Re: Remote Telnet access via dial-up

[J Roysdon]

Sure.  172.16.13.1 & 172.16.15.1.  Like I said, nothing was attached to the
internet except my laptop on a dial-up (random IP), with only a single
telnet session allowed in (and reverse nslookup showed it was Cisco).

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Tony van Ree"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> You don't have all the addresses by any chance?
>
> Teunis
>
> On Thursday, January 18, 2001 at 09:44:21 PM, J Roysdon wrote:
>
> > One thing I didn't mention is that all passwords one the routers are
always
> > changed to 'cisco' beforehand, and then changed back when done.  The
dial-up
> > connection is only there so long as my laptop is, plus I can see what IP
> > connects, and it's limited to only that single connection.  It's not
just an
> > open connection sitting around all the time, although these are
important
> > security considerations for someone else who might put up a permanent
> > connection.
> >
> > For any permanent connections, we always use SSH tunnels and/or
encrypted
> > Citrix clients.
> >
> > --
> > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> > Cisco resources: http://r2cisco.artoo.net/
> >
> >
> > ""Erick B."" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > That is amazing. But in this case the company had a
> > > > lot of security, it
> > > > sounds like. It was not possible to get into the
> > > > routers until this guy
> > > > opened up a backdoor and let Cisco engineers Telnet
> > > > in over a dial-up line
> > > > connected to his PC. I can't believe Cisco engineers
> > > > would thwart their
> > > > customer's security policy in that way. I think the
> > > > story sounds fishy.
> > >
> > > It depends. I work in a phone support role very
> > > similar to Cisco TAC but supporting multiple vendors.
> > > Vendors and other support groups often need some
> > > access to the customers networks if it calls for it. A
> > > majority is PPP dialup into customers own
> > > infrastructure, sometimes setting up temporary
> > > accounts, over the public internet (telnet, vpn, ssh).
> > > I've seen heavily secure networks (no access at all)
> > > to networks with no security. On the ones with no
> > > security I defiantly make the customer aware of it and
> > > have them correct it.
> > >
> > > > Priscilla
> > >
> > > Erick
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.tasmail.com
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Tony van Ree]

Hi,

You don't have all the addresses by any chance?

Teunis

On Thursday, January 18, 2001 at 09:44:21 PM, J Roysdon wrote:

> One thing I didn't mention is that all passwords one the routers are always
> changed to 'cisco' beforehand, and then changed back when done.  The dial-up
> connection is only there so long as my laptop is, plus I can see what IP
> connects, and it's limited to only that single connection.  It's not just an
> open connection sitting around all the time, although these are important
> security considerations for someone else who might put up a permanent
> connection.
> 
> For any permanent connections, we always use SSH tunnels and/or encrypted
> Citrix clients.
> 
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
> 
> 
> ""Erick B."" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > That is amazing. But in this case the company had a
> > > lot of security, it
> > > sounds like. It was not possible to get into the
> > > routers until this guy
> > > opened up a backdoor and let Cisco engineers Telnet
> > > in over a dial-up line
> > > connected to his PC. I can't believe Cisco engineers
> > > would thwart their
> > > customer's security policy in that way. I think the
> > > story sounds fishy.
> >
> > It depends. I work in a phone support role very
> > similar to Cisco TAC but supporting multiple vendors.
> > Vendors and other support groups often need some
> > access to the customers networks if it calls for it. A
> > majority is PPP dialup into customers own
> > infrastructure, sometimes setting up temporary
> > accounts, over the public internet (telnet, vpn, ssh).
> > I've seen heavily secure networks (no access at all)
> > to networks with no security. On the ones with no
> > security I defiantly make the customer aware of it and
> > have them correct it.
> >
> > > Priscilla
> >
> > Erick
> >
> > __
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> 
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN idle-timer

[Erick B.]

Hi,

Have you tried 'show isdn act' ? I haven't done it on
a AS5300 but that shows a listing of active calls with
phone #, time up, idle time remaining, etc.

I also asked your question on the Cisco-NAS mailing
list which is more access-server related. 

--- [EMAIL PROTECTED] wrote:
> In IOS 11.2, a 'show dialer' shows the time until
> disconnect, as below...
> Serial2/0:9 - dialer type = ISDN
> Idle timer (120 secs), Fast idle timer (20 secs)
> Wait for carrier (30 secs), Re-enable (15 secs)
> Dialer state is physical layer up
> Interface bound to profile Dialer1
> Time until disconnect 118 secs  <-- idle
> timer value
> Connected to xx (router1)
> 
> I find the idle-timer very useful when
> troubleshooting.
> However I am playing with an AS5300 running IOS
> 12.1(4), and it doesn't give the value of the
> idle-timer.
> 
> Serial0:30 - dialer type = ISDN
> Idle timer (120 secs), Fast idle timer (20 secs)
> Wait for carrier (30 secs), Re-enable (15 secs)
> Dialer state is data link layer up
> Dial reason: ip (s=x.x.x.x, d=x.x.x.x)
> Interface bound to profile Di2
> Current call connected 00:05:14
> Connected to xx (router2)
> 
> I've checked the CCO command reference for 12.1, and
> it still shows the
> 'time until disconnect' line in the doco.  I can't
> see any matching bugs on
> Bug Search.
> Has anyone come across this before?  Bug, or
> 'feature'?  Is it restricted
> to the AS5300?
> And... has anyone found this information in any
> other command??
> 
> Ta,
> JMcL
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Whew... I passed

[J Roysdon]

I've always thought that I'd have to arrange for a large signing bonus, or a
direct payment from a company hiring me to my current employer to cover
training/tests my employer had paid for.  Although, my current employer has
a fairly reasonable policy:  I only owe for the last year of training, and
it's prorated each month, so if I left 11 months after a bunch of
tests/training, I'd only owe back 1/12th of the cost.  Most of our training
is free (Cisco partner training), and it's required, so I wouldn't owe for
that.  The resources I'm allow to buy are all returned to our library, so
nothing owed their.  The biggest thing so far are the tests.  At $100 each,
I'm $600 down right now for my CCNP+Security/CCDP tests all passed recently.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""ItsMe"" <[EMAIL PROTECTED]> wrote in message 948h65$j28$[EMAIL PROTECTED]">news:948h65$j28$[EMAIL PROTECTED]...
> I'm not saying I don't think you owe the company if they pay your way,
> by no means. I just saying to be aware of what you are agreeing to.
>
> Wow 30K to 120K, I could double my pay and not be at 120K,
> it may be time to move forward.
>
> Me
> ccnp+security, ccdp, mcse, mcp+i, n+, a+
>
> "Dennis Laganiere" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm ready to get spammed for this, but here are some thoughts from the
> other
> > side of management.
> >
> > If YOU paid for your own training, lab equipment, and lab attempts
> (probably
> > multiple, at $1,000 piece) then I could see your asking for a huge
raise.
> >
> > HOWEVER, if the company paid for your training, bought $15,000 to
$20,000
> > worth of lab equipment for you to play with, and gave you the time to
> study,
> > + lab attempts, +travel expenses+ god-knows-what-else, I think you owe
> > something back, and perhaps some time served at your current rate is the
> > least they could expect in return.
> >
> > If they support you through the whole process and you either leave or
> start
> > barking for the stars salary-wise, the guy next to you, who's six months
> > behind you on the same career path, won't get the price of honey for his
> > tea.
> >
> > Again, these are just my $.02
> >
> >
> > --- Dennis
> >
> > -Original Message-
> > From: ItsMe
> > To: [EMAIL PROTECTED]
> > Sent: 1/18/01 6:39 PM
> > Subject: Re: Whew... I passed
> >
> > Convincing the VP isn't the hard part, its after you pass explaining to
> > the
> > VP
> > that a $20K/year raise is warranted. Which in turn he says your are
> > nuts,
> > so you decide to leave... until he breaks out the agreement that says in
> > fine print that you have agreed to pay back all training funds it you
> > leave...
> > Be careful!
> >
> > "Jim Healis" <[EMAIL PROTECTED]> wrote in message
> > DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2...
> > > Well, I did it.  I passed the CCIE written exam this morning. And, for
> > just
> > > a moment, I felt the weight of the world lift off my shoulders.  Then
> > I
> > > thought about the lab exam and what I need to do to get there.
> > Thankfully,
> > > I have a plan; it just needs to be put on paper so it can be a working
> > > document.
> > > I have posted much in the recent weeks about how I have studied to get
> > this
> > > far, so I won't post it again.  But if you have specific questions
> > about
> > > certain areas, that won't violate the NDA, I will be happy to answer
> > them.
> > > Now, my next challenge comes along... not the lab... convincing my
> > boss
> > that
> > > the company should pay for the lab exam and any needed materials for
> > getting
> > > there. I know that I shouldn't rely on this as the means to the end;
> > but
> > if
> > > I can get it, why not?  Anyone have any pointers on how to convince a
> > VP
> > > that doesn't know much about the CCIE program that he should approve
> > these
> > > things?
> > > Thanks for the wonderful humor and study tips!
> > >
> > > Jim
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[J Roysdon]

Or default passwords that are easily obtained once your fingerprint the
hardware with nmap and research it on the hardware vendor's site.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Erick B."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I don't understand how companys can have main network
> equipment (routers, etc) accessible over the internet
> with telnet (and other mgmt services) running *with*
> no passwords or filters. I see it on a regular
> occurance.
>
> --- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I
> > needed to get Cisco into it to
> > >save time relaying commands and information.  I had
> > a dial-up connection out
> > >to my ISP, and then thought about the built-in
> > Telnet server that Windows
> > >2000 Professional has.  I made a quick guest
> > account for Cisco, and told
> > >them my dial-up IP, which they could connect to,
> > and then once telnetted
> > >into my workstation, they were able to telnet out
> > my NIC to the routers they
> > >needs to get to.  Only catch is that you can only
> > have one session up
> > >through it (enough for us):
> >
> > Good thing! Can you imagine the issues if you had
> > just opened up port 23
> > for the whole world? Good grief.
> >
> > I just asked a security expert at my company about
> > this scenario and he
> > took a sinister view. He wondered if the story was
> > broadcast in order to
> > incite damange. I don't think that's the case, but
> > this message did come
> > from the same guy that posted photographs of his
> > site for some reason. See
> > the message about patch panels.
> >
> > Priscilla
>
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 xmodem flash transfer

[sam adams]

One caveat is that your current version will probably not support it.
That's probably why you are flashing it.  Here's the link.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/relnote/fprn
/10085_fp.htm

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Albert Lu
Sent: Thursday, January 18, 2001 12:47 AM
To: [EMAIL PROTECTED]
Subject: 2500 xmodem flash transfer


Hi,

Could anyone point me to some info on transfering IOS images to/from a
2500?

Thanks

Albert

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 xmodem flash transfer

[sam adams]

You probably were told it couldnt be done.  I know I couldn't do it because
the IOS was too old but here's something I pulled off of Cisco's site.

The following example shows how to use the copy xmodem flash command on a
Cisco 2500 series router:

Router# copy xmodem flash

    WARNING 

   x/ymodem is a slow transfer protocol limited to the current speed

   settings of the auxiliary/console ports. The use of the auxilary

   port for this download is strongly recommended.

   During the course of the download no exec input/output will be

   available.

    *** 
   Proceed? [confirm] yes

   Use crc block checksumming? [confirm] yes

   Max Retry Count [10]:
   Perform image validation checks? [confirm] yes

   Xmodem download using crc checksumming with image validation
   Continue? [confirm] yes

   Partition   SizeUsed  Free  Bank-Size  State
Copy Mode
 1 4096K   3259K  836K 4096K  Read/Write
Direct
 2 4096K  0K 4095K 4096K  Read/Write
Direct

   [Type ? for partition directory; ? for full directory; q to
abort]
   Which partition? [default = 1] 2


   System flash directory, partition 2:
   File  Length   Name/status
 1   68   TESTFILE
   [132 bytes used, 4194172 available, 4194304 total]
   Destination file name? c2500-js-l.113-10

   Erase flash device before writing? [confirm] yes

   Flash contains files. Are you sure you want to erase? [confirm] yes


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Albert Lu
Sent: Thursday, January 18, 2001 12:47 AM
To: [EMAIL PROTECTED]
Subject: 2500 xmodem flash transfer


Hi,

Could anyone point me to some info on transfering IOS images to/from a
2500?

Thanks

Albert

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Remote Telnet access via dial-up

[jenny . mcleod]

I recently spent quite a bit of time working with the TAC to solve a
problem.  Yes, they wanted to dial into the network to 'have a look'.  When
I asked what they were looking for, they couldn't tell me.
I am well aware that, when tracking down a problem, it can be very useful
to just 'have a look', without really knowing what you are looking for.  I
do it all the time :-)  However, since they couldn't (or wouldn't) even
give me any hints on what they expected to be doing, they didn't get
access.
I could send them log output etc via email and they received it quickly
enough that we could work together over the phone (the speed of incoming
mail to me was another issue altogether but not really a problem).

In any case, I've done a fair bit of troubleshooting over the phone,
sometimes with completely non-technical people running the 'hands on'.
Slower than telnetting in yourself?  Sure.  But it works, and sometimes
it's the only option.  And it's VERY good practice for remembering commands
and what output they produce ;-)

JMcL
-- Forwarded by Jenny Mcleod/NSO/CSDA on 19/01/2001
04:38 pm ---


"Chuck Larrieu" <[EMAIL PROTECTED]>@groupstudy.com on 19/01/2001 12:39:45
pm

Please respond to "Chuck Larrieu" <[EMAIL PROTECTED]>

Sent by:  [EMAIL PROTECTED]



To:   "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
  <[EMAIL PROTECTED]>
cc:


Subject:  RE: Remote Telnet access via dial-up


Cisco TAC always wants to telnet in to troubleshoot when working a ticket.
One alternative is to e-mail your configs to them, at which point maybe
they
will get back to you with some resolution in a time frame you can live
with.

Fact is that the internet makes things so damn convenient for us. Most time
most people just don't consider the implications.

While it may be true that some places have security policies, reasonable of
otherwise, the fact is that most places don't, most managements don't want
to be bothered, and most users don't want to be inconvenienced.

Chuck

BTW - nice to see you again, Priscilla.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Priscilla Oppenheimer
Sent: Thursday, January 18, 2001 4:38 PM
To:  [EMAIL PROTECTED]
Subject:  Re: Remote Telnet access via dial-up

At 11:11 AM 1/19/01, Tony van Ree wrote:
>Hi,
>
>As long as the appropriate security/passwords are set it is probably every
>bit as good as any other form of remote access.

Remember that this wasn't CHAP or even PAP. It was Telnet. The Telnet
password both to reach his PC and to reach the routers is unencrypted. How
was the enable password sent? The characters were typed and sent
unencrypted. Getting a Sniffer to the right place to catch this would be
hard, but not impossible. Hopefully he will change the password used to
reach his PC, but it's not likely he'll change the router VTY and enable
passwords.

So what did the Cisco engineers to when they Telnetted into this back door
to configure the routers? Did they do show run by any chance? Yeah, I just
got the complete configuration of the customer's routers. That is
unencrypted also.

And don't say, well it's Telnet so it's one character at a time which would
make understanding it difficult. Responses in Telnet are not one character
at a time. The output of show run would be send in TCP segments using the
IP MTU. It would be very easy to understand.

I don't think most customers would even let him do what he did. A lot of
customers wouldn't have an analog phone line for him to use to dial up his
ISP. Analog phone-line backdoors are an infamous no-no.

I'd love to hear someone else's opinion too. Isn't anyone else as shocked
as I am?

Priscilla


>On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote:
>
> > Sounds like a helpful troubleshooting method but what were the security
> > risks? Thoughts, anyone?
> >
> > Priscilla
> >
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I needed to get Cisco into
> it to
> > >save time relaying commands and information.  I had a dial-up
> connection out
> > >to my ISP, and then thought about the built-in Telnet server that
Windows
> > >2000 Professional has.  I made a quick guest account for Cisco, and
told
> > >them my dial-up IP, which they could connect to, and then once
telnetted
> > >into my workstation, they were able to telnet out my NIC to the
> routers they
> > >needs to get to.  Only catch is that you can only have one session up
> > >through it (enough for us):
> > >
> > >Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
> > >Welcome to Microsoft Telnet Service
> > >Telnet Server Build 5.00.99201.1
> > >login: cisco
> > >password: *
> > >Microsoft Windows Workstation allows only 1 Telnet Client License
> > >Server has closed connection
> > >
> > >When they were done, I just disabled the Cisco account.  Rather handy
now
> > >that I have it.  I've run into a lot of troubleshooting

Re: Remote Telnet access via dial-up

[J Roysdon]

If I was a saboteur, I don't think I'd even bother with TAC, I'd just crack
the passwords and have my way, heh.  Also, 95% of my TAC calls are opened
with new router serial numbers and my CCO username given to jump me right
into talking to a TAC engineer.

Plus, you don't even need a CCO login to get to the Password Recovery pages:
http://www.cisco.com/warp/public/474/index.shtml

We were troubleshooting cas-group commands and replacing an AdTran Atlas 550
that was acting as a CSU/DSU splitting off DS0's between a frame relay
connection and trunks to a long distance carrier.  Cisco couldn't get why
the command wasn't functioning right and one of their engineers wanted to
get in and do some diagnostics.

I think Priscilla has been watching too many X-Files episodes ;-p

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message
00b601c081d0$985ebc60$[EMAIL PROTECTED]">news:00b601c081d0$985ebc60$[EMAIL PROTECTED]...
> I don't think its so fishy and I don't think Cisco could be faulted in any
> way.
>
> My reading is that the "guy" was working with Cisco on a problem.
>
> Therefore this "guy" must have some responsibility for the network.
>
> Cisco would have to think that this guy knows what he's doing since he has
> the wherewithal to get into the company's network and then get into
routers
> to configure them.
>
> It depends I guess on how far your conspiracy feelings go, if the "guy"
was
> bogus and had all the passwords etc, then how is Cisco to know?
>
> Doesn't TAC have to deal with a registered contact?
>
> Kevin Wigle
>
> - Original Message -
> From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, 18 January, 2001 22:51
> Subject: Re: Remote Telnet access via dial-up
>
>
> > At 07:32 PM 1/18/01, Erick B. wrote:
> > >I don't understand how companys can have main network
> > >equipment (routers, etc) accessible over the internet
> > >with telnet (and other mgmt services) running *with*
> > >no passwords or filters. I see it on a regular
> > >occurance.
> >
> > That is amazing. But in this case the company had a lot of security, it
> > sounds like. It was not possible to get into the routers until this guy
> > opened up a backdoor and let Cisco engineers Telnet in over a dial-up
line
> > connected to his PC. I can't believe Cisco engineers would thwart their
> > customer's security policy in that way. I think the story sounds fishy.
> >
> > Priscilla
> >
> >
> > >--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > > > At 10:31 PM 1/17/01, J Roysdon wrote:
> > > > >Today I was a site w/o internet access, but I
> > > > needed to get Cisco into it to
> > > > >save time relaying commands and information.  I had
> > > > a dial-up connection out
> > > > >to my ISP, and then thought about the built-in
> > > > Telnet server that Windows
> > > > >2000 Professional has.  I made a quick guest
> > > > account for Cisco, and told
> > > > >them my dial-up IP, which they could connect to,
> > > > and then once telnetted
> > > > >into my workstation, they were able to telnet out
> > > > my NIC to the routers they
> > > > >needs to get to.  Only catch is that you can only
> > > > have one session up
> > > > >through it (enough for us):
> > > >
> > > > Good thing! Can you imagine the issues if you had
> > > > just opened up port 23
> > > > for the whole world? Good grief.
> > > >
> > > > I just asked a security expert at my company about
> > > > this scenario and he
> > > > took a sinister view. He wondered if the story was
> > > > broadcast in order to
> > > > incite damange. I don't think that's the case, but
> > > > this message did come
> > > > from the same guy that posted photographs of his
> > > > site for some reason. See
> > > > the message about patch panels.
> > > >
> > > > Priscilla
> > >
> > >
> > >__
> > >Do You Yahoo!?
> > >Get email at your own domain with Yahoo! Mail.
> > >http://personal.mail.yahoo.com/
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[J Roysdon]

One thing I didn't mention is that all passwords one the routers are always
changed to 'cisco' beforehand, and then changed back when done.  The dial-up
connection is only there so long as my laptop is, plus I can see what IP
connects, and it's limited to only that single connection.  It's not just an
open connection sitting around all the time, although these are important
security considerations for someone else who might put up a permanent
connection.

For any permanent connections, we always use SSH tunnels and/or encrypted
Citrix clients.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Erick B."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > That is amazing. But in this case the company had a
> > lot of security, it
> > sounds like. It was not possible to get into the
> > routers until this guy
> > opened up a backdoor and let Cisco engineers Telnet
> > in over a dial-up line
> > connected to his PC. I can't believe Cisco engineers
> > would thwart their
> > customer's security policy in that way. I think the
> > story sounds fishy.
>
> It depends. I work in a phone support role very
> similar to Cisco TAC but supporting multiple vendors.
> Vendors and other support groups often need some
> access to the customers networks if it calls for it. A
> majority is PPP dialup into customers own
> infrastructure, sometimes setting up temporary
> accounts, over the public internet (telnet, vpn, ssh).
> I've seen heavily secure networks (no access at all)
> to networks with no security. On the ones with no
> security I defiantly make the customer aware of it and
> have them correct it.
>
> > Priscilla
>
> Erick
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sybex or Cisco Press?

[The.rock]

Which book is better for the 2.0 test and will i need to read the ICND book?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN idle-timer

[jenny . mcleod]

In IOS 11.2, a 'show dialer' shows the time until disconnect, as below...
Serial2/0:9 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is physical layer up
Interface bound to profile Dialer1
Time until disconnect 118 secs  <-- idle timer value
Connected to xx (router1)

I find the idle-timer very useful when troubleshooting.
However I am playing with an AS5300 running IOS 12.1(4), and it doesn't give the value 
of the idle-timer.

Serial0:30 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=x.x.x.x, d=x.x.x.x)
Interface bound to profile Di2
Current call connected 00:05:14
Connected to xx (router2)

I've checked the CCO command reference for 12.1, and it still shows the
'time until disconnect' line in the doco.  I can't see any matching bugs on
Bug Search.
Has anyone come across this before?  Bug, or 'feature'?  Is it restricted
to the AS5300?
And... has anyone found this information in any other command??

Ta,
JMcL


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multicast Group Join???

[Erick B.]

Applications usually have a default/well-known
multicast group address they use. This may be
configurable depending on the app. Similar to port
numbers, most people use the defaults (80 for http, 23
for telnet, etc) but some people change them. If
someone changes the multicast group address from the
default then it is up to them to let people know what
the multicast group address is and how to change it in
the application.

--- Mike Balistreri <[EMAIL PROTECTED]> wrote:
> 
> I'm studying CCNP Switching and am hung-up on a part
> of multicast.
> 
> Multicast works by a client sending a membership
> report that it wants to
> join a particular multicast group.
> 
> I do not understand how the client knows about the
> existence of any
> particular group or what it's multicast address
> would be, or what
> application/service the client will receive as a
> part of that group.
> How does a client know enough about the group to
> want to join the group.
> 
> I understand the layer 3 and layer 2 of it all, but
> I'm having a
> disconnect as to how it all interacts with the
> higher levels of the
> stack.
> 
> Thank You,
> 
> 
> Mike B.
> 
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Erick B.]

> That is amazing. But in this case the company had a
> lot of security, it 
> sounds like. It was not possible to get into the
> routers until this guy 
> opened up a backdoor and let Cisco engineers Telnet
> in over a dial-up line 
> connected to his PC. I can't believe Cisco engineers
> would thwart their 
> customer's security policy in that way. I think the
> story sounds fishy.

It depends. I work in a phone support role very
similar to Cisco TAC but supporting multiple vendors.
Vendors and other support groups often need some
access to the customers networks if it calls for it. A
majority is PPP dialup into customers own
infrastructure, sometimes setting up temporary
accounts, over the public internet (telnet, vpn, ssh).
I've seen heavily secure networks (no access at all)
to networks with no security. On the ones with no
security I defiantly make the customer aware of it and
have them correct it.

> Priscilla

Erick

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Altiga Question

[Manoj Ghorpade]

Hi Group,

Does it mean that nobodys worked on Altiga / doesn't  want to share on Altiga ?

Regards

Manoj Ghorpade
([EMAIL PROTECTED])


Manoj Ghorpade wrote:

> Hi Group,
> I'm facing problems setting up a VPN connection with Altiga and Windows
> 2000 CA server. (Using L2TP)
> Can anyone advise/suggest  the correct procedure of implementing the
> solutions ?
> Componets of of my Network are :-
>
> 1. A Cisco Router 3640
> 2. A Pix Firewall 515
> 3. Altiga 3000 VPN Concentrator
> 4. Switch 2948G- L3
> 5. Windows 2000 Advance Server.
>
> I run the NAT on PIX and currently have only ports 80,443,22 &1352 open.
>
> I followed the procedures :
> "Installing Digital Certificates on Cisco VPN 3000 Concentrator" ,
> "Configuring the Cisco VPN 3000 Concentrator for Microsoft Windows 2000
> Support" & "Using a Microsoft Windows 2000 Client to Connect to  the
> Cisco VPN 3000 Concentrator"
>
> These all references are download from the offical Cisco Web Site.
>
> After doing these a protocol error
> "Error 789 : The L2TP connection attempt  failed because the security
> layer encountered a processing error during initial negotiations with
> the remote computer."
> Also from the design perspective advise me where to keep the Certificate
> Server, like should it be in the DMZ or running in the internal network
> (does it really matter ?)
>
> On the Alitga, in the ESP-L2TP-TRANSPORT template, what are the settings
> that should be there ?
> The error may be related to the fact, that we accidently deleted the
> transport template and re-added it .
>
> Also advice the on how to setup the Windows 2000 Certificate Server ?
>
> Regards
>
> Manoj Ghorpade.
> ([EMAIL PROTECTED])
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Erick B.]

It depends. Anyone can get in and speak to a TAC
engineer depending on who they get, their social
engineering skills, etc. I work in a similar role but
not for cisco. Depending on the organization,
contract-type, etc they may require certain things
such as remote access. The customers would sign so
contract and it's stated in the contract that remote
access has to be made available if needed,
liabilities, etc. Some contracts may allow for certain
people to only call in. Thats why theirs ticketing
systems, case numbers, and why it's important to keep
good notes/logs on what is done/said.  

Erick

--- Kevin Wigle <[EMAIL PROTECTED]> wrote:
> I don't think its so fishy and I don't think Cisco
> could be faulted in any way.
> 
> My reading is that the "guy" was working with Cisco
> on a problem.
> 
> Therefore this "guy" must have some responsibility
> for the network.
> 
> Cisco would have to think that this guy knows what
> he's doing since he has
> the wherewithal to get into the company's network
> and then get into routers
> to configure them.
> 
> It depends I guess on how far your conspiracy
> feelings go, if the "guy" was
> bogus and had all the passwords etc, then how is
> Cisco to know?
> 
> Doesn't TAC have to deal with a registered contact?
> 
> Kevin Wigle
> 
> - Original Message -
> From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, 18 January, 2001 22:51
> Subject: Re: Remote Telnet access via dial-up

> > That is amazing. But in this case the company had
> a lot of security, it
> > sounds like. It was not possible to get into the
> routers until this guy
> > opened up a backdoor and let Cisco engineers
> Telnet in over a dial-up line
> > connected to his PC. I can't believe Cisco
> engineers would thwart their
> > customer's security policy in that way. I think
> the story sounds fishy.
> >
> > Priscilla



__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Second day of rolling blackouts starts

[Chuck Larrieu]

Saw this one come across NANOG earlier. Thought it interesting enough to
pass along.

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Marshall Eubanks
Sent:   Thursday, January 18, 2001 7:28 PM
To: James Harkins
Cc: Sean Donelan [EMAIL PROTECTED]
Subject:Re: Second day of rolling blackouts starts


Is your network multicast enabled ? My traceroute to you shows that you home
to AS 2548, which is.
If so, this might be connected to the RAMEN worm. This is hosing up native
multicast but good, so much so that it is affecting routers and causing some
unicast problems. I heard, for example, that it is causing 4% packet loss at
the Abilene NOC. RAMEN is (for the multicast enabled part of the Internet)
effectively a DOS attack.
Regards
Marshall Eubanks

James Harkins wrote:
>
> I have noticed east coast routers/providers are getting
> beat up fairly rough. I am having hard times getting my
> clients in Europe to see me here in San Diego.  Level3
> and PSInet are taking a beating hard.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Sean Donelan
> Sent: Thursday, January 18, 2001 4:22 PM
> To:
> Cc:   [EMAIL PROTECTED]
> Subject:  RE: Second day of rolling blackouts starts
>
> On Thu, 18 January 2001, "Steven J. Sobol" wrote:
> > Is anyone seeing lots of routing oddities? I'm not able to get to a lot
> > of sites that I normally can, that are hosted in different places; and
I'm
> > wondering if some providers are routing around California outages.
>
> Not that I know of.  There is something squirrely going on with the
> root name servers, but I haven't figured it out if it is just my location
> or more widespread.

--


Multicast Technologies, Inc.
10301 Democracy Lane, Suite 201
Fairfax, Virginia 22030
   Phone : 703-293-9624  Fax : 703-293-9609
   e-mail : http://www.on-the-i.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Kevin Wigle]

I don't think its so fishy and I don't think Cisco could be faulted in any
way.

My reading is that the "guy" was working with Cisco on a problem.

Therefore this "guy" must have some responsibility for the network.

Cisco would have to think that this guy knows what he's doing since he has
the wherewithal to get into the company's network and then get into routers
to configure them.

It depends I guess on how far your conspiracy feelings go, if the "guy" was
bogus and had all the passwords etc, then how is Cisco to know?

Doesn't TAC have to deal with a registered contact?

Kevin Wigle

- Original Message -
From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, 18 January, 2001 22:51
Subject: Re: Remote Telnet access via dial-up


> At 07:32 PM 1/18/01, Erick B. wrote:
> >I don't understand how companys can have main network
> >equipment (routers, etc) accessible over the internet
> >with telnet (and other mgmt services) running *with*
> >no passwords or filters. I see it on a regular
> >occurance.
>
> That is amazing. But in this case the company had a lot of security, it
> sounds like. It was not possible to get into the routers until this guy
> opened up a backdoor and let Cisco engineers Telnet in over a dial-up line
> connected to his PC. I can't believe Cisco engineers would thwart their
> customer's security policy in that way. I think the story sounds fishy.
>
> Priscilla
>
>
> >--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > > At 10:31 PM 1/17/01, J Roysdon wrote:
> > > >Today I was a site w/o internet access, but I
> > > needed to get Cisco into it to
> > > >save time relaying commands and information.  I had
> > > a dial-up connection out
> > > >to my ISP, and then thought about the built-in
> > > Telnet server that Windows
> > > >2000 Professional has.  I made a quick guest
> > > account for Cisco, and told
> > > >them my dial-up IP, which they could connect to,
> > > and then once telnetted
> > > >into my workstation, they were able to telnet out
> > > my NIC to the routers they
> > > >needs to get to.  Only catch is that you can only
> > > have one session up
> > > >through it (enough for us):
> > >
> > > Good thing! Can you imagine the issues if you had
> > > just opened up port 23
> > > for the whole world? Good grief.
> > >
> > > I just asked a security expert at my company about
> > > this scenario and he
> > > took a sinister view. He wondered if the story was
> > > broadcast in order to
> > > incite damange. I don't think that's the case, but
> > > this message did come
> > > from the same guy that posted photographs of his
> > > site for some reason. See
> > > the message about patch panels.
> > >
> > > Priscilla
> >
> >
> >__
> >Do You Yahoo!?
> >Get email at your own domain with Yahoo! Mail.
> >http://personal.mail.yahoo.com/
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem

[Kamran Sheikh]

Sir / Madam

i am unable to logon into the tracking system with
putting all the correct information. Kindly tell me
here is my information

My Full Name is   :  Kamran Zamir
Cisco ID  :  CSCO10168556

Waiting of your kind response.

Thanks
Kamran



__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Controller E1

[ahmad]

Hi all,

I Have  controller E1 and had previously configured it with pri-group
time-slots as the E1 link was from a switch ,now we are shifting to a radio
modem from Harris corporation (microstar) so no switch will be involved the
radio modem will give the E1 singnalling ,do i still configure the pri-group
and which switch-type ,or no switch type.

Ty


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Jim Healis]

Nearly every time I have dealt with TAC they have asked if there was 
remote access so they could get into the routers and look around on 
their own.
After a couple times of doing this I started configuring separate logins 
and one-time passwords just for TAC, and only when needed. Granted this 
doesn't stop the clear text mode of Telnet, but with the combination of 
encrypted passwords I think it was adequate for what that company was 
trying to secure.

Jim

Priscilla Oppenheimer wrote:

> At 07:32 PM 1/18/01, Erick B. wrote:
> 
>> I don't understand how companys can have main network
>> equipment (routers, etc) accessible over the internet
>> with telnet (and other mgmt services) running *with*
>> no passwords or filters. I see it on a regular
>> occurance.
> 
> 
> That is amazing. But in this case the company had a lot of security, it 
> sounds like. It was not possible to get into the routers until this guy 
> opened up a backdoor and let Cisco engineers Telnet in over a dial-up line 
> connected to his PC. I can't believe Cisco engineers would thwart their 
> customer's security policy in that way. I think the story sounds fishy.
> 
> Priscilla
> 
> 
> 
>> --- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
>> 
>>> At 10:31 PM 1/17/01, J Roysdon wrote:
>>> 
 Today I was a site w/o internet access, but I
>>> 
>>> needed to get Cisco into it to
>>> 
 save time relaying commands and information.  I had
>>> 
>>> a dial-up connection out
>>> 
 to my ISP, and then thought about the built-in
>>> 
>>> Telnet server that Windows
>>> 
 2000 Professional has.  I made a quick guest
>>> 
>>> account for Cisco, and told
>>> 
 them my dial-up IP, which they could connect to,
>>> 
>>> and then once telnetted
>>> 
 into my workstation, they were able to telnet out
>>> 
>>> my NIC to the routers they
>>> 
 needs to get to.  Only catch is that you can only
>>> 
>>> have one session up
>>> 
 through it (enough for us):
>>> 
>>> Good thing! Can you imagine the issues if you had
>>> just opened up port 23
>>> for the whole world? Good grief.
>>> 
>>> I just asked a security expert at my company about
>>> this scenario and he
>>> took a sinister view. He wondered if the story was
>>> broadcast in order to
>>> incite damange. I don't think that's the case, but
>>> this message did come
>>> from the same guy that posted photographs of his
>>> site for some reason. See
>>> the message about patch panels.
>>> 
>>> Priscilla
>> 
>> 
>> __
>> Do You Yahoo!?
>> Get email at your own domain with Yahoo! Mail.
>> http://personal.mail.yahoo.com/
> 
> 
> 
> 
> 
> Priscilla Oppenheimer
> http://www.priscilla.com
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Tony van Ree]

Hi,

Easy.  But it's always fun when you accidently find yourself in client equipment and 
don't know how to get out.  Doing a ping from a router furiously typing oops no ping 
just the ip address and get a new prompt.

Teunis,
Hobart, Tasmania
Australia


On Thursday, January 18, 2001 at 07:32:13 PM, Erick B. wrote:

> I don't understand how companys can have main network
> equipment (routers, etc) accessible over the internet
> with telnet (and other mgmt services) running *with*
> no passwords or filters. I see it on a regular
> occurance.
> 
> --- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I
> > needed to get Cisco into it to
> > >save time relaying commands and information.  I had
> > a dial-up connection out
> > >to my ISP, and then thought about the built-in
> > Telnet server that Windows
> > >2000 Professional has.  I made a quick guest
> > account for Cisco, and told
> > >them my dial-up IP, which they could connect to,
> > and then once telnetted
> > >into my workstation, they were able to telnet out
> > my NIC to the routers they
> > >needs to get to.  Only catch is that you can only
> > have one session up
> > >through it (enough for us):
> > 
> > Good thing! Can you imagine the issues if you had
> > just opened up port 23 
> > for the whole world? Good grief.
> > 
> > I just asked a security expert at my company about
> > this scenario and he 
> > took a sinister view. He wondered if the story was
> > broadcast in order to 
> > incite damange. I don't think that's the case, but
> > this message did come 
> > from the same guy that posted photographs of his
> > site for some reason. See 
> > the message about patch panels.
> > 
> > Priscilla
> 
> 
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail. 
> http://personal.mail.yahoo.com/
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat5500 question

[Brad Ellis]

Jason,

Hi!  That would definitely be hardware they are referring to.

-B

""Jason Tran"" <[EMAIL PROTECTED]> wrote in message
947hfv$pju$[EMAIL PROTECTED]">news:947hfv$pju$[EMAIL PROTECTED]...
> Hi Group, just have a quick question.  I have a cat 5500 currently has a
> Supervisor Engine I.  If someone tells me I need Supervisor Engine II, is
he
> talking about software or hardware?  How am I going about changing it to
> Supervisor Engine II?  Thanks.
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Priscilla Oppenheimer]

At 07:32 PM 1/18/01, Erick B. wrote:
>I don't understand how companys can have main network
>equipment (routers, etc) accessible over the internet
>with telnet (and other mgmt services) running *with*
>no passwords or filters. I see it on a regular
>occurance.

That is amazing. But in this case the company had a lot of security, it 
sounds like. It was not possible to get into the routers until this guy 
opened up a backdoor and let Cisco engineers Telnet in over a dial-up line 
connected to his PC. I can't believe Cisco engineers would thwart their 
customer's security policy in that way. I think the story sounds fishy.

Priscilla


>--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I
> > needed to get Cisco into it to
> > >save time relaying commands and information.  I had
> > a dial-up connection out
> > >to my ISP, and then thought about the built-in
> > Telnet server that Windows
> > >2000 Professional has.  I made a quick guest
> > account for Cisco, and told
> > >them my dial-up IP, which they could connect to,
> > and then once telnetted
> > >into my workstation, they were able to telnet out
> > my NIC to the routers they
> > >needs to get to.  Only catch is that you can only
> > have one session up
> > >through it (enough for us):
> >
> > Good thing! Can you imagine the issues if you had
> > just opened up port 23
> > for the whole world? Good grief.
> >
> > I just asked a security expert at my company about
> > this scenario and he
> > took a sinister view. He wondered if the story was
> > broadcast in order to
> > incite damange. I don't think that's the case, but
> > this message did come
> > from the same guy that posted photographs of his
> > site for some reason. See
> > the message about patch panels.
> >
> > Priscilla
>
>
>__
>Do You Yahoo!?
>Get email at your own domain with Yahoo! Mail.
>http://personal.mail.yahoo.com/




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Whew... I passed

[ItsMe]

I'm not saying I don't think you owe the company if they pay your way,
by no means. I just saying to be aware of what you are agreeing to.

Wow 30K to 120K, I could double my pay and not be at 120K,
it may be time to move forward.

Me
ccnp+security, ccdp, mcse, mcp+i, n+, a+

"Dennis Laganiere" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm ready to get spammed for this, but here are some thoughts from the
other
> side of management.
>
> If YOU paid for your own training, lab equipment, and lab attempts
(probably
> multiple, at $1,000 piece) then I could see your asking for a huge raise.
>
> HOWEVER, if the company paid for your training, bought $15,000 to $20,000
> worth of lab equipment for you to play with, and gave you the time to
study,
> + lab attempts, +travel expenses+ god-knows-what-else, I think you owe
> something back, and perhaps some time served at your current rate is the
> least they could expect in return.
>
> If they support you through the whole process and you either leave or
start
> barking for the stars salary-wise, the guy next to you, who's six months
> behind you on the same career path, won't get the price of honey for his
> tea.
>
> Again, these are just my $.02
>
>
> --- Dennis
>
> -Original Message-
> From: ItsMe
> To: [EMAIL PROTECTED]
> Sent: 1/18/01 6:39 PM
> Subject: Re: Whew... I passed
>
> Convincing the VP isn't the hard part, its after you pass explaining to
> the
> VP
> that a $20K/year raise is warranted. Which in turn he says your are
> nuts,
> so you decide to leave... until he breaks out the agreement that says in
> fine print that you have agreed to pay back all training funds it you
> leave...
> Be careful!
>
> "Jim Healis" <[EMAIL PROTECTED]> wrote in message
> DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2...
> > Well, I did it.  I passed the CCIE written exam this morning. And, for
> just
> > a moment, I felt the weight of the world lift off my shoulders.  Then
> I
> > thought about the lab exam and what I need to do to get there.
> Thankfully,
> > I have a plan; it just needs to be put on paper so it can be a working
> > document.
> > I have posted much in the recent weeks about how I have studied to get
> this
> > far, so I won't post it again.  But if you have specific questions
> about
> > certain areas, that won't violate the NDA, I will be happy to answer
> them.
> > Now, my next challenge comes along... not the lab... convincing my
> boss
> that
> > the company should pay for the lab exam and any needed materials for
> getting
> > there. I know that I shouldn't rely on this as the means to the end;
> but
> if
> > I can get it, why not?  Anyone have any pointers on how to convince a
> VP
> > that doesn't know much about the CCIE program that he should approve
> these
> > things?
> > Thanks for the wonderful humor and study tips!
> >
> > Jim
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Toshiba Laptops

[Deepak Sharma]

i have some..3 i think..haha...i was about to throw them away...

give me a shout back...i can give them to u for freenot all 3but 1 for sure...

Deepak

"Ikpasa, Kerry" wrote:

> Hey Guys,
>I am looking to buy/acquire Toshiba 486 laptops, I need then for my lab
> --Telnet. If you have old ones you want to give away / sell  please let me
> know. Or if you know any one who stocks them for sale contact me. Via mail
>
> Kerry
>
> * E-Mail : [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Greater Philadelphia Cisco Users Group

[Ron Mansolino]

I promise not to use the phrase "Philacon Valley" if you don't, ok?


mattmcguirl said...
> 
> Greetings All,
> 
> If anyone is interested joining the very early stages of the Greater
> Philadelphia Cisco Users Group please email me at [EMAIL PROTECTED] Early
> conversations with probable sponsors are very encouraging and I forsee great
> success for this group.

-- 
Ron Mansolino  [EMAIL PROTECTED]  http://www.netaxs.com/~rmsolino/
Earthstation / Net Access   -  "The NOC that Rocks Around the Clock"
Philadelphia's Original Internet Provider  -  Now in our tenth year!
www.netaxs.com  www.newsread.com  www.netcondo.com  earthstation.net

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Erick B.]

I don't understand how companys can have main network
equipment (routers, etc) accessible over the internet
with telnet (and other mgmt services) running *with*
no passwords or filters. I see it on a regular
occurance.

--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> At 10:31 PM 1/17/01, J Roysdon wrote:
> >Today I was a site w/o internet access, but I
> needed to get Cisco into it to
> >save time relaying commands and information.  I had
> a dial-up connection out
> >to my ISP, and then thought about the built-in
> Telnet server that Windows
> >2000 Professional has.  I made a quick guest
> account for Cisco, and told
> >them my dial-up IP, which they could connect to,
> and then once telnetted
> >into my workstation, they were able to telnet out
> my NIC to the routers they
> >needs to get to.  Only catch is that you can only
> have one session up
> >through it (enough for us):
> 
> Good thing! Can you imagine the issues if you had
> just opened up port 23 
> for the whole world? Good grief.
> 
> I just asked a security expert at my company about
> this scenario and he 
> took a sinister view. He wondered if the story was
> broadcast in order to 
> incite damange. I don't think that's the case, but
> this message did come 
> from the same guy that posted photographs of his
> site for some reason. See 
> the message about patch panels.
> 
> Priscilla


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**SLA help

[Deepak Sharma]

Hello all

Im making a SLA ( Service level agreement ) with my users in my region.
Something along the lines of what type of internet browsing is allowed.
What you are allowed to download and such

and also something on how fast my IT dept. is going to be answering to
user problems and requests.

I recall someone posting a link of a web site where it had some examples
of these type of documents.  Plus any type of other help will be greatly
appreciated.

thanks
Deepak



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Whew... I passed

[Jim Healis]

My thoughts were this:
If I pay for everything myself, then the employer should be ready to 
provide a pay raise immediately, up to $120k.
If they pay for everything (lab attempts, classes, lab equipment that I 
get to keep), then I can see staying on for an additional 6 months at 
the current pay rate.  This would make up for the money laid out for 
everything, considering the pay raise for me would be about $30k.
But, quite frankly, I don't see any company laying out cash like that 
for equipment that they aren't going to use.  And negotiating a raise 
like that seems very difficult.

Jim

Dennis Laganiere wrote:

> I'm ready to get spammed for this, but here are some thoughts from the other
> side of management.  
> 
> If YOU paid for your own training, lab equipment, and lab attempts (probably
> multiple, at $1,000 piece) then I could see your asking for a huge raise.  
> 
> HOWEVER, if the company paid for your training, bought $15,000 to $20,000
> worth of lab equipment for you to play with, and gave you the time to study,
> + lab attempts, +travel expenses+ god-knows-what-else, I think you owe
> something back, and perhaps some time served at your current rate is the
> least they could expect in return.  
> 
> If they support you through the whole process and you either leave or start
> barking for the stars salary-wise, the guy next to you, who's six months
> behind you on the same career path, won't get the price of honey for his
> tea.
> 
> Again, these are just my $.02
> 
> 
> --- Dennis
> 
> -Original Message-
> From: ItsMe
> To: [EMAIL PROTECTED]
> Sent: 1/18/01 6:39 PM
> Subject: Re: Whew... I passed
> 
> Convincing the VP isn't the hard part, its after you pass explaining to
> the
> VP
> that a $20K/year raise is warranted. Which in turn he says your are
> nuts,
> so you decide to leave... until he breaks out the agreement that says in
> fine print that you have agreed to pay back all training funds it you
> leave...
> Be careful!
> 
> "Jim Healis" <[EMAIL PROTECTED]> wrote in message
> DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2...
> 
>> Well, I did it.  I passed the CCIE written exam this morning. And, for
> 
> just
> 
>> a moment, I felt the weight of the world lift off my shoulders.  Then
> 
> I
> 
>> thought about the lab exam and what I need to do to get there.
> 
> Thankfully,
> 
>> I have a plan; it just needs to be put on paper so it can be a working
>> document.
>> I have posted much in the recent weeks about how I have studied to get
> 
> this
> 
>> far, so I won't post it again.  But if you have specific questions
> 
> about
> 
>> certain areas, that won't violate the NDA, I will be happy to answer
> 
> them.
> 
>> Now, my next challenge comes along... not the lab... convincing my
> 
> boss
> that
> 
>> the company should pay for the lab exam and any needed materials for
> 
> getting
> 
>> there. I know that I shouldn't rely on this as the means to the end;
> 
> but
> if
> 
>> I can get it, why not?  Anyone have any pointers on how to convince a
> 
> VP
> 
>> that doesn't know much about the CCIE program that he should approve
> 
> these
> 
>> things?
>> Thanks for the wonderful humor and study tips!
>> 
>> Jim
>> 
>> 
>> _
>> FAQ, list archives, and subscription info:
> 
> http://www.groupstudy.com/list/cisco.html
> 
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>> 
> 
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multicast Group Join???

[Mike Balistreri]

I'm studying CCNP Switching and am hung-up on a part of multicast.

Multicast works by a client sending a membership report that it wants to
join a particular multicast group.

I do not understand how the client knows about the existence of any
particular group or what it's multicast address would be, or what
application/service the client will receive as a part of that group.
How does a client know enough about the group to want to join the group.

I understand the layer 3 and layer 2 of it all, but I'm having a
disconnect as to how it all interacts with the higher levels of the
stack.

Thank You,


Mike B.



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cat 5000!

[Daniel Cotts]

Try here first:
http://www.cisco.com/warp/public/770/48.html

This is an old one. If you have it you should already know.
http://www.cisco.com/warp/public/770/fn1527_10091998.shtml

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 9:06 PM
> To: [EMAIL PROTECTED]
> Subject: Cat 5000!
> 
> 
> Hi ! Guys.
> 
> I just got Cat 5000 reloaded by itself and I am  trying to 
> find the reasone
> of it.
> 
> The " sh ver " and " sh log " commands donot say anything.
> 
> Anybody has any suggetion by which i can find the cause of it !
> 
> Cheers
> 
> 
> 
> 
> ===
> WARNING
>  This message may contain information that is confidential
>  and may be subject to the provisions of section 61A of the
>  Police Act 1958, which creates an offence to have unlawful
>  possession of Police documents. If you are not the
>  intended recipient of this message or have received
>  this message in error, you must not peruse, use, pass or
>  copy this message or any of its contents.
> 
>  Also note, the views expressed in this message may not
>  necessarily reflect those of the New Zealand Police.
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Whew... I passed

[Dennis Laganiere]

I'm ready to get spammed for this, but here are some thoughts from the other
side of management.  

If YOU paid for your own training, lab equipment, and lab attempts (probably
multiple, at $1,000 piece) then I could see your asking for a huge raise.  

HOWEVER, if the company paid for your training, bought $15,000 to $20,000
worth of lab equipment for you to play with, and gave you the time to study,
+ lab attempts, +travel expenses+ god-knows-what-else, I think you owe
something back, and perhaps some time served at your current rate is the
least they could expect in return.  

If they support you through the whole process and you either leave or start
barking for the stars salary-wise, the guy next to you, who's six months
behind you on the same career path, won't get the price of honey for his
tea.

Again, these are just my $.02


--- Dennis

-Original Message-
From: ItsMe
To: [EMAIL PROTECTED]
Sent: 1/18/01 6:39 PM
Subject: Re: Whew... I passed

Convincing the VP isn't the hard part, its after you pass explaining to
the
VP
that a $20K/year raise is warranted. Which in turn he says your are
nuts,
so you decide to leave... until he breaks out the agreement that says in
fine print that you have agreed to pay back all training funds it you
leave...
Be careful!

"Jim Healis" <[EMAIL PROTECTED]> wrote in message
DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2...
> Well, I did it.  I passed the CCIE written exam this morning. And, for
just
> a moment, I felt the weight of the world lift off my shoulders.  Then
I
> thought about the lab exam and what I need to do to get there.
Thankfully,
> I have a plan; it just needs to be put on paper so it can be a working
> document.
> I have posted much in the recent weeks about how I have studied to get
this
> far, so I won't post it again.  But if you have specific questions
about
> certain areas, that won't violate the NDA, I will be happy to answer
them.
> Now, my next challenge comes along... not the lab... convincing my
boss
that
> the company should pay for the lab exam and any needed materials for
getting
> there. I know that I shouldn't rely on this as the means to the end;
but
if
> I can get it, why not?  Anyone have any pointers on how to convince a
VP
> that doesn't know much about the CCIE program that he should approve
these
> things?
> Thanks for the wonderful humor and study tips!
>
> Jim
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat 5000!

[Tony van Ree]

Hi,

Try "sh log" it might give a little it will at least show the power supplies and some 
reset and failure details.

Teunis
Hobart, Tasmania
Australia

On Friday, January 19, 2001 at 03:05:34 PM, [EMAIL PROTECTED] wrote:

> Hi ! Guys.
> 
> I just got Cat 5000 reloaded by itself and I am  trying to find the reasone
> of it.
> 
> The " sh ver " and " sh log " commands donot say anything.
> 
> Anybody has any suggetion by which i can find the cause of it !
> 
> Cheers
> 
> 
> 
> 
> ===
> WARNING
>  This message may contain information that is confidential
>  and may be subject to the provisions of section 61A of the
>  Police Act 1958, which creates an offence to have unlawful
>  possession of Police documents. If you are not the
>  intended recipient of this message or have received
>  this message in error, you must not peruse, use, pass or
>  copy this message or any of its contents.
> 
>  Also note, the views expressed in this message may not
>  necessarily reflect those of the New Zealand Police.
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Greater Philadelphia Cisco Users Group

[mattmcguirl]

Greetings All,

If anyone is interested joining the very early stages of the Greater
Philadelphia Cisco Users Group please email me at [EMAIL PROTECTED] Early
conversations with probable sponsors are very encouraging and I forsee great
success for this group.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

the distinction of pri isdn and multiple pri isdn?

[lcl]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Tacacs+

[ItsMe]

Are you sure you can configure 2 Tacacs+ servers. I thought
1 Tacacs+, and/or 1 Radius and/or local?

"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If more than 1 tacacs server is defined in a config what would happen if
>
> The user dosen't authenticate, it will NOT contact the second server
correct?
>
> The only reason to have a second server assigned is if the first one is
not
> responding, in which case the config would allow for use of the second
server.
>
> Also Authentication must take place before anything can happen.
>
> I know I some of these questions are basic, I just want to verify and see
> if I am misunderstanding something.
>
>
> Thanks,
>
> --Eric
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP over Frame-Relay

[Rahul Kachalia]

can you attach debug ppp packet & debug vtemplate
rahul.

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 8:54 AM
Subject: PPP over Frame-Relay


>
>Hi
>
>  I am trying to make this PPP over Frame-Relay with two Cisco 2501
> running 12.0.5(T) see below. For some reason this does not work? can
someone
> please help me to get this to work, I have ran the debug commands and it
> seems like its working but I can not ping each other for some reason.
>
> I have both my config's below...
>
>
>
>
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> service udp-small-servers
> service tcp-small-servers
> !
> hostname DCE
> !
> enable password brian
> !
> username brian password 0 brian
> !
> !
> !
> !
> ip subnet-zero
> !
> virtual-profile virtual-template 1
> frame-relay switching
> cns event-service server
> !
> !
> !
> interface Ethernet0
>  ip address 64.32.168.37 255.255.255.224
>  no ip directed-broadcast
> !
> interface Virtual-Template1
>  ip address 10.1.1.1 255.255.255.0
>  no ip directed-broadcast
>  no peer default ip address
>  ppp authentication chap pap
> !
> interface Serial0
>  no ip address
>  no ip directed-broadcast
>  encapsulation frame-relay
>  clockrate 64000
>  frame-relay lmi-type ansi
>  frame-relay intf-type dce
> !
> interface Serial0.1 point-to-point
>  no ip directed-broadcast
>  frame-relay interface-dlci 32 ppp Virtual-Template1
> !
> interface Serial1
>  no ip address
>  no ip directed-broadcast
>  shutdown
> !
> interface TokenRing0
>  no ip address
>  no ip directed-broadcast
>  shutdown
> !
> no ip classless
> ip route 0.0.0.0 0.0.0.0 Virtual-Template1
> no ip http server
> !
> access-list 1 permit 10.1.1.1
> !
> !
> line con 0
>  transport input none
> line aux 0
> line vty 0 4
>  password pp
>  login
> !
> end
>
> DCE#sho ver
> Cisco Internetwork Operating System Software
> IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(7)T,  RELEASE SOFTWARE
(fc2)
> Copyright (c) 1986-1999 by cisco Systems, Inc.
> Compiled Mon 06-Dec-99 17:10 by phanguye
> Image text-base: 0x0306C4E0, data-base: 0x1000
>
> ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
> BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE
> SOFTW
> ARE (fc1)
>
> DCE uptime is 5 minutes
> System returned to ROM by power-on
> System image file is "flash:c2500-120T.bin"
>
> cisco 2500 (68030) processor (revision E) with 8192K/2048K bytes of
memory.
> Processor board ID 03897480, with hardware revision 
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> TN3270 Emulation software.
> 1 Ethernet/IEEE 802.3 interface(s)
> 1 Token Ring/IEEE 802.5 interface(s)
> 2 Serial network interface(s)
> 32K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read ONLY)
>
> Configuration register is 0x2102
>
> DCE#
>
>
>
>
>
>
> DTE#sho run
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> service udp-small-servers
> service tcp-small-servers
> !
> hostname DTE
> !
> enable password pp
> !
> username brian password 0 brian
> !
> !
> !
> !
> ip subnet-zero
> !
> virtual-profile virtual-template 1
> cns event-service server
> !
> !
> !
> interface Ethernet0
>  ip address 64.32.168.37 255.255.255.224
>  no ip directed-broadcast
> !
> interface Virtual-Template1
>  ip address 10.1.1.2 255.255.255.0
>  no ip directed-broadcast
>  ppp authentication chap pap
> !
> interface Serial0
>  no ip address
>  no ip directed-broadcast
>  encapsulation frame-relay
>  frame-relay lmi-type ansi
> !
> interface Serial0.1 point-to-point
>  no ip directed-broadcast
>  frame-relay interface-dlci 32 ppp Virtual-Template1
> !
> interface Serial1
>  no ip address
>  no ip directed-broadcast
>  shutdown
> !
> interface TokenRing0
>  no ip address
>  no ip directed-broadcast
>  shutdown
> !
> no ip classless
> ip route 0.0.0.0 0.0.0.0 Virtual-Template1
> no ip http server
> !
> access-list 1 permit 10.1.1.2
> !
> !
> line con 0
>  transport input none
> line aux 0
> line vty 0 4
>  password pp
>  login
> !
> end
>
> DTE#ping 10.1.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
> ..
> Success rate is 0 percent (0/2)
> DTE#sho ip int brief
> Interface  IP-Address  OK? Method Status
> Prot
> ocol
> Ethernet0  64.32.168.37YES NVRAM  up
> down
>
> Serial0unassigned  YES NVRAM  up
up
>
> Serial0.1  unassigned  YES unset  up
up
>
> Serial1unassigned  YES NVRAM  administratively
down
> down
>
> TokenRing0 unassigned  YES NVRAM  admi

Re: Whew... I passed

[ItsMe]

Convincing the VP isn't the hard part, its after you pass explaining to the
VP
that a $20K/year raise is warranted. Which in turn he says your are nuts,
so you decide to leave... until he breaks out the agreement that says in
fine print that you have agreed to pay back all training funds it you
leave...
Be careful!

"Jim Healis" <[EMAIL PROTECTED]> wrote in message
DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2...
> Well, I did it.  I passed the CCIE written exam this morning. And, for
just
> a moment, I felt the weight of the world lift off my shoulders.  Then I
> thought about the lab exam and what I need to do to get there.
Thankfully,
> I have a plan; it just needs to be put on paper so it can be a working
> document.
> I have posted much in the recent weeks about how I have studied to get
this
> far, so I won't post it again.  But if you have specific questions about
> certain areas, that won't violate the NDA, I will be happy to answer them.
> Now, my next challenge comes along... not the lab... convincing my boss
that
> the company should pay for the lab exam and any needed materials for
getting
> there. I know that I shouldn't rely on this as the means to the end; but
if
> I can get it, why not?  Anyone have any pointers on how to convince a VP
> that doesn't know much about the CCIE program that he should approve these
> things?
> Thanks for the wonderful humor and study tips!
>
> Jim
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cat 5000!

[Ravi . Mistry]

Hi ! Guys.

I just got Cat 5000 reloaded by itself and I am  trying to find the reasone
of it.

The " sh ver " and " sh log " commands donot say anything.

Anybody has any suggetion by which i can find the cause of it !

Cheers




===
WARNING
 This message may contain information that is confidential
 and may be subject to the provisions of section 61A of the
 Police Act 1958, which creates an offence to have unlawful
 possession of Police documents. If you are not the
 intended recipient of this message or have received
 this message in error, you must not peruse, use, pass or
 copy this message or any of its contents.

 Also note, the views expressed in this message may not
 necessarily reflect those of the New Zealand Police.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Frame Relay OR ATM????

[ItsMe]

If your using an major ISP for your point-to-point you are probably
already on an ATM backbone.

""Nabil Fares"" <[EMAIL PROTECTED]> wrote in message
001201c0819b$d1c0c780$[EMAIL PROTECTED]">news:001201c0819b$d1c0c780$[EMAIL PROTECTED]...
> Greetings all,
>
> Would like to get your thoughts on the benefits of choosing ATM over frame
> for the backbone.  We have sites basically all over the US, and someone is
> recommending ATM instead of frame.  We're currently using point-point
ckts.
> for backbone connectivity.  Any web site links or little summary would
> great.
>
> Thanks,
>
> Nabil
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 xmodem flash transfer

[Ole Drews Jensen]

Look here (watch for wordwrap)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/1cb
ook/1csysim.htm

Setup a TFTP server on a computer, and write down it's IP address.

To save IOS to the TFTP server, type: copy flash tftp
To load IOS from the TFTP server, type: copy tftp flash

A good idea would be to also save your configuration:

The configuration the router has when it starts up:

copy star tftp

The configuration the router has right now if different from the startup:

copy run tftp

Hth,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.CiscoKing.com

 NEED A JOB ???
 http://www.oledrews.com/job




-Original Message-
From: Albert Lu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 2:47 AM
To: [EMAIL PROTECTED]
Subject: 2500 xmodem flash transfer


Hi,

Could anyone point me to some info on transfering IOS images to/from a
2500?

Thanks

Albert

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Optical Career Certification.

[Rahul Kachalia]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat 6509 locking up

[Jeff Duchin]

I would definitely recomend NOT using any Auto Negotiation between users and
any of your switches as I have experienced problems with this as well.
Another cool command to use is PortHost, which combines PortFast while
turning off EtherChannel and trunking negotiation all at the same time.

Jeff


<[EMAIL PROTECTED]@idt.net> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a problem with a Cat. 6509. We are running Ethernet ports are set
to:
> speed: Auto,  Duplex: Auto. User's NICs are set (speed/duplex) to auto. A
user
> had reset his NIC, when out of the office to 100/Full. When he connected
to our
> network, the port he was connect to locked(port light was amber) and the
switch
> locked as well. We disconnected him and rebooted the switch. All is fine
>
> His setting causing his port to lock is one thing, but the Cat. should
have
> remained operational. Does anybody have any ideas? The Cat's "SHOW VER" is
below
>
>
> show vers
> WS-C6509 Software, Version NmpSW: 5.2(1)CSX
> Copyright (c) 1995-1999 by Cisco Systems
> NMP S/W compiled on Apr  8 1999, 11:35:52
>
> System Bootstrap Version: 5.2(1)
>
> Hardware Version: 2.0  Model: WS-C6509  Serial #: SCAx
>
> Mod Port Model   Serial #Versions
> ---  --- --- -
-
> 1   2WS-X6K-SUP1-2GE SAD03384734 Hw : 5.0
>  Fw : 5.2(1)
>  Fw1: 5.1(1)CSX
>  Sw : 5.2(1)CSX
>  Sw1: 5.2(1)CSX
> 2   48   WS-X6248-RJ-45  SAD03401220 Hw : 1.1
>  Fw : 4.2(0.24)VAI78
>  Sw : 5.2(1)CSX
> 3   48   WS-X6248-RJ-45  SAD03431572 Hw : 1.1
>  Fw : 4.2(0.24)VAI78
>  Sw : 5.2(1)CSX
> 6   48   WS-X6248-RJ-45  SAD04160E1A Hw : 1.2
>  Fw : 5.1(1)CSX
>  Sw : 5.2(1)CSX
> 7   48   WS-X6248-RJ-45  SAD035002FS Hw : 1.2
>  Fw : 5.1(1)CSX
>  Sw : 5.2(1)CSX
>
>DRAMFLASH   NVRAM
> Module Total   UsedFreeTotal   UsedFreeTotal Used  Free
> -- --- --- --- --- --- --- - - -
> 1   65408K  17067K  48341K  16384K   3828K  12556K  512K  203K  309K
>
>
> -
> This message was sent through IDT.
> http://www.idt.net/
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Remote Telnet access via dial-up

[Chuck Larrieu]

Cisco TAC always wants to telnet in to troubleshoot when working a ticket.
One alternative is to e-mail your configs to them, at which point maybe they
will get back to you with some resolution in a time frame you can live with.

Fact is that the internet makes things so damn convenient for us. Most time
most people just don't consider the implications.

While it may be true that some places have security policies, reasonable of
otherwise, the fact is that most places don't, most managements don't want
to be bothered, and most users don't want to be inconvenienced.

Chuck

BTW - nice to see you again, Priscilla.


-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Priscilla Oppenheimer
Sent:   Thursday, January 18, 2001 4:38 PM
To: [EMAIL PROTECTED]
Subject:Re: Remote Telnet access via dial-up

At 11:11 AM 1/19/01, Tony van Ree wrote:
>Hi,
>
>As long as the appropriate security/passwords are set it is probably every
>bit as good as any other form of remote access.

Remember that this wasn't CHAP or even PAP. It was Telnet. The Telnet
password both to reach his PC and to reach the routers is unencrypted. How
was the enable password sent? The characters were typed and sent
unencrypted. Getting a Sniffer to the right place to catch this would be
hard, but not impossible. Hopefully he will change the password used to
reach his PC, but it's not likely he'll change the router VTY and enable
passwords.

So what did the Cisco engineers to when they Telnetted into this back door
to configure the routers? Did they do show run by any chance? Yeah, I just
got the complete configuration of the customer's routers. That is
unencrypted also.

And don't say, well it's Telnet so it's one character at a time which would
make understanding it difficult. Responses in Telnet are not one character
at a time. The output of show run would be send in TCP segments using the
IP MTU. It would be very easy to understand.

I don't think most customers would even let him do what he did. A lot of
customers wouldn't have an analog phone line for him to use to dial up his
ISP. Analog phone-line backdoors are an infamous no-no.

I'd love to hear someone else's opinion too. Isn't anyone else as shocked
as I am?

Priscilla


>On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote:
>
> > Sounds like a helpful troubleshooting method but what were the security
> > risks? Thoughts, anyone?
> >
> > Priscilla
> >
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I needed to get Cisco into
> it to
> > >save time relaying commands and information.  I had a dial-up
> connection out
> > >to my ISP, and then thought about the built-in Telnet server that
Windows
> > >2000 Professional has.  I made a quick guest account for Cisco, and
told
> > >them my dial-up IP, which they could connect to, and then once
telnetted
> > >into my workstation, they were able to telnet out my NIC to the
> routers they
> > >needs to get to.  Only catch is that you can only have one session up
> > >through it (enough for us):
> > >
> > >Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
> > >Welcome to Microsoft Telnet Service
> > >Telnet Server Build 5.00.99201.1
> > >login: cisco
> > >password: *
> > >Microsoft Windows Workstation allows only 1 Telnet Client License
> > >Server has closed connection
> > >
> > >When they were done, I just disabled the Cisco account.  Rather handy
now
> > >that I have it.  I've run into a lot of troubleshooting where it was a
> real
> > >pain not to have internet access for Cisco to get in (or I didn't
control
> > >the customer's firewall, etc.).
> > >
> > >After a successful telnet:
> > >*===
> > >Welcome to Microsoft Telnet Server.
> > >*===
> > >C:\>telnet 192.168.45.253
> > >Connecting To 192.168.45.253...
> > >
> > >
> > >
> > >--
> > >Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
> > >List email: [EMAIL PROTECTED]
> > >Homepage: http://jason.artoo.net/
> > >
> > >
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
>--
>www.tasmail.com




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, 

Re: 2500 xmodem flash transfer

[william yuwono]

Thank You for the correction. I have chacked that we cannot using xmodem.
Sorry I am wrong.

- Original Message -
From: Circusnuts <[EMAIL PROTECTED]>
To: william yuwono <[EMAIL PROTECTED]>; Albert Lu
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 10:55 PM
Subject: Re: 2500 xmodem flash transfer


> Are you sure this will work ???  I know the 2500 & the 4000's ROM's do not
> allow for this...
>
> Phil
> - Original Message -
> From: "william yuwono" <[EMAIL PROTECTED]>
> To: "Albert Lu" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, January 18, 2001 9:57 PM
> Subject: Re: 2500 xmodem flash transfer
>
>
> > If you a using xmodem command, you can follow the step like below:
> >
> > 1. Change console speed of router to the highest speed its supported.
> > 2. After changes the speed, changes your  hyperterm speed
> > to the console's speed.
> > 3. type xmodem -c at the rommon promt of router.
> > 4. clik transfer> send file, then specify your image
> > name and location
> > 5. Wait until it transfer all to the router and programmed
> > to the flash. and after that it will reset
> > automatically.
> >
> > I hope that help. Corect me if i am wrong.
> >
> > Regards,
> >
> > William
> >
> >
> > - Original Message -
> > From: Albert Lu <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, January 18, 2001 12:46 AM
> > Subject: 2500 xmodem flash transfer
> >
> >
> > > Hi,
> > >
> > > Could anyone point me to some info on transfering IOS images to/from a
> > > 2500?
> > >
> > > Thanks
> > >
> > > Albert
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Priscilla Oppenheimer]

At 10:31 PM 1/17/01, J Roysdon wrote:
>Today I was a site w/o internet access, but I needed to get Cisco into it to
>save time relaying commands and information.  I had a dial-up connection out
>to my ISP, and then thought about the built-in Telnet server that Windows
>2000 Professional has.  I made a quick guest account for Cisco, and told
>them my dial-up IP, which they could connect to, and then once telnetted
>into my workstation, they were able to telnet out my NIC to the routers they
>needs to get to.  Only catch is that you can only have one session up
>through it (enough for us):

Good thing! Can you imagine the issues if you had just opened up port 23 
for the whole world? Good grief.

I just asked a security expert at my company about this scenario and he 
took a sinister view. He wondered if the story was broadcast in order to 
incite damange. I don't think that's the case, but this message did come 
from the same guy that posted photographs of his site for some reason. See 
the message about patch panels.

Priscilla


>Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
>Welcome to Microsoft Telnet Service
>Telnet Server Build 5.00.99201.1
>login: cisco
>password: *
>Microsoft Windows Workstation allows only 1 Telnet Client License
>Server has closed connection
>
>When they were done, I just disabled the Cisco account.  Rather handy now
>that I have it.  I've run into a lot of troubleshooting where it was a real
>pain not to have internet access for Cisco to get in (or I didn't control
>the customer's firewall, etc.).
>
>After a successful telnet:
>*===
>Welcome to Microsoft Telnet Server.
>*===
>C:\>telnet 192.168.45.253
>Connecting To 192.168.45.253...
>
>
>
>--
>Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Seally Question!!!!

[Joseph Kiang]

What's the difference between NetBIOS and NetBEUI???
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Priscilla Oppenheimer]

At 11:11 AM 1/19/01, Tony van Ree wrote:
>Hi,
>
>As long as the appropriate security/passwords are set it is probably every 
>bit as good as any other form of remote access.

Remember that this wasn't CHAP or even PAP. It was Telnet. The Telnet 
password both to reach his PC and to reach the routers is unencrypted. How 
was the enable password sent? The characters were typed and sent 
unencrypted. Getting a Sniffer to the right place to catch this would be 
hard, but not impossible. Hopefully he will change the password used to 
reach his PC, but it's not likely he'll change the router VTY and enable 
passwords.

So what did the Cisco engineers to when they Telnetted into this back door 
to configure the routers? Did they do show run by any chance? Yeah, I just 
got the complete configuration of the customer's routers. That is 
unencrypted also.

And don't say, well it's Telnet so it's one character at a time which would 
make understanding it difficult. Responses in Telnet are not one character 
at a time. The output of show run would be send in TCP segments using the 
IP MTU. It would be very easy to understand.

I don't think most customers would even let him do what he did. A lot of 
customers wouldn't have an analog phone line for him to use to dial up his 
ISP. Analog phone-line backdoors are an infamous no-no.

I'd love to hear someone else's opinion too. Isn't anyone else as shocked 
as I am?

Priscilla


>On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote:
>
> > Sounds like a helpful troubleshooting method but what were the security
> > risks? Thoughts, anyone?
> >
> > Priscilla
> >
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I needed to get Cisco into 
> it to
> > >save time relaying commands and information.  I had a dial-up 
> connection out
> > >to my ISP, and then thought about the built-in Telnet server that Windows
> > >2000 Professional has.  I made a quick guest account for Cisco, and told
> > >them my dial-up IP, which they could connect to, and then once telnetted
> > >into my workstation, they were able to telnet out my NIC to the 
> routers they
> > >needs to get to.  Only catch is that you can only have one session up
> > >through it (enough for us):
> > >
> > >Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
> > >Welcome to Microsoft Telnet Service
> > >Telnet Server Build 5.00.99201.1
> > >login: cisco
> > >password: *
> > >Microsoft Windows Workstation allows only 1 Telnet Client License
> > >Server has closed connection
> > >
> > >When they were done, I just disabled the Cisco account.  Rather handy now
> > >that I have it.  I've run into a lot of troubleshooting where it was a 
> real
> > >pain not to have internet access for Cisco to get in (or I didn't control
> > >the customer's firewall, etc.).
> > >
> > >After a successful telnet:
> > >*===
> > >Welcome to Microsoft Telnet Server.
> > >*===
> > >C:\>telnet 192.168.45.253
> > >Connecting To 192.168.45.253...
> > >
> > >
> > >
> > >--
> > >Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
> > >List email: [EMAIL PROTECTED]
> > >Homepage: http://jason.artoo.net/
> > >
> > >
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _
> > FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
>--
>www.tasmail.com




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing problem.

[Gareth Hinton]

Keith,

If I understand your description correctly you have:

Internet ---R1---PIXR2/\-R3-LAN

plus 2 DMZ's on pix.

For basic comms you need:
Default route on R3 pointing to R2
Default route on R2 pointing to Pix Inside interface
Default 'route outside' on Pix pointing to R1
Default route on R1 to Serial.
R1 - Routes for all subnets other side of pix, pointing to pix outside
interface.
Specific 'route inside' on pix for LAN pointing to R2
Specific route on R2 for LAN pointing to R3.

Hopefully that's it but I'm still taking bids,

Regards,

Gareth



"Keith Whitfield" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..
>
> I think I missed something in the question. The setup I gave in
> my earlier posting is a part of the actual setup, which is
>
> Internet---3640router---pix---router---T1 linkrouter--LAN.
>
> There are 2 more interfaces(DMZs) on the PIX apart form this
> connection. Basically we are trying to make the remote LAN to
> talk with the internal hosts/servers on the other DMZs. SO, I
> already ahve a static route on the PIX to point at the 3640.
>
> Now, by a static route from the central router to the LAN, how
> will the PIX know to route the traffic of the remote LAN to the
> Ethernet of the router connected to teh PIX?
>
> ALso , can I point to the Ethernet of the central router to
> route the traffic from the remote office? since, ethernet is not
> directly connected to the link.
>
> I think I am missing some basic routing theory here.
>
> Let's give some ip addresses to this problem.
>
> PIX interface to Ethernet of router - 172.18.31.1
> ethernet Interface if router--172.18.31.2
> Serial of Router to T1 link---172.18.30.1
> Serial of router(remote) t1 link--172.18.30.2
>
> Lan subnet of remote router---172.18.40.0
>
> I am a bit new to this and am i confused? I think so..:-)
>
> Regds
> Keith
>
> --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> > >Hi Group,
> > >
> > >I have a setup something like this.
> > >
> > >PIX---(eth)RouterT1 link---Router---LAN(remote site)
> > >
> > >The requirement si that I a should be able to see the LAn at
> > >remote side on the PIX interface that is connected to the
> > >Ethernet of the router at the central office.
> >
> > Does "see the LAN" mean have routing to it, or, for some
> > reason, are
> > these supposed to be on the same subnet?
> >
> > Without further information, I'd point a static route from the
> >
> > central router to the LAN, and a default route to the central
> > router
> > Ethernet from the remote.
> >
> > >If I enable
> > >routing to route the network at the remote site out of the
> > >ethernet interface connected to the PIX, will the pix be able
> > to
> > >see that network? If, not, then can I make the Pix interface,
> > >the router ethernet and the remote LAN all belong to the same
> > >subnet? I haven't configured any kind of bridging till now.
> > >Can anyone please suggest me to a link where I can study to
> > get
> > >this setup working. Any help is appreciated.
> > >
> > >Thanks in advance.
> > >
> > >Regards
> > >Keith
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[jenny . mcleod]

My first thought when I read the mail was that while it is certainly a
useful tip, I would want to be very clear on the site's security policy
before doing this.  If they are tight on security (which they may be if
Internet access is not available), then opening up an unauthorised backdoor
connection to the internal network, and inviting a third party to use it,
could be a seriously career limiting move.

JMcL
-- Forwarded by Jenny Mcleod/NSO/CSDA on 19/01/2001
11:19 am ---


Priscilla Oppenheimer <[EMAIL PROTECTED]>@groupstudy.com on 19/01/2001
09:30:09 am

Please respond to Priscilla Oppenheimer <[EMAIL PROTECTED]>

Sent by:  [EMAIL PROTECTED]



To:   "J Roysdon" <[EMAIL PROTECTED]>
  [EMAIL PROTECTED]
cc:


Subject:  Re: Remote Telnet access via dial-up


Sounds like a helpful troubleshooting method but what were the security
risks? Thoughts, anyone?

Priscilla

At 10:31 PM 1/17/01, J Roysdon wrote:
>Today I was a site w/o internet access, but I needed to get Cisco into it
to
>save time relaying commands and information.  I had a dial-up connection
out
>to my ISP, and then thought about the built-in Telnet server that Windows
>2000 Professional has.  I made a quick guest account for Cisco, and told
>them my dial-up IP, which they could connect to, and then once telnetted
>into my workstation, they were able to telnet out my NIC to the routers
they
>needs to get to.  Only catch is that you can only have one session up
>through it (enough for us):
>
>Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
>Welcome to Microsoft Telnet Service
>Telnet Server Build 5.00.99201.1
>login: cisco
>password: *
>Microsoft Windows Workstation allows only 1 Telnet Client License
>Server has closed connection
>
>When they were done, I just disabled the Cisco account.  Rather handy now
>that I have it.  I've run into a lot of troubleshooting where it was a
real
>pain not to have internet access for Cisco to get in (or I didn't control
>the customer's firewall, etc.).
>
>After a successful telnet:
>*===
>Welcome to Microsoft Telnet Server.
>*===
>C:\>telnet 192.168.45.253
>Connecting To 192.168.45.253...
>
>
>
>--
>Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Beautiful Day, I passed CCIE written test today

[Eric Gunn]

Hello Everyone,

Failing the CCIE written test by one point yesterday really left a bad 
taste in my mouth. I brushed up and took the test again today. The question 
pool must be pretty big as I only got maybe 15 questions that were the same 
from yesterday. Anyway I passed the test with a mark of 75 and am thrilled. 
This whole ordeal has given me a better respect for certification, 
especially this test. As much as I learned in the process of getting to 
this point, I also realized there is that much more to learn.

I am now planning on a quick pit stop to get Nortell NNCSS certification in 
routing(Any advice out there?). I then plan to obtain CCNP specialties in 
ATM and Voice over IP while studying for the lab.

Now I will have to look back in the mail archives for suggestions on 
putting together a CCIE lab and taking a 2nd mortgage on the home so I can 
afford the equipment.

I'd like to thank everyone on the group for their advice, this has been the 
best source of information for me. Time to watch some brainless 
entertainment tonight(Cough) WWF Wrestling(cough) I find it helps me relax 
after thinking so much :)

Thanks Everyone,

-Eric Gunn

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Tony van Ree]

Hi,

As long as the appropriate security/passwords are set it is probably every bit as good 
as any other form of remote access. 

Certainly safer than one I just worked on a few minutes ago where they had a person 
log in locally and went to the # prompt with little extra effort.

Teunis,
Hobart, Tasmania
Australia



On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote:

> Sounds like a helpful troubleshooting method but what were the security 
> risks? Thoughts, anyone?
> 
> Priscilla
> 
> At 10:31 PM 1/17/01, J Roysdon wrote:
> >Today I was a site w/o internet access, but I needed to get Cisco into it to
> >save time relaying commands and information.  I had a dial-up connection out
> >to my ISP, and then thought about the built-in Telnet server that Windows
> >2000 Professional has.  I made a quick guest account for Cisco, and told
> >them my dial-up IP, which they could connect to, and then once telnetted
> >into my workstation, they were able to telnet out my NIC to the routers they
> >needs to get to.  Only catch is that you can only have one session up
> >through it (enough for us):
> >
> >Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
> >Welcome to Microsoft Telnet Service
> >Telnet Server Build 5.00.99201.1
> >login: cisco
> >password: *
> >Microsoft Windows Workstation allows only 1 Telnet Client License
> >Server has closed connection
> >
> >When they were done, I just disabled the Cisco account.  Rather handy now
> >that I have it.  I've run into a lot of troubleshooting where it was a real
> >pain not to have internet access for Cisco to get in (or I didn't control
> >the customer's firewall, etc.).
> >
> >After a successful telnet:
> >*===
> >Welcome to Microsoft Telnet Server.
> >*===
> >C:\>telnet 192.168.45.253
> >Connecting To 192.168.45.253...
> >
> >
> >
> >--
> >Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
> >List email: [EMAIL PROTECTED]
> >Homepage: http://jason.artoo.net/
> >
> >
> >
> >_
> >FAQ, list archives, and subscription info: 
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 
> 
> 
> Priscilla Oppenheimer
> http://www.priscilla.com
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP duplication

[Chuck Larrieu]

No and that's one of the gotcha's

Suppose a server nic fails. You swap it out, turn the server back on, it
sees the network fine, but your users can't attach. Problem - their arp
caches has not flushed, and contains old bad information.

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Gareth Hinton
Sent:   Thursday, January 18, 2001 3:48 PM
To: [EMAIL PROTECTED]
Subject:Re: IP duplication

Would a duplicate ever appear in an arp table?
If the arp table had an entry for an IP would it ever try to arp for another
one.
Not arguing, just wondering out of ignorance.

Gareth

""Tony van Ree"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Sh ARP and put it it a file and do a search might find it.
>
> Teunis,
> Hobart, Tasmania
> Australia
>
> On Thursday, January 18, 2001 at 09:13:38 AM, Estes. Timothy R. wrote:
>
> > Most Network Management software does this.
> >
> > HP Open View Network Node Manager does it for sure.
> >
> >
> >
> > HTH
> >
> > Timothy Estes CCNA
> > Senior Network Systems Analyst
> > Tier III Systems Support
> > Intermedia Communications Inc.
> > 1 Intermedia Way
> > MC FLT TE-2
> > Tampa FL 33674
> > Email - [EMAIL PROTECTED]
> >
> >
> > -Original Message-
> > From: Frusone Federico [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 18, 2001 4:14 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: IP duplication
> >
> >
> > hi to all,
> > i,m looking for an application to find duplicate ip in a network.
Someone
> > can help me ?
> >
> > Thanks federico
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.tasmail.com
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: blocking broadcast.com ip addresses

[beth shriver]

good point!
--- Chuck Larrieu <[EMAIL PROTECTED]> wrote:
> Not to mention that many radio stations have their
> own services, and don't
> go through broadcast.com
> 
> Not to mention that there are business based
> services that use broadcast.com
> as well. You take the bad with the good, so to
> speak.
> 
> I keep coming back to the issue of policy and policy
> enforcement. I don't
> believe it is possible to continue to rely upon
> manual configuration of
> access lists to enforce policy. If there is a severe
> issue, or a good
> business reason to limit internet access and usage,
> then I believe one
> should look into third party server based solutions
> such as web secure.
> There are other products as well, but for some
> reason web secure is the only
> one I can  remember.
> 
> These products have created and maintain policy
> lists, making it easier to
> block pornography, brokerage, radio stations, just
> about anything you can
> imagine. They also allow you to add your own
> criteria, so that if you have a
> researcher who truly does need to listen to the
> radio or monitor
> thestreet.com you can permit that one user to do so
> while blocking everyone
> else. ( handy for currying favor with the boss, I
> suppose )
> 
> What you are suggesting is essentially treating the
> symptom, and not the
> disease. In an ideal world, there would be a written
> acceptable use policy,
> signed by management, and incorporated into the
> employee handbook. Then the
> tech staff would initiate the appropriate fixes
> based upon that policy.
> 
> Everyone should also be aware that app developers,
> both good and evil, are
> now beginning to use protocol tunneling as a means
> of evading corporate site
> and port based policies. It won't be too long before
> everything comes across
> as port 80 traffic, and your port filtering will be
> useless.
> 
> Chuck
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> Kathy Miihalisko
> Sent: Friday, January 05, 2001 9:34 AM
> To:   Kelly D Griffin; beth shriver;
> [EMAIL PROTECTED]
> Subject:  RE: blocking broadcast.com ip addresses
> 
> P.S.--
> 
> Bear in mind that IP addresses are subject to
> change--if you filter out by
> IP alone, you could be chasing them down again next
> week--not to mention
> that broadcast.com is not the only service of its
> kind out there. You might
> find that nailing down the ports to block is more
> efficient.
> 
> Kathy "Katyusha" M.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Kathy Miihalisko
> Sent: Friday, January 05, 2001 11:58 AM
> To: Kelly D Griffin; beth shriver;
> [EMAIL PROTECTED]
> Subject: RE: blocking broadcast.com ip addresses
> 
> 
> Beth,
> 
> Put on your hacker hat and run a port scan first --
> there are many free ones
> for download -- try
> 
> http://members.home.com/ultraj/
> 
> or browse the Connectivity utilities @
> www.davecentral.com for another port
> scanner. Determine the ports used by this broadcast
> service and block them
> with an extended ACL.
> 
> Kathy "Katyusha" M.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Kelly D Griffin
> Sent: Friday, January 05, 2001 9:09 AM
> To: beth shriver; [EMAIL PROTECTED]
> Subject: Re: blocking broadcast.com ip addresses
> 
> 
> The easiest way to block an ip address on your
> gateway router is to route to
> null (i.e. ip route 192.168.1.1 255.255.255.255
> Null).  You can also compile
> an access-list to block out a range of addresses
> (i.e. deny ip any
> 192.168.1.0 0.0.0.255).
> 
> It is up to you to decide which method is the best. 
> The ACL would be my
> preferred method.  Easier to maintain than static
> route statements.
> 
> Kelly D Griffin, CCNA
> Network Engineer
> Kg2 Network Design
> http://www.kg2.com
> 
> 
> - Original Message -
> From: "beth shriver" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 05, 2001 7:33 AM
> Subject: blocking broadcast.com ip addresses
> 
> 
> > Can someone tell me how to block traffic from/to
> > broadcast.com ??? We have several people who like
> to
> > use their computer as a radio and its bogging us
> down!
> > Help,
> > Beth
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> 
> 
> http://1cis.com
> Free E-mail Servers with unlimited mailboxes
> 1st Class Internet Solutions
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>

Native IOS

[Nicholas Pandola]

I would like to know what is the general opinion of the Native IOS.  I =
have it running on a 6509 test box and it is going to take some ramp up =
time to learn the new commands for the SP and RP.  I like the concept I =
just need to know how many TAC engineers are familiar with the IOS.  =
Also if Cisco has intentions to make this the standard IOS for the 6000 =
series.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Slightly OT: Possible 12.1(6) BGP "feature"

[John Neiberger]

I just noticed that if you have bgp dampening turned on and type "show ip
bgp flap-statistics cidr-only" that instead of showing flap statistics, it
shows the exact same output as "show ip bgp cidr-only".

I'm going to assume that this is incorrect behavior.  :-) If it isn't,
someone please enlighten me.

"show ip bgp flap-statistics" does work as advertised.

On that subject, have any of you noticed a whole lotta flappin' going on
today?  Is it because of the power problems in Cali?

-John





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP duplication

[Gareth Hinton]

Would a duplicate ever appear in an arp table?
If the arp table had an entry for an IP would it ever try to arp for another
one.
Not arguing, just wondering out of ignorance.

Gareth

""Tony van Ree"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Sh ARP and put it it a file and do a search might find it.
>
> Teunis,
> Hobart, Tasmania
> Australia
>
> On Thursday, January 18, 2001 at 09:13:38 AM, Estes. Timothy R. wrote:
>
> > Most Network Management software does this.
> >
> > HP Open View Network Node Manager does it for sure.
> >
> >
> >
> > HTH
> >
> > Timothy Estes CCNA
> > Senior Network Systems Analyst
> > Tier III Systems Support
> > Intermedia Communications Inc.
> > 1 Intermedia Way
> > MC FLT TE-2
> > Tampa FL 33674
> > Email - [EMAIL PROTECTED]
> >
> >
> > -Original Message-
> > From: Frusone Federico [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 18, 2001 4:14 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: IP duplication
> >
> >
> > hi to all,
> > i,m looking for an application to find duplicate ip in a network.
Someone
> > can help me ?
> >
> > Thanks federico
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.tasmail.com
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Appletalk AURP/RTMP ??

[Priscilla Oppenheimer]

At 03:59 PM 1/18/01, you wrote:
>Greetings Group,
> I have very little info- on Appletalk, I used to
>own "Inside Appletalk" but that was many moons ago.
>
>Can anyone tell me : Is AURP a distance Vector Routing
>Protocol ?

Yes. AppleTalk Update-Based Routing Protocol (AURP) is still a 
distance-vector protocol, but it sends changes only and supports 
summarization. It has some other features also for large networks. It 
remaps remote network numbers to resolve numbering conflicts and resets the 
hop count so that you aren't restricted to 15 hops. It also supports 
tunneling AppleTalk through an IP backbone. On a Cisco router you configure 
AURP on a tunnel interface.

>I know that RTMP is but am wondering if
>AURP was a similar solution to Novel IPX/RIP with
>NLSP, however, I don't think that there would have
>been that many people around at the time who would be
>able to write the Link-State code.
>
>Priscilla mentions in her white-paper
>(CertificationZone.com) that RTMP routes are
>automatically re-distributed into EIGRP and
>vice-versa. Is this the case with AURP also ?

No. Here's what Cisco says: "Because route redistribution is disabled by 
default, you need to enable it by using the appletalk route-redistribution 
command. Route redistribution is enabled by default only when Enhanced IGRP 
is enabled." See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/2cdapple.htm#xtocid39741

I'm glad to see someone still cares about AppleTalk! &;-)

Priscilla


>Regards,
>
>Phil.
>
>
>
>Do You Yahoo!?
>Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
>or your free @yahoo.ie address at http://mail.yahoo.ie
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: AW: AHHHHHHHHHHHHHHHHHH 1 point short

[asyncd]

I always thought that if you really knew the information before going to the
exam was a key factor.
But whatever floats your boat :-)

Ron - CCNP, CCDP

""john hudson"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> do you want to REALLy know the secret to taking exam`s
>
> REALLY..
>
>
> well here it is ..
>
> 1. GET in your Car
> 2.turn up the stereo
> 3. SING as LOUD as you can to some VERY UPBEAT tunes.
>
> this puts you in a good mood and enables you to concetrate better
>
> the better the mood you are in the easier it is to concentrate
>
> so iam told that is a proven medical FACT.
>
> it helps me (but i always end up laughing when in the exam)
> ( i keep thinking of how stupid i look chillin` in my ride ...Singing to
sum
> lame tune...)
>
> regards
>
> john
>
> >From: Stuart Laubstein <[EMAIL PROTECTED]>
> >Reply-To: Stuart Laubstein <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: AW: AHH 1 point short
> >Date: Thu, 18 Jan 2001 17:45:18 +0100
> >
> >I always try to get 40 minutes of strenous exercise about 2 hours before
an
> >exam--Then I eat some fruit before going in, an orange or something. Of
> >course I always go out for a few beers(or Vodka Redbulls) after the
> >exam(pass or fail there is always a good excuse). The most important
thing
> >to me is  not to go in paralysed with fear but also to maintain a healthy
> >respect for the test.  I like the fish idea though and will try it on Feb
> >6th when I take my next test
> >
> >stu
> >
> >-Ursprüngliche Nachricht-
> >Von: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
> >Gesendet am: Thursday, January 18, 2001 4:59 PM
> >An: 'Ray Mosely'; [EMAIL PROTECTED]
> >Betreff: RE: AHH 1 point short
> >
> >This may sound odd, but I always have fish for dinner the night before an
> >exam - that makes my brain work a little better. I guess it's the protein
> >or
> >something, I don't know - haven't passed the FISH 2.0 exam yet :-)
> >
> >Also, I always drink a coke an hour before the exam, so I don't find my
> >self
> >sleeping when the time is up.
> >
> >Ole
> >
> >
> >  Ole Drews Jensen
> >  Systems Network Manager
> >  CCNA, MCSE, MCP+I
> >  RWR Enterprises, Inc.
> >  [EMAIL PROTECTED]
> >  http://www.CiscoKing.com
> >
> >  NEED A JOB ???
> >  http://www.oledrews.com/job
> >
> >
> >
> >
> >-Original Message-
> >From: Ray Mosely [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, January 18, 2001 9:35 AM
> >To: [EMAIL PROTECTED]
> >Subject: RE: AHH 1 point short
> >
> >
> >Generally speaking, it is recommended that a person
> >get a really good night's sleep two nights before an
> >upcoming event, with the thought in mind that the
> >night before will be stressful sleep no matter what.
> >
> >I usually try to live up to this advice, and it
> >works for me.
> >
> >Ray Mosely
> >CCNA, MCSE
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Charles Henson
> >Sent: Thursday, January 18, 2001 8:28 AM
> >To: [EMAIL PROTECTED]
> >Subject: Re: AHH 1 point short
> >
> >
> >I feel your pain. Scored a 69 on Tuesday morning. Taking it again in 5
> >hours. For three days before the last test I didn't get but 2-3 hours a
> >night. I totally overstressed myself. So i'm not cramming at all for this
> >one. I've casually gone over some notes and focused on some things and I
> >feel more prepared than before. I'll repost this afternoon.
> >
> >Charles
> >
> >
> >"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I was so nervous about taking the test I only slept 3 hours last
night.
> >The
> > > test isn't too bad and looking back on it I feel I over analyzed many
of
> > > the questions and a handful had me stumped.
> > >
> > > 1 question just cost me $200 :), Well I am going to try the exam again
> > > tomorrow if I sleep well, can find the answers to about 10 questions
> >that
> > > stumped me(For safe measure) and can get a seat.
> > >
> > > Thanks everyone for the help,
> > >
> > > I may have some questions for the group later if I can not find some
> > > answers I am looking for.
> > >
> > >
> > > -Eric
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violatio

Fwd: Puzzling HSRP issue....Comments?

[Lance Hubbard]

I fingered it out..I forgot to turn off Spanning tree on the CAT5K 
switch that I have connecting the routersand that I neglected to mention 
below..oops.

Cheers,

Lance


>From: "Lance Hubbard" <[EMAIL PROTECTED]>
>Reply-To: "Lance Hubbard" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Puzzling HSRP issueComments?
>Date: Thu, 18 Jan 2001 13:49:16 -0800
>
>Group,
>
>Ran across a puzzling HSRP behavior issue today...
>
>I have two 2514s running HSRP on Ethernet 0.  When I induce a failure of
>Primary router's (Router A) E0 interface, I can use 'debug standby' to
>determine that HSRP failover takes place as expected, just after the
>holddown expires.  The Standby router (Router B) waits three hello
>intervals, then changes it's MAC to the virtual HSRP MAC, becoming Active.
>This works like textbook, what I did not expect came when I restored
>Ethernet 0 on Router A (the one with a higher Standby priority), when this
>is done, Router A changes HSRP state from init to listen for one holddown
>interval, and begins sending hellos.  It receives none from Router B,
>although Router B is sending them.  Router A then changes state from listen
>to standby, continues to send hellos, then changes state to Active, also
>changing it's MAC to the HSRP virtual MAC.  At this point, Router A
>continues sending hellos, recieving none, even though I can verify that
>Router B is sending them.  Eventually, Router A recieves a hello from 
>Router
>B, indicating a resignation. Good.  Router A is now officially the active
>HSRP router and begins forwarding traffic, problem is this process takes
>27-30 seconds, regardless of hellointerval/holddown timers (I tried this
>with the default of 3/10 and then with 1/3 and got the same 30 second delay
>in fail-back)  Oh, by the way, all packets forwarded to the HSRP
>interface bound for their respective destinations get dropped during this
>30second fail-back blackout.any thoughts?
>
>Cheers,
>
>Lance
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Monitoring QoS

[G.W. Boschloo]

Shaun,

What you can do is testing the config with some testing tools like Netperf
(http://www.netperf.org/) or Qcheck
(http://www.netiq.com/products/Network_Performance/Qcheck.asp). These tools
will stress your config!!!

Gerwin
- Original Message -
From: Shaun Wakelen <[EMAIL PROTECTED]>
To: Cisco GS <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 12:20 PM
Subject: Monitoring QoS


> I have configured QoS, on a 6509. Whilst doing some testing (ftp transfers
> between client and server), by applying the different ACL's, there is an
> apparent throttling type action, but we cannot see any indication of
dropped
> packets, but there are retries displayed on the ftp server. Any
suggestions
> on what can be entered to monitor this, or anybody have any suggestions
for
> software that can be installed on a Win98 laptop, to be used to monitor
> Cisco networks, whilst at different customer sites? Below is the config
> used, and the output from a 'show qos stat ' command
>
> #qos
> set qos enable
> set qos policer aggregate aggr-1 rate 128 burst 128 drop
> set qos policer aggregate aggr-2 rate 128 burst 128 drop
> set qos policer aggregate rate32 rate 32 burst 32 drop
> set qos policer aggregate rate64 rate 64 burst 64 drop
> set qos policer aggregate rate128 rate 128 burst 128 drop
> clear qos acl all
> #myacl2
> set qos acl ip myacl2 trust-cos aggregate aggr-2 tcp any  eq 20 any  gt
1022
>
> set qos acl ip myacl2 trust-cos aggregate aggr-2 tcp any  gt 1022 any  eq
20
>
> set qos acl ip myacl2 trust-cos aggregate aggr-2 tcp any  eq 21 any  gt
1022
>
> set qos acl ip myacl2 trust-cos aggregate aggr-2 tcp any  gt 1022 any  eq
21
>
> #acl32
> set qos acl ip acl32 trust-cos aggregate rate32 ip any  any
> #acl64
> set qos acl ip acl64 trust-cos aggregate rate64 ip any  any
> #acl128
> set qos acl ip acl128 trust-cos aggregate rate128 ip any  any
> #
> commit qos acl all
> #
> set qos acl map myacl2 1,103
> !
> #port channel
> set port channel 1/1-2 16
> set port channel 3/1-4 18
> set port channel 3/5-8 19
> set port channel 3/9-12 20
> set port channel 3/13-16 21
> set port channel 3/17-20 22
> set port channel 3/21-24 23
> set port channel 3/25-28 24
> set port channel 3/29-32 25
> set port channel 3/33-36 26
> set port channel 3/37-40 27
> set port channel 3/41-44 28
> set port channel 3/45-48 29
> !
> # default port status is enable
> !
> !
> #module 1 : 2-port 1000BaseX Supervisor
> set trunk 1/1  on dot1q 1-1005
> set trunk 1/2  on dot1q 1-1005
> !
> #module 2 : 2-port 1000BaseX Supervisor
> !
> #module 3 : 48-port 10/100BaseTX Ethernet
> set vlan 103  3/2,3/37-38
> set port speed  3/5-6  100
> set port duplex 3/5-6  full
> set trunk 3/5  on dot1q 1-1005
> set trunk 3/6  on dot1q 1-1005
> set spantree portfast3/37-38 enable
> set port qos 3/5 trust trust-cos
> set port qos 3/5 port-based
> #
> set qos acl map acl128 3/5
>
>
>
> HOST> (enable) set qos acl map acl128 3/5
> ACL acl128 is successfully mapped to port 3/5.
> The old ACL mapping is replaced by the new one.
> HOST> (enable) sh qos stat 3/5
> Tx port type of port 3/5 : 2q2t
> Q #  Threshold #:Packets dropped
> ---  ---
> 11:0 pkts, 2:0 pkts
> 21:0 pkts, 2:0 pkts
> Rx port type of port 3/5 : 1q4t
> Q #  Threshold #:Packets dropped
> ---  ---
> 11:0 pkts, 2:0 pkts, 3:0 pkts, 4:0 pkts
>
>
> Regards
> Shaun Wakelen (UK)
> This e-mail and any attachments may contain privileged, confidential
and/or
> copyright information and is for the sole use of the intended addressee.
If
> you are not the named recipient, please notify the sender immediately and
do
> not disclose the contents to another person, use it for any purpose, or
> store or copy the information in any medium.This message is subject to and
> does not create or vary any contractual relationship between Telindus
K-NET
> Ltd and you.
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Remote Telnet access via dial-up

[Priscilla Oppenheimer]

Sounds like a helpful troubleshooting method but what were the security 
risks? Thoughts, anyone?

Priscilla

At 10:31 PM 1/17/01, J Roysdon wrote:
>Today I was a site w/o internet access, but I needed to get Cisco into it to
>save time relaying commands and information.  I had a dial-up connection out
>to my ISP, and then thought about the built-in Telnet server that Windows
>2000 Professional has.  I made a quick guest account for Cisco, and told
>them my dial-up IP, which they could connect to, and then once telnetted
>into my workstation, they were able to telnet out my NIC to the routers they
>needs to get to.  Only catch is that you can only have one session up
>through it (enough for us):
>
>Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
>Welcome to Microsoft Telnet Service
>Telnet Server Build 5.00.99201.1
>login: cisco
>password: *
>Microsoft Windows Workstation allows only 1 Telnet Client License
>Server has closed connection
>
>When they were done, I just disabled the Cisco account.  Rather handy now
>that I have it.  I've run into a lot of troubleshooting where it was a real
>pain not to have internet access for Cisco to get in (or I didn't control
>the customer's firewall, etc.).
>
>After a successful telnet:
>*===
>Welcome to Microsoft Telnet Server.
>*===
>C:\>telnet 192.168.45.253
>Connecting To 192.168.45.253...
>
>
>
>--
>Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Rif clarification

[Priscilla Oppenheimer]

> >
> > If a RIF goes through 1rtr with an id of 0191 and
> > then rtr2 which has an id
> > of 0191. Since the ids are the same would this not
> > be an incorrect
> > configuration

It would not be an incorrect configuration. Per the source-route bridging 
standard (IEEE 802.1d Annex C) what needs to be unique is 
ring#/bridge#/ring#. You can use the same bridge number on two bridges 
(routers) if those bridges aren't connecting the same rings.

Priscilla



Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cat 6509 locking up

[eidinger]

I have a problem with a Cat. 6509. We are running Ethernet ports are set to: 
speed: Auto,  Duplex: Auto. User’s NICs are set (speed/duplex) to auto. A user 
had reset his NIC, when out of the office to 100/Full. When he connected to our 
network, the port he was connect to locked(port light was amber) and the switch 
locked as well. We disconnected him and rebooted the switch. All is fine

His setting causing his port to lock is one thing, but the Cat. should have 
remained operational. Does anybody have any ideas? The Cat’s “SHOW VER” is below


show vers
WS-C6509 Software, Version NmpSW: 5.2(1)CSX
Copyright (c) 1995-1999 by Cisco Systems
NMP S/W compiled on Apr  8 1999, 11:35:52

System Bootstrap Version: 5.2(1)

Hardware Version: 2.0  Model: WS-C6509  Serial #: SCAx

Mod Port Model   Serial #Versions
---  --- --- --
1   2WS-X6K-SUP1-2GE SAD03384734 Hw : 5.0
 Fw : 5.2(1)
 Fw1: 5.1(1)CSX
 Sw : 5.2(1)CSX
 Sw1: 5.2(1)CSX
2   48   WS-X6248-RJ-45  SAD03401220 Hw : 1.1
 Fw : 4.2(0.24)VAI78
 Sw : 5.2(1)CSX
3   48   WS-X6248-RJ-45  SAD03431572 Hw : 1.1
 Fw : 4.2(0.24)VAI78
 Sw : 5.2(1)CSX
6   48   WS-X6248-RJ-45  SAD04160E1A Hw : 1.2
 Fw : 5.1(1)CSX
 Sw : 5.2(1)CSX
7   48   WS-X6248-RJ-45  SAD035002FS Hw : 1.2
 Fw : 5.1(1)CSX
 Sw : 5.2(1)CSX

   DRAMFLASH   NVRAM
Module Total   UsedFreeTotal   UsedFreeTotal Used  Free
-- --- --- --- --- --- --- - - -
1   65408K  17067K  48341K  16384K   3828K  12556K  512K  203K  309K


-
This message was sent through IDT.
http://www.idt.net/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AHHHHHHHHHHHHHHHHHH 1 point short

[Daniel Cotts]

Time to restart the blueberry thread.

> -Original Message-
> From: Ray Mosely [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 2:24 PM
> To: Jennifer Cribbs; Fowler, Joey
> Cc: [EMAIL PROTECTED]
> Subject: RE: AHH 1 point short
> 
> 
> Amen.
> The animal and human studies show that classical
> music can help with concentration and retention.
> I often listen to classical while studying, and
> I can feel the tensions and distractions melting
> away.
> Ray M.
> CCNA, MCSE
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jennifer Cribbs
> Sent: Thursday, January 18, 2001 1:35 PM
> To: Fowler, Joey
> Cc: [EMAIL PROTECTED]
> Subject: RE: AHH 1 point short
> 
> 
> Since I've only had one test, I can only speak for myself..I 
> had my husband
> drive me and we were absolutely silent on the trip with me 
> doing last minute
> cramming, with cotton in my ears in case he turned the radio 
> on. We road
> this
> was for a good hr and half.  Maybe two. (I was nervous about being
> distracted).  But at home, I put headphones on at a very very 
> loud volume of
> wonderful classical music.  They say (and I don't know who 
> they are), but
> they
> say that classical music helps memory retention.  hehe
> I was raised with classical.  But I am well aware of how most 
> folks feel
> about
> it.
> 
> Jen
> 
> >= Original Message From "Fowler, Joey" 
> <[EMAIL PROTECTED]> =
> >I personally find that listening to "Eye of the Tiger" from 
> the Rocky =
> >movies
> >is perfect.
> >
> >-Original Message-
> >From: john hudson [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, January 18, 2001 1:31 PM
> >To: [EMAIL PROTECTED]
> >Cc: [EMAIL PROTECTED]
> >Subject: Re: AW: AHH 1 point short
> >
> >
> >
> >do you want to REALLy know the secret to taking exam`s
> >
> >REALLY..
> >
> >
> >well here it is ..
> >
> >1. GET in your Car
> >2.turn up the stereo
> >3. SING as LOUD as you can to some VERY UPBEAT tunes.
> >
> >this puts you in a good mood and enables you to concetrate better
> >
> >the better the mood you are in the easier it is to concentrate
> >
> >so iam told that is a proven medical FACT.
> >
> >it helps me (but i always end up laughing when in the exam)
> >( i keep thinking of how stupid i look chillin` in my ride 
> ...Singing =
> >to sum
> >
> >lame tune...)
> >
> >regards
> >
> >john
> >
> >>From: Stuart Laubstein <[EMAIL PROTECTED]>
> >>Reply-To: Stuart Laubstein <[EMAIL PROTECTED]>
> >>To: [EMAIL PROTECTED]
> >>Subject: AW: AHH 1 point short
> >>Date: Thu, 18 Jan 2001 17:45:18 +0100
> >>
> >>I always try to get 40 minutes of strenous exercise about 2 hours =
> >before an
> >>exam--Then I eat some fruit before going in, an orange or 
> something. =
> >Of
> >>course I always go out for a few beers(or Vodka Redbulls) after the
> >>exam(pass or fail there is always a good excuse). The most 
> important =
> >thing
> >>to me is  not to go in paralysed with fear but also to maintain a =
> >healthy
> >>respect for the test.  I like the fish idea though and will 
> try it on =
> >Feb
> >>6th when I take my next test
> >>
> >>stu
> >>
> >>-Urspr=FCngliche Nachricht-
> >>Von: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
> >>Gesendet am: Thursday, January 18, 2001 4:59 PM
> >>An: 'Ray Mosely'; [EMAIL PROTECTED]
> >>Betreff: RE: AHH 1 point short
> >>
> >>This may sound odd, but I always have fish for dinner the 
> night before =
> >an
> >>exam - that makes my brain work a little better. I guess it's the =
> >protein=20
> >>or
> >>something, I don't know - haven't passed the FISH 2.0 exam yet :-)
> >>
> >>Also, I always drink a coke an hour before the exam, so I 
> don't find =
> >my=20
> >>self
> >>sleeping when the time is up.
> >>
> >>Ole
> >>
> >>
> >>  Ole Drews Jensen
> >>  Systems Network Manager
> >>  CCNA, MCSE, MCP+I
> >>  RWR Enterprises, Inc.
> >>  [EMAIL PROTECTED]
> >>  http://www.CiscoKing.com
> >>
> >>  NEED A JOB ???
> >>  http://www.oledrews.com/job
> >>
> >>
> >>
> >>
> >>-Original Message-
> >>From: Ray Mosely [mailto:[EMAIL PROTECTED]]
> >>Sent: Thursday, January 18, 2001 9:35 AM
> >>To: [EMAIL PROTECTED]
> >>Subject: RE: AHH 1 point short
> >>
> >>
> >>Generally speaking, it is recommended that a person
> >>get a really good night's sleep two nights before an
> >>upcoming event, with the thought in mind that the
> >>night before will be stressful sleep no matter what.
> >>
> >>I usually try to live up to this advice, and it
> >>works for me.
> >>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Frame Relay OR ATM????

[Nabil Fares]

Greetings all,

Would like to get your thoughts on the benefits of choosing ATM over frame
for the backbone.  We have sites basically all over the US, and someone is
recommending ATM instead of frame.  We're currently using point-point ckts.
for backbone connectivity.  Any web site links or little summary would
great.

Thanks,

Nabil


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing problem.

[Allen May]

First, the remote network can't access anything inside the firewall without
static/conduits or ACLs set up if it is on a lower security interface than
the internal network you are trying to access from there.

Anything coming from the outside interface into the PIX should have static
routes or RIP (eww) set up so it knows which interface to forward to coming
in (DMZ, internal network, etc).

Hopefully I didn't miss anything in this thread and went off on a tangent ;)

- Original Message -
From: "Keith Whitfield" <[EMAIL PROTECTED]>
To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 3:28 PM
Subject: Re: routing problem.


> Hi..
>
> I think I missed something in the question. The setup I gave in
> my earlier posting is a part of the actual setup, which is
>
> Internet---3640router---pix---router---T1 linkrouter--LAN.
>
> There are 2 more interfaces(DMZs) on the PIX apart form this
> connection. Basically we are trying to make the remote LAN to
> talk with the internal hosts/servers on the other DMZs. SO, I
> already ahve a static route on the PIX to point at the 3640.
>
> Now, by a static route from the central router to the LAN, how
> will the PIX know to route the traffic of the remote LAN to the
> Ethernet of the router connected to teh PIX?
>
> ALso , can I point to the Ethernet of the central router to
> route the traffic from the remote office? since, ethernet is not
> directly connected to the link.
>
> I think I am missing some basic routing theory here.
>
> Let's give some ip addresses to this problem.
>
> PIX interface to Ethernet of router - 172.18.31.1
> ethernet Interface if router--172.18.31.2
> Serial of Router to T1 link---172.18.30.1
> Serial of router(remote) t1 link--172.18.30.2
>
> Lan subnet of remote router---172.18.40.0
>
> I am a bit new to this and am i confused? I think so..:-)
>
> Regds
> Keith
>
> --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> > >Hi Group,
> > >
> > >I have a setup something like this.
> > >
> > >PIX---(eth)RouterT1 link---Router---LAN(remote site)
> > >
> > >The requirement si that I a should be able to see the LAn at
> > >remote side on the PIX interface that is connected to the
> > >Ethernet of the router at the central office.
> >
> > Does "see the LAN" mean have routing to it, or, for some
> > reason, are
> > these supposed to be on the same subnet?
> >
> > Without further information, I'd point a static route from the
> >
> > central router to the LAN, and a default route to the central
> > router
> > Ethernet from the remote.
> >
> > >If I enable
> > >routing to route the network at the remote site out of the
> > >ethernet interface connected to the PIX, will the pix be able
> > to
> > >see that network? If, not, then can I make the Pix interface,
> > >the router ethernet and the remote LAN all belong to the same
> > >subnet? I haven't configured any kind of bridging till now.
> > >Can anyone please suggest me to a link where I can study to
> > get
> > >this setup working. Any help is appreciated.
> > >
> > >Thanks in advance.
> > >
> > >Regards
> > >Keith
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cat 3524 init setup problem

[Matthew . Sypherd]

Adam,

 Go into config mode to int VLAN1 and enter the "management" command.

 Matthew Sypherd
 [EMAIL PROTECTED]




Adam Wang <[EMAIL PROTECTED]>@groupstudy.com
01/18/2001 09:46 AM





Please respond to Adam Wang <[EMAIL PROTECTED]>

Sent by:  [EMAIL PROTECTED]


To:   [EMAIL PROTECTED]
cc:

Subject:  cat 3524 init setup problem


Hi,

I have a cat 3524 for an initial setup. I gave the
vlan1 (the management vlan) an ip address, but when I
look at the interface vlan1, the interface is up,
protocol is down.  I can not go on to access its web
config page because I can't get this interface up.

Any idea what else I need to do?  Thanks.


Adam

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passed BCRAN

[Medley, Tim]

I passed my BCRAN today on the first try. Thanks to all who have
contributed.

I used on the job knowledge, the McGraw Hill (Thomas) BCRAN Book, and the
Cisco Press BCRAN book in combination with the COLT BCRAN practice tests.

I have seen alot of mixed feelings over the COLT tests, I had two questions
that were both on the COLT test and the real exam.

If you don't use async lines and modems alot in the field definately study
up on modem configuration, autoconfig and modemcap areas. I got hammered on
this stuff.

Tim

I hear and I forget
I see and I believe
I do and I understand
 -Confucius


Tim Medley - CCNA, CCDA
Network Architect
VoIP Group
704-943-3615 - Phone
704-525-9119 - Fax
877-6-iReady - Helpdesk


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Puzzling HSRP issue....Comments?

[Lance Hubbard]

Group,

Ran across a puzzling HSRP behavior issue today...

I have two 2514s running HSRP on Ethernet 0.  When I induce a failure of 
Primary router's (Router A) E0 interface, I can use 'debug standby' to 
determine that HSRP failover takes place as expected, just after the 
holddown expires.  The Standby router (Router B) waits three hello 
intervals, then changes it's MAC to the virtual HSRP MAC, becoming Active.  
This works like textbook, what I did not expect came when I restored 
Ethernet 0 on Router A (the one with a higher Standby priority), when this 
is done, Router A changes HSRP state from init to listen for one holddown 
interval, and begins sending hellos.  It receives none from Router B, 
although Router B is sending them.  Router A then changes state from listen 
to standby, continues to send hellos, then changes state to Active, also 
changing it's MAC to the HSRP virtual MAC.  At this point, Router A 
continues sending hellos, recieving none, even though I can verify that 
Router B is sending them.  Eventually, Router A recieves a hello from Router 
B, indicating a resignation. Good.  Router A is now officially the active 
HSRP router and begins forwarding traffic, problem is this process takes 
27-30 seconds, regardless of hellointerval/holddown timers (I tried this 
with the default of 3/10 and then with 1/3 and got the same 30 second delay 
in fail-back)  Oh, by the way, all packets forwarded to the HSRP 
interface bound for their respective destinations get dropped during this 
30second fail-back blackout.any thoughts?

Cheers,

Lance
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Patch Panels

[Tony van Ree]

Hi,

Yeh, we use metric so it is in metres.  But if I want an 18 inch cable I kink a 1/2 
metre cable and this makes it about right;-)

I also have a metric shifting spanner (adjustable wrench) it works ok on Imperial and 
American nuts quite well:-}



Teunis attempting humour.

On Wednesday, January 17, 2001 at 11:19:39 PM, J Roysdon wrote:

> See http://jason.artoo.net/images/turlock_rack_1.jpg from
> http://jason.artoo.net/artoo.html
> 
> The top portion is patch panels (with the nice covers over the wire
> management keeping it clean looking).  Under it you see a large group of
> cables going to our switches (3Com, eeyuk, but it was all free from 3Com).
> As the post below said, all workstations are terminated behind the patch
> panel.  We also terminal all telco POTS lines (for analog faxes & modems),
> ISDN lines, & T1 lines behind these and run them down to the back of the
> routers.
> 
> That way, they can easily be patched with 3' & 5' patch cables.
> 
> Hey, that makes me think:  What lengths do patch cables come in outside the
> USA?  I'm guessing in meter lengths, but what would a 5ft. or 7ft. patch
> cable be?  3ft. ~ 1 meter, so I can get that.
> 
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
> 
> 
> ""Tony van Ree"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > Patch panels are the panels that exist in wiring closets.  I a number of
> places (most of where I work.) the term wiring closet is used for the place
> where the patch panels are housed if at all.
> >
> > Basically a ptch panel is a panel that allows you to put cables from one
> socket to another.  For example you might have 3 outlets to a workstation
> area,  these would come back to a patch panel in a wiring closet from there
> one socket might be plugged into a switch or hub another might go into
> another patch panel connecting two wiring closets then onto a phone system,
> a different switch (for redundancy purposes) or what ever.
> >
> > Hope this helps
> >
> > Teunis,
> > Hobart, Tasmania
> > Australia
> >
> >
> > On Wednesday, January 17, 2001 at 07:27:42 AM, Sammi wrote:
> >
> > > Could someone please elaborate on patch panels, or point to some
> > > reading.
> > > I understand the use of panels when you have your switch/router in,
> > > say, rack1 and your devices in rack5, you then have patch panels in
> > > rack5 hardwired over to rack1.
> > > I'm missing the practicality in other cases:
> > > Your router/switches are in rack1 and you have them hooked up to patch
> > > panels also in rack1. Why not bypass the patch panels in this case?
> > > Wiring closets; you have hubs in the closet, wired to patch panels in
> > > the same closet. Again, why not bypass the panels?
> > > When a workstation needs to be "punched down", does that mean you need
> > > to hardwire a port on the patch panel to the hub, then run a line from
> > > workstation to the patch panel? Any info available on the "punch down"
> > > methodology?
> > >
> > > Any clarifications greatly appreciated.
> >
> 
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP duplication

[Tony van Ree]

Hi,

Sh ARP and put it it a file and do a search might find it.

Teunis,
Hobart, Tasmania
Australia

On Thursday, January 18, 2001 at 09:13:38 AM, Estes. Timothy R. wrote:

> Most Network Management software does this. 
> 
> HP Open View Network Node Manager does it for sure.
> 
> 
> 
> HTH
> 
> Timothy Estes CCNA
> Senior Network Systems Analyst
> Tier III Systems Support
> Intermedia Communications Inc.
> 1 Intermedia Way
> MC FLT TE-2
> Tampa FL 33674
> Email - [EMAIL PROTECTED]
> 
> 
> -Original Message-
> From: Frusone Federico [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 4:14 AM
> To: '[EMAIL PROTECTED]'
> Subject: IP duplication
> 
> 
> hi to all,
> i,m looking for an application to find duplicate ip in a network. Someone
> can help me ?
> 
> Thanks federico
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: about routing in NT server

[Gareth Hinton]

It should know where its directly connected networks are, so you shouldn't
have to worry too much to get to your DMZ. Just make sure your default route
is set up for external interface.
Make sure if you add any routes that you use 'route add -p' to make them
persistent. Otherwise you could make a negative career move next time the
server is re-booted and all your routes go down the plug hole.

Gareth

""garyty99"" <[EMAIL PROTECTED]> wrote in message
01011813282300.00335@www3">news:01011813282300.00335@www3...
> Hi guys:
>   i install the checkpoint in my NT server ,the nt server has 3 NIC,one is
connect to external network,one is connected the internal,another one is
connected the DMZ,my question how to routing the packet from internal to DMZ
on NT server,i have open the ip routing in NT server,need i do something
else
>
>
>  thanks
>
>
>
>
> -
> »¶Ó­¹âÁÙ http://www.cmmail.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing problem.

[Keith Whitfield]

Hi..

I think I missed something in the question. The setup I gave in
my earlier posting is a part of the actual setup, which is 

Internet---3640router---pix---router---T1 linkrouter--LAN.

There are 2 more interfaces(DMZs) on the PIX apart form this
connection. Basically we are trying to make the remote LAN to
talk with the internal hosts/servers on the other DMZs. SO, I
already ahve a static route on the PIX to point at the 3640. 

Now, by a static route from the central router to the LAN, how
will the PIX know to route the traffic of the remote LAN to the
Ethernet of the router connected to teh PIX? 

ALso , can I point to the Ethernet of the central router to
route the traffic from the remote office? since, ethernet is not
directly connected to the link.

I think I am missing some basic routing theory here.

Let's give some ip addresses to this problem.

PIX interface to Ethernet of router - 172.18.31.1
ethernet Interface if router--172.18.31.2
Serial of Router to T1 link---172.18.30.1
Serial of router(remote) t1 link--172.18.30.2

Lan subnet of remote router---172.18.40.0

I am a bit new to this and am i confused? I think so..:-)

Regds
Keith

--- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> >Hi Group,
> >
> >I have a setup something like this.
> >
> >PIX---(eth)RouterT1 link---Router---LAN(remote site)
> >
> >The requirement si that I a should be able to see the LAn at
> >remote side on the PIX interface that is connected to the
> >Ethernet of the router at the central office.
> 
> Does "see the LAN" mean have routing to it, or, for some
> reason, are 
> these supposed to be on the same subnet?
> 
> Without further information, I'd point a static route from the
> 
> central router to the LAN, and a default route to the central
> router 
> Ethernet from the remote.
> 
> >If I enable
> >routing to route the network at the remote site out of the
> >ethernet interface connected to the PIX, will the pix be able
> to
> >see that network? If, not, then can I make the Pix interface,
> >the router ethernet and the remote LAN all belong to the same
> >subnet? I haven't configured any kind of bridging till now.
> >Can anyone please suggest me to a link where I can study to
> get
> >this setup working. Any help is appreciated.
> >
> >Thanks in advance.
> >
> >Regards
> >Keith
> >
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Catalyst 2901 for sale!!!

[Cisco_Stuff]

http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1208830259



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hard/software requirement

[Hennen, David]

you can find out by using the show port capability command.  the stuff below
is from a cat 5000 with a 5213 blade

dave h

test-cat> sh port cap 2
ModelWS-X5213
Port 2/1
Type 10/100BaseTX
Speedauto,10,100
Duplex   half,full
Trunk encap type ISL
Trunk mode   on,off,desirable,auto,nonegotiate
Channel  no
Broadcast suppressionpps(0-15)
Flow control no
Security yes
Membership   static,dynamic
Fast start   yes
Rewrite  no

-Original Message-
From: Jason T. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 4:01 PM
To: [EMAIL PROTECTED]
Subject: Fw: Hard/software requirement


The model I have is WS-5213 (12-port 10/100BASE-TX Fast Ethernet RJ-45).
Does this support trunking?

<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A lot of older catalyst 5000 blades don't support either trunking or
> etherchannel.  What is the exact model number of the blade?  If it
doesn't,
> upgrading to a new supervisor won't do anything for you.
>
> -Original Message-
> From: Jason T. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 1:59 PM
> To: [EMAIL PROTECTED]
> Subject: Hard/software requirement
>
>
> Hi Group, does anyone know what's the minimum hw/sw requirement to set up
a
> trunk port?  I have a cat5500 with Supervisor Engine I running s/w 3.2(1b)
&
> a 12-port 10/100BASE-TX Fast Ethernet blade running s/w 3.2(1) connecting
to
> a FastEthernet on a cisco 7204.  I cannot get trunking to work.  The
switch
> doesn't understand "show port capabilities".  Do I need a Supervisor
Engine
> II in order to do trunking?  Thanks.
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: crossover or straight cable?

[Tony van Ree]

Hi,

Sorry if my comments hurt heads.  I am trying to make the point you need to have a 
talker speaking to a listener.  This is true of any form of communications.  The cross 
over simply achieves this.  There is no more to it.

Teunis

On Wednesday, January 17, 2001 at 11:12:49 PM, J Roysdon wrote:

> Ouch, you hurt my head reading that.  To me, the easier way to explain it is
> that hub/switch ports are crossed, unless specified otherwise (like with a
> toggle port, or a straight-through port).  Therefore, to go from a crossed
> hub/switch port to a crossed hub/switch port, you must add another crossover
> to "uncross" one of the two crossed ports.  If you want to go from node to
> node, you must add the cross with a crossover.  What's the cross doing?
> Nothing more than flipping the transmit and receive pairs.
> 
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
> 
> 
> ""Tony van Ree"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > NO
> >
> > For a start the cable is a layer 1 device as are the electrical properties
> of the ports so the theory of different layered devices does not hold up.
> >
> > Secondly a layer 2 device cannot talk directly to a layer 3 in another
> machine.  Layer 2 can only talk to layers 1 & 3 in the device it is in.
> Then layer 1 passes the data (electrical pulses) to the layer 1 on the next
> device.  If the layer 2 passes the data (a frame) to layer 3 then layer 3
> decides on where to pass it up the protocol stack only if the layer 3 sees
> it as valid.
> >
> > BASIC COMMS (similar to a normal conversation between 2 people)
> >
> > A talker speaks to a listener via some medium (air, telephone wire, sign
> language) a protocol must be agreed to.  Maybe English, Chinese or sign
> language.  If someone spoke to me in sign language thay may as well speak to
> me in Chinese as I don't understand either nor would sign language be
> appropriate over a phone.
> >
> > Each talker must have a listener if you have two devices that are the same
> thier electrical paths will be the same therefore you need a crossover.
> Switch to switch (both layer 2 SO WHAT), Switch to Hub (Layer 2 to Layer 1)
> both are similar electrically in there port design (this was deliberate to
> make connections to PC NIC's and routers etc simple else would would need a
> NIC for a Hub and a different one for a Switch) A switch to a hub requires a
> crossover.
> >
> > A router or PC to a switch or hub.  The ports are different electrically a
> straight cable will work.  A router to a PC are similar electrically these
> need a crossover.
> >
> > X cross over simply puts the send signal to a receive on similar port
> types nothing more flash than that.  The secrete is cables are a part of
> layer 1 and have nothing to do with the upper layers.
> >
> > I put a spread on this and the pinouts a couple of weeks ago.
> >
> > Hope this makes it easier.
> >
> > Teunis
> > Hobart, Tasmania
> > Australia
> >
> >
> > On Wednesday, January 17, 2001 at 10:55:58 AM, Lowell Sharrah wrote:
> >
> > > funny,, I said the same thing over two months ago.  Good rule to follow.
> > >
> > > >>> Sampy Ren <[EMAIL PROTECTED]> 01/17/01 10:34AM >>>
> > > The rule to follow about cross-over or straight
> > > cabling confusion is this :
> > >
> > > If you are connecting same layer devices, use a
> > > cross-over cable (as in switch to a switch-layer 2 to
> > > layer 2 or a router to a router -layer 3 to layer 3).
> > >
> > > If you are connecting devices from different layers,
> > > use a straight cable ( as in connecting a switch to a
> > > router - layer 2 to layer 3 connectivity).
> > >
> > > Hopefully this gives you the concept of the cabling
> > > schema.
> > >
> > > Regards/Sampath.
> > >
> > > --- Chuck Larrieu <[EMAIL PROTECTED]> wrote:
> > > > Didn't we just have this discussion - straight thru
> > > > or crossover - a couple
> > > > of weeks ago?
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]] On Behalf Of
> > > > Yonkerbonk
> > > > Sent: Thursday, December 28, 2000 12:47 AM
> > > > To: sean; [EMAIL PROTECTED]
> > > > Subject: Re: crossover or straight cable?
> > > >
> > > > A trunk port is simply a port that has traffic from
> > > > more than one VLAN running over it. It is a function
> > > > of the software to combine and split the data. That
> > > > has nothing to do with how the cabling is done.
> > > > If you have a trunk running from switch to switch,
> > > > it
> > > > will be crossover. If you have a trunk running from
> > > > switch to router, it will be straight through.
> > > > Normal
> > > > cabling scheme.
> > > >
> > > > --- sean <[EMAIL PROTECTED]> wrote:
> > > > > Tony,
> > > > >
> > > > > Are you saying that, to connect  "trunk" ports
> > > > > between switches, cross

Fw: Hard/software requirement

[Jason T.]

The model I have is WS-5213 (12-port 10/100BASE-TX Fast Ethernet RJ-45).
Does this support trunking?

<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A lot of older catalyst 5000 blades don't support either trunking or
> etherchannel.  What is the exact model number of the blade?  If it
doesn't,
> upgrading to a new supervisor won't do anything for you.
>
> -Original Message-
> From: Jason T. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 1:59 PM
> To: [EMAIL PROTECTED]
> Subject: Hard/software requirement
>
>
> Hi Group, does anyone know what's the minimum hw/sw requirement to set up
a
> trunk port?  I have a cat5500 with Supervisor Engine I running s/w 3.2(1b)
&
> a 12-port 10/100BASE-TX Fast Ethernet blade running s/w 3.2(1) connecting
to
> a FastEthernet on a cisco 7204.  I cannot get trunking to work.  The
switch
> doesn't understand "show port capabilities".  Do I need a Supervisor
Engine
> II in order to do trunking?  Thanks.
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: #1 Gold (was: Any Network Managers out there?) [3:982]

[Jennifer Cribbs]

Thanks Jim for those wonderfully encouraging words.

I'll guess I'll just keep the classical music going on then...eh...

Jen

>= Original Message From Jim Dixon <[EMAIL PROTECTED]> =
>Jennifer, when you get those little 4 numbers and CCIE# in front of them.
>YOU CAN DEMAND your job at YOUR PRICE. (within reason) Cisco don't play
>that, no Homey the clown CCIE's...
>now you can go home...I don't care if it's just the first daywe said GO
>HOME! o yea thanks for the 1000 bucks.
>But...but b.ut don't I get to at least see day two?
>
>NOPE. GO HOME.
>
>well I paid for it.
>
>No you paid for the opportunity to get there once you passed the first day.
>you failed to pass the first day.
>
>It could get ugly but I still believe that when you pass
>it'll ALL be worth it.
>
>Jim
>
>-Original Message-
>From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 18, 2001 2:29 PM
>To: Raymond Thomas
>Cc: [EMAIL PROTECTED]
>Subject: RE: #1 Gold (was: Any Network Managers out there?) [3:982]
>
>
>You know Raymond...I have never even worked in networking...I just got my
>CCNA.  My head is swelling
>
>"For a prizewhen I am a ccie, I want a job."
>
>This is greathehehe
>
>Jennifer Cribbs
>
>
>>= Original Message From Raymond  Thomas <[EMAIL PROTECTED]>
>=
>>SWB =)They are owned by SBC communications and ding ding ding! You are
>>correct! What do you want as a prize?? ;-)
>>
>>Raymond Thomas
>>Senior Executive Consultant
>>Concepts In Staffing Inc.
>>9 East 37th Street 2nd Floor
>>New York, N.Y. 10016
>>
>>(212) 293-4458 direct  (212) 652-0805 fax
>>email: [EMAIL PROTECTED] 
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>-Original Message-
>>From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, January 18, 2001 3:12 PM
>>To: Raymond Thomas
>>Subject: RE: #1 Gold (was: Any Network Managers out there?) [3:982]
>>
>>
>>My guess is SWB, maybe out of canada. But I definitely think SWB...
>>
>>Jennifer
>>
>>
>>
>>>= Original Message From Raymond  Thomas <[EMAIL PROTECTED]>
>>=
>>>Everybody, check some archive articles on Cisco and partnership and you
>>will
>>>see who is the largest reseller of Cisco equipment and Cisco powered
>>>Networks. It is not IBM, even though they are also a client of ours ;-)
>>>
>>>Raymond Thomas
>>>Senior Executive Consultant
>>>Concepts In Staffing Inc.
>>>9 East 37th Street 2nd Floor
>>>New York, N.Y. 10016
>>>
>>>(212) 293-4458 direct  (212) 652-0805 fax
>>>email: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>-Original Message-
>>>From: Simon [mailto:[EMAIL PROTECTED]]
>>>Sent: Thursday, January 18, 2001 3:46 PM
>>>To: [EMAIL PROTECTED]
>>>Subject: Re: #1 Gold (was: Any Network Managers out there?) [3:982]
>>>
>>>
>>>Since this is probably based on $$$ I would guess IBM Global Services
>>>
>>> wrote in message
>>>news:[EMAIL PROTECTED]...
>>> People!
>>>  I can't believe you don't know this one...it's a giveaway. Cisco's
>>#1
>>> Gold partner has to be one of two companies...Nortel Networks or
>>>Juniper!!!
>>> Where else would they need 43 CCIE's to fix all the problems with their
>>> products? It's simple. Hehehe, sorry, guess that's just some Friday
>>humor.
>>> On
>>> the serious side. I would guess that it was an ISP so I'm gonna go with
>>> Sprint as being the #1 largest. Just an educated guess though. So what's
>>>the
>>> answer Raymond?  =)
>>>
>>> Mark Z.
>>>
>>> In a message dated 1/11/01 11:41:04 PM Eastern Standard Time,
>>> [EMAIL PROTECTED] writes:
>>>
>>>
>>> > Hmm, SBC has a bunch of CCIEs.  There's an SBC CCIE in JAX who's
>really
>>> > sharp, almost as sharp as me ;-p
>>> >
>>> > -s
>>> >
>>> > -Original Message-
>>> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>>> > Raymond Thomas
>>> > Sent: Friday, January 12, 2001 12:26 AM
>>> > To: [EMAIL PROTECTED]
>>> > Subject: RE: Any Network Managers out there? [3:982]
>>> >
>>> >
>>> > Not them either!
>>> >
>>> > RT
>>> >
>>> > -Original Message-
>>> > From: Dennis
>>> > To: [EMAIL PROTECTED]
>>> > Sent: 1/11/01 10:43 PM
>>> > Subject: Re: Any Network Managers out there? [3:982]
>>> >
>>> > definately not one of those.
>>> > maybe Equant or BANI or NEC
>>> >
>>> >
>>> > "sfbayer"  wrote in message
>>> > news:[EMAIL PROTECTED]...
>>> > > Who's Cisco's largest gold partner? Lucent? IBM? ATT?
>>> > >
>>> > >
>>> > > "Raymond Thomas"  wrote in message
>>> > > news:[EMAIL PROTECTED]...
>>> > > > Funny thing,
>>> > > >
>>> > > > I have the same exact need in NYC too for Cisco's largest Gold
>>> > Partner
>>> > > with
>>> > > > 43 CCIE's on staff ;-)
>>> > > >
>>> > > > Raymond Thomas
>>> > > >
>>> > > > -Original Message-
>>> > > > 

RE: Line in Running Config

[MCDONALD, ROMAN (SBCSI)]

This enables the cns event server for inter-application communication.  It
deals with Directory
Services and is part of Cisco's CNS software (Cisco Network Services).  This
is very fuzzy to
me but you can find references here:


http://www.cisco.com/warp/public/cc/pd/nemnsw/nesv/prodlit/cns34_qp.htm

-Original Message-
From: James Haynes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 2:28 PM
To: [EMAIL PROTECTED]
Subject: Line in Runnung Config


I am trying to find any information one might have to the following line in
a configuration. I've checked on CCO, but all I get are examples of
configurations with this in it.


cns event-service server

Thx again for your help.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCMSN: Question About Flow Masks

[deyates]

Ok, page 7-34 (MLS Flow Masks) of my course notes states 
that "if the MLS-SE detects different flow masks from 
different MLS-RPs for which the MLS-SE is performing 
Layer 3 Switching, the MLS-SE changes its flow mask to 
the most specific flow mask detected.  However, if a 
more specific flowmask is in effect, then a less 
specific flow mask is applied."

So, is this saying that: 
1.  RP1 has mask A and it is applied to the SE.  
2.  The mask on RP1 resulting in a less specific mask 
B.  
3.  The MLS-SE responds by applying B, the less specific 
mask.

Can someone interepret this for me?  Would it then be 
the case that if RP2 had a more specific mask C than B 
but less specific then A, the mask that would be applied 
is C?

TIA...

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing problem.

[Howard C. Berkowitz]

>Hi Group,
>
>I have a setup something like this.
>
>PIX---(eth)RouterT1 link---Router---LAN(remote site)
>
>The requirement si that I a should be able to see the LAn at
>remote side on the PIX interface that is connected to the
>Ethernet of the router at the central office.

Does "see the LAN" mean have routing to it, or, for some reason, are 
these supposed to be on the same subnet?

Without further information, I'd point a static route from the 
central router to the LAN, and a default route to the central router 
Ethernet from the remote.

>If I enable
>routing to route the network at the remote site out of the
>ethernet interface connected to the PIX, will the pix be able to
>see that network? If, not, then can I make the Pix interface,
>the router ethernet and the remote LAN all belong to the same
>subnet? I haven't configured any kind of bridging till now.
>Can anyone please suggest me to a link where I can study to get
>this setup working. Any help is appreciated.
>
>Thanks in advance.
>
>Regards
>Keith
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Security

[Tommy]

I took the Pix exam and I felt the format was more difficult than any of the
CCNP 2.0 exams or the MCNS exam.  There were a lot of type in questions,
some of which were particularly vague.  There were serveral drag-and-drop
task questions which were pretty easy.  If there were four slots to fill,
you only had four options.  All multiple choice questions told you how many
selections to make.  Some of the multiple choice questions were of the
"choose the best answer" variety which can be tough.  If you look at the
course outline from global knowledge, you'll see what they want you to know
for the exam.  All in all, it's not terribly difficult if you know the
material, but I still didn't find it particularly easy.

Tommy

<[EMAIL PROTECTED]> wrote in message 9458vu$ru8$[EMAIL PROTECTED]">news:9458vu$ru8$[EMAIL PROTECTED]...
> Is anyone persuing cisco new track for ccnp specialization? If so beside
> MCNS, does anyone know about the test format for CSPFF,CSPFA,CSIDS? Cisco
> web site does not say much about those three.  Is it to my understanding
> that they will just test you and what u should know. Thanks
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Study group in ST. Pete/Tampa

[Ted Cory]

Anyone know of a study group in Tampa/ St. Pete area? If not anyone
interested?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: #1 Gold (was: Any Network Managers out there?) [3:982]

[Jennifer Cribbs]

You know Raymond...I have never even worked in networking...I just got my 
CCNA.  My head is swelling

"For a prizewhen I am a ccie, I want a job."

This is greathehehe
 
Jennifer Cribbs


>= Original Message From Raymond  Thomas <[EMAIL PROTECTED]> 
=
>SWB =)They are owned by SBC communications and ding ding ding! You are
>correct! What do you want as a prize?? ;-)
>
>Raymond Thomas
>Senior Executive Consultant
>Concepts In Staffing Inc.
>9 East 37th Street 2nd Floor
>New York, N.Y. 10016
>
>(212) 293-4458 direct  (212) 652-0805 fax
>email: [EMAIL PROTECTED] 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>-Original Message-
>From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 18, 2001 3:12 PM
>To: Raymond Thomas
>Subject: RE: #1 Gold (was: Any Network Managers out there?) [3:982]
>
>
>My guess is SWB, maybe out of canada. But I definitely think SWB...
>
>Jennifer
>
>
>
>>= Original Message From Raymond  Thomas <[EMAIL PROTECTED]>
>=
>>Everybody, check some archive articles on Cisco and partnership and you
>will
>>see who is the largest reseller of Cisco equipment and Cisco powered
>>Networks. It is not IBM, even though they are also a client of ours ;-)
>>
>>Raymond Thomas
>>Senior Executive Consultant
>>Concepts In Staffing Inc.
>>9 East 37th Street 2nd Floor
>>New York, N.Y. 10016
>>
>>(212) 293-4458 direct  (212) 652-0805 fax
>>email: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>-Original Message-
>>From: Simon [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, January 18, 2001 3:46 PM
>>To: [EMAIL PROTECTED]
>>Subject: Re: #1 Gold (was: Any Network Managers out there?) [3:982]
>>
>>
>>Since this is probably based on $$$ I would guess IBM Global Services
>>
>> wrote in message
>>news:[EMAIL PROTECTED]...
>>> People!
>>>  I can't believe you don't know this one...it's a giveaway. Cisco's
>#1
>>> Gold partner has to be one of two companies...Nortel Networks or
>>Juniper!!!
>>> Where else would they need 43 CCIE's to fix all the problems with their
>>> products? It's simple. Hehehe, sorry, guess that's just some Friday
>humor.
>>> On
>>> the serious side. I would guess that it was an ISP so I'm gonna go with
>>> Sprint as being the #1 largest. Just an educated guess though. So what's
>>the
>>> answer Raymond?  =)
>>>
>>> Mark Z.
>>>
>>> In a message dated 1/11/01 11:41:04 PM Eastern Standard Time,
>>> [EMAIL PROTECTED] writes:
>>>
>>>
>>> > Hmm, SBC has a bunch of CCIEs.  There's an SBC CCIE in JAX who's really
>>> > sharp, almost as sharp as me ;-p
>>> >
>>> > -s
>>> >
>>> > -Original Message-
>>> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>>> > Raymond Thomas
>>> > Sent: Friday, January 12, 2001 12:26 AM
>>> > To: [EMAIL PROTECTED]
>>> > Subject: RE: Any Network Managers out there? [3:982]
>>> >
>>> >
>>> > Not them either!
>>> >
>>> > RT
>>> >
>>> > -Original Message-
>>> > From: Dennis
>>> > To: [EMAIL PROTECTED]
>>> > Sent: 1/11/01 10:43 PM
>>> > Subject: Re: Any Network Managers out there? [3:982]
>>> >
>>> > definately not one of those.
>>> > maybe Equant or BANI or NEC
>>> >
>>> >
>>> > "sfbayer"  wrote in message
>>> > news:[EMAIL PROTECTED]...
>>> > > Who's Cisco's largest gold partner? Lucent? IBM? ATT?
>>> > >
>>> > >
>>> > > "Raymond Thomas"  wrote in message
>>> > > news:[EMAIL PROTECTED]...
>>> > > > Funny thing,
>>> > > >
>>> > > > I have the same exact need in NYC too for Cisco's largest Gold
>>> > Partner
>>> > > with
>>> > > > 43 CCIE's on staff ;-)
>>> > > >
>>> > > > Raymond Thomas
>>> > > >
>>> > > > -Original Message-
>>> > > > From: Lisa Felner
>>> > > > To: [EMAIL PROTECTED]
>>> > > > Sent: 1/10/01 7:00 PM
>>> > > > Subject: RE: Any Network Managers out there? [3:982]
>>> > > >
>>> > > > Actually Chuck, the manager does not need to be the techical
>expert.
>>> > > > What
>>> > > > my client is looking for is a true Engineering Manager.  The person
>>> > will
>>> > > > handle the coordination of pre-sales engineers and post-sales
>>> > engineers,
>>> > > > reviews, client satisfaction, paperwork approvals and hiring, and
>so
>>> > on.
>>> > > >
>>> > > > Making sure that the company is meeting budget, visiting with
>>> > clients to
>>> > > > assure their satisfaction and so on.
>>> > > >
>>> > > > The CCIE's and Sr. Network engineers that report to the manager are
>>> > the
>>> > > > ones
>>> > > > that need to be REALLY technical.
>>> > > >
>>> > > > So, if your are the technical person that it sounds to me are you,
>>> > then
>>> > > > this
>>> > > > may not be the right spot for you.
>>> > > >
>>> > > > However, if you are an experience manager that has had experience
>>> > > > managing
>>> > > > technical people we may have somthing to discuss.
>>> > > >
>>> > > > Thanks for your mess

Line in Runnung Config

[James Haynes]

I am trying to find any information one might have to the following line in
a configuration. I've checked on CCO, but all I get are examples of
configurations with this in it.


cns event-service server

Thx again for your help.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AHHHHHHHHHHHHHHHHHH 1 point short

[Ray Mosely]

Amen.
The animal and human studies show that classical
music can help with concentration and retention.
I often listen to classical while studying, and
I can feel the tensions and distractions melting
away.
Ray M.
CCNA, MCSE

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jennifer Cribbs
Sent: Thursday, January 18, 2001 1:35 PM
To: Fowler, Joey
Cc: [EMAIL PROTECTED]
Subject: RE: AHH 1 point short


Since I've only had one test, I can only speak for myself..I had my husband
drive me and we were absolutely silent on the trip with me doing last minute
cramming, with cotton in my ears in case he turned the radio on. We road
this
was for a good hr and half.  Maybe two. (I was nervous about being
distracted).  But at home, I put headphones on at a very very loud volume of
wonderful classical music.  They say (and I don't know who they are), but
they
say that classical music helps memory retention.  hehe
I was raised with classical.  But I am well aware of how most folks feel
about
it.

Jen

>= Original Message From "Fowler, Joey" <[EMAIL PROTECTED]> =
>I personally find that listening to "Eye of the Tiger" from the Rocky =
>movies
>is perfect.
>
>-Original Message-
>From: john hudson [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 18, 2001 1:31 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Re: AW: AHH 1 point short
>
>
>
>do you want to REALLy know the secret to taking exam`s
>
>REALLY..
>
>
>well here it is ..
>
>1. GET in your Car
>2.turn up the stereo
>3. SING as LOUD as you can to some VERY UPBEAT tunes.
>
>this puts you in a good mood and enables you to concetrate better
>
>the better the mood you are in the easier it is to concentrate
>
>so iam told that is a proven medical FACT.
>
>it helps me (but i always end up laughing when in the exam)
>( i keep thinking of how stupid i look chillin` in my ride ...Singing =
>to sum
>
>lame tune...)
>
>regards
>
>john
>
>>From: Stuart Laubstein <[EMAIL PROTECTED]>
>>Reply-To: Stuart Laubstein <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED]
>>Subject: AW: AHH 1 point short
>>Date: Thu, 18 Jan 2001 17:45:18 +0100
>>
>>I always try to get 40 minutes of strenous exercise about 2 hours =
>before an
>>exam--Then I eat some fruit before going in, an orange or something. =
>Of
>>course I always go out for a few beers(or Vodka Redbulls) after the
>>exam(pass or fail there is always a good excuse). The most important =
>thing
>>to me is  not to go in paralysed with fear but also to maintain a =
>healthy
>>respect for the test.  I like the fish idea though and will try it on =
>Feb
>>6th when I take my next test
>>
>>stu
>>
>>-Urspr=FCngliche Nachricht-
>>Von: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
>>Gesendet am: Thursday, January 18, 2001 4:59 PM
>>An: 'Ray Mosely'; [EMAIL PROTECTED]
>>Betreff: RE: AHH 1 point short
>>
>>This may sound odd, but I always have fish for dinner the night before =
>an
>>exam - that makes my brain work a little better. I guess it's the =
>protein=20
>>or
>>something, I don't know - haven't passed the FISH 2.0 exam yet :-)
>>
>>Also, I always drink a coke an hour before the exam, so I don't find =
>my=20
>>self
>>sleeping when the time is up.
>>
>>Ole
>>
>>
>>  Ole Drews Jensen
>>  Systems Network Manager
>>  CCNA, MCSE, MCP+I
>>  RWR Enterprises, Inc.
>>  [EMAIL PROTECTED]
>>  http://www.CiscoKing.com
>>
>>  NEED A JOB ???
>>  http://www.oledrews.com/job
>>
>>
>>
>>
>>-Original Message-
>>From: Ray Mosely [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, January 18, 2001 9:35 AM
>>To: [EMAIL PROTECTED]
>>Subject: RE: AHH 1 point short
>>
>>
>>Generally speaking, it is recommended that a person
>>get a really good night's sleep two nights before an
>>upcoming event, with the thought in mind that the
>>night before will be stressful sleep no matter what.
>>
>>I usually try to live up to this advice, and it
>>works for me.
>>
>>Ray Mosely
>>CCNA, MCSE
>>
>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>>Charles Henson
>>Sent: Thursday, January 18, 2001 8:28 AM
>>To: [EMAIL PROTECTED]
>>Subject: Re: AHH 1 point short
>>
>>
>>I feel your pain. Scored a 69 on Tuesday morning. Taking it again in 5
>>hours. For three days before the last test I didn't get but 2-3 hours =
>a
>>night. I totally overstressed myself. So i'm not cramming at all for =
>this
>>one. I've casually gone over some notes and focused on some things and =
>I
>>feel more prepared than before. I'll repost this afternoon.
>>
>>Charles
>>
>>
>>"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> > I was so nervous about taking the test I only slept 3 hours last =
>night.

Re: 2500 xmodem flash transfer

[Circusnuts]

Xmodem is only needed for routers that have the potential of being delivered
without modules.  Your 2500 could never suffer from this problem :-)

Phil

- Original Message -
From: "Albert Lu" <[EMAIL PROTECTED]>
To: "Circusnuts" <[EMAIL PROTECTED]>; "william yuwono"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 11:31 AM
Subject: Re: 2500 xmodem flash transfer


> Is there no way to up/download IOS images in 2500 without transceivers?
I'm
> trying to up/download images and have had no luck playing with the xmodem.
> I've got a 2600, and that has the xmodem command.
>
> --
> > From: Circusnuts <[EMAIL PROTECTED]>
> > To: william yuwono <[EMAIL PROTECTED]>; Albert Lu
> <[EMAIL PROTECTED]>
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: 2500 xmodem flash transfer
> > Date: Thursday, January 18, 2001 5:55 PM
> >
> > Are you sure this will work ???  I know the 2500 & the 4000's ROM's do
> not
> > allow for this...
> >
> > Phil
> > - Original Message -
> > From: "william yuwono" <[EMAIL PROTECTED]>
> > To: "Albert Lu" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Thursday, January 18, 2001 9:57 PM
> > Subject: Re: 2500 xmodem flash transfer
> >
> >
> > > If you a using xmodem command, you can follow the step like below:
> > >
> > > 1. Change console speed of router to the highest speed its supported.
> > > 2. After changes the speed, changes your  hyperterm speed
> > > to the console's speed.
> > > 3. type xmodem -c at the rommon promt of router.
> > > 4. clik transfer> send file, then specify your image
> > > name and location
> > > 5. Wait until it transfer all to the router and programmed
> > > to the flash. and after that it will reset
> > > automatically.
> > >
> > > I hope that help. Corect me if i am wrong.
> > >
> > > Regards,
> > >
> > > William
> > >
> > >
> > > - Original Message -
> > > From: Albert Lu <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, January 18, 2001 12:46 AM
> > > Subject: 2500 xmodem flash transfer
> > >
> > >
> > > > Hi,
> > > >
> > > > Could anyone point me to some info on transfering IOS images to/from
> a
> > > > 2500?
> > > >
> > > > Thanks
> > > >
> > > > Albert
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hard/software requirement

[Jason T.]

The model I have is WS-5213 (12-port 10/100BASE-TX Fast Ethernet RJ-45).
Does this support trunking?

<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A lot of older catalyst 5000 blades don't support either trunking or
> etherchannel.  What is the exact model number of the blade?  If it
doesn't,
> upgrading to a new supervisor won't do anything for you.
>
> -Original Message-
> From: Jason T. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 18, 2001 1:59 PM
> To: [EMAIL PROTECTED]
> Subject: Hard/software requirement
>
>
> Hi Group, does anyone know what's the minimum hw/sw requirement to set up
a
> trunk port?  I have a cat5500 with Supervisor Engine I running s/w 3.2(1b)
&
> a 12-port 10/100BASE-TX Fast Ethernet blade running s/w 3.2(1) connecting
to
> a FastEthernet on a cisco 7204.  I cannot get trunking to work.  The
switch
> doesn't understand "show port capabilities".  Do I need a Supervisor
Engine
> II in order to do trunking?  Thanks.
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hard/software requirement

[hmalmgren]

A lot of older catalyst 5000 blades don't support either trunking or
etherchannel.  What is the exact model number of the blade?  If it doesn't,
upgrading to a new supervisor won't do anything for you.  

-Original Message-
From: Jason T. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 1:59 PM
To: [EMAIL PROTECTED]
Subject: Hard/software requirement


Hi Group, does anyone know what's the minimum hw/sw requirement to set up a
trunk port?  I have a cat5500 with Supervisor Engine I running s/w 3.2(1b) &
a 12-port 10/100BASE-TX Fast Ethernet blade running s/w 3.2(1) connecting to
a FastEthernet on a cisco 7204.  I cannot get trunking to work.  The switch
doesn't understand "show port capabilities".  Do I need a Supervisor Engine
II in order to do trunking?  Thanks.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: #1 Gold (was: Any Network Managers out there?) SWB

[Jennifer Cribbs]

My guess is SWB, maybe out of canada. But I definitely think SWB...

Jennifer

>= Original Message From Simon <[EMAIL PROTECTED]> =
>Since this is probably based on $$$ I would guess IBM Global Services
>
> wrote in message
>news:[EMAIL PROTECTED]...
>> People!
>>  I can't believe you don't know this one...it's a giveaway. Cisco's #1
>> Gold partner has to be one of two companies...Nortel Networks or
>Juniper!!!
>> Where else would they need 43 CCIE's to fix all the problems with their
>> products? It's simple. Hehehe, sorry, guess that's just some Friday humor.
>> On
>> the serious side. I would guess that it was an ISP so I'm gonna go with
>> Sprint as being the #1 largest. Just an educated guess though. So what's
>the
>> answer Raymond?  =)
>>
>> Mark Z.
>>
>> In a message dated 1/11/01 11:41:04 PM Eastern Standard Time,
>> [EMAIL PROTECTED] writes:
>>
>>
>> > Hmm, SBC has a bunch of CCIEs.  There's an SBC CCIE in JAX who's really
>> > sharp, almost as sharp as me ;-p
>> >
>> > -s
>> >
>> > -Original Message-
>> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>> > Raymond Thomas
>> > Sent: Friday, January 12, 2001 12:26 AM
>> > To: [EMAIL PROTECTED]
>> > Subject: RE: Any Network Managers out there? [3:982]
>> >
>> >
>> > Not them either!
>> >
>> > RT
>> >
>> > -Original Message-
>> > From: Dennis
>> > To: [EMAIL PROTECTED]
>> > Sent: 1/11/01 10:43 PM
>> > Subject: Re: Any Network Managers out there? [3:982]
>> >
>> > definately not one of those.
>> > maybe Equant or BANI or NEC
>> >
>> >
>> > "sfbayer"  wrote in message
>> > news:[EMAIL PROTECTED]...
>> > > Who's Cisco's largest gold partner? Lucent? IBM? ATT?
>> > >
>> > >
>> > > "Raymond Thomas"  wrote in message
>> > > news:[EMAIL PROTECTED]...
>> > > > Funny thing,
>> > > >
>> > > > I have the same exact need in NYC too for Cisco's largest Gold
>> > Partner
>> > > with
>> > > > 43 CCIE's on staff ;-)
>> > > >
>> > > > Raymond Thomas
>> > > >
>> > > > -Original Message-
>> > > > From: Lisa Felner
>> > > > To: [EMAIL PROTECTED]
>> > > > Sent: 1/10/01 7:00 PM
>> > > > Subject: RE: Any Network Managers out there? [3:982]
>> > > >
>> > > > Actually Chuck, the manager does not need to be the techical expert.
>> > > > What
>> > > > my client is looking for is a true Engineering Manager.  The person
>> > will
>> > > > handle the coordination of pre-sales engineers and post-sales
>> > engineers,
>> > > > reviews, client satisfaction, paperwork approvals and hiring, and so
>> > on.
>> > > >
>> > > > Making sure that the company is meeting budget, visiting with
>> > clients to
>> > > > assure their satisfaction and so on.
>> > > >
>> > > > The CCIE's and Sr. Network engineers that report to the manager are
>> > the
>> > > > ones
>> > > > that need to be REALLY technical.
>> > > >
>> > > > So, if your are the technical person that it sounds to me are you,
>> > then
>> > > > this
>> > > > may not be the right spot for you.
>> > > >
>> > > > However, if you are an experience manager that has had experience
>> > > > managing
>> > > > technical people we may have somthing to discuss.
>> > > >
>> > > > Thanks for your message.
>> > > >
>> > > > Lisa
>> > > > Chuck Larrieu wrote:
>> > > > >
>> > > > > Positions like this intrigue me, but probably not for the
>> > > > > reasons you all
>> > > > > might think.
>> > > > >
>> > > > > Back in my days as a tech dept manager, the thing I absolutely
>> > > > > hated the
>> > > > > most was the management parts - the reviews, the approvals, the
>> > > > > bill paying,
>> > > > > all that crap. I found the more my department grew, the less
>> > > > > fun I was
>> > > > > having because I wasn't really doing the hands on that got me
>> > > > > there.
>> > > > >
>> > > > > Also, over the years, I have come to believe that good
>> > > > > technology skills are
>> > > > > not necessary a part of good management skills.
>> > > > >
>> > > > > In other words, when I see a post like this, I still ask myself
>> > > > > - how
>> > > > > necessary is it for the manager to be the ultimate expert on
>> > > > > the technical
>> > > > > aspects of the job? I.e. the manager is the CCIE and the
>> > > > > department is
>> > > > > CCNP's and CCNA's. to be truthful, I begin to get the feeling
>> > > > > that this may
>> > > > > be somewhat inverted, in terms of best use of the skill set.
>> > > > >
>> > > > > Anyone?
>> > > > >
>> >
>>
>>
>>
>>
>> Message Posted at:
>> http://www.groupstudy.com/form/read.php?f=3&i=1009&t=982
>> --
>> To unsubscribe from the Jobs list, send a message to
>[EMAIL PROTECTED] with the body containing:
>> unsubscribe jobs
>>
>
>
>
>
>Message Posted at:
>http://www.groupstudy.com/form/read.php?f=3&i=1075&t=982
>--
>To unsubscribe from the Jobs list, send a message to [EMAIL PROTECTED] 
with the body containing:
>unsubscribe jobs

--

routing problem.

[Keith Whitfield]

Hi Group,

I have a setup something like this.

PIX---(eth)RouterT1 link---Router---LAN(remote site)

The requirement si that I a should be able to see the LAn at
remote side on the PIX interface that is connected to the
Ethernet of the router at the central office. If I enable
routing to route the network at the remote site out of the
ethernet interface connected to the PIX, will the pix be able to
see that network? If, not, then can I make the Pix interface,
the router ethernet and the remote LAN all belong to the same
subnet? I haven't configured any kind of bridging till now.
Can anyone please suggest me to a link where I can study to get
this setup working. Any help is appreciated.

Thanks in advance.

Regards
Keith

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Hard/software requirement

[Jason T.]

Hi Group, does anyone know what's the minimum hw/sw requirement to set up a
trunk port?  I have a cat5500 with Supervisor Engine I running s/w 3.2(1b) &
a 12-port 10/100BASE-TX Fast Ethernet blade running s/w 3.2(1) connecting to
a FastEthernet on a cisco 7204.  I cannot get trunking to work.  The switch
doesn't understand "show port capabilities".  Do I need a Supervisor Engine
II in order to do trunking?  Thanks.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AHHHHHHHHHHHHHHHHHH 1 point short

[Jennifer Cribbs]

Since I've only had one test, I can only speak for myself..I had my husband 
drive me and we were absolutely silent on the trip with me doing last minute 
cramming, with cotton in my ears in case he turned the radio on. We road this 
was for a good hr and half.  Maybe two. (I was nervous about being 
distracted).  But at home, I put headphones on at a very very loud volume of 
wonderful classical music.  They say (and I don't know who they are), but they 
say that classical music helps memory retention.  hehe
I was raised with classical.  But I am well aware of how most folks feel about 
it.

Jen

>= Original Message From "Fowler, Joey" <[EMAIL PROTECTED]> =
>I personally find that listening to "Eye of the Tiger" from the Rocky =
>movies
>is perfect.
>
>-Original Message-
>From: john hudson [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 18, 2001 1:31 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Re: AW: AHH 1 point short
>
>
>
>do you want to REALLy know the secret to taking exam`s
>
>REALLY..
>
>
>well here it is ..
>
>1. GET in your Car
>2.turn up the stereo
>3. SING as LOUD as you can to some VERY UPBEAT tunes.
>
>this puts you in a good mood and enables you to concetrate better
>
>the better the mood you are in the easier it is to concentrate
>
>so iam told that is a proven medical FACT.
>
>it helps me (but i always end up laughing when in the exam)
>( i keep thinking of how stupid i look chillin` in my ride ...Singing =
>to sum
>
>lame tune...)
>
>regards
>
>john
>
>>From: Stuart Laubstein <[EMAIL PROTECTED]>
>>Reply-To: Stuart Laubstein <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED]
>>Subject: AW: AHH 1 point short
>>Date: Thu, 18 Jan 2001 17:45:18 +0100
>>
>>I always try to get 40 minutes of strenous exercise about 2 hours =
>before an
>>exam--Then I eat some fruit before going in, an orange or something. =
>Of
>>course I always go out for a few beers(or Vodka Redbulls) after the
>>exam(pass or fail there is always a good excuse). The most important =
>thing
>>to me is  not to go in paralysed with fear but also to maintain a =
>healthy
>>respect for the test.  I like the fish idea though and will try it on =
>Feb
>>6th when I take my next test
>>
>>stu
>>
>>-Urspr=FCngliche Nachricht-
>>Von: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
>>Gesendet am: Thursday, January 18, 2001 4:59 PM
>>An: 'Ray Mosely'; [EMAIL PROTECTED]
>>Betreff: RE: AHH 1 point short
>>
>>This may sound odd, but I always have fish for dinner the night before =
>an
>>exam - that makes my brain work a little better. I guess it's the =
>protein=20
>>or
>>something, I don't know - haven't passed the FISH 2.0 exam yet :-)
>>
>>Also, I always drink a coke an hour before the exam, so I don't find =
>my=20
>>self
>>sleeping when the time is up.
>>
>>Ole
>>
>>
>>  Ole Drews Jensen
>>  Systems Network Manager
>>  CCNA, MCSE, MCP+I
>>  RWR Enterprises, Inc.
>>  [EMAIL PROTECTED]
>>  http://www.CiscoKing.com
>>
>>  NEED A JOB ???
>>  http://www.oledrews.com/job
>>
>>
>>
>>
>>-Original Message-
>>From: Ray Mosely [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, January 18, 2001 9:35 AM
>>To: [EMAIL PROTECTED]
>>Subject: RE: AHH 1 point short
>>
>>
>>Generally speaking, it is recommended that a person
>>get a really good night's sleep two nights before an
>>upcoming event, with the thought in mind that the
>>night before will be stressful sleep no matter what.
>>
>>I usually try to live up to this advice, and it
>>works for me.
>>
>>Ray Mosely
>>CCNA, MCSE
>>
>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>>Charles Henson
>>Sent: Thursday, January 18, 2001 8:28 AM
>>To: [EMAIL PROTECTED]
>>Subject: Re: AHH 1 point short
>>
>>
>>I feel your pain. Scored a 69 on Tuesday morning. Taking it again in 5
>>hours. For three days before the last test I didn't get but 2-3 hours =
>a
>>night. I totally overstressed myself. So i'm not cramming at all for =
>this
>>one. I've casually gone over some notes and focused on some things and =
>I
>>feel more prepared than before. I'll repost this afternoon.
>>
>>Charles
>>
>>
>>"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> > I was so nervous about taking the test I only slept 3 hours last =
>night.
>>The
>> > test isn't too bad and looking back on it I feel I over analyzed =
>many of
>> > the questions and a handful had me stumped.
>> >
>> > 1 question just cost me $200 :), Well I am going to try the exam =
>again
>> > tomorrow if I sleep well, can find the answers to about 10 =
>questions=20
>>that
>> > stumped me(For safe measure) and can get a seat.
>> >
>> > Thanks everyone for the help,
>> >
>> > I may have some questions for the group lat

Re: Cat5500 question

[Scott M. Trieste]

They are referring to the actual Supervisor Module.  Normally it is the
module with your console connection.

Regards,

Scott M. Trieste

""Jason Tran"" <[EMAIL PROTECTED]> wrote in message
947hfv$pju$[EMAIL PROTECTED]">news:947hfv$pju$[EMAIL PROTECTED]...
> Hi Group, just have a quick question.  I have a cat 5500 currently has a
> Supervisor Engine I.  If someone tells me I need Supervisor Engine II, is
he
> talking about software or hardware?  How am I going about changing it to
> Supervisor Engine II?  Thanks.
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AW: AHHHHHHHHHHHHHHHHHH 1 point short

[Fowler, Joey]

I personally find that listening to "Eye of the Tiger" from the Rocky =
movies
is perfect.

-Original Message-
From: john hudson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 18, 2001 1:31 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: AW: AHH 1 point short



do you want to REALLy know the secret to taking exam`s

REALLY..


well here it is ..

1. GET in your Car
2.turn up the stereo
3. SING as LOUD as you can to some VERY UPBEAT tunes.

this puts you in a good mood and enables you to concetrate better

the better the mood you are in the easier it is to concentrate

so iam told that is a proven medical FACT.

it helps me (but i always end up laughing when in the exam)
( i keep thinking of how stupid i look chillin` in my ride ...Singing =
to sum

lame tune...)

regards

john

>From: Stuart Laubstein <[EMAIL PROTECTED]>
>Reply-To: Stuart Laubstein <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: AW: AHH 1 point short
>Date: Thu, 18 Jan 2001 17:45:18 +0100
>
>I always try to get 40 minutes of strenous exercise about 2 hours =
before an
>exam--Then I eat some fruit before going in, an orange or something. =
Of
>course I always go out for a few beers(or Vodka Redbulls) after the
>exam(pass or fail there is always a good excuse). The most important =
thing
>to me is  not to go in paralysed with fear but also to maintain a =
healthy
>respect for the test.  I like the fish idea though and will try it on =
Feb
>6th when I take my next test
>
>stu
>
>-Urspr=FCngliche Nachricht-
>Von: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
>Gesendet am: Thursday, January 18, 2001 4:59 PM
>An: 'Ray Mosely'; [EMAIL PROTECTED]
>Betreff: RE: AHH 1 point short
>
>This may sound odd, but I always have fish for dinner the night before =
an
>exam - that makes my brain work a little better. I guess it's the =
protein=20
>or
>something, I don't know - haven't passed the FISH 2.0 exam yet :-)
>
>Also, I always drink a coke an hour before the exam, so I don't find =
my=20
>self
>sleeping when the time is up.
>
>Ole
>
>
>  Ole Drews Jensen
>  Systems Network Manager
>  CCNA, MCSE, MCP+I
>  RWR Enterprises, Inc.
>  [EMAIL PROTECTED]
>  http://www.CiscoKing.com
>
>  NEED A JOB ???
>  http://www.oledrews.com/job
>
>
>
>
>-Original Message-
>From: Ray Mosely [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 18, 2001 9:35 AM
>To: [EMAIL PROTECTED]
>Subject: RE: AHH 1 point short
>
>
>Generally speaking, it is recommended that a person
>get a really good night's sleep two nights before an
>upcoming event, with the thought in mind that the
>night before will be stressful sleep no matter what.
>
>I usually try to live up to this advice, and it
>works for me.
>
>Ray Mosely
>CCNA, MCSE
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Charles Henson
>Sent: Thursday, January 18, 2001 8:28 AM
>To: [EMAIL PROTECTED]
>Subject: Re: AHH 1 point short
>
>
>I feel your pain. Scored a 69 on Tuesday morning. Taking it again in 5
>hours. For three days before the last test I didn't get but 2-3 hours =
a
>night. I totally overstressed myself. So i'm not cramming at all for =
this
>one. I've casually gone over some notes and focused on some things and =
I
>feel more prepared than before. I'll repost this afternoon.
>
>Charles
>
>
>"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I was so nervous about taking the test I only slept 3 hours last =
night.
>The
> > test isn't too bad and looking back on it I feel I over analyzed =
many of
> > the questions and a handful had me stumped.
> >
> > 1 question just cost me $200 :), Well I am going to try the exam =
again
> > tomorrow if I sleep well, can find the answers to about 10 =
questions=20
>that
> > stumped me(For safe measure) and can get a seat.
> >
> > Thanks everyone for the help,
> >
> > I may have some questions for the group later if I can not find =
some
> > answers I am looking for.
> >
> >
> > -Eric
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to =
[EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondis

Re: why is routing needed with VLANs

[Jennifer Cribbs]

First of all, if I send this twice, excuse me...I am trying out outlook 
express and I am not sure it is sending anything...but I have a couple of 
questions and comments.

Questions:

 So the only reason vlans are implemented then is for a "type of subnet" that 
controls broadcasts from a layer 2 standpoint and for no other reason other 
than that.  And the benefits would be  increased bandwidth for the network 
since it is a form of broadcast control??  Is that correct?

Routers (layer 3 switches) are only necessary when communication between vlans 
is necessary?

And if that is so, routers are unnecessary in this type of network, unless 
they are there only for the purpose of connecting different vlans in the same 
network.

I am reading the last sentence you wrote and it is confusing to me.  "VLAN's 
that determined membership based on IP address would be a challenging thing to 
accomplish."  In school, I did this..at least I think I did..if I understand 
you correctly.  When you say based on Ip address, do you mean they are 
implemented at router level based on the ip addresses and that is how 
membership is determined??  By way of router access lists?  And then routed to 
the correct ports of the switch?


Jennifer




-Original Message-
From:   Peter Van Oene [SMTP:[EMAIL PROTECTED]]
Sent:   Thursday, January 18, 2001 8:08 AM
To: Ruben Arias; [EMAIL PROTECTED]
Subject:
To me, there is no concept of a layer three VLAN.  If you chose to route IP, 
you need a router, whether you have dynamic or statically configured broadcast 
scopes is fully irrelevant.  If you are talking about dynamic VLAN membership 
based on IP address (or protocol for that matter), then I will agree that some 
level of layer 3 and potentially above awareness is required to identify the 
address or protocol.  However, any such application that I have seen (mostly 
Xylan) performed this at the switch level.

Given most networks are running DHCP, or moving in that direction, VLAN's that 
determined membership based on IP address would be a challenging thing to 
accomplish.

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used 
you have a layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work 
to mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 
3 (please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
theoretical and practical discussions, the two concepts are totally unrelated 
and altogether unaware of each others presence.  An IP host will not detect a 
node is on another VLAN and hence send to the gateway, it will detect a node 
is on another subnet.  It doesn' t really care if the node is in the same 
broadcast domain or halfway around the world, if its not on the network, its 
sent via the gateway.  This is very strict behavior.  Nodes on different IP 
subnets do not communicate directly in any case without the use of an 
intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, 
particularly dynamic membership along with protocols like 802.1q, ISL, PVST 
etc that leverage and support VLANs do offer some element of challenge and 
opportunity for best practise designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP subnets 
was getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address of
>> >the default gateway.  So a layer 2 switch will never get the chance to try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> >> and, yes, I know, "What's so special about 'today' "?
>> >>)
>> >>As far I can understand it so far, about the only benefit that I see
>> >>from VLANs is reducing the size of broadcast domains.
>> >>
>> >>Suppose that I have a switch in the closet with one big flat address
>> >>space (well, it couldn't be that big with only one sw

RE: why is routing needed with VLANs

[Jennifer Cribbs]

Questions:

 So the only reason vlans are implemented then is for a "type of subnet" 
that controls broadcasts from a layer 2 standpoint and for no other reason 
other than that.  And the benefits would be  increased bandwidth for the 
network since it is a form of broadcast control??  Is that correct?

Routers (layer 3 switches) are only necessary when communication between 
vlans is necessary?

And if that is so, routers are unnecessary in this type of network, unless 
they are there only for the purpose of connecting different vlans in the 
same network.

I am reading the last sentence you wrote and it is confusing to me. 
 "VLAN's that determined membership based on IP address would be a 
challenging thing to accomplish."  In school, I did this..at least I think 
I did..if I understand you correctly.  When you say based on Ip address, do 
you mean they are implemented at router level based on the ip addresses and 
that is how membership is determined??  By way of router access lists?  And 
then routed to the correct ports of the switch?


Jennifer




-Original Message-
From:   Peter Van Oene [SMTP:[EMAIL PROTECTED]]
Sent:   Thursday, January 18, 2001 8:08 AM
To: Ruben Arias; [EMAIL PROTECTED]
Subject:Re: why is routing needed with VLANs

To me, there is no concept of a layer three VLAN.  If you chose to route 
IP, you need a router, whether you have dynamic or statically configured 
broadcast scopes is fully irrelevant.  If you are talking about dynamic 
VLAN membership based on IP address (or protocol for that matter), then I 
will agree that some level of layer 3 and potentially above awareness is 
required to identify the address or protocol.  However, any such 
application that I have seen (mostly Xylan) performed this at the switch 
level.

Given most networks are running DHCP, or moving in that direction, VLAN's 
that determined membership based on IP address would be a challenging thing 
to accomplish.

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used 
you have a layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard 
work to mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a 
layer 3 (please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot 
of theoretical and practical discussions, the two concepts are totally 
unrelated and altogether unaware of each others presence.  An IP host will 
not detect a node is on another VLAN and hence send to the gateway, it will 
detect a node is on another subnet.  It doesn' t really care if the node is 
in the same broadcast domain or halfway around the world, if its not on the 
network, its sent via the gateway.  This is very strict behavior.  Nodes on 
different IP subnets do not communicate directly in any case without the 
use of an intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, 
particularly dynamic membership along with protocols like 802.1q, ISL, PVST 
etc that leverage and support VLANs do offer some element of challenge and 
opportunity for best practise designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP 
subnets was getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address 
of
>> >the default gateway.  So a layer 2 switch will never get the chance to 
try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which 
is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> >> and, yes, I know, "What's so special about 'today' "?
>> >>)
>> >>As far I can understand it so far, about the only benefit that I see
>> >>from VLANs is reducing the size of broadcast domains.
>> >>
>> >>Suppose that I have a switch in the closet with one big flat address
>> >>space (well, it couldn't be that big with only one switch, now, could
>> >>it ?>).  Then someone says,
>> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
>> >>Le

RE: HELP WITH RAD MULTIPROTOCOL SWICTH

[Gustavo Gomez]

Model ???

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Barbara Cobbina
Sent: Jueves, 18 de Enero de 2001 02:39 p.m.
To: [EMAIL PROTECTED]
Subject: HELP WITH RAD MULTIPROTOCOL SWICTH


Comarades

Can someone please help me set up a rad multiprotocol
switch for me to be able to play with ISDN and frame
relay.

I need the pin-outs for the console cable so that I
can set it up  from scratch. I cannot  get into the
damn thing to manage or set it up initially. Can
anyone help ?

Cheers


Babs

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]