Re: Token Ring Crossover Cable???

[Albert]

Scott,

May I add some more info.  The Token Ring crossover cable is often use to
connect two MAU together.
http://www.cmt-nc.com/cables_ultd_pgs/utp.htm
Some MAU have Ring In and Ring Out ports.  If they don't you can use the
crossover cable to connect two MAUs together.  That is the only use for the
crossover cable, unlike the Ethernet crossover cable which can be use to
connect two end-stations together or two hub/switch together.

Albert

""Scott Froese"" <[EMAIL PROTECTED]> wrote in message
974sf4$4en$[EMAIL PROTECTED]">news:974sf4$4en$[EMAIL PROTECTED]...
> Alex-
>
> Actually, there is such an animal as a Token Ring crossover cable.  You
are
> correct that you can't use one to "back to back" Token Ring ports.  They
are
> used in our environment for a direct station attachment (Cisco router
ports)
> to Bay Networks C100 Tokenspeed switch ports.
>
> The RJ-45 pin outs are:
>
> 1-->1
> 2-->2
> 3-->4
> 4-->3
> 5-->6
> 6-->5
> 7-->7
> 8-->8
>
> This link sort of backs up my story:
>
> http://www.bestdatasource.com/Bay/Detail/cBayAS0018001.htm
>
> Scott
>
> ""W. Alan Robertson"" <[EMAIL PROTECTED]> wrote in message
> 00a701c09d44$1b031e20$[EMAIL PROTECTED]">news:00a701c09d44$1b031e20$[EMAIL PROTECTED]...
> > Alex,
> >
> >  There is no such animal...  Token Ring is much more sophisticated that
> > Ethernet at the physical layer.  There is simply no way for either
station
> > at each end of a crossover cable to replicate the electrical function of
> an
> > MAU.
> >
> >  I wish I had a link that pointed to a good explaination of the process.
> > Anybody have one?
> >
> >  Alan~
> >
> > > - Original Message -
> > > From: "Scott Pierson" <[EMAIL PROTECTED]>
> > > Newsgroups: groupstudy.cisco
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, February 22, 2001 8:45 PM
> > > Subject: Re: Token Ring Crossover Cable???
> > >
> > >
> > > > Token ring crossover cable?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Alex wrote:
> > > >
> > > > > Hi
> > > > >
> > > > > Can I use a token ring crossover cable between to routers?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Alex
> > > > >
> > > > > _
> > > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > >
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Squeeze not working in 12.0

[Erick B.]

I don't have the link handy, but there are different
flash types on Cisco routers. Some don't allow you to
squeeze the flash to regain space, others do. I'll see
if I can find the link (I had it bookmarked on my work
PC). 

I also question why you can delete if you can't
squeeze, but did find a useful reason for it. If you
copy your config to flash for backup and make changes
to it later and want to keep same name without erasing
flash its useful. The only drawback to this is when
you do a show flash you have the one filename listed
as many times as you saved it to flash. All of them
have deleted next to them except for one. So...
eventually you'll need to TFTP the files on flash to
elsewhere, erase the flash and TFTP the files back
down to clean it up. 

If your flash is big enough, you could also download a
new image and delete old one. This way you don't have
to use boot system commands to tell router which to
boot off of. 

--- Richard Gallagher <[EMAIL PROTECTED]> wrote:
> Don't ask me either, I have no idea why they did
> this. I have wondered for some
> time!!!
> 
> Yes it's OK to erase the flash whilst the router is
> running, just don't reload
> it - or bang bye bye network!!
> 
> Rich
> 
> On Feb 22,  5:12pm, John Neiberger chatted about:
> > Subject:Re: Squeeze not working in 12.0
> > Well, that makes perfect sense!  heh heh  I
> won't even bother asking
> > why they implemented the delete command if it
> doesn't really do
> > anything.
> >
> > Since the 2611 IOS runs from RAM, I'd be okay
> deleting the entire
> > flash, right?  Geez, I hate doing stuff like that
> on a production
> > router.   :-)  But, that's never really stopped
> me.
> >
> > >>> "Richard Gallagher" <[EMAIL PROTECTED]>
> 2/22/01 9:05:24 AM >>>
> > This command only works on the higher end
> paltforms - 7200, 7500
> > etc...
> >
> > Although the delete command is present there is no
> way to squeeze the
> > flash. So
> > to free up some room you are going to have to
> erase the flash and start
> > from
> > scratch.
> >
> > Rich
> >
> > On Feb 22,  5:03pm, John Neiberger chatted about:
> > > Subject:Squeeze not working in 12.0
> > > I just now deleted one of two IOS files on a
> 2611 running 12.0(5).
> > When
> > > I tried to "squeeze" the file system, the CLI
> did not recognize the
> > > squeeze command.  I tried to undelete that file
> and again, it did
> > not
> > > recognize the command.  So, I have a file that
> is marked as deleted
> > and
> > > can't do anything with it.
> > >
> > > I checked CCO and the docs there say that both
> squeeze and undelete
> > > should be available in 12.0.
> > >
> > > Am I missing something obvious here?  I need to
> free up some room on
> > > that file system so that I can do an upgrade.
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > > John
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > [EMAIL PROTECTED]
> > >-- End of waffle from John Neiberger
> >
> >
> >
> > --
> >
> >   *** Please copy your emails to
> [EMAIL PROTECTED] ***
> >
> >
>
#---#
> > #..   ..| Richard Gallagher |
> Office:+32 2 704 5000
> > #
> > #||   ||| Euro-CATS |
> Direct:+32 2 704 5421
> > #
> > #||   ||| Cisco Systems Belgium | Fax:
>   +32 2 704 6000
> > #
> > #       | Pegasus Park  |
> email: [EMAIL PROTECTED]
> > #
> > #.:||:.:||:.| De Kleetlaan, 6A  |
> > #
> > #   Cisco Systems   | BE 1831 Diegem|
> http://www.cisco.com/tac
> > #
> >
>
#---#
> >  "Normal people believe that if it ain't broke,
> don't fix it.
> > Engineers
> >   believe that if it ain't broke, it doesn't have
> enough features
> > yet."
> >
> >   Check out this link:
> http://www.cisco.com/warp/customer/63/
> >
> >-- End of waffle from John Neiberger
> 
> 
> 
> -- 
> 
>   *** Please copy your emails to
> [EMAIL PROTECTED] ***
> 
>
#---#
> #..   ..| Richard Gallagher |
> Office:+32 2 704 5000 #
> #||   ||| Euro-CATS |
> Direct:+32 2 704 5421 #
> #||   ||| Cisco Systems Belgium | Fax:  
> +32 2 704 6000 #
> #       | Pegasus Park  | email:
> [EMAIL PROTECTED] #
> #.:||:.:||:.| De Kleetlaan, 6A  |   
>#
> #   Cisco Systems   | BE 1831 Diegem|
> http://www.cisco.com/tac  #
>
#---#
>  "Normal people believe that if it ain't broke,
> don't fix it. Engineers
>   believe that if it ain't broke, it doesn't have
> enough features yet."
> 
>   Check out this link:
> http://www.cisco.com/warp/c

DHCP

[Gayathri]

Hi Group,

 I have 2 DHCP servers and I have defined both the IP helper addressess in
our routers

Now, if a client quieries for an IP, which of the servers will respond
first?

The problem I have is we have defined one subnet in DHCP Server and not in
the other.

When this user is querying for an IP , he is not getting a response.

interface Ethernet0
 ip address 10.X.X.X  255.255.0.0
 ip helper-address 10.X.1.X
 ip helper-address 10.X.1.Y

The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
is no response. when the client requests.

The main reason we have 2 DHCP servers is for redundancy.

Please note that they are independant of each other .

Does this mean that , when the client is requesting, the router first
forwards to the first DHCP server and since it is not getting a response ,
is dropping it?

Thanks

Gayathri





_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DHCP- Advise / Suggestions Apprciated

[Gayathri]

Firstly, sorry for the repeated submission, I  dont see my psoting under the
main heading so I am forced to post it again..

here is my question...

 I have 2 DHCP servers and I have defined both the IP helper addressess in
our routers

Now, if a client quieries for an IP, which of the servers will respond
first?

The problem I have is we have defined one subnet in DHCP Server and not in
the other.

When this user is querying for an IP , he is not getting a response.

interface Ethernet0
 ip address 10.X.X.X  255.255.0.0
 ip helper-address 10.X.1.X
 ip helper-address 10.X.1.Y

The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
is no response. when the client requests.

The main reason we have 2 DHCP servers is for redundancy.

Please note that they are independant of each other .

Does this mean that , when the client is requesting, the router first
forwards to the first DHCP server and since it is not getting a response ,
is dropping it?

Thanks

Gayathri





_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Local Director 430 and FIrewalls

[Elaluf, Sylvia,]

Morning all,

I  have the following setup for a design:

One main firewall connected to the internet. From this firewall hangs a
local director that will do load balancing for a farm of web servers. Also
connected to that local director is a second firewall and behind that
firewall I have some database servers.

Will it be possible to do also load balancing using the local director to
the servers behind the second firewall? The local director does balacing for
machines in the same subnet, as the firewall only shows one ip address to
the local director how does the local director will know how to balance the
servers behind the firewall?

Has somebody implemented this design?

Comments appreciated

Regards

Silvia Elaluf-Calderwood  BSc MSc CCNA
IP Network Engineer - Technical Services COLT Telecom B.V
[EMAIL PROTECTED]
T: +31 (0)20-888-2092
"Problems cannot be solved at the same level of awareness that created
them." - Albert Einstein

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP- Advise / Suggestions Apprciated

[Larry Lamb]

Everything I've found on Cisco tells me that multiple helper addresses are
supported and I would have to assume that it's forwarding the packet to both
helper address and is taking the response from the first machine to respond.
Any chance you can define part of the scope on each server?  This would
ultimately solve the problem.  Without a sniffer on both segments it's going
to be difficult to tell exactly what's happening unless someone has already
worked with this and has more input.

"Gayathri" wrote in message <975b6q$d4v$[EMAIL PROTECTED]>...
>Firstly, sorry for the repeated submission, I  dont see my psoting under
the
>main heading so I am forced to post it again..
>
>here is my question...
>
> I have 2 DHCP servers and I have defined both the IP helper addressess in
>our routers
>
>Now, if a client quieries for an IP, which of the servers will respond
>first?
>
>The problem I have is we have defined one subnet in DHCP Server and not in
>the other.
>
>When this user is querying for an IP , he is not getting a response.
>
>interface Ethernet0
> ip address 10.X.X.X  255.255.0.0
> ip helper-address 10.X.1.X
> ip helper-address 10.X.1.Y
>
>The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
>is no response. when the client requests.
>
>The main reason we have 2 DHCP servers is for redundancy.
>
>Please note that they are independant of each other .
>
>Does this mean that , when the client is requesting, the router first
>forwards to the first DHCP server and since it is not getting a response ,
>is dropping it?
>
>Thanks
>
>Gayathri
>
>
>
>
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS based VPN using IPSec

[Thangavel .V.M]

Thank you very much for ur immediate help.

Regards / Thangavel
- Original Message -
From: "Rahul Kachalia" <[EMAIL PROTECTED]>
To: "Rahul Kachalia" <[EMAIL PROTECTED]>; "perryb" <[EMAIL PROTECTED]>;
"Thangavel .V.M" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 22, 2001 11:43 PM
Subject: Re: MPLS based VPN using IPSec


> Oops..typo mistake its 14 diagrams..sorry abt that...
> rahul.
> - Original Message -
> From: "Rahul Kachalia" <[EMAIL PROTECTED]>
> To: "perryb" <[EMAIL PROTECTED]>; "Thangavel .V.M" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Thursday, February 22, 2001 9:44 AM
> Subject: Re: MPLS based VPN using IPSec
>
>
> > Yes, this is an excellent cisco press book..however there is errarta in
44
> > different diagrams..please download pdf file while referring the book..
> >
> > http://www.ciscopress.com/book.cfm?book=168
> >
> > thanks
> > rahul.
> > - Original Message -
> > From: "perryb" <[EMAIL PROTECTED]>
> > To: "Thangavel .V.M" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Thursday, February 22, 2001 7:00 AM
> > Subject: Re: MPLS based VPN using IPSec
> >
> >
> > > Excellent book - Cisco Press "MPLS and VPN Architectures"
> > >
> > >
> > > - Original Message -
> > > From: "Thangavel .V.M" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, February 22, 2001 5:43 AM
> > > Subject: MPLS based VPN using IPSec
> > >
> > >
> > > >
> > > > Hi Group,
> > > >
> > > >
> > > > I need references and links related to the Design,Implementation and
=
> > > > case studies of MPLS  based VPN using IPSec.
> > > >
> > > > Any help be highly useful to me.
> > > >
> > > >
> > > > Kind Regards / Thangavel
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DHCP- Advise / Suggestions Apprciated

[McCallum, Robert]

Quick and easy way to find out if the packet is reaching each segment is
.

On each interface i.e. interface where user is, interface where DHCP server
is do...

ip accounting output-packets or just plain old ip accounting.

you should then do show ip account.

This should show you the ip address 255.255.255.255 being helpered to
whatever your address is.  At this point take a note of the mac address of
the requester.  

See if it is coming through to your server.

Now..If it is then the cisco devices are working properly, back to the
drawing board.

If it isn't getting to the server then come back.  I have encountered a few
gotchas doing this before.

Hope this helps.

-Original Message-
From: Larry Lamb [mailto:[EMAIL PROTECTED]]
Sent: 23 February 2001 10:15
To: [EMAIL PROTECTED]
Subject: Re: DHCP- Advise / Suggestions Apprciated


Everything I've found on Cisco tells me that multiple helper addresses are
supported and I would have to assume that it's forwarding the packet to both
helper address and is taking the response from the first machine to respond.
Any chance you can define part of the scope on each server?  This would
ultimately solve the problem.  Without a sniffer on both segments it's going
to be difficult to tell exactly what's happening unless someone has already
worked with this and has more input.

"Gayathri" wrote in message <975b6q$d4v$[EMAIL PROTECTED]>...
>Firstly, sorry for the repeated submission, I  dont see my psoting under
the
>main heading so I am forced to post it again..
>
>here is my question...
>
> I have 2 DHCP servers and I have defined both the IP helper addressess in
>our routers
>
>Now, if a client quieries for an IP, which of the servers will respond
>first?
>
>The problem I have is we have defined one subnet in DHCP Server and not in
>the other.
>
>When this user is querying for an IP , he is not getting a response.
>
>interface Ethernet0
> ip address 10.X.X.X  255.255.0.0
> ip helper-address 10.X.1.X
> ip helper-address 10.X.1.Y
>
>The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
>is no response. when the client requests.
>
>The main reason we have 2 DHCP servers is for redundancy.
>
>Please note that they are independant of each other .
>
>Does this mean that , when the client is requesting, the router first
>forwards to the first DHCP server and since it is not getting a response ,
>is dropping it?
>
>Thanks
>
>Gayathri
>
>
>
>
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2600 router - 12.0 IOS wanted

[Ravi Kumar]

hi friends

can u pls let me know few links, from where i can down load ios 12.0 form 2600
series router.

tanx in advance.

bye
ravee



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2600 router - async port configuration

[Ravi Kumar]

hi techs

I have 2610 router with 2 port sync/async card.

I want to use one of the async port to dial internet.

pls give me list of configurable commands.

your help in this regard is highly apprecaited.

most urgent

bye
ravee



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2600 router - 12.0 IOS wanted

[McCallum, Robert]

http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi
?majorRel=12.1



watch the word wrap.  You will also require cco login for this.

-Original Message-
From: Ravi Kumar [mailto:[EMAIL PROTECTED]]
Sent: 23 February 2001 10:38
To: [EMAIL PROTECTED]
Subject: 2600 router - 12.0 IOS wanted


hi friends

can u pls let me know few links, from where i can down load ios 12.0 form
2600
series router.

tanx in advance.

bye
ravee



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Simulation for CCNP/CCIE

[Albert Lu]

Yes there is. I've got a simulator that simulates as many routers, switches
as you like. It lets you do everything that you can do on real equipment at
a fraction of the cost. This is all you need to pass the CCIE!!

Paypal me $100US and I will send you a copy. The first 10 people will get a
free toaster simulator. YES!! you can pretend to make toast.

ps. I also have a simulator guaranteed to help you become a doctor. Why
practise on real people when you can do it using this simulator. It costs
$200US, since human bodies are slightly more complicated than Cisco routers.
ORDER NOW!!

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Thomas
> Sent: Friday, 23 February 2001 18:10
> To: [EMAIL PROTECTED]
> Subject: Simulation for CCNP/CCIE
>
>
> Hi All - Is there any good lab simulation software for CCNP/CCIE
> around (not
> CCNA one, since it does not have enough commands)? Where can I get it?
> Thanks in advance!
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2600 router - async port configuration

[McCallum, Robert]

Please see inline.

-Original Message-
From: Ravi Kumar [mailto:[EMAIL PROTECTED]]
Sent: 23 February 2001 10:57
To: [EMAIL PROTECTED]
Subject: 2600 router - async port configuration


hi techs

I have 2610 router with 2 port sync/async card.

I want to use one of the async port to dial internet.

pls give me list of configurable commands.

  I can give you a list of configurable commands but hey!  I'll give you
hints instead after all you should learn how to do this.  Try the Cisco CD
or indeed the Cisco web site.  You usually can answer your question from
there.  

your help in this regard is highly apprecaited.

>>> help!!!  What you want is for someone to give you the answer.  Come on
mate, do a bit of digging yourself.  Why should I dig for the info just to
hand it to you.  At least when you send a mail show that you have at least
attempted to configure / do it yourself.

most urgent

>>> Why is it most urgent.  Have you maybe been tasked to do this in your
job?

All in all try it yourself.  If you  cant find it come but to the group with
what you have tried, then you might get a better answer.

bye
ravee



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: testing dial backup...

[Z]

I know this, why do you think I asked the question??? wow.

- Original Message -
From: Brian <[EMAIL PROTECTED]>
To: Z <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 12:46 AM
Subject: Re: testing dial backup...


>
> You have to test it...no matter what.  Thats like having a "Tape
> backup" system, but never actually trying to do a restore until you *have*
> to.
>
>
> On Thu, 22 Feb 2001, Z wrote:
>
> > Question... Anybody know how I can test to see if our dial backup on our
=
> > devices actually kicks up when the primary interface goes down? We have
=
> > dialer interfaces as our backup and I want to see if they work. I just =
> > got to this place a month ago and have noticed that in most of the =
> > devices, they don't even have the backup statements configured on the =
> > primary int. Here's the kicker. I can't take the primary down to do this
=
> > and I don't feel like coming in on the weekend  =3Do)   I remember =
> > somebody said something about creating a floating static and pinging =
> > something but I forget what was said. Is there just an easy way to do =
> > this? I would imagine there is. Thanks all,
> >
> > 
> > This has been an Eyez Only streaming e-mail broadcast...We are watching.
> >
> > ~ NetEyez ~ CCNP, CCDA
> >
> > _
> > FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> ---
> I'm buying / selling used CISCO gear!!
> email me for a quote
>
> Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
> [EMAIL PROTECTED] [EMAIL PROTECTED]
> Netjam, LLC
> http://www.netjam.net
> 1401 Oden St.
> Suite 18
> Shreveport, LA 71104
> 318-222-2638 x 109318-222-2638 x 101
> Fax 318-221-6612
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: passed CCIE written with a little extra stress

[Darren Ward]

Same thing happened to me in Melbourne.

The test crashed on question 32 or something like that and so I panicked and went out 
to
the front desk and they came in, rebooted it and my test came up on q 32.

So like a fool i hit the previous button to make sure my answer was there and sure
enough it was so happier I hit next and ... crash # 2!

Slightly put off I went back out to the front desk and they rebooted it again but this
time they warned me not to use the previous button but use the marked questions at the
end of the exam to review.

Needless to say the couple of other people in the test room smirked a bit, but then
again they were only doing Microsoft exams so what do I care what they think :-P

Still I passed at the end of it but boy was that something I didn't need during the
written!

Darren Ward
PGradCS-CCNP-CCDP-MCP

Francisco Muniz wrote:

> It happened to me as well, back at Networkers. However they just
> ALT-CTRL-DEL'ed the machine and it came back with my half test to
> complete. I'd already passed away on the of the keyboard, and so
> couldn't finish it :-) just kidding, I did pass, and boy I'm happy!
>
> Frank.
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Banyan Vines

[pinoal]

Hi ,

Does any one know of any software to emulate banyan vines , I want to do
some test but
I dont have vines server and client.










_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP support guide

[Tom Drake]

Hallo,

I've got the PDF for the CiscoPress official CCNP support
certifications guide.

http://www.amazon.com/exec/obidos/ASIN/0735709955/qid%3D/102-7107495-8348961

Willing to trade for any other CiscoPress e-books

[EMAIL PROTECTED]


_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN CIM

[Jeff Duchin]

Anyone use the ISDN CIM before and how is it?

Jeff


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: [Banyan Vines]

[Petra Hofmann]

Why would you want to.  Vines has not been supported for almost 2 years. There
are few sites still using it.  We've used it for several years but will be
going to Exch and Linux systems next months.  Good Luck.

"pinoal" <[EMAIL PROTECTED]> wrote:
> 
> Hi ,
> 
> Does any one know of any software to emulate banyan vines , I want to do
> some test but
> I dont have vines server and client.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: invisible router - can i do it?

[Christopher Kolp]

I believe it's done with Proxy ARP...


someone flame me if im wrong :)

ck


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> beth shriver
> Sent: Thursday, February 22, 2001 9:01 PM
> To: [EMAIL PROTECTED]
> Subject: invisible router - can i do it?
>
>
> If i have pc's on a router but dont want them to be
> visible to sms or firewall monitoring software , is
> this possible? If so can you give me some pointers or
> head me in the right direction?? ( web page , book
> etc)
>
> I am hoping ANYONE will respond!
> Thanks
> Bethy
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Howard C. Berkowitz]

>On Fri, 23 Feb 2001, Gayathri wrote:
>
>>  Thanks for all the varying thoughts,
>>
>>  It is good to hear first hand information from like minded people than to
>>  visit some recruiters/head hunters web sites and make wild guess.
>>
>>  It looks like CCIE is the ultimate. These middle level certificates only
>  > land you in a sys admin job..

I have to ask, Gayathri, what do you consider the ultimate with 
respect to jobs? I'll talk more about the role of CCIE in large 
carrier operations, but, if your "ultimate" includes network product 
development, no vendor certification is particularly relevant.



Brian continued,

>
>This really isn't true.  Lets look at some basic facts:
>
>There are only ~6000 or so CCIE's in the world, possibly as many as 30%
>are employed by cisco.
>
>There are over 6000 ISP's in the US alone.
>
>There are over 7000 AS's in the world.
>
>My point is, that if most of your CCIE's work for cisco and big big
>companies, then their are a ton of networks, complex networks, that don't
>even have CCIE's at the healm.  Even a large company like UUnet may only
>have a handfull of CCIE's.


And again, CCIE, as presently constituted, isn't all that relevant to 
large carrier operations.  I think you'll find that many CCIEs 
employed by large carriers may work more in system integration than 
backbones.

No major carrier is all-Cisco, for both technical and business reasons.

First, although the model is always evolving, there is usually, at 
the very least, a complex layer 1/2 system (SONET/SDH, ATM) that 
interconnects major internal hubs and POPs.  Routing is overlaid onto 
this system.  MPLS will reverse this paradigm, using routing to find 
paths over which MPLS tunnels can be constructed.  Cisco is not 
dominant in the layer 1/2 area.  Yes, the ex-Stratacom WAN switches 
have a real market position, but so do Lucent/Ascend, Nortel, etc. 
In the optical transmission area, companies such as Nortel and Lucent 
have large installed bases, and there are many competitive new firms 
such as Sycamore.

Second, access technologies also is a very competitive area.  I 
remember when the Cisco 5200 series was first offered as the "Ascend 
killer."  It wasn't.

Third, while Cisco dominates in enterprise routers, there's 
significant competition, from Juniper above all, in the large 
provider space.

Fourth, CCIE-level routing policy and BGP don't begin to approach the 
complexity of a large carrier routing system.

 From the business standpoint, large carriers deal directly with 
Cisco, so do not have the reseller's incentive to have certified 
people on staff in order to get better discounts.

Please don't misunderstand what I'm saying. Accomplishing CCIE 
certification is very meaningful.  But it isn't the pinnacle of 
networking -- there is no single pinnacle.

It would be difficult to get much done, for example, in the IETF 
without a reasonably strong computer science background.  RFCs, 
except for a few informational ones, are vendor-independent, so 
extensive Cisco experience still doesn't prepare people to design 
protocols and operational techniques in a more general way.

While, for economic reasons, resellers may assign CCIEs to do design 
and presales, the CCIE blueprint doesn't emphasize design issues. 
Many of the issues I have to deal with in designing networks with 
thousands of routers aren't all that Cisco-specific, but apt to be 
requirements analysis, statistical and operations research, 
addressing & naming policy, etc.









>
>Their is very few CCIE's, and very many networks that need help.  I am not
>talking about simple networks, but complex networks with complex issues.
>
>Brian
>
>
>---
> I'm buying / selling used CISCO gear!!
> email me for a quote
>
>Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
>[EMAIL PROTECTED] [EMAIL PROTECTED]
>Netjam, LLC
>http://www.netjam.net
>1401 Oden St.
>Suite 18
>Shreveport, LA 71104
>318-222-2638 x 109318-222-2638 x 101
>Fax 318-221-6612
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Local Director 430 and FIrewalls

[Elaluf, Sylvia,]

> Morning all,
> 
> I  have the following setup for a design:
> 
> One main firewall connected to the internet. From this firewall hangs a
> local director that will do load balancing for a farm of web servers. Also
> connected to that local director is a second firewall and behind that
> firewall I have some database servers.
> 
> Will it be possible to do also load balancing using the local director to
> the servers behind the second firewall? The local director does balacing
> for
> machines in the same subnet, as the firewall only shows one ip address to
> the local director how does the local director will know how to balance
> the
> servers behind the firewall?
> 
> Has somebody implemented this design?
> 
> Comments appreciated
> 
> Regards
> 
> Silvia Elaluf-Calderwood  BSc MSc CCNA
> IP Network Engineer - Technical Services COLT Telecom B.V
> [EMAIL PROTECTED]
> T: +31 (0)20-888-2092
> "Problems cannot be solved at the same level of awareness that created
> them." - Albert Einstein
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP- Advise / Suggestions Apprciated

[Howard C. Berkowitz]

>Firstly, sorry for the repeated submission, I  dont see my psoting under the
>main heading so I am forced to post it again..
>
>here is my question...
>
>  I have 2 DHCP servers and I have defined both the IP helper addressess in
>our routers
>
>Now, if a client quieries for an IP, which of the servers will respond
>first?

Assuming your helper addresses and topologies are correct, both 
servers have an equal chance of responding.  Which server responds 
first will largely be a matter of chance, although, I suppose, there 
is a slightly greater chance that the first server in the list will 
get the message first.

If the DHCP servers are truly independent, as would usually be the 
case, the client might very well receive more than one response.

Can you verify, either from your servers yourself, with a sniffer, or 
even (worst case) a router debug, that the requests are reaching the 
servers?

>
>The problem I have is we have defined one subnet in DHCP Server and not in
>the other.
>
>When this user is querying for an IP , he is not getting a response.
>
>interface Ethernet0
>  ip address 10.X.X.X  255.255.0.0
>  ip helper-address 10.X.1.X
>  ip helper-address 10.X.1.Y
>
>The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
>is no response. when the client requests.
>
>The main reason we have 2 DHCP servers is for redundancy.
>
>Please note that they are independant of each other .
>
>Does this mean that , when the client is requesting, the router first
>forwards to the first DHCP server and since it is not getting a response ,
>is dropping it?
>
>Thanks
>
>Gayathri
>
>
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Simulation for CCNP/CCIE

[Christopher Kolp]

What Version of IOS do the Human Bodies run?? 

;-]

Nice reply!



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Albert Lu
> Sent: Friday, February 23, 2001 6:06 AM
> To: Thomas
> Cc: [EMAIL PROTECTED]
> Subject: RE: Simulation for CCNP/CCIE
> 
> 
> 
> Yes there is. I've got a simulator that simulates as many 
> routers, switches
> as you like. It lets you do everything that you can do on 
> real equipment at
> a fraction of the cost. This is all you need to pass the CCIE!!
> 
> Paypal me $100US and I will send you a copy. The first 10 
> people will get a
> free toaster simulator. YES!! you can pretend to make toast.
> 
> ps. I also have a simulator guaranteed to help you become a 
> doctor. Why
> practise on real people when you can do it using this 
> simulator. It costs
> $200US, since human bodies are slightly more complicated than 
> Cisco routers.
> ORDER NOW!!
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Thomas
> > Sent: Friday, 23 February 2001 18:10
> > To: [EMAIL PROTECTED]
> > Subject: Simulation for CCNP/CCIE
> >
> >
> > Hi All - Is there any good lab simulation software for CCNP/CCIE
> > around (not
> > CCNA one, since it does not have enough commands)? Where 
> can I get it?
> > Thanks in advance!
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to 
> [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Drew Simonis]

Brian wrote:
> 
> This really isn't true.  Lets look at some basic facts:
> 
> There are only ~6000 or so CCIE's in the world, possibly as many as 30%
> are employed by cisco.
> 
> There are over 6000 ISP's in the US alone.
> 
> There are over 7000 AS's in the world.
> 
> My point is, that if most of your CCIE's work for cisco and big big
> companies, then their are a ton of networks, complex networks, that don't
> even have CCIE's at the healm.  Even a large company like UUnet may only
> have a handfull of CCIE's.
> 


Also take into account the large number of CCIE's who make their
wages at training companies, and who aren't in the field.  I know 
that when I was with IBM Global Network Services, we had just 2 
that I knew of...

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: testing dial backup...

[Howard C. Berkowitz]

>Brian wisely observed,



>You have to test it...no matter what.  Thats like having a "Tape
>backup" system, but never actually trying to do a restore until you *have*
>to.

In the great tradition of sea stories, "Hey, this really happened!"

A couple of years ago, I had a consulting client that INSISTED on 
reliable Internet connectivity. So, we implemented dual BGP routers, 
one to AT&T and one to a local provider, and made sure the AT&T links 
were provisioned over dual SONET.

I had done most of this design offsite.  When I finally visited the 
computer room, I discovered one server.  When, rather shocked, I 
asked what happened if the server failed, I was told they had a tape 
backup.  When I continued probing, and asked to what server they 
would restore the tape backup, shocked looks broke out.

Incidentally, tape backup, for large transaction processing systems, 
is increasingly being regarded as a secondary or legacy method. 
Given the decreasing cost of mirrored disks, and the increasing 
amount of time it takes to restore from a (serial) tape backup, the 
restoral time with tape backup alone is unacceptable.  What is 
increasingly comon is to implement the database either with a doubly 
or (preferably) triply redundant RAID server, or across backup 
datacenters.

In the event of failure, the database fails over to a backup disk 
system. With triple redundancy, that still gives you a backup while 
maintenance is performed on the failed server.  Tape is reasonable 
for restoring the failed system once it has been repaired.  After 
repair, the previously failed system usually becomes a backup, rather 
than taking over from the current primary server.

>
>
>On Thu, 22 Feb 2001, Z wrote:
>
>>  Question... Anybody know how I can test to see if our dial backup on our =
>>  devices actually kicks up when the primary interface goes down? We have =
>>  dialer interfaces as our backup and I want to see if they work. I just =
>>  got to this place a month ago and have noticed that in most of the =
>>  devices, they don't even have the backup statements configured on the =
>>  primary int. Here's the kicker. I can't take the primary down to do this =
>>  and I don't feel like coming in on the weekend  =3Do)   I remember =
>>  somebody said something about creating a floating static and pinging =
>>  something but I forget what was said. Is there just an easy way to do =
>>  this? I would imagine there is. Thanks all,
>>
>>  
>>  This has been an Eyez Only streaming e-mail broadcast...We are watching.
>>
>>  ~ NetEyez ~ CCNP, CCDA
>>
>>  _
>>  FAQ, list archives, and subscription info: 
>>http://www.groupstudy.com/list/cisco.html
>>  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>
>
>---
> I'm buying / selling used CISCO gear!!
> email me for a quote
>
>Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
>[EMAIL PROTECTED] [EMAIL PROTECTED]
>Netjam, LLC
>http://www.netjam.net
>1401 Oden St.
>Suite 18
>Shreveport, LA 71104
>318-222-2638 x 109318-222-2638 x 101
>Fax 318-221-6612
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX : Static and Conduit command

[Tim O'Brien]

Actually, Nabil, that is not true at all. The conduit command is not going
anywhere anytime soon. The push is towards an interface based acl list,
which is easier done with the access lists rather than the conduit commands.

""Nabil Fares"" <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
That's true, conduits are going away.  The only reason you see them is for
backward compatibility issues.  Definitely use static commands with
access-lists.  Its a two-step process, but its a nice feature.


HTH

Nabil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, February 15, 2001 2:51 AM
To: [EMAIL PROTECTED]
Subject: Cisco PIX : Static and Conduit command


Does anybody know about the advantage of having static conduit command
compare with
access-list/access-group command in PIX?.

I heard that the static conduit will no longer available in the future
realease. Is it True??.

Thanks.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Sparc 4 for Sale

[Nabil Fares]

Greetings All,

Be nice and no flaming, I know this not classified listing.  So forgive me!

Sparc 4 (110 CPU)
64 MB RAM
4.3 UW SCSI

Any offer, please email me directly.

Thanks,

Nabil 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Port Redirection

[Nabil Fares]

Hi Scott,

You can add fixup protocol to point port whatever:

fixup protocol http 4003

The trick about fixup is that it examines the http protocol for any other
embedded protocols (I hope this made some sense!).  This is just another way
to deploy http server on different port then 80.  I'm really not sure
whether this works for your scenario or not.

HTH,

Nabil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott M. Trieste
Sent: Thursday, February 22, 2001 5:55 PM
To: [EMAIL PROTECTED]
Subject: Port Redirection


Colleagues,

I am trying to achieve port redirection on a PIX-520.  We have an
application that only accepts connections on a user-definable port but some
of our customers don't allow any inbound traffic other than 80/443.

Is there any way to redirect inbound (port 80) traffic to a user-definable
port(ie 4003).  If possible, I'd like to make this happen on a PIX-520.  My
feeling is that a feature of NAT will allow me to do this.

Any insight is appreciated.

Thanks in advance.

-Scott M. Trieste


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID Exam tips

[GNOME]

StrataCom Switches YES!!!


Marakalas <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
> I'm writing the CID 640-025 exam on Monday. I want to
> know if the exam covers ATM and StrataCom Switches.
> Where should i concentrate on.
>
> Your valuable contribution will be highly appreciated.
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: History of private peering and exchanges?

[Howard C. Berkowitz]

>  > At some point, there started to be a business case for large
>>  providers to interconnect with bilateral private links as well as at
>>  exchanges.  When did such links first get used for commercial
>>  traffic? In the beginning, were they short-haul connections between
>>  cages in exchanges, or WAN links between major provider hubs?  I'm
>>  referring here only to interprovider links, not to transit customers.


Mark Borchers added,

>
>Well, if this is to be a comprehensive list, private interconnects
>predated the commercial Internet.  At OARnet in Ohio, we set up
>peering with CICNet in a facility near the Ohio Supercomputer Center
>in order to avoid long round trips.

Clearly, there's a need to broaden my scope!

I do want differentiate between good solid technical examples, such 
as yours for OARnet-CICNet, between examples where the suits had an 
economic motivation. The latter, I would assume, came later.

While I recognize I won't be able to publish the details of many 
NDA-covered commercial private peerings, it is my hope to identify 
when this practice began.  A side motivation for this particular 
point is to identify when commercial NDA considerations might have 
restricted the potential ability of routing registries to give 
reasonably accurate representations of topology and policy.

Yeah, yeah...if everyone DID put all their policies in an RR. Yet 
Another Issue.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IBM ATM Switches

[Albert Lu]

Hi,

Does anyone know about the IBM ATM switches. Specifically the 8285 ATM
switches, I believe are the lower end ATM switches.

Is this sufficient for an ATM switch for a home lab?

I'm not too familiar with ATM product range. I believe there is an ATM
module for the Catalyst 5000, so does that make it an ATM switch? What about
the Cisco LightStream products, are they no a switch as well?

Is setting up ATM in a home lab a matter of getting the right module for the
router, and hooking it up to the switch?

Thanks

Albert

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Redirection

[Tim O'Brien]

The fixup will requite the people outside to use that port also. He is
looking for (PAM) Port Address Mapping. It will be available in the 6.0
version hopefully to be shipping in March/April.

Tim

- Original Message -
From: "Nabil Fares" <[EMAIL PROTECTED]>
To: "Scott M. Trieste" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 9:45 AM
Subject: RE: Port Redirection


Hi Scott,

You can add fixup protocol to point port whatever:

fixup protocol http 4003

The trick about fixup is that it examines the http protocol for any other
embedded protocols (I hope this made some sense!).  This is just another way
to deploy http server on different port then 80.  I'm really not sure
whether this works for your scenario or not.

HTH,

Nabil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott M. Trieste
Sent: Thursday, February 22, 2001 5:55 PM
To: [EMAIL PROTECTED]
Subject: Port Redirection


Colleagues,

I am trying to achieve port redirection on a PIX-520.  We have an
application that only accepts connections on a user-definable port but some
of our customers don't allow any inbound traffic other than 80/443.

Is there any way to redirect inbound (port 80) traffic to a user-definable
port(ie 4003).  If possible, I'd like to make this happen on a PIX-520.  My
feeling is that a feature of NAT will allow me to do this.

Any insight is appreciated.

Thanks in advance.

-Scott M. Trieste


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 4000 / 4000M

[Eric Fairfield]

No a 4000 can have 8MB of flash in them as I have 4 of them in my basement
with 8MB each.

--
Eric Fairfield
CCIE #6413

"Ed Green" <[EMAIL PROTECTED]> wrote in message
E86F2607CCD3D311864F00805F8568C801DE2A27@Rizzo3">news:E86F2607CCD3D311864F00805F8568C801DE2A27@Rizzo3...
> requires CCO login:
>
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis4000/4000/
> c4000him/46276.htm
>
> the answer is no, a 4000 can have a max 4MB flash, 16MD DRAM.
>
> -Original Message-
> From: Brian [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 22, 2001 1:45 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco 4000 / 4000M
>
>
>
> From what I understand, a Cisco 4000 can goto a MAX of 16MB DRAM and 4MB
> flash.  The 4000M can goto 32MB DRAM and 8MB Flash.
>
> Yet on CCO, for IOS 12.0 they show software for the "4000" platform that
> requires 8MB Flash.  they have a seperate listing/software for "4000M".
>
> Can a normal, non "M" model 4000 goto more than 4MB flash and 16MB
> DRAM?!?!
>
> Brian
>
>
> ---
>   I'm buying used CISCO gear!!
>   email me for a quote
>
> Brian Feeny e:[EMAIL PROTECTED]
> CCNP+Voice/ATM/Security p:318.222.2638x109
> CCDP f:318.221.6612
> Network Administrator
> ShreveNet Inc. (ASN 11881)
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Here's an easy one

[Williamson, Paul]

Ok so we know how to convert a multicast ip into a mac, how about the
reverse.

I got a syslog message that made me curious:-
"invalid traffic from multicast source address 0f:37:59:6f:df:0d"
and i thought well i wonder what ip address that would be but i couldn't
figure out the first octet.

Should all multicast mac addresses start with 01-00-5e ??
Is this mac address invalid ?

Anyone ?
Thanks
-Paul


PLEASE READ: The information contained in this e-mail is confidential
and intended for the named recipient(s) only. If you are not an intended
recipient of this email you must not copy, distribute or take any
further action in reliance on it and you should delete it and notify the
sender immediately. Email is not a secure method of communication and
Nomura International plc cannot accept responsibility for the accuracy
or completeness of this message or any attachment(s).  Please check this
e-mail for virus infection, for which Nomura International plc accepts
no responsibility. If verification of this email is sought then please
request a hard copy. Unless otherwise stated any views or opinions
presented are solely those of the author and do not represent those of
Nomura International plc. This email is intended for informational
purposes only and is not a solicitation or offer to buy or sell
securities or related financial instruments. Nomura International plc is
regulated by the Securities and Futures Authority Limited and is a
member of the London Stock Exchange.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: History of private peering and exchanges?

[Howard C. Berkowitz]

Sent this by accident to groupstudy rather than NANOG.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up E1 for a Sniffer?

[Parets Aaron-FAP014]

Sniffer also sells a Full Duplex Pod which will enable to see both sides of
the link.
I think they also have a product called snifferbook that will enable you to
do advanced Wan analysis (It will let you look at fractional E1's/T1's). As
Priscilla mentioned you must connect these devices in-line...

Aaron 

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 22, 2001 5:54 PM
To: [EMAIL PROTECTED]
Subject: Re: Setting up E1 for a Sniffer?


At 06:29 PM 2/22/01, [EMAIL PROTECTED] wrote:

>   HI all
>
> I have a problem here, I am running  all my computers and servers to
my
>switch. I have E1 open open on my Cisco 4000 router, I would like to
>configure my E1 interface so I can put my Sniffer on that interface, so I
can
>capture all the packet comimg and going?

If by "open" you mean that your Ethernet 1 port is not currently in use, 
then there aren't any packets coming and going on it. You wouldn't see 
anything on the port. I guess you could configure it for bridging and then 
you would at least see broadcasts, but that seems like a silly idea.

It sounds like you're wishing for something like a SPAN port. Keep in mind 
that SPAN is for switching, not routing.

Your best bet might be to install a hub between your switch and router. 
Connect the switch, router, and Sniffer to the hub and you'll see lots of 
good stuff. (I'm assuming your switch is directly connected to your
router??)

Hope that makes sense. Without more knowledge of your topology it's hard to 
make any other suggestions.

Priscilla

>  Can someone tell me what is the
>pro's and con's of doing this and where I can find a sample configuration
to
>setup the e1 interface.
>
>Thanks
>
>Brian
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "Router on a stick"

[Donald B Johnson Jr]

If you dont have a fast ethernet interface you will have to use a one-to-one
ratio of vlans to ethernet interfaces on your router i believe.
- Original Message -
From: pierreg <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; Thomas <[EMAIL PROTECTED]>
Sent: Thursday, February 22, 2001 7:05 PM
Subject: Re: "Router on a stick"


> Hi Thomas,
>
> You need fast-ethernet on the router and VLAN+ISL trunking on the switch.
If you have all the above, you should be able to do thelab.
>
> Best of luck and let us know if you have problems.
>
> Pierre-Alex
> -- Original Message --
> From: "Thomas" <[EMAIL PROTECTED]>
> Reply-To: "Thomas" <[EMAIL PROTECTED]>
> Date: Thu, 22 Feb 2001 19:29:21 -0500
>
> >Hi Group - I am trying to setup the lab to practice setting vlan with the
> >"router on a stick" method.  Do you think I can do it with the 2621
router
> >and Cat 3500 series switch (instead of 2900)???  Thanks in advance!
> >
> >
> >_
> >FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: invisible router - can i do it?

[Christopher Kolp]

I think I misunderstood the request...

Do you want to evade the sysadmins tracking or logging?

I had read it as you wanted to have a transparent firewall that
users wouldn't know is there... Yes, its early. I'm going home
and going back to sleep :)



> -Original Message-
> From: beth shriver [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 23, 2001 10:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: invisible router - can i do it?
> 
> 
> Sounds GREAT! can you give me more specifics or
> examples?
> Thanks
> Bethy
> --- Christopher Kolp <[EMAIL PROTECTED]>
> wrote:
> > I believe it's done with Proxy ARP...
> > 
> > 
> > someone flame me if im wrong :)
> > 
> > ck
> > 
> > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > beth shriver
> > > Sent: Thursday, February 22, 2001 9:01 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: invisible router - can i do it?
> > >
> > >
> > > If i have pc's on a router but dont want them to
> > be
> > > visible to sms or firewall monitoring software ,
> > is
> > > this possible? If so can you give me some pointers
> > or
> > > head me in the right direction?? ( web page , book
> > > etc)
> > >
> > > I am hoping ANYONE will respond!
> > > Thanks
> > > Bethy
> > >
> > > __
> > > Do You Yahoo!?
> > > Yahoo! Auctions - Buy the things you want at great
> > prices!
> > http://auctions.yahoo.com/
> > 
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > 
> 
> 
> __
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices! 
http://auctions.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP Protocol 89?

[Kane, Christopher A.]

In trying to understand OSPF in much more detail, I am reading RFC 2328.
Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
"RFC/Port Number" page that I reference often
(http://www.networksorcery.com/enp/default0301.htm) and found that indeed
OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with
TCP/UDP port numbers, but this is the first time I've paid attention to the
fact that the protocols themselves have numbers too. This is interesting. 

Should I look at 89 as a number that can be manipulated as I would 23
(telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are
they found in headers? As networkers, are we concerned with these numbers?
Does anyone commonly filter based on a protocol's number? Or is getting this
granular an exercise in futility for a network engineer?

Thanks,
 Chris

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Advertising networks in OSPF

[W. Alan Robertson]

Elmer,

If I understand you correctly, under RouterB's 'router ospf ' section,
you have the following statements:

network 144.20.xxx.xxx
network 192.xxx.xxx.xxx
network 204.xxx.xxx.xxx

Is that right?

And elsewhere in RouterB's config, you have a static route for the
144.20.xxx.xxx network that points to RouterA.

In OSPF, the network statements do not mean "these are the networks I will
advertise."  They represent the individual router interfaces on which the
OSPF process will communicate/form adjacencies (and the router will 'listen'
on all interfaces, unless you specify them as being passive).

Since RouterB have no interface that occupies the 144.20.xxx.xxx address
space, that statement has no real impact.  It sounds like what you're
looking to do is redistribute the static route into the OSPF process.

Add:

redistribute static, or
redistribute static subnets

to your OSPF section, and get rid of the network statement for
144.20.xxx.xxx.   You can also manipulate the metric you advertise the
static routes with.  If you do not use the 'subnet' parameter, it will only
redistribute non-subnetted networks in classful manner.  Since classful
routing is inherently evil ( :) ), I always use the 'subnets' modifier.  (Be
certain that 'ip classless' is in your config...  I forget which IOS
revision this became default in.  Better safe than sorry.)

Hope this helps...  If I've misunderstood your request, pardon my
pontification.  ;)

Alan~

> - Original Message -
> From: "Deloso, Elmer G (WPNSTA Yorktown)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 22, 2001 7:54 PM
> Subject: Advertising networks in OSPF
> 
> 
> > Hello, all.
> > I would like to confirm if this is correct: do you need an to have an IP
> > address assigned to the same router that you want to advertise the IP's
> > network out via OSPF? I noticed this with my test routers where I need to
> > advertise say 144.20.0.0 which belongs to RouterA but is not doing OSPF
> with
> > my RouterB and instead doing static routes between them. Now Router B is
> > assigned the 164.x.x.x and is doing OSPF with the ISProuter asfollows:
> > 144.20.0.0
> > 193.x.x.x ---RouterA--STATIC--RouterB OSPF
> > -ISP--OSPF/BGP-Internet
> > 204.x.x.x  e1 e0e1   e0
> > e0  T1's
> >
> > RouterA's E1 = 144.20.1.1, 193.x.x.x and 204.x.x.x are both secondary, E0
> =
> > 207.x.x.1
> > RouterB's E1 = 207.x.x.2 , E0 = 164.x.x.2
> > RouterISP's E0 = 164.x.x.1
> >
> > It seems that even if I include a network 144.20.x.x , 193.x.x.x and
> > 204.x.x.x in RouterB's OSPF config and even though it shows as these
> > networks are being redistributed via OSPF when I do
> > A show ip route NETWORK, the ISP is not receiving these networks via
> OSPF's
> > LSAs.
> > So it seems that RouterB cannot advertise these networks since it does not
> > have any interface that belongs to these networks. And I guess configuring
> > loopbacks to "represent" these 3 networks is out of the question?
> > The reason this is set up this way is just a temporary 'TEST' if we can
> get
> > this design to work. Eventually RouterA will be replaced by a firewall
> which
> > of course does not speak OSPF.
> > I could not find any OSPF "rule" on what it can originate in its
> > advertisements in my ACRC, BSCN or Hutnik's books, unless I got it all
> wrong
> > from the beginning.
> > Thanks for all responses.
> >
> > Elmer Deloso


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recommended 640-505 BCRAN book / practice test?

[Brent Ulfig]

I actually liked the Exam Cram.  It was a quick and easy read...and covered
the topics more in depth than most other exam crams.

I tried reading the Cisco Press book...but it was just WAAAY too much
repetition for me.  I've already read several ACRC books...and it covers a
lot of the exact same stuff.  I think it'll make a much better reference
book.

Cheerz-
Brent

""AndyD"" <[EMAIL PROTECTED]> wrote in message
974meo$erv$[EMAIL PROTECTED]">news:974meo$erv$[EMAIL PROTECTED]...
> Can anyone who has taken this test please recommend a good study guide
> and/or practice test for the 640-505 BCRAN exam?
>
> Thanks!!
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Protocol 89?

[Neil Schneider]

Chris,

Someone else can probably do a more detailed job with this than I can but...

OSPF doesn't use TCP or UDP to transmit data.  It is its own protocol,
therefore has a unique protocol #.  TCP and UDP also have protocol #s, as
does ICMP (again ICMP does not use either TCP nor UDP)

--
Neil Schneider
MCT  MCSE  CCSI  CCNP


""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In trying to understand OSPF in much more detail, I am reading RFC 2328.
> Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
> "RFC/Port Number" page that I reference often
> (http://www.networksorcery.com/enp/default0301.htm) and found that indeed
> OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked
with
> TCP/UDP port numbers, but this is the first time I've paid attention to
the
> fact that the protocols themselves have numbers too. This is interesting.
>
> Should I look at 89 as a number that can be manipulated as I would 23
> (telnet) or 69 (tftp)? Can someone explain where these numbers are used?
Are
> they found in headers? As networkers, are we concerned with these numbers?
> Does anyone commonly filter based on a protocol's number? Or is getting
this
> granular an exercise in futility for a network engineer?
>
> Thanks,
>  Chris
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

128 WEP Vulnerabilities

[Nabil Fares]

Greeting all,

Are you guys aware of any issues/vulnerabilities with the WEP protocol.  Any
feedback greatly appreciated.

Nabil

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP- Advise / Suggestions Apprciated

[R. Scott Sutor]

The problem you are having is due do DHCP functionality, not
cisco/helper address related.

The DHCP server which does not have a scope created on it is issuing a
NACK for the IP request to the client.  This is probably happening first
because the NACKing server can tell that it is not configured with a
scope for the requesting net faster than the assigning server can do a
lookup and find a valid IP to assign.  The client gets the NACK first
and gives up.

You can solve this one of two ways:
Remove the helper address pointing to the second server.  If its not
configured to serve that subnet, then you are not gaining anything by
having the helper address there, and actually causing you a problem.

Alternately, if you want redundancy, split the scope between the two
servers (as someone else has already suggested).  Each DHCP server must
have scopes defined on it for the nets it is receiving requests from or
else it will generate the NACK.

I have this problem all the time when an enterprising user installs NT
Server with "all the options" (including DHCP Server) on their
workstation.  The enterprising user doesn't know anything about DHCP,
leaves the scope empty (default), and DHCP on his broadcast domain
grinds to a hault as his box starts NACKing valid requests.

-S.

Gayathri wrote:
> 
> Firstly, sorry for the repeated submission, I  dont see my psoting under the
> main heading so I am forced to post it again..
> 
> here is my question...
> 
>  I have 2 DHCP servers and I have defined both the IP helper addressess in
> our routers
> 
> Now, if a client quieries for an IP, which of the servers will respond
> first?
> 
> The problem I have is we have defined one subnet in DHCP Server and not in
> the other.
> 
> When this user is querying for an IP , he is not getting a response.
> 
> interface Ethernet0
>  ip address 10.X.X.X  255.255.0.0
>  ip helper-address 10.X.1.X
>  ip helper-address 10.X.1.Y
> 
> The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
> is no response. when the client requests.
> 
> The main reason we have 2 DHCP servers is for redundancy.
> 
> Please note that they are independant of each other .
> 
> Does this mean that , when the client is requesting, the router first
> forwards to the first DHCP server and since it is not getting a response ,
> is dropping it?
> 
> Thanks
> 
> Gayathri
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Local Director 430 and FIrewalls

[Kirk Bollinger]

It's been about a year since I used the LD but.

As long as you are doing intelligent destination NAT (what the LD does)
the "reals" can be many hops away as long as the return flow goes through
the LD also.

For HA I once setup a group of reals behind one firewall pair and another
group of reals behind another firewall pair.

You just have to use NAT and not the L2 redirection method of dispatch
mode.

-kirk

On Fri, 23 Feb 2001, Elaluf, Sylvia, wrote:

> 
> 
> > Morning all,
> > 
> > I  have the following setup for a design:
> > 
> > One main firewall connected to the internet. From this firewall hangs a
> > local director that will do load balancing for a farm of web servers. Also
> > connected to that local director is a second firewall and behind that
> > firewall I have some database servers.
> > 
> > Will it be possible to do also load balancing using the local director to
> > the servers behind the second firewall? The local director does balacing
> > for
> > machines in the same subnet, as the firewall only shows one ip address to
> > the local director how does the local director will know how to balance
> > the
> > servers behind the firewall?
> > 
> > Has somebody implemented this design?
> > 
> > Comments appreciated
> > 
> > Regards
> > 
> > Silvia Elaluf-Calderwood  BSc MSc CCNA
> > IP Network Engineer - Technical Services COLT Telecom B.V
> > [EMAIL PROTECTED]
> > T: +31 (0)20-888-2092
> > "Problems cannot be solved at the same level of awareness that created
> > them." - Albert Einstein
> > 
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2600 router - 12.0 IOS wanted

[Adam Hickey]

Unless you purchase it from a vendor, you have to have a CCO login.

Adam Hickey
[EMAIL PROTECTED]
CCNA CCNP (in progress)
_
"And One!"


- Original Message -
From: "Ravi Kumar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 2:38 AM
Subject: 2600 router - 12.0 IOS wanted


> hi friends
>
> can u pls let me know few links, from where i can down load ios 12.0 form
2600
> series router.
>
> tanx in advance.
>
> bye
> ravee
>
>
> 
> Get free email and a permanent address at http://www.netaddress.com/?N=1
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Protocol 89?

[Bradley J. Wilson]

See comments inline.


- Original Message -
From: Kane, Christopher A.
To: '[EMAIL PROTECTED]'
Sent: Friday, February 23, 2001 10:38 AM
Subject: IP Protocol 89?


>In trying to understand OSPF in much more detail, I am reading RFC 2328.
>Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
>"RFC/Port Number" page that I reference often
>(http://www.networksorcery.com/enp/default0301.htm) and found that indeed
>OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with
>TCP/UDP port numbers, but this is the first time I've paid attention to the
>fact that the protocols themselves have numbers too. This is interesting.

>Should I look at 89 as a number that can be manipulated as I would 23
>(telnet) or 69 (tftp)?

Sure.  You can filter on them, let them through, whatever.  However, keep
reading.

>Can someone explain where these numbers are used? Are
>they found in headers?

Yep.  Consider the frame as it goes up the stack.  The type field says
"0800," so it gets handed up to IP.  IP has its own protocol field - it will
*typically* be 6 or 17 (TCP or UDP respectfully, I think), and will be
handed up to TCP or UDP accordingly.  From there, the port number will be
looked at - and will be 23 for Telnet, 69 for TFTP, as you mentioned.

In the case of OSPF, the IP protocol number is 89 - neither TCP (6) nor UDP
(17), but rather OSPF.  It's sometimes referred to as "its own Layer 4
protocol."

>As networkers, are we concerned with these numbers?

Absolutely.

>Does anyone commonly filter based on a protocol's number?

Sure.  Imagine you want to filter everything except for OSPF traffic.  You'd
have to have a permit statement which allows IP protocol 89 - it wouldn't be
accurate to allow TCP or UDP port number 89 - that'd be something different
(and I'm too lazy to look up what it would be, if it even exists ;-).

>Or is getting this
>granular an exercise in futility for a network engineer?

You know, that's something I struggle with a lot.  Does it really matter to
me how many bytes PPP multilink adds to a frame as it goes across a serial
link?  Maybe someone else has a better answer, but in my experience it
hasn't mattered.  But in this case, it will matter *if* you're running OSPF
and *if* you're doing a lot of heavy filtering.

>Thanks,
>Chris

More than welcome. :-)

Bradley J. Wilson
CCNP as of Monday, CCDP as of this morning, NNCSS, MCSE, CNX, MCT, CTT




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Local Director 430 and FIrewalls

[hdinh]

sylvia,

Just curious, what kind of firewall are you using in
the backend ??


you can achieve load balancing for the backend servers

by doing the following (depending on the firewalls)

((assuming the local director subnet you are using is
in the public ip address space ))

1) doing "proxy" on the firewall, lets say that you
have
three backend servers (x,y & z) that offer the same
service (http/https 80/443) you can configure the
firewall such that x,y & z (80/443) all translate to 
an ip address on the local director subnet "a 
(80/443)".
when internet user(s) hit the url that points to "a"
(provided dns entry is configured for specific
url="a")
the request will be sent to the firewall and the
firewall will do the loadbalancing for you.

2) you can do static one to one NAT across the
firewall, that is z,y & z will become a2,a3 & a4.
then create a vip on the local director, binds the vip
to a2, a3 & a4, in this case the local director will
do the load balancing for you. 
(of course, the dns entry for that specific url must =
the vip's ip address)



best of luck
henry











--- "Elaluf, Sylvia," <[EMAIL PROTECTED]>
wrote:
> 
> 
> > Morning all,
> > 
> > I  have the following setup for a design:
> > 
> > One main firewall connected to the internet. From
> this firewall hangs a
> > local director that will do load balancing for a
> farm of web servers. Also
> > connected to that local director is a second
> firewall and behind that
> > firewall I have some database servers.
> > 
> > Will it be possible to do also load balancing
> using the local director to
> > the servers behind the second firewall? The local
> director does balacing
> > for
> > machines in the same subnet, as the firewall only
> shows one ip address to
> > the local director how does the local director
> will know how to balance
> > the
> > servers behind the firewall?
> > 
> > Has somebody implemented this design?
> > 
> > Comments appreciated
> > 
> > Regards
> > 
> > Silvia Elaluf-Calderwood  BSc MSc CCNA
> > IP Network Engineer - Technical Services COLT
> Telecom B.V
> > [EMAIL PROTECTED]
> > T: +31 (0)20-888-2092
> > "Problems cannot be solved at the same level of
> awareness that created
> > them." - Albert Einstein
> > 
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "Router on a stick"

[pierreg]

This is correct. But then it is no longer called "router on a stick"

Pierre-Alex

-- Original Message --
From: "Donald B Johnson Jr" <[EMAIL PROTECTED]>
Reply-To: "Donald B Johnson Jr" <[EMAIL PROTECTED]>
Date: Fri, 23 Feb 2001 10:30:48 -0800

>If you dont have a fast ethernet interface you will have to use a one-to-one
>ratio of vlans to ethernet interfaces on your router i believe.
>- Original Message -
>From: pierreg <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; Thomas <[EMAIL PROTECTED]>
>Sent: Thursday, February 22, 2001 7:05 PM
>Subject: Re: "Router on a stick"
>
>
>> Hi Thomas,
>>
>> You need fast-ethernet on the router and VLAN+ISL trunking on the switch.
>If you have all the above, you should be able to do thelab.
>>
>> Best of luck and let us know if you have problems.
>>
>> Pierre-Alex
>> -- Original Message --
>> From: "Thomas" <[EMAIL PROTECTED]>
>> Reply-To: "Thomas" <[EMAIL PROTECTED]>
>> Date: Thu, 22 Feb 2001 19:29:21 -0500
>>
>> >Hi Group - I am trying to setup the lab to practice setting vlan with the
>> >"router on a stick" method.  Do you think I can do it with the 2621
>router
>> >and Cat 3500 series switch (instead of 2900)???  Thanks in advance!
>> >
>> >
>> >_
>> >FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>> >
>>
>> _
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Protocol 89?

[Buri, Heather H]

Chris,

I believe all the routing protocols have their own unique port identifiers.
I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all of
the routing protocols in some detail.  RIP uses port 520, IGRP/EIGRP use
protocol 9.  Doyle does give examples of packet captures on each of the
different protocols and the port/protocol does indeed show up in the routing
protocol packet header.  Overall, I am finding this an extremely good book.
I can see now why so many recommend it.

I don't have a lot of experience manipulating the routing protocols in such
a way as you mention below but I don't see why it could not be done based on
the fact that they do use known port/protocol id's.  

Someone else may be able to shed some additional light on this for you.

Heather Buri

-Original Message-
From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 9:38 AM
To: '[EMAIL PROTECTED]'
Subject: IP Protocol 89?


In trying to understand OSPF in much more detail, I am reading RFC 2328.
Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
"RFC/Port Number" page that I reference often
(http://www.networksorcery.com/enp/default0301.htm) and found that indeed
OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with
TCP/UDP port numbers, but this is the first time I've paid attention to the
fact that the protocols themselves have numbers too. This is interesting. 

Should I look at 89 as a number that can be manipulated as I would 23
(telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are
they found in headers? As networkers, are we concerned with these numbers?
Does anyone commonly filter based on a protocol's number? Or is getting this
granular an exercise in futility for a network engineer?

Thanks,
 Chris

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP- Advise / Suggestions Apprciated

[Marty Adkins]

Gayathri wrote:

> interface Ethernet0
>  ip address 10.X.X.X  255.255.0.0
>  ip helper-address 10.X.1.X
>  ip helper-address 10.X.1.Y
> 
> The main reason we have 2 DHCP servers is for redundancy.
> 
With both servers in the same physical LAN, you have redundant servers
but not redundant network paths nor redundant layer 2.

> Please note that they are independant of each other .
> 
For a more robust redundant solution with true failover and incremental
updates, you might want to check out Cisco Network Registrar (CNR).

> Does this mean that , when the client is requesting, the router first
> forwards to the first DHCP server and since it is not getting a response ,
> is dropping it?
> 
No, as far as the router is concerned, this is a very simple operation.
When a UDP-based broadcast is received on an interface with a helper
statement, the destination port is compared to the list of ones to
be forwarded.  If it's one of those, then the destination IP in the
packet (255.255.255.255 or subnet broadcast) is overwritten by that
specified in the helper-address.  The packet is then routed just like
any other.  If the port type is DHCP/BOOTP then the router fills in
the giaddr field so the DHCP server knows the correct client subnet.

If there are two, three, twenty helper-address statements, then the
router just repeats all this for each in turn.  The first DHCP server
in the list will likely get the request first, but which repsponse
actually comes back first is a horse race.  DHCP client and server
code deals very gracefully with multiple responses (see the RFC).

  Marty Adkins Email: [EMAIL PROTECTED]
  Mentor Technologies  Phone: 240-568-6526
  133 National Business Pkwy   WWW: http://www.mentortech.com
  Annapolis Junction, MD  20701Cisco CCIE #1289

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 128 WEP Vulnerabilities

[W. Alan Robertson]

Nabil,

There was discussion of this on Slashdot a while back...

The informative link is at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The Slashdot discussion links are at:
http://slashdot.org/yro/01/02/06/159208.shtml
and
http://slashdot.org/article.pl?sid=01/02/15/1745204&mode=nested

Here's the jist of the vulnerability:

---Excerpt---

Executive Summary
We have discovered a number of flaws in the WEP algorithm, which seriously
undermine the security claims of the system. In particular, we found the
following types of attacks:

- Passive attacks to decrypt traffic based on statistical analysis.

- Active attack to inject new traffic from unauthorized mobile stations, based
on known plaintext.

- Active attacks to decrypt traffic, based on tricking the access point.

- Dictionary-building attack that, after analysis of about a day's worth of
traffic, allows real-time automated decryption of all traffic.

Our analysis suggests that all of these attacks are practical to mount using
only inexpensive off-the-shelf equipment. We recommend that anyone using an
802.11 wireless network not rely on WEP for security, and employ other security
measures to protect their wireless network.

Note that our attacks apply to both 40-bit and the so-called 128-bit versions of
WEP equally well. They also apply to networks that use 802.11b standard (802.11b
is an extension to 802.11 to support higher data rates; it leaves the WEP
algorithm unchanged).

---End Excerpt---

Hope this helps...

Alan~

- Original Message -
From: "Nabil Fares" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 10:58 AM
Subject: 128 WEP Vulnerabilities


> Greeting all,
>
> Are you guys aware of any issues/vulnerabilities with the WEP protocol.  Any
> feedback greatly appreciated.
>
> Nabil
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 128 WEP Vulnerabilities

[Craig Lindstrom]

I just got an announcement from cisco that said the aironet 350 series will
use dynamic wep encryption keys instead of the manually entered one,  I
think the key can be created per wireless session(not ip session).  That
should greatly enhance the security.

Craig

-Original Message-
From: Nabil Fares [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 8:58 AM
To: [EMAIL PROTECTED]
Subject: 128 WEP Vulnerabilities


Greeting all,

Are you guys aware of any issues/vulnerabilities with the WEP protocol.  Any
feedback greatly appreciated.

Nabil

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Speaking of Routers on a stick

[Craig Lindstrom]

Can someone confirm that the 1700's can not do ISL routing? 

Craig Lindstrom
eSage
http://www.eSage.com
(801) 796-9595

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why my arrow key (up & down) can not bringing back the commands????

[Mel Chandler PMI]

You don't have to wait for the next service pack.  We just figured this out
in our lab last night.  Goto hilgraeve's website and download the latest
edition of hyperterminal PE.  It's free!

Mel L. Chandler, A+, Network+, MCNE, MCP+I, MCSE, CCNA
[EMAIL PROTECTED]
Network Analyst
Information Services
PMI Delta Dental
(562) 467-6627



-Original Message-
From: John Kurkjian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 22, 2001 7:18 PM
To: [EMAIL PROTECTED]
Subject: Re: why my arrow key (up & down) can not bringing back the
commands


This is a known problem in Win2K's Hyper Terminal. It is supposed to be
fixed in the next service pack.

John Kurkjian
Senior Systems Engineer
Winstar E-business Solutions

Li Li Zhao <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hey Tom,
>
> Thanks for the response.
>
> But my preference was "Terminal" keys.
>
> Any more idea?
> --- Tom Keough <[EMAIL PROTECTED]> wrote:
> > This is because your preferences are set to
> > "Windows" keys rather that
> > "Terminal" keys...
> > HTH,
> > Tom
> >
> > Tom Keough CCNA MCSE
> > AT&T Global Network Solutions
> > Standard Access Management
> > Managed Router Service
> > Tier 2 Technical Support
> > Tampa, Florida
> > - Original Message -
> > From: "Li Li Zhao" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, February 19, 2001 6:57 PM
> > Subject: why my arrow key (up & down) can not
> > bringing back the commands
> >
> >
> > > Hello group,
> > >
> > > Very strange that up and down arrow key doesn't
> > work
> > > in my hyperterminal when I use console cable
> > connected
> > > to Cisco routers. I use Windows2000, I tried
> > VT100,
> > > ANSI, and autoselct. None of them work.
> > >
> > > However, the 'ctrl+p' works.
> > >
> > > Any help?
> > >
> > >
> > >
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Get personalized email addresses from Yahoo! Mail
> > - only $35
> > > a year!  http://personal.mail.yahoo.com/
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > >
>
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token Ring Crossover Cable???

[Ed Farmer]

Alex,

Token ring must use a MAU or token hub to insert into the ring.  All 
stations wishing access are connected to this ring.  The ring is maintained 
through the MAU or token hub.  Electronic relays hold each station into a 
loopback state until a voltage signal is sent from the workstation wishing 
access to the ring through MAU/Hub. The voltage signal in turn activates a 
relay that inserts the token ring
workstation’s connection onto the ring.

This insertion process into the ring is the reason that a crossover cable 
cannot be used for connecting two token ring stations in the same manner 
that you can use a crossover cable for a direct connection between two 
ethernet workstations, simply passing data across a segment.

I didn't go through and check out the link but what is happening in Scott's 
diagram below is that the Bay Centillion 100 Switch is serving the purpose 
of the MAU/Hub for insertion into the ring.  The Centillion
Switch allows for each port to be it's own ring.  (please correct me if I'm 
wrong there Scott)

Token Ring uses pins 3,4,5,6 whereas Ethernet uses pins 1,2,3,6. Thus your 
crossover requirement using 3,4 crossed and 5,6 crossed.


Ed



>From: "Scott Froese" <[EMAIL PROTECTED]>
>Reply-To: "Scott Froese" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Token Ring Crossover Cable???
>Date: Thu, 22 Feb 2001 23:20:20 -0800
>
>Alex-
>
>Actually, there is such an animal as a Token Ring crossover cable.  You are
>correct that you can't use one to "back to back" Token Ring ports.  They 
>are
>used in our environment for a direct station attachment (Cisco router 
>ports)
>to Bay Networks C100 Tokenspeed switch ports.
>
>The RJ-45 pin outs are:
>
>1-->1
>2-->2
>3-->4
>4-->3
>5-->6
>6-->5
>7-->7
>8-->8
>
>This link sort of backs up my story:
>
>http://www.bestdatasource.com/Bay/Detail/cBayAS0018001.htm
>
>Scott
>
>""W. Alan Robertson"" <[EMAIL PROTECTED]> wrote in message
>00a701c09d44$1b031e20$[EMAIL PROTECTED]">news:00a701c09d44$1b031e20$[EMAIL PROTECTED]...
> > Alex,
> >
> >  There is no such animal...  Token Ring is much more sophisticated that
> > Ethernet at the physical layer.  There is simply no way for either 
>station
> > at each end of a crossover cable to replicate the electrical function of
>an
> > MAU.
> >
> >  I wish I had a link that pointed to a good explaination of the process.
> > Anybody have one?
> >
> >  Alan~
> >
> > > - Original Message -
> > > From: "Scott Pierson" <[EMAIL PROTECTED]>
> > > Newsgroups: groupstudy.cisco
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, February 22, 2001 8:45 PM
> > > Subject: Re: Token Ring Crossover Cable???
> > >
> > >
> > > > Token ring crossover cable?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Alex wrote:
> > > >
> > > > > Hi
> > > > >
> > > > > Can I use a token ring crossover cable between to routers?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Alex
> > > > >
> > > > > _
> > > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to 
>[EMAIL PROTECTED]
> > > >
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DHCP- Advise / Suggestions Apprciated

[Mel Chandler PMI]

Just curious here, but what are you running as your DHCP server?

Mel L. Chandler, A+, Network+, MCNE, MCP+I, MCSE, CCNA
[EMAIL PROTECTED]
Network Analyst
Information Services
PMI Delta Dental
(562) 467-6627



-Original Message-
From: Gayathri [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 12:32 AM
To: [EMAIL PROTECTED]
Subject: DHCP- Advise / Suggestions Apprciated


Firstly, sorry for the repeated submission, I  dont see my psoting under the
main heading so I am forced to post it again..

here is my question...

 I have 2 DHCP servers and I have defined both the IP helper addressess in
our routers

Now, if a client quieries for an IP, which of the servers will respond
first?

The problem I have is we have defined one subnet in DHCP Server and not in
the other.

When this user is querying for an IP , he is not getting a response.

interface Ethernet0
 ip address 10.X.X.X  255.255.0.0
 ip helper-address 10.X.1.X
 ip helper-address 10.X.1.Y

The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
is no response. when the client requests.

The main reason we have 2 DHCP servers is for redundancy.

Please note that they are independant of each other .

Does this mean that , when the client is requesting, the router first
forwards to the first DHCP server and since it is not getting a response ,
is dropping it?

Thanks

Gayathri





_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Good book on RIF?

[Andrew Shappell]

 Can anyone recommend a good book detailing RIF.   I know from 
experience that the CCIE Written exam is laced with questions about 
RIF.  Any help or suggestions would be greatly appreciated.

Thanks.

- 
Andrew E. Shappell
CCNP & CCDP


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Peter Van Oene]

The CCIE program does little to develop the skill set of a pure IP engineer in a ISP 
environment.  CCIE has little bearing in my opinion when candidate are interviewed for 
senior IP architectural positions.  CCIE is really an enterprise discipline.

Pete


*** REPLY SEPARATOR  ***

On 2/23/2001 at 9:20 AM Drew Simonis wrote:

>Brian wrote:
>> 
>> This really isn't true.  Lets look at some basic facts:
>> 
>> There are only ~6000 or so CCIE's in the world, possibly as many as 30%
>> are employed by cisco.
>> 
>> There are over 6000 ISP's in the US alone.
>> 
>> There are over 7000 AS's in the world.
>> 
>> My point is, that if most of your CCIE's work for cisco and big big
>> companies, then their are a ton of networks, complex networks, that don't
>> even have CCIE's at the healm.  Even a large company like UUnet may only
>> have a handfull of CCIE's.
>> 
>
>
>Also take into account the large number of CCIE's who make their
>wages at training companies, and who aren't in the field.  I know 
>that when I was with IBM Global Network Services, we had just 2 
>that I knew of...
>
>_
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DHCP- Advise / Suggestions Apprciated

[Mel Chandler PMI]

Or turn debug on and watch the communication happen.

Mel L. Chandler, A+, Network+, MCNE, MCP+I, MCSE, CCNA
[EMAIL PROTECTED]
Network Analyst
Information Services
PMI Delta Dental
(562) 467-6627



-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 2:44 AM
To: 'Larry Lamb'; [EMAIL PROTECTED]
Subject: RE: DHCP- Advise / Suggestions Apprciated


Quick and easy way to find out if the packet is reaching each segment is
.

On each interface i.e. interface where user is, interface where DHCP server
is do...

ip accounting output-packets or just plain old ip accounting.

you should then do show ip account.

This should show you the ip address 255.255.255.255 being helpered to
whatever your address is.  At this point take a note of the mac address of
the requester.  

See if it is coming through to your server.

Now..If it is then the cisco devices are working properly, back to the
drawing board.

If it isn't getting to the server then come back.  I have encountered a few
gotchas doing this before.

Hope this helps.

-Original Message-
From: Larry Lamb [mailto:[EMAIL PROTECTED]]
Sent: 23 February 2001 10:15
To: [EMAIL PROTECTED]
Subject: Re: DHCP- Advise / Suggestions Apprciated


Everything I've found on Cisco tells me that multiple helper addresses are
supported and I would have to assume that it's forwarding the packet to both
helper address and is taking the response from the first machine to respond.
Any chance you can define part of the scope on each server?  This would
ultimately solve the problem.  Without a sniffer on both segments it's going
to be difficult to tell exactly what's happening unless someone has already
worked with this and has more input.

"Gayathri" wrote in message <975b6q$d4v$[EMAIL PROTECTED]>...
>Firstly, sorry for the repeated submission, I  dont see my psoting under
the
>main heading so I am forced to post it again..
>
>here is my question...
>
> I have 2 DHCP servers and I have defined both the IP helper addressess in
>our routers
>
>Now, if a client quieries for an IP, which of the servers will respond
>first?
>
>The problem I have is we have defined one subnet in DHCP Server and not in
>the other.
>
>When this user is querying for an IP , he is not getting a response.
>
>interface Ethernet0
> ip address 10.X.X.X  255.255.0.0
> ip helper-address 10.X.1.X
> ip helper-address 10.X.1.Y
>
>The  said subnet is defined in the DHCP server 10.102.1.Y but, still there
>is no response. when the client requests.
>
>The main reason we have 2 DHCP servers is for redundancy.
>
>Please note that they are independant of each other .
>
>Does this mean that , when the client is requesting, the router first
>forwards to the first DHCP server and since it is not getting a response ,
>is dropping it?
>
>Thanks
>
>Gayathri
>
>
>
>
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re:Advertising networks in OSPF

[Deloso, Elmer G (WPNSTA Yorktown)]

Alan,
Thanks for the reminder. I did finally remember the redistribute static
command
and got it working the way it's supposed to.
On another note, I've decided to do away with OSPF and do static routes
instead since I've got only a few networks to advertise anyway. What
compelled me to ditch OSPF was that in a few occasions i found out that if
you simply disconnect the Ethernet betweeen the two OSPF routers (v.s.
issuing a Reload) often times the OSPF process gets stuck in either EXSTART
or EXHANGE/EXSTART and once in LOADING phases for 10 to 15 mins. THis is not
acceptable. Now i'm not sure if it's a conflict in different IOS versions,
but I have seen these strange errors too many times to still want OSPF for a
few networks to be announced to the ISP.
I've also encountered once where a replacement 4500 could not establish with
the core router (7500) in OSPF. I don't know what Cisco TAC found as far as
looking into IOS incompatibilities.
Thanks again.

Elmer Deloso

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Simulation for CCNP/CCIE

[Ray Smith]

No need for sarcasim Albert, not everyone on the list is a guru or thinks on 
the same level as you.  I am not attack you buddy but merely saying that we 
do not have to make others feel bad if they do not know something 
..afterall that is the purpose for this forum isn't it?  Peace man!


>From: "Albert Lu" <[EMAIL PROTECTED]>
>Reply-To: "Albert Lu" <[EMAIL PROTECTED]>
>To: "Thomas" <[EMAIL PROTECTED]>
>CC: <[EMAIL PROTECTED]>
>Subject: RE: Simulation for CCNP/CCIE
>Date: Fri, 23 Feb 2001 22:05:37 +1100
>
>Yes there is. I've got a simulator that simulates as many routers, switches
>as you like. It lets you do everything that you can do on real equipment at
>a fraction of the cost. This is all you need to pass the CCIE!!
>
>Paypal me $100US and I will send you a copy. The first 10 people will get a
>free toaster simulator. YES!! you can pretend to make toast.
>
>ps. I also have a simulator guaranteed to help you become a doctor. Why
>practise on real people when you can do it using this simulator. It costs
>$200US, since human bodies are slightly more complicated than Cisco 
>routers.
>ORDER NOW!!
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Thomas
> > Sent: Friday, 23 February 2001 18:10
> > To: [EMAIL PROTECTED]
> > Subject: Simulation for CCNP/CCIE
> >
> >
> > Hi All - Is there any good lab simulation software for CCNP/CCIE
> > around (not
> > CCNA one, since it does not have enough commands)? Where can I get it?
> > Thanks in advance!
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

T-1 Cross-over

[Roan, Wayne]

Group,

I have a 4000 and a 2501.  I am building a test lab and was going to
use a couple of CSU/DSUs connected together via a T-1 cross-over cable.  Has
anyone ever done this and is this the best way to construct a lab?

Thanks,

Wayne

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Protocol 89?

[anthony kim]

--- "Buri, Heather H" <[EMAIL PROTECTED]> wrote:
> Chris,
> 
> I believe all the routing protocols have their own unique port
> identifiers.

Close. IP routing protocols *may* use layer 4 sockets for data. But for
identification is the IP protocol type.

> I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all
> of
> the routing protocols in some detail.  RIP uses port 520, IGRP/EIGRP use
> protocol 9.  Doyle does give examples of packet captures on each of the
> different protocols and the port/protocol does indeed show up in the
> routing
> protocol packet header.  Overall, I am finding this an extremely good
> book.
> I can see now why so many recommend it.
> 
> I don't have a lot of experience manipulating the routing protocols in
> such
> a way as you mention below but I don't see why it could not be done
> based on
> the fact that they do use known port/protocol id's.  
> 
> Someone else may be able to shed some additional light on this for you.
> 
> Heather Buri
> 
> -Original Message-
> From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 23, 2001 9:38 AM
> To: '[EMAIL PROTECTED]'
> Subject: IP Protocol 89?
> 
> 
> In trying to understand OSPF in much more detail, I am reading RFC 2328.
> Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
> "RFC/Port Number" page that I reference often
> (http://www.networksorcery.com/enp/default0301.htm) and found that
> indeed
> OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked
> with
> TCP/UDP port numbers, but this is the first time I've paid attention to
> the
> fact that the protocols themselves have numbers too. This is
> interesting. 

read RFC 1700

IP header has an 8 bit protocol type field


> Should I look at 89 as a number that can be manipulated as I would 23
> (telnet) or 69 (tftp)? Can someone explain where these numbers are used?

Define manipulate?

> Are
> they found in headers? As networkers, are we concerned with these
> numbers?
> Does anyone commonly filter based on a protocol's number? Or is getting
> this
> granular an exercise in futility for a network engineer?
> 


access-list 101 permit ospf any any

where "ospf" is the IP type is one example.

HTH.


__
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FS: ATM LANe Switches

[Mark Holloway]

Hey guys.  If anyone needs LANe switches, I've got two I'm selling for
cheaper than a LS 1010.  I no longer need them.

1) 3Com Corebuilder 3500 [ http://www.3com.com/solutions/cb3500.html ]

This is cool because it's a Layer 3 switch, six 10/100 TX ports, six 100 FX
ports, two ATM OC3 Multi-Mode fiber ports, runs RIP v1, RIP v2, and OSPF,
QoS, LANe, etc.. I also have a 3Com Switch 3300 with 100FX uplinks if you
need to practice 802.1q with your Cisco gear.  Both include rack ears.

2) 3Com Corebuilder 7000
[ http://www.3com.com/products/dsheets/400265.html ]

This is a large core switch with sixteen 100 TX, sixteen 100 FX, and sixteen
ATM OC3 Multi-Mode fiber ports.   Includes rack ears, redundant power,
redundant sup modules.

I'm asking $900 for each one.  This includes shipping (and they are HEAVY!
Probably $100 to ship each one).  I'm not making money off this, just trying
to get back what I invested.  So hopefully this will be beneficial for some
of you.

If you are serious about one of these, then call me on my work cellular @
702-808-4427 or email [EMAIL PROTECTED] For the sake of feeling safe
about this, check out my positive feedback on ebay under the username/email
[EMAIL PROTECTED] Due to shipping costs, I only will sell within the
U.S..  I can accept personal checks or certified funds.  No C.O.D. though,
too risky!

Regards,
Mark Holloway





_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FS: ATM LANe Switches

[Mark Holloway]

Hey guys.  If anyone needs LANe switches, I've got two I'm selling for
cheaper than a LS 1010.  I no longer need them.

1) 3Com Corebuilder 3500 [ http://www.3com.com/solutions/cb3500.html ]

This is cool because it's a Layer 3 switch, six 10/100 TX ports, six 100 FX
ports, two ATM OC3 Multi-Mode fiber ports, runs RIP v1, RIP v2, and OSPF,
QoS, LANe, etc.. I also have a 3Com Switch 3300 with 100FX uplinks if you
need to practice 802.1q with your Cisco gear.  Both include rack ears.

2) 3Com Corebuilder 7000
[ http://www.3com.com/products/dsheets/400265.html ]

This is a large core switch with sixteen 100 TX, sixteen 100 FX, and sixteen
ATM OC3 Multi-Mode fiber ports.   Includes rack ears, redundant power,
redundant sup modules.

I'm asking $900 for each one.  This includes shipping (and they are HEAVY!
Probably $100 to ship each one).  I'm not making money off this, just trying
to get back what I invested.  So hopefully this will be beneficial for some
of you.

If you are serious about one of these, then call me on my work cellular @
702-808-4427 or email [EMAIL PROTECTED] For the sake of feeling safe
about this, check out my positive feedback on ebay under the username/email
[EMAIL PROTECTED] Due to shipping costs, I only will sell within the
U.S..  I can accept personal checks or certified funds.  No C.O.D. though,
too risky!

Regards,
Mark Holloway




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Speaking of Routers on a stick

[Stull, Cory]

It is confirmed...  I also went into Cisco's Feature Navigator for IOS
features and it looks like the 2600 is the lowest end router that supports
it...



Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.0(7)T,  RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 06-Dec-99 14:14 by phanguye
Router>
Router>
Router>en
Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa0
Router(config-if)#en?
% Unrecognized command
Router(config-if)#exit
Router(config)#int fa0.1
Router(config-subif)#enca?
% Unrecognized command
Router(config-subif)#  

-Original Message-
From: Craig Lindstrom [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 11:21 AM
To: '[EMAIL PROTECTED]'
Subject: Speaking of Routers on a stick


Can someone confirm that the 1700's can not do ISL routing? 

Craig Lindstrom
eSage
http://www.eSage.com
(801) 796-9595

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sniffing

[Mark Holloway]

If it's a physical layer problem, a sniffer will not help you.  A device
like a Fluke would do the job.  The first place to start is testing the
cable.  If that tests ok, then check the duplex settings on both end
devices.  Make sure they are hard coded for the apprpiate setting, not set
to auto negotiate.  If both devices are configured properly, then you need
to start looking at the individual hosts and of course the sniffer would
work fine.  Maybe there is a bad NIC?  Bad patch cable?  Or a corrupt
driver?


""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message
00e501c09d21$b10bdc40$[EMAIL PROTECTED]">news:00e501c09d21$b10bdc40$[EMAIL PROTECTED]...
> Group,
>
> There are a few sniffer users on the list and I got a question.
>
> I'm using Net Xray, Sniffer Pro is available (but not installed yet).
>
> We have a problem of out of order packets and just recently I've noticed
on
> the router console that we're getting late collisions.
>
> Now I always thought that late collisions were a product of a cable that
is
> too long.  In this case however, it's fibre from the basement up to a lab
to
> a foirl and then a patch cord length of 10BaseT from the foirl to the
> router.
>
> I'm looking at the sniffer output and I don't know what to look for to
> identify late collisions.  I don't even know if you can see them or the
> symptoms with a sniffer.
>
> Can anyone (even if you watch other lists :-)   )  comment if the
> sniffer is even a viable tool to troubleshoot this?
>
> I've been going at it with our ISP for some time now and I need some
> ammunition to get them to do something.
>
> Kevin Wigle
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Cross-over

[Joe Dewberry]

A T-1 has four wires on an rj-45 connector.  1-2/4-5 .  I use the orange and
blue pair.  wo-1/ow-2  wb-4/bw-5 on one end.  wb-1/bw-2 and wo-4/ow5 on the
other end.
""Roan, Wayne"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Group,
>
> I have a 4000 and a 2501.  I am building a test lab and was going to
> use a couple of CSU/DSUs connected together via a T-1 cross-over cable.
Has
> anyone ever done this and is this the best way to construct a lab?
>
> Thanks,
>
> Wayne
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Fw: A different Wildcard Mask [1:2082]

[jeongwoo park]

Hi all.
Can anyone clear this?
thanks
J
- Original Message -
From: "V Cumbie" <[EMAIL PROTECTED]>
Newsgroups: groupstudy.associate
Sent: Wednesday, February 21, 2001 12:08 PM
Subject: A different Wildcard Mask [1:2082]


> Can you permit/deny only half of a subnet?  Here is my problem:
>
> Network: 171.17.2.64
> Subnet mask: 255.255.255.192
> Host range: 171.17.2.65 thru 171.17.2.126
> Broadcast: 171.17.2.127
>
> I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126
> and allow the remaining addresses (the lower half) 65 thru 95 complete
> access.
>
> I can not figure out a wildcard mask for splitting the hosts in half; to
> deny/permit one half of them.
>
> I would appreciate any help on this.
>
> V. Cumbie
>
>
>
>
>
> Message Posted at:
> http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082
> --
> You are reading GroupStudy's Associate Mailing List.  To unsubscribe
follow
> the directions on http://www.groupstudy.com/list/Associates.html
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Unable to browse the web after connecting to VPN

[Sam]

Ramesh, next time you might get a better response from a microsoft
newsgroup.

Anyways, are you using a server assigned IP address or a static address?  If
you are using server assigned check to make sure you are getting valid DNS
server addresses.  You can check the addresses by doing a winipcfg in Win9x
or ipconfig /all in NT.  Once you get the addresses you can ping them, do
trace routes or use nslookup to troubleshoot the problem.  Keep in mind that
once you connect to your network at the office you become part of that
network and your internet access should be going through your company's
network.  There are plenty of white papers covering MS PPTP at
www.microsoft.com/technet
Hope this helps.

""Ramesh c"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Its a kind of weird problem.I am using a VPN(windowsNT server /PPTP) to
connect to my Ofiice network.The VPN connection goes thru fine and I am able
to ping my office network as well as Internet.The problem is I am unable to
browse the Internet thru browser.Before Connecting to VPN it works fine.This
problem is only on Internet explorer 5.0
>
> The above problem is not to be seen in netscape.
>
> What is problem and difference between the browsers?Any setting I need to
change in Internet explorer?
>
> Any help would be appreciated.
>
> cheers
> Ramesh
>
>
> Get your small business started at Lycos Small Business at
http://www.lycos.com/business/mail.html
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Protocol 89?

[Joe Dewberry]

Heydoes anybody have a net xray .cap file they could post to the group?
All of the networks I have seen have NO OSPF!  I'd like a chance to run it
thru a sniffer and see the traffic patterns, decodes etc


""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In trying to understand OSPF in much more detail, I am reading RFC 2328.
> Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
> "RFC/Port Number" page that I reference often
> (http://www.networksorcery.com/enp/default0301.htm) and found that indeed
> OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked
with
> TCP/UDP port numbers, but this is the first time I've paid attention to
the
> fact that the protocols themselves have numbers too. This is interesting.
>
> Should I look at 89 as a number that can be manipulated as I would 23
> (telnet) or 69 (tftp)? Can someone explain where these numbers are used?
Are
> they found in headers? As networkers, are we concerned with these numbers?
> Does anyone commonly filter based on a protocol's number? Or is getting
this
> granular an exercise in futility for a network engineer?
>
> Thanks,
>  Chris
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WTB: NM-1E

[Jim Brown]

Sorry for posting this here, but I thought is semi-appropriate. This is gear
for my home lab.

I'm looking for an Ethernet module for a 2600 series router and I think this
is the only one that is supported.

I have checked E-bay for a while and there are none to be found.

Can anyone help me out, retail hurts!

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: T-1 Cross-over

[Jeff Walzer]

The pinout for a T1 cross over cable is

Pin1---pin4
pin2pin5

and vice-versa

Jeff

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roan, Wayne
Sent: Friday, February 23, 2001 1:04 PM
To: '[EMAIL PROTECTED]'
Subject: T-1 Cross-over


Group,

I have a 4000 and a 2501.  I am building a test lab and was going to
use a couple of CSU/DSUs connected together via a T-1 cross-over cable.  Has
anyone ever done this and is this the best way to construct a lab?

Thanks,

Wayne

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Protocol 89?

[Stull, Cory]

Joe,

I just bought the CCIE StudyGuide by Roosevelt Giles..  Excellent book with
some dumb mistakes but still an excellent book.  It includes a CD with the
book that has all kinds of goodies, including sniffer traces for everything
in OSPF you could ever want...  He put the traces in PDF format..  I'd send
them to you but I think that would be a copyright no no.  The book was only
$40 something and well worth it..

Cory

-Original Message-
From: Joe Dewberry [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 12:25 PM
To: [EMAIL PROTECTED]
Subject: Re: IP Protocol 89?


Heydoes anybody have a net xray .cap file they could post to the group?
All of the networks I have seen have NO OSPF!  I'd like a chance to run it
thru a sniffer and see the traffic patterns, decodes etc


""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In trying to understand OSPF in much more detail, I am reading RFC 2328.
> Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the
> "RFC/Port Number" page that I reference often
> (http://www.networksorcery.com/enp/default0301.htm) and found that indeed
> OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked
with
> TCP/UDP port numbers, but this is the first time I've paid attention to
the
> fact that the protocols themselves have numbers too. This is interesting.
>
> Should I look at 89 as a number that can be manipulated as I would 23
> (telnet) or 69 (tftp)? Can someone explain where these numbers are used?
Are
> they found in headers? As networkers, are we concerned with these numbers?
> Does anyone commonly filter based on a protocol's number? Or is getting
this
> granular an exercise in futility for a network engineer?
>
> Thanks,
>  Chris
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Trick to pasting in new running-config

[Jason Swenson]

Is there a trick to pasting in a new running-config file.

I do a sh run then attempt to paste in the new config file from notepad and
get the line "^" mark error which means I'm not in the config terminal.
What I'm trying to do is update my accesslists without having to redo the
whole thing.

Can someone tell me where I'm making the mistake or missing something.

Jason

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Mark Holloway]

At Sprint we have a few CCIEs.. But not as many as you think - and we are
the #1 reseller of Cisco equipment in the U.S.. I have put my CCIE on hold
for now, since I know what CCIEs in Las Vegas earn versus what I make now.
The problem is that in the real world, people start to become specialists,
and my job title has me working in the field of IP Telephony as well as
802.11b WLANs.  So, getting my CCIE right now won't do much.  I may go for
the CCIE Design later this year.  But I recently left my old employer as a
"Network Engineer" (designing/merging/expanding our network and
troublshoting problems) and recently started at Sprint Long Distance doing
Pre-Sales Engineering in 5 different states.  My product range is: Nortel
PBXs, Nortel Routers/Switches (there are more our there than you think!),
Cisco AVVID product line, and Aironet product line.  I've had experience
with VoATM and VoFR at my last job, setting up tie lines from PBX to PBX
over the WAN.  IP Phones are new to me, but I'll be traveling to Ontario,
Canada, to play at Nortel, and flying to North Carolina to play in Sprint's
AVVID lab .. oh yea, I'm going to some Cisco IP Telephony/Call Center
training too.  :-)




- Original Message -
From: "Peter Van Oene" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 9:47 AM
Subject: Re: CCIE salary


> The CCIE program does little to develop the skill set of a pure IP
engineer in a ISP environment.  CCIE has little bearing in my opinion when
candidate are interviewed for senior IP architectural positions.  CCIE is
really an enterprise discipline.
>
> Pete
>
>
> *** REPLY SEPARATOR  ***
>
> On 2/23/2001 at 9:20 AM Drew Simonis wrote:
>
> >Brian wrote:
> >>
> >> This really isn't true.  Lets look at some basic facts:
> >>
> >> There are only ~6000 or so CCIE's in the world, possibly as many as 30%
> >> are employed by cisco.
> >>
> >> There are over 6000 ISP's in the US alone.
> >>
> >> There are over 7000 AS's in the world.
> >>
> >> My point is, that if most of your CCIE's work for cisco and big big
> >> companies, then their are a ton of networks, complex networks, that
don't
> >> even have CCIE's at the healm.  Even a large company like UUnet may
only
> >> have a handfull of CCIE's.
> >>
> >
> >
> >Also take into account the large number of CCIE's who make their
> >wages at training companies, and who aren't in the field.  I know
> >that when I was with IBM Global Network Services, we had just 2
> >that I knew of...
> >
> >_
> >FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Full Duplex

[Sam]

You can argue about semantics all day long but what matters is the actual
performance difference when running full-duplex.  I was troubleshooting why
my LTO tape drive wasn't performing as promised.  While investigation I
noticed a large number of collisions on a port on a 3524 ( a port connecting
another switch, backup traffic was going from one switch to the other).  I
manually set the duplex to full - all collisions stopped and my backups
improved tremendously!  Cisco recommends running ports in a full-duplex mode
especially in server farms.

ex. http://www.cisco.com/warp/public/cc/so/neso/lnso/lnmnso/fesol_wp.htm

""AndyD"" <[EMAIL PROTECTED]> wrote in message
9726tq$fj7$[EMAIL PROTECTED]">news:9726tq$fj7$[EMAIL PROTECTED]...
> So on a full-duplex 100 mb ethernet link you could theoretically get 200
> mbps throughput?? I have had this argument with several people before.  I
> thought that 100 mb each direction being possible, if both parties
transmit
> at the same time but in different directions, you still have 200 mb of
> throughput.  They all thought I was crazy - said you can't possibly get
more
> than 100 mbps out of a 100 mb link.
>
> ""Santosh Koshy"" <[EMAIL PROTECTED]> wrote in message
> 970klv$f2n$[EMAIL PROTECTED]">news:970klv$f2n$[EMAIL PROTECTED]...
> > Hi akshay,
> >
> > If its full duplex you will get 2Mbs of transmit bandwith & 2Mbs
> of
> > receive traffic... In a half duplex link you will get a total of 2mbs
for
> > transmit and receive.
> >
> > hope the above helps,
> > Santosh Koshy
> >
> > ""Network Operations"" <[EMAIL PROTECTED]> wrote in message
> > 9706m3$ouv$[EMAIL PROTECTED]">news:9706m3$ouv$[EMAIL PROTECTED]...
> > > The 2Mbps link i had mentioned is a serial link (E1) & not an ethernet
> > link.
> > >
> > > regards
> > > akshay
> > >
> > > --
> > > Network Operations (Mumbai)
> > > Bharti BT Internet Ltd.
> > > Tel:- 91-22-6127242
> > > 91-22-6127179
> > > Email :- [EMAIL PROTECTED]
> > > "dark_baby" <[EMAIL PROTECTED]> wrote in message
> > > 96vudv$dqr$[EMAIL PROTECTED]">news:96vudv$dqr$[EMAIL PROTECTED]...
> > > > Yes. You'll get 2M Transmit & 2M REceive(4M) between A&B with full
> > duplex.
> > > > With half duplex transfer rate is poor, it is about 1M or less.
> > > > You can imply full duplex only with switch, or just host to host
link.
> > > With
> > > > hub, you can only use half duplex , because each station must detect
> > > > collision before transfer, full duplex doesn't detect
collision(There
> is
> > > no
> > > > collision with full duplex).
> > > >
> > > >
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Here's an easy one

[Jack Williams]

I'm sure the group will tell me if I put my foot in my mouth, but:

Multicast *destination* MAC addresses start with 01-00-5E

--Original Message--
From: "Williamson, Paul" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: February 23, 2001 3:23:34 PM GMT
Subject: Here's an easy one


Ok so we know how to convert a multicast ip into a mac, how about the
reverse.

I got a syslog message that made me curious:-
"invalid traffic from multicast source address 0f:37:59:6f:df:0d"
and i thought well i wonder what ip address that would be but i couldn't
figure out the first octet.

Should all multicast mac addresses start with 01-00-5e ??
Is this mac address invalid ?

Anyone ?
Thanks
-Paul


PLEASE READ: The information contained in this e-mail is confidential
and intended for the named recipient(s) only. If you are not an intended
recipient of this email you must not copy, distribute or take any
further action in reliance on it and you should delete it and notify the
sender immediately. Email is not a secure method of communication and
Nomura International plc cannot accept responsibility for the accuracy
or completeness of this message or any attachment(s).  Please check this
e-mail for virus infection, for which Nomura International plc accepts
no responsibility. If verification of this email is sought then please
request a hard copy. Unless otherwise stated any views or opinions
presented are solely those of the author and do not represent those of
Nomura International plc. This email is intended for informational
purposes only and is not a solicitation or offer to buy or sell
securities or related financial instruments. Nomura International plc is
regulated by the Securities and Futures Authority Limited and is a
member of the London Stock Exchange.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trick to pasting in new running-config

[Stull, Cory]

you can have your config that your copying to the router put you in config
mode...  Just have the first line be 

config t

but don't forget you pretty much have to remove your access-list and then
re-add it... unless its a named access-list,  I think with a named
access-list you can edit it by line...

Cory


-Original Message-
From: Jason Swenson [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 12:39 PM
To: [EMAIL PROTECTED]
Subject: Trick to pasting in new running-config


Is there a trick to pasting in a new running-config file.

I do a sh run then attempt to paste in the new config file from notepad and
get the line "^" mark error which means I'm not in the config terminal.
What I'm trying to do is update my accesslists without having to redo the
whole thing.

Can someone tell me where I'm making the mistake or missing something.

Jason

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Good book on RIF?

[Stefan Dozier]

At 12:47 PM 2/23/01 -0500, Andrew Shappell wrote:
> Can anyone recommend a good book detailing RIF.   I know from 
>experience that the CCIE Written exam is laced with questions about 
>RIF.  Any help or suggestions would be greatly appreciated.
>
>Thanks.
>
>- 
>Andrew E. Shappell
>CCNP & CCDP


Don't know of any books per se, but here's a link right on the
Groupstudy website that should get you started in the right
direction.

http://www.groupstudy.com/notes/notepages/rif2.html

Also, Lou Rossi, Sr's "Token Ring Whitepaper" is a must-have.
You can find it on the CCPrep.com's website

http://www.ccprep.com/resources/news/archives/Token_Ring2.pdf


Stefan

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trick to pasting in new running-config

[Kane, Christopher A.]

If you are using an Access-list you will have to remove it, make your
changes and then re-apply. If you are using Prefix-lists you can add your
changes by sequence number. Prefix-lists are very cool because you don't
have to remove them to make changes.

Otherwise, regular changes can be made by going in to "config t" and then
paste in your config. 

Chris

-Original Message-
From: Jason Swenson [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 1:39 PM
To: [EMAIL PROTECTED]
Subject: Trick to pasting in new running-config


Is there a trick to pasting in a new running-config file.

I do a sh run then attempt to paste in the new config file from notepad and
get the line "^" mark error which means I'm not in the config terminal.
What I'm trying to do is update my accesslists without having to redo the
whole thing.

Can someone tell me where I'm making the mistake or missing something.

Jason

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS IPSec VPN and Cisco 7100 - OPINIONS REQUESTED

[epr02]

I have a rare question for the group. :-)

Looking at dumping a global frame-relay network between Europe/Asia/N. America 
(triangulated) that is VERY expensive. Want to create a VPN over the Internet that is 
secure (site-to-site). Have already considered the firewall-to-firewall solution. 
Cisco has a semi-new product called the 7100 series router that has the MPLS IPSec 
functionality. 

And my question is: 

Does anyone on this list have any real-world experience with this product line and if 
so what is your opinion on it and too feeling about MPLS IPSec VPN's in general.

Thanks in advance,
Eric

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT - MicroCenter (SANTA CLARA) 02/17/01 CCDP Test Candidate

[Michael Snyder]

Sorry for using up groupstudy resources for sending this personal broadcast
message.

Would the CCNP Engineer who was testing on 02/17/01 please email me.

I lost your email address.

--

Michael Snyder

CCNP-Security, MCSE
[EMAIL PROTECTED]





_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Jack Yu]

In my opinion, CCIE is a test of ability of learning and using knowledge,
not a test of knowledge itself.

No matter a CCIE or not, you can be an expert in Wireless or Optical or
other arena, because you have been working on those stuff for a while and
you are following it.  No body compares a ISP senior engineer who has no
certification to  CCIE working in enterprise his/her whole life. But in my
mind as long as that guy is an CCIE, he should have no problem picking up
the job of the ISP senior engineer giving a short time.

Jack


""Mark Holloway"" <[EMAIL PROTECTED]> wrote in message
006d01c09dc7$4e10caf0$111fea18@platypus">news:006d01c09dc7$4e10caf0$111fea18@platypus...
> At Sprint we have a few CCIEs.. But not as many as you think - and we are
> the #1 reseller of Cisco equipment in the U.S.. I have put my CCIE on hold
> for now, since I know what CCIEs in Las Vegas earn versus what I make now.
> The problem is that in the real world, people start to become specialists,
> and my job title has me working in the field of IP Telephony as well as
> 802.11b WLANs.  So, getting my CCIE right now won't do much.  I may go for
> the CCIE Design later this year.  But I recently left my old employer as a
> "Network Engineer" (designing/merging/expanding our network and
> troublshoting problems) and recently started at Sprint Long Distance doing
> Pre-Sales Engineering in 5 different states.  My product range is: Nortel
> PBXs, Nortel Routers/Switches (there are more our there than you think!),
> Cisco AVVID product line, and Aironet product line.  I've had experience
> with VoATM and VoFR at my last job, setting up tie lines from PBX to PBX
> over the WAN.  IP Phones are new to me, but I'll be traveling to Ontario,
> Canada, to play at Nortel, and flying to North Carolina to play in
Sprint's
> AVVID lab .. oh yea, I'm going to some Cisco IP Telephony/Call Center
> training too.  :-)
>
>
>
>
> - Original Message -
> From: "Peter Van Oene" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, February 23, 2001 9:47 AM
> Subject: Re: CCIE salary
>
>
> > The CCIE program does little to develop the skill set of a pure IP
> engineer in a ISP environment.  CCIE has little bearing in my opinion when
> candidate are interviewed for senior IP architectural positions.  CCIE is
> really an enterprise discipline.
> >
> > Pete
> >
> >
> > *** REPLY SEPARATOR  ***
> >
> > On 2/23/2001 at 9:20 AM Drew Simonis wrote:
> >
> > >Brian wrote:
> > >>
> > >> This really isn't true.  Lets look at some basic facts:
> > >>
> > >> There are only ~6000 or so CCIE's in the world, possibly as many as
30%
> > >> are employed by cisco.
> > >>
> > >> There are over 6000 ISP's in the US alone.
> > >>
> > >> There are over 7000 AS's in the world.
> > >>
> > >> My point is, that if most of your CCIE's work for cisco and big big
> > >> companies, then their are a ton of networks, complex networks, that
> don't
> > >> even have CCIE's at the healm.  Even a large company like UUnet may
> only
> > >> have a handfull of CCIE's.
> > >>
> > >
> > >
> > >Also take into account the large number of CCIE's who make their
> > >wages at training companies, and who aren't in the field.  I know
> > >that when I was with IBM Global Network Services, we had just 2
> > >that I knew of...
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A different Wildcard Mask [1:2082]

[COULOMBE, TROY]

Alright, 
Coming out of "lurker mode" . ;-)

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm#xtocid2185611

There are two and a half (2.5) answers at the bottom (in cut/paste mode)
pending further clarification:

Exclamation points are of course (of course!) comments and can be cut/pasted
as well

Also, a neat "trick" depending on where the router is located is to issue
the "reload" command prior to applying access-lists.
A simple "reload in 15" will reload the router in 15 minutes...so the steps
I use are:
1. reload in 15   (reload in mmm)
2. cut/paste access list
3. apply access list
4. ensure connectivity is still possible. Best to create an
ADDITIONAL telnet window.
5. ensure access list is doing whatever you believe it should be
doing
6. wr mem (habits die hard)(copy run start)
7. reload cancel
If you lose connectivity (Doh!) and can't get back in on #4, the reload will
take place, return you to the prior running config (you _didn't_ do "copy
run start" yet did you?, and wala! no 3 hour trip into Tokyo to console in.
;-)

HTH, 
TroyC

==
! Answer #1
access-list 15 permit ip 171.17.2.64 0.0.0.31
! dot31 is the mask for 64-95 (inverse of 224)
! The access list/class is unaware and therefore
! doesn't care what the original subnet mask applied
! This will also deny _EVERYONE_ else which may or
! may not be what you want
! Don't forget their is an explicit DENY at the end (not seen)
line vty 0 4
   access-class 15 in
==
! Answer #2
access-list 15 deny ip 171.17.2.96 0.0.0.31
access-list 15 permit ip any any
! dot31 is the mask for 96-127 (inverse of 224)
! This will deny _ONLY_ 2.96-2.127 and allow all other
! IP address telnet access
line vty 0 4
   access-class 15 in
==
! Answer #3 UGLY UGLY UGLY
access-list 15 permit ip 171.17.2.64
access-list 15 permit ip 171.17.2.65
access-list 15 permit ip 171.17.2.66
!
! you get the idea
!
access-list 15 permit ip 171.17.2.93
access-list 15 permit ip 171.17.2.94
access-list 15 permit ip 171.17.2.95
! With no mask you are specifying a host
line vty 0 4
   access-class 15 in


-Original Message-
From: jeongwoo park [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 10:26 AM
To: [EMAIL PROTECTED]
Subject: Fw: A different Wildcard Mask [1:2082]


Hi all.
Can anyone clear this?
thanks
J
- Original Message -
From: "V Cumbie" <[EMAIL PROTECTED]>
Newsgroups: groupstudy.associate
Sent: Wednesday, February 21, 2001 12:08 PM
Subject: A different Wildcard Mask [1:2082]


> Can you permit/deny only half of a subnet?  Here is my problem:
>
> Network: 171.17.2.64
> Subnet mask: 255.255.255.192
> Host range: 171.17.2.65 thru 171.17.2.126
> Broadcast: 171.17.2.127
>
> I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126
> and allow the remaining addresses (the lower half) 65 thru 95 complete
> access.
>
> I can not figure out a wildcard mask for splitting the hosts in half; to
> deny/permit one half of them.
>
> I would appreciate any help on this.
>
> V. Cumbie
>
>
>
>
>
> Message Posted at:
> http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082
> --
> You are reading GroupStudy's Associate Mailing List.  To unsubscribe
follow
> the directions on http://www.groupstudy.com/list/Associates.html
>

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Protocol 89?

[Howard C. Berkowitz]

>--- "Buri, Heather H" <[EMAIL PROTECTED]> wrote:
>>  Chris,
>>
>>  I believe all the routing protocols have their own unique port
>>  identifiers.
>
>Close. IP routing protocols *may* use layer 4 sockets for data. But for
>identification is the IP protocol type.


Don't even restrict it to IP protocol type:

BGP runs over TCP
RIP runs over UDP
OSPF, IGRP, and EIGRP run directly over IP
IS-IS runs directly over data link.

There's no question that there are policies that restrict, in 
particular, ICMP or UDP, so that's a common application of protocol 
numbers.  In access-list statements, TCP, UDP, ICMP, etc., are 
macros for the protocol type number, just as telnet, http, etc., are 
macros for port numbers.

Before filtering routing protocol packets, especially with access 
lists that operate on protocol type rather than distribute lists or 
route maps, know exactly what you are doing -- in particular, when 
working with OSPF.  Link state protocols, as implemented today, 
generally need to flood in an area, and filtering  them may break the 
routing system.

>
>>  I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all
>>  of
>>  the routing protocols in some detail.  RIP uses port 520, IGRP/EIGRP use
>>  protocol 9.  Doyle does give examples of packet captures on each of the
>>  different protocols and the port/protocol does indeed show up in the
>>  routing
>>  protocol packet header.  Overall, I am finding this an extremely good
>>  book.
>>  I can see now why so many recommend it.
>>
>>  I don't have a lot of experience manipulating the routing protocols in
>>  such
>>  a way as you mention below but I don't see why it could not be done
>>  based on
>>  the fact that they do use known port/protocol id's. 
>>
>>  Someone else may be able to shed some additional light on this for you.
>>
>  > Heather Buri
>>
>
>  > In trying to understand OSPF in much more detail, I am reading RFC 2328.
>>  Several times Mr. Moy refers to OSPF as " IP Protocol 89".


John is a mathematician by background. Figures. :-)

>I checked the
>>  "RFC/Port Number" page that I reference often
>>  (http://www.networksorcery.com/enp/default0301.htm) and found that
>>  indeed
>>  OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked
>>  with
>>  TCP/UDP port numbers, but this is the first time I've paid attention to
>>  the
>>  fact that the protocols themselves have numbers too. This is
>>  interesting.
>
>read RFC 1700
>
>IP header has an 8 bit protocol type field
>
>
>>  Should I look at 89 as a number that can be manipulated as I would 23
>>  (telnet) or 69 (tftp)? Can someone explain where these numbers are used?
>
>Define manipulate?
>
>>  Are
>  > they found in headers? As networkers, are we concerned with these
>>  numbers?
>>  Does anyone commonly filter based on a protocol's number? Or is getting
>>  this
>  > granular an exercise in futility for a network engineer?

I suppose it depends how granular the problem is.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: How to Restrict multiple login?

[martijn michiel]

Viaks, you stated that you were going to use radius. That is where you feed 
a lot of user auth items, also the ones you ask for. As I stated, via 
radius, you can do a lot. For Cisco commands, check

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/case/qccase.htm#xtocid216396

http://www.cisco.com/warp/public/793/access_dial/Isdn_callerID.html

Good luck.

Martijn

>From: "vikas patel" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: How to Restrict multiple login?
>Date: Fri, 23 Feb 2001 10:57:48 -
>
>Hi martin,
>I am still confused and i dont have that caller-ID facility here coz i am 
>in a remote kind of place. Can u suggest me about the router commands for 
>my 16 async ports(in built) coz i am not using portmaster too.
>May be if you can clarify the followings:-
>1) how do i assign one ip per user account after dial-in?
>2) as u said to diable multilink, how to do it, i dont think its from 
>router part?
>3)and how to use the connection type async for restricting multi login?
>
>Thanks for your time and kind help,
>waiting for your reply.
>Kind regards
>vikas
>
>
>>From: "martijn michiel" <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>>CC: [EMAIL PROTECTED]
>>Subject: RE: How to Restrict multiple login?
>>Date: Thu, 22 Feb 2001 19:18:03 -
>>
>>You have multiple options in radius for restricting your users.
>>
>>If you, in Unix, cannot prevent double --- User Authentication  then 
>>double  Line Authorization  should be prevented.
>>
>>- one source ip per user account after dial-in
>>- caller id per source phone per user (telco support)
>>- disable multilink (w2k)
>>- static route per user (w2k)or from cisco to radius (multi-cisco/mutliple 
>>telcolineno's?)
>>- certificates and securID's will also close down mulit login/dialin 
>>actions
>>- connection type isdn number, async
>>A lot of these items ar supported through PPP.
>>
>>I saw something about usertables, did not dive into that one. No unix 
>>guru, sorry.
>>Radius is my thing, because i'm w2k mcse (no comment please)Still a bit of 
>>GUI guy though.
>>
>>Martijn MCP 18x
>>
>>some links etc...
>>
>>Livingston
>>Accounting Attributes
>>  For RADIUS accounting to function, a series of accounting attributes are 
>>defined in the dictionary  file on the RADIUS server and appear in the 
>>start and stop accounting records. Use the following descriptions of 
>>common accounting attributes to help you interpret start and stop records. 
>>Refer to RFC 2139 for information on other accounting attributes.
>>Called-Station-Id and Calling-Station-Id
>>  Called-Station-Id records the telephone number called by the user. 
>>Calling-Station-Id records the number the user is called from. This 
>>information is recorded when the NAS-Port-Type is ISDN, ISDN-V120, or 
>>ISDN-V110 where supported by the local telephone company. On the 
>>PortMaster 3 and the PortMaster 4, this information is available for 
>>asynchronous calls as well, where supported by the local telephone 
>>company.
>>
>>http://www.livingston.com/tech/docs/radius/userinfo.html#1004347
>>http://www.livingston.com/tech/docs/radius/userinfo.html#1012237
>>
>>-Oorspronkelijk bericht-
>>Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens vikas
>>patel
>>Verzonden: donderdag 22 februari 2001 11:22
>>Aan: [EMAIL PROTECTED]
>>Onderwerp: How to Restrict multiple login?
>>
>>
>>Hi folks,
>>I am working in an ISP company, got Cisco 2511 router with inbuilt
>>RAS(access server), IOS ver. 11.3(9).
>>I am using RADIUS from livingston ver. 2.0.1 beta 14 revision 5 for 
>>windows
>>NT4.0 and Netcents ver. 6.0 for billing. I have contacted the netcents
>>people and they says that the single/multi login facility is available 
>>with
>>RADIUS only and not with there netcents billing s/w. And i think the 
>>RADIUS
>>ver. that i am using is not supporting this single/multi login features. 
>>And
>>i am going to use this RADIUS b'coz its free.
>>How can i Restrict my customers for single login and multi-login into my
>>cisco router. B'coz using the above radius and netcents i cannot block 
>>multi
>>user login in my network. Can u guys suggest some solution using the above
>>only s/w's. And I am creating users in netcents+radius and these users are
>>not the router users.
>>Is their any way thru cisco router commands to restrict my customers for
>>single login?
>>
>>Thanks in advance.
>>waiting for your reply.
>>
>>kind regards
>>vikas patel
>>
>>_
>>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>>
>>_
>>FAQ, list archives, and subscription info: 
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.h

RE: Unable to browse the web after connecting to VPN

[Dusty Harper]

You may need to reconfigure the IE options through the Internet
Connection Wizard.  Basically this will help determine / configure the
Proxy address and / or what not that your office connects through.

-Original Message-
From: Sam [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 10:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Unable to browse the web after connecting to VPN


Ramesh, next time you might get a better response from a microsoft
newsgroup.

Anyways, are you using a server assigned IP address or a static address?
If
you are using server assigned check to make sure you are getting valid
DNS
server addresses.  You can check the addresses by doing a winipcfg in
Win9x
or ipconfig /all in NT.  Once you get the addresses you can ping them,
do
trace routes or use nslookup to troubleshoot the problem.  Keep in mind
that
once you connect to your network at the office you become part of that
network and your internet access should be going through your company's
network.  There are plenty of white papers covering MS PPTP at
www.microsoft.com/technet
Hope this helps.

""Ramesh c"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Its a kind of weird problem.I am using a VPN(windowsNT server /PPTP)
to
connect to my Ofiice network.The VPN connection goes thru fine and I am
able
to ping my office network as well as Internet.The problem is I am unable
to
browse the Internet thru browser.Before Connecting to VPN it works
fine.This
problem is only on Internet explorer 5.0
>
> The above problem is not to be seen in netscape.
>
> What is problem and difference between the browsers?Any setting I need
to
change in Internet explorer?
>
> Any help would be appreciated.
>
> cheers
> Ramesh
>
>
> Get your small business started at Lycos Small Business at
http://www.lycos.com/business/mail.html
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP support guide

[Patterson Derek Contr 76CS/SCBL]

go to www.fatbrain.com and put in the isdn and you'll save yourself ten
dollars on this book..  always trying to save a buck

-Original Message-
From: Tom Drake [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 6:00 AM
To: [EMAIL PROTECTED]
Subject: CCNP support guide


Hallo,

I've got the PDF for the CiscoPress official CCNP support
certifications guide.

http://www.amazon.com/exec/obidos/ASIN/0735709955/qid%3D/102-7107495-8348961

Willing to trade for any other CiscoPress e-books

[EMAIL PROTECTED]


_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A different Wildcard Mask [1:2082]

[W. Alan Robertson]

Allow 172.17.2.64 0.0.0.63 to telnet, or deny 172.17.2.96 0.0.0.63...

You are simply shifting 1 more bit to the right in the netmask...  Whenever we
are dealing with Half of a subnet range, we can simply shift 1 bit in the subnet
mask.  Your access-list is not aware of what the real subnet is.  It only cares
about matching cases in your rule-set.

You have a subnet, 172.17.2.64, with a /26 mask.  To half it, simply add a bit
to the mask, making it /27.  From there, determine the inverse mask, computing
the value of the remaining 5 bits (The last octet os now 1110 ), and you
have your wildcard.

Hope this helps...

Alan~

- Original Message -
From: "jeongwoo park" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 1:25 PM
Subject: Fw: A different Wildcard Mask [1:2082]


> Hi all.
> Can anyone clear this?
> thanks
> J
> - Original Message -
> From: "V Cumbie" <[EMAIL PROTECTED]>
> Newsgroups: groupstudy.associate
> Sent: Wednesday, February 21, 2001 12:08 PM
> Subject: A different Wildcard Mask [1:2082]
>
>
> > Can you permit/deny only half of a subnet?  Here is my problem:
> >
> > Network: 171.17.2.64
> > Subnet mask: 255.255.255.192
> > Host range: 171.17.2.65 thru 171.17.2.126
> > Broadcast: 171.17.2.127
> >
> > I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126
> > and allow the remaining addresses (the lower half) 65 thru 95 complete
> > access.
> >
> > I can not figure out a wildcard mask for splitting the hosts in half; to
> > deny/permit one half of them.
> >
> > I would appreciate any help on this.
> >
> > V. Cumbie
> >
> >
> >
> >
> >
> > Message Posted at:
> > http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082
> > --
> > You are reading GroupStudy's Associate Mailing List.  To unsubscribe
> follow
> > the directions on http://www.groupstudy.com/list/Associates.html
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lab Swap

[Frank cisco]

I have a date of September 12th at Halifax . I would like to swap for 
another date between  june and july in halifax ...

Send me email if you are interested .

Frank.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Speaking of Routers on a stick

[Howard C. Berkowitz]

I can't help it...whenever I see references to "router on a stick," I 
wonder whether Vlad the Impaler was the product architect.

Returning to your regularly scheduled discussion...

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 128 WEP Vulnerabilities

[Chris Lemagie]

Our 340 and 350 series wireless products will support per user (session) WEP
key assignment if you use the wireless products in conjunction with Cisco
Secure ACS v2.6 which supports LEAP.  LEAP allows the AP to query the Cisco
Secure ACS Server for user authentication and WEP key assignment.  In this
configuration each wireless user on the network has their own unique WEP key
negating the requirement for a "shared" WEP key.

The 350 series products support line power from Catalyst switches and also
have 100mW radios that are more sensitive than those in the 340.  You will
have to upgrade firmware in the 340 series Access Points and NICs to support
the new security functionality.  Encryption also runs in hardware on both
the 340 and 350 series products so we don't impact the system CPU...

Chris Lemagie


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Craig Lindstrom
Sent: Friday, February 23, 2001 9:03 AM
To: '[EMAIL PROTECTED]'
Subject: RE: 128 WEP Vulnerabilities


I just got an announcement from cisco that said the aironet 350 series will
use dynamic wep encryption keys instead of the manually entered one,  I
think the key can be created per wireless session(not ip session).  That
should greatly enhance the security.

Craig

-Original Message-
From: Nabil Fares [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 8:58 AM
To: [EMAIL PROTECTED]
Subject: 128 WEP Vulnerabilities


Greeting all,

Are you guys aware of any issues/vulnerabilities with the WEP protocol.  Any
feedback greatly appreciated.

Nabil

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 675, ADSL, and PPPoATM

[John Neiberger]

Here's the situation:  we have a branch with a 2620 router and a T-1
frame relay circuit.  As a backup, we have added a RADSL line and we
want to put a 675 or 678 router at the branch.  The 675 will be
connected to a switch that is connected to the 2620, and the 675 will be
in its own VLAN.

The DSL circuits (there are actually over 30) are muxed to an ATM T-1
connecting to an ATM port adapter on a 7513 here at our headquarters.  I
thought I understood how to configure this until I actually started to
do it.  :-)

I was expecting to use point-to-point interfaces (just like our F/R
network) and aal5snap encapsulation.  However, it appears that the 675
can't do that or I just can't figure out how to do it.  I can't even
figure out how to set the IP address of the WAN interface on the 675.  I
*did* see how to set the ppp ipcp address for the WAN interface, but I'm
assuming that means I have to use PPPoA.  If that's the case, how in the
heck do I configure the 7513 ATM interface to handle up to 50
point-to-point subinterfaces using PPPoA?  For encapsulation, do I use
aal5mux or aal5ciscoppp?  What are the differences?

I've been searching CCO for hours and I haven't found much that is very
helpful so far.  Every configuration example assumes a different
situation and topology than ours.

To make matters worse, we are using VLSM and wanted to run RIP v2 on
the 675.  However, it sounds like RIP v2 is quite broken and we'd be
forced to use RIP v1.  That's bad news.  Am I screwed?  

Is there another router that would be better for this than the 675?  I
looked at the 827 and it seems to be exactly what we want except for one
thing:  Qwest is using CAP on these lines and the 827 does DMT only. 
Arg  I'm trying to contact some technical people there but so far I
haven't had much luck.

Do any of you have any experience with this sort of thing?

As usual, many thanks!

John

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Mark Holloway]

For me, the CCIE is more of a personal gain than a career booster.  I think
anyone who has been working in a WAN environment for 3 or more years should
know most of what a CCIE would encounter on a daily basis.  Remember, the
CCIE makes you an expert in ALL areas, but some technologies you bump into
only once in a while.  I would say I'm about equal to a CCIE in high speed
Ethernet networks in a Layer 3 Switched environment, also ATM in the WAN,
Frame Relay, etc.. I've also had a tremendous amount of experience with
802.11b Aironet and Cisco PIX too.  These are two things not covered in the
CCIE R/S. However, a CCIE is expected to know about FDDI and Token Ring,
something I haven't worked with in a while.  So when the expertise is
needed, count me out in that department.  Also, my area of emphasis requires
me to know a lot of Nortel PBXs and to some degree, Nortel backbones and
edge devices.  Cisco doesn't teach you anything about that.  Nortel is #1 in
the PBX world so when you are ready to integrate VoIP, you must have some
knowledge of Nortel.  There is no doubt that you will show up on to customer
sites who are interested on Voice Over services to save money, but are not
ready to dump their multi-million dollar Nortel PBX in favor of a Cisco
AVVID solution.  In my opinion, the AVVID solution has a way to go before
being mature.  It doesn't even play music while the client is on hold...ugh!

Anyway, when getting the CCIE, above all things, you will feel strong and
proud.  It is a great certifiecation and at least you know you accomplished
something profound.I still want to do the CCIE Design, but it's out of
beta and Cisco put it on hold for the moment.  To make the most of your
CCIE, try working for a company the utilizes technology heavily.  Companies
like Sprint, MCI, Qualcomm, Nokia, all need CCIEs.  Companies like JC Penny,
Sears, and Prudential are not technology-baed companies and although they
have WANs, they don't care if you are a CCIE or not.  Just keep the network
up.  Make sense?

Regards,
Mark


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 11:56 AM
Subject: Re: CCIE salary


> Mark, Pete:
>
> I need to say something here.  I live about 3 miles from Cisco's Federal
> Marketing offices, in Herndon, VA, and I know a couple of engineers.
>
> One of those employees teaches my router class on Satrudays, at a local
> university, [I am an MCP, working on my CCNA, hope to test in June].
> This instructor said, that Cisco employees are usually too busy doing real
> world research for customers, and the CCIE is not that important, but
still
> prestegous for them.  What I am trying to say is Mark, as long as you are
> working in your field and have X amount of knowledge and experience, a
CCIE
> won't matter too much, sounds like you are at the Top of the Network
> Engineering Hierarchy anyway.
>
> Pete:
>
> What do you mean by the following:
>
> "CCIE is
> really an enterprise discipline."
>
> Regards,
>
> Jess
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A different Wildcard Mask [1:2082]

[W. Alan Robertson]

Ignore this...

Troy's answer is correct.  I slopped up my binary columns, and added an extra
bit.  :)

- Original Message -
From: "W. Alan Robertson" <[EMAIL PROTECTED]>
To: "jeongwoo park" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 2:58 PM
Subject: Re: A different Wildcard Mask [1:2082]


> Allow 172.17.2.64 0.0.0.63 to telnet, or deny 172.17.2.96 0.0.0.63...
>
> You are simply shifting 1 more bit to the right in the netmask...  Whenever we
> are dealing with Half of a subnet range, we can simply shift 1 bit in the
subnet
> mask.  Your access-list is not aware of what the real subnet is.  It only
cares
> about matching cases in your rule-set.
>
> You have a subnet, 172.17.2.64, with a /26 mask.  To half it, simply add a bit
> to the mask, making it /27.  From there, determine the inverse mask, computing
> the value of the remaining 5 bits (The last octet os now 1110 ), and you
> have your wildcard.
>
> Hope this helps...
>
> Alan~
>
> - Original Message -
> From: "jeongwoo park" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, February 23, 2001 1:25 PM
> Subject: Fw: A different Wildcard Mask [1:2082]
>
>
> > Hi all.
> > Can anyone clear this?
> > thanks
> > J
> > - Original Message -
> > From: "V Cumbie" <[EMAIL PROTECTED]>
> > Newsgroups: groupstudy.associate
> > Sent: Wednesday, February 21, 2001 12:08 PM
> > Subject: A different Wildcard Mask [1:2082]
> >
> >
> > > Can you permit/deny only half of a subnet?  Here is my problem:
> > >
> > > Network: 171.17.2.64
> > > Subnet mask: 255.255.255.192
> > > Host range: 171.17.2.65 thru 171.17.2.126
> > > Broadcast: 171.17.2.127
> > >
> > > I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126
> > > and allow the remaining addresses (the lower half) 65 thru 95 complete
> > > access.
> > >
> > > I can not figure out a wildcard mask for splitting the hosts in half; to
> > > deny/permit one half of them.
> > >
> > > I would appreciate any help on this.
> > >
> > > V. Cumbie
> > >
> > >
> > >
> > >
> > >
> > > Message Posted at:
> > > http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082
> > > --
> > > You are reading GroupStudy's Associate Mailing List.  To unsubscribe
> > follow
> > > the directions on http://www.groupstudy.com/list/Associates.html
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE salary

[Howard C. Berkowitz]

>In my opinion, CCIE is a test of ability of learning and using knowledge,
>not a test of knowledge itself.
>
>No matter a CCIE or not, you can be an expert in Wireless or Optical or
>other arena, because you have been working on those stuff for a while and
>you are following it.  No body compares a ISP senior engineer who has no
>certification to  CCIE working in enterprise his/her whole life. But in my
>mind as long as that guy is an CCIE, he should have no problem picking up
>the job of the ISP senior engineer giving a short time.
>
>Jack


Jack,

True, I'm not a formal CCIE (and consciously do not intend to go 
through the lab because I don't want to conflict with Cisco NDAs), 
although I was CCSI-certified in the Old Days, when the testing 
(pre-1995) was comparable, IMHO, to the current CCIE program.  I have 
a reasonably solid computer science background (again, was in the 
field prior to their being graduate degrees in it), and am currently 
working on a book on ISP engineering, having written seveal related 
books.  These days, my work includes designing router products for 
ISP applications. I've written or contributed to several RFCs and 
Internet Drafts, including a current  draft on single router BGP 
convergence time, the next draft of which (to be posted next week) 
will reflect the thinking of several vendors.

I can only say that it took me several years to get to a point where 
I feel comfortable in large-scale ISP architecture and engineering, 
starting with a solid software and theoretical background.  Things 
like abstract algebra (especially graph theory), principles of 
real-time operating systems, queueing theory, etc., are all directly 
relevant.  Reading and understanding the Routing Policy Specification 
Language needs a good background in programming language and 
abstractions including object orientation.

In short, don't plan on walking into a major ISP and assuming a CCIE 
is anything more than a very minimal indication that you might be 
able to learn.  No one is going to put you into a senior engineering 
position  unless you have lots of knowledge that is not covered by 
the CCIE program.

By "engineering," I don't mean third-level support.  I mean deciding 
peering policy, finding performance problems, designing and 
implementing QoS, working out the relationships among IGPs, BGP, and 
MPLS, and coming up with responses to hacking attacks (especially 
distributed).

There is a reason that computer science programs have not been 
supplanted by the CCIE program.

>
>
>""Mark Holloway"" <[EMAIL PROTECTED]> wrote in message
>006d01c09dc7$4e10caf0$111fea18@platypus">news:006d01c09dc7$4e10caf0$111fea18@platypus...
>>  At Sprint we have a few CCIEs.. But not as many as you think - and we are
>>  the #1 reseller of Cisco equipment in the U.S.. I have put my CCIE on hold
>>  for now, since I know what CCIEs in Las Vegas earn versus what I make now.
>>  The problem is that in the real world, people start to become specialists,
>>  and my job title has me working in the field of IP Telephony as well as
>>  802.11b WLANs.  So, getting my CCIE right now won't do much.  I may go for
>>  the CCIE Design later this year.  But I recently left my old employer as a
>>  "Network Engineer" (designing/merging/expanding our network and
>>  troublshoting problems) and recently started at Sprint Long Distance doing
>>  Pre-Sales Engineering in 5 different states.  My product range is: Nortel
>>  PBXs, Nortel Routers/Switches (there are more our there than you think!),
>>  Cisco AVVID product line, and Aironet product line.  I've had experience
>>  with VoATM and VoFR at my last job, setting up tie lines from PBX to PBX
>>  over the WAN.  IP Phones are new to me, but I'll be traveling to Ontario,
>>  Canada, to play at Nortel, and flying to North Carolina to play in
>Sprint's
>>  AVVID lab .. oh yea, I'm going to some Cisco IP Telephony/Call Center
>>  training too.  :-)
>>
>>
>>
>>
>>  - Original Message -
>>  From: "Peter Van Oene" <[EMAIL PROTECTED]>
>>  To: <[EMAIL PROTECTED]>
>>  Sent: Friday, February 23, 2001 9:47 AM
>  > Subject: Re: CCIE salary
>>
>>
>>  > The CCIE program does little to develop the skill set of a pure IP
>>  engineer in a ISP environment.  CCIE has little bearing in my opinion when
>>  candidate are interviewed for senior IP architectural positions.  CCIE is
>>  really an enterprise discipline.
>>  >
>>  > Pete
>>  >
>>  >
>>  > *** REPLY SEPARATOR  ***
>>  >
>>  > On 2/23/2001 at 9:20 AM Drew Simonis wrote:
>>  >
>>  > >Brian wrote:
>>  > >>
>>  > >> This really isn't true.  Lets look at some basic facts:
>>  > >>
>>  > >> There are only ~6000 or so CCIE's in the world, possibly as many as
>30%
>>  > >> are employed by cisco.
>>  > >>
>>  > >> There are over 6000 ISP's in the US alone.
>>  > >>
>>  > >> There are over 7000 AS's in the world.
>>  > >>
>>  > >> My point is, that if most of your CCIE's work for cisco and big big
>>  > >> companies,

Ethernet Test

[João L. Vieira da Silva (ENT)]

=20
=20
Hello
=20
=20
Do you know any kind of computer programs that we can test ethernet =
traffic,
link thoughtput, latency, frame loss, etc
=20
=20
thanks for everybody
=20
Jo=E3o Luiz
Brazil

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]