RE: TCP port number 0
ahp (51), eigrp (88), esp (50), gre (47), igrp (9), icmp (1), igmp (2), igrp (9), ip (0), ipinip (4), nos (94), ospf (89), pcp (108), pim (103), tcp (6), or udp (17). 0 is 'ip'. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nurarif W Sent: Friday, January 19, 2001 4:41 PM To: [EMAIL PROTECTED] Subject: TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN crossover???
Hello all I have a 2610 with 2 WIC-1B-U units in it and a 2503. I'm wondering if there is a way I can connect the 2 units with a ISDN crossover cable (if there is a wiring pattern or such a thing) in order to try and setup ISDN in a lab situation. Has anyone tried to do this? Do I maybe need some intermediate hardware to simulate ISDN with no connection to a telco or an ISP for this service? Thanks Dean Snider On the home stretch to CCNA. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat5500 question
SE II is hardware. A controller board, if you will. Just purchase it, install it, and configure it. Jason Tran wrote: Hi Group, just have a quick question. I have a cat 5500 currently has a Supervisor Engine I. If someone tells me I need Supervisor Engine II, is he talking about software or hardware? How am I going about changing it to Supervisor Engine II? Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem
You might want to send that info to CISCO, not an open newsgroup. Kamran Sheikh wrote: Sir / Madam i am unable to logon into the tracking system with putting all the correct information. Kindly tell me here is my information My Full Name is : Kamran Zamir Cisco ID : CSCO10168556 Waiting of your kind response. Thanks Kamran __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP port number 0
Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP WITH RAD MULTIPROTOCOL SWICTH
Sorry forgot to mention the modell. The model is FPS 8 --- Gustavo Gomez [EMAIL PROTECTED] wrote: Model ??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Barbara Cobbina Sent: Jueves, 18 de Enero de 2001 02:39 p.m. To: [EMAIL PROTECTED] Subject: HELP WITH RAD MULTIPROTOCOL SWICTH Comarades Can someone please help me set up a rad multiprotocol switch for me to be able to play with ISDN and frame relay. I need the pin-outs for the console cable so that I can set it up from scratch. I cannot get into the damn thing to manage or set it up initially. Can anyone help ? Cheers Babs __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dialer idle-timeout and dialer fast-idle commands
Can anyone tell me the difference between these two dialer commands ? Explanation given in the BCRAN course notes make the two appear to me as serving the same purpose. Cheers BABS __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port number 0
Hi, Without seeing the actual access-list, I would imagine that no port numbers are being logged because you are not interrogating the traffic at a port level, simply at a protocol level. You are seeing TCP traffic but not checking for the port. For example, if you have a list that resembles the following: access-list 101 deny tcp host 192.168.1.1 any log access-list 101 permit ip any any then the router will not check the port number (cos it doesnt need to - you havent specified any port numbers) if you want to see the port number, then you will have to add an entry that forces the router to check the port, like in the following. The first entry will force the check. access-list 101 permit tcp host 192.168.1.1 eq smtp any access-list 101 deny tcp host 192.168.1.1 any log access-list 101 permit ip any any Hope this makes sense! --- Chris Miles Senior Support Engineer Customer Network Engineering REDNET Ltd - Original Message - From: "Nurarif W" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 7:40 AM Subject: TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AW: dialer idle-timeout and dialer fast-idle commands
Dialer idle timeout is used on lines where no contention takes place you would use the fast idle command on lines where there is contention. Fast idle is generally much lower I think 30 seconds is default while idel timeout is 120 secnds or maybe 180 by default. stuart -Ursprüngliche Nachricht- Von: Barbara Cobbina [mailto:[EMAIL PROTECTED]] Gesendet am: Friday, January 19, 2001 10:31 AM An: [EMAIL PROTECTED] Betreff: dialer idle-timeout and dialer fast-idle commands Can anyone tell me the difference between these two dialer commands ? Explanation given in the BCRAN course notes make the two appear to me as serving the same purpose. Cheers BABS __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dialer idle-timeout and dialer fast-idle commands
Dialer idle-timeout Sets the time that the line can remain idle before it is disconnected. Default being 120 seconds. This means that if Site A just made a call to the Corporate HQ, sent it's traffic and now has nothing left to send, the line will remain up for 120 seconds in case some more traffic is destined for Corporate HQ. This saves time in having to establish another call to Corporate HQ. Dialer fast-idle Sets the time that a line can remain idle before the current call is disconnected to allow another call that is waiting to use the line. Default is 20 seconds. So, in keeping with my first example. Site A made a call to Corporate HQ, sent all it's traffic and has the line still up with Corporate HQ. Now Site A needs to place a call to Site B, but it's line is tied up, sitting on idle to Corporate HQ. Fast-idle will force the Corporate HQ call to drop so that it can re-use the line to call Site B. Chris -Original Message- From: Barbara Cobbina [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 4:31 AM To: [EMAIL PROTECTED] Subject: dialer idle-timeout and dialer fast-idle commands Can anyone tell me the difference between these two dialer commands ? Explanation given in the BCRAN course notes make the two appear to me as serving the same purpose. Cheers BABS __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whew... I passed
ItsMe, We need to start a whole other thread on your situation. ItsMe wrote: I'm not saying I don't think you owe the company if they pay your way, by no means. I just saying to be aware of what you are agreeing to. Wow 30K to 120K, I could double my pay and not be at 120K, it may be time to move forward. Me ccnp+security, ccdp, mcse, mcp+i, n+, a+ "Dennis Laganiere" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm ready to get spammed for this, but here are some thoughts from the other side of management. If YOU paid for your own training, lab equipment, and lab attempts (probably multiple, at $1,000 piece) then I could see your asking for a huge raise. HOWEVER, if the company paid for your training, bought $15,000 to $20,000 worth of lab equipment for you to play with, and gave you the time to study, + lab attempts, +travel expenses+ god-knows-what-else, I think you owe something back, and perhaps some time served at your current rate is the least they could expect in return. If they support you through the whole process and you either leave or start barking for the stars salary-wise, the guy next to you, who's six months behind you on the same career path, won't get the price of honey for his tea. Again, these are just my $.02 --- Dennis -Original Message- From: ItsMe To: [EMAIL PROTECTED] Sent: 1/18/01 6:39 PM Subject: Re: Whew... I passed Convincing the VP isn't the hard part, its after you pass explaining to the VP that a $20K/year raise is warranted. Which in turn he says your are nuts, so you decide to leave... until he breaks out the agreement that says in fine print that you have agreed to pay back all training funds it you leave... Be careful! "Jim Healis" [EMAIL PROTECTED] wrote in message DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2... Well, I did it. I passed the CCIE written exam this morning. And, for just a moment, I felt the weight of the world lift off my shoulders. Then I thought about the lab exam and what I need to do to get there. Thankfully, I have a plan; it just needs to be put on paper so it can be a working document. I have posted much in the recent weeks about how I have studied to get this far, so I won't post it again. But if you have specific questions about certain areas, that won't violate the NDA, I will be happy to answer them. Now, my next challenge comes along... not the lab... convincing my boss that the company should pay for the lab exam and any needed materials for getting there. I know that I shouldn't rely on this as the means to the end; but if I can get it, why not? Anyone have any pointers on how to convince a VP that doesn't know much about the CCIE program that he should approve these things? Thanks for the wonderful humor and study tips! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why is routing needed with VLANs - ARP?
Because VLANs are what they are, virtual lans, in other words many lan segments (self contained broadcast domains). We're trying to accomplish something in software, which was traditionally implemented physically. The Question 2 you is... What is the traditional way of moving 1 packet from a lan segment to another that doesnt share the same broadcast domain? (i.e. Not just connected by a bridge or layer 2 switch) Answer: Routing. Clients don't find IP address of other clients in different broadcast domains. To them, they simply don't exist. Only the common Router between them exists. (Layer 2 is completely Ignorant of Layer 3). They only ARP the IP address of the Router. Or should I say RARP. They're usually configured with the gw IP already. Wayne -Original Message- From: Bob Vance [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 17, 2001 2:50 AM To: CISCO_GroupStudy List (E-mail) Subject: RE: why is routing needed with VLANs - ARP? What I'm saying is that, before we implement VLANs, we have a flat address space, with obviously, no routing. Now, suppose that I arbitrarily decide not to forward broadcasts out ports 6-10 through some IOS command. Everything will still work quite happily (except anything relying on those broadcasts, of course). ... Ooops. I think that I just saw the answer. One of those broadcast thingys is lil' ole ARP. So, how does a client find the IP address of a destination if the destination is outside the VLAN? It's funny that this wasn't pointed out in any of my VLAN reading (admittedly limited to ICND coursebook and Caslow). It just arbitrarily says unicasts are blocked or routing is required without giving a reason. Oh, well. - Tks | mailto:[EMAIL PROTECTED] BV | mailto:[EMAIL PROTECTED] Sr. Technical Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 = -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance Sent: Tuesday, January 16, 2001 11:35 AM To: CISCO_GroupStudy List (E-mail) Subject: why is routing needed with VLANs OK. I must be brain dead, today. (and, yes, Chuck, I *have* had my morning dose of Diet Coke :) and, yes, I know, "What's so special about 'today' "? ) As far I can understand it so far, about the only benefit that I see from VLANs is reducing the size of broadcast domains. Suppose that I have a switch in the closet with one big flat address space (well, it couldn't be that big with only one switch, now, could it ?). Then someone says, "You know, we're getting a lot of blah-blah broadcast traffic. Let's VLAN. " OK, fine. We VLAN and put whatever services in each VLAN that are required to handle the broadcasts (e.g., DHCP service). So, now the switch doesn't send broadcasts outside a particular VLAN. But, what's so magic about a VLAN that the switch also decides not to send unicasts outside a VLAN. Before the VLANs, the switch maintained a MAC table and knew which port to go out to get to any unicast address in the entire space. So, why can't it continue to do that after we arbitrarily implement some constraint on broadcast addresses? It seems to me that the same, exact MAC table, with an additional VLAN field would not require that restriction. If it's a broadcast, send the packet only out ports with a VLAN-id that matches the source port's VLAN-id. If it's a unicast, handle it just like we used to. Similarly, even if we have 5 switches, I just don't see the requirement that we (as switch-code designers) must block unicasts and resort to a routing requirement. Even with 500 switches ... well, let's not get ridiculous :) I feel that there is a simple point that I've overlooked, so I will continue to RTFM while I await your responses.) - Tks | mailto:[EMAIL PROTECTED] BV | mailto:[EMAIL PROTECTED] Sr. Technical Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 = _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Remote Telnet access via dial-up
On Jun 10, 11:13am, Priscilla Oppenheimer wrote: Yes. I would have the head of anybody that tried that stunt. At the very least, he should have been using ssh. However, even that would have been dicey. As far as the lack of an analogue phone line, that problem is easily solved (depending on your point of view) by using CDPD (Cellular D? Packet Data). I have a friend in Canada that has a CDPD modem in his laptop. The service is $50/month for unlimited usage from Telus Mobility. It doesn't matter where he is, his laptop is always on-line. Add an ethernet card in the second PCMCIA slot, and you've got a roaming router that could create a back door into any network. }-- End of excerpt from Priscilla Oppenheimer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange Router CPU Utilisation
Hello, gang. I'd like to know if anyone has seen this behaviour of a 4505 (v.11.2) where it is able to handle heavy traffic throughout the day with no more than a 50% cpu utilisation max but shows a few periods of spikes up to 98% when there is no WAN traffic say 4am or 9pm. These spikes show up as "outgoing" traffic which lasts ~15 to 20 mins on MRTG chart. Nothing shows up on the syslogs. I once tried sniffer before the router "crashed" and all i saw was a build up of ICMP and "other" packets. My guess is this is because the router is not responding to client requests thus it keeps getting a barage of "ICMP". This only shows up on the ethernet ports, i.e. coming in from e0, out e1 in reference to MRTG. Any ideas would help. Thanks. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP over Frame-Relay
I got it to work, all I needed to do was to remove the =A0 ppp authenticatio= n=20 chap pap and it I could ping each other. Thanks Brian _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multicast Group Join???
It is driven by the application. The application decides it wants to work by multicasting packets or receiving multicast packets, so it reports it wants to join multicast group X where X is a multicast IP that was either coded into it, or configured by the user. If you have two users with the same application, but they enter different multicast IPs to use, they won't be able to talk because they will be in different groups. - Original Message - From: "Mike Balistreri" [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Thursday, January 18, 2001 10:35 PM Subject: Multicast Group Join??? I'm studying CCNP Switching and am hung-up on a part of multicast. Multicast works by a client sending a membership report that it wants to join a particular multicast group. I do not understand how the client knows about the existence of any particular group or what it's multicast address would be, or what application/service the client will receive as a part of that group. How does a client know enough about the group to want to join the group. I understand the layer 3 and layer 2 of it all, but I'm having a disconnect as to how it all interacts with the higher levels of the stack. Thank You, Mike B. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
On Mar 15, 10:37am, "Joseph Kiang" wrote: } } What's the difference between NetBIOS and NetBEUI??? NetBIOS is a networking API, similar to Berkeley sockets and winsocks. It is approximately layer 4. NetBEUI is a networking protocol. It is a very simple one where hosts are identified by 14 character names, and there is no network field (i.e. it isn't routable; things like DLSw and DLSw+ not withstanding). It is approximately layer 2. }-- End of excerpt from "Joseph Kiang" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why is routing needed with VLANs
Sorry, I was trying to make a puzzle with the words, instead I did a lot of noise in the line, looks like I have to improve my language! Peter Van Oene wrote: To me, there is no concept of a layer three VLAN. If you chose to route IP, you need a router, whether you have dynamic or statically configured broadcast scopes is fully irrelevant. If you are talking about dynamic VLAN membership based on IP address (or protocol for that matter), then I will agree that some level of layer 3 and potentially above awareness is required to identify the address or protocol. However, any such application that I have seen (mostly Xylan) performed this at the switch level. Given most networks are running DHCP, or moving in that direction, VLAN's that determined membership based on IP address would be a challenging thing to accomplish. *** REPLY SEPARATOR *** On 1/18/2001 at 9:21 AM Ruben Arias wrote: VLANs can be defined by MAC address or IP address. When MAC address is used, you have a layer 2 VLAN, when IP address is used you have a layer 3 VLAN and a router is needed. Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to mantain) Peter Van Oene wrote: Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 (please do not start with the "but what layer is arp again" :) Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of theoretical and practical discussions, the two concepts are totally unrelated and altogether unaware of each others presence. An IP host will not detect a node is on another VLAN and hence send to the gateway, it will detect a node is on another subnet. It doesn' t really care if the node is in the same broadcast domain or halfway around the world, if its not on the network, its sent via the gateway. This is very strict behavior. Nodes on different IP subnets do not communicate directly in any case without the use of an intermediary, layer 3 device. VLANs as a concept are of trivial complexity. VLAN membership, particularly dynamic membership along with protocols like 802.1q, ISL, PVST etc that leverage and support VLANs do offer some element of challenge and opportunity for best practise designs. I just felt that the line between VLANs (broadcast domains) and IP subnets was getting somewhat blurry when it really shouldn't be. *** REPLY SEPARATOR *** On 1/16/2001 at 10:19 AM Curtis Call wrote: Keep in mind that seperate VLANs will be seperate subnets. Which means that by default a host will encapsulate any IP packet destined for a different VLAN within an ethernet packet with a destination MAC address of the default gateway. So a layer 2 switch will never get the chance to try and "switch" between VLANs since everytime a host needs to get to a different VLAN (subnet) it will just send a packet to the router which is on the same VLAN in order for it to be routed. -Original Message- From: Bob Vance [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 16, 2001 8:35 AM To: CISCO_GroupStudy List (E-mail) Subject: why is routing needed with VLANs OK. I must be brain dead, today. (and, yes, Chuck, I *have* had my morning dose of Diet Coke :) and, yes, I know, "What's so special about 'today' "? ) As far I can understand it so far, about the only benefit that I see from VLANs is reducing the size of broadcast domains. Suppose that I have a switch in the closet with one big flat address space (well, it couldn't be that big with only one switch, now, could it ?). Then someone says, "You know, we're getting a lot of blah-blah broadcast traffic. Let's VLAN. " OK, fine. We VLAN and put whatever services in each VLAN that are required to handle the broadcasts (e.g., DHCP service). So, now the switch doesn't send broadcasts outside a particular VLAN. But, what's so magic about a VLAN that the switch also decides not to send unicasts outside a VLAN. Before the VLANs, the switch maintained a MAC table and knew which port to go out to get to any unicast address in the entire space. So, why can't it continue to do that after we arbitrarily implement some constraint on broadcast addresses? It seems to me that the same, exact MAC table, with an additional VLAN field would not require that restriction. If it's a broadcast, send = the packet only out ports with a VLAN-id that matches the source port's VLAN-id. If it's a unicast, handle it just like we used to. Similarly, even if we have 5 switches, I just don't see the requirement that we (as switch-code designers) must block unicasts and resort to a routing requirement. Even with 500 switches ... well, let's not get ridiculous :) I feel that there is a simple point that I've overlooked, so I will continue to RTFM while I await your
RE: HELP WITH RAD MULTIPROTOCOL SWICTH
I'll send via E-mail the complete manual in zip format only to you. Gustavo Gómez Professional Services Manager Mercury Communications Te: (5411) 4314-6555 Fax : (5411) 4314-6555 www.mercury.com.ar -Original Message- From: Barbara Cobbina [mailto:[EMAIL PROTECTED]] Sent: Viernes, 19 de Enero de 2001 06:26 a.m. To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: HELP WITH RAD MULTIPROTOCOL SWICTH Sorry forgot to mention the modell. The model is FPS 8 --- Gustavo Gomez [EMAIL PROTECTED] wrote: Model ??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Barbara Cobbina Sent: Jueves, 18 de Enero de 2001 02:39 p.m. To: [EMAIL PROTECTED] Subject: HELP WITH RAD MULTIPROTOCOL SWICTH Comarades Can someone please help me set up a rad multiprotocol switch for me to be able to play with ISDN and frame relay. I need the pin-outs for the console cable so that I can set it up from scratch. I cannot get into the damn thing to manage or set it up initially. Can anyone help ? Cheers Babs __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
NetBIOS can be transported over three main protocols, IP, IPX or at layer 2 over LLC (type 2 I believe). Netbeui is simply the name for Netbios over LLC. The lack of a layer 3 transport lends to all the criticism of its ability to scale, and also to its easy of use since it simply floods broadcast domains by default. Pete *** REPLY SEPARATOR *** On 1/19/2001 at 12:41 AM Joseph Kiang wrote: What's the difference between NetBIOS and NetBEUI??? _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Peter A. van Oene Juniper Networks Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Second hand ROUTERS/SWITCHES in London ?
htmlDIV PI live in London, have some routers for sale and also have a CCIE Azlan Training workbook (mint condition) for sale./P PMarkBRBR/P/DIV DIV/DIV DIV/DIVgt;From: "Gareth Hinton" [EMAIL PROTECTED] DIV/DIVgt;Reply-To: "Gareth Hinton" [EMAIL PROTECTED] DIV/DIVgt;To: [EMAIL PROTECTED] DIV/DIVgt;Subject: Re: Second hand ROUTERS/SWITCHES in London ? DIV/DIVgt;Date: Thu, 18 Jan 2001 00:05:52 - DIV/DIVgt; DIV/DIVgt;www.ebay.co.uk DIV/DIVgt; DIV/DIVgt;Nowhere near as big as the US version but it's there. DIV/DIVgt; DIV/DIVgt; DIV/DIVgt;""Aditya"" [EMAIL PROTECTED]wrote in message DIV/DIVgt;[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... DIV/DIVgt; gt; hi, DIV/DIVgt; gt; DIV/DIVgt; gt; I am new to London (oops). I want to setup a lab for CCIE. Can any body = DIV/DIVgt; gt; suggest me where to find a second hand routers in London city ? DIV/DIVgt; gt; Any web sites that sell/ships to UK ? DIV/DIVgt; gt; DIV/DIVgt; gt; any helps.. would be really appriciated. I mean it :) DIV/DIVgt; gt; DIV/DIVgt; gt; Cheers, DIV/DIVgt; gt; Aditya Kedia DIV/DIVgt; gt; CCNP CCDP MCSE+I DIV/DIVgt; gt; DIV/DIVgt; gt; _ DIV/DIVgt; gt; FAQ, list archives, and subscription info: DIV/DIVgt;http://www.groupstudy.com/list/cisco.html DIV/DIVgt; gt; Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] DIV/DIVgt; gt; DIV/DIVgt; DIV/DIVgt; DIV/DIVgt;_ DIV/DIVgt;FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html DIV/DIVgt;Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] DIV/DIVbr clear=allhrGet your FREE download of MSN Explorer at a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Redistribution
this works greatthanks. "Chris McCoy" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Jeff, Depending on IOS version there is a slight "feature" (I say bug) that allows you to do this. You make a 'summary-address' statement under your router ospf 500 configuration that covers the subnets you wish to summarize at the classful boundry, in this case it would be: router ospf 500 summary-address 152.52.15.0 255.255.255.0 summary-address 152.52.2.0 255.255.255.0 What this does is create two routes with the above mentioned addresses and points them to the Null 0 interface. These routes will be redistributed into IGRP and will propagate these as normal out Serial 0.4 since you are in the same basic "class B" range. If your serial interface were in a different class, you wouldn't need to do this since it would get auto-summarized to 152.52.0.0. Keep in mind that once you pick a subnet mask, you must stick with it throughout the same classful address. I say this is a bug since summary-address is normally used when you are redistributing other protocols into OSPF to summarize a range. Others may disagree. Chris M. --- Jeff McCoy [EMAIL PROTECTED] wrote: I have a senerio like this redistributing rtr int s0/0.3 - 152.52.0.3 /24 p int s0/0.4 - 152.52.64.3 /24 m int e0/0 - 152.52.2.1 /23 int loop0 - 152.52.15.254 /32 router ospf 500 net 152.52.0.0 0.0.15.255 area 0 router igrp 400 redistribute ospf 500 met 100 1 255 1 1500 passive-interface Ethernet0/0 passive-interface Serial0/0.3 passive-interface Loopback0 network 152.52.0.0 neighbor 152.52.64.4 Other OSPF routers have various masks for interfaces. I understand that only /24 networks will redistribute. On ABRs I put a statement like: area 3 range 152.52.33.0 255.255.255.0 This allows the IGRP to get the 33.0 /24 network. How do I get the networks 152.52.15.254/32 and 152.52.2.0/23 on area 0 to redistribute into IGRP? I have tried to add a statment like this on the redistributing router: area 0 range 152.52.15.0 255.255.255.0 This does not work. Any ideas? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN connectivity pbm.
Hi, I have a 64Kbps dialup ISDN line from my ISP.I use Cisco 1750 router for connectivity with Siemens Euro-NTBA NT1 device. The link was working fine when suddenly I started getting these messages on my Cisco console. ISDN BR0: received HOST_DISCONNECT call_id 0x80AF 00:53:240518168576: ISDN BR0: Event: Call to 916211010 was hung up. 00:53:242673712820: ISDN BR0: process_disc_ack(): call id 0x80AF, ces 1, call ty pe DATA 00:53:242673713200: ISDN BR0: received HOST_DISCONNECT_ACK call_id 0x80AF 00:53:240518168576: ISDN BR0: HOST_DISCONNECT_ACK: call type is DATA. 00:53:58: ISDN BR0: Outgoing call id = 0x80B0, dsl 0 00:53:58: ISDN BR0: Event: Call to 916211010 at 64 Kb/s 00:53:58: ISDN BR0: process_bri_call(): call id 0x80B0, called_number 916211010, speed 64, call type DATA 00:53:249108103168: CC_CHAN_GetIdleChanbri: dsl 0 00:53:249108103168: Found idle channel B1 00:53:251263647540: ISDN BR0: received HOST_INFORMATION call_id 0x80B0 00:53:249108103168: ISDN Event: dsl 0 call_id 0x80B0 B channel assigned by switc h 0 ISDN BR0: received HOST_DISCONNECT call_id 0x80B0 My ISP says that the voltage on ISDN line is fine (By the way: what shud be the normal voltage level on an ISDN line??) Few days back when I tested the voltage it was approx. 110 Volts DC. When I do sh isdn history on my router I find the router is not dialingthe BRI no. allotted to me by my ISP. Has the NT1 gone faulty ??? Kindly guide... Thanks in advance Puneet. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
A little further clarification. NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its name is an acronym for NetBIOS Extended User Interface. Adam Hickey - Original Message - From: "John Nemeth" [EMAIL PROTECTED] To: "Joseph Kiang" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, January 19, 2001 4:09 AM Subject: Re: Seally Question On Mar 15, 10:37am, "Joseph Kiang" wrote: } } What's the difference between NetBIOS and NetBEUI??? NetBIOS is a networking API, similar to Berkeley sockets and winsocks. It is approximately layer 4. NetBEUI is a networking protocol. It is a very simple one where hosts are identified by 14 character names, and there is no network field (i.e. it isn't routable; things like DLSw and DLSw+ not withstanding). It is approximately layer 2. }-- End of excerpt from "Joseph Kiang" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Beautiful Day, I passed CCIE written test today
Congrats! I passed Thursday with a 78 also! I'll see you in the lab study group! Congrats again! Charles Henson "Eric Gunn" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Everyone, Failing the CCIE written test by one point yesterday really left a bad taste in my mouth. I brushed up and took the test again today. The question pool must be pretty big as I only got maybe 15 questions that were the same from yesterday. Anyway I passed the test with a mark of 75 and am thrilled. This whole ordeal has given me a better respect for certification, especially this test. As much as I learned in the process of getting to this point, I also realized there is that much more to learn. I am now planning on a quick pit stop to get Nortell NNCSS certification in routing(Any advice out there?). I then plan to obtain CCNP specialties in ATM and Voice over IP while studying for the lab. Now I will have to look back in the mail archives for suggestions on putting together a CCIE lab and taking a 2nd mortgage on the home so I can afford the equipment. I'd like to thank everyone on the group for their advice, this has been the best source of information for me. Time to watch some brainless entertainment tonight(Cough) WWF Wrestling(cough) I find it helps me relax after thinking so much :) Thanks Everyone, -Eric Gunn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
On Jun 11, 12:14am, Adam Hickey wrote: } } A little further clarification. } } NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its } name is an acronym for NetBIOS Extended User Interface. Usually I think of "core" as being the innermost or lowest layer of something. NetBEUI doesn't provide a user interface, it is the lowest layer, sitting just above the hardware. The name is a bit of a misnomer. }-- End of excerpt from Adam Hickey _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why is routing needed with VLANs - ARP?
What is the traditional way of moving 1 packet from a lan segment to another that doesnt share the same broadcast domain? (i.e. Not just connected by a bridge or layer 2 switch) Answer: Routing. I know that you're speaking practically, but, it's not evident, a priori, that " moving 1 packet from a lan segment to another that doesn't share the same broadcast domain .. " *requires* routing. And, in fact, it *doesn't* (at least in the sense of IP routing. Let's not get too far into the semantics of the word "routing" ;). The whole point of my noodling, was "*Why* do we need the router." It would certainly be a lot cheaper (cost and process) if we didn't need one. The answer is that limiting broadcasts limits practical communication at the IP level because of IP address discovery (forgetting about all other protocols), as you point out. But, I contend that this is a practical consideration, not theoretical. For example, we *could*, of course, still have the possibility of entering static ARP entries into two clients on different VLANs pointing to each other in the same flat address space. Then *if* the switch commingled VLAN MAC addresses *and* forwarded inter-VLAN unicasts, *then* the 2 clients *could* talk. In fact, it seems that if there were some kind of server process in each VLAN that handled various broadcast requests, then the scenario *could* work, generally, without a router. Of course, we've just introduced another box/process, so what has been gained ?) I dunno. Just seems to me that the text books ought to point this out and make the router requirement clearer. Then, again, maybe I'm the only one that didn't see the issue right away :) This may be all just angels dancing on a pin, but thinking about the why always makes me learn more. One of my aphorisms is; "If you learn the *why* of something, you'll never forget the *how* of it. " Oh, boy. My kids, eyes are a-rollin', again :) - Tks | mailto:[EMAIL PROTECTED] BV | mailto:[EMAIL PROTECTED] Sr. Technical Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 = -Original Message- From: Baety Wayne A1C 18 CS/SCBD [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 6:11 AM To: 'Bob Vance' Cc: CISCO_GroupStudy List (E-mail) Subject: RE: why is routing needed with VLANs - ARP? Because VLANs are what they are, virtual lans, in other words many lan segments (self contained broadcast domains). We're trying to accomplish something in software, which was traditionally implemented physically. The Question 2 you is... What is the traditional way of moving 1 packet from a lan segment to another that doesnt share the same broadcast domain? (i.e. Not just connected by a bridge or layer 2 switch) Answer: Routing. Clients don't find IP address of other clients in different broadcast domains. To them, they simply don't exist. Only the common Router between them exists. (Layer 2 is completely Ignorant of Layer 3). They only ARP the IP address of the Router. Or should I say RARP. They're usually configured with the gw IP already. Wayne -Original Message- From: Bob Vance [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 17, 2001 2:50 AM To: CISCO_GroupStudy List (E-mail) Subject: RE: why is routing needed with VLANs - ARP? What I'm saying is that, before we implement VLANs, we have a flat address space, with obviously, no routing. Now, suppose that I arbitrarily decide not to forward broadcasts out ports 6-10 through some IOS command. Everything will still work quite happily (except anything relying on those broadcasts, of course). ... Ooops. I think that I just saw the answer. One of those broadcast thingys is lil' ole ARP. So, how does a client find the IP address of a destination if the destination is outside the VLAN? It's funny that this wasn't pointed out in any of my VLAN reading (admittedly limited to ICND coursebook and Caslow). It just arbitrarily says unicasts are blocked or routing is required without giving a reason. Oh, well. - Tks | mailto:[EMAIL PROTECTED] BV | mailto:[EMAIL PROTECTED] Sr. Technical Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 = -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance Sent: Tuesday, January 16, 2001 11:35 AM To: CISCO_GroupStudy List (E-mail) Subject: why is routing needed with VLANs OK. I must be brain dead, today. (and, yes, Chuck, I *have* had my morning dose of Diet Coke :) and, yes, I know, "What's so special about 'today' "? ) As far I can understand it so far, about the only
Re: TCP port number 0
- Original Message - From: ""õ¸®¾È¸ÞÀÏ"" [EMAIL PROTECTED] Newsgroups: groupstudy.cisco Sent: Friday, January 19, 2001 10:06 AM Subject: RE: TCP port number 0 ahp (51), eigrp (88), esp (50), gre (47), igrp (9), icmp (1), igmp (2), igrp (9), ip (0), ipinip (4), nos (94), ospf (89), pcp (108), pim (103), tcp (6), or udp (17). 0 is 'ip'. Sorry to say this, but all this has nothing to do with TCP ports - all these are IP protocol numbers (or you can think of these as IP packet payload type), so the IP stack "knows" what inside the packet. WWW.ietf.com :-) RGRDS, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN connectivity pbm.
Do you mind to post output from sh isdn status deb isdn q931 deb isdn q921 It could really help to troubleshoot RGRDS, "puneet bhardwaj" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have a 64Kbps dialup ISDN line from my ISP.I use Cisco 1750 router for connectivity with Siemens Euro-NTBA NT1 device. The link was working fine when suddenly I started getting these messages on my Cisco console. ISDN BR0: received HOST_DISCONNECT call_id 0x80AF 00:53:240518168576: ISDN BR0: Event: Call to 916211010 was hung up. 00:53:242673712820: ISDN BR0: process_disc_ack(): call id 0x80AF, ces 1, call ty pe DATA 00:53:242673713200: ISDN BR0: received HOST_DISCONNECT_ACK call_id 0x80AF 00:53:240518168576: ISDN BR0: HOST_DISCONNECT_ACK: call type is DATA. 00:53:58: ISDN BR0: Outgoing call id = 0x80B0, dsl 0 00:53:58: ISDN BR0: Event: Call to 916211010 at 64 Kb/s 00:53:58: ISDN BR0: process_bri_call(): call id 0x80B0, called_number 916211010, speed 64, call type DATA 00:53:249108103168: CC_CHAN_GetIdleChanbri: dsl 0 00:53:249108103168: Found idle channel B1 00:53:251263647540: ISDN BR0: received HOST_INFORMATION call_id 0x80B0 00:53:249108103168: ISDN Event: dsl 0 call_id 0x80B0 B channel assigned by switc h 0 ISDN BR0: received HOST_DISCONNECT call_id 0x80B0 My ISP says that the voltage on ISDN line is fine (By the way: what shud be the normal voltage level on an ISDN line??) Few days back when I tested the voltage it was approx. 110 Volts DC. When I do sh isdn history on my router I find the router is not dialingthe BRI no. allotted to me by my ISP. Has the NT1 gone faulty ??? Kindly guide... Thanks in advance Puneet. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port number 0
Most likely someone was trying to do some "passive OS fingerprinting" with hping2. The default port the hping2 uses is 0. They might have been trying to map your network or they may have been just poking around. Neil ""Nurarif W"" [EMAIL PROTECTED] wrote in message 009c01c081eb$19cc9730$160a@pokemon">news:009c01c081eb$19cc9730$160a@pokemon... Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN crossover???
Dean, You'll need an ISDN simulator. Or, you could order an ISDN line and use that. It really depends on the location you're going to be using your lab. -Brad Ellis CCIE#5796 Cisco Hardware: www.optsys.net "Dean Snider" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all I have a 2610 with 2 WIC-1B-U units in it and a 2503. I'm wondering if there is a way I can connect the 2 units with a ISDN crossover cable (if there is a wiring pattern or such a thing) in order to try and setup ISDN in a lab situation. Has anyone tried to do this? Do I maybe need some intermediate hardware to simulate ISDN with no connection to a telco or an ISP for this service? Thanks Dean Snider On the home stretch to CCNA. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dialer idle-timeout and dialer fast-idle commands
The idle-timeout is how long a particular link will stay up with no interesting traffic and with no other calls waiting to be placed. Now let's say you have a BRI with two channels and both are being used, but there is another call waiting to be placed, another dialer that wants to use the BRI. In this situation, the fast idle-timeout is how long a call will stay up with no interesting traffic before it disconnects the current call to make room for the next outgoing call. The fast idle is a simple way to quickly make room for new calls without waiting for the more lengthy idle-timeout period to expire. HTH, John Can anyone tell me the difference between these two dialer commands ? Explanation given in the BCRAN course notes make the two appear to me as serving the same purpose. Cheers BABS __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
point taken... =) Adam - Original Message - From: "John Nemeth" [EMAIL PROTECTED] To: "Adam Hickey" [EMAIL PROTECTED]; "Joseph Kiang" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, January 19, 2001 5:45 AM Subject: Re: Seally Question On Jun 11, 12:14am, Adam Hickey wrote: } } A little further clarification. } } NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its } name is an acronym for NetBIOS Extended User Interface. Usually I think of "core" as being the innermost or lowest layer of something. NetBEUI doesn't provide a user interface, it is the lowest layer, sitting just above the hardware. The name is a bit of a misnomer. }-- End of excerpt from Adam Hickey _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers in my lab
Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP port number 0
TCP port 0 is reserved. Bookmark this site: http://www.isi.edu/in-notes/iana/assignments/port-numbers Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nurarif W Sent: Thursday, January 18, 2001 11:41 PM To: [EMAIL PROTECTED] Subject:TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Follow up on multicast worm
Couple of follow ups on one of the latest threats: - Also see http://service1.symantec.com/sarc/sarc.nsf/html/Linux.Ramen.Worm.html I like the part about it patching the holes that it uses... --Steve Bellovin, http://www.research.att.com/~smb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Marshall Eubanks Sent: Friday, January 19, 2001 6:43 AM To: [EMAIL PROTECTED] Subject:Re: Second day of rolling blackouts starts Two people have asked me off list about the RAMEN worm, which affects Linux Redhat distro's. Here is brief description of the worm, and a link to more, from Lucy Lynch at Internet2 / UOregon. The multicast implications : This worm scans a portion of the multicast address space. These scans (packets) are viewed as new multicast sources by a PIM multicast enabled router, which encapsulates them and sends them to its RP. The RP creates MSDP Session Announcements FOR EACH SCAN and floods them to every RP neighbor it has in "nearby" AS's, and those repeat the process. The result is a MSDP packet storm. We have gotten 15,000 SA's a minute. Dealing with these can melt down routers. (We had to reboot a Cisco 7204, for example, which apparently either filled up or fragmented its memory beyond usability.) I think it is fair to say that the question of rate limiting and other DOS filtering in PIM/SSM/MSDP multicast is getting serious attention now. Marshall Eubanks "Lucy E. Lynch" wrote: a bit more info on ramen here: http://members.home.net/dtmartin24/ramen_worm.txt "And now, the contents of that ramen.tgz file: All the binaries are in the archive twice, with RedHat 6.2 and RedHat 7.0 versions. Numerous binaries were not stripped, which makes the job of taking them apart easier." asp: An xinetd config. file that will start up the fake webserver Used on RedHat 7.0 victim machines. asp62: HTTP/0.9-compatible server that always serves out the file /tmp/ramen.tgz to any request - NOT stripped asp7: RedHat 7-compiled version - NOT stripped bd62.sh: Does the setup (installing wormserver, removing vulnerable programs, adding ftp users) for RedHat 6.2 bd7.sh:Same for RedHat 7.0 getip.sh: Utility script to get the main external IP address hackl.sh: Driver to read the .l file and pass addresses to lh.sh hackw.sh: Driver to read the .w file and pass addresses to wh.sh index.html: HTML document text l62: LPRng format string exploit program - NOT stripped l7:Same but compiled for RedHat 7 - stripped lh.sh: Driver script to execute the LPRng exploit with several different options randb62: Picks a random class-B subnet to scan on - NOT stripped randb7:Same but compiled for RedHat 7 - NOT stripped s62: statdx exploit - NOT stripped s7:Same but compiled for RedHat 7 - stripped scan.sh: get a classB network from randb and run synscan start.sh: Replace any index.html with the one from the worm; run getip; determine if we're RedHat 6.2 or 7.0 and run the appropriate bd*.sh and start*.sh start62.sh: start (backgrounded) scan.sh, hackl.sh, and hackw.sh start7.sh: Same as start62.sh synscan62: Modified synscan tool - records to .w and .l files - stripped synscan7: Same but compiled for RedHat 7 - stripped w62:venglin wu-ftpd exploit - stripped w7: Same but compiled for RedHat 7 - stripped wh.sh: Driver script to call the "s" and "w" binaries against a given target wu62: Apparently only included by mistake. "strings" shows it to be very similar to w62; nowhere is this binary ever invoked. Lucy E. Lynch Academic User Services Computing CenterUniversity of Oregon _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routers in my lab
I would keep them all unless you're in acute need of money. Even though I'm many frequent flyer miles away from the CCIE, I do believe that you can not have to much equipment to practice on. If it were for the CCNA only, 1,2 or 3 2500's should be plenty. You might want to get rid of a some of the 2500's and get different routers instead, plus a switch or two. You can keep buying stuff from now to Christmas, the only thing that stops you are the amount of money you can afford to spend on this. If I was a multi-millionaire and for some reason still wanted to study for these Cisco tests, I would buy every model they have ever made and setup a whole house as a lab. But, I'm not, so I currently only have four 2500's to play with, but that's kind of okay for now. I would have liked a Cat5000, but that's a little too heavy for my wallet. Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 AM To: [EMAIL PROTECTED] Subject: Routers in my lab Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access Lists on a Cisco 7200
Thanks everyone for helping out. I think Jason's suggestion along with the permit any/any line is probably the way to go for us. So basically, I will have the following: access-list 101 deny udp any 195.50.79.0 0.0.0.255 range 137 139 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 range 137 139 access-list 101 permit ip any any Then, I will type the following: en # config terminal (config) int Hssi1/0 (config-if) ip access-group 101 in I'm assumming I need the "in" part because the default appears to be out on the test router I am experimenting on and I want this to apply to incoming traffic. Is this correct? Thx again, Scott "J Roysdon" [EMAIL PROTECTED] wrote in message 946a0p$7vo$[EMAIL PROTECTED]">news:946a0p$7vo$[EMAIL PROTECTED]... Remember, the fewer lines an ACL is, the faster it is parsed, the faster packets pass: access-list 101 deny udp any 195.50.79.0 0.0.0.255 range 137 139 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 range 137 139 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "John Starta" [EMAIL PROTECTED] wrote in message 5.0.2.1.2.20010117135118.037b0d10@popcorn">news:5.0.2.1.2.20010117135118.037b0d10@popcorn... Scott, The following example will block the full suite of NetBios inbound to you (presumably 195.50.79.0/24). This is not a complete ACL -- it will be necessary to either specifically allow the traffic you desire inbound, or add another line to the bottom (currently commented out) permitting everything else. access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-dgm access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ns access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ss access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 137 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 138 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 139 ! access-list 101 permit ip any any jas At 07:35 PM 1/17/01 +, Scott S. wrote: Our WatchGuard FireBox seems to be getting overloaded by the number of NetBios packets it is denying. We are thinking that it might be a good idea of blocking these at our router instead. It is a Cisco 7200 with a pretty light load. Does this sound like a sensible idea? If so I was thinking the following rule would be appropriate: access-list 101 deny any 195.50.79.0 eq 137 Is this correct, or am I way off? Thanks in advance for any replies. Sincerely, Scott _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers in my lab
I'm thinking of getting rid of 1x2503 2x2610 1x2502 1x2504 And using that money to get Cat5000 and ISDN simulator. I'm also considering a couple of 2513, do I really need 2513 if so do I need 2 or can I go with 1? I know people who's done CCIE with just 6-7 routers, I'm not sure how I can make use of more than that either. BTW. My aim is to be able to do most of the CCBootcamp labs. -- From: Ole Drews Jensen [EMAIL PROTECTED] To: 'Albert Lu' [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Routers in my lab Date: Saturday, January 20, 2001 2:45 AM I would keep them all unless you're in acute need of money. Even though I'm many frequent flyer miles away from the CCIE, I do believe that you can not have to much equipment to practice on. If it were for the CCNA only, 1,2 or 3 2500's should be plenty. You might want to get rid of a some of the 2500's and get different routers instead, plus a switch or two. You can keep buying stuff from now to Christmas, the only thing that stops you are the amount of money you can afford to spend on this. If I was a multi-millionaire and for some reason still wanted to study for these Cisco tests, I would buy every model they have ever made and setup a whole house as a lab. But, I'm not, so I currently only have four 2500's to play with, but that's kind of okay for now. I would have liked a Cat5000, but that's a little too heavy for my wallet. Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 AM To: [EMAIL PROTECTED] Subject: Routers in my lab Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routers in my lab
What excactly you need or not, depends on what you want to study for next, and what you would like to practise. If you wish to work with Token Ring, you would need to get either a fixed router that has a build-in Token Ring interface, or a modular router where you can get a Token Ring WIC to insert. You would then also need a MAU (or MSAU as they are called in Microsoft Study Guides) and one or two Token Ring NIC's so you could play around with it. Noone can answer your question better than yourself. Draw what you need/would like on a piece of paper, and then look at the products available on http://www.cisco.com Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 10:29 AM To: Ole Drews Jensen Cc: [EMAIL PROTECTED]; Mask Of Zorro Subject: Re: Routers in my lab I'm thinking of getting rid of 1x2503 2x2610 1x2502 1x2504 And using that money to get Cat5000 and ISDN simulator. I'm also considering a couple of 2513, do I really need 2513 if so do I need 2 or can I go with 1? I know people who's done CCIE with just 6-7 routers, I'm not sure how I can make use of more than that either. BTW. My aim is to be able to do most of the CCBootcamp labs. -- From: Ole Drews Jensen [EMAIL PROTECTED] To: 'Albert Lu' [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Routers in my lab Date: Saturday, January 20, 2001 2:45 AM I would keep them all unless you're in acute need of money. Even though I'm many frequent flyer miles away from the CCIE, I do believe that you can not have to much equipment to practice on. If it were for the CCNA only, 1,2 or 3 2500's should be plenty. You might want to get rid of a some of the 2500's and get different routers instead, plus a switch or two. You can keep buying stuff from now to Christmas, the only thing that stops you are the amount of money you can afford to spend on this. If I was a multi-millionaire and for some reason still wanted to study for these Cisco tests, I would buy every model they have ever made and setup a whole house as a lab. But, I'm not, so I currently only have four 2500's to play with, but that's kind of okay for now. I would have liked a Cat5000, but that's a little too heavy for my wallet. Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 AM To: [EMAIL PROTECTED] Subject: Routers in my lab Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routers in my lab
Check your lab against the racks at www.ccbootcamp.com. Do you have the routers and interfaces to replicate what Marc has done? I don't see any switches in your gear. -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 AM To: [EMAIL PROTECTED] Subject: Routers in my lab Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers in my lab
If you are going for the CCIE, I would recommend having a 3600 series so that you can get your ATM and VoIP practice in. You might think about a Cat 2901 instead of the 5000. It runs the Crescendo OS just like the 5000 series. It is significantly cheaper, as well. Kelly D Griffin, CCNA Network Engineer Kg2 Network Design http://www.kg2.com - Original Message - From: "Ole Drews Jensen" [EMAIL PROTECTED] To: "'Albert Lu'" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, January 19, 2001 9:45 AM Subject: RE: Routers in my lab I would keep them all unless you're in acute need of money. Even though I'm many frequent flyer miles away from the CCIE, I do believe that you can not have to much equipment to practice on. If it were for the CCNA only, 1,2 or 3 2500's should be plenty. You might want to get rid of a some of the 2500's and get different routers instead, plus a switch or two. You can keep buying stuff from now to Christmas, the only thing that stops you are the amount of money you can afford to spend on this. If I was a multi-millionaire and for some reason still wanted to study for these Cisco tests, I would buy every model they have ever made and setup a whole house as a lab. But, I'm not, so I currently only have four 2500's to play with, but that's kind of okay for now. I would have liked a Cat5000, but that's a little too heavy for my wallet. Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 AM To: [EMAIL PROTECTED] Subject: Routers in my lab Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Beautiful Day, I passed CCIE written test today
Congratulations to both of you. ""Charles Henson"" [EMAIL PROTECTED] wrote in message 949k41$b09$[EMAIL PROTECTED]">news:949k41$b09$[EMAIL PROTECTED]... Congrats! I passed Thursday with a 78 also! I'll see you in the lab study group! Congrats again! Charles Henson "Eric Gunn" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Everyone, Failing the CCIE written test by one point yesterday really left a bad taste in my mouth. I brushed up and took the test again today. The question pool must be pretty big as I only got maybe 15 questions that were the same from yesterday. Anyway I passed the test with a mark of 75 and am thrilled. This whole ordeal has given me a better respect for certification, especially this test. As much as I learned in the process of getting to this point, I also realized there is that much more to learn. I am now planning on a quick pit stop to get Nortell NNCSS certification in routing(Any advice out there?). I then plan to obtain CCNP specialties in ATM and Voice over IP while studying for the lab. Now I will have to look back in the mail archives for suggestions on putting together a CCIE lab and taking a 2nd mortgage on the home so I can afford the equipment. I'd like to thank everyone on the group for their advice, this has been the best source of information for me. Time to watch some brainless entertainment tonight(Cough) WWF Wrestling(cough) I find it helps me relax after thinking so much :) Thanks Everyone, -Eric Gunn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NBAR requirements and comments
Anyone using NBAR for QoS? If so, can you tell me the minimum HW/SW requirements. Any stories to add about your results? I came across this article about the topic and am trying to gather more information: http://www.nwfusion.com/research/2000/0918feat2.html As always, thanks much!! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Remote Telnet access via dial-up
Irregardless of the security implications this was still pretty cool. Thx for the information. it may come in handy one day. "John Nemeth" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Jun 10, 11:13am, Priscilla Oppenheimer wrote: Yes. I would have the head of anybody that tried that stunt. At the very least, he should have been using ssh. However, even that would have been dicey. As far as the lack of an analogue phone line, that problem is easily solved (depending on your point of view) by using CDPD (Cellular D? Packet Data). I have a friend in Canada that has a CDPD modem in his laptop. The service is $50/month for unlimited usage from Telus Mobility. It doesn't matter where he is, his laptop is always on-line. Add an ethernet card in the second PCMCIA slot, and you've got a roaming router that could create a back door into any network. }-- End of excerpt from Priscilla Oppenheimer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Specialization for CCNA (in case you're not aware of it)
Some of you might find this interesting: You can now take the Security Specialization if you're CCNA - you don't need to be a CCNP. http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html Happy Studying, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP WITH RAD MULTIPROTOCOL SWICTH
The manual doesnot say anything about the pin outs for managing the device. All I need is to be able to get into the unit using either and RJ45 to a DB9 or 25 chhers babs --- Gustavo Gomez [EMAIL PROTECTED] wrote: I'll send via E-mail the complete manual in zip format only to you. Gustavo Gómez Professional Services Manager Mercury Communications Te: (5411) 4314-6555 Fax : (5411) 4314-6555 www.mercury.com.ar -Original Message- From: Barbara Cobbina [mailto:[EMAIL PROTECTED]] Sent: Viernes, 19 de Enero de 2001 06:26 a.m. To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: HELP WITH RAD MULTIPROTOCOL SWICTH Sorry forgot to mention the modell. The model is FPS 8 --- Gustavo Gomez [EMAIL PROTECTED] wrote: Model ??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Barbara Cobbina Sent: Jueves, 18 de Enero de 2001 02:39 p.m. To: [EMAIL PROTECTED] Subject: HELP WITH RAD MULTIPROTOCOL SWICTH Comarades Can someone please help me set up a rad multiprotocol switch for me to be able to play with ISDN and frame relay. I need the pin-outs for the console cable so that I can set it up from scratch. I cannot get into the damn thing to manage or set it up initially. Can anyone help ? Cheers Babs __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Router CPU Utilisation
How about other port utilization? From the description, it looks like a backup job. Ed _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:strange router CPU utilisation
I apologise for not being specific. I did not use the MRTG output as a measure of CPU utilisation, but rather to alert me when the spike in traffic occurs and then look into the CLI for the % CPU utilisation. I'm hoping it's not a scheduled ICMP barrage coming from the inside, but I'll find out soon when i run sniffer. Thanks for the feedback. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIPT 3.0 test
Today I went and took the CIPT 3.0 test; Cisco IP Telephony. Passed no problem Really interesting test, marketing, sales, technical. I've been working with the Cisco Call Manager for the last 15 months or so. Nothing really difficult on the test that I haven't worked with hands on or read in the design guide. Topics I encountered, QoS, IP Telephony Campus Design, Clustering, Gateways, Scalability, and Troubleshooting. tim I hear and I forget I see and I believe I do and I understand -Confucius Tim Medley - CCNA, CCDA Network Architect VoIP Group 704-943-3615 - Phone 704-525-9119 - Fax 877-6-iReady - Helpdesk _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: access-list debugs
Interesting. If I have a named access-list, it would appear I cannot do a debug Debug ip packet ? (1-199) access-list (1300-2699) access list extended range detail (cr) Chuck http://www.1112.net/lastpage.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID 3.0 Exam
I am looking for some links (other than www.cisco.com) to study material for the CID 3.0 exam. Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No traffic on ISDN BRI Connection
Hi I am using AS5300 with 4 PRIs for incoming dialup connection. My normal dialup connections through PSTN lines are working fine. But when we dial using ISDN bri channel, the connection gets established but it do not passes the traffic. The PC gets the IP assigned but could not ping even to the RAS. When we dial to other brand servers from the same PC and ISDN line, it works normally. Here is configuration of Serial interface for reference. interface Serial0:15 ip unnumbered FastEthernet0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 3600 isdn switch-type primary-net5 isdn incoming-voice modem peer default ip address pool ippool fair-queue 64 256 0 no cdp enable ppp authentication pap ! Please point out what is missing. Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for site to Lucent QIP subnet calculator
Please, if you have info about the site where I can download Lucent qip subnet calculator,I will appreciate it very much.I know it was posted to the group sometimes last year but lost the address to the site. Will really appreciate any info to the sitethanks in advance. anthony iyoha _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN crossover???
Nope, you need an actual ISDN line or an ISDN concentrator between the interfaces. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Dean Snider" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all I have a 2610 with 2 WIC-1B-U units in it and a 2503. I'm wondering if there is a way I can connect the 2 units with a ISDN crossover cable (if there is a wiring pattern or such a thing) in order to try and setup ISDN in a lab situation. Has anyone tried to do this? Do I maybe need some intermediate hardware to simulate ISDN with no connection to a telco or an ISP for this service? Thanks Dean Snider On the home stretch to CCNA. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote Telnet access via dial-up
I have to agree... Security concerns (in my opinion) can get toned down (and from the original post it would seem to be a pretty small hole) when you have a business affecting issue... Allowing TAC engineers access to the equipment can dramatically lessen done time Like any other issue, there is always a trade off in security and convenience Unfortunately I've had many TAC cases involving IOS bugs that could not have been solved via normal "secure" methods... Bob Johnson -Original Message- From: James Haynes [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:07 AM To: [EMAIL PROTECTED] Subject: Re: Remote Telnet access via dial-up Irregardless of the security implications this was still pretty cool. Thx for the information. it may come in handy one day. "John Nemeth" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Jun 10, 11:13am, Priscilla Oppenheimer wrote: Yes. I would have the head of anybody that tried that stunt. At the very least, he should have been using ssh. However, even that would have been dicey. As far as the lack of an analogue phone line, that problem is easily solved (depending on your point of view) by using CDPD (Cellular D? Packet Data). I have a friend in Canada that has a CDPD modem in his laptop. The service is $50/month for unlimited usage from Telus Mobility. It doesn't matter where he is, his laptop is always on-line. Add an ethernet card in the second PCMCIA slot, and you've got a roaming router that could create a back door into any network. }-- End of excerpt from Priscilla Oppenheimer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [RE: Remote Telnet access via dial-up]
One must have sufficient knowledge to be shocked. [EMAIL PROTECTED] wrote: I recently spent quite a bit of time working with the TAC to solve a problem. Yes, they wanted to dial into the network to 'have a look'. When I asked what they were looking for, they couldn't tell me. I am well aware that, when tracking down a problem, it can be very useful to just 'have a look', without really knowing what you are looking for. I do it all the time :-) However, since they couldn't (or wouldn't) even give me any hints on what they expected to be doing, they didn't get access. I could send them log output etc via email and they received it quickly enough that we could work together over the phone (the speed of incoming mail to me was another issue altogether but not really a problem). In any case, I've done a fair bit of troubleshooting over the phone, sometimes with completely non-technical people running the 'hands on'. Slower than telnetting in yourself? Sure. But it works, and sometimes it's the only option. And it's VERY good practice for remembering commands and what output they produce ;-) JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 19/01/2001 04:38 pm --- "Chuck Larrieu" [EMAIL PROTECTED]@groupstudy.com on 19/01/2001 12:39:45 pm Please respond to "Chuck Larrieu" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: "Priscilla Oppenheimer" [EMAIL PROTECTED] [EMAIL PROTECTED] cc: Subject: RE: Remote Telnet access via dial-up Cisco TAC always wants to telnet in to troubleshoot when working a ticket. One alternative is to e-mail your configs to them, at which point maybe they will get back to you with some resolution in a time frame you can live with. Fact is that the internet makes things so damn convenient for us. Most time most people just don't consider the implications. While it may be true that some places have security policies, reasonable of otherwise, the fact is that most places don't, most managements don't want to be bothered, and most users don't want to be inconvenienced. Chuck BTW - nice to see you again, Priscilla. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Priscilla Oppenheimer Sent: Thursday, January 18, 2001 4:38 PM To: [EMAIL PROTECTED] Subject: Re: Remote Telnet access via dial-up At 11:11 AM 1/19/01, Tony van Ree wrote: Hi, As long as the appropriate security/passwords are set it is probably every bit as good as any other form of remote access. Remember that this wasn't CHAP or even PAP. It was Telnet. The Telnet password both to reach his PC and to reach the routers is unencrypted. How was the enable password sent? The characters were typed and sent unencrypted. Getting a Sniffer to the right place to catch this would be hard, but not impossible. Hopefully he will change the password used to reach his PC, but it's not likely he'll change the router VTY and enable passwords. So what did the Cisco engineers to when they Telnetted into this back door to configure the routers? Did they do show run by any chance? Yeah, I just got the complete configuration of the customer's routers. That is unencrypted also. And don't say, well it's Telnet so it's one character at a time which would make understanding it difficult. Responses in Telnet are not one character at a time. The output of show run would be send in TCP segments using the IP MTU. It would be very easy to understand. I don't think most customers would even let him do what he did. A lot of customers wouldn't have an analog phone line for him to use to dial up his ISP. Analog phone-line backdoors are an infamous no-no. I'd love to hear someone else's opinion too. Isn't anyone else as shocked as I am? Priscilla On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote: Sounds like a helpful troubleshooting method but what were the security risks? Thoughts, anyone? Priscilla At 10:31 PM 1/17/01, J Roysdon wrote: Today I was a site w/o internet access, but I needed to get Cisco into it to save time relaying commands and information. I had a dial-up connection out to my ISP, and then thought about the built-in Telnet server that Windows 2000 Professional has. I made a quick guest account for Cisco, and told them my dial-up IP, which they could connect to, and then once telnetted into my workstation, they were able to telnet out my NIC to the routers they needs to get to. Only catch is that you can only have one session up through it (enough for us): Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: cisco password: * Microsoft Windows Workstation allows only 1 Telnet Client License Server has closed connection When they
Re: Beautiful Day, I passed CCIE written test today
Congratulations!!! Could you guys post some of the sample questions and suggestions for CCIE theory.Because i am planning to have on Feb,2001. Regards Almazi From: "James Haynes" [EMAIL PROTECTED] Reply-To: "James Haynes" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Beautiful Day, I passed CCIE written test today Date: Fri, 19 Jan 2001 11:54:22 -0500 Congratulations to both of you. ""Charles Henson"" [EMAIL PROTECTED] wrote in message 949k41$b09$[EMAIL PROTECTED]">news:949k41$b09$[EMAIL PROTECTED]... Congrats! I passed Thursday with a 78 also! I'll see you in the lab study group! Congrats again! Charles Henson "Eric Gunn" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Everyone, Failing the CCIE written test by one point yesterday really left a bad taste in my mouth. I brushed up and took the test again today. The question pool must be pretty big as I only got maybe 15 questions that were the same from yesterday. Anyway I passed the test with a mark of 75 and am thrilled. This whole ordeal has given me a better respect for certification, especially this test. As much as I learned in the process of getting to this point, I also realized there is that much more to learn. I am now planning on a quick pit stop to get Nortell NNCSS certification in routing(Any advice out there?). I then plan to obtain CCNP specialties in ATM and Voice over IP while studying for the lab. Now I will have to look back in the mail archives for suggestions on putting together a CCIE lab and taking a 2nd mortgage on the home so I can afford the equipment. I'd like to thank everyone on the group for their advice, this has been the best source of information for me. Time to watch some brainless entertainment tonight(Cough) WWF Wrestling(cough) I find it helps me relax after thinking so much :) Thanks Everyone, -Eric Gunn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS numbers - Is there a global crisis?
I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specialization for CCNA (in case you're not aware of it)
Interesting indeed, but a thought when I read the Security Spec page.. recertification, it states that to recertify that you: "take and pass the current version of appropriate security exams." == plural!! I know literally that means you need to re-take 4 exams! CCNP only requires 640-519 - one exam but it took 6 exams to get there. Does this make sense, that a spec requires more re-certification than the base cert? Kevin Wigle - Original Message - From: "Ole Drews Jensen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 12:21 PM Subject: Specialization for CCNA (in case you're not aware of it) Some of you might find this interesting: You can now take the Security Specialization if you're CCNA - you don't need to be a CCNP. http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html Happy Studying, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Specialization for CCNA (in case you're not aware of it)
Hmm, you have a point there, plus you have to recertify your spec's every 2 years, where you can wait 3 years on CCNA, CCDA, CCNP and CCDP. So if you take the 1 exam for the CCNA or 5 exams for the CCNP, you can keep the cert 3 years, but if you add 4 exams to become CCNA/CCNP + Security, you can only keep that 2 years, and will have to retake all 4 security. This could be written as a program with a very simple pseudo code: recertify repeat study until certified repeat until cert expired goto recertify The only way that this would make sense is to look at it this way. After you have achieved your CCNA or CCNP, you have to prepare for 4 security exams, which could take a year to get. That way, both your CCNA/CCNP and security will be good for 2 years after you have achieved the security. That way, they will expire at the same time. If they both would retire after 2 (or 3) years, the CCNA/CCNP would expire before the security specialization, and you cannot have the title NOT CCNA + Security :-) Anyway, we can talk about this for hours, but it probably wont change anything. You just have to make your own decision if you want to spend the time and money on getting the extra certifications, or if you want to sit and complain about it without the cert. Right now, I am concentrating on getting my CCNP done. Then I can start thinking about my next move: CCDA, CCDP, specialization(s). Take care and have a great weekend, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 1:23 PM To: [EMAIL PROTECTED]; Ole Drews Jensen Subject: Re: Specialization for CCNA (in case you're not aware of it) Interesting indeed, but a thought when I read the Security Spec page.. recertification, it states that to recertify that you: "take and pass the current version of appropriate security exams." == plural!! I know literally that means you need to re-take 4 exams! CCNP only requires 640-519 - one exam but it took 6 exams to get there. Does this make sense, that a spec requires more re-certification than the base cert? Kevin Wigle - Original Message - From: "Ole Drews Jensen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 12:21 PM Subject: Specialization for CCNA (in case you're not aware of it) Some of you might find this interesting: You can now take the Security Specialization if you're CCNA - you don't need to be a CCNP. http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html Happy Studying, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [Workstation / Device Inventory]
Check out Calisto Software. Sammi [EMAIL PROTECTED] wrote: Can anyone recommend an application that will pull an inventory from individual workstations? Something that will record software installed, versions, hardware specs, etc. Preferably the polling could be done from a central location, that is; the application will roam the network, touch each workstation, and report back to one machine. All workstations will be visited in any case, so if it's something that needs to be done individually that would be fine as well. I believe What's Up Gold will report all my Cisco devices, is there a Cisco (or other) application that will delve deeper for me? I am going to a new site to inventory software and hardware, as well as create a network map over ~8 buildings. Any recommendations greatly appreciated. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
I wouldn't think that's t much of an issue. As far as I understand it, you only get assigned a public AS number if you're a m_a_j_o_r provider--like PSInet, ATT, MCI, etc... If you're a mid-sized to smaller organization, you probably can get by using a private AS from a larger provider. Can s/body confirm this? --- "Fowler, Joey" [EMAIL PROTECTED] wrote: I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Don't forget to cross your digits... Dan West -- CCNA, CCNP (in progress) __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Specialization for CCNA (in case you're not aware of it)
You forgot the line about "shell out more bucks" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ole Drews Jensen Sent: Friday, January 19, 2001 11:39 AM To: 'Kevin Wigle'; [EMAIL PROTECTED]; Ole Drews Jensen Subject:RE: Specialization for CCNA (in case you're not aware of it) Hmm, you have a point there, plus you have to recertify your spec's every 2 years, where you can wait 3 years on CCNA, CCDA, CCNP and CCDP. So if you take the 1 exam for the CCNA or 5 exams for the CCNP, you can keep the cert 3 years, but if you add 4 exams to become CCNA/CCNP + Security, you can only keep that 2 years, and will have to retake all 4 security. This could be written as a program with a very simple pseudo code: recertify repeat study until certified repeat until cert expired goto recertify The only way that this would make sense is to look at it this way. After you have achieved your CCNA or CCNP, you have to prepare for 4 security exams, which could take a year to get. That way, both your CCNA/CCNP and security will be good for 2 years after you have achieved the security. That way, they will expire at the same time. If they both would retire after 2 (or 3) years, the CCNA/CCNP would expire before the security specialization, and you cannot have the title NOT CCNA + Security :-) Anyway, we can talk about this for hours, but it probably wont change anything. You just have to make your own decision if you want to spend the time and money on getting the extra certifications, or if you want to sit and complain about it without the cert. Right now, I am concentrating on getting my CCNP done. Then I can start thinking about my next move: CCDA, CCDP, specialization(s). Take care and have a great weekend, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 1:23 PM To: [EMAIL PROTECTED]; Ole Drews Jensen Subject: Re: Specialization for CCNA (in case you're not aware of it) Interesting indeed, but a thought when I read the Security Spec page.. recertification, it states that to recertify that you: "take and pass the current version of appropriate security exams." == plural!! I know literally that means you need to re-take 4 exams! CCNP only requires 640-519 - one exam but it took 6 exams to get there. Does this make sense, that a spec requires more re-certification than the base cert? Kevin Wigle - Original Message - From: "Ole Drews Jensen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 12:21 PM Subject: Specialization for CCNA (in case you're not aware of it) Some of you might find this interesting: You can now take the Security Specialization if you're CCNA - you don't need to be a CCNP. http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html Happy Studying, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
To get an ASN you have to show that you either have a unique routing policy or that you are multihomed to separate providers. Sure, there are lots of companies that have multiple internet connections, but how many *really* need to have redundant connections to separate ISPs? Not really that many, since there are other ways to achieve redundancy. Now, with that said, we applied for and received an ASN a couple of months ago and they have already issued over 300 since then. At that rate, it won't be too long before we run into trouble. John I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question on FTP and TFTP on Routers and Switches,
Hi All, What I want to accomplish is to download configuration files from running switches(from 29xx-65xx) and routers (25xx-75xx) I got tired of logging into routers and downloading thru telneting. Can I enable a ftp or TFTP feature for the routers and switches ? I saw these command lines from CCO and tried to use ftp command in DOS mode. ~ ip address 192.168.1.2 255.255.255.0 ip ftp source-interface Ethernet0 ip ftp username wonkyu ip ftp password password tftp-server rom alias config.txt ~ here i lost, I tried to access my router thru ftp and tftp without success. So my question is, HOW CAN I Make a batch file which downloads a configuration files ? TIA, Wonkyu _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Workstation / Device Inventory
There are several products, such as Microsoft's SMS, which will do this, but not on a polling basis. The reports that you want need to be generated by a WBEM client at the workstation. SMS installs WMI, which is an MS WBEM client, and leaves it running in the background. Client OS can be Macintosh, Win 3.1x, Win9x, any variation of NT, and OS/2. To bring this back to Cisco: SMS will poll devices such as routers, and report their existence to the central site, and it is SNMP aware. Ray Mosely CCNA, MCSE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sammi Sent: Friday, January 19, 2001 6:52 AM To: [EMAIL PROTECTED] Subject: Workstation / Device Inventory Can anyone recommend an application that will pull an inventory from individual workstations? Something that will record software installed, versions, hardware specs, etc. Preferably the polling could be done from a central location, that is; the application will roam the network, touch each workstation, and report back to one machine. All workstations will be visited in any case, so if it's something that needs to be done individually that would be fine as well. I believe What's Up Gold will report all my Cisco devices, is there a Cisco (or other) application that will delve deeper for me? I am going to a new site to inventory software and hardware, as well as create a network map over ~8 buildings. Any recommendations greatly appreciated. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whew... I passed
Man, oh Man. You are a CCNP/ CCDP and your not pulling 60k? My friend, you need to stand the hell up and get paid appropriately for your expertise. Do you realize that in NYC, you could take home 100k just on your certs alone. The thousands of Cisco Partners in this area gobble up anyone with CCNx next to there name (provided your resume isn't empty). Once again, feel free to flame away. Just my humble $.02. -Scott ""ItsMe"" [EMAIL PROTECTED] wrote in message 948h65$j28$[EMAIL PROTECTED]">news:948h65$j28$[EMAIL PROTECTED]... I'm not saying I don't think you owe the company if they pay your way, by no means. I just saying to be aware of what you are agreeing to. Wow 30K to 120K, I could double my pay and not be at 120K, it may be time to move forward. Me ccnp+security, ccdp, mcse, mcp+i, n+, a+ "Dennis Laganiere" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm ready to get spammed for this, but here are some thoughts from the other side of management. If YOU paid for your own training, lab equipment, and lab attempts (probably multiple, at $1,000 piece) then I could see your asking for a huge raise. HOWEVER, if the company paid for your training, bought $15,000 to $20,000 worth of lab equipment for you to play with, and gave you the time to study, + lab attempts, +travel expenses+ god-knows-what-else, I think you owe something back, and perhaps some time served at your current rate is the least they could expect in return. If they support you through the whole process and you either leave or start barking for the stars salary-wise, the guy next to you, who's six months behind you on the same career path, won't get the price of honey for his tea. Again, these are just my $.02 --- Dennis -Original Message- From: ItsMe To: [EMAIL PROTECTED] Sent: 1/18/01 6:39 PM Subject: Re: Whew... I passed Convincing the VP isn't the hard part, its after you pass explaining to the VP that a $20K/year raise is warranted. Which in turn he says your are nuts, so you decide to leave... until he breaks out the agreement that says in fine print that you have agreed to pay back all training funds it you leave... Be careful! "Jim Healis" [EMAIL PROTECTED] wrote in message DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2... Well, I did it. I passed the CCIE written exam this morning. And, for just a moment, I felt the weight of the world lift off my shoulders. Then I thought about the lab exam and what I need to do to get there. Thankfully, I have a plan; it just needs to be put on paper so it can be a working document. I have posted much in the recent weeks about how I have studied to get this far, so I won't post it again. But if you have specific questions about certain areas, that won't violate the NDA, I will be happy to answer them. Now, my next challenge comes along... not the lab... convincing my boss that the company should pay for the lab exam and any needed materials for getting there. I know that I shouldn't rely on this as the means to the end; but if I can get it, why not? Anyone have any pointers on how to convince a VP that doesn't know much about the CCIE program that he should approve these things? Thanks for the wonderful humor and study tips! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [Workstation / Device Inventory]
www.blueocean.com very good software, but expensive. Check out Calisto Software. Sammi [EMAIL PROTECTED] wrote: Can anyone recommend an application that will pull an inventory from individual workstations? Something that will record software installed, versions, hardware specs, etc. Preferably the polling could be done from a central location, that is; the application will roam the network, touch each workstation, and report back to one machine. All workstations will be visited in any case, so if it's something that needs to be done individually that would be fine as well. I believe What's Up Gold will report all my Cisco devices, is there a Cisco (or other) application that will delve deeper for me? I am going to a new site to inventory software and hardware, as well as create a network map over ~8 buildings. Any recommendations greatly appreciated. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OFF TOPIC - Howard - BGP under IPv6
I did a quick read of RFC titles, but did not see anything that looked promising Ipv6 appears to me to have been created as a way of dealing with the IP number shortage. Of course all related protocols and stacks will have to be modified to work with Ipv6 For BGP - will the AS field be upped to, say, 64 bits to deal with the AS crunch? Or do AS's become irrelevant in v6? Any insight you would care to share? Chuck http://www.1112.net/lastpage.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
since there are other ways to achieve redundancy. Please advise what "other ways" there are to achieve redundancy for 'inbound' traffic via the Internet. Brian --- John Neiberger [EMAIL PROTECTED] wrote: To get an ASN you have to show that you either have a unique routing policy or that you are multihomed to separate providers. Sure, there are lots of companies that have multiple internet connections, but how many *really* need to have redundant connections to separate ISPs? Not really that many, since there are other ways to achieve redundancy. Now, with that said, we applied for and received an ASN a couple of months ago and they have already issued over 300 since then. At that rate, it won't be too long before we run into trouble. John I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
Inbound is a little more difficult than outbound, but I believe you can work with your ISP to accomplish this. You could have redundant connections to a single ISP if you were using address space assigned from them only. You really wouldn't even need BGP for this, but if you wanted to use it you could then use a private ASN. Since you only have one ISP, it's not necessary to advertise your specific subnet; the aggregate advertised by the ISP would suffice. The specific strategy used depends on how paranoid you are. If you think it's a realistic possibility that your entire ISP might fail, then it's a good idea to get a connection to a different ISP and run BGP. However, I think many companies would be safe with redundant connections to the same ISP, yet to different locations. I may be wrong about this, but the above is correct as far as I understand it. I'm pretty new to this, so I hope someone with more experience than I responds to this thread. John since there are other ways to achieve redundancy. Please advise what "other ways" there are to achieve redundancy for 'inbound' traffic via the Internet. Brian --- John Neiberger [EMAIL PROTECTED] wrote: To get an ASN you have to show that you either have a unique routing policy or that you are multihomed to separate providers. Sure, there are lots of companies that have multiple internet connections, but how many *really* need to have redundant connections to separate ISPs? Not really that many, since there are other ways to achieve redundancy. Now, with that said, we applied for and received an ASN a couple of months ago and they have already issued over 300 since then. At that rate, it won't be too long before we run into trouble. John I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exec-timeout
I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Remote Telnet access via dial-up
I'm sorry I misjudged you, J. ;-) The security expert I consulted got me started thinking along the paranoia lines. I am still amazed that Cisco would go against everything in their own security dogma and Telnet in via a backdoor, though. I agree with the person that said security and convenience are tradeoffs, but if you have to get in via a backdoor, I think you have a good idea that this customer considers security more important. Well, I'll let it drop now. Some people got the message at least. Priscilla At 09:51 PM 1/18/01, J Roysdon wrote: If I was a saboteur, I don't think I'd even bother with TAC, I'd just crack the passwords and have my way, heh. Also, 95% of my TAC calls are opened with new router serial numbers and my CCO username given to jump me right into talking to a TAC engineer. Plus, you don't even need a CCO login to get to the Password Recovery pages: http://www.cisco.com/warp/public/474/index.shtml We were troubleshooting cas-group commands and replacing an AdTran Atlas 550 that was acting as a CSU/DSU splitting off DS0's between a frame relay connection and trunks to a long distance carrier. Cisco couldn't get why the command wasn't functioning right and one of their engineers wanted to get in and do some diagnostics. I think Priscilla has been watching too many X-Files episodes ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Kevin Wigle"" [EMAIL PROTECTED] wrote in message 00b601c081d0$985ebc60$[EMAIL PROTECTED]">news:00b601c081d0$985ebc60$[EMAIL PROTECTED]... I don't think its so fishy and I don't think Cisco could be faulted in any way. My reading is that the "guy" was working with Cisco on a problem. Therefore this "guy" must have some responsibility for the network. Cisco would have to think that this guy knows what he's doing since he has the wherewithal to get into the company's network and then get into routers to configure them. It depends I guess on how far your conspiracy feelings go, if the "guy" was bogus and had all the passwords etc, then how is Cisco to know? Doesn't TAC have to deal with a registered contact? Kevin Wigle - Original Message - From: "Priscilla Oppenheimer" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, 18 January, 2001 22:51 Subject: Re: Remote Telnet access via dial-up At 07:32 PM 1/18/01, Erick B. wrote: I don't understand how companys can have main network equipment (routers, etc) accessible over the internet with telnet (and other mgmt services) running *with* no passwords or filters. I see it on a regular occurance. That is amazing. But in this case the company had a lot of security, it sounds like. It was not possible to get into the routers until this guy opened up a backdoor and let Cisco engineers Telnet in over a dial-up line connected to his PC. I can't believe Cisco engineers would thwart their customer's security policy in that way. I think the story sounds fishy. Priscilla --- Priscilla Oppenheimer [EMAIL PROTECTED] wrote: At 10:31 PM 1/17/01, J Roysdon wrote: Today I was a site w/o internet access, but I needed to get Cisco into it to save time relaying commands and information. I had a dial-up connection out to my ISP, and then thought about the built-in Telnet server that Windows 2000 Professional has. I made a quick guest account for Cisco, and told them my dial-up IP, which they could connect to, and then once telnetted into my workstation, they were able to telnet out my NIC to the routers they needs to get to. Only catch is that you can only have one session up through it (enough for us): Good thing! Can you imagine the issues if you had just opened up port 23 for the whole world? Good grief. I just asked a security expert at my company about this scenario and he took a sinister view. He wondered if the story was broadcast in order to incite damange. I don't think that's the case, but this message did come from the same guy that posted photographs of his site for some reason. See the message about patch panels. Priscilla __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
OT: Re: Beautiful Day, I passed CCIE written test today
You wrote: I am now planning on a quick pit stop to get Nortell NNCSS certification in routing(Any advice out there?). If you take the accelar test, know the cli cold. The questions range from too simple to ambiguously worded (and therefore hard to answer "correctly"). The tests correlate very strongly with the coursebooks from the nortel official curriculum (router configuration, advanced ip routing et cetera)-i assume that that is the case for the actual course as well. The router tests have a fair amount of ISDN/dial backup in them. When you are on the receiving end of the letters, they send you a wooden plaque and carry-on luggage. Eric Gunn [EMAIL PROTECTED]@groupstudy.com on 01/18/2001 07:16:55 PM Please respond to Eric Gunn [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc:(bcc: Kevin Cullimore) Subject: Beautiful Day, I passed CCIE written test today Hello Everyone, Failing the CCIE written test by one point yesterday really left a bad taste in my mouth. I brushed up and took the test again today. The question pool must be pretty big as I only got maybe 15 questions that were the same from yesterday. Anyway I passed the test with a mark of 75 and am thrilled. This whole ordeal has given me a better respect for certification, especially this test. As much as I learned in the process of getting to this point, I also realized there is that much more to learn. I am now planning on a quick pit stop to get Nortell NNCSS certification in routing(Any advice out there?). I then plan to obtain CCNP specialties in ATM and Voice over IP while studying for the lab. Now I will have to look back in the mail archives for suggestions on putting together a CCIE lab and taking a 2nd mortgage on the home so I can afford the equipment. I'd like to thank everyone on the group for their advice, this has been the best source of information for me. Time to watch some brainless entertainment tonight(Cough) WWF Wrestling(cough) I find it helps me relax after thinking so much :) Thanks Everyone, -Eric Gunn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] +-+ | This message may contain confidential and/or privileged | | information. If you are not the addressee or authorized to | | receive this for the addressee, you must not use, copy, | | disclose or take any action based on this message or any| | information herein. If you have received this message in | | error, please advise the sender immediately by reply e-mail | | and delete this message. Thank you for your cooperation. | +-+ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
Brian, Hi! Funny you bring this up, I just got a phone call on it today. Basically, you can have two seperate ISPs and have incoming redundant connections without using BGP. ISP1 will provide a block of IPs from a portion of their CIDR block to the "company." Since this is part of ISP1s CIDR block, they already broadcast a route to the rest of the internet containing the company's block of IPs. ISP2 will then also broadcast a route to ISP1's block of IPs (just the block!!!). The tricky part comes when you try to do load balancing between the two for incoming traffic!!! I am making several assumptions here (that the ISPs will play nice with each other among other things). Feel free and give me a call if you'd like to discuss further. -Brad Ellis CCIE#5796 Cisco Hardware: www.optsys.net 248-293-0091 [EMAIL PROTECTED] "Brian Wilcox" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... since there are other ways to achieve redundancy. Please advise what "other ways" there are to achieve redundancy for 'inbound' traffic via the Internet. Brian --- John Neiberger [EMAIL PROTECTED] wrote: To get an ASN you have to show that you either have a unique routing policy or that you are multihomed to separate providers. Sure, there are lots of companies that have multiple internet connections, but how many *really* need to have redundant connections to separate ISPs? Not really that many, since there are other ways to achieve redundancy. Now, with that said, we applied for and received an ASN a couple of months ago and they have already issued over 300 since then. At that rate, it won't be too long before we run into trouble. John I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs+
I found this situation doing research on CCO. the example shows two radius servers then two TACACS+ servers. look at the link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur _c/scprt1/scathen.htm Mike -Original Message- From: ItsMe [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 18, 2001 8:49 PM To: [EMAIL PROTECTED] Subject: Re: Tacacs+ Are you sure you can configure 2 Tacacs+ servers. I thought 1 Tacacs+, and/or 1 Radius and/or local? "Eric Gunn" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If more than 1 tacacs server is defined in a config what would happen if The user dosen't authenticate, it will NOT contact the second server correct? The only reason to have a second server assigned is if the first one is not responding, in which case the config would allow for use of the second server. Also Authentication must take place before anything can happen. I know I some of these questions are basic, I just want to verify and see if I am misunderstanding something. Thanks, --Eric _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AS numbers - Is there a global crisis?
If there is a global crisis would it not be cataloged here? http://www.telstra.net/ops/bgptable.html Subject: Re: AS numbers - Is there a global crisis? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec-timeout
Dennis, You added the line under your con0?? I'm assuming your consoling in then... Don't forget to add the same line to your other routers that your reverse telnetting to. Cory -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 3:00 PM To: '[EMAIL PROTECTED]' Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
I've been studying BGP, but something that keeps bothering me when I study it is that there are less than 65000 , (64511 to be exact) public AS numbers. It would seem to me that these would quickly run as out, as I would think that there are that many corporations world-wide that connected to the internet via BGP. Any thoughts on this? Thanks, Joey Fowler A valid observation that AS numbers are not an unlimited resource. The idea of a 32-bit number is indeed being examined in the IETF. In general, it isn't an immediate crisis. As of today's CIDR Report from Tony bates, there are 9674 AS in the global routing system. IIRC from September or so, there were then about twice this number that actually had been issued. For enterprise multihoming when the enterprise homes to multiple POPs of the same upstream, private AS work quite well. When enterprises multihome to two upstreams, private AS still can work with more administrative coordination. The bottom line is that the number of prefixes in the table is a more serious problem at the moment. This is more a convergence and computation problem than a memory problem. No question, however, that the 16 bit AS space won't last forever. Based on current projections, though, the IPv4 address space is likely to exhaust first. IPv6 is starting to become real; the 3rd generation wireless industry has adopted it and that is likely to be the "killer application" for V6. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Technical Director, CertificationZone.com Senior Mgr., IP Protocols Algorithms, NortelNetworks (for ID only) but Cisco stockholder! "retired" Certified Cisco Systems Instructor (CID) #93005 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exec-timeout
Dennis, I have my term server configured as: conf t line con 0 exec-timeout 0 0 line vty 0 4 exec-timeout 0 0 exit of course, this is only for a LAB, not a production router Kevin Wigle - Original Message - From: "Dennis Laganiere" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 3:59 PM Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec-timeout
A bunch of people sent me the exec-timeout 0 0 (including Kevin). I'm thinking that since the reverse telnet is being run on the Terminal Server, the router only knows I'm coming in through the console port, so I should set it on Con0, right? Anyway, I'm testing it now. The hardest part is keeping my hands off the keyboard for over 10 minutes. Thanks all... --- Dennis -Original Message- From: Kevin Wigle To: Dennis Laganiere; [EMAIL PROTECTED] Sent: 1/19/01 1:25 PM Subject: Re: Exec-timeout Dennis, I have my term server configured as: conf t line con 0 exec-timeout 0 0 line vty 0 4 exec-timeout 0 0 exit of course, this is only for a LAB, not a production router Kevin Wigle - Original Message - From: "Dennis Laganiere" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 3:59 PM Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
NetBIOS Extended User Interface (NetBEUI) was IBM's name for the NetBIOS driver that implements NetBIOS on top of LLC. At the time that IBM came up with the name they didn't use the term "user interface" as it has come to be used today. The "user" in this case was an application (not a human). They also had TokREUI by the way! That was their Token Ring driver. NetBIOS is an API that implements sessions, naming, etc. It can run on top of a few different transports: Over TCP/IP - NetBT Over IPX - NWLink Over LLC - NetBEUI Priscilla At 05:45 AM 1/19/01, John Nemeth wrote: On Jun 11, 12:14am, Adam Hickey wrote: } } A little further clarification. } } NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its } name is an acronym for NetBIOS Extended User Interface. Usually I think of "core" as being the innermost or lowest layer of something. NetBEUI doesn't provide a user interface, it is the lowest layer, sitting just above the hardware. The name is a bit of a misnomer. }-- End of excerpt from Adam Hickey _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Terminal serial to host cable
I recently connected my Cisco terminal setup (a laptop with a DB9-RJ45 adapter on Serial A) to a UNIX workstation with the gender adapters shown in the ASCII diagram below. I was surprised that it worked llike this because I expected a crossover of TX and RX, but when I pulled the adapters apart and followed the wires from end-to-end it appears there is no crossover. Pin numbers shown are those stamped on the connectors. Laptop Workstation DB9-RJ45RJ45-DB25 tx 2 6 ---straight---62 tx rx 3 3 ---through33 rx cable Shouldn't TX and RX cross over? Why does this work? Sorry about the slightly off-topic post. Jonathan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec-timeout
Dennis, Since your telnetting into the routers, you need to have the vty line with the exec timeout as well. You are going in through a virtual telnet session even though you are connected to a console port (kinda like telnetting into a router across an ethernet port). So make sure on the target routers that you have the vty set with the timeout as well. Don -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 2:34 PM To: Barnhill, Don Subject: RE: Exec-timeout Thanks, though I'm thinking since the reverse telnet is being run on the Terminal Server the router only knows I'm coming in through the console port, so I should set it on Con0, right? Anyway, I'm testing it now. Thanks... - Dennis -Original Message- From: Barnhill, Don To: 'Dennis Laganiere' Sent: 1/19/01 1:22 PM Subject: RE: Exec-timeout Dennis, Either use no exec-timeout or exec-timeout 0 0 (which it sounds like you are) Also you are telneting (reversely) to the router, so make sure it is on your vty line. Don -Original Message- From: Dennis Laganiere [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Friday, January 19, 2001 2:00 PM To: '[EMAIL PROTECTED]' Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OFF TOPIC - Howard - BGP under IPv6
I did a quick read of RFC titles, but did not see anything that looked promising Ipv6 appears to me to have been created as a way of dealing with the IP number shortage. Of course all related protocols and stacks will have to be modified to work with Ipv6 For BGP - will the AS field be upped to, say, 64 bits to deal with the AS crunch? 32 bit is under discussion on the IETF IDR mailing list, the group responsible for BGP. There's no draft yet as far as I know. Or do AS's become irrelevant in v6? No, AS will still be used. The basic migration strategy is to define IPv6 as a new address family using the BGP multiprotocol extensions, http://www.ietf.org/rfc/rfc2858.txt Any insight you would care to share? Chuck _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS numbers - Is there a global crisis?
Brian, Hi! Funny you bring this up, I just got a phone call on it today. Basically, you can have two seperate ISPs and have incoming redundant connections without using BGP. ISP1 will provide a block of IPs from a portion of their CIDR block to the "company." Since this is part of ISP1s CIDR block, they already broadcast a route to the rest of the internet containing the company's block of IPs. ISP2 will then also broadcast a route to ISP1's block of IPs (just the block!!!). The tricky part comes when you try to do load balancing between the two for incoming traffic!!! I am making several assumptions here (that the ISPs will play nice with each other among other things). ISP1, however, MUST advertise not its aggregate alone, but both its aggregate and the more-specific customer block that also is advertised by ISP2. Assume the following: ISP1 has the block 192.168.0.0/16. This is the only block it advertises. It delegates 192.168.2.0/24 to the customer. ISP2 advertises 192.168.2.0/24. So in the global routing table, there will be two routes: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP2 Since 192.16.2.0/24 is more specific than 192.168.0.0/16, the rest of the world will send ALL 192.168.2.0/24 traffic to ISP2. By having ISP1 advertise both its aggregate and the more-specific, the routing system conceptually will contain: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP1 192.168.2.0/24 ISP2 Other AS will install the ISP1 route to 192.168.2.0/24 if their connectivity to ISP1 is better than their connectivity to ISP2, and vice versa. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Books.PDF for public!
Dear All, After I passed my CCNA I am involved to establish FTP server and collect all CCNA resources and put them in that server, as I want to make it easy access to everybody on the net. I already started it and ther are some resources there. but I really need some help to collect more materials for all CISCO exams such as CCNA, CCDA, CCNP, CCDP ..etc. any Advise and help will be appreciated. Awaiting for your reply. Regards Magdy H. Ibrahim CCNA, MCSE System Administrator _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec-timeout
Don, I would have to disagree with that... When you go from the terminal server you are going out of an asynchronous port into the console port of another router... You may be telnetted into the terminal server but that is the only actual telnet session happening.I've been wrong before (more than most) but I'm thinkin I'm correct on this one. Cory -Original Message- From: Barnhill, Don [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 4:12 PM To: 'Dennis Laganiere' Cc: '[EMAIL PROTECTED]' Subject: RE: Exec-timeout Dennis, Since your telnetting into the routers, you need to have the vty line with the exec timeout as well. You are going in through a virtual telnet session even though you are connected to a console port (kinda like telnetting into a router across an ethernet port). So make sure on the target routers that you have the vty set with the timeout as well. Don -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 2:34 PM To: Barnhill, Don Subject: RE: Exec-timeout Thanks, though I'm thinking since the reverse telnet is being run on the Terminal Server the router only knows I'm coming in through the console port, so I should set it on Con0, right? Anyway, I'm testing it now. Thanks... - Dennis -Original Message- From: Barnhill, Don To: 'Dennis Laganiere' Sent: 1/19/01 1:22 PM Subject: RE: Exec-timeout Dennis, Either use no exec-timeout or exec-timeout 0 0 (which it sounds like you are) Also you are telneting (reversely) to the router, so make sure it is on your vty line. Don -Original Message- From: Dennis Laganiere [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Friday, January 19, 2001 2:00 PM To: '[EMAIL PROTECTED]' Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CEF or round robin
OK gang I need to opinions. We set up 2 point-to-point Ts to a client running CEF. Everything seemed to work fine, speed was good, packets per T was about equal. Then we had a switch go bad. We replaced it but still had a sluggish network. Some of our techs came in from another office and together we found the problem. While looking around they saw CEF per-packet was set on the 2 Ts. They informed our CEO that was really wrong and should not be ran that way. They said "round robin is the only real way to utilize 2 Ts". I say # *! Any opinions? Thanks in advance, Steve _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec-timeout
Cory, I believe your right. I dont know what I was thinking, oh well, I do appologize for the erroneous post. Don -Original Message- From: Stull, Cory [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 3:40 PM To: Barnhill, Don Cc: '[EMAIL PROTECTED]' Subject: RE: Exec-timeout Don, I would have to disagree with that... When you go from the terminal server you are going out of an asynchronous port into the console port of another router... You may be telnetted into the terminal server but that is the only actual telnet session happening.I've been wrong before (more than most) but I'm thinkin I'm correct on this one. Cory -Original Message- From: Barnhill, Don [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 4:12 PM To: 'Dennis Laganiere' Cc: '[EMAIL PROTECTED]' Subject: RE: Exec-timeout Dennis, Since your telnetting into the routers, you need to have the vty line with the exec timeout as well. You are going in through a virtual telnet session even though you are connected to a console port (kinda like telnetting into a router across an ethernet port). So make sure on the target routers that you have the vty set with the timeout as well. Don -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 2:34 PM To: Barnhill, Don Subject: RE: Exec-timeout Thanks, though I'm thinking since the reverse telnet is being run on the Terminal Server the router only knows I'm coming in through the console port, so I should set it on Con0, right? Anyway, I'm testing it now. Thanks... - Dennis -Original Message- From: Barnhill, Don To: 'Dennis Laganiere' Sent: 1/19/01 1:22 PM Subject: RE: Exec-timeout Dennis, Either use no exec-timeout or exec-timeout 0 0 (which it sounds like you are) Also you are telneting (reversely) to the router, so make sure it is on your vty line. Don -Original Message- From: Dennis Laganiere [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Friday, January 19, 2001 2:00 PM To: '[EMAIL PROTECTED]' Subject: Exec-timeout I'm using terminal server to get to my lab routers and every time I go back the mandatory 10 minutes has gone by and I need to log in again. I thought the command to extend this time was exec-timeout (which I put on con 0), but it doesn't seem to be changing. What am I doing wrong? It's not an earth-shattering thing, just a nuisance. Thanks... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Altiga Question
Open a case with Cisco. I am working with the VPN 3000 series, but not with Win2K or the PIX. I use the Cisco client software and it works fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Manoj Ghorpade Sent: Friday, January 19, 2001 12:06 AM To: [EMAIL PROTECTED] Subject: Re: Altiga Question Hi Group, Does it mean that nobodys worked on Altiga / doesn't want to share on Altiga ? Regards Manoj Ghorpade ([EMAIL PROTECTED]) Manoj Ghorpade wrote: Hi Group, I'm facing problems setting up a VPN connection with Altiga and Windows 2000 CA server. (Using L2TP) Can anyone advise/suggest the correct procedure of implementing the solutions ? Componets of of my Network are :- 1. A Cisco Router 3640 2. A Pix Firewall 515 3. Altiga 3000 VPN Concentrator 4. Switch 2948G- L3 5. Windows 2000 Advance Server. I run the NAT on PIX and currently have only ports 80,443,22 1352 open. I followed the procedures : "Installing Digital Certificates on Cisco VPN 3000 Concentrator" , "Configuring the Cisco VPN 3000 Concentrator for Microsoft Windows 2000 Support" "Using a Microsoft Windows 2000 Client to Connect to the Cisco VPN 3000 Concentrator" These all references are download from the offical Cisco Web Site. After doing these a protocol error "Error 789 : The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Also from the design perspective advise me where to keep the Certificate Server, like should it be in the DMZ or running in the internal network (does it really matter ?) On the Alitga, in the ESP-L2TP-TRANSPORT template, what are the settings that should be there ? The error may be related to the fact, that we accidently deleted the transport template and re-added it . Also advice the on how to setup the Windows 2000 Certificate Server ? Regards Manoj Ghorpade. ([EMAIL PROTECTED]) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CEF or round robin
So what was the problem you found that was effecting traffic negatively? CEF does not necessarily "load share" equally across two paths. It can be set up to do "per source/destination" or "per packet" Per source/destination has the usual problems - all traffic can end up going across one link. Per packet will indeed share traffic more or less equally across two links. My reading indicates that CEF per packet is actually the way to go if one wants to balance traffic equally across two paths. ( Cisco press book Network Design and Case Studies ) ( BTW anyone else think this book is not all that good? ) HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steve Smith Sent: Friday, January 19, 2001 2:39 PM To: [EMAIL PROTECTED] Subject:CEF or round robin OK gang I need to opinions. We set up 2 point-to-point Ts to a client running CEF. Everything seemed to work fine, speed was good, packets per T was about equal. Then we had a switch go bad. We replaced it but still had a sluggish network. Some of our techs came in from another office and together we found the problem. While looking around they saw CEF per-packet was set on the 2 Ts. They informed our CEO that was really wrong and should not be ran that way. They said "round robin is the only real way to utilize 2 Ts". I say # *! Any opinions? Thanks in advance, Steve _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AS numbers - Is there a global crisis?
By having ISP1 advertise both its aggregate and the more-specific, the routing system conceptually will contain: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP1 192.168.2.0/24 ISP2 CL: And two more routes go into the global tables. Wasn't CIDR supposed to stop this kind of thing? ;- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Howard C. Berkowitz Sent: Friday, January 19, 2001 2:28 PM To: [EMAIL PROTECTED] Subject:Re: AS numbers - Is there a global crisis? Brian, Hi! Funny you bring this up, I just got a phone call on it today. Basically, you can have two seperate ISPs and have incoming redundant connections without using BGP. ISP1 will provide a block of IPs from a portion of their CIDR block to the "company." Since this is part of ISP1s CIDR block, they already broadcast a route to the rest of the internet containing the company's block of IPs. ISP2 will then also broadcast a route to ISP1's block of IPs (just the block!!!). The tricky part comes when you try to do load balancing between the two for incoming traffic!!! I am making several assumptions here (that the ISPs will play nice with each other among other things). ISP1, however, MUST advertise not its aggregate alone, but both its aggregate and the more-specific customer block that also is advertised by ISP2. Assume the following: ISP1 has the block 192.168.0.0/16. This is the only block it advertises. It delegates 192.168.2.0/24 to the customer. ISP2 advertises 192.168.2.0/24. So in the global routing table, there will be two routes: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP2 Since 192.16.2.0/24 is more specific than 192.168.0.0/16, the rest of the world will send ALL 192.168.2.0/24 traffic to ISP2. By having ISP1 advertise both its aggregate and the more-specific, the routing system conceptually will contain: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP1 192.168.2.0/24 ISP2 Other AS will install the ISP1 route to 192.168.2.0/24 if their connectivity to ISP1 is better than their connectivity to ISP2, and vice versa. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CEF or round robin
Two T1's going to the same ISP? Why not use PPP and make one big pipe? I like simple answers. Check your port/speed/duplex settings on the new switch. ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 002601c0826f$f0c1fe40$[EMAIL PROTECTED]">news:002601c0826f$f0c1fe40$[EMAIL PROTECTED]... So what was the problem you found that was effecting traffic negatively? CEF does not necessarily "load share" equally across two paths. It can be set up to do "per source/destination" or "per packet" Per source/destination has the usual problems - all traffic can end up going across one link. Per packet will indeed share traffic more or less equally across two links. My reading indicates that CEF per packet is actually the way to go if one wants to balance traffic equally across two paths. ( Cisco press book Network Design and Case Studies ) ( BTW anyone else think this book is not all that good? ) HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steve Smith Sent: Friday, January 19, 2001 2:39 PM To: [EMAIL PROTECTED] Subject: CEF or round robin OK gang I need to opinions. We set up 2 point-to-point Ts to a client running CEF. Everything seemed to work fine, speed was good, packets per T was about equal. Then we had a switch go bad. We replaced it but still had a sluggish network. Some of our techs came in from another office and together we found the problem. While looking around they saw CEF per-packet was set on the 2 Ts. They informed our CEO that was really wrong and should not be ran that way. They said "round robin is the only real way to utilize 2 Ts". I say # *! Any opinions? Thanks in advance, Steve _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 X cisco 2501 For sale
any one interest please send me E-mail : [EMAIL PROTECTED] Location :- Canada - Toronto thank you.. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bgp regular expressions
Hello, Does anyone know how to tell the router to allow all AS's except for Private AS's for Ingress traffic? I know that .* tells it to allow all paths, but how do I exclude 65xxx (Private AS's)? I know about the keyword "remove-private-as", but this is for Egress (outbound) traffic. As far as I know it's for when your using confederations and such. Is this something I need to be concerned with? I'm not sure if this is something I should be spending my time on or not. Is it necessary to block inbound Private AS's? Please excuse my ignorance, I'm still learning! Thank You, Andre _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Reg Expressions
Hello, Does anyone know how to tell the router to allow all AS's except for Private AS's for Ingress traffic? I know that .* tells it to allow all paths, but how do I exclude 65xxx (Private AS's)? I know about the keyword "remove-private-as", but this is for Egress (outbound) traffic. As far as I know it's for when your using confederations and such. Is this something I need to be concerned with? I'm not sure if this is something I should be spending my time on or not. Is it necessary to block inbound Private AS's? Please excuse my ignorance, I'm still learning! Thank You, Andre _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AS numbers - Is there a global crisis?
By having ISP1 advertise both its aggregate and the more-specific, the routing system conceptually will contain: 192.168.0.0/16 ISP1 192.168.2.0/24 ISP1 192.168.2.0/24 ISP2 CL: And two more routes go into the global tables. Wasn't CIDR supposed to stop this kind of thing? ;- Correct. But BGP and CIDR were not designed to optimize traffic flow. This is a way to coerce them into doing it. The significant thing about a dog walking on its hind legs is not how well he does it, but that he does it at all. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Memory for 4000 series router
I am trying to upgrade the memory in my 4000 series router. It looks = like 72-pin 60ns parity, can someone confirm this?=20 -- Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
