Re: ospf question help
well, ospf will automatically calcuate the cost by itself, the bigger the bandwidth line will be chosen. in order to override it, you need to manaully adjust the cost on each interface and make the router believe that both link are each, so they will load balancing the traffice interface serial 0 ip ospf cost 100 interface serial 1 ip ospf cost 100 as long as the cost value are equal, they will load balance it Sam Li - Original Message - From: "Zhang Jin" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Sunday, November 05, 2000 10:56 PM Subject: ospf question help > dear group, > > Suppose I have 2 leased lines(unequal bandwidth) connecting outworld,and > I run ospf on my 2 router,each router connect one line.How could I use > load-banlance?what config should I use with my router? > > Help me. > > TIA > > Dean > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ospf question help
you can use ip ospf cost command to change the default cost to the same value for the two lines. But I suggest you using eigrp which can support unequal lines load balancing. -Original Message- From: zhang jin [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 7:46 AM To: Liu Jianxin-qch1927 Subject: RE: ospf question help what I mean "outside world" must not be Internet,so you can not give me a sense answer.Anyway,thanks. Dean --- Liu Jianxin-qch1927 <[EMAIL PROTECTED]> wrote: > In this way, your service provider must run ospf as > well, but mostly it is impossible. > > You should run other protocols, such as BGP. > > > -Original Message- > From: Zhang Jin [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 5:56 AM > To: [EMAIL PROTECTED] > Subject: ospf question help > > > dear group, > > Suppose I have 2 leased lines(unequal bandwidth) > connecting outworld,and > I run ospf on my 2 router,each router connect one > line.How could I use > load-banlance?what config should I use with my > router? > > Help me. > > TIA > > Dean > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default ICMP Timeout on Microsoft Windows
ping -i "The ttl timer" 10.1.0.1 Sam Li - Original Message - From: "Wibowo Nur Susetio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, November 05, 2000 10:05 PM Subject: Default ICMP Timeout on Microsoft Windows > Dear All. > > Anybody know what the default ICMP packet timeout on Windows TCP/IP and how > to change the value. > > Thank you > > Wibowo > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300, DNIS and Modem Profiles
Check the ACRC manual, use the "rotary" command Sam Li - Original Message - From: "Darren Ward" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, November 05, 2000 9:11 PM Subject: AS5300, DNIS and Modem Profiles > Hi All, > > What I want to achieve is overlapping modem pools on a Cisco AS5300 with > > DNIS support that when dialled will configure the modems appropriately. > > i.e. > ! > modem-pool v90 > pool-range 1 > called-number 5557000 > ! > modem-pool v34 > pool-range 1 > called-number 5557001 > ! > > So when a user dials 5557000 is commands up the modem for a custom v90 > init string and when 5557001 the modem i init'd for no v90 support > > We've done this on Nortel 5399's but not the Cisco's. > > All help and URL's greatly appreciated! > > Darren > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf question --sorry for not clear
Dear droup, The question I post today may be not make you clear.What I mean is: Can I make ordinary trafic through one leased-line and urgent trafic through another leased-line,that is ,can I control the behavior of load-balance.And how? thanks again dean _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
compression 800/1720/2620
Hi group Got a question regarding compression: Can a Cisco 800, 1720 or 2620 (without AIM) provide ppp (payload)compression for a 2mbit serial line? I dont know if the processor is able to handle this... I would appreciate answers from the practical viewpoint. thanks in advance, Gabriel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300, DNIS and Modem Profiles
A rotary group creates dialer profiles that can place physical interfaces into multiple different profiles yes. Rotary Groups primarily are used to create a Virtual Dialer Interface to dial out multiple channels. But I'm talking about dialing in, not out and in the ACRC notes and Cisco Press Book there is absolutely no mention of DNIS support or Modem Scripts for Initialisation based on DNIS. Unfortunately still searching.. Darren samli wrote: > Check the ACRC manual, use the "rotary" command > > Sam Li > - Original Message - > From: "Darren Ward" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, November 05, 2000 9:11 PM > Subject: AS5300, DNIS and Modem Profiles > > > Hi All, > > > > What I want to achieve is overlapping modem pools on a Cisco AS5300 with > > > > DNIS support that when dialled will configure the modems appropriately. > > > > i.e. > > ! > > modem-pool v90 > > pool-range 1 > > called-number 5557000 > > ! > > modem-pool v34 > > pool-range 1 > > called-number 5557001 > > ! > > > > So when a user dials 5557000 is commands up the modem for a custom v90 > > init string and when 5557001 the modem i init'd for no v90 support > > > > We've done this on Nortel 5399's but not the Cisco's. > > > > All help and URL's greatly appreciated! > > > > Darren > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: compression 800/1720/2620
For Cisco 800, it is unavailable, because of 800's max serial speed is 512 Kbps (for non-compress data). But 1720 /2620, i say only MAYBE. Regards. -Original Message- From: Gabriel Nickel [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 10:18 AM To: groupstudy Subject: compression 800/1720/2620 Hi group Got a question regarding compression: Can a Cisco 800, 1720 or 2620 (without AIM) provide ppp (payload)compression for a 2mbit serial line? I dont know if the processor is able to handle this... I would appreciate answers from the practical viewpoint. thanks in advance, Gabriel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rép. : Which IOS do you run in your lab?
Hello, I pass lab exam 23 and 24 october 2000, and IOS version are 11.3 and 12.0 ( 12.0.7T , 12.0.11) for 3640, the 12.07T is for 3640 with ATM feature and VOICE. Thierry ** >>> Brian <[EMAIL PROTECTED]> 03/11/00 01h57 >>> I wanted to get an idea of which version of IOS most of you are running in your labs? You would want a version of course that is very stable, yet offers good features. I would think 11.2 at minimum, since so many major changes occured with that. Correct me if I am wrong, but CCIE lab can test features as recent as 12.0 and beyond...so I am wondering if alot of you run 12.0. Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rép. : Cisco Switch 2948G-L3 Question
hello, Cisco switch 2948-L3 are IOS and each VLAN must be considere as Virtual Bridge. For VLAN 1, each port must have command "bridge-group 1" and you do create a BVI with number 1. The ip address for this VLNA will be in the BVI interface. Is it a configuration BRIDGE IRB. Your config will be as : ! hostname R1 ! bridge irb ! interface bvi 1 ip address 10.0.0.1 255.255.255.0 ! interface bvi 2 ip address 172.16.1.1 255.255.255.0 ! interface ethernet 0/1 bridge-group 1 ! interface ethernet 0/2 bridge-group 1 ! interface ethernet 0/3 bridge-group 1 ! interface ethernet 0/4 bridge-group 2 ! interface ethernet 0/4 bridge-group 2 ! interface ethernet 0/5 bridge-group 2 ! .../.. ! interface ethernet 0/48 ip address 192.168.1.1 255.255.255.0 ! bridge 1 protocol ieee bridge 1 bridge ip# default no bridge 1 route ip bridge 3 protocol ieee bridge 1 bridge ip# default no bridge 1 route ip ! router rip network 10.0.0.0 network 172.16.0.0 network 192.168.1.0 no auto-summary .../... You must do command in oder, or reboot is a good idea fur running IRB. ==> Is a CCIE Lab sujet. Best Regard THIERRY * >>> Manoj Ghorpade <[EMAIL PROTECTED]> 03/11/00 02h01 >>> Hi Group, I have a Cisco 2948G-L3 switch and want to setup the management on the switch.I tried doing things the documentation said but it won't work. The documentation says anyone of the ports (1-48 Fastetherenet) can be used for management or the 2 Gigabit ports 49-50 can be used for management. I have a VLAN of first 6 ports in Bridge 1(1-6)( which i don't want to touch) and rest all the ports in Bridge 2 (7-48). I assigned an IP address to port 48 and tried a ping but got no reply. Can anyone help me on this Best Regards Manoj Ghorpade _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Easy question about downloading-uploading IOS
This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez[EMAIL PROTECTED]www.vianet.esLas Palmas de Gran Canaria
Re: BGP next-hop-self
thanks I understand now , but how there is one more thing that needs u to further clarify and that is the first soluion that you mention , I dont quite understand why it will solve the problem appreciate if you can elaborate thanks suaveguru --- Peter Van Oene <[EMAIL PROTECTED]> wrote: > When BGP routers learn routes via BGP, they learn > two key pieces of information; A destination prefix, > and a next hop address. Within an AS, BGP routers > communicate with IBGP. Within the AS however, the > next hop address for each prefix is by default not > modified. That means that all IBGP routers within > an AS will maintain a consistent view of the > external world. > > However, consider the following. > > R1 AS1 <---> R2 AS2 <---R2 AS2 > EBGP IBGP > > Consider that R1 advertises prefix 10/8 into AS2. > R2 will learn this 10/8 address and the > corresponding next hop address. In this case, lets > say that 11/8 is the subnet between R1 and R2 and > R1's uses 11.0.0.1 and R2 uses 11.0.0.2. Hence, R2 > will publish 10/8 with a next hop of 11.0.0.1 in its > routing table. > > R2 will then advertise 10/8 via IBGP to R2 with the > next hop of 11.0.0.1. However, as 11/8 is an > external point to point link and may not be a subnet > that R2 is aware of. If this is the case, R2 will > not be able to resolve a route toward 11/8 and thus > will be unable to post the route due to the rules of > BGP. > > Two solutions exist to solve this problem (well two > pop into my mind). The first way would be to have > R2 advertise the external link (11/8 in this case) > into the AS so that all IBGP routers will learn it. > This however increases the size and complexity of > the IGP within the AS. > > The second option is to have R2 replace the next hop > address with his own address. Naturally, his own > address will be known throughout the AS (BGP depends > on TCP so this has to be the case) and thus when R2 > receives the 10/8 advertisement, it will see R2's > interface as the next hop and thus be able to > resolve the bgp next hop and post the route. > > I hope this makes sense :) > > Pete > > > > > *** REPLY SEPARATOR *** > > On 11/3/2000 at 11:58 AM suaveguru wrote: > > >hi , > > > >Anyone knows what does next-hop-self in bgp means > >please explain to me > > > >thanks > > > >suaveguru > > > >__ > >Do You Yahoo!? > >>From homework help to love advice, Yahoo! Experts > has your answer. > >http://experts.yahoo.com/ > > > >_ > >FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CRC!!!!!!
Hi all Can any one tell me when we get CRC like show as follows, what could be the problem, I am getting this on a serial interface (WIC) on E1 (2Mb) link. Thanks an adv. MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, rely 254/255, load 6/255 Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:03:44 Queueing strategy: fifo ** __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Easy question about downloading-uploading IOS
This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez[EMAIL PROTECTED]www.vianet.esLas Palmas de Gran Canaria
RE: compression 800/1720/2620
It depends on if your going to use it as a peer with an ISP. I wouldnt recommend a 1720, but if its stand alone with only static routes to it, you can live with a 26xx. If you plan on running BGP with full routes or even partial routes, your router will die. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serhat Erkan Sent: Monday, November 06, 2000 8:18 PM To: Gabriel Nickel; groupstudy Subject: RE: compression 800/1720/2620 For Cisco 800, it is unavailable, because of 800's max serial speed is 512 Kbps (for non-compress data). But 1720 /2620, i say only MAYBE. Regards. -Original Message- From: Gabriel Nickel [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 10:18 AM To: groupstudy Subject: compression 800/1720/2620 Hi group Got a question regarding compression: Can a Cisco 800, 1720 or 2620 (without AIM) provide ppp (payload)compression for a 2mbit serial line? I dont know if the processor is able to handle this... I would appreciate answers from the practical viewpoint. thanks in advance, Gabriel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Official Cisco ICND 1.0 Courseware for CCNA. Bonus Added!
Only two days left to bid on this Official Cisco Courseware The winning bidder will also receive, in addition to the complete Cisco ICND Courseware (Student Guide, Lab Book, Lab Book Diagrams), a Cisco Products Quick Reference Guide and a Cisco Documentation CD. Both of these are invaluable tools for becoming educated in the COMPLETE Cisco product line, not to mention getting certified! Good Luck! http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=483238353 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Easy question about downloading-uploading IOS
If the 2 routers are the same then "no problem" -Original Message-From: Carlos Márquez [mailto:[EMAIL PROTECTED]]Sent: Monday, November 06, 2000 11:12 AMTo: [EMAIL PROTECTED]Subject: Easy question about downloading-uploading IOS This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez[EMAIL PROTECTED]www.vianet.esLas Palmas de Gran Canaria
RE: Easy question about downloading-uploading IOS
yes for sure but still illegal Ehab CCNP, MCSE, ASE, CNE -Original Message-From: Carlos Márquez [mailto:[EMAIL PROTECTED]]Sent: Monday, November 06, 2000 2:12 PMTo: [EMAIL PROTECTED]Subject: Easy question about downloading-uploading IOS This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez[EMAIL PROTECTED]www.vianet.esLas Palmas de Gran Canaria
Easy question about downloading-uploading IOS
This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez [EMAIL PROTECTED] www.vianet.es Las Palmas de Gran Canaria _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Easy question about downloading-uploading IOS
hi On Mon, 6 Nov 2000, [iso-8859-1] Carlos Márquez wrote: |Can I download the IOS from a router and upload it on another router? yip, that is taking into account that the IOS is correct for that router. |router 1: copy flash tftp |router 2: copy tftp flash | |and then the router 2 will boot with the same IOS version than router 1 with |no problem ? on router you may have tell the router what version of code you want it to load, that depends on how many version of code are in the flash. -- Jacques _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rép. : Easy question about downloading-uploading IOS
** High Priority ** hello, yes you can. You must copy IOS before on the first Router ( flash, flash card, etc ...) Activate server tftp on the fisrt Router with name of file. "Router(config)#tftp-server flash:name of IOS" On the second Router, copy tftp flash where the IP address of TFTP is the IP of the first Router. Prefer IP address of serial link, in boot rom no routing process RUN. Best Regard Thierry [EMAIL PROTECTED] FRENCH >>> "Carlos Márquez" <[EMAIL PROTECTED]> 06/11/00 12h26 >>> This is the question: Can I download the IOS from a router and upload it on another router? I mean: router 1: copy flash tftp router 2: copy tftp flash and then the router 2 will boot with the same IOS version than router 1 with no problem ? Carlos A. Márquez [EMAIL PROTECTED] www.vianet.es Las Palmas de Gran Canaria _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fw: School assignment for you to respond to & forward
> Hello! > > > > > > > > We are in Mrs.. Alison Hargrave's 4th grade class at Donaldsonville > > > > Elementary School in Donaldsonville, Louisiana. Donaldsonville is > about > > > > 35 minutes southeast from Baton Rouge. In Social Studies, we are > > > studying > > > > state regions and decided to map an email project. We will plot the > > > states > > > > the emails come from as they arrive. It will also help us with > > > graphing > > > in > > > > Math. We are very curious to see where in the world our email will > > > travel > > > > by internet throughout the rest of the school year. We NEED your help. > > > > > > > > We ask you to do two things: > > > > 1. E-mail us and tell us your location so that we can plot on our > world > > > > map. Please include your city/town, state/province, and country. > > > > 2. Forward this letter to as many people as possible!!! Even if they > > > > live in the same town as you. Thank you for any help that you can > > > > give. > > > > > > > > Our e-mail address is: [EMAIL PROTECTED] > > > > > > > > We hope to hear from you soon!! > > > > > > > > Your friends, > > > > Mrs.. Alison Hargrave > > > > Donaldsonville Elementary > > > > Donaldsonville, Louisiana, USA >
BCMSN & BSCN Books for sale, cheap.
I have both the BCMSN and the BSCN books for sale. These books are all that I used to pass the coresponding tests. They are written by Thomas Thomas along with others. These are the McGraw hill books that have same subject matter as the Cisco Press books. I will sell them both for $40 Ea. plus $5 Ea. for shipping to anywhere in the US. ($20 savings each) Buy one or both. I will sell to first interested emails back to me. Plesase respond offline. The books are clean (no markings) and come with a CD of about 200 questions. Both are less than 2 months old. Regards Sean __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Boson CCIE Written Practice test
Can anyone whose has passed the CCIE written commit on whether the Boson test helped you passed the 350-001? thanks Jeff _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab reccomendation for CCNP
All, I've seen this before but can't find the link. Can someone point me to a URL(s) that gives recommendation for CCNP home lab equipment? Or give your recommendation. Thx _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIM Voice Internetworking VoIP Simulator
Hi Friends Has anyone used the CIM Voice Internetworking VoIP Simulator (Cisco Career Certifications) by Systems, Inc. Cisco ISBN: 1587200236 Would someone care to comment on it especially about how good this book is for the CCNP voice and CCIE voice sections. Thanks Sam _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Subinterface question
Our internal network has 10 subnets that can be utilitized (10.10.1.x - 10.10.10.x). The router IP address is 10.10.1.1. When I create a subinterface for 10.10.2.1 what is the metric for the 10.10.2.x subnet to get to the 10.10.1.x subnet? Being that it is the same router will it be 1 or does each subinterface increment the metric by 1 thereby making the metric 2 for each subinterface? Thanks, Jeff _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BSCN book
You can go to bestbookbuys.com which is kind of a pricewatch.com for books. It seems like the book is so new that they are going for retail at most book stores. However, you can get coupon codes for $10.00 off at Barnes&Nobles. That's what I did - it paid for shipping. ""Jeff Duchin"" <[EMAIL PROTECTED]> wrote in message 8u1st3$nmj$[EMAIL PROTECTED]">news:8u1st3$nmj$[EMAIL PROTECTED]... > Do you guys know where I can get this for lower than the retail price? If I > go through my work I get a discount but it takes too damn long... I'm taking > a trip next week and want it sooner. Any suggestions? > > Cheers, > Jeff > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf question --sorry for not clear
OSPF only supports balacing over equal cost paths. Are the same destinations being "learned" from both links? Or are they different routes/destinations? On Mon, 6 Nov 2000, Zhang Jin wrote: > Dear droup, > > The question I post today may be not make you clear.What I mean is: > Can I make ordinary trafic through one leased-line and urgent trafic > through another leased-line,that is ,can I control the behavior of > load-balance.And how? > > thanks again > > dean > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN and NAT
"Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > >I have a requirement to run a VPN for remote access and NAT for the > entire > >LAN. I would prefer to run the one or the other on the router. > >Does anyone have any suggestions as to which? I am also currently > running > >BGP. My opinion is to run the VPN on the router and NAT on another > box > >therby creating a DMZ. However the file servers will be behind the > NAT. > > How do I get from the VPN routers - thru the firewall - to the internal > >file servers? > > > > What problem are you trying to solve with these technologies? We are setting up a multihomed environment with two providers (BGP) We also want remote users to have secure access into the LAN from home. (VPN). There is also a request to NAT everything on the LAN behind either a proxy server or a FW. What does the BGP do? > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT
no - Original Message - From: Chris Truesdale <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 03, 2000 1:25 PM Subject: NAT > This might be stupid, but can someone show me the command to clear a static > NAT... Cisco shows you how to clear a dynamic NAT... Any help would be > appreciated > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCMSN and the BSCN books for sale
I have both the BCMSN and the BSCN books for sale. These books are all that I used to pass the coresponding tests. They are written by Thomas Thomas along with others. These are the McGraw hill books that have same subject matter as the Cisco Press books. I will sell them both for $40 Ea. plus $5 Ea. for shipping to anywhere in the US. ($20 savings each) Buy one or both. I will sell to first interested emails back to me. Plesase respond offline. The books are clean (no markings) and come with a CD of about 200 questions. Both are less than 2 months old. Regards Sean __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCMSN and the BSCN books for sale
I have both the BCMSN and the BSCN books for sale. These books are all that I used to pass the coresponding tests. They are written by Thomas Thomas along with others. These are the McGraw hill books that have same subject matter as the Cisco Press books. I will sell them both for $40 Ea. plus $5 Ea. for shipping to anywhere in the US. ($20 savings each) Buy one or both. I will sell to first interested emails back to me. Plesase respond offline. The books are clean (no markings) and come with a CD of about 200 questions. Both are less than 2 months old. Regards Sean _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCN: Books recommendation; my 0.02 cents
I see a lot of posting about the BSCN books. This is just my point of view on the books that are out there for learning the material for the exam and retaining the information afterwards. Doyle's Routing TCP/IP covers OSPF/EIGRP completely as well as Route map, route redistribution, ODR default route, and route filtering Halabi's Interner Routing Architecture covers all you need to know about BGP and more There is no need for additional books and YOU NEED THOSE TWO BOOKS ANYWAY as reference and for CCIE. The other book out there that tries to cover all the objectives in one book, but really fails to do so, IMHO, is BSCN by Mr. Thomas II I read the book and made some comments on this list earlier last month. There seemed to be a consensus on the poor quality of writing on the subjects covered in the book. We have to buy enough books as it is so buy the good ones first and if you want additional resources use CCO Just a man's point of view.. HTH Daniel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterface question
If I understand correctly, both networks on the same router..different subinterfaces. If Im thinking about this correctly, the metric in the routing table will be 0 because they are both directly connected networks. Thoughts from anyone else? -jm ""Jeff Walzer"" <[EMAIL PROTECTED]> wrote in message 005501c047ff$1f8a3e00$[EMAIL PROTECTED]">news:005501c047ff$1f8a3e00$[EMAIL PROTECTED]... > Our internal network has 10 subnets that can be utilitized (10.10.1.x - > 10.10.10.x). The router IP address is 10.10.1.1. > > When I create a subinterface for 10.10.2.1 what is the metric for the > 10.10.2.x subnet to get to the 10.10.1.x subnet? > > Being that it is the same router will it be 1 or does each subinterface > increment the metric by 1 thereby making the metric 2 for each subinterface? > > Thanks, > Jeff > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange Cisco 675 ARP behavior
I've been messing around with a sniffer program on my home network and I've noticed some unexpected behavior from my Cisco 675 router. When I scan for ARP queries I can see that my router is continually scanning through my entire subnet doing an ARP query for each address one by one. Is this normal router behavior? I suspect it has something to do with the fact that it is configured to be a DHCP server, is it normal for Cisco routers to check for used IP addresses? Is this standard CBOS behavior? Any ideas would be appreciated, it just makes me really curious. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN and NAT
> >> >I have a requirement to run a VPN for remote access and NAT for the >> entire >> >LAN. I would prefer to run the one or the other on the router. >> >Does anyone have any suggestions as to which? I am also currently >> running >> >BGP. My opinion is to run the VPN on the router and NAT on another >> box >> >therby creating a DMZ. However the file servers will be behind the >> NAT. >> > How do I get from the VPN routers - thru the firewall - to the internal >> >file servers? >> > "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > > >> What problem are you trying to solve with these technologies? "Dave Santeramo" <[EMAIL PROTECTED]> replied, > >We are setting up a multihomed environment with two providers (BGP) >We also want remote users to have secure access into the LAN from home. >(VPN). There is also a request to NAT everything on the LAN behind either >a proxy server or a FW. > OK, I see the BGP and VPN requirements. I'm still a little vague on why you want NAT -- address conservation or something else? In a multihomed routing environment, the externally visible addresss (router, DNS, etc.) really should be registered. Before commenting further on the VPN, what is your security model? Are you simply trying to protect traffic while it is in the public Internet, or on an end-to-end basis? Will this be IPsec, SSL, etc.? Do you trust the firewall/proxy to have access to all traffic in cleartext form? How do you plan to authenticate users and distribute cryptographic keys? Are your users mobile or at fixed sites? If the encryption is host-to-host (i.e., from workstation to file server), a true firewall function (whatever that is) has limited applicability. Since the firewall can't examine packet contents that it can't decrypt, you might as well use a router to provide rate limiting and martian filtering--a proxy won't work in this context. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Technical Director, CertificationZone.com Senior Product Manager, Carrier Packet Solutions, NortelNetworks (for ID only) but Cisco stockholder! "retired" Certified Cisco Systems Instructor (CID) #93005 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterface question
On Mon, 6 Nov 2000, Jeff McCoy wrote: > If I understand correctly, both networks on the same router..different > subinterfaces. If Im thinking about this correctly, the metric in the > routing table will be 0 because they are both directly connected networks. Yes, AD of 0, Metric of 0. Brian > > Thoughts from anyone else? > > -jm > > ""Jeff Walzer"" <[EMAIL PROTECTED]> wrote in message > 005501c047ff$1f8a3e00$[EMAIL PROTECTED]">news:005501c047ff$1f8a3e00$[EMAIL PROTECTED]... > > Our internal network has 10 subnets that can be utilitized (10.10.1.x - > > 10.10.10.x). The router IP address is 10.10.1.1. > > > > When I create a subinterface for 10.10.2.1 what is the metric for the > > 10.10.2.x subnet to get to the 10.10.1.x subnet? > > > > Being that it is the same router will it be 1 or does each subinterface > > increment the metric by 1 thereby making the metric 2 for each > subinterface? > > > > Thanks, > > Jeff > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Strange Cisco 675 ARP behavior
I noticed the same behavior about a year ago. It is actually arp'ing for every address in the DHCP address pool. Not the interface's subnet. At that time, no one had any explanations in the comp.cisco Usenet group. I also believe this behavior started with the CBOS 2.3 upgrade. I could not confirm this. This was driving me crazy. Little things like this bother me. I reduced the pool size to the exact number of devices attached and I believe the arp'ing behavior stops. I could not find a lot of info on CBOS. I hope there is a CBOS guru out there who can satisfy my curiosity. -Original Message- From: Curtis Call [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 9:00 AM To: [EMAIL PROTECTED] Subject: Strange Cisco 675 ARP behavior I've been messing around with a sniffer program on my home network and I've noticed some unexpected behavior from my Cisco 675 router. When I scan for ARP queries I can see that my router is continually scanning through my entire subnet doing an ARP query for each address one by one. Is this normal router behavior? I suspect it has something to do with the fact that it is configured to be a DHCP server, is it normal for Cisco routers to check for used IP addresses? Is this standard CBOS behavior? Any ideas would be appreciated, it just makes me really curious. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ubr924
Nah. screw the people at @home, and at cablevision. if you look hard enough on CCO, youll find something. for instance, i have a cable modem and had the same problem. but did you know that in IOS release 12.1.2(T) and ONLYthat version, ther is an interface command ip address dhcp ? i had the same problem as you. take a look with this ios tho interface FastEthernet2/0 ip address dhcp ip nat outside duplex auto speed auto Rick Holden wrote: > I have a cable router that I am trying to get working in my house, but with > no success. The problem is the service provider is not giving me an IP > address and the IOS doesn't let me assign one. I believe that the service > provider wants to assign it based on the hostname, because that how my PC > gets it. Is there a way to send the router's hostname in the DHCP request? > Or does anyone know how I can get an IP address on the cable interface. > Any help would appreciated? Thanks? > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO Consultant Engineers needed in Europe
CISCO SYSTEMS EUROPE - CONSULTANT ENGINEERS NEEDED! Consulting Engineer EMEA Location, any of:UK, France, Spain Portugal, Denmark, Norway, Sweden and Finland POSITION DESCRIPTION: We are looking for a candidate with at least 5 years experience within a national or international Service Provider (SP) or Telecom manufacturer in the following functions : Network design and architecture Technical and marketing consulting The candidate will be responsible for creating a technical solution that will include network design, and for promoting his solution to multiple audiences: technical, marketing and senior levels. Answers to tenders will also be part of this persons responsibilities. This position will be part of a European consulting team, whose charter is to develop and coordinate activities for incumbent Service Provider. The Service Provider Consulting Team major missions are · Stay at the edge of technology by working with Cisco's sales force on the worldwide largest and the most challenging networks. · Work with Cisco Engineering to implement new features required either by the larger size of nowadays networks or by new technologies. · Spread the knowledge to Cisco's System Engineers and to Cisco's partner. CANDIDATE PROFILE: In order to succeed in this role, applicants should have strong technical skills as well as a clear capacity to understand the customers business environment and requirements. Interpersonal skills are key for this function: including communication (internally and towards customer) and capacity to speak in small to medium audiences to the highest levels, CEOs and CTOs. The candidate should be fluent in English. Technical experience should include a very good knowledge of one or more technologies used in the SP environment particularly : · Core Routing · Content Networking · Optical Networking · Aggregation techniques (Dial, xDSL, cable modem) · Voice Technologies (VoIP, Voice Trunking, Signalling ) · Network Management · Security Most importantly, capacity to promote SP new services and solutions will be greatly appreciated. If you feel that you fit this role please send your latest CV/resume to Tim Jones , [EMAIL PROTECTED] Alternatively if you think you have friends that could be interest please help spread the work and forward this message to them. Ecruiter Cisco Systems EMEA [EMAIL PROTECTED] http://www.fastcompany.com/ftalk/carefeeding.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DNS Problem
I have a unique problem. I'm trying to put our firewall up using the Cisco IOS access-list commands. When I put it in place, with TCP and UDP ports 53 open, DNS will not work. We are using Windows 2000 Server as our DNS Server. Is there a bug in Windows 2000? Or does Windows 2000 use an additional port for DNS that I'm not aware of. Thanks. Gary Millner [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterface question
>If I understand correctly, both networks on the same router..different >subinterfaces. If Im thinking about this correctly, the metric in the >routing table will be 0 because they are both directly connected networks. > >Thoughts from anyone else? > >-jm > >""Jeff Walzer"" <[EMAIL PROTECTED]> wrote in message >005501c047ff$1f8a3e00$[EMAIL PROTECTED]">news:005501c047ff$1f8a3e00$[EMAIL PROTECTED]... >> Our internal network has 10 subnets that can be utilitized (10.10.1.x - >> 10.10.10.x). The router IP address is 10.10.1.1. >> >> When I create a subinterface for 10.10.2.1 what is the metric for the >> 10.10.2.x subnet to get to the 10.10.1.x subnet? >> >> Being that it is the same router will it be 1 or does each subinterface >> increment the metric by 1 thereby making the metric 2 for each >subinterface? > > I'm unclear what you both mean when you speak of metrics. No type of interface or subinterface inherently has a metric until you define a routing mechanism with respect to that interface -- and that mechanism defines the metric. So OSPF and EIGRP, in practice, use bandwidth as a metric. RIP uses hop count, which may be what you are thinking of. The zero value for a directly connected network is the administrative distance, which is different from a metric. Administrative distances rank preferences among sources of routing information, lower values being more preferable. For example, an OSPF route with an administrative distance of 110 will never be preferred to a directly connected route. A RIP route (to the same destination) will never be preferred to an OSPF route. (note...I'm assuming here that you use the standard route selection algorithms without overriding anything) Metric is used as a tie-breaker between routes of the same administrative difference. Prefix length is considered before administrative distance. A route of 192.168.0.0/28 from RIP is preferable to any OSPF route to 192.168.0.0/24. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Study group format info wanted
My personal opinion is that reading should be handled by each member of the group. You should use the group time to work on the hands-on lab part. If a certain topic is a problem then maybe there should be a formal lecture, but if you all got a lab manual and starting working on labs that would probaly be the most effective use of time. We are going to form a group and probaly meet twice a week for group lab time. (Wed Evening and Sat Afternoon about 6 hours a week) Reading should be done every day by each participant. Having three or four people working on, thinking up and executing lab scenarios is a powerful tool. Good Luck Duck - Original Message - From: Dave <[EMAIL PROTECTED]> To: Cisco Cert (E-mail) <[EMAIL PROTECTED]> Sent: Friday, November 03, 2000 3:35 PM Subject: Study group format info wanted > Hi all, > > I am interested in starting a study group at my company, and am interested > in how other existing study groups are formatted. For instance, I know that > some groups read a chapter from a book, then meet to discuss that particular > chapter and ask each other questions. > > An idea that I had was to come up with topics that were of interest to the > group, have a person volunteer to take a topic and become an expert on that > particular subject. In the beginning there could be a large list of topics, > people would volunteer, and meetings would be scheduled to discuss a > particular topic on a particular night. Topics could be added as necessary. > The subject expert would lecture (informally speaking) and during the > explanation of the subject questions could be asked by the group members. > If there were questions that could not be answered, the lecturer would write > them down and get back to the group at the next meeting. > > My rationale is that you must really learn a subject if you have to explain > it clearly to others. The person doing the explaining will have to really > understand what he is talking about, as well as be able to explain it to > others. Sharing this load among the members of the group should help > everyone and, assuming everyone that lectures is clear and thorough, will > minimize the amount of time for the group as a whole to gain proficiency in > topics. > > Are there any other groups doing this? Are there other formats that > existing groups are using with success? I welcome feedback on the format, > as well as any other suggestions to make efficient use of time. > > Thanks, > Dave > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: certificate server
Comments inline. "Jim Bond" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > I'm kind of confused on certificate servers: > 1. Is the certificate for devices (host, router etc.) > or persons? Either one. Remeber that a certificate is really a "validated" (by a certificate authority) Public key of a key pair. A CA validates the pair, but the key pair can be "owned" by a device or a person > 2. Do I have to use seperate certificates on web > browsing, email, file transfer etc? If not, how does > the certificate handle all these? You can use the same certificate for these, or you can have any number of certificates and designate what each of them should be used for. Server-provided services generally leverage a server-based certificate in some way (like SSL does) while e-mail is usually covered by a user (or client) certificate. Part of the x.509v3 specification includes fields for "accepted applications," e.g. use for personal e-mail and posting, but not for credit transactions. For web browsing, you usually read in the trusted root of the certificate authority into the browser (if it wasn't there already) and that makes it easier to accept content "signed" by a certificate validated by that CA. Otherwise you are prompted to accept certificates on a one-at-a-time basis as you hit encrypted of protected content. Your e-mail client software should provide you with info on how to set up certificates. Each program is a bit different here. > 3. Is windows 2000 certificate server a good choice > for enterprise? Or Netscape a good one? > Thanks in advance. Can't say, I've only used Netware 5.1 as a CA. It works very well, and stores certificates either as properties of the user objects, or as separate NDS objects for servers, etc. > > Jim > > __ > Do You Yahoo!? > Thousands of Stores. Millions of Products. All in one Place. > http://shopping.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speed performance!!
If you supernet you will put all stations on one segement. Your network would not slow down but come down. You need to look to some switching design with fastether channel to the server. Duck - Original Message - From: jeongwoo park <[EMAIL PROTECTED]> To: Groupstudy <[EMAIL PROTECTED]> Sent: Friday, November 03, 2000 3:56 PM Subject: Speed performance!! > Hi all > My file server is on 140.222.20.1/24 > Clients are on these four subnets. > 140.222.150.0/24 > 140.222.181.0/24 > 140.222.237.0/24 > 140.222.200.0/24 > > There is such a slow data transfer rate going from any > of these 4 subnets to the subnet where the server is. > All clients get DHCP ip addresses > As a suggestion, someone told me to supernet. > As far as I know, in order to supernet, subnet ip > addresses should be contiguous, and I think the idea > of supernetting is to include multiple subnets into > one supernetted subnet. So we can transfer data within > one subnet instead of transferring through router for > subnet-to-subnet transfer. > However, these five subnet ip addresses are not > contiguous. > How can I supernet non-contiguous subnet ip addresses? > By following Cisco book instruction on supernetting, I > got this address: 140.222.0.0/16 Is this correct? > If this was correctly supernetted, what should I do > next? > Should I go to each individual stations (about 600 > stations) for new TCP/IP setup? I am sure there should > be better way to handle this. > > I have only several months of network experience. I am > still newbie. > I will appreciate your help > Thanks in adv. > > jw > > > > __ > Do You Yahoo!? > From homework help to love advice, Yahoo! Experts has your answer. > http://experts.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sybex e-trainer
Buy a router Duck - Original Message - From: Erik Doss To: [EMAIL PROTECTED] Sent: Saturday, November 04, 2000 2:18 PM Subject: Sybex e-trainer Has anyone used this? Is it worth the money? I found it at bookpool for $50, and I really need something besides reading the book, short of spending craploads of money on routers :) Thanks
Re: ISDN call disconnects automatically !
does your configuration have an idle-timeout command. if so then when there is no insteresting traffic it will timeout in the seconds instructed what protocols are you routing...ipx, ip ??? >From: "Hans Schimek" <[EMAIL PROTECTED]> >Reply-To: "Hans Schimek" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: ISDN call disconnects automatically ! >Date: Sun, 5 Nov 2000 16:48:17 +0100 >MIME-Version: 1.0 >Received: from [208.32.175.78] by hotmail.com (3.2) with ESMTP id >MHotMailBBCECEFA00B8D82197DED020AF4E11D224; Sun Nov 05 08:01:38 2000 >Received: from localhost (mail@localhost)by groupstudy.com (8.9.3/8.9.3) >with SMTP id KAA04026;Sun, 5 Nov 2000 10:57:20 -0500 >Received: by groupstudy.com (bulk_mailer v1.12); Sun, 5 Nov 2000 10:51:03 >-0500 >Received: (from listserver@localhost)by groupstudy.com (8.9.3/8.9.3) id >KAA03746GroupStudy Mailer; Sun, 5 Nov 2000 10:51:03 -0500 >Received: from server.local (N237P031.adsl.highway.telekom.at >[213.33.29.159])by groupstudy.com (8.9.3/8.9.3) with ESMTP id >KAA03729GroupStudy Mailer; Sun, 5 Nov 2000 10:51:01 -0500 >Received: from homer ([192.168.0.3])by server.local (8.10.2/8.10.2/SuSE >Linux 8.10.0-0.3) with SMTP id eA5Gs4J00736for <[EMAIL PROTECTED]>; Sun, >5 Nov 2000 17:54:04 +0100 >From [EMAIL PROTECTED] Sun Nov 05 08:02:03 2000 >X-Authentication-Warning: server.local: Host [192.168.0.3] claimed to be >homer >Message-ID: <[EMAIL PROTECTED]> >X-Priority: 3 (Normal) >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 >Importance: Normal >Sender: [EMAIL PROTECTED] >Precedence: bulk >X-MIME-Autoconverted: from 8bit to quoted-printable by groupstudy.com id >KAA04026 > >ISDN calls get disconncted after some time - >though traffic is flowing - and the interface >is NOT idle - so it should not be disconncted - >or is there a timer which disconnects all calls >after a while ? > > >thanx in advance > > >00:42:199726942860: ISDN BR1/0: received HOST_DISCONNECT call_id 0x8012 >00:42:197568495616: ISDN BR1/0: Event: Call to was hung up. >00:42:199726942732: ISDN BR1/0: process_disc_ack(): call id 0x8012, ces 1, >call >type DATA >00:42:197568495663: %ISDN-6-DISCONNECT: Interface BRI1/0:1 disconnected >from 20 > 2504, call lasted 120 seconds >00:42:199726942540: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to >down >00:42:199724968501: ISDN BR1/0: received HOST_DISCONNECT_ACK call_id 0x8012 >00:42:197568495616: ISDN BR1/0: HOST_DISCONNECT_ACK: call type is DATA >00:42:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:1, changed >stat >e to down >00:42:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, >chang >ed state to down > > > > > >= >Hans Schimek > >Student >Fachhochschule St. Pölten f. >Telekommunikation und Medien > >mailto: [EMAIL PROTECTED] > gsm : +43 699 10605315 > fax : +43 3613 2311 4 > icq : 22308773 > www : www.schimek.net > >= > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ubr924
You need to have you service provider provision your cable modem. If it is a DOCSIS network the standard calls for all cable modems to be provisioned by a DHCP and TFTP server. Once the modem is provisioned then it should come up. Who is your service provider? Is it a DOCSIS network? Duck - Original Message - From: Rick Holden <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 04, 2000 5:08 PM Subject: ubr924 > I have a cable router that I am trying to get working in my house, but with > no success. The problem is the service provider is not giving me an IP > address and the IOS doesn't let me assign one. I believe that the service > provider wants to assign it based on the hostname, because that how my PC > gets it. Is there a way to send the router's hostname in the DHCP request? > Or does anyone know how I can get an IP address on the cable interface. > Any help would appreciated? Thanks? > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
checkpoint to Pix
Anyone had any luck setting up a VPN tunnel between these two? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed BCRAN
Passed BCRAN last friday with a score of 909 out of 1000. Here is how I passed: Read Cisco-press book by Catherine Paquet (Good, gives alot of information) Read McGraw-Hill book by Thomas & Quiggle (Also good, easier to read) Used Boson practice test 1. (Helpful) Took the one week training class at Mentortech. Mentor always does a great job and the instructor (Steve Daleo) was excellent. The archives are correct as to what to study, ISDN (BRI&PRI), Async dialup, PPP, TACACS+, NAT, etc. This was the easiest of the three CCNP tests I have passed (ACRC, BCMSN, BCRAN). They give you a list of commands (About 40) that you can choose from for the fill in the blank questions. Three down, one (CIT) to go. I'll check the archives for CIT hints and if the BOSON tests were good for CIT. --Scott _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
I believe DNS uses random ports to communicate once it has established a session using port 53. This means you would need to open up the ports greater than 1023 for this to work. Perhaps someone can confirm this as my recollection of this is a little shaky. >From: "Millner, Gary" <[EMAIL PROTECTED]> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: DNS Problem >Date: Mon, 6 Nov 2000 12:14:30 -0500 > >I have a unique problem. I'm trying to put our firewall up using the Cisco >IOS access-list commands. When I put it in place, with TCP and UDP ports >53 >open, DNS will not work. We are using Windows 2000 Server as our DNS >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an >additional port for DNS that I'm not aware of. > >Thanks. > >Gary Millner >[EMAIL PROTECTED] > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP next-hop-self
The key requirement here is to ensure that all IBGP routers can resolve (that is find a route to) the BGP provided next hop router for each prefix advertised. This step is fundamental to the proper installation of routes into routing tables. The first way to accomplish this (in the case where the next hop address for a group of prefixes lies on a point to point link) is simply to advertise the external link into the IGP domain. For example, consider this is your edge router interface s0/0 ip address 1.1.1.1 255.255.255.252 interface e0 ip address 10.1.1.1 255.255.255.0 router bgp 1 neighbor 1.1.1.2 as 2 neighbor 10.1.1.2 as 1 neighbor 10.1.1.2 as 1 router ospf 1 network 10.1.1.1 0.0.0.0 area 0 (forgive any syntax, haven't configured cisco in a while) In this case, the peer router in AS 2 will advertise prefixes with a next hope of 1.1.1.2. However, assuming as 1 runs OSPF, you can see that the this router does not advertise the 1.1.1.0/30 subnet into the ospf domain. Hence, all the IBGP neighbors will not know how to get to the 1.1.1.2 router and thus all the prefixes they learn will not be usable. To solve this, you can advertise the 1.1.1.0 subnet by adding it to the ospf process (network 1.1.1.1 0.0.0.0 area 0) or maybe a redistribute connected etc. Or, you can use next hop self "neighbor 10.1.1.2 next-hop-self" to use the 10.1.1.1 address as the next hop for all prefixes learned from 1.1.1.2 via bgp. Does that help? Pete *** REPLY SEPARATOR *** On 11/6/2000 at 2:13 AM suaveguru wrote: >thanks I understand now , but how there is one more >thing that needs u to further clarify and that is the >first soluion that you mention , I dont quite >understand why it will solve the problem > >appreciate if you can elaborate > >thanks > >suaveguru >--- Peter Van Oene <[EMAIL PROTECTED]> wrote: >> When BGP routers learn routes via BGP, they learn >> two key pieces of information; A destination prefix, >> and a next hop address. Within an AS, BGP routers >> communicate with IBGP. Within the AS however, the >> next hop address for each prefix is by default not >> modified. That means that all IBGP routers within >> an AS will maintain a consistent view of the >> external world. >> >> However, consider the following. >> >> R1 AS1 <---> R2 AS2 <---R2 AS2 >> EBGP IBGP >> >> Consider that R1 advertises prefix 10/8 into AS2. >> R2 will learn this 10/8 address and the >> corresponding next hop address. In this case, lets >> say that 11/8 is the subnet between R1 and R2 and >> R1's uses 11.0.0.1 and R2 uses 11.0.0.2. Hence, R2 >> will publish 10/8 with a next hop of 11.0.0.1 in its >> routing table. >> >> R2 will then advertise 10/8 via IBGP to R2 with the >> next hop of 11.0.0.1. However, as 11/8 is an >> external point to point link and may not be a subnet >> that R2 is aware of. If this is the case, R2 will >> not be able to resolve a route toward 11/8 and thus >> will be unable to post the route due to the rules of >> BGP. >> >> Two solutions exist to solve this problem (well two >> pop into my mind). The first way would be to have >> R2 advertise the external link (11/8 in this case) >> into the AS so that all IBGP routers will learn it. >> This however increases the size and complexity of >> the IGP within the AS. >> >> The second option is to have R2 replace the next hop >> address with his own address. Naturally, his own >> address will be known throughout the AS (BGP depends >> on TCP so this has to be the case) and thus when R2 >> receives the 10/8 advertisement, it will see R2's >> interface as the next hop and thus be able to >> resolve the bgp next hop and post the route. >> >> I hope this makes sense :) >> >> Pete >> >> >> >> >> *** REPLY SEPARATOR *** >> >> On 11/3/2000 at 11:58 AM suaveguru wrote: >> >> >hi , >> > >> >Anyone knows what does next-hop-self in bgp means >> >please explain to me >> > >> >thanks >> > >> >suaveguru >> > >> >__ >> >Do You Yahoo!? >> >>From homework help to love advice, Yahoo! Experts >> has your answer. >> >http://experts.yahoo.com/ >> > >> >_ >> >FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> >Report misconduct and Nondisclosure violations to >> [EMAIL PROTECTED] >> >> >> >> _ >> FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] > > >__ >Do You Yahoo!? >Thousands of Stores. Millions of Products. All in one Place. >http://shopping.yahoo.com/ > >_ >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Non
Re: certificate server
Just out of curiosity, does your Netware Certificate Server work with IPSec for VPN access etc? Cheers >From: "Tom Traband" <[EMAIL PROTECTED]> >Reply-To: "Tom Traband" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: certificate server >Date: Mon, 6 Nov 2000 11:17:28 -0600 > >Comments inline. > >"Jim Bond" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > I'm kind of confused on certificate servers: > > 1. Is the certificate for devices (host, router etc.) > > or persons? > >Either one. Remeber that a certificate is really a "validated" (by a >certificate authority) Public key of a key pair. A CA validates the pair, >but the key pair can be "owned" by a device or a person > > > 2. Do I have to use seperate certificates on web > > browsing, email, file transfer etc? If not, how does > > the certificate handle all these? > >You can use the same certificate for these, or you can have any number of >certificates and designate what each of them should be used for. >Server-provided services generally leverage a server-based certificate in >some way (like SSL does) while e-mail is usually covered by a user (or >client) certificate. Part of the x.509v3 specification includes fields for >"accepted applications," e.g. use for personal e-mail and posting, but not >for credit transactions. > >For web browsing, you usually read in the trusted root of the certificate >authority into the browser (if it wasn't there already) and that makes it >easier to accept content "signed" by a certificate validated by that CA. >Otherwise you are prompted to accept certificates on a one-at-a-time basis >as you hit encrypted of protected content. > >Your e-mail client software should provide you with info on how to set up >certificates. Each program is a bit different here. > > > 3. Is windows 2000 certificate server a good choice > > for enterprise? Or Netscape a good one? > > Thanks in advance. > >Can't say, I've only used Netware 5.1 as a CA. It works very well, and >stores certificates either as properties of the user objects, or as >separate >NDS objects for servers, etc. > > > > > Jim > > > > __ > > Do You Yahoo!? > > Thousands of Stores. Millions of Products. All in one Place. > > http://shopping.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speed performance!!
I think it may be somewhat premature to assume that the performance issue stems from a lack of bandwidth to the server. I think we still need to see the topology logically and get a feel for what devices are doing what. Who's to say this isn't 600 people on shared 10 with a nt box doing some forwarding :) *** REPLY SEPARATOR *** On 11/7/2000 at 10:13 AM Donald B Johnson Jr wrote: >If you supernet you will put all stations on one segement. Your network >would not slow down but come down. >You need to look to some switching design with fastether channel to the >server. >Duck >- Original Message - >From: jeongwoo park <[EMAIL PROTECTED]> >To: Groupstudy <[EMAIL PROTECTED]> >Sent: Friday, November 03, 2000 3:56 PM >Subject: Speed performance!! > > >> Hi all >> My file server is on 140.222.20.1/24 >> Clients are on these four subnets. >> 140.222.150.0/24 >> 140.222.181.0/24 >> 140.222.237.0/24 >> 140.222.200.0/24 >> >> There is such a slow data transfer rate going from any >> of these 4 subnets to the subnet where the server is. >> All clients get DHCP ip addresses >> As a suggestion, someone told me to supernet. >> As far as I know, in order to supernet, subnet ip >> addresses should be contiguous, and I think the idea >> of supernetting is to include multiple subnets into >> one supernetted subnet. So we can transfer data within >> one subnet instead of transferring through router for >> subnet-to-subnet transfer. >> However, these five subnet ip addresses are not >> contiguous. >> How can I supernet non-contiguous subnet ip addresses? >> By following Cisco book instruction on supernetting, I >> got this address: 140.222.0.0/16 Is this correct? >> If this was correctly supernetted, what should I do >> next? >> Should I go to each individual stations (about 600 >> stations) for new TCP/IP setup? I am sure there should >> be better way to handle this. >> >> I have only several months of network experience. I am >> still newbie. >> I will appreciate your help >> Thanks in adv. >> >> jw >> >> >> >> __ >> Do You Yahoo!? >> From homework help to love advice, Yahoo! Experts has your answer. >> http://experts.yahoo.com/ >> >> _ >> FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Problem
I believe you can also permit established connections which would do the same thing with a little more security. -Original Message- From: Frank Wells [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 12:02 PM To: [EMAIL PROTECTED] Subject: Re: DNS Problem I believe DNS uses random ports to communicate once it has established a session using port 53. This means you would need to open up the ports greater than 1023 for this to work. Perhaps someone can confirm this as my recollection of this is a little shaky. >From: "Millner, Gary" <[EMAIL PROTECTED]> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: DNS Problem >Date: Mon, 6 Nov 2000 12:14:30 -0500 > >I have a unique problem. I'm trying to put our firewall up using the Cisco >IOS access-list commands. When I put it in place, with TCP and UDP ports >53 >open, DNS will not work. We are using Windows 2000 Server as our DNS >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an >additional port for DNS that I'm not aware of. > >Thanks. > >Gary Millner >[EMAIL PROTECTED] > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Top Down Network Design vs. CID course text book
I'd use both, and since I wrote the Sybex CID text and
Priscilla has recommended mine (I'm recommending
her's) I think that is a strong recommendation. The
CID Study Guide is designed around the exam to take
you through the objectives. It includes marerial not
on the exam and material on the exam that is not in
the objectives. Top-Down is a well presented design
guide that was written with a different focus.
--- tony <[EMAIL PROTECTED]> wrote:
> Top Down Network Design is very good,not only for
> the exam!!!
>
>
>
> On 3 Nov 2000 13:57:38 -0500, [EMAIL PROTECTED]
> ("Hubert Pun")
> wrote:
>
> >For the CID exam, which is better?
> >For overall design career, which is better?
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=
Robert Padjen
__
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written
Well there are study materials available at www.thetestpage.net/ccie also sample test available at www.thetestpage.net/engine Good luck [EMAIL PROTECTED] ""motor_5"" <[EMAIL PROTECTED]> wrote in message 8tuk3e$d1p$[EMAIL PROTECTED]">news:8tuk3e$d1p$[EMAIL PROTECTED]... > Hello, > >My name is Roy Snyder, and I really enjoy reading your questions. > I am ATM certified in LAN, WAN, and ForeView for Managers. My question is > this: How do I go about taking the CCIE written test. I have the book and > CD, and I want to take the test by summer 2001. Any help would be > appreciated. > Any ATM questions I will try my best to answer, also. > > > Roy Snyder (Network Engineer) > "Ya Wen" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, all: > > > > Just came back from the CCIE written test and Yeah, PASSED! It was a > > fairly good test, covers a lot of stuff. Not as hard as I expect though. > > Anyway, I am glad it is over, the next thing is even more exciting! > > > > Thanks to all the group memebers who contribute to this list. It > > definitely helped a lot just reading those posts and intelligent > > responses. > > > > -Ya > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written
Well there are study materials available at www.thetestpage.net/ccie also sample test available at www.thetestpage.net/engine Good luck [EMAIL PROTECTED] ""motor_5"" <[EMAIL PROTECTED]> wrote in message 8tuk3e$d1p$[EMAIL PROTECTED]">news:8tuk3e$d1p$[EMAIL PROTECTED]... > Hello, > >My name is Roy Snyder, and I really enjoy reading your questions. > I am ATM certified in LAN, WAN, and ForeView for Managers. My question is > this: How do I go about taking the CCIE written test. I have the book and > CD, and I want to take the test by summer 2001. Any help would be > appreciated. > Any ATM questions I will try my best to answer, also. > > > Roy Snyder (Network Engineer) > "Ya Wen" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, all: > > > > Just came back from the CCIE written test and Yeah, PASSED! It was a > > fairly good test, covers a lot of stuff. Not as hard as I expect though. > > Anyway, I am glad it is over, the next thing is even more exciting! > > > > Thanks to all the group memebers who contribute to this list. It > > definitely helped a lot just reading those posts and intelligent > > responses. > > > > -Ya > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written
Well there are study materials available at www.thetestpage.net/ccie also sample test available at www.thetestpage.net/engine Good luck [EMAIL PROTECTED] ""motor_5"" <[EMAIL PROTECTED]> wrote in message 8tuk3e$d1p$[EMAIL PROTECTED]">news:8tuk3e$d1p$[EMAIL PROTECTED]... > Hello, > >My name is Roy Snyder, and I really enjoy reading your questions. > I am ATM certified in LAN, WAN, and ForeView for Managers. My question is > this: How do I go about taking the CCIE written test. I have the book and > CD, and I want to take the test by summer 2001. Any help would be > appreciated. > Any ATM questions I will try my best to answer, also. > > > Roy Snyder (Network Engineer) > "Ya Wen" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, all: > > > > Just came back from the CCIE written test and Yeah, PASSED! It was a > > fairly good test, covers a lot of stuff. Not as hard as I expect though. > > Anyway, I am glad it is over, the next thing is even more exciting! > > > > Thanks to all the group memebers who contribute to this list. It > > definitely helped a lot just reading those posts and intelligent > > responses. > > > > -Ya > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Lab with Nortel and IBM Routers
>I have come across some IBM 2210 routers as well as Bay Networks (nortel >) BCNs and BLNs. are there any cables to connect the 2210s or BCNs to >Cisco equipment back to back? > >Please send repies to: > >Josh Youngman >[EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router for Sale - UK only
Hi, I was wondering if anybody is interested in buying my router. I bought it for my Cisco training and no longer need it. It's a Cisco 1603 ISDN Router with the optional Serial WIC card. It's got a 4MB Flash Card with OS v11.2. It's fully boxed and has all the manuals and software. Mint condition. I'll include my old CCNA Guide (640-407) printed by SYBEX. It cost me about £1100 all in. Sensible offers only please. Please contact me directly, so we don't disturb the group. ([EMAIL PROTECTED]) Thanks Andrew Miller _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Problem
Title: RE: DNS Problem DNS using random ports is a new one on me. I've never heard of that, but would be interested in learning more if you have a resource to suggest. Are you implementing the access list correctly? Remember that port 53 is the source, not the destination. I have a similar setup in my home lab and the rule is: access-list 101 permit tcp any eq 53 any log. - Don -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 10:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: DNS Problem I believe you can also permit established connections which would do the same thing with a little more security. -Original Message- From: Frank Wells [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 12:02 PM To: [EMAIL PROTECTED] Subject: Re: DNS Problem I believe DNS uses random ports to communicate once it has established a session using port 53. This means you would need to open up the ports greater than 1023 for this to work. Perhaps someone can confirm this as my recollection of this is a little shaky. >From: "Millner, Gary" <[EMAIL PROTECTED]> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: DNS Problem >Date: Mon, 6 Nov 2000 12:14:30 -0500 > >I have a unique problem. I'm trying to put our firewall up using the Cisco >IOS access-list commands. When I put it in place, with TCP and UDP ports >53 >open, DNS will not work. We are using Windows 2000 Server as our DNS >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an >additional port for DNS that I'm not aware of. > >Thanks. > >Gary Millner >[EMAIL PROTECTED] > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Problem
AFAIK, DNS does not use random ports, however just like most TCP session, the source port will always be a random port above 1023. The below in-bound ACL will permit your site to access a remote DNS server. access-list 100 permit udp host x.x.x.x eq 53 any (of course, replace the X's with your DNS server's IP Address) Irwin From: Frank Wells [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 12:02 PM To: [EMAIL PROTECTED] Subject: Re: DNS Problem I believe DNS uses random ports to communicate once it has established a session using port 53. This means you would need to open up the ports greater than 1023 for this to work. Perhaps someone can confirm this as my recollection of this is a little shaky. >From: "Millner, Gary" <[EMAIL PROTECTED]> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: DNS Problem >Date: Mon, 6 Nov 2000 12:14:30 -0500 > >I have a unique problem. I'm trying to put our firewall up using the Cisco >IOS access-list commands. When I put it in place, with TCP and UDP ports >53 >open, DNS will not work. We are using Windows 2000 Server as our DNS >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an >additional port for DNS that I'm not aware of. > >Thanks. > >Gary Millner >[EMAIL PROTECTED] > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
first, dns is only udp. dns will establish connections by connecting TO port 53, but will connect from a port >1023. just allowing established connections will NOT work. dns server that your dns server queries will need to open a connection TO your nameserver. you need to find a DNS server that everyone will use, and allow ALL ports >1023 on that dns server to open udp connections to your nameserver. if you want to learn from this, you need to go to the router with the problem, debug security, and udp / tcp packets (as detailed as possible) and look at what is Being denied and how you can fix it. "Millner, Gary" wrote: > I have a unique problem. I'm trying to put our firewall up using the Cisco > IOS access-list commands. When I put it in place, with TCP and UDP ports 53 > open, DNS will not work. We are using Windows 2000 Server as our DNS > Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > additional port for DNS that I'm not aware of. > > Thanks. > > Gary Millner > [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ubr924
I have @home and use a ubr924. Yes, the cable installer had to take the serial # off the back of the router and they had to make some changes at the other end. So, when the router connects to the headend it downloads a special config file called "ios.cnf" which automatically connects me to the @home network. The downside is I'm locked out of the router (i.e., my console password is overwritten). @home gave me a static IP address for my workstation and since the router operates in bridiging mode (just like DSL) all is well. I then assigned that static IP address to a NETgear 311 router which does NAT/DHCP, so all my devices can now get to the internet via the ubr924. Remember, in bridging mode the router has no ip address assigned. I'd really like to now how to console into the router, but the DOCSIS standard doesn't seem to allow this. I'd love to hear others' experiences with the ubr924 & @home. For instance, has anyone successfully made voice calls over the Internet? I am able to make calls from one room in my house to another, but since the router doesn't have an IP address I don't see how I can call using VoIP. Eric Donald B Johnson Jr wrote: > You need to have you service provider provision your cable modem. If it is a > DOCSIS network the standard calls for all cable modems to be provisioned by > a DHCP and TFTP server. Once the modem is provisioned then it should come > up. Who is your service provider? Is it a DOCSIS network? > Duck > - Original Message - > From: Rick Holden <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, November 04, 2000 5:08 PM > Subject: ubr924 > > > I have a cable router that I am trying to get working in my house, but > with > > no success. The problem is the service provider is not giving me an IP > > address and the IOS doesn't let me assign one. I believe that the service > > provider wants to assign it based on the hostname, because that how my PC > > gets it. Is there a way to send the router's hostname in the DHCP request? > > Or does anyone know how I can get an IP address on the cable interface. > > Any help would appreciated? Thanks? > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written (Damn, damn, damn)
Well, took the CCIE written today and failed! (63%) Well, know that I have taken it and seen the format of the questions, I can see where my weaknesses are. It certainly is based around basics, and just studying a single book, and trying the tester that came with the book (CCIE 350-001:Routing & Switching Prep Kit by Baer Wolf Inc. Published by Que) is not enough. I'm not saying that the book is no good, I think it is, but getting a good grounding in all areas of networking with Cisco requires a range of reading matter. Still, never mind. It's not the end of the world. I know what I've got to do, and hopefully shall be able to join the ranks of those that have recently passed (well done by the way) in a couple of weeks. Is there a time limit on when it can be taken again? Regards Shaun Wakelen, CCNP Technical Support Engineer Telindus K-Net Ltd This e-mail and any attachments may contain privileged, confidential and/or copyright information and is for the sole use of the intended addressee. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium.This message is subject to and does not create or vary any contractual relationship between Telindus K-NET Ltd and you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
Actually, DNS is both TCP and UDP (port 53 for both) Here's a list of ports in case you need them: http://www.gdd.net/cisco/tcp - Original Message - From: Peter Slow <[EMAIL PROTECTED]> To: Millner, Gary <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 5:49 AM Subject: Re: DNS Problem > first, dns is only udp. > dns will establish connections by connecting TO port 53, but will connect from a port > >1023. > just allowing established connections will NOT work. > dns server that your dns server queries will need to open a connection TO your > nameserver. > you need to find a DNS server that everyone will use, and allow ALL ports >1023 on that > dns server to open udp connections to your nameserver. > > if you want to learn from this, you need to go to the router with the problem, debug > security, and udp / tcp packets (as detailed as possible) and look at what is Being > denied and how you can fix it. > > > > > > > > "Millner, Gary" wrote: > > > I have a unique problem. I'm trying to put our firewall up using the Cisco > > IOS access-list commands. When I put it in place, with TCP and UDP ports 53 > > open, DNS will not work. We are using Windows 2000 Server as our DNS > > Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > > additional port for DNS that I'm not aware of. > > > > Thanks. > > > > Gary Millner > > [EMAIL PROTECTED] > > > > > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where do you put your proxy servers?
I am in the midst of a debate with a coworker on where to put a proxy server in regards to firewall/security physical topology. I say to disable proxy services (if possible) and only use the content caching services, then put the box in the DMZ with other services, like DNS, email, etc. I like this topology better as the firewall can provide some security for these servers and I don't really need the proxy services as I typically will use NAT/PAT on the firewall. My coworker prefers to run the proxy server (proxy and content caching services both enabled) in parallel to the firewall rather than in the internal or DMZ networks, allowing all web surfing to bypass the firewall and not tie up bandwdith on the firewall. I don't like this as well as I feel the security is weakened by doing this. If it's possible to compromise the proxy server (which my coworker doesn't feel is possible), then it might be possible to compromise beyond that. I realize his way may improve firewall performance, but the PIX has never been short in this area and I want security to be top priority over performance. I have a fair amount of experience with this but I'm always open to alternative thinking. Please let me know what you think! Rik Guyler _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written (Damn, damn, damn)
Shaun, Don't give up, most of the time I like to sit back and read other email, but I worked with guys who have been in the field for years 10 or more and have failed the test twice or more, then I work with guys who have 2 years experience and past on first try. If you're like me, I can't take a test no matter how hard or easy it is. Best of luck on the next Rodney -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shaun Wakelen Sent: Monday, November 06, 2000 12:08 PM To: [EMAIL PROTECTED] Subject: CCIE written (Damn, damn, damn) Well, took the CCIE written today and failed! (63%) Well, know that I have taken it and seen the format of the questions, I can see where my weaknesses are. It certainly is based around basics, and just studying a single book, and trying the tester that came with the book (CCIE 350-001:Routing & Switching Prep Kit by Baer Wolf Inc. Published by Que) is not enough. I'm not saying that the book is no good, I think it is, but getting a good grounding in all areas of networking with Cisco requires a range of reading matter. Still, never mind. It's not the end of the world. I know what I've got to do, and hopefully shall be able to join the ranks of those that have recently passed (well done by the way) in a couple of weeks. Is there a time limit on when it can be taken again? Regards Shaun Wakelen, CCNP Technical Support Engineer Telindus K-Net Ltd This e-mail and any attachments may contain privileged, confidential and/or copyright information and is for the sole use of the intended addressee. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium.This message is subject to and does not create or vary any contractual relationship between Telindus K-NET Ltd and you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written (Damn, damn, damn)
Maybe you should just change your name to Chuck. :-) Seriously though, I consider it a miracle that I passed on my first try. The law of averages would suggest that I'll fail my lab on the first try. Speaking of that, I'm scheduled for March 9th in RTP. I'm already dreading it. And let the 4 month study marathon begin. You'll get it next time `round, Shaun. --phil On Mon, 6 Nov 2000, Shaun Wakelen wrote: Well, took the CCIE written today and failed! (63%) Well, know that I have _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
DNS using UDP 53 for their primary, and TCP 53 for secondary. So, if host request DNS primary (UDP 53) was fail it will switch to secondary which using TCP 53. - Original Message - From: "Irwin Lazar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 11:44 AM Subject: RE: DNS Problem > AFAIK, DNS does not use random ports, however just like most TCP session, > the source port will always be a random port above 1023. > > The below in-bound ACL will permit your site to access a remote DNS server. > > access-list 100 permit udp host x.x.x.x eq 53 any > > (of course, replace the X's with your DNS server's IP Address) > > Irwin > > > > From: Frank Wells [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 12:02 PM > To: [EMAIL PROTECTED] > Subject: Re: DNS Problem > > > I believe DNS uses random ports to communicate once it has established a > session using port 53. This means you would need to open up the ports > greater than 1023 for this to work. Perhaps someone can confirm this as my > recollection of this is a little shaky. > > > >From: "Millner, Gary" <[EMAIL PROTECTED]> > >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> > >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > >Subject: DNS Problem > >Date: Mon, 6 Nov 2000 12:14:30 -0500 > > > >I have a unique problem. I'm trying to put our firewall up using the Cisco > > >IOS access-list commands. When I put it in place, with TCP and UDP ports > >53 > >open, DNS will not work. We are using Windows 2000 Server as our DNS > >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > >additional port for DNS that I'm not aware of. > > > >Thanks. > > > >Gary Millner > >[EMAIL PROTECTED] > > > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > Share information about yourself, create your own public profile at > http://profiles.msn.com. > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Lab with Nortel and IBM Routers
Best bet would be to contact a custom cable company. www.LoDanWest.com, www.stonewallcable.com, pacific cable Do you know the pin-outs of the serial ports? > -Original Message- > From: Josh [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 12:53 PM > To: [EMAIL PROTECTED] > Subject: Cisco Lab with Nortel and IBM Routers > > > >I have come across some IBM 2210 routers as well as Bay > Networks (nortel > >) BCNs and BLNs. are there any cables to connect the 2210s > or BCNs to > >Cisco equipment back to back? > > > >Please send repies to: > > > >Josh Youngman > >[EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Where do you put your proxy servers?
Any box can be compromised, be it router, firewall, or proxy server, and despite the religious war that generally erupts when you say it, any OS can be compromised, be it Unix, Solaris, Linux, or NT. Security is a matter of policy, and placement, and structure, and realistic risk assessment. Question - no matter what the box or function involved, should there be a single point of vulnerability, one which if compromised, provides an intruder direct access to your inside network? It does not matter if this single point is a dial up modem line, or a firewall, or anything else. Is this a risk worth taking? My instinct is that security should be implemented in degrees, and in areas. One should not design situations where the compromise of a single box puts someone on the inside. So in that respect I take your side. My opinion is that your associate would create a point of vulnerability where it is not necessary to do so. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rik Guyler Sent: Monday, November 06, 2000 12:20 PM To: '[EMAIL PROTECTED]' Subject:Where do you put your proxy servers? I am in the midst of a debate with a coworker on where to put a proxy server in regards to firewall/security physical topology. I say to disable proxy services (if possible) and only use the content caching services, then put the box in the DMZ with other services, like DNS, email, etc. I like this topology better as the firewall can provide some security for these servers and I don't really need the proxy services as I typically will use NAT/PAT on the firewall. My coworker prefers to run the proxy server (proxy and content caching services both enabled) in parallel to the firewall rather than in the internal or DMZ networks, allowing all web surfing to bypass the firewall and not tie up bandwdith on the firewall. I don't like this as well as I feel the security is weakened by doing this. If it's possible to compromise the proxy server (which my coworker doesn't feel is possible), then it might be possible to compromise beyond that. I realize his way may improve firewall performance, but the PIX has never been short in this area and I want security to be top priority over performance. I have a fair amount of experience with this but I'm always open to alternative thinking. Please let me know what you think! Rik Guyler _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
DNS uses both TCP and UDP on port 53. I believe what you are trying to do is put your DNS server behind the router, in which case port 53 on your DNS server will be the destination. access-list 101 permit udp any host x.x.x.x eq domain access-list 101 permit tcp any host x.x.x.x eq domain If this is an authoritative DNS server, you will need TCP for it to do zone transfers and name queries. If it is only caching, then UDP alone should work. cheers, mark > "Taylor, Don" wrote: > > DNS using random ports is a new one on me. I've never heard of that, > but would be interested in learning more if you have a resource to > suggest. > > Are you implementing the access list correctly? Remember that port 53 > is the source, not the destination. I have a similar setup in my home > lab and the rule is: access-list 101 permit tcp any eq 53 any log. > > - Don > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 10:55 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: DNS Problem > > I believe you can also permit established connections which would do > the > same thing with a little more security. > > -Original Message- > From: Frank Wells [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 12:02 PM > To: [EMAIL PROTECTED] > Subject: Re: DNS Problem > > I believe DNS uses random ports to communicate once it has established > a > session using port 53. This means you would need to open up the ports > > greater than 1023 for this to work. Perhaps someone can confirm this > as my > recollection of this is a little shaky. > > >From: "Millner, Gary" <[EMAIL PROTECTED]> > >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> > >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > >Subject: DNS Problem > >Date: Mon, 6 Nov 2000 12:14:30 -0500 > > > >I have a unique problem. I'm trying to put our firewall up using the > Cisco > >IOS access-list commands. When I put it in place, with TCP and UDP > ports > >53 > >open, DNS will not work. We are using Windows 2000 Server as our DNS > > >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > > >additional port for DNS that I'm not aware of. > > > >Thanks. > > > >Gary Millner > >[EMAIL PROTECTED] > > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
Mark Nguyen wrote: > > DNS uses both TCP and UDP on port 53. I believe what you are trying to > do is put your DNS server behind the router, in which case port 53 on > your DNS server will be the destination. > > access-list 101 permit udp any host x.x.x.x eq domain > access-list 101 permit tcp any host x.x.x.x eq domain > > If this is an authoritative DNS server, you will need TCP for it to do > zone transfers and name queries. If it is only caching, then UDP alone Just to clear up some confusion, when I said name queries, I meant the name queries from remote sites to your DNS server (this is required if your DNS server is the authority for a particular domain). I don't mean the name queries from your local network. cheers, mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Docsis
Yeah you got an expensive cable modem. The 924 does have an IP address but it is probably a private space one (10.x.x.x). The only reason the CM gets a IP address is so that it can perform TFTP, TOD, and SYSLOG functions. Then you are right it is set up to perform bridging functions. The DOCSIS standard says that config parameters must be delivered to the CM by TFTP. The ios.cnf is a TFTP file that is overwriting your config. Probably the minute you break into the router you get bounced off the DOCSIS network. We are waiting for DOCSIS v1.1 to do voice. Reason being 1.0 doesn't do QOS. DOCSIS 1.1 will do QOS, this coupled with Packet Cable will allow VoIP using an HFC plant. We have got dial-tone in our engineering lab and are going to market sometime in first quarter 2001. DUCK Eric Hauptman <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...> I have @home and use a ubr924. Yes, the cable installer had to take the serial # off> the back of the router and they had to make some changes at the other end. So, when the> router connects to the headend it downloads a special config file called "ios.cnf" which> automatically connects me to the @home network. The downside is I'm locked out of the> router (i.e., my console password is overwritten).> > @home gave me a static IP address for my workstation and since the router operates in> bridiging mode (just like DSL) all is well. I then assigned that static IP address to a> NETgear 311 router which does NAT/DHCP, so all my devices can now get to the internet> via the ubr924. Remember, in bridging mode the router has no ip address assigned.> > I'd really like to now how to console into the router, but the DOCSIS standard doesn't> seem to allow this. I'd love to hear others' experiences with the ubr924 & @home. For> instance, has anyone successfully made voice calls over the Internet? I am able to make> calls from one room in my house to another, but since the router doesn't have an IP> address I don't see how I can call using VoIP.> > Eric> > > > Donald B Johnson Jr wrote:> > > You need to have you service provider provision your cable modem. If it is a> > DOCSIS network the standard calls for all cable modems to be provisioned by> > a DHCP and TFTP server. Once the modem is provisioned then it should come> > up. Who is your service provider? Is it a DOCSIS network?> > Duck
RE: Where do you put your proxy servers?
chuck, will you please attach a simple design showing us how and where you recommend placing the proxy...lawrence >From: "Chuck Larrieu" <[EMAIL PROTECTED]> >Reply-To: "Chuck Larrieu" <[EMAIL PROTECTED]> >To: "Rik Guyler" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: RE: Where do you put your proxy servers? >Date: Mon, 6 Nov 2000 12:53:13 -0800 >MIME-Version: 1.0 >Received: from [208.32.175.78] by hotmail.com (3.2) with ESMTP id >MHotMailBBD0672E00B8D821979AD020AF4E103724; Mon Nov 06 13:04:48 2000 >Received: from localhost (mail@localhost)by groupstudy.com (8.9.3/8.9.3) >with SMTP id QAA01430;Mon, 6 Nov 2000 16:02:32 -0500 >Received: by groupstudy.com (bulk_mailer v1.12); Mon, 6 Nov 2000 15:57:38 >-0500 >Received: (from listserver@localhost)by groupstudy.com (8.9.3/8.9.3) id >PAA00560GroupStudy Mailer; Mon, 6 Nov 2000 15:57:38 -0500 >Received: from valiant.cnchost.com (valiant.concentric.net >[207.155.252.9])by groupstudy.com (8.9.3/8.9.3) with ESMTP id >PAA00534GroupStudy Mailer; Mon, 6 Nov 2000 15:57:36 -0500 >Received: from ChuckHome.concentric.net (w008.z064220150.sjc-ca.dsl.cnc.net >[64.220.150.8])by valiant.cnchost.comid PAA19522; Mon, 6 Nov 2000 15:53:14 >-0500 (EST)[ConcentricHost SMTP Relay 1.10] >From [EMAIL PROTECTED] Mon Nov 06 13:06:51 2000 >Message-ID: <000601c04833$948bdd60$[EMAIL PROTECTED]> >X-Priority: 3 (Normal) >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 >In-Reply-To: ><[EMAIL PROTECTED]> >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 >Importance: Normal >Sender: [EMAIL PROTECTED] >Precedence: bulk > >Any box can be compromised, be it router, firewall, or proxy server, and >despite the religious war that generally erupts when you say it, any OS can >be compromised, be it Unix, Solaris, Linux, or NT. > >Security is a matter of policy, and placement, and structure, and realistic >risk assessment. > >Question - no matter what the box or function involved, should there be a >single point of vulnerability, one which if compromised, provides an >intruder direct access to your inside network? It does not matter if this >single point is a dial up modem line, or a firewall, or anything else. Is >this a risk worth taking? > >My instinct is that security should be implemented in degrees, and in >areas. >One should not design situations where the compromise of a single box puts >someone on the inside. So in that respect I take your side. My opinion is >that your associate would create a point of vulnerability where it is not >necessary to do so. > >Chuck > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rik >Guyler >Sent: Monday, November 06, 2000 12:20 PM >To:'[EMAIL PROTECTED]' >Subject: Where do you put your proxy servers? > >I am in the midst of a debate with a coworker on where to put a proxy >server >in regards to firewall/security physical topology. I say to disable proxy >services (if possible) and only use the content caching services, then put >the box in the DMZ with other services, like DNS, email, etc. I like this >topology better as the firewall can provide some security for these servers >and I don't really need the proxy services as I typically will use NAT/PAT >on the firewall. > >My coworker prefers to run the proxy server (proxy and content caching >services both enabled) in parallel to the firewall rather than in the >internal or DMZ networks, allowing all web surfing to bypass the firewall >and not tie up bandwdith on the firewall. I don't like this as well as I >feel the security is weakened by doing this. If it's possible to >compromise >the proxy server (which my coworker doesn't feel is possible), then it >might >be possible to compromise beyond that. > >I realize his way may improve firewall performance, but the PIX has never >been short in this area and I want security to be top priority over >performance. > >I have a fair amount of experience with this but I'm always open to >alternative thinking. Please let me know what you think! > >Rik Guyler > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf question --sorry for not clear
A couple of options to look at, that may or may not be suitable for what you want to do. Static routes? If urgent traffic is to one destination and ordinary traffic is to a different destination, static routes may be suitable - but I expect your requirement isn't that simple. Policy based routing? I've never used this, so can't comment much on it, but it sounds like it could be what you need. Have a look at http://www.cisco.com/warp/public/732/Tech/plicy_wp.htm for a blurb on it. For simple load balancing over two unequal links with OSPF, you would need to change the cost of the links to be the same, using the 'ip ospf cost' interface command. This will make OSPF think the two links are equal paths - it does not do unequal cost load balancing. JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 07/11/2000 08:44 am --- Zhang Jin <[EMAIL PROTECTED]> on 06/11/2000 06:47:56 pm Please respond to Zhang Jin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc:(bcc: JENNY MCLEOD/NSO/CSDA) Subject: ospf question --sorry for not clear Dear droup, The question I post today may be not make you clear.What I mean is: Can I make ordinary trafic through one leased-line and urgent trafic through another leased-line,that is ,can I control the behavior of load-balance.And how? thanks again dean _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Broadcast Suppression!!
Hi, I have a customer who wished to enable broadcast suppression for a new network we're building. Generally I've never used it - I normally like to keep switch configurations as simple as possible. However I have no reason to tell him not to. It's a good feature, and broadcast suppresion is one of the reasons I recommend keeping VLANs smaller rather than bigger (where possible - lots of other things ocnsidered of course). However I am wondering what's a good limit. Years ago, it was said 100 broadcasts per second was a good value - this equates to about 12% of Ethernet if the broadcast are full length packets. These days things are a bit different with Pentium processors on hosts, and FastEthernet. I was thinking of simply setting all ports to 15% as the broadcast threshold, however if some ports are 100Meg and another 10Meg, then 15% of 100Meg will kill the 10Meg ports. Therefore I would be looking at seting 15% on 10Meg ports, and 1.5% on 100Meg ports. This is the sort of thing I wanted to avoid - differenting settings on different ports etc. Any advise - any horror stories I should perhaps know about. Thanks __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
We have seen some bizarre answers to a very simple question about DNS behavior. I'd like to set the record straight based on my years of sniffing DNS transactions. When a client queries a DNS server to map a domain name to an IP address, the client sends the query to UDP port 53. If the server doesn't have an answer, and if the client requested recursive lookup, the server asks another server higher up in the hierarchy. That request also goes to UDP port 53. The responses will be from UDP port 53, destined to the ephemeral (> 1023) port that the requester used as a source port in its request. No rocket science here. When a primary DNS server does a zone transfer of a large number of resource records to a secondary server, the primary server sends the data to TCP port 53. The primary server does a normal TCP 3-way handshake to establish a connection with the secondary server. TCP is appropriate in this case because reliability is required and because of the large amount of data. This is a case where you could use the established keyword. Note, that you couldn't use it in the UDP example, of course. HTH Priscilla > > AFAIK, DNS does not use random ports, however just like most TCP session, > > the source port will always be a random port above 1023. > > > > > > > From: Frank Wells [mailto:[EMAIL PROTECTED]] > > Sent: Monday, November 06, 2000 12:02 PM > > To: [EMAIL PROTECTED] > > Subject: Re: DNS Problem > > > > > > I believe DNS uses random ports to communicate once it has established a > > session using port 53. This means you would need to open up the ports > > greater than 1023 for this to work. Perhaps someone can confirm this as >my > > recollection of this is a little shaky. > > > > > > >From: "Millner, Gary" <[EMAIL PROTECTED]> > > >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]> > > >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > >Subject: DNS Problem > > >Date: Mon, 6 Nov 2000 12:14:30 -0500 > > > > > >I have a unique problem. I'm trying to put our firewall up using the >Cisco > > > > >IOS access-list commands. When I put it in place, with TCP and UDP ports > > >53 > > >open, DNS will not work. We are using Windows 2000 Server as our DNS > > >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > > >additional port for DNS that I'm not aware of. > > > > > >Thanks. > > > > > >Gary Millner > > >[EMAIL PROTECTED] > > > > > > > > > > > >_ > > >FAQ, list archives, and subscription info: > > >http://www.groupstudy.com/list/cisco.html > > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Boot Sequence
How in the world is it possible that there are so many contradicting answers to a simple question: On a router: config register is 0x2102 there is no boot system command in the configuration and there is no valid image file in the flash what will happen? Simple question, right? Now watch the answers: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2501/2500ug/conf.htm - xtocid288623 This link says: If after five attempts a valid Cisco IOS image is not found in Flash memory, the router reverts to boot ROM mode. So, the answer is [boot ROM] Next: Cisco Net Academy, Sem.2 CBT Chapter 5, 5.1.2 or Cisco Networking Academy Program: First Year Companion Guide, pg. 252. says: - Try to boot from network and then from ROM So, the answer is [Network, ROM] Next: CCNA exam book by Wendell Odom (official cisco book) says: will not proceed and terminate the boot process. You must do password recovery to change the cofig register. Can someone with a hard evidence ( apparently my evidences suck ) please tell me which answer is the correct one? No guesses please. TIA, A. Strobel Get free email and a permanent address at http://www.amexmail.com/?A=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie security exam
351-018 (Security Qualification Exam)was the number that was mentioned in this list for cisco security beta exam. I checked up the cisco site and it confirms that : * The Security beta will only be available from October 20, 2000 to November 10, 2000. but in the prometric web site under the cisco certifications i see only 350-009 as CCIE security recertification exam. Please let me know if the ccie security recert exam is same as the above beta mentioned. If you would know as to which exam is the one that closely matches the 350-018 exam ? thanks all john __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pre-requisite for CCNP
I heard that as of July 2000, a CCNA certification is a pre-requisite for taking CCNP exams and a CCNP certification is a pre-requisite for taking CCIE exams. Is this true? Nelluri _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boot Sequence
It would be answer #1. I've seen it happen twice - once on a 4000, and once on a 2611. When it can't find it in flash after a few tries, it defaults to ROM. (w/ 0x2102) Adam Hickey [EMAIL PROTECTED] - Original Message - From: "A.Strobel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 2:43 PM Subject: Boot Sequence > How in the world is it possible that there are so many contradicting answers > to a simple question: > > On a router: config register is 0x2102 > there is no boot system command in the configuration > and there is no valid image file in the flash > what will happen? > > Simple question, right? > > Now watch the answers: > > http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2501/ 2500ug/conf.htm > - xtocid288623 > This link says: > > If after five attempts a valid Cisco IOS image is not found in Flash memory, > the router reverts to boot ROM mode. > So, the answer is [boot ROM] > > > Next: Cisco Net Academy, Sem.2 CBT Chapter 5, 5.1.2 or Cisco Networking > Academy Program: First Year Companion Guide, pg. 252. says: > - Try to boot from network and then from ROM > So, the answer is [Network, ROM] > > > Next: CCNA exam book by Wendell Odom (official cisco book) > says: will not proceed and terminate the boot process. You must do password > recovery to change the cofig register. > > > Can someone with a hard evidence ( apparently my evidences suck ) please tell > me which answer is the correct one? > > No guesses please. > > TIA, > > A. Strobel > > > > > > Get free email and a permanent address at http://www.amexmail.com/?A=1 > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boot Sequence
I agree with AdamJust did it on my 2500. Raul - Original Message - From: "Adam Hickey" <[EMAIL PROTECTED]> To: "A.Strobel" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 6:01 PM Subject: Re: Boot Sequence > It would be answer #1. I've seen it happen twice - once on a 4000, and once > on a 2611. > > When it can't find it in flash after a few tries, it defaults to ROM. (w/ > 0x2102) > > Adam Hickey > [EMAIL PROTECTED] > > > - Original Message - > From: "A.Strobel" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, November 06, 2000 2:43 PM > Subject: Boot Sequence > > > > How in the world is it possible that there are so many contradicting > answers > > to a simple question: > > > > On a router: config register is 0x2102 > > there is no boot system command in the configuration > > and there is no valid image file in the flash > > what will happen? > > > > Simple question, right? > > > > Now watch the answers: > > > > > http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2501/ > 2500ug/conf.htm > > - xtocid288623 > > This link says: > > > > If after five attempts a valid Cisco IOS image is not found in Flash > memory, > > the router reverts to boot ROM mode. > > So, the answer is [boot ROM] > > > > > > Next: Cisco Net Academy, Sem.2 CBT Chapter 5, 5.1.2 or Cisco Networking > > Academy Program: First Year Companion Guide, pg. 252. says: > > - Try to boot from network and then from ROM > > So, the answer is [Network, ROM] > > > > > > Next: CCNA exam book by Wendell Odom (official cisco book) > > says: will not proceed and terminate the boot process. You must do > password > > recovery to change the cofig register. > > > > > > Can someone with a hard evidence ( apparently my evidences suck ) please > tell > > me which answer is the correct one? > > > > No guesses please. > > > > TIA, > > > > A. Strobel > > > > > > > > > > > > Get free email and a permanent address at http://www.amexmail.com/?A=1 > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccie security exam
The new CCIE Security exam is in fact 351-018. When I scheduled the exam I placed a phone call as it was not listed on the web site. The other test is a recertification test only for those who've passed the CCIE written/lab and need to recertify. It's not the same as the new 351-018. Once the new beta expires the real exam will probably come out in about 2 months once they've evaluated all the beta scores and comments. I took the CCIE Security test on Sunday and didn't believe it was nearly as difficult as I had anticipated. --Mike -Original Message- From: John Green To: [EMAIL PROTECTED] Sent: 11/6/00 2:42 PM Subject: ccie security exam 351-018 (Security Qualification Exam)was the number that was mentioned in this list for cisco security beta exam. I checked up the cisco site and it confirms that : * The Security beta will only be available from October 20, 2000 to November 10, 2000. but in the prometric web site under the cisco certifications i see only 350-009 as CCIE security recertification exam. Please let me know if the ccie security recert exam is same as the above beta mentioned. If you would know as to which exam is the one that closely matches the 350-018 exam ? thanks all john __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccie security exam
No the two exams are not the same. Well, I guess I shouldn't say that definitively, since I have not seen 350-009 ;-> In the prelude to the Security Beta, it was stated in no uncertain terms that passing the beta did NOT serve to meet the requirement for recertification. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Green Sent: Monday, November 06, 2000 2:42 PM To: [EMAIL PROTECTED] Subject:ccie security exam 351-018 (Security Qualification Exam)was the number that was mentioned in this list for cisco security beta exam. I checked up the cisco site and it confirms that : * The Security beta will only be available from October 20, 2000 to November 10, 2000. but in the prometric web site under the cisco certifications i see only 350-009 as CCIE security recertification exam. Please let me know if the ccie security recert exam is same as the above beta mentioned. If you would know as to which exam is the one that closely matches the 350-018 exam ? thanks all john __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: re: instructor led training
Thank you all for your input. :) __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
Yuppers. your right, im wrong. oh well. sh*t happens. just allow everything from the nameserver your nameserver is querying. Clayton Dukes wrote: > Actually, DNS is both TCP and UDP (port 53 for both) > > Here's a list of ports in case you need them: > > http://www.gdd.net/cisco/tcp > > - Original Message - > From: Peter Slow <[EMAIL PROTECTED]> > To: Millner, Gary <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, November 06, 2000 5:49 AM > Subject: Re: DNS Problem > > > first, dns is only udp. > > dns will establish connections by connecting TO port 53, but will connect > from a port > > >1023. > > just allowing established connections will NOT work. > > dns server that your dns server queries will need to open a connection > TO your > > nameserver. > > you need to find a DNS server that everyone will use, and allow ALL ports > >1023 on that > > dns server to open udp connections to your nameserver. > > > > if you want to learn from this, you need to go to the router with the > problem, debug > > security, and udp / tcp packets (as detailed as possible) and look at what > is Being > > denied and how you can fix it. > > > > > > > > > > > > > > > > "Millner, Gary" wrote: > > > > > I have a unique problem. I'm trying to put our firewall up using the > Cisco > > > IOS access-list commands. When I put it in place, with TCP and UDP > ports 53 > > > open, DNS will not work. We are using Windows 2000 Server as our DNS > > > Server. Is there a bug in Windows 2000? Or does Windows 2000 use an > > > additional port for DNS that I'm not aware of. > > > > > > Thanks. > > > > > > Gary Millner > > > [EMAIL PROTECTED] > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Cisco 675 ARP behavior
My biggest problem with CBOS is that its so poorly documented. The documentation is a joke. - Original Message - From: "Jim Brown" <[EMAIL PROTECTED]> To: "'Curtis Call'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 11:41 AM Subject: RE: Strange Cisco 675 ARP behavior > I noticed the same behavior about a year ago. It is actually arp'ing for > every address in the DHCP address pool. Not the interface's subnet. > > At that time, no one had any explanations in the comp.cisco Usenet group. I > also believe this behavior started with the CBOS 2.3 upgrade. I could not > confirm this. > > This was driving me crazy. Little things like this bother me. I reduced the > pool size to the exact number of devices attached and I believe the arp'ing > behavior stops. > > I could not find a lot of info on CBOS. I hope there is a CBOS guru out > there who can satisfy my curiosity. > > -Original Message- > From: Curtis Call [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 9:00 AM > To: [EMAIL PROTECTED] > Subject: Strange Cisco 675 ARP behavior > > > I've been messing around with a sniffer program on my home network and I've > noticed some unexpected behavior from my Cisco 675 router. When I scan for > ARP queries I can see that my router is continually scanning through my > entire subnet doing an ARP query for each address one by one. Is this > normal router behavior? I suspect it has something to do with the fact that > it is configured to be a DHCP server, is it normal for Cisco routers to > check for used IP addresses? Is this standard CBOS behavior? Any ideas > would be appreciated, it just makes me really curious. > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access to Routers over Internet for Training
I have 5 Cisco routers I am renting over the internet for Cisco people to train on. I have not had a customer yet, and I really need some feedback. Routers include: (2) 1604, (1) 1601, (1) 2501, and (1) AGS+. The AGS+ can simulate the phone company in a Frame Relay network. I will give access to the rack for $50 for a week, in return for some feedback on the setup. I have some free basic CCNA type user interface labs. Also, for CCDA and advanced CCNA training, you can do config containing; IP, IPX, OSPF, EIGRP, IGRP, NAT, and so on. In addition, I can simulate a 4 site Frame Relay network for more advanced configs. I will give free access for 20 minutes to check out. Also, I take payments via Paypal VISA/MasterCard. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Problem
At 04:41 PM 11/6/00, Mark Nguyen wrote: > > > > If this is an authoritative DNS server, you will need TCP for it to do > > zone transfers and name queries. If it is only caching, then UDP alone > >Just to clear up some confusion, when I said name queries, I meant the >name queries from remote sites to your DNS server (this is required if >your DNS server is the authority for a particular domain). I don't mean >the name queries from your local network. Name queries to an authoritative DNS server are still in UDP. It's zone transfers that use TCP. Priscilla Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pre-requisite for CCNP
I haven't heard anything like that but the CCNA before a CCNP exam is a logical requirement. To me it protects the student more. If you can't do CCNA you shouldn't be looking at CCNP. However, the CCNP before CCIE sounds interesting. At the moment, the CCIE is not tied to the certification track, that is - you can pass go and do the CCIE without the CCNx stuff. I think when the new certification track came out Cisco stated that they would let the CCIE program proceed independently for a while but that eventually it would be brought into the track. If I remember correctly and if you heard right then this would be the logical outcome. However, July 2000? I think we would have heard something about that by now. I think there have been a few attempts at the CCIE by people without any CCNx initials. Maybe July 2001??? Kevin Wigle CCDP/CCNP... - Original Message - From: "Nelluri Reddy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, 06 November, 2000 17:55 Subject: pre-requisite for CCNP > I heard that as of July 2000, a CCNA certification is a pre-requisite > for taking CCNP exams and a CCNP certification is a pre-requisite for > taking CCIE exams. Is this true? > > Nelluri > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP protocol behaviour - Ports above 1023
Got a question about this. Application wants to open a TCP connection to something - say http, so the application issues the request, TCP on the application side uses some random port number above 1023 as the source port number. The destination port is the well know port on the distant end. However, I see from the IANA port listings (http://www.isi.edu/in-notes/iana/assignments/port-numbers ) that there are any number of registered ports above 1023. For example L2TP uses port 1701, Groupwise uses port 1677, ands WINS uses port 1512. The IANA page itself calls ports 1024 through 49151 "registered" and further states that only ports 49152 and beyond are "dynamic and / or private" Anyone ever sniffed outbound traffic and seen apps using source ports in the 1024 through 49151 range? It just occurs to me that this has the potential of creating problems, if an application uses a port reserved for some other application. Since most of the ports in this "registered" range appear to be for obscure kinds of services or applications, perhaps this isn't really and issue. Comments? Chuck _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Security suggestions??
Dear all, I'm going to take the CCIE Security beta exam on this Thu!!! any suggestions on this exam?? and what should I focus more?? Thanks a lot!! tony _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boot Sequence
If the configuration register value on a Cisco router has been set to 0x2102, and the router is unable to load a valid IOS image from Flash, the router will: 1. Attempt a net boot using the boot field value in the configuration register to determine the filename to use when requesting the IOS image to be downloaded. NOTE: If there is a boot system command stored in the startup-config file, a net boot will NOT be attempted. 2. If a valid IOS image cannot be found, the router attempts to boot from the RXBOOT file in ROM. 3. If this file cannot be found, the router continues to boot from ROM Monitor. An IOS can be sent to the router via Xmodem through the console or AUX port if an AUX port exists. Configuration registers and boot sequences seemed to be one of those poorly explained and understood areas - so recently as part of a project I've been working on, I spent a bit of time researching how exactly these processes work. When I first removed my IOS images from Flash, I didn't get the net boot attempt--like as Adam and Raul described. However, once I removed my boot system command from the startup-config file, I received the message: %Error opening tftp://255.255.255.255/cisco2-C1600 (Timed out)boot of "cisco2-C1600" So it does work as explained by the Network Academy book...Hope that helps! - Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of A.Strobel Sent: November 6, 2000 3:44 PM To: [EMAIL PROTECTED] Subject: Boot Sequence How in the world is it possible that there are so many contradicting answers to a simple question: On a router: config register is 0x2102 there is no boot system command in the configuration and there is no valid image file in the flash what will happen? Simple question, right? Now watch the answers: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2501/ 2500ug/conf.htm - xtocid288623 This link says: If after five attempts a valid Cisco IOS image is not found in Flash memory, the router reverts to boot ROM mode. So, the answer is [boot ROM] Next: Cisco Net Academy, Sem.2 CBT Chapter 5, 5.1.2 or Cisco Networking Academy Program: First Year Companion Guide, pg. 252. says: - Try to boot from network and then from ROM So, the answer is [Network, ROM] Next: CCNA exam book by Wendell Odom (official cisco book) says: will not proceed and terminate the boot process. You must do password recovery to change the cofig register. Can someone with a hard evidence ( apparently my evidences suck ) please tell me which answer is the correct one? No guesses please. TIA, A. Strobel Get free email and a permanent address at http://www.amexmail.com/?A=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP protocol behaviour - Ports above 1023
I took a quick peek at some EtherPeek traces I have gathered from various places. In an example of file sharing using SMB on top of NetBIOS on top of TCP, the client uses source port 1025 even though the IANA document says that's for Network Blackjack!? In a Web browsing (HTTP) example, the client uses a source port of 1451 even though the IANA document says that's for IBM Network Management!? In another Web browsing (HTTP) example, the client uses 1406 which is supposedly for NetLabs License Manager. In an FTP example, the client uses a source port of 1661, which is supposedly for IBM Netview. (IBM really went gung ho! &;-) In a Telnet example, the client uses a source port of 2126, which is supposedly for PktCable-COPS. I don't have a real explanation, but I can tell you this: I couldn't find any examples of a source port above 49151. HTH?? P. At 05:24 PM 11/6/00, Chuck Larrieu wrote: >Got a question about this. > >Application wants to open a TCP connection to something - say http, so the >application issues the request, TCP on the application side uses some random >port number above 1023 as the source port number. The destination port is >the well know port on the distant end. > >However, I see from the IANA port listings >(http://www.isi.edu/in-notes/iana/assignments/port-numbers ) that there are >any number of registered ports above 1023. For example L2TP uses port 1701, >Groupwise uses port 1677, ands WINS uses port 1512. The IANA page itself >calls ports 1024 through 49151 "registered" and further states that only >ports 49152 and beyond are "dynamic and / or private" > >Anyone ever sniffed outbound traffic and seen apps using source ports in the >1024 through 49151 range? > >It just occurs to me that this has the potential of creating problems, if an >application uses a port reserved for some other application. Since most of >the ports in this "registered" range appear to be for obscure kinds of >services or applications, perhaps this isn't really and issue. > >Comments? > >Chuck > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Security suggestions??
Blueprint says it all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of tony Sent: Monday, November 06, 2000 5:30 PM To: [EMAIL PROTECTED] Subject:CCIE Security suggestions?? Dear all, I'm going to take the CCIE Security beta exam on this Thu!!! any suggestions on this exam?? and what should I focus more?? Thanks a lot!! tony _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP protocol behaviour - Ports above 1023
While the port selection is random it does effectively make sure something isn't already bound to that port and if it is it will select another random port until it finds a free port. Darren Chuck Larrieu wrote: > Got a question about this. > > Application wants to open a TCP connection to something - say http, so the > application issues the request, TCP on the application side uses some random > port number above 1023 as the source port number. The destination port is > the well know port on the distant end. > > However, I see from the IANA port listings > (http://www.isi.edu/in-notes/iana/assignments/port-numbers ) that there are > any number of registered ports above 1023. For example L2TP uses port 1701, > Groupwise uses port 1677, ands WINS uses port 1512. The IANA page itself > calls ports 1024 through 49151 "registered" and further states that only > ports 49152 and beyond are "dynamic and / or private" > > Anyone ever sniffed outbound traffic and seen apps using source ports in the > 1024 through 49151 range? > > It just occurs to me that this has the potential of creating problems, if an > application uses a port reserved for some other application. Since most of > the ports in this "registered" range appear to be for obscure kinds of > services or applications, perhaps this isn't really and issue. > > Comments? > > Chuck > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
