as you point out, will influence traffic coming towards you. Do you want to try for some load balancing in your outgoing direction? One reasonable way to do that is to assign a higher (i.e., more preferred) local preference to customer/direct connected routes from each ISP (i.e., ASprovider +). [snip] Here's my questions: * Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? You need to predefine soft reconfiguration. As far as adding networks, I really would want to know more about your addressing. * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? Peer groups are helpful for multiple interfaces on the same router. * Will this configuration help to balance out the traffic some across the two 6509s? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Configuration on two links to different ISP(s)
Title: Router Configuration on two links to different ISP(s) Hi, I have router, through which has a leased line to ISP A and has ISDN circuit connection to ISP B. The serial interface has the fixed IP while BRI interface has the negotiated IP. And at the same time we have SMTP, WEB server in our internal network so the in-going traffic can be routed in while the serial interface went down. Can you show me some light on how to configure this router? Rgds, Cai, land
FDDI supported on 7206vxr router
I know Cisco monitors this list, so I have a simple question. I was looking for a fddi module for a 7206vxr router and the following URL indicates that it is supported: http://www.cisco.com/univercd/cc/td/doc/pcat/7200.htm It even shows up when I run the hardware/software matrix for IOS relase 12.1.1(E). I've heard from other sources that the fddi module is not supported on the 7206vxr, so could someone enlighten us as to whether it does or not. thanks for your time. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Challenge
Thanks for the feedback! I'm not familiar with RSPL (obviously); I'll read up on it. As far as the soft reconfiguration goes, I assume I'll need to add the line 'neighbor neighbor ip soft-reconfiguration inbound' command to enable soft reconfiguration. To load balance outbound, I assume I'll need to do the following: ! 6509A - connected to genuity route-map genuity-preference permit 10 match as-path 20 set local preference 10 ip as-path access-list 20 ^1$ neighbor Genuity IP address route-map genuity-preference out route-map sprint-preference permit 10 match as-path 30 set local preference 100 ip as-path access-list 30 ^sprint AS$ neighbor 6509B ip address route-map sprint-preference out (And add the similiar statements to the 6509B) - Original Message - From: "Howard C. Berkowitz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 4:35 PM Subject: Re: BGP Challenge At 3:35 PM -0800 10/29/2000, whitaker wrote: ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. While your comments are informative, I strongly suggest you write out your routing policy in RPSL. It's good practice, in any case, to write the policy and register it with an appropriate routing registry. see http://www.radb.net. There are some tutorials at this site, there's the RPSL and the "Using RPSL in Practice" RFCs, my BGP series at CertificationZone, etc. Lots of material at http://www.nanog.org -- in particular, look for Avi Friedman's BGP 102 tutorial for more about filters. AS path prepend, as you point out, will influence traffic coming towards you. Do you want to try for some load balancing in your outgoing direction? One reasonable way to do that is to assign a higher (i.e., more preferred) local preference to customer/direct connected routes from each ISP (i.e., ASprovider +). [snip] Here's my questions: * Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? You need to predefine soft reconfiguration. As far as adding networks, I really would want to know more about your addressing. * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? Peer groups are helpful for multiple interfaces on the same router. * Will this configuration help to balance out the traffic some across the two 6509s? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need help on some of this terms
Hai, Thanks for all who give me some feedback regarding VOIP, any futher information would be a appriciate :) I have 2 question here: 1) Is u are using VOIP for two site which both router are connected to the PBX and when we do a test we got noise on the line. As per advice we must check the traffic level is equal or less than the CIR. And we were inform that for each voice chanel is equal to 12kb, Assume that the CIR is 64K thus the allow channel is 5. Thus that meen at one time only 5 call can be made or connected?. 2) My second question is not related to cisco but more to general info. Do any one knew what EM base, AHD, AMO and SDO is. It may be a software/hardware but we have not yet hear of it or it may be in a different name. thanks Nuurul Basar CCNA, MCP __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FREE Router Access for CCNA/CCDA Practice
I have a Rack of 5 routers setup for access from the Internet. I will cut people a great deal, because I don't have any customers yet, and I'm really looking for feedback. The price is going to be set at $30 for 24 hours of access, but I will provide (3) 24 hour periods(they do no have to be in a row), for the same $30, and will give anyone an extra 24 hours of access for each individual referral. I accept payments via Paypal(or check), and will provide 30 minutes of free access, so you know it's for real, and make sure it works. I have 2 labs completed so far. One is for basic CCNA user interface. The other is for turning a Cisco Router into a Frame Relay switch(to simulate a Frame Relay provider). It's not much yet, but I will be developing more. I'm looking for feedback on which labs to develop first as well. Here's a link to the Rack Design, and equipment list. The link is actually from a previous auction. http://members.home.net/nkolevar/Rack1Design_no_ISDN_withlink.htm Again, I am looking for feedback in return for the low cost. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FREE Router Access for CCNA/CCDA Practice
I have a Rack of 5 routers setup for access from the Internet. I will cut people a great deal, because I don't have any customers yet, and I'm really looking for feedback. The price is going to be set at $30 for 24 hours of access, but I will provide (3) 24 hour periods(they do no have to be in a row), for the same $30, and will give anyone an extra 24 hours of access for each individual referral. I accept payments via Paypal(or check), and will provide 30 minutes of free access, so you know it's for real, and make sure it works. I have 2 labs completed so far. One is for basic CCNA user interface. The other is for turning a Cisco Router into a Frame Relay switch(to simulate a Frame Relay provider). It's not much yet, but I will be developing more. I'm looking for feedback on which labs to develop first as well. If interested please send me an email, and I will send you a link to the rack design and contents. Again, I am looking for feedback in return for the low cost. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
am I blocked?
Sincerely, Peter Kurdziel CCNA,CCDA,MCSE,MCP+I http://www.inotez.com Cisco QA http://www.inotez.com/discus ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed CIT, failed Founation exam.
Dave- I'm curious if you've retaken the exam yet? I need to retake as well and am curious how much of the exam was repeated from the first. Did you see the same questions? Did they try to re-order answers or re-word the questions? Thanks- d -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Sunday, October 22, 2000 6:08 PM To: [EMAIL PROTECTED] Subject: Passed CIT, failed Founation exam. Saturday I took both the Foundation exam and CIT exams. The CIT was moderately difficult with lots of questions on CCO, Catalyst 5000, and AppleTalk. Scored 759 out of 692 required. Failed the Foundation exam, (combination of Remote Access, Routing, Switching exams). Each section is scored seperately but no where could I find the minimum score required to pass each section of the Foundation exam. My score where as follows: Routing720Pass Switching702Fail Remote Access 728Pass Does anyone know where to get info on the cut off scores? I thought the cut off was 700, I guess not. I plan on re-studying Wednesday and Thursday nights then retake the Fondation on Friday. The ironic thing is I took the Foundation Thursday, Passed Switching Remote Access, but failed Routing. I boned up on Routing and Switching then my Switching score dropped. I am bound and determined to pass this exam Friday! Dave Kemper, CCNA, MCSE, "So close I can taste it CCNP" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Study Partner
Hi Everyone, I am looking for a CCIE Lab Study Partner in Cincinnati. I am scheduled to take the Lab exam at RTP in March 2001. I do have access to Lab Equipment. Please contact me offline if anyone is interested. Naasief Edross _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: am I blocked?
nope - Original Message - From: "Pete" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 10:09 PM Subject: am I blocked? Sincerely, Peter Kurdziel CCNA,CCDA,MCSE,MCP+I http://www.inotez.com Cisco QA http://www.inotez.com/discus ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Challenge
On Sun, 29 Oct 2000, whitaker wrote: Thanks for the feedback! I'm not familiar with RSPL (obviously); I'll read up on it. As far as the soft reconfiguration goes, I assume I'll need to add the line 'neighbor neighbor ip soft-reconfiguration inbound' command to enable soft reconfiguration. What type of router is this? soft-reconfig keeps a copy of the BGP table, in addition to the one in memory already.so its like having to keep two copies.it uses up alot of memory, and you need to keep that in mind. To load balance outbound, I assume I'll need to do the following: ! 6509A - connected to genuity route-map genuity-preference permit 10 match as-path 20 set local preference 10 ip as-path access-list 20 ^1$ neighbor Genuity IP address route-map genuity-preference out For someone who's first time it is with configuring BGP, you are catching on real quick. Yes the above is good, but you may wish to include direct connections of genuity as well: ip as-path access-list 50 permit ^1 ?[0-9]*$ route-map sprint-preference permit 10 match as-path 30 set local preference 100 ip as-path access-list 30 ^sprint AS$ neighbor 6509B ip address route-map sprint-preference out (And add the similiar statements to the 6509B) good luck Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Configuring PAT
Anyone have experience with PAT. I've researched things on the CCO found very little information. I foundthat a minimum of 11.3(9)Tis required, but have seen little else as far as configs. I am planning to use this for a dual Ethernet 2500, on a cable modem system... Thanks All !!! Phil
Re: BGP Challenge
On Sun, 29 Oct 2000, whitaker wrote: ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. I have two 6509s, each connecting through hssi interface to seperate SONET rings to separate providers. We basically run like an ASP, and have several networks we're advertising. One of our provider's OC-12 ring is not currently implented yet, but this shouldn't make any difference in the configuration. So, here's my sample BGP config: ! 6509A router bgp My AS number no synchronization ! list networks to advertise network network1 mask 255.255.255.0 network network2 mask 255.255.255.240 ! define provider1 and second 6509 as neighbors neighbor Genuity ip address remote-as 1 neighbor ip address of 6509B remote-as My AS number ! Add filter list to only advertise internal routes so that we don't become transitive neighbor Genuity ip address filter-list 10 out ip as-path access-list 10 permit ^$ Don't you want the filter list on Genuity as well? ! prepend my AS number to network that is on 6509B. This should help to 'load-balance' some. access-list 1 permit network3 255.255.255.0 access-list 1 permit network4 255.255.255.0 neighbor genuity ip address route-map add_as out the line above goes under your "router bgp" config section. route-map add_as permit 10 match ip address 1 set as-path prepend My AS My AS this is correct. --- ! 6509B router bgp My AS number ! list networks to advertise network network3 mask 255.255.255.0 network network4 mask 255.255.255.0 ! define provider2 and first 6509 as neighbors neighbor Sprint ip address remote-as sprint AS number neighbor ip address of 6509A remote-as my AS number ! Add filter list to only advertise internal routes so that we don't become transitive neighbor Sprint ip address filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to networks that are on 6509A. This should help to 'load-balance' some. access-list 1 permit network1 mask 255.255.255.0 access-list 1 permit network2 mask 255.255.255.240 neighbor sprint ip address route-map add_as out route-map add_as permit 10 match ip address 1 set as-path prepend My AS My AS ok this all looks fine. Here's my questions: * Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? * Does this configuration effectively make my network non-transitive? well, personally, i put an incoming and outgoing access list on the interfaces themselves, to deny any ip's of mine "in" (from the internet) and only allow my ip's "out". I also use both distribute lists and filter lists..sort of like two forms of birth control :) * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? the configs are simple enough I don't think peer groups are really necessary or would even buy you much. * Will this configuration help to balance out the traffic some across the two 6509s? well, anything can happen here. You have to let it roll and see whats going on. Certainly its a workable config. Probably would need to do a little tweaking of as-prepending and setting of local pref on some AS's, but probably not much more than that. Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuring PAT
http://www.cisco.com/warp/public/701/60.html http://www.cisco.com/warp/public/556/index.shtml Check for "overload". Or the following cut from the first URL above. Translating to interface's address: As a convenience for users wishing to translate all inside addresses to the address assigned to an interface on the router, the NAT code allows one to simply name the interface when configuring the dynamic translation rule: ip nat inside source list number interface interface overload If there is no address on the interface, or it the interface is not up, no translation will occur. Example: ip nat inside source list 1 interface Serial0 overload -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 29, 2000 7:12 PM To: [EMAIL PROTECTED] Subject: Configuring PAT Anyone have experience with PAT. I've researched things on the CCO found very little information. I found that a minimum of 11.3(9)T is required, but have seen little else as far as configs. I am planning to use this for a dual Ethernet 2500, on a cable modem system... Thanks All !!! Phil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuring PAT
Do a search on Cisco for "reverse NAT" or "ip nat inside" and you'll see sample configs on how to do it. Basically, you have to do an "ip nat outside" on the external interface connected to the internet and "ip nat inside" on the internal interface (private). And on global config mode, create "ip nat inside" rules. example: ip nat inside source static tcp 192.168.100.100 110 A.B.C.D 110 All packets received on A.B.C.D with destination port 110 are Nat-ed to the inside interface and passed on to 192.168.100.100 with a destination port of 110. Let us know in greater details what if you're looking into specifics... Kenneth "Circusnuts" [EMAIL PROTECTED] wrote in message 002601c0420e$660edf80$[EMAIL PROTECTED]">news:002601c0420e$660edf80$[EMAIL PROTECTED]... Anyone have experience with PAT. I've researched things on the CCO found very little information. I foundthat a minimum of 11.3(9)Tis required, but have seen little else as far as configs. I am planning to use this for a dual Ethernet 2500, on a cable modem system... Thanks All !!! Phil
Re: FREE Router Access for CCNA/CCDA Practice
And how is this free? Sounds more like a "discount" - no offense. A good free lab is r1r2.com Kenneth "Buzz" [EMAIL PROTECTED] wrote in message 8tilq4$8ef$[EMAIL PROTECTED]">news:8tilq4$8ef$[EMAIL PROTECTED]... I have a Rack of 5 routers setup for access from the Internet. I will cut people a great deal, because I don't have any customers yet, and I'm really looking for feedback. The price is going to be set at $30 for 24 hours of access, but I will provide (3) 24 hour periods(they do no have to be in a row), for the same $30, and will give anyone an extra 24 hours of access for each individual referral. I accept payments via Paypal(or check), and will provide 30 minutes of free access, so you know it's for real, and make sure it works. I have 2 labs completed so far. One is for basic CCNA user interface. The other is for turning a Cisco Router into a Frame Relay switch(to simulate a Frame Relay provider). It's not much yet, but I will be developing more. I'm looking for feedback on which labs to develop first as well. Here's a link to the Rack Design, and equipment list. The link is actually from a previous auction. http://members.home.net/nkolevar/Rack1Design_no_ISDN_withlink.htm Again, I am looking for feedback in return for the low cost. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Repeated Questions
I have just taken my BCMSN test today (30/10) and have encountered repeated questions in my test. 2 questions were repeated EXACTLY, word for word. i.e I got the same questions twice. Another question was repeated, essentially the same, but with some wordings changed. Too bad the repeated questions were the ones that I was unsure of the answers. Have you guys encountered repeated questions before? I would have believed that the test generation algo is better than that! 3 repeated ones! sigh -acy _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
On Sat, 28 Oct 2000, Jim Bond wrote: Hello, I'm trying to set up PIX PPTP without NAT but no success. Cisco gives a sample config using NAT http://www.cisco.com/warp/public/110/pptppix.html but I don't understand why they use 192.168.1.0. Here is my topology: 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 I create a pool 172.16.1.100-172.16.1.200, but users from outside can't reach internal network. According to this, it looks like you should have NAT. You have a different network outside than inside. Assuming you really mean no NAT, do you have a "static" statement mapping the addresses to themselves? It's a bit counterintuitive without NAT, but you should have something like static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 See the PIX command reference regarding "static". -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Testing
Dear All I am a new user. Hello every body Thanh Nam Email: [EMAIL PROTECTED] Homephone: 84-4-8692928 Handphone: 84-91-522425 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
At 09:33 PM 10/29/00 -0800, Jay Hennigan wrote: On Sat, 28 Oct 2000, Jim Bond wrote: Hello, I'm trying to set up PIX PPTP without NAT but no success. Cisco gives a sample config using NAT http://www.cisco.com/warp/public/110/pptppix.html but I don't understand why they use 192.168.1.0. Here is my topology: 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 I create a pool 172.16.1.100-172.16.1.200, but users from outside can't reach internal network. According to this, it looks like you should have NAT. You have a different network outside than inside. Don't all routers that are routing between networks? ;) The PIX is not necessarily a NAT box. It performs statefull security for established connections (translated or not.) And if you're not doing NAT (using NAT 0) then you don't need statics per say. If you are trying to allow non-established connections in from the outside then you would need to use conduits to open those holes. Heh - I think I have forgotten the original question Assuming you really mean no NAT, do you have a "static" statement mapping the addresses to themselves? It's a bit counterintuitive without NAT, but you should have something like static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 See the PIX command reference regarding "static". -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Testing
Phan Hung Son Vice Director - Network Postsales Division*[EMAIL PROTECTED] Mobile: 091231060 EIS ,Inc. - Hanoi Representative OfficePress Club - 59A Ly Thai To - 6th floor ,Hoan Kiem district, Hanoi - Vietnam.( 84.4 9346556 + 84.4 9346559
Re: PIX PPTP, no NAT
You do not need a static statement. Are you using mppe for your pptp ? Is this PPTP on win 98 or win 2k ? Send me the config file ... oh and one more thing do not go by the docs on Cisco's web site they are wrong and TAC with all it's CCIEs is useless. Email me your config and I beleive I can help. One last thing please tell me you are using 5.2(3). Regards, Vijay. Jay Hennigan wrote: On Sat, 28 Oct 2000, Jim Bond wrote: Hello, I'm trying to set up PIX PPTP without NAT but no success. Cisco gives a sample config using NAT http://www.cisco.com/warp/public/110/pptppix.html but I don't understand why they use 192.168.1.0. Here is my topology: 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 I create a pool 172.16.1.100-172.16.1.200, but users from outside can't reach internal network. According to this, it looks like you should have NAT. You have a different network outside than inside. Assuming you really mean no NAT, do you have a "static" statement mapping the addresses to themselves? It's a bit counterintuitive without NAT, but you should have something like static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 See the PIX command reference regarding "static". -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab NetZero Free Internet Access and Email_ Download Now http://www.netzero.net/download/index.html Request a CDROM 1-800-333-3633 ___ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Repeated Questions
I just took my BCMSN test a few days ago (and passed-yippee!) and had the same thing happen. I had to read the question several times to make sure I wasn't reading it wrong, but yes, it was the same question. (Luckily, I knew the answer!) - Original Message - From: "Chan Yew Weng" [EMAIL PROTECTED] To: "Cisco Certification Digest" [EMAIL PROTECTED] Sent: Sunday, October 29, 2000 9:40 PM Subject: Repeated Questions I have just taken my BCMSN test today (30/10) and have encountered repeated questions in my test. 2 questions were repeated EXACTLY, word for word. i.e I got the same questions twice. Another question was repeated, essentially the same, but with some wordings changed. Too bad the repeated questions were the ones that I was unsure of the answers. Have you guys encountered repeated questions before? I would have believed that the test generation algo is better than that! 3 repeated ones! sigh -acy _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
