Re: Troubleshooting 102 - "password recovery"

[Adam Quiggle]

Chuck,

I know it's a little late, but feel free to help yourself to
this configuration register setting thing that I received
and have since modified to suit my needs.  It has all of the
corresponding values in the configuration register and what
they mean.

http://home.nc.rr.com/quiggle/ConfigReg.xls

There is a place to convert the configuration register to
binary, so that you can easily see the configuration.  In
addition there is a place to enter the binary values you want
and it'll spit out the configuration register for you.  :-)

Not that you can't find what you need on CCO, but sometimes its
just more convenient to have it on a laptop that can travel
with you.  :-)

If anyone sees any errors, please let me know.

Thanks,
AQ

At 01:57 AM 1/8/01, Chuck Larrieu wrote:
>Well that wasn't nearly so bad as it could have been. The low life who
>trashed my router, not to mention spoiled it for a lot of folks on these
>lists, could have been more malicious. But he was deliberate. No doubt about
>it.
>
>So here is today's troubleshooting lesson - not really password recovery,
>but configuration register setting recovery. I have done a bit of password
>recovery practice, but not much.
>
>1) cannot get into rommon mode. Not that I can tell. Gibberish of various
>sorts on screen. Check to be sure my version of HyperTerminal sends the
>correct control-break sequence, using another router. it does. I was sure I
>had upgraded this particular version, but these days, when moving between so
>many different computers at home and on the job, one never can tell.
>
>2) Ok, with gibberish on the screen, what are some things to check? A quick
>look through CCO confirms that baud rate is the only terminal setting that
>can be changed in the register. Thank goodness one cannot also change the
>data, stop, and parity.
>
>3) OK. Brute force this thing. 9600 does not work. Let's work down the
>scale, and see. 4800 does not work. 1200 did not work earlier this
>afternoon. But 2400 does work. I see clear text and I see I am in rommon
>after all.
>
>4) Check the current config register setting. E/s 202 [enter] reveals
>the setting as 0x3942 you bad boy!
>
>5) Use the o/r 0x2102 to reset the register  and reload.
>
>6) Rommon again! Hhmmm.
>
>7) OK, this time do a config mem ( I probably should have looked at this
>last time anyway, but I did not )
>
>8) Well, what did the yo-yo do here? Hostname rommon>  interesting.
>Certainly explains the console message I was seeing last time I reloaded.
>Well, I don't have time to fool around any more. Erase start, reload, things
>come up ok. I will copy my saved configuration later.
>
>9) Too bad garbage-head inserted himself into this weekend. Someone was
>doing a very interesting IPSec tunnel between my pod and theirs. I was
>looking forward to seeing the result.
>
>10) End result - learned a few more things which will be valuable in the
>lab - troubleshooting portion.
>
>Extra credit - with a configuration register setting of 0x3942, what was
>happening at boot time?
>
>Chuck
>--
>I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
>it has been is over ( if you hope to pass ) From this time forward, you will
>study US!
>( apologies to the folks at Star Trek TNG )
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


**
  Adam Quiggle
  Senior Network Engineer
  MCI Worldcom/NOC/BP Amoco
  [EMAIL PROTECTED]
**

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

=?utf-7?q?FW=3A_CiscoWorks_+ACY-_HP_Openview_in_multiple_VLAN=2E?=

[=?utf-7?q?Ryan_Ngai_Hon_Kong?=]

Useful info.

Thanks Osama.

-Original Message-
From: Osama Kamal +AFs-mailto:OKamal+AEA-Mobinil.com+AF0-
Sent: Monday, January 08, 2001 4:55 PM
To: Ryan Ngai Hon Kong
Subject: RE: CiscoWorks +ACY- HP Openview in multiple VLAN.


I do not have NT here, but you should look in your manuals or in help files
for 1-using a seed file , 2-Redoing initial discovery.
NT and Unix are using the same configuration file names and parameters, the
difference will be only in the place of these files.


Osama

-Original Message-
From: Ryan Ngai Hon Kong +AFs-mailto:hkngai+AEA-jos.com.my+AF0-
Sent: Monday, January 08, 2001 10:54 AM
To: 'Osama Kamal'
Subject: RE: CiscoWorks +ACY- HP Openview in multiple VLAN.


Thanks for the feedback again.

What if I'm using the Openview for NT?
I think those command is not valid in NT.  :)
Thanks.

Ryan

-Original Message-
From: Osama Kamal +AFs-mailto:OKamal+AEA-Mobinil.com+AF0-
Sent: Monday, January 08, 2001 4:41 PM
To: Ryan Ngai Hon Kong
Subject: RE: CiscoWorks +ACY- HP Openview in multiple VLAN.


Ryan,
the seed file should contain all IP's of your all network devices. the seed
file should be stored in /etc/opt/OV/share/conf directory.
modify the netmon.lrf file to tell where the seed file is located
stop netmon with : ovstop netmon
edit netmon.lrf
add the following to the options area of the netmon.lrf file-s
+ADw-pathname+AD4-/+ADw-file name+AD4-, the netmon.lrf should look like:
   OVs+AF8-YES+AF8-START:ovtopmd,pmd,ovwdb:-P -s
/etc/opt/OV/share/conf/seed+AF8-file:OVs+AF8-WELL+AF8-BEHAVED:15:PAUSE::

update the configuration with:
ovaddobj +ACQ-OV+AF8-LRF/netmon.lrf

redo initial discover
start netmon withovstart netmon

the seed file should NOT contain any blank lines
the seed file should contain only IP's




hope that will help

regards
Osama

-Original Message-
From: Ryan Ngai Hon Kong +AFs-mailto:hkngai+AEA-jos.com.my+AF0-
Sent: Monday, January 08, 2001 10:17 AM
To: 'Osama Kamal'
Subject: RE: CiscoWorks +ACY- HP Openview in multiple VLAN.


No Osama, I didn't use seed files.
Where do I go about this? I'm new to Open VIew...

Thanks for the time.
Ryan


-Original Message-
From: Osama Kamal +AFs-mailto:OKamal+AEA-Mobinil.com+AF0-
Sent: Monday, January 08, 2001 4:00 PM
To: Ryan Ngai Hon Kong
Subject: RE: CiscoWorks +ACY- HP Openview in multiple VLAN.


Do you use a seed file for OpenView? it not, then you should, if you need
more details, just send me.

Regards
Osama Kamal
Sr. Network Engineer
Egyptian Company for Mobile Services
(+-2012)3151298


-Original Message-
From: Ryan Ngai Hon Kong +AFs-mailto:hkngai+AEA-jos.com.my+AF0-
Sent: Monday, January 08, 2001 6:12 AM
To: 'cisco+AEA-groupstudy.com'
Subject: CiscoWorks +ACY- HP Openview in multiple VLAN.


Good day,

It seems that I'm stuck with a problem on my customer network. I doesn't
have much
idea about LANE and their existing network setup since it is managed by
other vendors
so the bottom line is that I cannot view their cisco router configuration at
all.
However base on their existing updated network schematic design, they have 4
core
catalyst switches with RSM module and few distribution +ACY- floor switches.

My current HP Openview and CiscoWorks configuration pointing the address of
the local 
catalyst RSM IP with SNMP read-only enabled. I'm expecting that the HP
Openview
to discover all the devices in the network while the CiscoWorks discover all
the routers
in the network by looking on the routing table in RSM.

At the end, it turns up that both of the network management software didn't
discover
any devices in the network even the after 2 days leaving it on my table to
discover.
Do you guys think that I should replicate/mirror all the other VLANs traffic
into my network
management port (SPAN)? 

Any idea or improvement should I look forward in case I left our any of
requirements?

Thanks in advance.

p/s: I'll be appreciate that if you intend to asked a question, please reply
to my email and I
will reply to your query to the group again to illuminate unnecessary
flooding.

Best wishes,
Ryan

+AF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBf-
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse+AEA-groupstudy.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix FireWall

[Abro Toufic]

Dear Sir,
I have a small question about Pix Firewall and syslog,
what I am looking for any web browser reporting tools can I use it
and some thing like that
any comment
any help
thanks




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Power Points

[Christopher J. Dosch]

Hey Group, does anyone out there know where I can get the BSCN,
BCRAM, CIT and BCMSN Powere Points!  

Thanks



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subject: ATQ0H0

[Jon O'Nan]

Thanks!

I'll give it a try.

Jon


Paul Werner <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes, I have experienced this several times.  It is the dreaded
> Catalyst switch who thinks it is talking to a modem :-)  Here
> are my recommended fixes in this order:
>
> 1.  Get a known good black console cable.  Get several.  Try
> each one out and see if any will get the console to come up
> other than ATQ commands.
>
> 2. Change out your DB-9 to RJ-45 converters with others that
> are known/good.  See if that works.
>
> 3.  Finally, and lastly, change out to other COM ports/other PC
> COM ports to see if that will help.  In the three times I had
> this scenario, only once did I have to go to step 3.
> Obviously, it goes without saying that you need to ensure you
> have the correct COM port settings(9600,8,N,1,) particularly
> with flow control turned *off*.
>
> 4.  If all else fails, upgrade the firmware to something
> older/newer (experiment here).  Yes, I know it is fun sucking a
> 1MB image through a 9600bps line, but that's what a cup of
> coffee is for 8-)
>
> 5.  If this one is so old that it has one of those DB-9 console
> connectors on the back of the switch (vice the newer RJ-45),
> you may need to order Cisco's OEM console cable for that box,
> or you will need to build a null modem cable as specced out
> here (watch wrap):
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/192
> 8v5x/icg5x/csspec.htm#41267
>
> You are on the right track if you can access the diagnostic
> console.  Lastly, strongly resist the temptation to throw the
> switch against the wall.  It may be needed for an RMA:-)
>
> Best of luck,
>
> Paul Werner
>
>
> > Date: Sun, 7 Jan 2001 17:45:17 -0500
> > From: "Jon O'Nan" <[EMAIL PROTECTED]>
> > Subject: ATQ0H0
> >
> > I've been working with an older Catalyst 1900 switch
> (firmware ver 5.37)
> > We
> > can't get any management console output. We are able to bring
> up the
> > diagnostic console by holding in the mode button on the front
> of the
> > switch
> > while turning on the power. After upgrading the firmware via
> xmodem, the
> > switch will POST and then leave us with a blsnk screen except
> for modem
> > strings ATQ0H0. Anyone ever experienced the same issue?
>
>
> 
> Get your own "800" number
> Voicemail, fax, email, and a lot more
> http://www.ureach.com/reg/tag
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator

[AABAN34]

 Cisco has one for $150.00 , it's their CIM CD it's really good, almost real 
and it has much more QA to.

  www.cisco.com/go/cim  or  www.ciscopress.com/cim they have 6 CD's and one 
of them is the ISDN one. You can buy these CD's from any online book store.

   

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP 2.0

[halima yasin]

Hi,
Does anyone have any of the CCNP 2.0 books to sell?
AliGet your FREE download of MSN Explorer at http://explorer.msn.com">http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Troubleshooting 102 - "password recovery"

[Nigel Taylor]

Adam,
I must admit at first looking at your config-register excel
sheet it looks pretty good.
Once I get a chance I'll mess around and see how things work out...

Pretty Neat and thanks for sharing

Nigel

- Original Message -
From: Adam Quiggle <[EMAIL PROTECTED]>
To: Chuck Larrieu <[EMAIL PROTECTED]>; Cisco Mail List
<[EMAIL PROTECTED]>; CCIE_Lab Groupstudy List <[EMAIL PROTECTED]>
Sent: Monday, January 08, 2001 3:11 AM
Subject: Re: Troubleshooting 102 - "password recovery"


> Chuck,
>
> I know it's a little late, but feel free to help yourself to
> this configuration register setting thing that I received
> and have since modified to suit my needs.  It has all of the
> corresponding values in the configuration register and what
> they mean.
>
> http://home.nc.rr.com/quiggle/ConfigReg.xls
>
> There is a place to convert the configuration register to
> binary, so that you can easily see the configuration.  In
> addition there is a place to enter the binary values you want
> and it'll spit out the configuration register for you.  :-)
>
> Not that you can't find what you need on CCO, but sometimes its
> just more convenient to have it on a laptop that can travel
> with you.  :-)
>
> If anyone sees any errors, please let me know.
>
> Thanks,
> AQ
>
> At 01:57 AM 1/8/01, Chuck Larrieu wrote:
> >Well that wasn't nearly so bad as it could have been. The low life who
> >trashed my router, not to mention spoiled it for a lot of folks on these
> >lists, could have been more malicious. But he was deliberate. No doubt
about
> >it.
> >
> >So here is today's troubleshooting lesson - not really password recovery,
> >but configuration register setting recovery. I have done a bit of
password
> >recovery practice, but not much.
> >
> >1) cannot get into rommon mode. Not that I can tell. Gibberish of various
> >sorts on screen. Check to be sure my version of HyperTerminal sends the
> >correct control-break sequence, using another router. it does. I was sure
I
> >had upgraded this particular version, but these days, when moving between
so
> >many different computers at home and on the job, one never can tell.
> >
> >2) Ok, with gibberish on the screen, what are some things to check? A
quick
> >look through CCO confirms that baud rate is the only terminal setting
that
> >can be changed in the register. Thank goodness one cannot also change the
> >data, stop, and parity.
> >
> >3) OK. Brute force this thing. 9600 does not work. Let's work down the
> >scale, and see. 4800 does not work. 1200 did not work earlier this
> >afternoon. But 2400 does work. I see clear text and I see I am in rommon
> >after all.
> >
> >4) Check the current config register setting. E/s 202 [enter] reveals
> >the setting as 0x3942 you bad boy!
> >
> >5) Use the o/r 0x2102 to reset the register  and reload.
> >
> >6) Rommon again! Hhmmm.
> >
> >7) OK, this time do a config mem ( I probably should have looked at this
> >last time anyway, but I did not )
> >
> >8) Well, what did the yo-yo do here? Hostname rommon>  interesting.
> >Certainly explains the console message I was seeing last time I reloaded.
> >Well, I don't have time to fool around any more. Erase start, reload,
things
> >come up ok. I will copy my saved configuration later.
> >
> >9) Too bad garbage-head inserted himself into this weekend. Someone was
> >doing a very interesting IPSec tunnel between my pod and theirs. I was
> >looking forward to seeing the result.
> >
> >10) End result - learned a few more things which will be valuable in the
> >lab - troubleshooting portion.
> >
> >Extra credit - with a configuration register setting of 0x3942, what was
> >happening at boot time?
> >
> >Chuck
> >--
> >I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life
as
> >it has been is over ( if you hope to pass ) From this time forward, you
will
> >study US!
> >( apologies to the folks at Star Trek TNG )
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> **
>   Adam Quiggle
>   Senior Network Engineer
>   MCI Worldcom/NOC/BP Amoco
>   [EMAIL PROTECTED]
> **
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Fraud Companies Beware

[manoj Kumar]

Hi,

Here is a list of fraud companies which lure people in
india to USA.

Please pass this on to all your friends and make them
aware of it.

List of Companies you need to be careful.
1.Mastech Sys
2.Syntel
3.Computer People Inc.
4.Capricon
5.American MegaTrend Inc.
6.CBS
7.Intelligroup (Edison - New Jersey)
8.Cybertech (Chicago ->>Ilinnois)
9.Systech (Gelndale - Calif.)
10.IntecNew Jersey. Now it is named as Compuflex.
11.Indotronixs or Indotronics?
12.Capricorn Systems Inc , Atlanta
13.BCC computers Ltd in Madras *** (Dangerously
BlackListed)**
14.Frontier Systems ***(Highly Black Listed)
15.C G VAK(Coimbatore)
16.Kumaran Software, Anna Nagar, Madras ***
(Highly and Dangerously
BlackListed)***


17.BCS Project Consultants; Bangalore (These people
call themselves BCS
Computers Consultancies and Services. Highly
blacklisted.)
These people lay false claims of having done projects
for defence
organisations.

18.Pragathi Computers; Bangalore. (Highly Blacklisted)
Infact a Belgium
based
organisation is planning to take legal action
on this organisation for claiming to do work for NATO.
FWD TO AS MANY
FRIENDS
IN INDIA AS POSSIBLE.DON'T RECOMMEND THESE KIND OF
COMPANIES TO ANYBODY.
Friends, one of the above mentioned company is owned
by an Indian, Kanna
P.Srinivasan and he owns a company called BCC
computers Ltd in
Madras,India. He
brings Indian programmers under a THREE YEARS bond
which says if the
employee
quits the company he has to pay Rs10,00,000 (only Ten
lakhs).
Also every employee has to surrender their school and
college certificates.
The
contract also says that the employees will be paid
$40,000 per year. The
company will not pay for initial 45days or start pay
after you get the
project
in USA. Once you signed this agreement and surrendered
the certificates you
have fallen in their trap. Then you have only obey
their orders as though
it is
an order from the god (Kannan P srinivasan). They will
take their own time
to
process your H1B Visa (may be more than a year ).
If you ask them you will be taken to USA, they will
humiliate you by saying
that your communication is bad,or you are not
technically good. Recently
employee named Mr. Rao committed suicide in Madras
because the company
terminated him. told that company cannot take him to
USA because he is no
good
technically and communication is bad. The important
point is that he was
waiting in the Madras company for more than 8 months.
Now by God's (Kannan
P
Srinivasan) grace you reached USA. The Best Computer
Consultants ,Kansas
City,
USA will make you to sign another bond with blank
Promisary Note Unfilled
amount you owe to the company The company will send
you to any project
(testing, maintenance, year 2000,(luckily
development). You can't refuse
any
project or you can't resign when you are on project.
If you do so then the
company will terminate you and further sue you for
$10,000 to $30,000). Now
the
company has filed a case against 20 employees in the
Kansas city district
court. The company will never pay you good, they will
never give status on
green card processing if you process with them,
they will ask you to repay relocation
charges,increments will not be
given,but
on regular basis you will be tortured by all the HRD
and Marketing staff
(Sub
Gods).Beware of this company.Please tell your friends
and relatives not to
join
this company and suffer. If anyone joined in Madras
comapny please ask them
to
quit
immediately.
If visa is ready with this company and they are coming
to USA,ATLEAST LET
THEM
NOT SIGN THE AGREEMENT AND THE BLANK
PROMISERYNOTE in USA. * *
Please forward this information to as many as friends
possible
both in USA and INDIA.


__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator

[Brian Howard]

Hi Charles,

I agree with Andy...check into the monthly rate of ISDN in your area, that 
may be the best
way to go.

A few months ago,  another engineer and I bought a ISDN simulator from ARCA
Technologies. We decided upon ARCA mainly due to the fact that they have a 
2 port BRI
simulator with built in NT1s. They were little more expensive than Teltone,
but the unit has worked fine.

I agree, its a hefty investment for your lab, and perhaps sharing the cost 
of the simulator
may make it more affordable ?

Good luck

-Brian

At 08:54 PM 01/07/2001 -0600, Cthulu wrote:
>Hi,  all
>
>I know this has been discussed, and after spending my free time this weekend
>searching high and low for a reasonably priced ISDN simulator, I am forced
>to conclude there is no such beast.   EBAY is a bust thus far,  and the best
>price I have found is for a Teltone (www.teltone.com) ISDN simulator at
>http://www.bigdcom.com/teleline.html. Big D is a Groupstudy recommended
>site;  they sell the ISDN simulator about 1600 bucks, give or take some
>change.
>
>Now to the crux of my dilemma:  do I or don't I?  That is, ask my Mistress
>for this for Christmas, Halloween, and so forth.  She is standing here
>reading this, so I appreciate how wonderful she is! So beautiful with great
>taste in men!   Also, very heroic:  she kept me from drinking a coffee
>flavored Slim Fast (we were out of beer).
>
>Before I approach the checkbook with hat in hand, is this best price?  I
>mean, really?  Has anyone else had better luck?  I hate the thought of
>spending 1600 bucks on a 100 bucks worth of wiring and chips.  Perhaps is it
>time for Groupstudy to form a buyer's union, where we can pool our money and
>buy in bulk at almost wholesale prices.  Good idea?  Bad idea?  Too much
>headache potential?
>
>Luckily for me, Big D is in the Dallas area so I plan on there in person and
>talking to them about these simulators and their prices.  If interested, I
>will let the group know what happens.  If not, I'll keep mum.
>
>Flames, comments all welcome!
>
>Charles
>
>
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Brian E. Howard 
NSA Consulting Engineer
NSA - Network Supported Accounts
Voice: (919) 392-7615
Pager: 1-800-365-4578
e-mail: [EMAIL PROTECTED]
e-page: [EMAIL PROTECTED]

C i s c o S y s t e m s
Research Triangle Park, NC

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

"neighbor" command in eigrp router

[Gabriel . Neagoe]

Hello
I found the "neighbor" option in my routers under "router eigrp..." but i
found no info on what that might do
Does anybody know ?


---
Gabriel Neagoe, GN379-RIPE
Networking solutions consultant
Cisco Certified Network Professional
Cisco Certified Design Associate
S&T Romania
tel: +401 20 40 300
fax: +401 20 40 310
---

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sample paper CCIE R/S written

[Todd Plambeck]

Here are three that I found.

Todd


 http://www.sitamoht.com/cciewe.html

 http://www.examnotes.net/cisco/ccie.shtml

 http://cramsession.brainbuzz.com/cramsession/cisco/ccie_written/guide.asp


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gautam Gupta
Sent: Monday, January 08, 2001 12:08 AM
To: [EMAIL PROTECTED]
Subject: Sample paper CCIE R/S written


Hi

Where can i get a sample paper of CCIE R/S written. I checked colt but
there is nothing...

Regards
Gautam

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCRAN quaestions

[Steven Dangerfield]

Group,

I will be taking my Remote Access this Friday !

I have done lots of study, and I am passing the Boson Tests 80-90% average.

1. Are the Boson tests a good guide for this exam ? (I remember the Switching 
exam from Boson was a lot harder than the real thing !)
2. Anyone who has sat the exam in the last couple of weeks, What are key 
topics to know inside out ?

Thanks in advance.

Steve

Steven Dangerfield, Network Engineer/Analyst
B.Eng, CCNA, CCSA

Email : [EMAIL PROTECTED]


Totalise - the Users ISP
-
To become a member and a shareholder
visit http://www.totalise.net

---
"Do you like your cars fast? Why wait in line When you can buy faster online visit 
http://www.eurekar.com  Save 20% without the wait with Eurekar Accelerator"

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCMSN

[Chiao Liang]

Hi all

I'm taking my BCMSN next week, needed help urgently. Can anyone
recommend any site or book for thsi test. Oh if anyone get any resources
please help me . Millions of Thanks in advance.


Chan
CCNA, CCDA

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix FireWall

[Tommy Mitchell]

Try pixlog at http://cs.calvin.edu/~mpost89/pixlog/
It's really just a perl script that sits on syslog and reads messages as
they come in.  There are some screen shots so you can actually see what
happens.
If you want something more robust (but not free) have a look at Private-I
from www.opensystems.com.  

Tommy

> -Original Message-
> From: Abro Toufic [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 08, 2001 4:57 AM
> To: [EMAIL PROTECTED]
> Subject: Pix FireWall
> 
> 
> Dear Sir,
> I have a small question about Pix Firewall and syslog,
> what I am looking for any web browser reporting tools can I use it
> and some thing like that
> any comment
> any help
> thanks
> 
> 
> 
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab Preparation Question

[Bruce Williams]

Do you think it is necessary to read the recommended books cover to cover
before the lab? The books I am referring to are, TCP/IP Routing,  Internet
Routing Architectures and Cisco LAN Switching. Or is it more important to do
practice labs and just use these books as references when you are doing the
practice labs.


Bruce Williams
[EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Firewall License R or UR ?

[Steve Smith]

Your base mem config for the 520R should be 32 MB. The 520U will be 64.
Or do sh ver.

-Original Message-
From: A.C [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 06, 2001 2:53 PM
To: [EMAIL PROTECTED]
Subject: Pix Firewall License R or UR ?


Hi,  Does anyone know a command on Pix Firewall 520 that shows what kind
of
license it has (R -UR license)?

Thank you


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Troubleshooting 102 - "password recovery"

[Fowler, Joey]

It is the reason you couldn't connect at 9600. That setting makes it run at
2400 baud.

0x2142 = 9600.
0x2942 = 4800
0x3142 = 1200
0x3942 = 2400

Do I get a sucker???

Joey Fowler





Extra credit - with a configuration register setting of 0x3942, what was
happening at boot time?

Chuck
--
I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
it has been is over ( if you hope to pass ) From this time forward, you will
study US!
( apologies to the folks at Star Trek TNG )

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sample paper CCIE R/S written

[Curtis Call]

Well obviously a true sample would be a violation of the NDA, but there are 
a couple sample questions on the cisco website under the certification 
section (in the CCIE R/S written area).  Also, I found certification zone's 
practice test to be a good example of the difficulty of the written exam.

At 11:38 AM 1/8/01 +0530, you wrote:
>Hi
>
>Where can i get a sample paper of CCIE R/S written. I checked colt but
>there is nothing...
>
>Regards
>Gautam
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Security

[Arthur Stewart]

The 3 new exams are product focused (PIX, IDS, VPN) so you'll probably end
up in the doc anyway.  Syngress has a Cisco Security book out which has
chapters on each of these areas.  The Cisco Press MCNS book is supposed to
be a port of the cisco course, which will cover some, but not all you need.
I haven't seen any good books on PIX or IDS/NetRanger, but Cisco Press has a
book, MPLS and VPN Architectures
by Ivan Pepelnjak, ISBN: 1587050021 that might be useful, I'm not sure.

As general study reference outlines, I use the Global Knowledge on-line
course outlines for the three courses and the Cisco Exam Blueprints for the
Security CCIE Qualification Exam and the Security CCIE Recertification Exam
(good books and links).

As to why the increase, look at what's happening to the CCIE.  There used to
be five: R&S, ISP-Dial, WAN (StrataCom), SNA-IP, and Design.  ISP-Dial and
WAN are being combined/updated/revamped, SNA-IP looks like it's retiring,
Design is being updated/altered/reconsidered, R&S has gained voice and maybe
some security and lost some of the somewhat less primary protocols.
Depending on how the upcoming Service Provider & Security CCIE's get
implemented, security may one of Cisco's top focuses (foci?) right after
routing and switching, there is a market for it.

It is daunting that there are five specializations: SNA-IP, Voice, ATM, Net
Mgmt, and Security: 3 require 1 test, 1 requires 2 tests (Net Mgmt), and
Security takes 4, ouch!  Of course, once you get through MCNS, PIX, IDS and
VPN, you'll probably be in very good shape for the Security CCIE
Qualification Exam.  Good luck.

Arthur Stewart CCNP, CISSP




Jon Cuthbert wrote in message
<[EMAIL PROTECTED]>...
>Does anyone know of any good books for the 4 exams now required for
>the Security specialisation.
>
>I know the Managing Cisco Network Security book by Cisco Press is due
>out. But what about the PIX and other exams.
>
>Also I wonder why they've suddenly increased the exams for this
>specialistation compared with the others.
>
>Thanks
>
>Jon
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BOSON CVOICE

[Austin]

Has anyone used the Boson CVOICE Practice tests in preparation for the
CVOICE test?
Would you recommend it to help prepare for the exam?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator

[Sam .]

FYI

My company just purchased an ARCA Solo.
The ISDN ports can be software switched to S/T or U interface.
Also they can be switched to ADSL if required.  Rest of the features are 
same as the Emutel lite.
I heard that they have stopped the Emutel Lite. Cost of the Solo is same at 
the LITE.. about $1995 plus shipping.

I that for a single user $1995 is a bit too high. But if the company is 
paying then i guess its okay.


Sam


>From: Brian Howard <[EMAIL PROTECTED]>
>Reply-To: Brian Howard <[EMAIL PROTECTED]>
>To: "Cthulu" <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: ISDN Simulator
>Date: Mon, 08 Jan 2001 07:46:22 -0500
>
>Hi Charles,
>
>I agree with Andy...check into the monthly rate of ISDN in your area, that
>may be the best
>way to go.
>
>A few months ago,  another engineer and I bought a ISDN simulator from ARCA
>Technologies. We decided upon ARCA mainly due to the fact that they have a
>2 port BRI
>simulator with built in NT1s. They were little more expensive than Teltone,
>but the unit has worked fine.
>
>I agree, its a hefty investment for your lab, and perhaps sharing the cost
>of the simulator
>may make it more affordable ?
>
>Good luck
>
>-Brian
>
>At 08:54 PM 01/07/2001 -0600, Cthulu wrote:
> >Hi,  all
> >
> >I know this has been discussed, and after spending my free time this 
>weekend
> >searching high and low for a reasonably priced ISDN simulator, I am 
>forced
> >to conclude there is no such beast.   EBAY is a bust thus far,  and the 
>best
> >price I have found is for a Teltone (www.teltone.com) ISDN simulator at
> >http://www.bigdcom.com/teleline.html. Big D is a Groupstudy recommended
> >site;  they sell the ISDN simulator about 1600 bucks, give or take some
> >change.
> >
> >Now to the crux of my dilemma:  do I or don't I?  That is, ask my 
>Mistress
> >for this for Christmas, Halloween, and so forth.  She is standing here
> >reading this, so I appreciate how wonderful she is! So beautiful with 
>great
> >taste in men!   Also, very heroic:  she kept me from drinking a coffee
> >flavored Slim Fast (we were out of beer).
> >
> >Before I approach the checkbook with hat in hand, is this best price?  I
> >mean, really?  Has anyone else had better luck?  I hate the thought of
> >spending 1600 bucks on a 100 bucks worth of wiring and chips.  Perhaps is 
>it
> >time for Groupstudy to form a buyer's union, where we can pool our money 
>and
> >buy in bulk at almost wholesale prices.  Good idea?  Bad idea?  Too much
> >headache potential?
> >
> >Luckily for me, Big D is in the Dallas area so I plan on there in person 
>and
> >talking to them about these simulators and their prices.  If interested, 
>I
> >will let the group know what happens.  If not, I'll keep mum.
> >
> >Flames, comments all welcome!
> >
> >Charles
> >
> >
> >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>Brian E. Howard
>NSA Consulting Engineer
>NSA - Network Supported Accounts
>Voice: (919) 392-7615
>Pager: 1-800-365-4578
>e-mail: [EMAIL PROTECTED]
>e-page: [EMAIL PROTECTED]
>
>C i s c o S y s t e m s
>Research Triangle Park, NC
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multicasting

[ch]

Try

http://www.hugewave.com/blackbook/lbb/download.htm

""Pierre-Alex"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I would like to experiment switching multicast traffic. My plan right now
is
> using PowerPoint or Windows Media Encoder
> to generate the traffic. Is there an easier / more controlled way to
create
> multicast streams?
>
> Pierre-Alex
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why dont I see SNMP discussion on this board ??

[Paul Borghese]

Actually, SNMP is enabled by default on some products.  On the Cisco
Catalyst line, SNMP is enabled by default with the values of:

SNMP Read-Only:   public
SNMP Read-Write: private
SNMP Read-Write-All:   secret

This is a HUGE security hole.  If you have not changed your SNMP passwords
or turned it off,   anyone with IP access to your network may reconfigure
you Catalyst devices at will

Paul Borghese

- Original Message -
From: ""Brian Lodwick"" <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
Sent: Monday, January 08, 2001 12:35 AM
Subject: Re: Why dont I see SNMP discussion on this board ??


> Charles you said:
> SNMP is enabled by default on all Cisco devices with the RW password of
> Cisco.
> SNMP is not enabled by default- Cisco feels this is a security risk and
> notes the most secure option is to not enable it at all.
> About the RW password do you mean the default RW community string?
> The default value of the read-write community string on a Cisco router is-
> private
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Detail

[Eric Gunn]

Hello,

I was wondering if anyone that has read the CCIE Exam Cram though that was 
sufficient in detail to pass the CCIE written exam? I have been through and 
passed the CCNP+Security track, so I was hoping that some review would be 
enough to prepare. However the exam cram seems a bit general, just looking 
for opinions from people that have been through a similar track.

I also plan on using the studyguide from www.cramsession.com, along with 
Boson practice test #1. I had great luck with the Boson test for the 
security exam which is that same author that does the CCIE Boson tests.

Thank you for the input,

-Eric Gunn

CCNP + Security, MCSE, CCA.CNA, N+

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SNMP versus RMON

[Pierre-Alex]

Please pardon my ignorance.

Why did Cisco invent RMON?

SNMP seems to do exactly the same job (i.e. it provides information on all
aspects of the network).

I must be missing something ...

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Enabling the VTP domain,,

[Shabbir S. Talib]

Check this out

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/vtp.htm

Wonkyu Lee wrote:
> 
> HI All,
> 
> The place where I'm working at right now has several vlans and trunking.
> However, from the beginning, no one turned on the VTP Domain. So whenever I
> put a new switch into the existing LAN, and setting up a vlan and trunking,
> I have to do it manually. So I'm thinking I'm enabling the VTP domain on
> all switches. We have 5500, 5002s, 2900XLs, 3500XLs.
> 
> So here goes my question..
> 
> What is the procedure to enable the domain feature ?
> I know the CLI how to do it, but what should I beware before I do it?
> What will happen when the vtp starts to advertising its vlan database to
> client switches, which have already all the infos stored in manually?
> Some vlans have their name on one switch(ex, TECH), but some don't(vlan13)
> and would it be problem ?
> 
> Thanks in advance.
> 
> Wonkyu Lee
> FOMS
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

-- 

Shabbir S. Talib
MCSE, CNE, CCNA

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BOSON CVOICE

[Arthur Stewart]

Do you mean the retired Boson CVoice 1.0 tests?

"Austin" wrote in message <93covl$19g$[EMAIL PROTECTED]>...
>Has anyone used the Boson CVOICE Practice tests in preparation for the
>CVOICE test?
>Would you recommend it to help prepare for the exam?
>
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VTP Domain, (again)

[Wonkyu Lee]

HI All,

The place where I'm working at right now has several vlans and trunking.
However, from the beginning, no one turned on the VTP Domain. So whenever I
put a new switch into the existing LAN, and setting up a vlan and trunking,
I have to add them manually. So I'm thinking I'm enabling the VTP domain on
all switches. We have 5500, 5002s, 2900XLs, 3500XLs.

So here goes my question..

What is the procedure to enable the domain feature ?
I know the CLI how to do it, but what should I beware of before I do it?
What will happen when the vtp starts to advertising its vlan database to
client switches, which have already all the infos stored in manually?
Some vlans have their name on one switch(ex, TECH), but the others
don't(vlan13)
and would it be a problem ?
Can i change a VTP revision number manually?


Wonkyu Lee

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A question regarding private addressing (correction)

[Howard C. Berkowitz]

Let me make some comments fundamentally for background. It's
increasingly considered useful to minimize the amount of
configuration that an end station needs to do before becoming active.
Servers and routers are special cases.

DHCP is stateful:  the DHCP server remembers what addresses have been assigned.

Apple and Microsoft alternatives are dynamic stateless alternatives.
They select a tentative name, and then broadcast sequentially
selected addresses until they find one with no conflict.  BTW, this 
is similar to the way NetBEUI checks for name uniqueness.

CLNS and IPv6 alternatives listen for a high-order prefix defining
alink-local or  site-local part, and prefix these part(s) in front of
MAC addresses.  Still mostly stateless, but more cooperative.

>At 10:37 PM 1/6/01, John Nemeth wrote:
>>On May 29,  5:24am, Craig Columbus wrote:
>>}
>>} OK.  I can accept that Microsoft (or Apple for that matter) would do
>>} something like this and then expect the world to revolve around
>>
>>Actually, as Howard mentioned, neither of these companies
>>initiated the protocol
>
>It can be argued that Apple initiated the particular protocol that we have
>been discussing, that is, the Microsoft Automatic Private IP Addressing
>method. The client sends a gratuitous ARP 10 times broadcasting the
>network-layer address that it wants to use. If the address is in use, the
>client selects another address. The creators of AppleTalk, including
>Gursharan Sidhu, Ron Hochsprung, and Alan Oppenheimer own a patent that
>reads essentially just like that.
>
>The patent is from 1984. At that time IP networks were managed by computer
>scientists. Apple had the brilliant idea that ordinary people could set up
>and manage networks. I think we should give credit where credit is due. As
>Chuck mentioned, in the 1990s Microsoft also tried to make file and print
>sharing easy, but the majority of the credit should go to Apple.
>
>Apple could have imposed the dynamic network-layer addressing patent on the
>industry but perhaps it was too specific. (It has a bunch of LocalTalk
>specifics in it.) Also, they probably let it go because they recognize the
>value of furthering the ease of use of IP networks. People who will be
>connecting their home appliances together don't want to understand IP
>addressing, subnet masks, etc.! And how about ad hoc networks in training
>classes, on long plane rides, in hotel lobbies, on the beach, etc. &;-)
>
>John makes some other very good points below. I don't want to detract from
>them, but I just had to make the point again about AppleTalk. It's unfair
>to not do so.
>
>Priscilla
>
>
>>} them.  However, I'm confused as to the benefit.  Why would anyone want a
>>} non-assigned default IP address to appear on their network?  Do they really
>>} think that people will implement a non-RFC1918 compliant address space just
>>} to save configuration time?  (Actually, I can think of several cases where
>>
>>It does save configuration time, since this is for cases where no
>>configuration at all happens, most likely due to the lack of a real
>>administrator.
>>
>>} How do Internet backbone routers (BGP ASs) deal with this traffic?
>>
>>They don't.  There is a reason why this address range is called
>>"link local".  It's only useful within a single network segment that
>>isn't connected to any other networks.
>>
>>} Let's say that I want to take the easy way out and I connect a small
>>} network to the Internet via an ISP.  I'm not running NAT, but I'm running
>>} the 169.254 addresses inside my network. If I've got a static route to an
>>
>>Then, you're SOL.  To connect to the Internet, some kind of
>>configuration must happen (even, if it is just a box running NAT on the
>>outside interface and a DHCP server on the inside interface).
>>
>>} ISP public address, and we're not exchanging routing information, I can't
>>} see how this traffic would ever get back to my network.  If I'm exchanging
>>
>>It wouldn't.
>>
>>} routes with an ISP (via BGP or some other interior protocol), where and how
>   >} do the 169.254 routes get filtered?  There has to be some mechanism, or
>>
>>It should be filtered at the network ingress point.
>>
>>} there would be thousands of summary routes back to 169.254 showing up on
>>} the Internet table.
>>
>>169.254 should never ever show up on the Internet, although I
>>wouldn't be surprised if it did.  I've seen some pretty large ISP's put
>>RFC-1918 addresses on the global Internet, which is also a no-no.
>>
>>} Any help in understanding this is appreciated.
>>
>>The purpose of this is to setup small impromptu isolated networks
>>which often don't have an administrator with no configuration at all
>>required.
>
>
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report miscond

Re: Boson and BSCN

[Dan West]

www.boson.com  -- it should be pretty simple to figure
out from there. Point, click and pay.



--- Timothy Metz <[EMAIL PROTECTED]> wrote:
> Which Boson is recommended for BSCN?
> 
> Thanks
> 
> Tim
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Dan West -- CCNA, CCNP (in progress)

__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator

[Frank Wells]

Buy a real one if you are planning on going for the CCIE.  You will need it. 
  You could rent the lines but it is like pouring money down the drain 
because you will not get it back.  You can resell your used simulator for 
the same as you paid for it after your done with it!

Bear in mind, the CCIE lab retest schedule is approaching 6 months.  If you 
fail it the first time you are going to have to rent those lines for quite a 
bit longer than you expected to originally.  With setup fee's and monthly 
charges you could pay up to $500.00 for six months. If you need them longer, 
keep adding monthly charges to that number!

BTW, with the inclusion of IPSec in the CCIE lab you may also want to invest 
in a telephone line simulator too.  Teltone makes a number of decent ones.

Expect to pay close to $1600.00 for a Teltone ISDN demonstrator, used or 
new, and the Telco sim will be between 200 and 500 depending on the model.

Most importantly for CCIE candidates, the sim products cannot do a fraction 
of the scenarios you will need to know for the CCIE.

Think of is as an insurance policy against lack of ISDN knowledge!


>From: Brian Howard <[EMAIL PROTECTED]>
>Reply-To: Brian Howard <[EMAIL PROTECTED]>
>To: "Cthulu" <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: ISDN Simulator
>Date: Mon, 08 Jan 2001 07:46:22 -0500
>
>Hi Charles,
>
>I agree with Andy...check into the monthly rate of ISDN in your area, that
>may be the best
>way to go.
>
>A few months ago,  another engineer and I bought a ISDN simulator from ARCA
>Technologies. We decided upon ARCA mainly due to the fact that they have a
>2 port BRI
>simulator with built in NT1s. They were little more expensive than Teltone,
>but the unit has worked fine.
>
>I agree, its a hefty investment for your lab, and perhaps sharing the cost
>of the simulator
>may make it more affordable ?
>
>Good luck
>
>-Brian
>
>At 08:54 PM 01/07/2001 -0600, Cthulu wrote:
> >Hi,  all
> >
> >I know this has been discussed, and after spending my free time this 
>weekend
> >searching high and low for a reasonably priced ISDN simulator, I am 
>forced
> >to conclude there is no such beast.   EBAY is a bust thus far,  and the 
>best
> >price I have found is for a Teltone (www.teltone.com) ISDN simulator at
> >http://www.bigdcom.com/teleline.html. Big D is a Groupstudy recommended
> >site;  they sell the ISDN simulator about 1600 bucks, give or take some
> >change.
> >
> >Now to the crux of my dilemma:  do I or don't I?  That is, ask my 
>Mistress
> >for this for Christmas, Halloween, and so forth.  She is standing here
> >reading this, so I appreciate how wonderful she is! So beautiful with 
>great
> >taste in men!   Also, very heroic:  she kept me from drinking a coffee
> >flavored Slim Fast (we were out of beer).
> >
> >Before I approach the checkbook with hat in hand, is this best price?  I
> >mean, really?  Has anyone else had better luck?  I hate the thought of
> >spending 1600 bucks on a 100 bucks worth of wiring and chips.  Perhaps is 
>it
> >time for Groupstudy to form a buyer's union, where we can pool our money 
>and
> >buy in bulk at almost wholesale prices.  Good idea?  Bad idea?  Too much
> >headache potential?
> >
> >Luckily for me, Big D is in the Dallas area so I plan on there in person 
>and
> >talking to them about these simulators and their prices.  If interested, 
>I
> >will let the group know what happens.  If not, I'll keep mum.
> >
> >Flames, comments all welcome!
> >
> >Charles
> >
> >
> >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>Brian E. Howard
>NSA Consulting Engineer
>NSA - Network Supported Accounts
>Voice: (919) 392-7615
>Pager: 1-800-365-4578
>e-mail: [EMAIL PROTECTED]
>e-page: [EMAIL PROTECTED]
>
>C i s c o S y s t e m s
>Research Triangle Park, NC
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VTP Domain, (again)

[Mingzhou Nie]

You can set all switchs as domain server or elect one core switch as server and others
as clien. Just do set vtp domain 'name' command on each switch. You don't to do
anything else. The valn name is just like an alias, it doesn't affect the functinality.
You can not mannual change the VTP revision unless you reboot a VTP server switch.

Hope it helps,

Ming

Wonkyu Lee wrote:

> HI All,
>
> The place where I'm working at right now has several vlans and trunking.
> However, from the beginning, no one turned on the VTP Domain. So whenever I
> put a new switch into the existing LAN, and setting up a vlan and trunking,
> I have to add them manually. So I'm thinking I'm enabling the VTP domain on
> all switches. We have 5500, 5002s, 2900XLs, 3500XLs.
>
> So here goes my question..
>
> What is the procedure to enable the domain feature ?
> I know the CLI how to do it, but what should I beware of before I do it?
> What will happen when the vtp starts to advertising its vlan database to
> client switches, which have already all the infos stored in manually?
> Some vlans have their name on one switch(ex, TECH), but the others
> don't(vlan13)
> and would it be a problem ?
> Can i change a VTP revision number manually?
>
> Wonkyu Lee
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

--
  |   |Mingzhou Nie
 :|: :|:   Customer Support Engineer
   :|: :|: TAC, RTP, NC
.:|:.:|:.  Tel/Fax: 919.392.4732
 C i s c o S y s t e m s   Email:   [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab Preparation Question

[Frank Wells]

That depends on whether you want to know the material or just how to 
configure it for certain scenarios...you decide.

I will tell you this, by reading the whole book (minus the first few 
chapters of fluff) you will gain a much deeper understanding of the material 
at hand.  You will find that the knowledge of the authors will tie in 
different technologies so you can see a bigger picture.

Learning abstract concepts also makes the material less enjoyable to read, 
harder to remember and more difficult to learn I suspect.

Spending 5-6 hours reading a book from cover to cover is time well spent.


>From: "Bruce Williams" <[EMAIL PROTECTED]>
>Reply-To: "Bruce Williams" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: CCIE Lab Preparation Question
>Date: Mon, 8 Jan 2001 09:22:10 -0500
>
>Do you think it is necessary to read the recommended books cover to cover
>before the lab? The books I am referring to are, TCP/IP Routing,  Internet
>Routing Architectures and Cisco LAN Switching. Or is it more important to 
>do
>practice labs and just use these books as references when you are doing the
>practice labs.
>
>
>Bruce Williams
>[EMAIL PROTECTED]
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay Security

[Jim Brown]

There should not be different levels of encryption for traffic depending on
whether its frame or Internet transient. Your traffic is open to compromise
on the Internet or in a providers frame cloud. From a security viewpoint
neither one is more secure than the other.

It really boils down to acceptable risk vs. cost.

Just remember, you can never eliminate risk. There are always holes in your
security.

Any individual who is asking themselves should I use DES/3DES on a frame
connection should stop and look to see if they have a modem bank behind
their firewall.

Your security is only a strong as the weakest link.

-Original Message-
From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 07, 2001 8:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Frame Relay Security


Group,
  Which then I believe should obviously lead into the discussion- if VPN's 
are today's PVC's then would it be appropriate to say that traffic 
transported over the public internet with such a protocol as IPSec is just 
as safe? and how do you know your enemies aren't working for that frame 
provider -if they are using single DES they had better hope not. Are there 
protocols now capable of providing enough security encryption for extremely 
sensitive traffic to transit the public internet?

>>>Brian

>From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Frame Relay Security
>Date: Sun, 7 Jan 2001 13:37:09 -0500
>
> >I understand most of the benefits of frame relay, but I am wondering if =
> >there are any security problems assoicated with this protocol?  Is it =
> >secure enough for unencrypted transfer of financial or sensitive =
> >information?  Any help understanding the security risks associated with =
> >frame relay appreciated.
> >
> >-- Kevin
>
>Is a dedicated line secure enough for unencrypted transfer of
>financial or sensitive information?
>
>Answer:  It depends.
>
>People often assume that frame is somehow shared when "dedicated
>lines" are not.   From Chapter 5 of my _WAN Survival Guide_,
>
> >All too many users have an intuitive belief that if they were to
> >pull on the London end of a London to New York circuit, wires would
> >wiggle in Manhattan. The reality, of course, is that any network of
> >complexity beyond a very simple LAN involves one or more layers of
> >virtualization onto real media. At the OSI lower layers,
> >virtualization usually involves multiplexing, but various name and
> >address mapping functions provide virtual structure as one moves up
> >the protocol stack.
>
>Typically, frame PVCs and T1's run over exactly the same media from
>the customer site to the telco end office.  Once at the end office,
>they are multiplexed.  T1 is far too slow for economical data
>transmission between modern telco offices.  Both the T1 and the frame
>circuits typically will be multiplexed onto facilities at least at
>DS-3, and usually OC-12 to OC-192. So much beyond the local loop,
>there really isn't much difference between frame and dedicated.
>
>Interpretations in the US HIPAA legislation for medical data tend to
>allow unencrypted traffic to flow over dedicated and frame, but not
>the public Internet.  The Federal Reserve, however, tends to want
>end-to-end encryption regardless of the media, historically single
>DES.  Military traffic would be bulk encrypted and possibly
>end-to-end encrypted as well.
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Troubleshooting 102 - "password recovery"

[Frank Wells]

Joey, there are way more settings than those few which can control the baud 
rate on the console port!  Search CCO for 'configuration register' and you 
will find the meanings of the 15 bits that control the router behavior.


>From: "Fowler, Joey" <[EMAIL PROTECTED]>
>Reply-To: "Fowler, Joey" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: RE: Troubleshooting 102 - "password recovery"
>Date: Mon, 8 Jan 2001 09:26:00 -0500
>
>It is the reason you couldn't connect at 9600. That setting makes it run at
>2400 baud.
>
>0x2142 = 9600.
>0x2942 = 4800
>0x3142 = 1200
>0x3942 = 2400
>
>Do I get a sucker???
>
>Joey Fowler
>
>
>
>
>
>Extra credit - with a configuration register setting of 0x3942, what was
>happening at boot time?
>
>Chuck
>--
>I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life 
>as
>it has been is over ( if you hope to pass ) From this time forward, you 
>will
>study US!
>( apologies to the folks at Star Trek TNG )
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Pierre-Alex]

Thanks Willy!

Pierre-Alex

-Original Message-
From: Willy Schoots [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 10:20 AM
To: Pierre-Alex
Subject: RE: SNMP versus RMON


RMON gives you a lot more network traffic information than SNMP does. With
FULL RMON capabilities you can even sniff packets of the interface save them
and send them to a remote analyst station. There is definetly some overlap
but RMON is more powerful if you want to troubleshoot specific traffic
problems.

Have a look at www.netscout.com for more info on RMON and its applications
Cheers,

Willy Schoots

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex
Sent: Monday, January 08, 2001 5:06 PM
To: Cisco
Subject: SNMP versus RMON


Please pardon my ignorance.

Why did Cisco invent RMON?

SNMP seems to do exactly the same job (i.e. it provides information on all
aspects of the network).

I must be missing something ...

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISdN

[ahmad bilal]

Dear all.

Thanks for your ideas and help i appreciate it .Well it worked and finally i
was able to pass traffic through,had to do a few things.

1) added the dialer string on both the dialer map statements.
2)in the ip route comand changed from int bri to the ip address .

hmm well it worked thats important the thoery errr well string on both sides
still bugs me .

Chaio!


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

1600 password recovery

[Paver, Charles]

Hi all!  I am unable to recover my password on my Cisco 1600 router.  I know
it says to press the break key, but that does not work.  OS is Windows nt
4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break repeatedly during
the first 10 seconds, but didnt get into rommon mode. Anyone know how to do
this? 




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SNMP versus RMON

[Andy Walden]

>From what I have read, RMON incorporates a lot more layer-2 functionality.

andy

On Mon, 8 Jan 2001, Pierre-Alex wrote:

> Please pardon my ignorance.
> 
> Why did Cisco invent RMON?
> 
> SNMP seems to do exactly the same job (i.e. it provides information on all
> aspects of the network).
> 
> I must be missing something ...
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SNMP versus RMON

[ccarring]

RMON is specified by RFCs from the IETF. 

Basically, RMON 1 (RFC1757) extends an SNMP agent to record layer 2
statistics for a network segment. RMON 2 (RFC2021) provides similar
history, for layers 3 through 7 - again, for a network segment.

So, setting up RMON within an SNMP agent causes the agent to record
samples of various attributes of a segment. These values can be
periodically sampled for entry into a database, for trending and such.

Hope this helps.


Pierre-Alex wrote:
> 
> Please pardon my ignorance.
> 
> Why did Cisco invent RMON?
> 
> SNMP seems to do exactly the same job (i.e. it provides information on all
> aspects of the network).
> 
> I must be missing something ...
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab Preparation Question

[Nnanna Obuba]

Actually, if you don't have an understanding of the
material, and only use practise labs to prepare for
the exam...you will fail


--- Frank Wells <[EMAIL PROTECTED]> wrote:
> That depends on whether you want to know the
> material or just how to 
> configure it for certain scenarios...you decide.
> 
> I will tell you this, by reading the whole book
> (minus the first few 
> chapters of fluff) you will gain a much deeper
> understanding of the material 
> at hand.  You will find that the knowledge of the
> authors will tie in 
> different technologies so you can see a bigger
> picture.
> 
> Learning abstract concepts also makes the material
> less enjoyable to read, 
> harder to remember and more difficult to learn I
> suspect.
> 
> Spending 5-6 hours reading a book from cover to
> cover is time well spent.
> 
> 
> >From: "Bruce Williams"
> <[EMAIL PROTECTED]>
> >Reply-To: "Bruce Williams"
> <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: CCIE Lab Preparation Question
> >Date: Mon, 8 Jan 2001 09:22:10 -0500
> >
> >Do you think it is necessary to read the
> recommended books cover to cover
> >before the lab? The books I am referring to are,
> TCP/IP Routing,  Internet
> >Routing Architectures and Cisco LAN Switching. Or
> is it more important to 
> >do
> >practice labs and just use these books as
> references when you are doing the
> >practice labs.
> >
> >
> >Bruce Williams
> >[EMAIL PROTECTED]
> >
> >
> >
> >_
> >FAQ, list archives, and subscription info: 
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> 
>
_
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Nnanna Obuba CCIE # 6586
www.nantech.com
Online lab for CCIE preparation

__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Firewall License R or UR ?

[Liwanag, Manolito]

Try,

sh tech

rgds,
Manolito
-Original Message-
From: A.C [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 06, 2001 3:53 PM
To: [EMAIL PROTECTED]
Subject: Pix Firewall License R or UR ?


Hi,  Does anyone know a command on Pix Firewall 520 that shows what kind of
license it has (R -UR license)?

Thank you


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1600 password recovery

[Terence Lee]

I had the same trouble before with NT. I had to use a win98 os to do it.
""Paver, Charles"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all!  I am unable to recover my password on my Cisco 1600 router.  I
know
> it says to press the break key, but that does not work.  OS is Windows nt
> 4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break repeatedly during
> the first 10 seconds, but didnt get into rommon mode. Anyone know how to
do
> this?
>
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Nat vs. IOS Nat for DNS

[Brian Bieber]

My question is about DNS queries through the PIX and the IOS w/NAT.

This is taken from the Cisco web site.

http://www.cisco.com/warp/public/458/41.html#Q21
 
Q: Does Cisco IOS NAT support DNS queries? 
A: Yes, Cisco IOS NAT will translate the address(es) which
appear in DNS responses to name lookups (A queries) and inverse lookups (PTR
queries). Thus, if an outside host sends a name-lookup to a DNS server on
the inside, and that server responds with a local address, the NAT code will
translate that local address to a global address. The opposite is also true,
and is how we support IP addresses overlapping: an inside host queries an
outside DNS server, the response contains an address that matches the
access-list specified on the "outside source" command, so the code
translates the outside global address to an outside local address. 
Time-to-live (TTL) values on all DNS resource records (RRs)
which receive address translations in RR payloads are automatically set to
zero. 
Cisco IOS NAT does not translate IP addresses embedded in
DNS zone transfers. 

My question is how do I achieve this in the PIX?

Thanks
Brian Bieber

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Howard C. Berkowitz]

A good rule, in both network management and routing, is to use the 
tool that gives you the minimum amount of information to do the job 
-- you want that which is necessary and sufficient, but not more. 
Early in networking careers, and often in life in general, people 
want to know everything and control everything. With experience, you 
tend to reduce scope to what is important.

I'm in total agreement with Teunis that you start by defining the 
decision you want to make, then define the reports and displays on 
which you'd make the decision, and then select the tools that give 
the information to create those reports and displays.

There's a nasty tendency among some marketeers to flog their 
newest-and-greatest product for collecting data that no one has any 
use for. Analysis is harder than collection. The intelligence 
community is legendary about having warehouses full of unanalyzed 
materials, because the glory jobs there are in collection, not 
analysis.

Years ago, I worked for Tesdata, a company that made network 
management monitors. One of my responsibilities was evaluating 
special development requests from customers.

My standard question for the requester was:

"Assume the monitor magically gave you exactly the measurement you are
asking for.  On the basis of an absolutely correct measurement of 
that parameter, what would you change in your operational 
environment?"

If the answer was essentially "I wouldn't change anything, but it 
would be nice to know," my interpretation was that this was not 
something to develop.

>
>From: Willy Schoots [mailto:[EMAIL PROTECTED]]
>Sent: Monday, January 08, 2001 10:20 AM
>To: Pierre-Alex
>Subject: RE: SNMP versus RMON
>
>
>RMON gives you a lot more network traffic information than SNMP does. With
>FULL RMON capabilities you can even sniff packets of the interface save them
>and send them to a remote analyst station. There is definetly some overlap
>but RMON is more powerful if you want to troubleshoot specific traffic
>problems.
>
>Have a look at www.netscout.com for more info on RMON and its applications
>Cheers,
>
>Willy Schoots
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Pierre-Alex
>Sent: Monday, January 08, 2001 5:06 PM
>To: Cisco
>Subject: SNMP versus RMON
>
>
>Please pardon my ignorance.
>
>Why did Cisco invent RMON?

Cisco didn't.

>
>SNMP seems to do exactly the same job (i.e. it provides information on all
>aspects of the network).
>
>I must be missing something ...
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Nat vs. IOS Nat for DNS

[Stull, Cory]

Brian,

Look into the "alias" command.  It might be what you are looking for.

Cory

-Original Message-
From: Brian Bieber [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 11:16 AM
To: '[EMAIL PROTECTED]'
Subject: PIX Nat vs. IOS Nat for DNS 



My question is about DNS queries through the PIX and the IOS w/NAT.

This is taken from the Cisco web site.

http://www.cisco.com/warp/public/458/41.html#Q21
 
Q: Does Cisco IOS NAT support DNS queries? 
A: Yes, Cisco IOS NAT will translate the address(es) which
appear in DNS responses to name lookups (A queries) and inverse lookups (PTR
queries). Thus, if an outside host sends a name-lookup to a DNS server on
the inside, and that server responds with a local address, the NAT code will
translate that local address to a global address. The opposite is also true,
and is how we support IP addresses overlapping: an inside host queries an
outside DNS server, the response contains an address that matches the
access-list specified on the "outside source" command, so the code
translates the outside global address to an outside local address. 
Time-to-live (TTL) values on all DNS resource records (RRs)
which receive address translations in RR payloads are automatically set to
zero. 
Cisco IOS NAT does not translate IP addresses embedded in
DNS zone transfers. 

My question is how do I achieve this in the PIX?

Thanks
Brian Bieber

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Free Router Giveaway!

[Kelly D Griffin]

You can sign up for a free router giveaway at
http://order.store.yahoo.com/cgi-bin/wg-request-catalog?kg2nd.  No strings
attached.  No purchase necessary.  It is a Cisco 1005 with 12.0(9) IOS.  We
will be giving it away on February 1st.

You sign up for our Monthly E-Mail and your name is entered.

Kelly D Griffin, CCNA
Network Engineer
Kg2 Network Design
http://www.kg2.com




http://1cis.com
Free E-mail Servers with unlimited mailboxes
1st Class Internet Solutions

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subject: ATQ0H0

[David WU]

It's probably a cable problem.  Following are pinouts for cable I
constructed to connect to old 1924 and 2820 with DB-9 connectors using
HyperTerminal.

DCD  1 - 8 CTS 7 and 8 connected
 7 RTS
RxD2 -  3 TxD
TxD3 -  2 RxD
4 No connection
 Gnd  5  - 5 Gnd
 RTS 7  - 1 DCD
 CTS 8  7 and 8 connected
  9   No connection

David


> Thanks!
>
> I'll give it a try.
>
> Jon
>
>
> Paul Werner <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Yes, I have experienced this several times.  It is the dreaded
> > Catalyst switch who thinks it is talking to a modem :-)  Here
> > are my recommended fixes in this order:
> >
> > 1.  Get a known good black console cable.  Get several.  Try
> > each one out and see if any will get the console to come up
> > other than ATQ commands.
> >
> > 2. Change out your DB-9 to RJ-45 converters with others that
> > are known/good.  See if that works.
> >
> > 3.  Finally, and lastly, change out to other COM ports/other PC
> > COM ports to see if that will help.  In the three times I had
> > this scenario, only once did I have to go to step 3.
> > Obviously, it goes without saying that you need to ensure you
> > have the correct COM port settings(9600,8,N,1,) particularly
> > with flow control turned *off*.
> >
> > 4.  If all else fails, upgrade the firmware to something
> > older/newer (experiment here).  Yes, I know it is fun sucking a
> > 1MB image through a 9600bps line, but that's what a cup of
> > coffee is for 8-)
> >
> > 5.  If this one is so old that it has one of those DB-9 console
> > connectors on the back of the switch (vice the newer RJ-45),
> > you may need to order Cisco's OEM console cable for that box,
> > or you will need to build a null modem cable as specced out
> > here (watch wrap):
> >
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/192
> > 8v5x/icg5x/csspec.htm#41267
> >
> > You are on the right track if you can access the diagnostic
> > console.  Lastly, strongly resist the temptation to throw the
> > switch against the wall.  It may be needed for an RMA:-)
> >
> > Best of luck,
> >
> > Paul Werner
> >
> >
> > > Date: Sun, 7 Jan 2001 17:45:17 -0500
> > > From: "Jon O'Nan" <[EMAIL PROTECTED]>
> > > Subject: ATQ0H0
> > >
> > > I've been working with an older Catalyst 1900 switch
> > (firmware ver 5.37)
> > > We
> > > can't get any management console output. We are able to bring
> > up the
> > > diagnostic console by holding in the mode button on the front
> > of the
> > > switch
> > > while turning on the power. After upgrading the firmware via
> > xmodem, the
> > > switch will POST and then leave us with a blsnk screen except
> > for modem
> > > strings ATQ0H0. Anyone ever experienced the same issue?
> >
> >
> > 
> > Get your own "800" number
> > Voicemail, fax, email, and a lot more
> > http://www.ureach.com/reg/tag
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Upgrade Catalyst 1900 standard to 1900 enterprise?

[Romeo]

How can I upgrade the software on the Catalyst 1900 standard to the 1900
enterprise edition?

TIA


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

dial backup

[ahmad bilal]

Hi guys.


Anyone done or has config on how to run dial backup(async module ) on a ospf
based network .do i define int backup command or run a watch list,and how
will ospf handle it.

Thanks


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Why dont I see SNMP discussion on this board ??

[Estes, Timothy R.]

Try http://www.ovforum.org if you want to see lots of discussion about SNMP.
I watch that group and all of the groupstudy groups. I haven't seen much
discussion of SNMP on the groupstudy groups. 

I would like to see more discussion of the Cisco specific SNMP issues. Cisco
MIBs, what variables are interesting, stuff like that on the Groupstudy
groups. Some of the people going for the Network Management specialty of the
CCNP might really be interested in that stuff (myself included). 

There was a really good thread on OVFORUM about Cisco HSRP, and another
about the internal workings of the Cisco 650X switches on the OVFORUM
recently. 


As for the certification question:

HP has certification tracks for HP OpenView professionals. (WinNT and UNIX)
http://openview.hp.com




Regards,

Timothy Estes CCNA
Senior Network Systems Analyst
Tier III Systems Support
Intermedia Communications Inc.
1 Intermedia Way
MC FLT TE-2
Tampa FL 33674
Phone - (813) 829-4563 desk
Email - [EMAIL PROTECTED]


-Original Message-
From: Kevin Welch [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 07, 2001 3:12 AM
To: Pradeep Kumar; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Why dont I see SNMP discussion on this board ??


Maybe its because no one has started a thread about SNMP

-- Kevin
- Original Message -
From: "Pradeep Kumar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, January 06, 2001 11:30 PM
Subject: Why dont I see SNMP discussion on this board ??


> Folks,
>
> Did you notice - in our forum which claims to be addressing 10,000 Network
proffessionals , SNMP related discussion does not seem to be too attractive
! not on the forum at least.
>
> Why dont I see discussion on Cisco MIB's, SNMP, RMON ?
>
> Is this not a trouble area ? Or is it becoz , there is not much of SNMP
topics on any of the CCxx exams ?
>
> Is there any exams to prove the mettle of SNMP geeks ?
>
> -Guru
>
>
>
>
>
>
>
___
> Visit http://www.visto.com/info, your free web-based communications
center.
> Visto.com. Life on the Dot.
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Estes, Timothy R.]

NetScout rocks!

I used NetScout at a former job to remotely sniff Ethernet and Frame Relay.
It really helped me identify the culprits in an overutilization problem. 


Timothy Estes CCNA
Senior Network Systems Analyst
Tier III Systems Support
Intermedia Communications Inc.
1 Intermedia Way
MC FLT TE-2
Tampa FL 33674
Phone - (813) 829-4563 desk
Email - [EMAIL PROTECTED]


-Original Message-
From: Pierre-Alex [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 11:52 AM
To: [EMAIL PROTECTED]
Cc: Cisco
Subject: RE: SNMP versus RMON



Thanks Willy!

Pierre-Alex

-Original Message-
From: Willy Schoots [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 10:20 AM
To: Pierre-Alex
Subject: RE: SNMP versus RMON


RMON gives you a lot more network traffic information than SNMP does. With
FULL RMON capabilities you can even sniff packets of the interface save them
and send them to a remote analyst station. There is definetly some overlap
but RMON is more powerful if you want to troubleshoot specific traffic
problems.

Have a look at www.netscout.com for more info on RMON and its applications
Cheers,

Willy Schoots

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex
Sent: Monday, January 08, 2001 5:06 PM
To: Cisco
Subject: SNMP versus RMON


Please pardon my ignorance.

Why did Cisco invent RMON?

SNMP seems to do exactly the same job (i.e. it provides information on all
aspects of the network).

I must be missing something ...

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1600 password recovery

[EH]

I know there are problems trying to initiate a break in hyperterminal for
NT.  One suggestion is to get an upgrade of Hyperterm from Hilgraeve
(http://www.hilgraeve.com/" eudora="autourl">http://www.hilgraeve.com).
Version 4.0 (Private edition) should work.  

If you need to break into the router without messing around trying to get
NT to work, use WIN9x. 

Hope this helps.

-Eddie



At 11:58 AM 1/8/01 -0500, Paver, Charles wrote:
Hi all!  I am unable to recover my
password on my Cisco 1600 router.  I know
it says to press the break key, but that does not work.  OS is
Windows nt
4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break repeatedly
during
the first 10 seconds, but didnt get into rommon mode. Anyone know how to
do
this? 




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html" 
eudora="autourl">http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1600 password recovery

[ahmad bilal]

hi there ,

this happens  maybe ur emulator is not working properly and isnt transmiting
break sequence to the router try reinstalling it or try it with some other
machine.
try break+f5 or shift+f5
or follow this

This is useful if your terminal emulator doesn't support the break key, or
if a bug prevents it from sending the correct signal (the hyperterminal
under Windows NT used to suffer from this behavior):
Connect to the router with the following terminal settings:
1200 baud rate
No parity
8 data bits
1 stop bit
No flow control

You will no longer be able to see any output on your screen. This is normal.
Reload the router and press the spacebar for 10-15 seconds. This generates a
signal similar to the break sequence.
Disconnect your terminal and reconnect with a 9600 baud rate. You should now
be in ROM Monitor mode.
_/-\__'Cheers' /_\
  \-/ |  |

""Paver, Charles"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all!  I am unable to recover my password on my Cisco 1600 router.  I
know
> it says to press the break key, but that does not work.  OS is Windows nt
> 4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break repeatedly during
> the first 10 seconds, but didnt get into rommon mode. Anyone know how to
do
> this?
>
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1600 password recovery

[Tom Graham]

The break key is not a character -- it is caused by holding the transmit
high for 500ms -- you have to know what keystroke combination your software
package uses to cause this to happen, it has nothing to do with the
Cisco-specific Ctl-Shft-6-X key combination.

This may get you started:

http://www.cisco.com/warp/public/701/61.html

TOM GRAHAM

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Terence Lee
> Sent: Monday, January 08, 2001 12:11 PM
> To: [EMAIL PROTECTED]
> Subject: Re: 1600 password recovery
>
>
> I had the same trouble before with NT. I had to use a win98 os to do it.
> ""Paver, Charles"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all!  I am unable to recover my password on my Cisco 1600 router.  I
> know
> > it says to press the break key, but that does not work.  OS is
> Windows nt
> > 4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break
> repeatedly during
> > the first 10 seconds, but didnt get into rommon mode. Anyone know how to
> do
> > this?
> >
> >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

It's Early in the AM...does this ISDN config look ok?

[Tracey Walsh]

--

Current configuration:

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname u-dporte-rt

!

boot system flash c800-osy656i-mw.121-2.bin

enable secret 5 $1$TQNX$WhzTgG45y0B2eG6bHNoB7.

!

!

!

!

!

!

dial-peer voice 1 pots

call-waiting

ring 0

port 1

!

pots country US

ip subnet-zero

!

ip dhcp pool DHCPpoolLAN_0

network 10.0.0.0 255.255.255.0

dns-server 198.6.1.4 198.6.1.5

default-router 10.0.0.1

!

ip inspect name 804fw tcp timeout 3600

ip inspect name 804fw http java-list 51 timeout 3600

ip inspect name 804fw udp timeout 15

ip inspect name 804fw cuseeme timeout 3600

ip inspect name 804fw ftp timeout 3600

ip inspect name 804fw rcmd timeout 3600

ip inspect name 804fw smtp timeout 3600

ip inspect name 804fw realaudio timeout 3600

no ip domain-lookup

ip name-server 198.6.1.4

ip name-server 198.6.1.5

isdn switch-type basic-ni

cns event-service server

!

!

!

!

!

interface Ethernet0

ip address 10.0.0.1 255.0.0.0

ip nat inside

!

interface BRI0

no ip address

ip inspect 804fw out

encapsulation ppp

dialer rotary-group 0

isdn switch-type basic-ni

isdn twait-disable

isdn spid1 11

isdn spid2 12

!

interface Dialer0

ip address negotiated

ip access-group 101 in

ip inspect 804fw out

encapsulation ppp

dialer in-band

dialer idle-timeout 300

dialer string 2068088610

dialer hold-queue 10

dialer load-threshold 10 either

ppp pap sent-username UU/ppp159823 password 7 091B5A1823142D243F4C

ppp multilink

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 101 deny ip any any

banner motd ^C

WARNING: This is a company computer system with access restricted

to those with proper authorization. Authorized parties

are restricted to those functions which have been

assigned to perform work related duties. Any unauthorized

access attempt will be investigated and prosecuted to the

full extent of the law.



If you are not an authorized user, disconnect now.

^C

!

line con 0

password 7 120D001B1B080316

login

transport input none

stopbits 1

line vty 0 4

password 7 120D001B1B080316

login

!

end





*

It's too early, and I haven't really had a chance to sit down and REALLY
review this config. Does this look ok as it stands? Am I missing anything
blatant? If I am, it's early...

Where is that coffee?



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

lab swap

[Richard Y. Zheng]

Hi, Luke Ellezer,

You posted a message to swap Feb 12 in Halifax. But you don't post your email
or phone number. I have a date if April 26. And my friend has a date of April
2. You can pick whatever date of these two.

I am interested in any date between Feb 7 to 20. If everyone else is
interested, please send me an email: [EMAIL PROTECTED] or phone me at
416-507-7438.

Thanks,
Richard

__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab Preparation Question

[Frank Wells]

Absolutely.  There is no substitute for lots of hands on and reading.


>From: Nnanna Obuba <[EMAIL PROTECTED]>
>Reply-To: Nnanna Obuba <[EMAIL PROTECTED]>
>To: Frank Wells <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>Subject: Re: CCIE Lab Preparation Question
>Date: Mon, 8 Jan 2001 09:04:22 -0800 (PST)
>
>Actually, if you don't have an understanding of the
>material, and only use practise labs to prepare for
>the exam...you will fail
>
>
>--- Frank Wells <[EMAIL PROTECTED]> wrote:
> > That depends on whether you want to know the
> > material or just how to
> > configure it for certain scenarios...you decide.
> >
> > I will tell you this, by reading the whole book
> > (minus the first few
> > chapters of fluff) you will gain a much deeper
> > understanding of the material
> > at hand.  You will find that the knowledge of the
> > authors will tie in
> > different technologies so you can see a bigger
> > picture.
> >
> > Learning abstract concepts also makes the material
> > less enjoyable to read,
> > harder to remember and more difficult to learn I
> > suspect.
> >
> > Spending 5-6 hours reading a book from cover to
> > cover is time well spent.
> >
> >
> > >From: "Bruce Williams"
> > <[EMAIL PROTECTED]>
> > >Reply-To: "Bruce Williams"
> > <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: CCIE Lab Preparation Question
> > >Date: Mon, 8 Jan 2001 09:22:10 -0500
> > >
> > >Do you think it is necessary to read the
> > recommended books cover to cover
> > >before the lab? The books I am referring to are,
> > TCP/IP Routing,  Internet
> > >Routing Architectures and Cisco LAN Switching. Or
> > is it more important to
> > >do
> > >practice labs and just use these books as
> > references when you are doing the
> > >practice labs.
> > >
> > >
> > >Bruce Williams
> > >[EMAIL PROTECTED]
> > >
> > >
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
> >
>_
> > Get your FREE download of MSN Explorer at
> > http://explorer.msn.com
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>
>
>=
>Nnanna Obuba CCIE # 6586
>www.nantech.com
>Online lab for CCIE preparation
>
>__
>Do You Yahoo!?
>Yahoo! Photos - Share your holiday photos online!
>http://photos.yahoo.com/
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS search

[Sam .]

Hello Friends

I am looking for a link to the cisco web site where there is a form on which 
I could select the IOS features that I require, select the router platform 
and the form would come back with the IOS version which would support all 
those features.

I know that someone on this list had sent this link last month. But I am not 
able to search the archives. May there is some problem there.

Could someone send me that link again. You can send it to me directly and 
not bother anyone on this list.

Thanks

Sam,

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: lab swap

[Colin Fabeny]

Hello,
I have a lab date for May 29-30 in RTP.  I am looking for a swap for an earlier
date anytime in Feb - April.  Let me know if anyone would like to trade for  my
assigned dates.

Thanks,
Colin


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Enabling the VTP domain,,

[Tom Graham]

Make sure the "new" switch doesn't think he is the VTP server.  I have seen
a online switch with no (or incomplete) VLANs configured changed to VTP
server mode and promptly erase all the other existing VLANS.  Make sure the
switch has all the VLANs you need configured on it before you make it a
server.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Shabbir S. Talib
> Sent: Monday, January 08, 2001 11:13 AM
> To: [EMAIL PROTECTED]; Wonkyu Lee
> Subject: Re: Enabling the VTP domain,,
>
>
> Check this out
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_
> 2/config/vtp.htm
>
> Wonkyu Lee wrote:
> >
> > HI All,
> >
> > The place where I'm working at right now has several vlans and trunking.
> > However, from the beginning, no one turned on the VTP Domain.
> So whenever I
> > put a new switch into the existing LAN, and setting up a vlan
> and trunking,
> > I have to do it manually. So I'm thinking I'm enabling the VTP domain on
> > all switches. We have 5500, 5002s, 2900XLs, 3500XLs.
> >
> > So here goes my question..
> >
> > What is the procedure to enable the domain feature ?
> > I know the CLI how to do it, but what should I beware before I do it?
> > What will happen when the vtp starts to advertising its vlan database to
> > client switches, which have already all the infos stored in manually?
> > Some vlans have their name on one switch(ex, TECH), but some
> don't(vlan13)
> > and would it be problem ?
> >
> > Thanks in advance.
> >
> > Wonkyu Lee
> > FOMS
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> --
> 
> Shabbir S. Talib
> MCSE, CNE, CCNA
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written Detail

[Eric Gunn]

At 12:44 PM 1/8/01 -0500, you wrote:
>just curious what the point would be?  I mean you have to pass the lab to 
>get the cert and that will force you to properly learn the subject matter 
>at some point anyway.  Outside of just wanting to schedule the lab early, 
>I would highly recommend you study the traditional texts including Doyle, 
>Halabi, Perlman etc.
>
>Pete

I do agree with your point, however since the lab exam is the real test and 
it is back logged for 6 months . I would like to get a jump on scheduling 
the lab and doing the majority of in depth studying while working towards 
the lab. I am just looking on opinions for study materials to pass the lab.

Thank You,

Eric





>*** REPLY SEPARATOR  ***
>
>On 1/8/2001 at 10:08 AM Eric Gunn wrote:
>
> >Hello,
> >
> >I was wondering if anyone that has read the CCIE Exam Cram though that was
> >sufficient in detail to pass the CCIE written exam? I have been through and
> >passed the CCNP+Security track, so I was hoping that some review would be
> >enough to prepare. However the exam cram seems a bit general, just looking
> >for opinions from people that have been through a similar track.
> >
> >I also plan on using the studyguide from www.cramsession.com, along with
> >Boson practice test #1. I had great luck with the Boson test for the
> >security exam which is that same author that does the CCIE Boson tests.
> >
> >Thank you for the input,
> >
> >-Eric Gunn
> >
> >CCNP + Security, MCSE, CCA.CNA, N+
> >
> >_
> >FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re:1600 password recovery

[Rajeev Soni]

As far as I remember in Windows NT, You need to upgrade your HYPERTERMINAL or
use Windows 95/98.

Reply Separator
Subject:1600 password recovery
Author: "Paver; Charles" <[EMAIL PROTECTED]>
Date:   01/08/2001 11:58 AM

Hi all!  I am unable to recover my password on my Cisco 1600 router.  I know
it says to press the break key, but that does not work.  OS is Windows nt
4.0, Spack 6a.  I pressed shift-ctrl-6 as well as break repeatedly during
the first 10 seconds, but didnt get into rommon mode. Anyone know how to do
this? 




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Received: from groupstudy.com ([63.104.50.75]) by ccmail.itd.nps.gov with SMTP
  (IMA Internet Exchange 3.13) id 007B4046; Mon, 8 Jan 2001 12:26:36 -0500
Received: from localhost (mail@localhost)
by groupstudy.com (8.9.3/8.9.3) with SMTP id NAA01903;
Mon, 8 Jan 2001 13:29:27 -0500
Received: by groupstudy.com (bulk_mailer v1.12); Mon, 8 Jan 2001 13:06:24 -0500
Received: (from listserver@localhost)
by groupstudy.com (8.9.3/8.9.3) id NAA24959
GroupStudy Mailer; Mon, 8 Jan 2001 13:06:23 -0500
Received: from alpha.wheatland.com (www.seminole.com [208.130.19.30])
by groupstudy.com (8.9.3/8.9.3) with ESMTP id NAA24916
GroupStudy Mailer; Mon, 8 Jan 2001 13:06:20 -0500
Received: from [10.1.1.22] by alpha.wheatland.com
for [EMAIL PROTECTED]
id LAA19951; Mon Jan  8 11:58:41 2001
Received: by exchange-nt.wheatland.com with Internet Mail Service (5.5.2448.0)
id ; Mon, 8 Jan 2001 11:58:41 -0500
Message-ID: <[EMAIL PROTECTED]>
Subject: 1600 password recovery
Date: Mon, 8 Jan 2001 11:58:40 -0500 
X-Mailer: Internet Mail Service (5.5.2448.0)
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
From: "Paver, Charles" <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Reply-To: "Paver, Charles" <[EMAIL PROTECTED]>
Precedence: bulk

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Simulator

[Sam Adams]

If you lived in the SF bay area you would have to have a contract for one
year for isdn.

GO PACBELL!!

Hey, I am being facetious here.  PBI had e-mail problems two nights in a
row.  Sniff the packets and no response from their end and they said it was
my config on my mail client.

Bastards!:-D

Rant over.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brian Howard
Sent: Monday, January 08, 2001 4:46 AM
To: Cthulu
Cc: [EMAIL PROTECTED]
Subject: Re: ISDN Simulator


Hi Charles,

I agree with Andy...check into the monthly rate of ISDN in your area, that
may be the best
way to go.

A few months ago,  another engineer and I bought a ISDN simulator from ARCA
Technologies. We decided upon ARCA mainly due to the fact that they have a
2 port BRI
simulator with built in NT1s. They were little more expensive than Teltone,
but the unit has worked fine.

I agree, its a hefty investment for your lab, and perhaps sharing the cost
of the simulator
may make it more affordable ?

Good luck

-Brian

At 08:54 PM 01/07/2001 -0600, Cthulu wrote:
>Hi,  all
>
>I know this has been discussed, and after spending my free time this
weekend
>searching high and low for a reasonably priced ISDN simulator, I am forced
>to conclude there is no such beast.   EBAY is a bust thus far,  and the
best
>price I have found is for a Teltone (www.teltone.com) ISDN simulator at
>http://www.bigdcom.com/teleline.html. Big D is a Groupstudy recommended
>site;  they sell the ISDN simulator about 1600 bucks, give or take some
>change.
>
>Now to the crux of my dilemma:  do I or don't I?  That is, ask my Mistress
>for this for Christmas, Halloween, and so forth.  She is standing here
>reading this, so I appreciate how wonderful she is! So beautiful with great
>taste in men!   Also, very heroic:  she kept me from drinking a coffee
>flavored Slim Fast (we were out of beer).
>
>Before I approach the checkbook with hat in hand, is this best price?  I
>mean, really?  Has anyone else had better luck?  I hate the thought of
>spending 1600 bucks on a 100 bucks worth of wiring and chips.  Perhaps is
it
>time for Groupstudy to form a buyer's union, where we can pool our money
and
>buy in bulk at almost wholesale prices.  Good idea?  Bad idea?  Too much
>headache potential?
>
>Luckily for me, Big D is in the Dallas area so I plan on there in person
and
>talking to them about these simulators and their prices.  If interested, I
>will let the group know what happens.  If not, I'll keep mum.
>
>Flames, comments all welcome!
>
>Charles
>
>
>
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Brian E. Howard
NSA Consulting Engineer
NSA - Network Supported Accounts
Voice: (919) 392-7615
Pager: 1-800-365-4578
e-mail: [EMAIL PROTECTED]
e-page: [EMAIL PROTECTED]

C i s c o S y s t e m s
Research Triangle Park, NC

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SNMP versus RMON

[Priscilla Oppenheimer]

At 10:06 AM 1/8/01, Pierre-Alex wrote:
>Please pardon my ignorance.
>
>Why did Cisco invent RMON?

They didn't invent it. The IETF developed RMON in the early 1990s because 
the standard MIBs at the time lacked statistics on data-link and 
physical-layer parameters. The standard MIBs were focused on IP and upper 
layers. The first RMON MIB provided Ethernet traffic and fault info, such 
as CRC errors, collisions, etc. In 1994, Token Ring was added for stuff 
like soft-error reports, beaconing reports, etc.

Priscilla


>SNMP seems to do exactly the same job (i.e. it provides information on all
>aspects of the network).
>
>I must be missing something ...
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS search

[Gareth Hinton]

IOS Feature Navigator

http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl


""Sam ."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Friends
>
> I am looking for a link to the cisco web site where there is a form on
which
> I could select the IOS features that I require, select the router platform
> and the form would come back with the IOS version which would support all
> those features.
>
> I know that someone on this list had sent this link last month. But I am
not
> able to search the archives. May there is some problem there.
>
> Could someone send me that link again. You can send it to me directly and
> not bother anyone on this list.
>
> Thanks
>
> Sam,
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Config question

[Raul F. Fernandez]

Dear Folks,


Does anyone know what the command "ISDN voice-call-failure 0" means?
We have been trying different sources such as CCO and documentation for
12.0 & 1and 11.3.


Thank you in advance.


Raul


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator

[AABAN34]

Cisco has one for $150.00 , it's their CIM CD it's really good, almost real=20
and it has much more QA to.

=A0www.cisco.com/go/cim =A0or =A0www.ciscopress.com/cim they have 6 CD's and=
 one of=20
them is the ISDN one. You can buy these CD's from any online book store.

=A0=A0

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

configuration register

[zuszus]

i am a network administrator of CORVIT SYSTEMS PRIVATE LIMITED PAKISTAN.I
JUST CHANGED TJE CONFIGURATION REGISTOR VALUE to 0x2101 OF MY  cisco routers
( cpa 2501),and reloaded. after that they are not get started.i erased the
flash and reloaded from tftp , but all my efforts ended in in vain. please
help.

khawaja usman mahmood
[EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Security - Adv. Firewall

[Tommy Mitchell]

Does anyone know if the security specialization test Cisco Secure Pix
Firewall Advanced is 4.x or 5.x specific?  I was surprised to take the MCNS
2.0 exam and see that the Pix questions were all about conduits and outbound
commands instead of the newer access lists.  Do they introduce any of the
new 5.x commands, do they hit both versions, or what?

Thanks,

Tommy Mitchell
Network Engineer
Matrix Networking Group, LLC
www.matrixnetworking.net


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Troubleshooting 102 - "password recovery"

[Mike Bromley]

Chuck,

This is so unfortunate! I would have enjoyed logging in and wondered if my
ISP was blocking Telnet sessions(I think they are). I was thinking all
weekend about you offering up your pod like that and what the ways to
prevent malicious activity would be. There's always going to be a jerk out
there looking to hack someone...

Anyway, keep up the good work!

Mike


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE LAB - Syracuse

[rajeev_ks@]

Any one preparing for lab in syracuse pls respond.

Thank you,
Rajeev
rajeev_ks@0
e-mail: rajeev_ks@[EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Nat vs. IOS Nat for DNS

[Joe Schnerd]

I have a question along the same line...

If I have a single DNS behind NAT and I want to change it's IP to 10.x.x.x,
how does NAT/Firewall know to forward the request to that address and how
would I register with Network Solutions so that there is a "virtual" name
server? Any suggestions/ideas?

I've been looking at some sample NAT configs, but nothing really addresses
the DNS aspect.

Any help would be greatly appreciated.

Jeff

"Brian Bieber" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> My question is about DNS queries through the PIX and the IOS w/NAT.
>
> This is taken from the Cisco web site.
>
> http://www.cisco.com/warp/public/458/41.html#Q21
> 
> Q: Does Cisco IOS NAT support DNS queries?
> A: Yes, Cisco IOS NAT will translate the address(es) which
> appear in DNS responses to name lookups (A queries) and inverse lookups
(PTR
> queries). Thus, if an outside host sends a name-lookup to a DNS server on
> the inside, and that server responds with a local address, the NAT code
will
> translate that local address to a global address. The opposite is also
true,
> and is how we support IP addresses overlapping: an inside host queries an
> outside DNS server, the response contains an address that matches the
> access-list specified on the "outside source" command, so the code
> translates the outside global address to an outside local address.
> Time-to-live (TTL) values on all DNS resource records (RRs)
> which receive address translations in RR payloads are automatically set to
> zero.
> Cisco IOS NAT does not translate IP addresses embedded in
> DNS zone transfers.
>
> My question is how do I achieve this in the PIX?
>
> Thanks
> Brian Bieber
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: configuration register

[Roan, Wayne]

What mode does the router come up in?  RMON?

-Original Message-
From: zuszus [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 3:50 PM
To: [EMAIL PROTECTED]
Subject: configuration register


i am a network administrator of CORVIT SYSTEMS PRIVATE LIMITED PAKISTAN.I
JUST CHANGED TJE CONFIGURATION REGISTOR VALUE to 0x2101 OF MY  cisco routers
( cpa 2501),and reloaded. after that they are not get started.i erased the
flash and reloaded from tftp , but all my efforts ended in in vain. please
help.

khawaja usman mahmood
[EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Tony van Ree]

Hi,

I have found RMON more useful as a trouble shooting tool particularly on switches.  
Non Cisco equipment (Cabletron, 3Com and the like) often have RMON available.  You can 
usually get into these without any special MIBs and get into the raffic analysis.

RMON allows you to more easily find who and what could be causing congestion or 
traffic problems than does SNMP.  Be caeful however RMON is quite CPU intensive when 
turned on a device.  For example, you can expect a 2500 series router to pack it in 
within a minute or two if you decide RMON should be on to discover a problem.  The 
best way is to get some other device to get the RMON stuff for you.  An RMON Probe.

You can use RMON Probes on remote sites to do all sorts of useful traffic analysis the 
SNMP wont give you.

Just some thoughts

Teunis,
Hobart, Tasmania
Australia


On Monday, January 08, 2001 at 10:52:01 AM, Pierre-Alex wrote:

> 
> Thanks Willy!
> 
> Pierre-Alex
> 
> -Original Message-
> From: Willy Schoots [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 08, 2001 10:20 AM
> To: Pierre-Alex
> Subject: RE: SNMP versus RMON
> 
> 
> RMON gives you a lot more network traffic information than SNMP does. With
> FULL RMON capabilities you can even sniff packets of the interface save them
> and send them to a remote analyst station. There is definetly some overlap
> but RMON is more powerful if you want to troubleshoot specific traffic
> problems.
> 
> Have a look at www.netscout.com for more info on RMON and its applications
> Cheers,
> 
> Willy Schoots
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Pierre-Alex
> Sent: Monday, January 08, 2001 5:06 PM
> To: Cisco
> Subject: SNMP versus RMON
> 
> 
> Please pardon my ignorance.
> 
> Why did Cisco invent RMON?
> 
> SNMP seems to do exactly the same job (i.e. it provides information on all
> aspects of the network).
> 
> I must be missing something ...
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Config question

[James Haynes]

I found the same line on the config of a router on my network and spent some
time looking for an answer to it as well. What I came up with was:

isdn voice-call-failure 0 : sends specified code to switch when an inbound
voice call fails with no specific cause code.

I believe this is a default of the IOS, but I may be wrong.


""Raul F. Fernandez"" <[EMAIL PROTECTED]> wrote in message
004c01c079b1$bd4baf00$[EMAIL PROTECTED]">news:004c01c079b1$bd4baf00$[EMAIL PROTECTED]...
> Dear Folks,
>
>
> Does anyone know what the command "ISDN voice-call-failure 0" means?
> We have been trying different sources such as CCO and documentation for
> 12.0 & 1and 11.3.
>
>
> Thank you in advance.
>
>
> Raul
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Coil pinnaccle header

[Rob Mears]

Hi all,

I have 4 6509 cats that are giving me problems. For particular modules on
the switch, user will not be able to login to network. I move them to
different module on same switch all works fine. I look at switch, port
status all is fine.  I check logs on switch and I see for the ports giving
me problem it reports "Coil Pinnacle Header Checksum Error".  What the hell
is this? I searched Cisco's site and find nothing.  

Has anyone seen this?  Please help.

I am about the thought out the damn Module.

Thanks
Rob

Rob Mears III, NNCSS, NNCDS, MCSE, CNE, CCNA, A+
Technical Mercenary



-Original Message-
From: Joe Schnerd [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 3:07 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX Nat vs. IOS Nat for DNS


I have a question along the same line...

If I have a single DNS behind NAT and I want to change it's IP to 10.x.x.x,
how does NAT/Firewall know to forward the request to that address and how
would I register with Network Solutions so that there is a "virtual" name
server? Any suggestions/ideas?

I've been looking at some sample NAT configs, but nothing really addresses
the DNS aspect.

Any help would be greatly appreciated.

Jeff

"Brian Bieber" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> My question is about DNS queries through the PIX and the IOS w/NAT.
>
> This is taken from the Cisco web site.
>
> http://www.cisco.com/warp/public/458/41.html#Q21
> 
> Q: Does Cisco IOS NAT support DNS queries?
> A: Yes, Cisco IOS NAT will translate the address(es) which
> appear in DNS responses to name lookups (A queries) and inverse lookups
(PTR
> queries). Thus, if an outside host sends a name-lookup to a DNS server on
> the inside, and that server responds with a local address, the NAT code
will
> translate that local address to a global address. The opposite is also
true,
> and is how we support IP addresses overlapping: an inside host queries an
> outside DNS server, the response contains an address that matches the
> access-list specified on the "outside source" command, so the code
> translates the outside global address to an outside local address.
> Time-to-live (TTL) values on all DNS resource records (RRs)
> which receive address translations in RR payloads are automatically set to
> zero.
> Cisco IOS NAT does not translate IP addresses embedded in
> DNS zone transfers.
>
> My question is how do I achieve this in the PIX?
>
> Thanks
> Brian Bieber
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT - ASN Request

[Jim Healis]

Has anyone here completed the ARIN ASN request form?  If you have I 
could use a little assistance in completing the justification portion. 
I would prefer not to bang my head against the wall while trying to 
reinvent the wheel.

Please reply via private email.

Thanks!

-j

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Config question

[Tom Graham]

The inbound call appears to be a voice call and your router doesn't have a
way to handle a voice call (which in the real world would be an analog data
call coming in -- that is from a modem and not a TA). If you know the
inbound call is ISDN, try "isdn not-end-to-end" to tell the router not to
expect D channel information from the far end and just assume it is a data
call.   Otherwise you need to handle the call with a modem (such as with an
AS5300)

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> James Haynes
> Sent: Monday, January 08, 2001 4:37 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ISDN Config question
>
>
> I found the same line on the config of a router on my network and
> spent some
> time looking for an answer to it as well. What I came up with was:
>
> isdn voice-call-failure 0 : sends specified code to switch when an inbound
> voice call fails with no specific cause code.
>
> I believe this is a default of the IOS, but I may be wrong.
>
>
> ""Raul F. Fernandez"" <[EMAIL PROTECTED]> wrote in message
> 004c01c079b1$bd4baf00$[EMAIL PROTECTED]">news:004c01c079b1$bd4baf00$[EMAIL PROTECTED]...
> > Dear Folks,
> >
> >
> > Does anyone know what the command "ISDN voice-call-failure 0" means?
> > We have been trying different sources such as CCO and documentation for
> > 12.0 & 1and 11.3.
> >
> >
> > Thank you in advance.
> >
> >
> > Raul
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Pierre-Alex]

Thank You Priscilla. Where did you find this information? In the RFCs or did
you
actually read books about the subject?

Pierre-Alex

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 2:19 PM
To: Pierre-Alex; Cisco
Subject: Re: SNMP versus RMON


At 10:06 AM 1/8/01, Pierre-Alex wrote:
>Please pardon my ignorance.
>
>Why did Cisco invent RMON?

They didn't invent it. The IETF developed RMON in the early 1990s because
the standard MIBs at the time lacked statistics on data-link and
physical-layer parameters. The standard MIBs were focused on IP and upper
layers. The first RMON MIB provided Ethernet traffic and fault info, such
as CRC errors, collisions, etc. In 1994, Token Ring was added for stuff
like soft-error reports, beaconing reports, etc.

Priscilla


>SNMP seems to do exactly the same job (i.e. it provides information on all
>aspects of the network).
>
>I must be missing something ...
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Pierre-Alex]

Very useful! Thank You.

-Original Message-
From: Tony van Ree [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 3:20 PM
To: Pierre-Alex; [EMAIL PROTECTED]
Cc: Cisco
Subject: RE: SNMP versus RMON


Hi,

I have found RMON more useful as a trouble shooting tool particularly on
switches.  Non Cisco equipment (Cabletron, 3Com and the like) often have
RMON available.  You can usually get into these without any special MIBs and
get into the raffic analysis.

RMON allows you to more easily find who and what could be causing congestion
or traffic problems than does SNMP.  Be caeful however RMON is quite CPU
intensive when turned on a device.  For example, you can expect a 2500
series router to pack it in within a minute or two if you decide RMON should
be on to discover a problem.  The best way is to get some other device to
get the RMON stuff for you.  An RMON Probe.

You can use RMON Probes on remote sites to do all sorts of useful traffic
analysis the SNMP wont give you.

Just some thoughts

Teunis,
Hobart, Tasmania
Australia


On Monday, January 08, 2001 at 10:52:01 AM, Pierre-Alex wrote:

>
> Thanks Willy!
>
> Pierre-Alex
>
> -Original Message-
> From: Willy Schoots [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 08, 2001 10:20 AM
> To: Pierre-Alex
> Subject: RE: SNMP versus RMON
>
>
> RMON gives you a lot more network traffic information than SNMP does. With
> FULL RMON capabilities you can even sniff packets of the interface save
them
> and send them to a remote analyst station. There is definetly some overlap
> but RMON is more powerful if you want to troubleshoot specific traffic
> problems.
>
> Have a look at www.netscout.com for more info on RMON and its applications
> Cheers,
>
> Willy Schoots
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Pierre-Alex
> Sent: Monday, January 08, 2001 5:06 PM
> To: Cisco
> Subject: SNMP versus RMON
>
>
> Please pardon my ignorance.
>
> Why did Cisco invent RMON?
>
> SNMP seems to do exactly the same job (i.e. it provides information on all
> aspects of the network).
>
> I must be missing something ...
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>


--
www.tasmail.com



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SNMP versus RMON

[Paul Borghese]

Someone has already discussed how you can use a 2500 as an RMON probe.  But did you 
know you can use a 2500 as a packet capture
device?  The full RMON 1 capabilities of the 2500 include packet capture.  You can 
then download the captured packets for full
decode.  This works great with a spare 2514 (two ethernet interfaces).  Poor man's 
network analyzer.

Quite impressive.

Take care,

Paul Borghese

""Pierre-Alex"" <[EMAIL PROTECTED]> wrote in message 
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Very useful! Thank You.
>
> -Original Message-
> From: Tony van Ree [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 08, 2001 3:20 PM
> To: Pierre-Alex; [EMAIL PROTECTED]
> Cc: Cisco
> Subject: RE: SNMP versus RMON
>
>
> Hi,
>
> I have found RMON more useful as a trouble shooting tool particularly on
> switches.  Non Cisco equipment (Cabletron, 3Com and the like) often have
> RMON available.  You can usually get into these without any special MIBs and
> get into the raffic analysis.
>
> RMON allows you to more easily find who and what could be causing congestion
> or traffic problems than does SNMP.  Be caeful however RMON is quite CPU
> intensive when turned on a device.  For example, you can expect a 2500
> series router to pack it in within a minute or two if you decide RMON should
> be on to discover a problem.  The best way is to get some other device to
> get the RMON stuff for you.  An RMON Probe.
>
> You can use RMON Probes on remote sites to do all sorts of useful traffic
> analysis the SNMP wont give you.
>
> Just some thoughts
>
> Teunis,
> Hobart, Tasmania
> Australia
>
>
> On Monday, January 08, 2001 at 10:52:01 AM, Pierre-Alex wrote:
>
> >
> > Thanks Willy!
> >
> > Pierre-Alex
> >
> > -Original Message-
> > From: Willy Schoots [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, January 08, 2001 10:20 AM
> > To: Pierre-Alex
> > Subject: RE: SNMP versus RMON
> >
> >
> > RMON gives you a lot more network traffic information than SNMP does. With
> > FULL RMON capabilities you can even sniff packets of the interface save
> them
> > and send them to a remote analyst station. There is definetly some overlap
> > but RMON is more powerful if you want to troubleshoot specific traffic
> > problems.
> >
> > Have a look at www.netscout.com for more info on RMON and its applications
> > Cheers,
> >
> > Willy Schoots
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Pierre-Alex
> > Sent: Monday, January 08, 2001 5:06 PM
> > To: Cisco
> > Subject: SNMP versus RMON
> >
> >
> > Please pardon my ignorance.
> >
> > Why did Cisco invent RMON?
> >
> > SNMP seems to do exactly the same job (i.e. it provides information on all
> > aspects of the network).
> >
> > I must be missing something ...
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.tasmail.com
>
>
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BCMSN

[Jason Baker]

I would say if you are looking for a book and you have have one week to go, 
you should reschedule the exam. I used course notes to pass this exam. 

Regards,

Jason Baker
Network Engineer
MCSE, CCNA, AACS, PCP

Davnet Telecommunications Pty Ltd
Level 50, Rialto South Tower
525 Collins St
Melbourne VIC 3000

Tel:613 9614 6646
Fax:613 9620 7497
[EMAIL PROTECTED]
www.davnet.com.au
---
Australian General Telecommunications Carrier License No 23
---
Disclaimer:

Please note that this correspondence is for the named
person's use only and may contain information that is
confidential and privileged. 

If you received this correspondence in error, please
immediately delete it from your system and notify
the sender.  Please ensure that you do not disclose,
copy or rely on any part of this correspondence if
you are not the intended recipient.  We apologise for
any inconvenience and thank you for your assistance.

Please note that nothing in this correspondence shall
be construed or otherwise relied upon by the recipient
as an offer, acceptance of an offer, representation,
agreement or resolution of any kind.






-Original Message-
From: Chiao Liang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 09, 2001 12:40 AM
To: [EMAIL PROTECTED]
Subject: BCMSN


Hi all

I'm taking my BCMSN next week, needed help urgently. Can anyone
recommend any site or book for thsi test. Oh if anyone get any resources
please help me . Millions of Thanks in advance.


Chan
CCNA, CCDA

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNMP versus RMON

[Priscilla Oppenheimer]

At 04:43 PM 1/8/01, Pierre-Alex wrote:
>Thank You Priscilla. Where did you find this information? In the RFCs or did
>you
>actually read books about the subject?

I lived it. &;-) I worked for Network General (makers of the Sniffer) in 
the early 1990s. Knowing RMON was important because RMON probes threatened 
to compete with Sniffers (since RMON probes can capture packets, among 
their other capabilities.)

The RMON RFC 1757 is quite readable also, if you wanted to try it. But it 
doesn't have a lot of background on why RMON was developed, so it might not 
have answered your particular question.

Also, I verified my answer by checking my own book, &;-) "Top-Down Network 
Design," which talks briefly about RMON. RMON is also covered in a cursory 
fashion in the various Cisco Internetwork Troubleshooting (CIT) books.

The Internetworking Technologies Overview book (Web pages) from Cisco also 
talk about RMON here:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm

Also, check out the chapter on SNMP here:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm

Priscilla



>Pierre-Alex
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: Monday, January 08, 2001 2:19 PM
>To: Pierre-Alex; Cisco
>Subject: Re: SNMP versus RMON
>
>
>At 10:06 AM 1/8/01, Pierre-Alex wrote:
> >Please pardon my ignorance.
> >
> >Why did Cisco invent RMON?
>
>They didn't invent it. The IETF developed RMON in the early 1990s because
>the standard MIBs at the time lacked statistics on data-link and
>physical-layer parameters. The standard MIBs were focused on IP and upper
>layers. The first RMON MIB provided Ethernet traffic and fault info, such
>as CRC errors, collisions, etc. In 1994, Token Ring was added for stuff
>like soft-error reports, beaconing reports, etc.
>
>Priscilla
>
>
> >SNMP seems to do exactly the same job (i.e. it provides information on all
> >aspects of the network).
> >
> >I must be missing something ...
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISBN for the new CCNP library

[Circusnuts]

Does anyone happen to have the ISBN for the new CCNP book kit.  I saw this
one & thought it might be the old library having Laura Chapel as one of the
writers (ISBN 1587050137).

Thanks
Phil

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

LAB - Syracuse.

[rajeev_ks@]

Any one preparing for lab in syracuse pls respond. 

Thank you, 
Rajeev 

rajeev_ks@0
e-mail: rajeev_ks@[EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BCMSN

[Tom Keough]

BCMSN from Cisco Press by Karen Web, CCIE  ISBN1-57870-093-0
HTH,
Tom

--
Tom Keough MCSE CCNA
AT&T Global Network Solutions
Standard Access Management
Managed Router Service
Tier 2 Technical Support
Tampa, Florida
"Chiao Liang" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all
>
> I'm taking my BCMSN next week, needed help urgently. Can anyone
> recommend any site or book for thsi test. Oh if anyone get any resources
> please help me . Millions of Thanks in advance.
>
>
> Chan
> CCNA, CCDA
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISBN for the new CCNP library

[Gareth Hinton]

Phil,

This better had be the latest one - I've just bought it. (2nd Edition)
Dated 31st Dec 2000.

Gareth

""Circusnuts"" <[EMAIL PROTECTED]> wrote in message
041001c079b5$c9103d20$[EMAIL PROTECTED]">news:041001c079b5$c9103d20$[EMAIL PROTECTED]...
> Does anyone happen to have the ISBN for the new CCNP book kit.  I saw this
> one & thought it might be the old library having Laura Chapel as one of
the
> writers (ISBN 1587050137).
>
> Thanks
> Phil
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay Security

[Chuck Larrieu]

Jim, just to be contrary, how can a single provider, or even multiple
provider frame clouds be compromised as easily as internet traffic?

What are some of the specifics of danger of compromise of any private
network versus the internet?

Those bad people can't, for example, do DDoS attacks against your private
network, except via the internet connection. It is that same internet
connection that is the source of major compromises of corporate networks
nationwide.

What are some of the specific security issues you see on private networks,
as compared to public networks?

Chuck
Just being contrary, in the hopes of learning something :->

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim
Brown
Sent:   Monday, January 08, 2001 8:47 AM
To: 'Brian Lodwick'; [EMAIL PROTECTED]
Subject:RE: Frame Relay Security


There should not be different levels of encryption for traffic depending on
whether its frame or Internet transient. Your traffic is open to compromise
on the Internet or in a providers frame cloud. From a security viewpoint
neither one is more secure than the other.

It really boils down to acceptable risk vs. cost.

Just remember, you can never eliminate risk. There are always holes in your
security.

Any individual who is asking themselves should I use DES/3DES on a frame
connection should stop and look to see if they have a modem bank behind
their firewall.

Your security is only a strong as the weakest link.

-Original Message-
From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 07, 2001 8:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Frame Relay Security


Group,
  Which then I believe should obviously lead into the discussion- if VPN's
are today's PVC's then would it be appropriate to say that traffic
transported over the public internet with such a protocol as IPSec is just
as safe? and how do you know your enemies aren't working for that frame
provider -if they are using single DES they had better hope not. Are there
protocols now capable of providing enough security encryption for extremely
sensitive traffic to transit the public internet?

>>>Brian

>From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Frame Relay Security
>Date: Sun, 7 Jan 2001 13:37:09 -0500
>
> >I understand most of the benefits of frame relay, but I am wondering if =
> >there are any security problems assoicated with this protocol?  Is it =
> >secure enough for unencrypted transfer of financial or sensitive =
> >information?  Any help understanding the security risks associated with =
> >frame relay appreciated.
> >
> >-- Kevin
>
>Is a dedicated line secure enough for unencrypted transfer of
>financial or sensitive information?
>
>Answer:  It depends.
>
>People often assume that frame is somehow shared when "dedicated
>lines" are not.   From Chapter 5 of my _WAN Survival Guide_,
>
> >All too many users have an intuitive belief that if they were to
> >pull on the London end of a London to New York circuit, wires would
> >wiggle in Manhattan. The reality, of course, is that any network of
> >complexity beyond a very simple LAN involves one or more layers of
> >virtualization onto real media. At the OSI lower layers,
> >virtualization usually involves multiplexing, but various name and
> >address mapping functions provide virtual structure as one moves up
> >the protocol stack.
>
>Typically, frame PVCs and T1's run over exactly the same media from
>the customer site to the telco end office.  Once at the end office,
>they are multiplexed.  T1 is far too slow for economical data
>transmission between modern telco offices.  Both the T1 and the frame
>circuits typically will be multiplexed onto facilities at least at
>DS-3, and usually OC-12 to OC-192. So much beyond the local loop,
>there really isn't much difference between frame and dedicated.
>
>Interpretations in the US HIPAA legislation for medical data tend to
>allow unencrypted traffic to flow over dedicated and frame, but not
>the public Internet.  The Federal Reserve, however, tends to want
>end-to-end encryption regardless of the media, historically single
>DES.  Military traffic would be bulk encrypted and possibly
>end-to-end encrypted as well.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violat

Re: Frame Relay Security

[Jim Healis]

Once, while working at a very popular network auction web site, I ran 
into a security advisor that said Frame Relay was not secure and we 
should not allow critical information to pass over those connections.
The VP of Technology, at the time, said "we have more important things 
to worry about than someone spending hours on end trying to hack a Frame 
Switch just to see if our traffic happens to be on it".

Just thought I would add that little tidbit to the conversation.

-j

Chuck Larrieu wrote:

> Jim, just to be contrary, how can a single provider, or even multiple
> provider frame clouds be compromised as easily as internet traffic?
> 
> What are some of the specifics of danger of compromise of any private
> network versus the internet?
> 
> Those bad people can't, for example, do DDoS attacks against your private
> network, except via the internet connection. It is that same internet
> connection that is the source of major compromises of corporate networks
> nationwide.
> 
> What are some of the specific security issues you see on private networks,
> as compared to public networks?
> 
> Chuck
> Just being contrary, in the hopes of learning something :->
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim
> Brown
> Sent: Monday, January 08, 2001 8:47 AM
> To:   'Brian Lodwick'; [EMAIL PROTECTED]
> Subject:  RE: Frame Relay Security
> 
> 
> There should not be different levels of encryption for traffic depending on
> whether its frame or Internet transient. Your traffic is open to compromise
> on the Internet or in a providers frame cloud. From a security viewpoint
> neither one is more secure than the other.
> 
> It really boils down to acceptable risk vs. cost.
> 
> Just remember, you can never eliminate risk. There are always holes in your
> security.
> 
> Any individual who is asking themselves should I use DES/3DES on a frame
> connection should stop and look to see if they have a modem bank behind
> their firewall.
> 
> Your security is only a strong as the weakest link.
> 
> -Original Message-
> From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 07, 2001 8:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Frame Relay Security
> 
> 
> Group,
>   Which then I believe should obviously lead into the discussion- if VPN's
> are today's PVC's then would it be appropriate to say that traffic
> transported over the public internet with such a protocol as IPSec is just
> as safe? and how do you know your enemies aren't working for that frame
> provider -if they are using single DES they had better hope not. Are there
> protocols now capable of providing enough security encryption for extremely
> sensitive traffic to transit the public internet?
> 
> 
 Brian
>>> 
> 
>> From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>> Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Subject: Re: Frame Relay Security
>> Date: Sun, 7 Jan 2001 13:37:09 -0500
>> 
>> 
>>> I understand most of the benefits of frame relay, but I am wondering if =
>>> there are any security problems assoicated with this protocol?  Is it =
>>> secure enough for unencrypted transfer of financial or sensitive =
>>> information?  Any help understanding the security risks associated with =
>>> frame relay appreciated.
>>> 
>>> -- Kevin
>> 
>> Is a dedicated line secure enough for unencrypted transfer of
>> financial or sensitive information?
>> 
>> Answer:  It depends.
>> 
>> People often assume that frame is somehow shared when "dedicated
>> lines" are not.   From Chapter 5 of my _WAN Survival Guide_,
>> 
>> 
>>> All too many users have an intuitive belief that if they were to
>>> pull on the London end of a London to New York circuit, wires would
>>> wiggle in Manhattan. The reality, of course, is that any network of
>>> complexity beyond a very simple LAN involves one or more layers of
>>> virtualization onto real media. At the OSI lower layers,
>>> virtualization usually involves multiplexing, but various name and
>>> address mapping functions provide virtual structure as one moves up
>>> the protocol stack.
>> 
>> Typically, frame PVCs and T1's run over exactly the same media from
>> the customer site to the telco end office.  Once at the end office,
>> they are multiplexed.  T1 is far too slow for economical data
>> transmission between modern telco offices.  Both the T1 and the frame
>> circuits typically will be multiplexed onto facilities at least at
>> DS-3, and usually OC-12 to OC-192. So much beyond the local loop,
>> there really isn't much difference between frame and dedicated.
>> 
>> Interpretations in the US HIPAA legislation for medical data tend to
>> allow unencrypted traffic to flow over dedicated and frame, but not
>> the public Internet.  The Federal Reserve, however, tends to want
>> end-to-end encryption regardless of the media, historically single
>> DES.  Military traffic would be bulk encrypted and possibly
>> 

Arrowpoint Content Switch and 7204 routers

[Sameh Badros]

I have two arrowpoints Content switches cs800 connecting the webfarm and the 
database servers to the internet using NAT, the company bought two 7204 
routers to be connected with the switches for redundancy, what's the best 
configuration possible and what can I gain from installing the routers ( the 
switches do the job now).


_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISBN for the new CCNP library

[Andy Barkl]

The "old" CCNP library ISBN is 1578702070.

At 06:58 PM 1/8/2001 -0200, Circusnuts wrote:
>Does anyone happen to have the ISBN for the new CCNP book kit.  I saw this
>one & thought it might be the old library having Laura Chapel as one of the
>writers (ISBN 1587050137).
>
>Thanks
>Phil
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Nat vs. IOS Nat for DNS

[Elijah Savage]

First of all I am not PIX firewall guru. But I have done my fare share with
nat with frame relay links and isdn. So this should pertain to the PIX also.
But basically what you would have to do is tell the NAT device be it a pix
or a router to forward all port 53 traffic to the private ip address on the
inside. There ore tons of people doing this with dsl and cable modem
connections also. Also you must have 2 dns servers to register with the
internic not just one. But anyway here is the command below to do what I
described above with nat.

ip nat inside source static tcp 192.168.0.1 53 209.x.x.x 53 extendable

Bascially what you are doing is telling the router to foward all traffic
that comes in on port 53 on the outside address of 209.x.x.x forward that to
192.168.0.1 your dns server. And that will do it.
Hope this helps.


Elijah
Stop by www.digitalrage.org the forums section
and join one of the coolest tech sites out.
Did I mention no banners and free tech support.

-Original Message-
From: Joe Schnerd [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 4:07 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX Nat vs. IOS Nat for DNS


I have a question along the same line...

If I have a single DNS behind NAT and I want to change it's IP to 10.x.x.x,
how does NAT/Firewall know to forward the request to that address and how
would I register with Network Solutions so that there is a "virtual" name
server? Any suggestions/ideas?

I've been looking at some sample NAT configs, but nothing really addresses
the DNS aspect.

Any help would be greatly appreciated.

Jeff

"Brian Bieber" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> My question is about DNS queries through the PIX and the IOS w/NAT.
>
> This is taken from the Cisco web site.
>
> http://www.cisco.com/warp/public/458/41.html#Q21
> 
> Q: Does Cisco IOS NAT support DNS queries?
> A: Yes, Cisco IOS NAT will translate the address(es) which
> appear in DNS responses to name lookups (A queries) and inverse lookups
(PTR
> queries). Thus, if an outside host sends a name-lookup to a DNS server on
> the inside, and that server responds with a local address, the NAT code
will
> translate that local address to a global address. The opposite is also
true,
> and is how we support IP addresses overlapping: an inside host queries an
> outside DNS server, the response contains an address that matches the
> access-list specified on the "outside source" command, so the code
> translates the outside global address to an outside local address.
> Time-to-live (TTL) values on all DNS resource records (RRs)
> which receive address translations in RR payloads are automatically set to
> zero.
> Cisco IOS NAT does not translate IP addresses embedded in
> DNS zone transfers.
>
> My question is how do I achieve this in the PIX?
>
> Thanks
> Brian Bieber
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TACACS and Telnet

[Bradley Lowry]

Why not use TACACS along with something like SecureID?
A know of a large client that does it.  One plus is that everyone that
touches the network infrastructure get a different ID, so changes are logged
by time and person.

I don't know everything so if someone can think of a good reason the whole
telnet session should be encrypted, let me know.

Piatnitchi Cristian <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all
>
> I intend to setup TACACS+ authentication for all our network devices and
> I need to understand the following question:
>
> Is the telnet authentication sequence encrypted ? I am asking about the
> situation
> when the net. device is set up to work with TACACS+.
> If it isn't what should I do to have a secure connection during the
> authentication phase.
>
> I have to say that I use an IP connection not PPP. (It's just a simple
> Telnet session from our internal LAN)
>
> In my opinion it is not a secure session but I would like to be a secure
one
> and I don't know how to set it.
> I will be waiting for your advice.
>
> Thanks in advance
> Cristian
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: configuration register

[Chuck Larrieu]

The "1" in the last nibble there indicates that you are booting to rommon

e.g.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2524/
boa/boamnt.htm#xtocid1109016
watch the word wrap.

You will need to perform the "password recovery" procedure, and change the
config register to 0x2102

If you are actually in the prompt rommon> you can easily issue the "o/r
0x2102" command, then the "I" command to reinitialize. Assuming you have an
IOS in flash, your router would then come up normally.

HTH

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
zuszus
Sent:   Monday, January 08, 2001 12:50 PM
To: [EMAIL PROTECTED]
Subject:configuration register

i am a network administrator of CORVIT SYSTEMS PRIVATE LIMITED PAKISTAN.I
JUST CHANGED TJE CONFIGURATION REGISTOR VALUE to 0x2101 OF MY  cisco routers
( cpa 2501),and reloaded. after that they are not get started.i erased the
flash and reloaded from tftp , but all my efforts ended in in vain. please
help.

khawaja usman mahmood
[EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay Security

[Tony van Ree]

Hi all,

A front gate keeps cattle of the lawn.  A front door keeps welcome strangers from 
entering my house.  A lock on the bedroom door may protect me a night.  Something 
stronger would be needed to ensure my wife was safe.

I guess what I am trying to say is the greater your level of risk the stronger your 
security must be.  Knowing that data crosses public networks has one being a little 
more careful about what is sent there.  Private networks accross or between countries 
become a problem as all the data at the point it leaves the carrier is multiplexed 
between switches.  There is usually no distinction between the type of data being sent 
(Although some carriers may provide special services this would probably not occur 
between countries).  Often there is no way for the carrier to tell what type of data 
is being sent. (if they could it might present a security risk).  

It should not be the carriers responsibility to look after the security of an 
individuals data but to make the best effort to ensure it gets to the right person.  
This is no different to sending a parcel in the mail.

It is strange though that throughout all my studies and my networking career 
statistics seem to point that the greatest risk is from within.  Usually because this 
is where most feel security is not required.

This stuff goes round and around.  It seems to me that the security of data is 
ultimately the responsibitly of the end devices.  I thought that is why end to end 
encryption was developed.

Just some views.

Teunis,
Hobart, Tasmania
Australia



On Monday, January 08, 2001 at 04:24:11 PM, Chuck Larrieu wrote:

> Jim, just to be contrary, how can a single provider, or even multiple
> provider frame clouds be compromised as easily as internet traffic?
> 
> What are some of the specifics of danger of compromise of any private
> network versus the internet?
> 
> Those bad people can't, for example, do DDoS attacks against your private
> network, except via the internet connection. It is that same internet
> connection that is the source of major compromises of corporate networks
> nationwide.
> 
> What are some of the specific security issues you see on private networks,
> as compared to public networks?
> 
> Chuck
> Just being contrary, in the hopes of learning something :->
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim
> Brown
> Sent: Monday, January 08, 2001 8:47 AM
> To:   'Brian Lodwick'; [EMAIL PROTECTED]
> Subject:  RE: Frame Relay Security
> 
> 
> There should not be different levels of encryption for traffic depending on
> whether its frame or Internet transient. Your traffic is open to compromise
> on the Internet or in a providers frame cloud. From a security viewpoint
> neither one is more secure than the other.
> 
> It really boils down to acceptable risk vs. cost.
> 
> Just remember, you can never eliminate risk. There are always holes in your
> security.
> 
> Any individual who is asking themselves should I use DES/3DES on a frame
> connection should stop and look to see if they have a modem bank behind
> their firewall.
> 
> Your security is only a strong as the weakest link.
> 
> -Original Message-
> From: Brian Lodwick [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 07, 2001 8:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Frame Relay Security
> 
> 
> Group,
>   Which then I believe should obviously lead into the discussion- if VPN's
> are today's PVC's then would it be appropriate to say that traffic
> transported over the public internet with such a protocol as IPSec is just
> as safe? and how do you know your enemies aren't working for that frame
> provider -if they are using single DES they had better hope not. Are there
> protocols now capable of providing enough security encryption for extremely
> sensitive traffic to transit the public internet?
> 
> >>>Brian
> 
> >From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
> >Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Frame Relay Security
> >Date: Sun, 7 Jan 2001 13:37:09 -0500
> >
> > >I understand most of the benefits of frame relay, but I am wondering if =
> > >there are any security problems assoicated with this protocol?  Is it =
> > >secure enough for unencrypted transfer of financial or sensitive =
> > >information?  Any help understanding the security risks associated with =
> > >frame relay appreciated.
> > >
> > >-- Kevin
> >
> >Is a dedicated line secure enough for unencrypted transfer of
> >financial or sensitive information?
> >
> >Answer:  It depends.
> >
> >People often assume that frame is somehow shared when "dedicated
> >lines" are not.   From Chapter 5 of my _WAN Survival Guide_,
> >
> > >All too many users have an intuitive belief that if they were to
> > >pull on the London end of a London to New York circuit, wires would
> > >wiggle in Manhattan. The reality, of course, is that any network of
> > >complex

Re: CCIE Written Detail

[Milton R. Moore]

I read the Exam Cram and it is not enough to pass the Written.  You will
need a lot more material to understand bridging, troubleshooting, FDDI...

The best place for all the information you need to pass is the Cisco Site.

Milton

"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> I was wondering if anyone that has read the CCIE Exam Cram though that was
> sufficient in detail to pass the CCIE written exam? I have been through
and
> passed the CCNP+Security track, so I was hoping that some review would be
> enough to prepare. However the exam cram seems a bit general, just looking
> for opinions from people that have been through a similar track.
>
> I also plan on using the studyguide from www.cramsession.com, along with
> Boson practice test #1. I had great luck with the Boson test for the
> security exam which is that same author that does the CCIE Boson tests.
>
> Thank you for the input,
>
> -Eric Gunn
>
> CCNP + Security, MCSE, CCA.CNA, N+
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix FireWall

[Aamir Lakhani]

Try WebTrends. I think it has what you might be looking for.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Abro Toufic
Sent: Monday, January 08, 2001 3:57 AM
To: [EMAIL PROTECTED]
Subject: Pix FireWall


Dear Sir,
I have a small question about Pix Firewall and syslog,
what I am looking for any web browser reporting tools can I use it
and some thing like that
any comment
any help
thanks




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Flash Card for 4000

[Ray Barker]

I have an old 4000 series router that has the old ic memory chips for flash.
I know cisco made a new flash daughter card that uses traditional flash, but
I do not know where I can find one (they don't make it anymore).  If anyone
knows where I could find this part I would appreciate it.

Thanks,
Ray Barker
CCNP, CCDA


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]