RE: Cisco PIX : Static and Conduit command
Hi, Thanks for the info. Is there any documents that i can refer to?. Would the PIX still maintain the stateful capabilities without the conduit command?. Thanks. "Nabil Fares" [EMAIL PROTECTED] on 15-02-2001 11:39:59 PM To: [EMAIL PROTECTED], [EMAIL PROTECTED] cc: Subject: RE: Cisco PIX : Static and Conduit command That's true, conduits are going away. The only reason you see them is for backward compatibility issues. Definitely use static commands with access-lists. Its a two-step process, but its a nice feature. HTH Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 15, 2001 2:51 AM To: [EMAIL PROTECTED] Subject: Cisco PIX : Static and Conduit command Does anybody know about the advantage of having static conduit command compare with access-list/access-group command in PIX?. I heard that the static conduit will no longer available in the future realease. Is it True??. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BSCN
I am studying from the Cisco Press Book by catherine Paquet and Diane Teare Its quiet good and covers from teh exam point of view Regards Gayathri Manny Colon [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just purchased the CCNP Routing Study Guide published by Sybex. Is the BSCN Cisco Press book better? I also have Routing TCP/IP Volume one. What should I use to study for the exam. -- Regards, Manny Colon Computer Services Information Builders Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
telnet - to - PIX Internet router-
Hello Everybody, A pix is connected to Cisco Internet router via cross cable and I could manage the PIX over the network by a telnet session but how can I reach to Internet router from the network.? As I have seen there is no telnet capability for the PIX. Murat KIRMACI CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and NAT with VPN
The PIX does not route. Period. - Original Message - From: Kenneth [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Thursday, February 15, 2001 6:35 PM Subject: Re: PIX and NAT with VPN I'm totally foreign to PIX but I'm just wondering, maybe it's possible to use policy-based routing on PIX? "Rick Holden" [EMAIL PROTECTED] wrote in message 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]... I have a PIX firewall that is being used for a VPN as well. The problem is all the inside addresses are being translated to public addresses even when the traffic is destine for the VPN tunnel. I tried the following commands but this seems to block all translations. (real IPs have been replaced for security) access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.1 net 255.255.255.255 I also tried using DENY in the access list access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 This didn't work either. How can I can the traffic destined for the Internet to be translated and the traffic destined for the VPN not be translated? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Summarisation question
/27 is the correct summarization for those routes, but the range it covers is 0-31, with 1-30 being valid hosts. Get a subnet calculator to double-check your math: http://support.3com.com/software/utilities_for_windows_32_bit.htm ftp://ftp.3com.com/pub/utilbin/win32/3CIPCalc.zip -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Stuart Laubstein" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Assuming the following internal routes need to be summarised 10.40.3.11 255.255.255.240 10.40.3.15 255.255.255.240 10.40.3.18 255.255.255.240 10.40.3.26 255.255.255.240 Could they be summarised as 10.40.3.0 255.255.255.224 and the space summarised would be 10.40.3.1 - 10.40.3.53 Am I completely off base or close to the correct answer? I have studied so much I have confused myself. thanks stuart _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet - to - PIX Internet router-
Correct, for security reasons the PIX does not act as a terminal server to allow you to telnet from it. If you wish to telnet to a router through the pix, configure a static NAT, and the a conduit to permit tcp/23. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Murat Kirmaci" [EMAIL PROTECTED] wrote in message B190548C7CC1D41182500048541277A421FB0B@INET">news:B190548C7CC1D41182500048541277A421FB0B@INET... Hello Everybody, A pix is connected to Cisco Internet router via cross cable and I could manage the PIX over the network by a telnet session but how can I reach to Internet router from the network.? As I have seen there is no telnet capability for the PIX. Murat KIRMACI CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
automating monotonous tasks
hi all I am in the process of automating adding in of bandwidth statements for all my customers' interfaces anyone know of a fast way of automating this tasks , I have about a few hundred interfaces to key in regards, suaveguru __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netflow course ???
Hello all. Does anybody know if Cisco gives training to use Netflow (Analyzer) ??? If yes, where in Europe and how much ??? (If someone knows courses in Spain or can give me a clue, it would be great) Thanks in advance. Jorge H. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab location restriction?
Does anyone know if there's a restriction on where someone may take the standard R/S lab? I'm getting ready to schedule mine, and if there's a backlog until August in the states, Australia looks promising. I couldn't find any info on Cisco's site, other than all labs, worldwide, are pulled from the same pool. Thanks, Craig _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX firewall
I have a question about the pix firewall.. I have a network with a couple of devices on it. Here is the network: Frame router--- netra t1 PIX firewall--- Switch-- The switch is where the netra t1 and the router and firewall are connected. When I reboot my netra t1 the PIX firewall grabs the traffic instead of sending back up stream through the Cisco firewall. I remove the firewall everything works okay. Does pix have some type of proxy ARP that grabs the traffic??? Please help Craig Hyman SUN SRS Implementation Team Help Desk Tier 2 [EMAIL PROTECTED] Broomfield Office 303-272-2661 Virtual Office Phone Number 925-777-0672 SkyPager Number 1-888-860-5913 -Original Message- From: Deepak Sharma [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 15, 2001 9:57 PM To: cisco Subject:PIX firewall quick question, and probably dumb question!!. when I set up a pix firewall user--56k dialup--pix--nt server to authenticate the user, does pix use NT auth. or another type of auth.username/password has to be setup within pix... thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: automating monotonous tasks
If you have a unix box I would do this myself: telnet cisco show run | include Serial copy and paste the results to a file delete out any serials you don't want bandwidth statements for create this script #!/bin/bash exec serialsfile while read serial do echo "$serial" serial.cfg echo "bandwidth 56" serial.cfg echo "exit" serial.cfg done run it, paste the results into your telnet session andy On Fri, 16 Feb 2001, suaveguru wrote: hi all I am in the process of automating adding in of bandwidth statements for all my customers' interfaces anyone know of a fast way of automating this tasks , I have about a few hundred interfaces to key in regards, suaveguru __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT Fridays funnie!
A farmer got pulled over by a state trooper for speeding, and the trooper started to lecture the farmer about his speed, and in general began to throw his weight around to try to make the farmer uncomfortable. Finally, the trooper got around to writing out the ticket, and as he was doing that he kept swatting at some flies that were buzzing around his head. The farmer said, "Having some problems with circle flies there, are ya?" The trooper stopped writing the ticket and said, "Well, yeah, is that what they are? I've never heard of circle flies." So the farmer said, "Well, circle flies are common on farms. See, they're called circle flies because they're almost always found circling around the backend of a horse." The trooper said, "Oh," and went back to writing the ticket. Then after a minute he stopped and said, "Hey, wait a minute. Are you trying to call me a horse's ass?" The farmer said, "Oh no, officer. I have too much respect for law enforcement and police officers to even think about calling you a horse's ass." The trooper said, "Well, that's a good thing," and went back to writing the ticket. After a long pause, the farmer said, "Hard to fool them flies, though." -- Natasha Flazynski http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
memory needed for cisco 2620 router
I need to upgrade my cisco 2620 router (currently it has 24MB RAM) to at least 32MB RAM so that I can test IPSec features. I notice that the RAM for cisco 2620 looks different than older PCs memory. If anyone who know of a particular PC memory that can be used for the router or you have memory for cisco 2620 (preferably 16MB piece), I would like to buy it from you. Places like CDW charges an arm and leg for the memory which something that I can not afford at this moment. Thanks. John C. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lad scheduling question
Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: memory needed for cisco 2620 router
Try http://www.memoryx.com Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: John Chambers [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: memory needed for cisco 2620 router I need to upgrade my cisco 2620 router (currently it has 24MB RAM) to at least 32MB RAM so that I can test IPSec features. I notice that the RAM for cisco 2620 looks different than older PCs memory. If anyone who know of a particular PC memory that can be used for the router or you have memory for cisco 2620 (preferably 16MB piece), I would like to buy it from you. Places like CDW charges an arm and leg for the memory which something that I can not afford at this moment. Thanks. John C. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finished CCNP!
Hi I just took the Support Exam today. Very tough!!! The questions and answers are very badly written and i need to take alot of time re-reading them! This is the longest exam (took 90 mins) i take for CCNP exam!!! So can image those funny qns "John Neiberger" [EMAIL PROTECTED] wrote in message sa8a444c.031@fsutil01">news:sa8a444c.031@fsutil01... Finally, after much procrastination all last year, I have finished this darn thing. I took the Switching test last summer, but then put the entire thing on hold because I was tired of all the studying. :-) But then an acquaintance of mine gave me an idea: just schedule the tests and that will force you study for them. He was right, that provided a great motivation. I schedule Remote Access five weeks ago, Routing two weeks ago, and then Support last night. I must say that the Support test is both easy and hard. It was fairly easy in some areas because I do a LOT of troubleshooting at work. however, some of the questions are *very* poorly written. I recall one question where you had to pick the "best" answer, but four of the five answer were correct and two of those were almost identical. Yikes. There were at least four or five questions where I made an educated guess because I couldn't figure out what they were really asking. And, as someone else mentioned before, the final grade is broken down into four categories and I don't remember getting a single question in two of those categories! I also have to sympathize with those of you who don't have anyone around who really cares that you pass your tests. None of my coworkers--including my boss--really care. My wife cares, but she doesn't understand any of it. So, I feel your pain. :-) Now, on to CCDP. I think I'll schedule that bugger in two or three weeks to get it out of the way. And thenon to the big guy... that's spooky. g Regards, John Neiberger, CCNP (P = procrastinator) and CCDA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: memory needed for cisco 2620 router
www.ram-it.com - rocky mountain ram www.crucial.com - micron memory -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Friday, February 16, 2001 9:30 AM To: 'John Chambers'; [EMAIL PROTECTED] Subject: RE: memory needed for cisco 2620 router Try http://www.memoryx.com Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: John Chambers [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: memory needed for cisco 2620 router I need to upgrade my cisco 2620 router (currently it has 24MB RAM) to at least 32MB RAM so that I can test IPSec features. I notice that the RAM for cisco 2620 looks different than older PCs memory. If anyone who know of a particular PC memory that can be used for the router or you have memory for cisco 2620 (preferably 16MB piece), I would like to buy it from you. Places like CDW charges an arm and leg for the memory which something that I can not afford at this moment. Thanks. John C. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Specialization Certifcation Advice Needed
Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Octets ???
How do I convert octects to Kbps? How do you read/understand octects? = Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Specialization Certifcation Advice Needed
According to the Cisco certification site, that Specialization is retired. "GNOME" wrote in message 96jj3i$eau$[EMAIL PROTECTED]... Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccnp routing frames
I made out a diagram showing the different types of areas and listed which LSA's would be allowed into the area. The NSSA was the wierdest one to remember. Brian From: Priscilla Oppenheimer [EMAIL PROTECTED] Reply-To: Priscilla Oppenheimer [EMAIL PROTECTED] To: Robert Nickson [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: ccnp routing frames Date: Thu, 15 Feb 2001 11:03:50 -0800 At 10:19 AM 2/15/01, Robert Nickson wrote: sorry for OSPF You should have left out that extra piece of information that the packets you mention are for OSPF, and anyone who didn't know that should go back to studying. ;-) This is an odd way of saying that you would have to know at least that much for the routing exam. You don't have to know the exact frame formats. It's must more important to understand the general principles of how OSPF routers become adjacent and synchronize their databases, and to be able to recognize the commonality in the frame formats. With regards to frame formats, I think you should know the following: OSPF runs directly above IP, using protocol type 89. (It does not use TCP or UDP.) OSPF packets have an IP TTL of 1. OSPF packets are sent to a reserved multicast address, either AllSPFRouters (224.0.0.5) or AllDRouters (224.0.0.6). Each OSPF packet type begins with an OSPF packet header. The Hello packet is used to find neighbors and detect problems. All the other packet types carry link-state advertisement information of some sort. The best book for describing what you should "really care about" when learning OSPF is Howard Berkowitz's "Designing Routing and Switching Architectures." I think he does a better job than Doyle in making sure the reader focuses on what really matters. And, as we know, he dispels urban myths with style and aplomb. Priscilla -Original Message- From: Robert Nickson Sent: Thursday, February 15, 2001 10:10 AM To: [EMAIL PROTECTED] Subject: ccnp routing frames On the CCNP routing exam is there any questions on (i.e do i have to memorise) frame for frame the format of hello packets,DD packets,LSA packet frames...etc like ..version,type,packet length,route ID,Area ID,Checksum,Au type,Authentication etc etc or is there certain fields i should learn Any help would be useful Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tragedy of the Commons (was Thought youd enjoy this
i wouldn`t bother ,lauren.once they decide you have done wrong...then you have done wrong.it doesn`t seem to matter if your gulity(me) or innocent(you)... regards steve From: Lauren Child [EMAIL PROTECTED] Reply-To: Lauren Child [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Tragedy of the Commons (was Thought youd enjoy this Date: Thu, 15 Feb 2001 21:47:12 + Ray Mosely wrote: I read a bit of callousness in Lauren's approach, but I agree with the general idea Lauren proposes. I have sent out similar emails to people who waste my time, instead of doing a bit of research. I also oppose the use of "shorthand" english in public emails. It is offputting, so I tend to ignore those people entirely. Thank you, yes I was callous, but I was in a callous mood and am getting pretty fed up with people grabbing my address of usenet instead of posting to usenet and keeping the pasture going. Personally I think I have the right to get fed up when this is happenning a lot. Theres a difference between sharing a pasture, and half a dozen sheep running over and pestering you asking you personally to "please pass the grass", as they cant be bothered to bend over. If he'd tried a search engine and/or posted to a group or listserv that he needed help, then Id have *volunteered* my help, as I have done many times before. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Netflow course ???
Why do you require training in a product that you can download, and of which the documentation is 20 pages long? There might be some classes which cover Netflow (and possibly the analyzer and collector tools), for example DCIINS or ATECH, but I don't know anyone who is offering these courses yet. While there is no official training, Cisco (even EMEA) will do personal training for you if you ask your AM or SE. This is probably a question you should be asking them in the first place. -dre ""Jorge Hurtado Antón"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all. Does anybody know if Cisco gives training to use Netflow (Analyzer) ??? If yes, where in Europe and how much ??? (If someone knows courses in Spain or can give me a clue, it would be great) Thanks in advance. Jorge H. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Another strange routing behaviour
Hi, all. I might have posted something similar to this not too long ago but I might not have beed specific enough. Here's the story: HostA ---Router1---Router9HostB If i traceroute from within Router1 to HostB, it goes through. But if i do the same from HostA, it stops at Router9. The same thing happens when tracerouting from HostB's end, it stops at Router1. So i checked with another network that also has a route to Router9, ans the same story happens. From the Router-Y the trace gets to HostB. But from Host-Y it stops at Router9. Has anyone else seen this and figured out the cause? Thanks. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Octets ???
An octet = one byte, or eight bits. This term is commonly used to refer to different portions of an IP address in dotted-decimal format. For example, in the address 172.16.20.10, the first octect is 172, and the second octet is 16. I'm sure there are many other common uses of this particular term, but this is the only usage in my vocabulary. g "NetEng" [EMAIL PROTECTED] 2/16/01 8:45:12 AM How do I convert octects to Kbps? How do you read/understand octects? = Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Octets ???
One octet = one byte. Since there is 8 bits in a byte you would multiple the octets by 8 to convert to bps. I personally convert any graphs or other data that is in octets to bps when dealing with LAN/WAN performance data. If your talking about server throughput most people talk in bytes. Jim -Original Message- From: NetEng [SMTP:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 9:45 AM To: [EMAIL PROTECTED] Subject: Octets ??? How do I convert octects to Kbps? How do you read/understand octects? = Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] *** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Another strange routing behaviour
This sounds like an access list problem somewhere. It could be on Router9, or it could be on the other routers. Outgoing access lists do not filter packets originated from the routers themselves. So, you could have an access list blocking outgoing ICMP that would still allow the router itself to originate a trace but would block any other hosts from doing the same thing. Or, perhaps you have an access list on Router9 that is blocking ICMP from other networks, but not directly attached networks/routers. I would initially take the following steps: Telnet to router9, turn off logging to the console and turn on icmp debugging. Try a trace from Router1 and then one from HostA. Turn off debugging and examine the logs. (assuming that you were logging in the first place.) Then go to Router1 and repeat the process. That might help pinpoint where the problem actually lies. HTH, John "Deloso, Elmer G (WPNSTA Yorktown)" [EMAIL PROTECTED] 2/16/01 9:03:32 AM Hi, all. I might have posted something similar to this not too long ago but I might not have beed specific enough. Here's the story: HostA ---Router1---Router9HostB If i traceroute from within Router1 to HostB, it goes through. But if i do the same from HostA, it stops at Router9. The same thing happens when tracerouting from HostB's end, it stops at Router1. So i checked with another network that also has a route to Router9, ans the same story happens. From the Router-Y the trace gets to HostB. But from Host-Y it stops at Router9. Has anyone else seen this and figured out the cause? Thanks. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE Written!!!!!!!!!!
Today I scheduled my Lab day. The NC test center all booked up to September. However, I get one slot in July and it is said because someone just cancelled. Chan. ""Shaheed, Manzur"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . I am in Australia and a friend of mine booked his Lab two weeks ago for April. Thats how I got the idea. -Original Message- From: ItsMe [SMTP:[EMAIL PROTECTED]] Sent: Friday, 16 February 2001 15:08 To: [EMAIL PROTECTED] Subject: Re: Passed CCIE Written!! Well, since you can't reserve the LAB until you pass, and they are booked into August, I think April is impossible. ""Shaheed, Manzur"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED] .. . Group, I just passed CCIE - Routing and Switching written exam. I completed CCNP2.0 in last December. I decided to take the written exam asap while everything is still fresh in my mind. I am hoping to complete the Lab in April 2001 (too ambitious???) Thanks to this group - I have learnt a lot of things from the discussions. Regards Manzur Shaheed MSCS, CCNP 2.0, MCSE+I, CCIE - Candidate. Melbourne, Australia. CAUTION This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must (a) not disseminate, copy or take any action in reliance on it; (b) please notify Australia Post immediately by return e-mail to the sender; and (c) please delete the original e-mail. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] CAUTION This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must (a) not disseminate, copy or take any action in reliance on it; (b) please notify Australia Post immediately by return e-mail to the sender; and (c) please delete the original e-mail. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Specialization Certifcation Advice Needed
CATM spec cert will retire on 14-May-01, so get it quick. NY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Arthur Stewart Sent: Friday, February 16, 2001 11:50 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Specialization Certifcation Advice Needed According to the Cisco certification site, that Specialization is retired. "GNOME" wrote in message 96jj3i$eau$[EMAIL PROTECTED]... Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Another strange routing behaviour
Hello, From personal experience I would point the finger at access lists. Take this scenario into account Host A - RouterA - (wan) - RouterB - HostB 192.168.1.0 192.168.2.0 192.168.3.0 Ok, if you had an access list that say permitted traffic to exit on Router A from Router B it would get to HostA, BUT that same access list would not permit HostB on a different subnet to Talk to Host A. That would require RouterA to know about Host B's subnet and allow routing from it. The same holds true crossing the link in the opposite direction. Brandon Ripper CCNA PS This would happen on the entire net because off same config problem every place, or possibly lack of config. At 11:03 AM 2/16/01 -0500, you wrote: Hi, all. I might have posted something similar to this not too long ago but I might not have beed specific enough. Here's the story: HostA ---Router1---Router9HostB If i traceroute from within Router1 to HostB, it goes through. But if i do the same from HostA, it stops at Router9. The same thing happens when tracerouting from HostB's end, it stops at Router1. So i checked with another network that also has a route to Router9, ans the same story happens. From the Router-Y the trace gets to HostB. But from Host-Y it stops at Router9. Has anyone else seen this and figured out the cause? Thanks. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lab location restriction?
From what I understand you can book anywhere, at your travel expense of course.. Whats the lead time in Australia? "Craig Columbus" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know if there's a restriction on where someone may take the standard R/S lab? I'm getting ready to schedule mine, and if there's a backlog until August in the states, Australia looks promising. I couldn't find any info on Cisco's site, other than all labs, worldwide, are pulled from the same pool. Thanks, Craig _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
You can schedule the date up to one year after the written exam. www.cisco.com John Hardman wrote: Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and NAT with VPN
OK maybe this is a terminology misunderstanding on my part, but I have about 15 route statements in my PIX and use a pix-pix vpn using IPSec. route interface-name ip_address netmask gateway metric One of the VPNs set up here had something a little weird where we had to set up statics for VPN to work but that's something I'll be working on solving at a later time. Just for grins try setting up a static statement for one of the workstations trying to get through and see if it stops using NAT. You'll find the IPSec user guide on the cisco website very useful for more info on this. Allen - Original Message - From: "Groupstudy" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 16, 2001 2:38 AM Subject: Re: PIX and NAT with VPN The PIX does not route. Period. - Original Message - From: Kenneth [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Thursday, February 15, 2001 6:35 PM Subject: Re: PIX and NAT with VPN I'm totally foreign to PIX but I'm just wondering, maybe it's possible to use policy-based routing on PIX? "Rick Holden" [EMAIL PROTECTED] wrote in message 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]... I have a PIX firewall that is being used for a VPN as well. The problem is all the inside addresses are being translated to public addresses even when the traffic is destine for the VPN tunnel. I tried the following commands but this seems to block all translations. (real IPs have been replaced for security) access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.1 net 255.255.255.255 I also tried using DENY in the access list access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 This didn't work either. How can I can the traffic destined for the Internet to be translated and the traffic destined for the VPN not be translated? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC to IP address?
How do I find out someone's IP address from there MAC address? Can I = find out who's MAC address is associated will and IP address?=20 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Firewalls and VPNs
I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Specialization Certifcation Advice Needed
The test will retire in May, the cert retired this week "NY" wrote in message ... CATM spec cert will retire on 14-May-01, so get it quick. NY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Arthur Stewart Sent: Friday, February 16, 2001 11:50 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Specialization Certifcation Advice Needed According to the Cisco certification site, that Specialization is retired. "GNOME" wrote in message 96jj3i$eau$[EMAIL PROTECTED]... Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Specialization Certifcation Advice Needed
Cisco has been doing a lot of revamping to their certification tracks. For my money, I'm going to get the CCNP/DP first, then worry about any specializations. The idea for me is that the NP/DP will give me a better foundation for whatever it is I want to specialize in. [EMAIL PROTECTED] ""GNOME"" [EMAIL PROTECTED] wrote in message 96jj3i$eau$[EMAIL PROTECTED]">news:96jj3i$eau$[EMAIL PROTECTED]... Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Specialization Certifcation Advice Needed
(Read all the screens) I see from your original post that you already have the CCNP and CCDP. So my theory is pretty much out the window. Of course, Cisco's retirement/changing of their specializations sort of makes this whole thread moot. [EMAIL PROTECTED] ""haroldnjoe"" [EMAIL PROTECTED] wrote in message 96jqtc$94l$[EMAIL PROTECTED]">news:96jqtc$94l$[EMAIL PROTECTED]... Cisco has been doing a lot of revamping to their certification tracks. For my money, I'm going to get the CCNP/DP first, then worry about any specializations. The idea for me is that the NP/DP will give me a better foundation for whatever it is I want to specialize in. [EMAIL PROTECTED] ""GNOME"" [EMAIL PROTECTED] wrote in message 96jj3i$eau$[EMAIL PROTECTED]">news:96jj3i$eau$[EMAIL PROTECTED]... Hi I am thinking of taking the CATM Specialization Certification. However, can anyone advice me what is the advantage of it or it is useful as compared to attaining CCNP/CCDP? Regards GNOME (CCNP, CCDP) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Octets ???
I know octets from an IP address point, but I have a program that records traffic in octets. How do I read that? ""Rampley, Jim"" [EMAIL PROTECTED] wrote in message A42F2841748ED411BDF70010B5458DDD1FAEA3@HQEXCHN10">news:A42F2841748ED411BDF70010B5458DDD1FAEA3@HQEXCHN10... One octet = one byte. Since there is 8 bits in a byte you would multiple the octets by 8 to convert to bps. I personally convert any graphs or other data that is in octets to bps when dealing with LAN/WAN performance data. If your talking about server throughput most people talk in bytes. Jim -Original Message- From: NetEng [SMTP:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 9:45 AM To: [EMAIL PROTECTED] Subject: Octets ??? How do I convert octects to Kbps? How do you read/understand octects? = Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] *** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewalls and VPNs
The PIX does route, but it is not a router. You can add static routes: pixfirewall(config)# route usage: [no] route if_name foreign_ip mask gateway [metric] or, you can run RIP to broadcast default route or run passive RIP: pixfirewall(config)# rip usage: [no] rip if_name default|passive [version 1|2] [authentication text| md5 key key id] The PIX can be configured differently (hardware-wise) depending on your needs. We currently run 2-515UR's each with 6 interfaces (inside, outside, and 4 DMZs). Each interface on the PIX is a seperate Fast Ethernet segment, and routing between them is done by the PIX. To display the route table on a PIX: pixfirewall(config)# show route outside 0.0.0.0 0.0.0.0 63.X.X.X 1 OTHER static WEB 10.X.X.0 255.255.255.0 10.X.X.X 1 CONNECT static dmz3 10.X.X.0 255.255.255.0 10.X.X.X 1 CONNECT static SQL 172.16.X.0 255.255.255.0 172.16.X.X 1 CONNECT static inside 192.168.100.0 255.255.255.0 192.168.X.X 1 CONNECT static dmz2 10.X.X.X 255.255.255.0 10.X.X.X 1 CONNECT static outside 198.133.219.25 255.255.255.0 63.X.X.X OTHER static The route table can be modified to point anywhere, really. Just as you could a router. Hope this helps, Evan -Original Message- From: haroldnjoe [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 11:06 AM To: [EMAIL PROTECTED] Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
Don't you want to arrange it so that, if you do have to take the lab a second time, it will still be within the 12 month limit(written to lab)? I'm not saying you won't pass it the first time. Arthur Stewart "John Hardman" wrote in message 96jh6m$avo$[EMAIL PROTECTED]... Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ghost Server and clients using multicast
Does anyone have experience working with a Ghost Server that multicast? I have a 6509 and 4006's in the closets with multiple VLANs and having troubles with the client using a boot floppy. It works fine if you iniate from the server though. Thanks in advance, Jeff _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN Exam last thoughts ....
To All, I will take the BCRAN Exam on Sunday. Does anyone have any last minute pointers? Is there anything I should study more than others? Are there alot of show and debug commands on the exam? Any comments are appreciated. PEACE Raheem _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
I think this comes from the fact that cisco instructors in class say that the Pix is not a router. I have heard this as well when I had the class. I know the Pix is not a router, but does it route? Well, if making decisions about where to send traffic based on layer 3 info is routing then I would argue it does route. It does not forward traffic based on layer 2 info so .. It routes traffic to the appropriate interface. Can someone else shed some light as to why this is said. If it doesn't route the traffic it recieves what does it do? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
Maybe it is because it does not base forwarding decisions on layer 3 info alone but also takes into account layer 4 and 7 info as well? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
You have 3 years to complete the CCIE lab. You must make your first attempt within 12 months of the written. If you fail the first time you still have the balance of the three years to complete it. -Original Message- From: Arthur Stewart [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 1:02 PM Subject: Re: Lad scheduling question Don't you want to arrange it so that, if you do have to take the lab a second time, it will still be within the 12 month limit(written to lab)? I'm not saying you won't pass it the first time. Arthur Stewart "John Hardman" wrote in message 96jh6m$avo$[EMAIL PROTECTED]... Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewalls and VPNs
Does the Pix keep a routing table or utilize routing protocols/algorithms? It filters traffic specific to the rules applied, it is not a router. Mark Krysinski -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of mtieast Sent: Friday, February 16, 2001 12:40 PM To: haroldnjoe; [EMAIL PROTECTED] Subject: Re: Firewalls and VPNs I think this comes from the fact that cisco instructors in class say that the Pix is not a router. I have heard this as well when I had the class. I know the Pix is not a router, but does it route? Well, if making decisions about where to send traffic based on layer 3 info is routing then I would argue it does route. It does not forward traffic based on layer 2 info so .. It routes traffic to the appropriate interface. Can someone else shed some light as to why this is said. If it doesn't route the traffic it recieves what does it do? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Another strange routing behaviour
--- "Deloso, Elmer G (WPNSTA Yorktown)" [EMAIL PROTECTED] wrote: Hi, all. I might have posted something similar to this not too long ago but I might not have beed specific enough. Here's the story: HostA ---Router1---Router9HostB If i traceroute from within Router1 to HostB, it goes through. Which leads me to believe Router 9 is not filtering high UDP packets, ICMP Time Exceeded, or ICMP Destination Port Unreachable. But if i do the same from HostA, it stops at Router9. Router 9 may be filtering ICMP echo reply packets. (Echo request packets go through because Host B's traceroute stops at Router 1 not at 9.) A Windows host uses ICMP Echo (instead of high port UDP) packets when using "tracert". Everyone else traceroutes normally. The same thing happens when tracerouting from HostB's end, it stops at Router1. I wonder if it's the access-lists? So i checked with another network that also has a route to Router9, ans the same story happens. From the Router-Y the trace gets to HostB. But from Host-Y it stops at Router9. Has anyone else seen this and figured out the cause? Check if "ping" from the routers to each of the hosts works. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed BCRAN today... 3/4 CCNP Books you like for CIT??
I just want to share my good news, 808 on BCRAN. I will take CIT next to complete the CCNP! I have Cisco Internetwork Troubleshooting by Chappel and Farkas. Is there another book that would work for CIT and help with the CCIE written as well? My plan is to begin immediately after CCNP to start the track to the CCIE. From what I have read on the board I would think the Caslow book might be helpfull with CIT. TIA, Tom -- Tom Keough CCNA MCSE ATT Global Network Managed Router Solutions Tier two support Tampa, Fl _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and NAT with VPN
Firewalls route packets unless you have some sort of firewalling bridge or proxy server. I'm not even going to get into "eGaps". Wish I could help you with PIX. --- Allen May [EMAIL PROTECTED] wrote: OK maybe this is a terminology misunderstanding on my part, but I have about 15 route statements in my PIX and use a pix-pix vpn using IPSec. route interface-name ip_address netmask gateway metric One of the VPNs set up here had something a little weird where we had to set up statics for VPN to work but that's something I'll be working on solving at a later time. Just for grins try setting up a static statement for one of the workstations trying to get through and see if it stops using NAT. You'll find the IPSec user guide on the cisco website very useful for more info on this. Allen - Original Message - From: "Groupstudy" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 16, 2001 2:38 AM Subject: Re: PIX and NAT with VPN The PIX does not route. Period. - Original Message - From: Kenneth [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Thursday, February 15, 2001 6:35 PM Subject: Re: PIX and NAT with VPN I'm totally foreign to PIX but I'm just wondering, maybe it's possible to use policy-based routing on PIX? "Rick Holden" [EMAIL PROTECTED] wrote in message 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]... I have a PIX firewall that is being used for a VPN as well. The problem is all the inside addresses are being translated to public addresses even when the traffic is destine for the VPN tunnel. I tried the following commands but this seems to block all translations. (real IPs have been replaced for security) access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.1 net 255.255.255.255 I also tried using DENY in the access list access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 This didn't work either. How can I can the traffic destined for the Internet to be translated and the traffic destined for the VPN not be translated? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: private emails. (was thought youd enjoy this)
ElephantChild wrote: Keep in mind that not everyone uses the newsgroup side of groupstudy. If you were subscribed to the list side, would it surprise or bother you as much to get copies of follow-ups both through the list and directly to your email? It wasnt sent to the list on either side, and it wasnt a reply to one of my posts. It was privately, directly, mailed to me. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP to EIGRP conversion #2
Timothy - I think that you've asked this a few times but never with this type of information. Let's get things a bit more organized with all due respect. I really would like to help you as migrations to EIGRP can be tricky. First, what are the models and memory installations of the routers? Second, what are the remote links and their utilizations? Third, are the remotes all stubs - just an Ethernet on the other side? Is the frame-relay configuration point to point or multipoint? I ask because EIGRP usually does not do well in hub-and-spoke designs. This is due to the number of neighbor relationships that are established. With five neighbors and solid routers you might be fine, but growth would be a concern. Since you are running F/R you might want to consider ODR, which would take no additional bandwidth. You might also want to look at RIP v2. EIGRP is really good for larger, more complex networks. Its usually overkill for smaller hub/spokes, which usually are in processor/memory challenged networks. I look forward to hearing from you. --- "Roberts, Timothy" [EMAIL PROTECTED] wrote: I have a hub site with 5 remote sites connecting to it via frame relay. They are all running IGRP with the same AS. What would be the best way to migrate from IGRP to EIGRP? Starting by enabling EIGRP on the core router and run both IGRP and EIGRP. Then convert the spokes one by one. Then remove IGRP from the core. Can I just enable EIGRP on the remotes, allow some time to propagate routes in to the table, and then disable IGRP? The people up stairs will not allow for any significant down time. Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which Job Should I Take?
An interesting choice. Two thoughts come to mind: 1) Choose one. Now, how do you feel about that choice? Most people feel buyers remorse - you are looking for the reasons that you feel the pit in the stomach. 2) You are usually best off from a career perspective working with others. I say this as the overnight shift typically has fewer resources around and fewer opportunities for promotion, etc. The pre-IPO issue is of concern - you need to go further though. What is their funding, business model, revenue and cash flow, and opportunity for advancement. IF they are paying the same salary but the options are bonus then you are simply comparing one lay-off opportunity for another. Are you better off with some great risk for more opportunity that could get you the next position faster? --- RG [EMAIL PROTECTED] wrote: This is all going to come down to your personal preference. I would gather from your comments that you are leaning towards the first one. It sounds like the route I would go even though I would hate the shift it's still better than putting on a tie, but you stated you liked that shift so that would not be a problem for you. - Original Message - From: "Traceroute" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 15, 2001 12:52 PM Subject: Which Job Should I Take? I was wondering if you all could share your opinions with me. I have a = choice of two jobs to take listed below. Both are an increase in pay of = about 9k. 1. My current Job: They are going to title me "network engineer" working = 4 10 hour days 1 pm to midnight ( I love the hours) , but we work with = cabletron, checkpoint and cisco. We have a campus and WAN support = responsibility. Sometimes it's a bit slow when nothing is happening and = I may get some "Win NT" duties, yuck I would have sunday, monday and = tuesdays off and could possibly get some good side gigs. Last but not = least, it's business casual. 2. New Job Offer: I will be titled a "network administrator" working 8 = to 5 monday through friday ( I hate waking up early ), but getting = exposure to ATM, Voice over IP and voice over ATM. Lots of MC 3810s = about 50 or so with conections all over the US. One thing is for sure is = there are NT admins to handle the "Win NT" issues, I really want to = graduate from the NT support world for good. This company is also = pre-ipo and although they are a huge company, this is a new "division" = and pre-ipo makes me nervous because I have a family to support. One = cool thing is that they are a cisco gold partner. One bad thing is that = they are business dress, yes the whole tie thing. The pre-ipo thing = makes me nervous because they say "yea when we go public, lots of the = big wigs will be rich"... Does this mean new management takeovers = etc...?? Anyway, thanks for any input... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
Hi So what you are saying is that when I schedule the lab I am not just given the next available, but have the option to schedule any free date? Sorry I just want to be prefectly clear as to the options. John Hardman CCNP MCSE+I "Nathan" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You can schedule the date up to one year after the written exam. www.cisco.com John Hardman wrote: Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Converting from IGRP to EIGRP
Cisco provides a feature called automatic redistribution (or something like that). If you make the process ID/AS number for EIGRP the same as IGRP on the router it will automatically redistribute in both directions. This is a bad idea for all but the simplest networks. In the best redistributions a designer wants to prevent a route from coming back and looping (AD and metric should normally prevent this, but it helps to know your network). Also, summarization and manual control of the routes is prefered for EIGRP under most circumstances. Lastly, why lose control over somehting that is so simple - automatation indicates that the administrator does not understand the requirements, which would usually complicate troubleshooting. --- Santosh Koshy [EMAIL PROTECTED] wrote: First, please do not put everything in the same AS. This is a very bad thing, and I really wish Cisco would kill the feature. (I think it was placed in there for marketing) I dont get this robert Please explain the above... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
crourae@infocenter.com.py
Hola! Yo tengo certificaciones CCDA, CCNA y CCNP. Si precisas algo mas, por favor avisame. Francisco. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
PIX - sounds like a router to me - packet forwarding based on layer 3 addressing. It has extra security features and all of a sudden it's a firewall...marketing fluff? or accurate description??? who will uncover this mystery ; --- mtieast [EMAIL PROTECTED] wrote: I think this comes from the fact that cisco instructors in class say that the Pix is not a router. I have heard this as well when I had the class. I know the Pix is not a router, but does it route? Well, if making decisions about where to send traffic based on layer 3 info is routing then I would argue it does route. It does not forward traffic based on layer 2 info so .. It routes traffic to the appropriate interface. Can someone else shed some light as to why this is said. If it doesn't route the traffic it recieves what does it do? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = from The Big Lebowski... The Dude: You sure he won't mind? Bunny: Dieter doesn't care about anything. He's a nihilist. The Dude: Ohhh, that must be exhausting... __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Senior Network Engineer Needed = Los Angeles
I thought I'd contact you about a position that we are currently recruiting for. Please read the description and if you know anyone that might be a fit, forward the email to them. We are in a position to pay a nice referral fee on this, so be sure that if your associate contacts us, we are notified of the source of the referral. Thank you for your assistance. Dianne Martenka Data Concepts (818)773-1700 Our client, a global manufacturing company w/ name recognition is in need of a Network Engineer. This is a permanent position and not a contract situation. You will engineer network access sites, relocate existing solutions for new facilities, develop network site standards, and participate in the architecture and execution of the company's global networking strategy. You will also lead various corporate teams on networking issues involving network expansion, and LAN/WAN strategies. Requires extensive background in implementation, problem solution, design, and network management in large-scale, multiple-protocol (IP, IPX, Frame-Relay) enterprise communications environment. Experience must also include implementation and deployment of CISCO routers. Our client is located in Southern California, close to LAX, and offers a superb salary and benefits package that includes on-site child care center, fitness center, casual dress policy, year round half day Fridays and they will assist in relocation. Once again, this is a network position and not a server situation. We seek a CISCO HEAVYWEIGHT!! For immediate consideration, contact Dianne Martenka, Data Concepts, (818)773-1700 or forward your resume. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: crourae@infocenter.com.py
Hola! Now what? Jim "Francisco Muniz" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hola! Yo tengo certificaciones CCDA, CCNA y CCNP. Si precisas algo mas, por favor avisame. Francisco. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: crourae@infocenter.com.py
No hablo espanol. On Fri, 16 Feb 2001, Francisco Muniz wrote: Hola! Yo tengo certificaciones CCDA, CCNA y CCNP. Si precisas algo mas, por favor avisame. Francisco. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ghost Server and clients using multicast
Are the client and the server on the same VLAN when you use the boot floppy? I would think they would have to be. Jeff wrote: Does anyone have experience working with a Ghost Server that multicast? I have a 6509 and 4006's in the closets with multiple VLANs and having troubles with the client using a boot floppy. It works fine if you iniate from the server though. Thanks in advance, Jeff _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Newbie question concerning NAT
Dear List, Been reading the list and learning lots of cool things over the past few months. This is the first time I have posted, and I have some questions regarding NAT. We have a T1 coming into the office on Cisco 1604 with an internal serial WIC. All of my internal to external NAT translastions are working fine. Where I am running into trouble is doing an external to internal translation for my email server. I am trying to understand what exactly the nat commands are doing - I haven't been able to find real good documentation on the commands. What I have found on Cisco's site seems pretty basic to me. My mail server's internal IP is 172.16.2.4, the external is 216.143.254.250. When I put in this command: ip nat inside source static 172.16.2.4 216.143.254.250, everything works well, but it appears that that command opens all ports. When I remove that command and put in: ip nat inside source static tcp 172.16.2.4. 25 216.143.254.250 25 ip nat inside source static tcp 172.16.2.4 110 216.143.254.250 110, mail transfers fine, but then I can no long ping the server externally - which I would like to be able to do to check for problems at home. The other problem is, when I have all ports open with the first nat command, my users can resolve our DNS name to the internal address of 172.16.2.4. When I use the second commands I listed (effectively closing other ports), the internal clients resolve the name to the external IP address and is noticeably slower transferring mail. It's as though it is sending mail over the T1 to the port on the other side and back to the server. So my questions is this: what series of nat commands (or ACL's) do I effectively close all the unused ports on my internal mail server from the outside, but still be able to ping remotely and have the internal users resolve the name to the internal address? Thanks in advance to all who offer help! Stephen Hoover Dallas, Texas _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Performance of CEF over Fast Switching
John, Bob, Raj, Phillip and the Group, I hadn't thought of CEF much as I "thought" it wasn't available on the smaller routers. i.e. - only on the routers with line cards etc. However, I just enabled CEF on a 2611 and it created its table on the fly in no time flat. The 2611 won't do dCEF however. Also, the smaller routers can't do cef accounting. Anyway, now I have to mock something up in the lab to see if we can determine how much of any improvement CEF will give us. Since we're not using CEF anywhere in our network I can't just turn it on without a bit more research. If it only lessens the CPU load by a few percent then bigger hardware is in our future, but if we see gains of 20% or more then CEF would indeed be a cheap solution. I noticed that CEF has issues with policy routing and other features - but so far we're not using any of them. So, another question - does anyone have any idea/experience on how much CEF will gain for us? Given the average 50% load on the router - practically all switching load??? tia Kevin Wigle - Original Message - From: "John Neiberger" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, February 12, 2001 4:11 PM Subject: Re: Can someone interpret this please? I just checked CCO and there are so many CPU-related bugs in 12.0(5) that I stopped counting after a while. You might want to upgrade, if feasible. Also, try doing a show align to see if you're getting spurious memory access errors. One of the bugs mentioned a high CPU usage due to these. HTH, John Bob, Phil - and the group. Thanks for the input, gives me more to think about. Some more history.. This router is a 3620 with OC3 and FastEthernet interfaces. It has 48 meg and is running 12.0(5)XK1. According to Cisco's docs, the 3620 should be able to handle around 20-40 kpps. However, the router shows only around 2.6 kpps almost evenly split in/out. I have been unable to verify exactly on CCO but I suspect that a 3620 cannot handle (very well) two high-speed interfaces - more specifically if one is OC3. I have found info where Cisco, when talking about the OC3 interface for the 3600 series stated: "Max two high-speed network modules in a Cisco 3640 (includes Fast Ethernet, ATM, HSSI)" Now the 3640 has a 100mhz processor and the 3620 has a 80 mhz processor. I'm wondering if the SAR process is overwhelming the 3620? I'm sure I read someplace that only one high-speed interface was recommended for the 3620 but I haven't found that info again. Considering the low level of traffic, what else could be keeping the cpu utilization up so high? Need more info. let me know! Kevin Wigle - Original Message - From: "Phillip Heller" [EMAIL PROTECTED] To: "Kevin Wigle" [EMAIL PROTECTED] Cc: "cisco" [EMAIL PROTECTED] Sent: Monday, February 12, 2001 2:12 PM Subject: Re: Can someone interpret this please? On Mon, 12 Feb 2001, Kevin Wigle wrote: Dear group, Investigating a router that is starting to loaded down. When I do a sh proc cpu I get 50% or cpu utilization but the stats don't seem to add up to 50%. Is there another way to try and see where the 50% is coming from? sh proc cpu CPU utilization for five seconds: 44%/44%; one minute: 50%; five minutes: 52% The five second utilization numbers in the above line (44%/44%) represent two things. The first number is total processor utilization and the second is processor utilization due to interrupts. The difference in these two numbers would be the sum of 5sec utilization by all other processes. If utilization due to interrupts increases over time, it represents traffic growth. If it jumps alot in a short amount of time, it may be a DoS attack. You can verify the latter by turning on "ip route-cache flow" on suspected interfaces and then looking at the output of "sh ip cache flow". If the processor gets too high with legitimate traffic, you can use cef or dcef (ip route-cache cef, ip cef distributed). Failing that, you'll probably more beefy hardware. Regards, --phil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Systemic problems at Verizon
There exist little red caps that fit onto 66 blocks and binding posts. They're hard to find, though. If someone here knows of the supplier, I'll buy a few hundred. In the 60's there was a special red ty-wrap that went around/over posts/punches for ""national security"" lines. You had to cut same off to test, and {in theory} requisition a replacement. I've only see same in BSP's so I've no idea if they ever got much use. I think the BSP called them Special Service Protection, and there was a more stringent version called Special Safeguarding Measures. The latter, IIRC, didn't quite qualify as a military grade Protected Wireline Distribution System, which went to the extents of pressurized conduit with intrusion detectors. We used to protect leased metallic pairs in a simpler manner; we parked +130 Tip/-130 Ring on same. When Mr. Green put his butt set on same; if his fingers didn't alert him, the BANG in his ear did. Someone did that once with _stranded_ wire, so the strand was fine enough to puncture the skin. I found myself in a corner with very little recollection of how I got there, and am really not sure that if there had not been a wall there, I would have kept going. Oh well...I didn't freeze to the conductor. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Calculating RIF
Could someone help me with this problem listed below on the correct RIF for the network? Host A -- ring 5 ---router A -- router B ---rtr C---ring 6---Host B What would the Rif look like if router A virtual ring 13 and router B virtual ring is 19. The routers are running SRB. Packet was sent from Host A to Host B. Also if they where running RSRB or DLSw+ One more if ring 6 was not token ring but ethernet, what would the rif be if routers where running SR/TLB? Thanks for your help!! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Performance of CEF over Fast Switching
I honestly don't have much experience with it on lower end platforms. The two or three cases I can think of, it has only made a ~ 10% difference. In situations with higher-end hardware (7513, etc), it can drop utilization by 30% or more. If cef is run distributed, the utilization is cut even more. You should be aware that there are numerous bugs with respect to cef. cef adjacencies will become inconsistent, etc. I'd suggest reading the book "Inside IOS software architecture". It has a pretty good section on cef. Regards, --phil | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of | Kevin Wigle | Sent: Friday, February 16, 2001 3:33 PM | To: John Neiberger | Cc: cisco | Subject: Performance of CEF over Fast Switching | | | John, Bob, Raj, Phillip and the Group, | | I hadn't thought of CEF much as I "thought" it wasn't available on the | smaller routers. i.e. - only on the routers with line cards etc. | | However, I just enabled CEF on a 2611 and it created its table | on the fly in | no time flat. The 2611 won't do dCEF however. Also, the smaller routers | can't do cef accounting. | | Anyway, now I have to mock something up in the lab to see if we can | determine how much of any improvement CEF will give us. Since we're not | using CEF anywhere in our network I can't just turn it on | without a bit more | research. | | If it only lessens the CPU load by a few percent then bigger | hardware is in | our future, but if we see gains of 20% or more then CEF would indeed be a | cheap solution. | | I noticed that CEF has issues with policy routing and other | features - but | so far we're not using any of them. | | So, another question - does anyone have any idea/experience on | how much CEF | will gain for us? Given the average 50% load on the router - practically | all switching load??? | | tia | | Kevin Wigle | | | - Original Message - | From: "John Neiberger" [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Cc: [EMAIL PROTECTED] | Sent: Monday, February 12, 2001 4:11 PM | Subject: Re: Can someone interpret this please? | | | I just checked CCO and there are so many CPU-related bugs in | 12.0(5) that | I stopped counting after a while. You might want to upgrade, if | feasible. | | Also, try doing a show align to see if you're getting spurious memory | access errors. One of the bugs mentioned a high CPU usage due to these. | | HTH, | John | | |Bob, Phil - and the group. | |Thanks for the input, gives me more to think about. | |Some more history.. | |This router is a 3620 with OC3 and FastEthernet interfaces. | It has 48 | meg |and is running 12.0(5)XK1. | |According to Cisco's docs, the 3620 should be able to handle around | 20-40 |kpps. | |However, the router shows only around 2.6 kpps almost evenly split | in/out. | |I have been unable to verify exactly on CCO but I suspect that a 3620 | cannot |handle (very well) two high-speed interfaces - more | specifically if one | is |OC3. | |I have found info where Cisco, when talking about the OC3 | interface for | the |3600 series stated: | |"Max two high-speed network modules in a Cisco 3640 (includes Fast | Ethernet, |ATM, HSSI)" | |Now the 3640 has a 100mhz processor and the 3620 has a 80 | mhz processor. | |I'm wondering if the SAR process is overwhelming the 3620? | I'm sure I | read |someplace that only one high-speed interface was recommended for the | 3620 |but I haven't found that info again. | |Considering the low level of traffic, what else could be | keeping the cpu |utilization up so high? Need more info. let me know! | |Kevin Wigle | | |- Original Message - |From: "Phillip Heller" [EMAIL PROTECTED] |To: "Kevin Wigle" [EMAIL PROTECTED] |Cc: "cisco" [EMAIL PROTECTED] |Sent: Monday, February 12, 2001 2:12 PM |Subject: Re: Can someone interpret this please? | | | On Mon, 12 Feb 2001, Kevin Wigle wrote: | | Dear group, | | Investigating a router that is starting to loaded | down. When I do | a |sh proc | cpu I get 50% or cpu utilization but the stats don't | seem to add | up to |50%. | | Is there another way to try and see where the 50% is | coming from? | | sh proc cpu | CPU utilization for five seconds: 44%/44%; one minute: | 50%; five |minutes: | 52% | | The five second utilization numbers in the above line (44%/44%) | represent | two things. The first number is total processor | utilization and the | second is processor utilization due to interrupts. The | difference in | these two numbers would be the sum of 5sec utilization by all other | processes. | | If utilization due to interrupts increases over time, it
Off Topic: Citrix and PIX via Secureclient?
Assuming that anyone has done so (I seem to recall it being mentioned as possible a while back), how easy is this to setup? Just open the approriate ports on the PIX and slight config on the citrix box? I'm also curious about the performance of the secure citrix clients over the net (like on a 56k connection). TIA for any comments. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX firewall
Cisco told me that they have third party partners who have access servers similar to TACACS+, but which use the NT user database. I have yet to squeeze the name of any of these partners out of them, but they are rumored to exist anyway. I hope it's true. It would be nice to only have to deal with one user database. [EMAIL PROTECTED] ""Jason"" [EMAIL PROTECTED] wrote in message 96ikbs$uka$[EMAIL PROTECTED]">news:96ikbs$uka$[EMAIL PROTECTED]... The PIX can use internally stored pre-shared keys, or can use external authentication such as TACACS+. http://www.cisco.com/warp/public/700/configsec.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Deepak Sharma" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... quick question, and probably dumb question!!. when I set up a pix firewall user--56k dialup--pix--nt server to authenticate the user, does pix use NT auth. or another type of auth.username/password has to be setup within pix... thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: memory needed for cisco 2620 router
I want to upgrade RAM on 2620 too.. I have 7505 with RSP spare, can I use it RAM from RSM or VIP card for 2620. Thanks Inamul -Original Message- From: Christopher Kolp [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 6:54 AM To: 'Ole Drews Jensen'; 'John Chambers'; [EMAIL PROTECTED] Subject: RE: memory needed for cisco 2620 router www.ram-it.com - rocky mountain ram www.crucial.com - micron memory -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Friday, February 16, 2001 9:30 AM To: 'John Chambers'; [EMAIL PROTECTED] Subject: RE: memory needed for cisco 2620 router Try http://www.memoryx.com Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: John Chambers [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: memory needed for cisco 2620 router I need to upgrade my cisco 2620 router (currently it has 24MB RAM) to at least 32MB RAM so that I can test IPSec features. I notice that the RAM for cisco 2620 looks different than older PCs memory. If anyone who know of a particular PC memory that can be used for the router or you have memory for cisco 2620 (preferably 16MB piece), I would like to buy it from you. Places like CDW charges an arm and leg for the memory which something that I can not afford at this moment. Thanks. John C. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Newbie question concerning NAT
Stephen, The second group of commands are much more secure, however as you know you have restricted port access to a point that keeps out ping (Can be a good thing!) and DNS resolution. I would suggest opening TCP AND UDP ports 53 for DNS resolution in addition to 25 and 110. That should fix your problem of internal name resolution. As for Ping, It really is better if you don't allow ping to come in from the outside. In your network configuration (I am assuming that it is small), you are using your router as your security perimeter. If you start allowing Ping though, people can find ways to map out your network a bit better, by restricting ping, you eliminate that potential security risk. If you want to be able to ping your mail server from the outside, why not just telnet to port 25 or port 110 instead. That would give you the added knowledge about your mail server operating. If you must allow ICMP, I would suggest allowing it through CBAC (Firewall feature set) instead of access lists. Once you start using access lists on a router that is in your type of configuration, you have to specifically allow the protocols that you want in both directions, that can be a daunting task. Additionally, that adds a good bit of overhead to your router (A 1600 is not really beefy). For the record though, Check out: http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/tech/firew_wp.htm Specifically Appendix B. Tom McNamara MCSE, CCNA Account Manager, U.S. Datacom [EMAIL PROTECTED] Direct line: (407)398-6521 Toll-Free: (800)216-5517 Dear List, Been reading the list and learning lots of cool things over the past few months. This is the first time I have posted, and I have some questions regarding NAT. We have a T1 coming into the office on Cisco 1604 with an internal serial WIC. All of my internal to external NAT translastions are working fine. Where I am running into trouble is doing an external to internal translation for my email server. I am trying to understand what exactly the nat commands are doing - I haven't been able to find real good documentation on the commands. What I have found on Cisco's site seems pretty basic to me. My mail server's internal IP is 172.16.2.4, the external is 216.143.254.250. When I put in this command: ip nat inside source static 172.16.2.4 216.143.254.250, everything works well, but it appears that that command opens all ports. When I remove that command and put in: ip nat inside source static tcp 172.16.2.4. 25 216.143.254.250 25 ip nat inside source static tcp 172.16.2.4 110 216.143.254.250 110, mail transfers fine, but then I can no long ping the server externally - which I would like to be able to do to check for problems at home. The other problem is, when I have all ports open with the first nat command, my users can resolve our DNS name to the internal address of 172.16.2.4. When I use the second commands I listed (effectively closing other ports), the internal clients resolve the name to the external IP address and is noticeably slower transferring mail. It's as though it is sending mail over the T1 to the port on the other side and back to the server. So my questions is this: what series of nat commands (or ACL's) do I effectively close all the unused ports on my internal mail server from the outside, but still be able to ping remotely and have the internal users resolve the name to the internal address? Thanks in advance to all who offer help! Stephen Hoover Dallas, Texas _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Scenario we need help with...
We currently have two sites, both with their own PIX firewalls and their own connections to the Internet via separate ISPs. We also have a T1 point to point directly connecting both sites. Router A has a default route to PIX A. Router B has a default route to Router A. At site A we have a production web site on a server. We created a mirror of the web site on a new server located at site B. Currently, external DNS resolves our domain name to an IP address on the PIX located at site A. We configured the static mapping on Site A PIX to point to the new web server at site B. This has allowed us to host our web site at site B, but we are still not utilizing our Internet connection at site B for incoming traffic. What we would like to do is make DNS changes to direct incoming web traffic to PIX B. During the time DNS changes propagate I believe we may receive traffic via both PIX firewalls. Once this transition is complete site A will go away along with the T1 connection. Any ideas on how we can make this transition happen successfully without any interruption to our production web site. Any thought would be appreciated. ISP A - Site A PIX - Router A /\ InternetT1 Point to Point \/ ISP B - Site B PIX - Router B Thanks in advance Sam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Scenario we need help with...
Sam, Ultimately you will have to endure some downtime during this move (approximately 1 hour) This is the solution I came up with: (and have previously used) Reduce the TTL on your DNS records to 1 hour. (30 minutes if you're feeling risky) Remember that your primary server will remain off line for at least two days. Remove your primary DNS server and relocate it to your new facility. Note your secondary will continue to resolve host names to the original IP addresses. Notify the naming authority (ie. network solutions) and inform them of the IP change to your primary name server. While your primary DNS server is off line, modify the records on the name server to reflect the new IP addresses and increase the TTL on your DNS records back to their original setting. Once the IP address change on your primary name server is complete then you're ready to go. Schedule a time when it will have the least impact on your website and have a buddy at the old location stop DNS services, and at the same time start DNS services at your new location. The only time a user might notice the change is if he had a DNS record on his recursive server that renewed just before you went to the switch over. If you do this at the right time of night hopefully no-one will notice. I am aware of another solution involving the arrow-point switches, that could have a shorter roll-over time, but I have never tried it. Hope this helps, Matthew -Original Message- From: Sam [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 2:38 PM To: [EMAIL PROTECTED] Subject: Scenario we need help with... We currently have two sites, both with their own PIX firewalls and their own connections to the Internet via separate ISPs. We also have a T1 point to point directly connecting both sites. Router A has a default route to PIX A. Router B has a default route to Router A. At site A we have a production web site on a server. We created a mirror of the web site on a new server located at site B. Currently, external DNS resolves our domain name to an IP address on the PIX located at site A. We configured the static mapping on Site A PIX to point to the new web server at site B. This has allowed us to host our web site at site B, but we are still not utilizing our Internet connection at site B for incoming traffic. What we would like to do is make DNS changes to direct incoming web traffic to PIX B. During the time DNS changes propagate I believe we may receive traffic via both PIX firewalls. Once this transition is complete site A will go away along with the T1 connection. Any ideas on how we can make this transition happen successfully without any interruption to our production web site. Any thought would be appreciated. ISP A - Site A PIX - Router A /\ InternetT1 Point to Point \/ ISP B - Site B PIX - Router B Thanks in advance Sam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: alternative to Cisco routers
For that matter so would NT or NetWare. If a cheap, basic routing solutions is what someone is after any of the platforms mentioned could work, however I can not imagine anyone recommending that in a Fortune 1000-50 environment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Thursday, February 15, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: Re: alternative to Cisco routers Depends what you mean by "route." Linux, or other flavors of UNIX, work reasonably well in RsD route servers with huge routing tables, but limited numbers of peering interfaces and no forwarding requirements. In a small organization, these do not necessarily impose practical limits. The major limit there is the time and skill needed for support. Let's put it this way -- I am quite capable of designing routers. I use commercial routers in my home office simply because I have finite time, and I'd rather use my time for generating revenue than doing administration. I do administer my UNIX boxes, because I use them for development and it's productive for me to customize them. My environment includes Mac, Wintel, and Sun, because either someone supplies a particular platform and requires me to use it for their work, or that I made a certain decision in the past (with personal dollars) and found no compelling reason to discard a particular architecture. Conventional UNIX flavors are interrupt-driven. In general, real-time operating systems are run-to-completion, because at a certain real-time load (seen with forwarding, process control, etc.) the OS cost of servicing interrupts is too high. Yes, JunOS is a UNIX derivative, but with a radically rewritten kernel. Without any inside knowledge, I would suspect that an open implementation that resembles JunOS would be (at the lower levels) a pthreads interface to a Mach kernel. Again for large organizations, forwarding does lend itself to special hardware, or at least independent processors. There's no reason that the route processing for these couldn't live on UNIX/Linux. Why would you not trust a Linux box to route? What experience or documentation do you have that would lead you to believe that a properly configured Linux box could not or would not do the job. There are a lot of companies using Linux these days. One of largest distributed processing systems is based on large linux clusters, most of Mariott's reservation system is based on it. Lot's of ISP's use it as their core e-mail, and web systems, and I have seen some departmental use of Linux or Windows NT machines being used as routers. A cisco router is not that much different in architecture. At the highest level, It is a processor that runs a unix kernel based OS with some NIC or serial interfaces and an application designed specifically for routing. The real difference is in the software that runs on the router. There is no special ASIC's or processors on the router. IT is a computer (less intel pentium processor except in the PIX) w/o the added multimedia and I/O hardware, driven by a unix kernel running software , very similiar to any other computer. The real difference is in the application, or software it runs, not it's hardware architecure. My understanding is that some of the processors found in the router are the same that can be found in certain Apple or Macintosh PC's and other non-windows based cpu's. This is my humble opinion based on my limited knowledge of the router architecture. However I agree that it would not be appropriate to place a linux box at the core of your network there are certainly times or applications and solutions where it would be fine. It is not designed specifically for routing, but it will certainly do the job if simple routing is all that is needed. -Original Message- From: William E. Gragido [EMAIL PROTECTED] To: 'anthony kim' [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, February 14, 2001 10:47 PM Subject: RE: alternative to Cisco routers Are you serious? You would use a Linux box in place of a router Are you mad man? I mean, I am as much a fan of Linux as the next geek, however I would not entrust routing/switching duties to it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of anthony kim Sent: Tuesday, February 13, 2001 7:24 PM To: [EMAIL PROTECTED] Subject: Re: alternative to Cisco routers This is all well and good for the big time players, ISPs, big corps yadda yadda yadda, and companies with cash to burn like so much old toilet paper. The Small and Midsized Business market (SMB) almost always can accomplish what they want with free Unix or Linux for layer 3 and cheap stackable switches with or without 802.1q support. So my obligatory cisco alternative: www.zebra.org On Tue, Feb 13, 2001 at 04:00:36PM -0600, William E. Gragido wrote: There ServerIronXL Layer 4-7 switches are pretty cool boxes as well. Foundry is
RE:
Sathesh, On the FRS 2.0 exam I took there were either 3 or 4 questions that were directly about the Cisco 700 series. steve Original Message Follows From: "martijn michiel" [EMAIL PROTECTED] Reply-To: "martijn michiel" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Date: Thu, 15 Feb 2001 17:10:49 - Sathesh, in my bcran book there is a full chapter of 700. Check C's website though. martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens [EMAIL PROTECTED] Verzonden: woensdag 14 februari 2001 22:35 Aan: [EMAIL PROTECTED] Onderwerp: guyz: any comprehensive resource fo BCRAN ? any idea if there are questions on cisco 700 ? thanks,, - Get free personalized email at http://email.lycos.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC to IP address?
If you're on the local network or have access to a device that is, pull the ARP table. In Cisco this is a show ip arp (there are several options including using the mac address as a option). You can also do it on a system as well with an arp -a (be sure to do a ping sweep on the networks so all live addresses show up in the arp cache). [EMAIL PROTECTED] wrote in message ... How do I find out someone's IP address from there MAC address? Can I = find out who's MAC address is associated will and IP address?=20 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problems?
List traffic has decreased dramatically in the last week (only 4 messages this week). Is it just me? -ds _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Octets ???
As Jim explained an octet is a byte so 1 octet is 1 byte. So if you're getting 100 octets/sec, this is the same as 100bytes/sec or 800 bits/sec. "NetEng" wrote in message 96js5j$euj$[EMAIL PROTECTED]... I know octets from an IP address point, but I have a program that records traffic in octets. How do I read that? ""Rampley, Jim"" [EMAIL PROTECTED] wrote in message A42F2841748ED411BDF70010B5458DDD1FAEA3@HQEXCHN10">news:A42F2841748ED411BDF70010B5458DDD1FAEA3@HQEXCHN10... One octet = one byte. Since there is 8 bits in a byte you would multiple the octets by 8 to convert to bps. I personally convert any graphs or other data that is in octets to bps when dealing with LAN/WAN performance data. If your talking about server throughput most people talk in bytes. Jim -Original Message- From: NetEng [SMTP:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 9:45 AM To: [EMAIL PROTECTED] Subject: Octets ??? How do I convert octects to Kbps? How do you read/understand octects? = Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] *** * *** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. *** * *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: memory needed for cisco 2620 router
Doesn't look like it. The RSP1/2 both used Fast Page Mode RAM while the RSP4 uses EDO w/ECC. The 2600 series uses ECC non-parity. While the 2600 might work with FPM RAM, is it really worth under $100 to chance. "Desai, Inamul" wrote in message [EMAIL PROTECTED]... I want to upgrade RAM on 2620 too.. I have 7505 with RSP spare, can I use it RAM from RSM or VIP card for 2620. Thanks Inamul -Original Message- From: Christopher Kolp [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 6:54 AM To: 'Ole Drews Jensen'; 'John Chambers'; [EMAIL PROTECTED] Subject: RE: memory needed for cisco 2620 router www.ram-it.com - rocky mountain ram www.crucial.com - micron memory -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Friday, February 16, 2001 9:30 AM To: 'John Chambers'; [EMAIL PROTECTED] Subject: RE: memory needed for cisco 2620 router Try http://www.memoryx.com Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.CiscoKing.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: John Chambers [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: memory needed for cisco 2620 router I need to upgrade my cisco 2620 router (currently it has 24MB RAM) to at least 32MB RAM so that I can test IPSec features. I notice that the RAM for cisco 2620 looks different than older PCs memory. If anyone who know of a particular PC memory that can be used for the router or you have memory for cisco 2620 (preferably 16MB piece), I would like to buy it from you. Places like CDW charges an arm and leg for the memory which something that I can not afford at this moment. Thanks. John C. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Investment Question about 1900, 2500, and 5000 series equipment
== How long is the shelf-life of the 1900, 2500, and 5000 series equipment? If I purchase this equipment, how fast will the investment value decay once purchased... Will this equipment still be valid over the next year and a half to carry on from CCNP through CCIE? (noting more equipment will be required later for the CCIE tract) == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Summarisation question
You can summarise them using the following network and mask 10.40.3.0 with a mask of 255.255.255.224 or 10.40.3.0 / 27 Remember this will also include all networks inbetween 10.40.3.0 - 10.40.3.31 "Stuart Laubstein" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Assuming the following internal routes need to be summarised 10.40.3.11 255.255.255.240 10.40.3.15 255.255.255.240 10.40.3.18 255.255.255.240 10.40.3.26 255.255.255.240 Could they be summarised as 10.40.3.0 255.255.255.224 and the space summarised would be 10.40.3.1 - 10.40.3.53 Am I completely off base or close to the correct answer? I have studied so much I have confused myself. thanks stuart _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
I'd like to schedule a lad for tonight please. Sorry, couldn't resist! ;-) Priscilla At 11:38 AM 2/16/01, Nathan wrote: You can schedule the date up to one year after the written exam. www.cisco.com John Hardman wrote: Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: no domain controller available
HUH??? please explain... Why would it be spanning tree. technically if i wanted too... i could assign an ip address that is not on my VLAN and attach it to the switch... Of course I will NOT be able to comunicate but that will not affect spanning tree... ""Dost"" [EMAIL PROTECTED] wrote in message 96iprq$9j8$[EMAIL PROTECTED]">news:96iprq$9j8$[EMAIL PROTECTED]... Once in while we experience same problem with desktops but we do not have Cisco switches in place, we have extreme black diamond switches. I think this problem may have to do spanning tree. Thanks Inamul "Jim Bond" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have users at different buildings (on different subnets), when they move their laptop to another building, they have to do ip release/renew, otherwise, they won't get new ip address. Swithes are 5000/5500/6500. Port fast is already enabled. Anything needs to be done on PCs? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: no domain controller available
I think what he means is that portfast (or its Extreme equivalent) is not enabled. Enabling portfast essentially eliminates the full spanning tree calculation when link is detected on a switchport. If I'm not mistaken the port goes directly from blocking to forwarding when portfast is enabled. So, in its basic form, this is a spanning tree issue. Or am I way off? Scott ""Santosh Koshy"" [EMAIL PROTECTED] wrote in message 96kkmq$qu0$[EMAIL PROTECTED]">news:96kkmq$qu0$[EMAIL PROTECTED]... HUH??? please explain... Why would it be spanning tree. technically if i wanted too... i could assign an ip address that is not on my VLAN and attach it to the switch... Of course I will NOT be able to comunicate but that will not affect spanning tree... ""Dost"" [EMAIL PROTECTED] wrote in message 96iprq$9j8$[EMAIL PROTECTED]">news:96iprq$9j8$[EMAIL PROTECTED]... Once in while we experience same problem with desktops but we do not have Cisco switches in place, we have extreme black diamond switches. I think this problem may have to do spanning tree. Thanks Inamul "Jim Bond" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have users at different buildings (on different subnets), when they move their laptop to another building, they have to do ip release/renew, otherwise, they won't get new ip address. Swithes are 5000/5500/6500. Port fast is already enabled. Anything needs to be done on PCs? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lad scheduling question
I'm booked for the next week, but after that. Tom McNamara MCSE, CCNA Account Manager, U.S. Datacom [EMAIL PROTECTED] Direct line: (407)398-6521 Toll-Free: (800)216-5517 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Friday, February 16, 2001 7:26 PM To: [EMAIL PROTECTED] Subject: Re: Lad scheduling question I'd like to schedule a lad for tonight please. Sorry, couldn't resist! ;-) Priscilla At 11:38 AM 2/16/01, Nathan wrote: You can schedule the date up to one year after the written exam. www.cisco.com John Hardman wrote: Hi All With a little more study I will pass the written this month, and I am starting to wonder more about the process of scheduling the lab. I plan to use the SJ lab... So here is the question. Can I schedule the lab for a specific date? Yes I know there is a back log till August or later, but I more interested in a longer date, I am thinking 10 or 11 months after the written. I have quite a few big projects coming up at work, and it will be hard to keep my "study" mind set and energy, so the extended time will benefit me. TIA -- John Hardman CCNP MCSE+I _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The Juniper Networks Certified Internet Specialist (CIS)JN0-301
Hi Fellows, Is any one have done "The Juniper Networks Certified Internet Specialist (CIS)JN0-301" please guide me how can i do prepare the exam. I have 5 year network experience and done my CCNP and almost complete the CCIE Written preparation. because i failed in it just with the 2%. I will try again . but now i want to do the JUNIPER CIS. I have done the M40 Architecture and Configuration EDU-M40-CON JUNOS Routing Policy EDU-JUN-RP Troubleshooting with JUNOS Software EDU-JUN-TS MPLS Traffic Engineering EDU-JUN-MP Bassam Halabi, Internet Routing Architectures Jeff Doyle, Routing TCP/IP Volume 1 Radia Perlman, Interconnections Now what can i do for the Exam. Kindest Regards Muhammad Zahid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lad scheduling question
I'd like to schedule a lad for tonight please. Sorry, couldn't resist! ;-) Priscilla Aye, ye bonny lass. Does sort of bring a different perspective to the physical layer. And continuing to think about perspectives, will female error detection at the data link layer ever find a male frame to be correct? Will a male broadcast packet ever ask for directions? I shudder to consider the implications of socket to me at Transport. The classical OSI session service, of course, has numerous primitives for fallback, resynchronization, who may initiate communication, etc. Excellent guidelines for dating. It is a small mind that limits the Presentation Layer to ASCII versus EBCDIC, ASN.1 versus XDR, and even encryption, when world expenditures on makeup may approximate those on routers. The application, however, is the final judge. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problems?
DS, I am getting a lot by the hours. The problem could be on your side. ACS From: Drew Simonis [EMAIL PROTECTED] Reply-To: Drew Simonis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Problems? Date: Fri, 16 Feb 2001 18:16:56 -0500 List traffic has decreased dramatically in the last week (only 4 messages this week). Is it just me? -ds _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The Juniper Networks Certified Internet Specialist (CIS)JN0-301
take it ;-) "Muhammad Zahid" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Fellows, Is any one have done "The Juniper Networks Certified Internet Specialist (CIS)JN0-301" please guide me how can i do prepare the exam. I have 5 year network experience and done my CCNP and almost complete the CCIE Written preparation. because i failed in it just with the 2%. I will try again . but now i want to do the JUNIPER CIS. I have done the M40 Architecture and Configuration EDU-M40-CON JUNOS Routing Policy EDU-JUN-RP Troubleshooting with JUNOS Software EDU-JUN-TS MPLS Traffic Engineering EDU-JUN-MP Bassam Halabi, Internet Routing Architectures Jeff Doyle, Routing TCP/IP Volume 1 Radia Perlman, Interconnections Now what can i do for the Exam. Kindest Regards Muhammad Zahid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
A device can best be described by its chief function. You can use a PIX as a router, just allow everything through. In fact you can use a router as a firewall, be selective with access lists. Terminology is flexible as long as you're pragmatic about function. On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote: PIX - sounds like a router to me - packet forwarding based on layer 3 addressing. It has extra security features and all of a sudden it's a firewall...marketing fluff? or accurate description??? who will uncover this mystery ; --- mtieast [EMAIL PROTECTED] wrote: I think this comes from the fact that cisco instructors in class say that the Pix is not a router. I have heard this as well when I had the class. I know the Pix is not a router, but does it route? Well, if making decisions about where to send traffic based on layer 3 info is routing then I would argue it does route. It does not forward traffic based on layer 2 info so .. It routes traffic to the appropriate interface. Can someone else shed some light as to why this is said. If it doesn't route the traffic it recieves what does it do? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = from The Big Lebowski... The Dude: You sure he won't mind? Bunny: Dieter doesn't care about anything. He's a nihilist. The Dude: Ohhh, that must be exhausting... __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ip default gateway
ip default-gateway works if ip routing is disabled and the router is basically a host on the network like your PCs, etc. You would turn IP routing off (no ip routing) to bridge all traffic for example. Using ip default-network would let you propagate a route via IGRP/EIGRP or RIP to a neighbor router also doing IGRP/EIGRP or RIP and all the rules were met (IGRP/EIGRP especially - RIP just announces a 0.0.0.0 no matter what ip default-network is pointing to on the router). ip default-network must use a classful network address. ip route 0.0.0.0/0 next-hop will forward traffic to unknown networks. If you have 'no ip classless' and your next-hop is a directly connected network the 0.0.0.0/0 route won't be used. --- "West, Karl" [EMAIL PROTECTED] wrote: I think what you really wanted to do was use "Ip default-network" here is a link that will explain it to you further and what the difference is. It has to do with weather you have ip routing enabled on your system. Karl http://www.cisco.com/warp/public/105/default.html -Original Message- From: birs [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 15, 2001 5:02 AM To: [EMAIL PROTECTED] Subject: Ip default gateway Hello I just had a situation like this: I connected a Cisco1750 to Catalist2924, and then Catalist2924 to Catalist8540 and configured "ip default-gateway 10.0.1.1" in 1750(10.0.1.1 is the ip of 8540). Then 1750 was ping'in only 10.0.1.1 255.255.255.240's hosts and no other network in my backbone. Then I turned "ip default gateway 10.0.1.1" into "ip route 0.0.0.0 0.0.0.0 10.0.1.1" and my Cisco1750 started pinging every ip in my backbone. I will be grateful if anyone explains why "ip default-gateway" didn't worked and what is the difference between these two. Thanks. Birsen Ozturk _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hello
The one and only test :-) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Book Recommendations
Mastering Cisco Routers, Sybex, ISBN 0-7821-2643-X Excellent overall information. Covers most topics, gives good configuration examples. Lots of diagrams and configurations. Easy read. Will help in understanding more complex technologies down the road. Tom McNamara MCSE, CCNA Account Manager, U.S. Datacom [EMAIL PROTECTED] Direct line: (407)398-6521 Toll-Free: (800)216-5517 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sammi Sent: Friday, February 16, 2001 9:25 PM To: [EMAIL PROTECTED] Subject: Book Recommendations Hello, I have just ordered: LAN Wiring, 2nd Edition James Trulove I have gone over the book recommendations on the groupstudy web page but don't see anything that quite fits my needs. Very good books indeed but they seem to be for very high level professionals or those on the study track. I am somewhere in the middle. While I have a current CCNA I have very, very little hands on. I am soon to be in a position involving a number of 2600 series routers. The network is campus area type setup, strictly ethernet save for the one pipe to the outside world (though likely to bring more in). I think one of the CCIE study guides will be beyond my skills and needs? Internet Routing Architecture looks like it would have many practical examples a person could use on the job, but not quite for the environment I will find myself in? Top Down Network Design looks very good, but I need something more along a configuration guide. Though I think I may pick this one up in any case. Perhaps the best for my case is Introduction to Cisco Router Configuration? Any thoughts on which may best suit my particular needs, or other recommendations, greatly appreciated. ** Please remove anti-spam for personal replies. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Boot Camp Update
We are moving so IP addresses will change on our remote racks. If you use the FQDN like rack1.ccbootcamp.com, rack2.ccbootcamp.com, etc. you will be fine. We will be offering lots of new services later this year. Check the web site for updates. Sorry for the waste of bandwidth if this doesn't apply to you, but I have already had several customers that didn't get or open my e-mail announcement on this. Many of you on this list rent time on our remote racks. Marc Russell Network Learning, Inc. 7222 Deerhill Court Clarkston, MI 48346 Work PH# 248-620-9603 Fax# 248-620-9650 Pager# 810-681-0382 Alpha Page (don't put text in the subject area) [EMAIL PROTECTED] E-Mail CCIE Boot Camp [EMAIL PROTECTED] WEB CCIE Boot Camp www.ccbootcamp.com (Check us out for CCIE lab exam preparation) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Investment Question about 1900, 2500, and 5000 series equipment
They're all definitely on the heading toward end of life phase, but I think they'd be worthwhile to learn on. Most labs are made up of 2500s. The 5000 will get you some CatalystOS experience (I believe that's the term for the non-IOS based switching OS, although depending on the blades/software versions may not support newer commands, and the 1900 will get you some basic IOS-based switch experience. I'd just look at it as an investment in training for yourself, and not expect a large resell value, although there will still be some, if nothing else for another person looking to set up a lab. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Reel, JohnX"" [EMAIL PROTECTED] wrote in message 39B5C4829263D411AA93009027AE9EBB01334E43@FMSMSX35">news:39B5C4829263D411AA93009027AE9EBB01334E43@FMSMSX35... == How long is the shelf-life of the 1900, 2500, and 5000 series equipment? If I purchase this equipment, how fast will the investment value decay once purchased... Will this equipment still be valid over the next year and a half to carry on from CCNP through CCIE? (noting more equipment will be required later for the CCIE tract) == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX firewall
Their 3rd party partner is called Funk software ( http://www.funk.com) . The product is called Steel Belt Radius and yes it works. Runs on NT platform and performs authentication into NT domains. ""haroldnjoe"" [EMAIL PROTECTED] wrote in message 96kb43$3ev$[EMAIL PROTECTED]">news:96kb43$3ev$[EMAIL PROTECTED]... Cisco told me that they have third party partners who have access servers similar to TACACS+, but which use the NT user database. I have yet to squeeze the name of any of these partners out of them, but they are rumored to exist anyway. I hope it's true. It would be nice to only have to deal with one user database. [EMAIL PROTECTED] ""Jason"" [EMAIL PROTECTED] wrote in message 96ikbs$uka$[EMAIL PROTECTED]">news:96ikbs$uka$[EMAIL PROTECTED]... The PIX can use internally stored pre-shared keys, or can use external authentication such as TACACS+. http://www.cisco.com/warp/public/700/configsec.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Deepak Sharma" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... quick question, and probably dumb question!!. when I set up a pix firewall user--56k dialup--pix--nt server to authenticate the user, does pix use NT auth. or another type of auth.username/password has to be setup within pix... thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE:
IMHO, the 700 line is a huge waste of time. Avoid burning time on them and just study everything else so that you can eat the few questions you get on them. When will Cisco dump those 700s anyway? And now this other non-IOS based 600 line for cheap end-user CPE equipment. Bleh. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Steve Carson"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sathesh, On the FRS 2.0 exam I took there were either 3 or 4 questions that were directly about the Cisco 700 series. steve Original Message Follows From: "martijn michiel" [EMAIL PROTECTED] Reply-To: "martijn michiel" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Date: Thu, 15 Feb 2001 17:10:49 - Sathesh, in my bcran book there is a full chapter of 700. Check C's website though. martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens [EMAIL PROTECTED] Verzonden: woensdag 14 februari 2001 22:35 Aan: [EMAIL PROTECTED] Onderwerp: guyz: any comprehensive resource fo BCRAN ? any idea if there are questions on cisco 700 ? thanks,, - Get free personalized email at http://email.lycos.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Performance of CEF over Fast Switching
We have a 7513 as our backbone router and pre-12.0 it was running on average at maybe 9-10% CPU. After upgrading to 12.1 and turning on CEF, that dropped to around 5%. That's really not a good test because we were hardly pushing the thing to begin with. Still, it does seem to make a noticable difference and we haven't had any problems with it. By the way, off-topic, I seem to have resolved the problems I had with excitemail, so I've moved back to using [EMAIL PROTECTED] Lately, my email address has been changing almost daily! John John, Bob, Raj, Phillip and the Group, I hadn't thought of CEF much as I "thought" it wasn't available on the smaller routers. i.e. - only on the routers with line cards etc. However, I just enabled CEF on a 2611 and it created its table on the fly in no time flat. The 2611 won't do dCEF however. Also, the smaller routers can't do cef accounting. Anyway, now I have to mock something up in the lab to see if we can determine how much of any improvement CEF will give us. Since we're not using CEF anywhere in our network I can't just turn it on without a bit more research. If it only lessens the CPU load by a few percent then bigger hardware is in our future, but if we see gains of 20% or more then CEF would indeed be a cheap solution. I noticed that CEF has issues with policy routing and other features - but so far we're not using any of them. So, another question - does anyone have any idea/experience on how much CEF will gain for us? Given the average 50% load on the router - practically all switching load??? tia Kevin Wigle - Original Message - From: "John Neiberger" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, February 12, 2001 4:11 PM Subject: Re: Can someone interpret this please? I just checked CCO and there are so many CPU-related bugs in 12.0(5) that I stopped counting after a while. You might want to upgrade, if feasible. Also, try doing a show align to see if you're getting spurious memory access errors. One of the bugs mentioned a high CPU usage due to these. HTH, John Bob, Phil - and the group. Thanks for the input, gives me more to think about. Some more history.. This router is a 3620 with OC3 and FastEthernet interfaces. It has 48 meg and is running 12.0(5)XK1. According to Cisco's docs, the 3620 should be able to handle around 20-40 kpps. However, the router shows only around 2.6 kpps almost evenly split in/out. I have been unable to verify exactly on CCO but I suspect that a 3620 cannot handle (very well) two high-speed interfaces - more specifically if one is OC3. I have found info where Cisco, when talking about the OC3 interface for the 3600 series stated: "Max two high-speed network modules in a Cisco 3640 (includes Fast Ethernet, ATM, HSSI)" Now the 3640 has a 100mhz processor and the 3620 has a 80 mhz processor. I'm wondering if the SAR process is overwhelming the 3620? I'm sure I read someplace that only one high-speed interface was recommended for the 3620 but I haven't found that info again. Considering the low level of traffic, what else could be keeping the cpu utilization up so high? Need more info. let me know! Kevin Wigle - Original Message - From: "Phillip Heller" [EMAIL PROTECTED] To: "Kevin Wigle" [EMAIL PROTECTED] Cc: "cisco" [EMAIL PROTECTED] Sent: Monday, February 12, 2001 2:12 PM Subject: Re: Can someone interpret this please? On Mon, 12 Feb 2001, Kevin Wigle wrote: Dear group, Investigating a router that is starting to loaded down. When I do a sh proc cpu I get 50% or cpu utilization but the stats don't seem to add up to 50%. Is there another way to try and see where the 50% is coming from? sh proc cpu CPU utilization for five seconds: 44%/44%; one minute: 50%; five minutes: 52% The five second utilization numbers in the above line (44%/44%) represent two things. The first number is total processor utilization and the second is processor utilization due to interrupts. The difference in these two numbers would be the sum of 5sec utilization by all other processes. If utilization due to interrupts increases over time, it represents traffic growth. If it jumps alot in a short amount of time, it may be a DoS attack. You can verify the latter by turning on "ip route-cache flow" on suspected interfaces and then looking at the output of "sh ip cache flow". If the processor gets too high with legitimate traffic, you can use cef or dcef (ip route-cache cef, ip cef distributed). Failing that, you'll probably more beefy hardware. Regards, --phil Find the best deals on the web at
looking for virtual lab for rent
Hi Eveyone, I am looking for available virtual lab on the Internet that I can rent time to get hand-on experience with Cisco routers and switches and ISDN dial solutions. Anyone know a virtual that are at a reasonable price, please let me know. Mentor labs and ccie bootcamp labs are quite expensive for me. Please help. Many thanks. Mike Johnson __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Scenario we need help with...
Be aware that the DNS RFC says caching nameservers don't have to honor any TTL less than 2 days. This means realistically you could be looking at 2 days worth of downtime globally. We do these sort of moves on a Friday evening, and by Monday morning caches are cleared and resolving to the proper address. Here's a though, and I'm sure I'm overlooking something: Bind two IPs to the webserver, the new one and the old one. That way traffic will come in and go back out for the proper IP, and the PIX will NAT them back to the original IP. You could use route-maps to direct the traffic out the correct PIX. I know this worked with no problem for my Linux box when I cut over to a new ISP when I was multi-homed (no PIXes involved, just two ISPs and two IPs). The biggest thing is to test to make sure the box responds with the original IP address, and not the primary IP. It's not a problem with my lil' Linux server. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ [EMAIL PROTECTED] wrote in message 52D26B7F4FB6D411A34800E018025FA30372CB@MAIL-SK1">news:52D26B7F4FB6D411A34800E018025FA30372CB@MAIL-SK1... Sam, Ultimately you will have to endure some downtime during this move (approximately 1 hour) This is the solution I came up with: (and have previously used) Reduce the TTL on your DNS records to 1 hour. (30 minutes if you're feeling risky) Remember that your primary server will remain off line for at least two days. Remove your primary DNS server and relocate it to your new facility. Note your secondary will continue to resolve host names to the original IP addresses. Notify the naming authority (ie. network solutions) and inform them of the IP change to your primary name server. While your primary DNS server is off line, modify the records on the name server to reflect the new IP addresses and increase the TTL on your DNS records back to their original setting. Once the IP address change on your primary name server is complete then you're ready to go. Schedule a time when it will have the least impact on your website and have a buddy at the old location stop DNS services, and at the same time start DNS services at your new location. The only time a user might notice the change is if he had a DNS record on his recursive server that renewed just before you went to the switch over. If you do this at the right time of night hopefully no-one will notice. I am aware of another solution involving the arrow-point switches, that could have a shorter roll-over time, but I have never tried it. Hope this helps, Matthew -Original Message- From: Sam [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 2:38 PM To: [EMAIL PROTECTED] Subject: Scenario we need help with... We currently have two sites, both with their own PIX firewalls and their own connections to the Internet via separate ISPs. We also have a T1 point to point directly connecting both sites. Router A has a default route to PIX A. Router B has a default route to Router A. At site A we have a production web site on a server. We created a mirror of the web site on a new server located at site B. Currently, external DNS resolves our domain name to an IP address on the PIX located at site A. We configured the static mapping on Site A PIX to point to the new web server at site B. This has allowed us to host our web site at site B, but we are still not utilizing our Internet connection at site B for incoming traffic. What we would like to do is make DNS changes to direct incoming web traffic to PIX B. During the time DNS changes propagate I believe we may receive traffic via both PIX firewalls. Once this transition is complete site A will go away along with the T1 connection. Any ideas on how we can make this transition happen successfully without any interruption to our production web site. Any thought would be appreciated. ISP A - Site A PIX - Router A /\ InternetT1 Point to Point \/ ISP B - Site B PIX - Router B Thanks in advance Sam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Investment Question about 1900, 2500, and 5000 series equipment
If purchased used, those models hold their value very well. If purchased new, not so well :) On Fri, 16 Feb 2001, Reel, JohnX wrote: == How long is the shelf-life of the 1900, 2500, and 5000 series equipment? If I purchase this equipment, how fast will the investment value decay once purchased... Will this equipment still be valid over the next year and a half to carry on from CCNP through CCIE? (noting more equipment will be required later for the CCIE tract) == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying used CISCO gear!! email me for a quote Brian Feeny e:[EMAIL PROTECTED] CCNP+Voice/ATM/Security p:318.222.2638x109 CCDPf:318.221.6612 Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]