RE: How to stash more than 100 ACLs in a router

[Erick B.]

On the higher-end routers you can compile the ACLs and
they get processed a little bit quicker. The feature
is called Turbo ACLs. I haven't had a oppurtunity to
be around a higher-end router long enough to really
test them to see how much of a difference it makes.

--- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> >You need to limit your ACLs because the more ACLs
> your CPU usage will go up.
> 
> 
> No, the total number of ACLs affects memory but not
> CPU.
> 
> The number of lines in each ACL affects CPU.
> 
> Depending on platform and switching mode, adding
> access-lists at ALL 
> is the main impact on performance and CPU.
> 
> But saying you need to limit your ACL's because
> usage will go up 
> doesn't make sense.  If you have a legitimate need
> for the functions 
> that the ACLs perform, and your CPU isn't fast
> enough, you need to 
> get a router with a faster CPU.  The ACLs are there
> for a business 
> reason.  The only justification for the router is to
> meet business 
> requirements.  There's no value to conserving a
> resource just for the 
> sake of conserving it.
> 
> >-Original Message-
> >From: ciscojolof [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, February 28, 2001 9:51 AM
> >To: [EMAIL PROTECTED]
> >Subject: How to stash more than 100 ACLs in a
> router
> >
> >
> >Guys,
> >
> >I have a problem, in our network we are
> rate-limiting customers but we
> >cannot get more than 100 ACLs per router so once we
> have over 100 customers
> >we are compelled to install a second router.
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

freeRadius

[rafdian]

Hi,
Does anybody ever use this FreeRadius?
www.freeradius.org

Been using ICRADIUS + MySQL, now, want to move freeradius + Oracle

Rgds,
raf

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Acess list (only for me)

[jeongwoo park]

Hi all
I am playing with 3620 router that has an ethernet.
There are several hosts hanging off the ethernet.
I want nobody but myself to telnet to this router.
So, I made access list as following;

access-list 101 permit tcp host 192.168.1.52 eq telnet any
!
ip access-group 101 in

192.168.1.52 is my ip address

I couldn't telnet in.
What am I missing?

Thanks in adv.



--
jeongwoo


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Free download of Exam Qs!

[Muhammad_Abduh]

Try this password :sureshhomepage

-Original Message-
From: hp8780 [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 11:00 AM
To: cisco [EMAIL PROTECTED]
Cc: hp8780 [EMAIL PROTECTED]
Subject: RE: Free download of Exam Qs!



Hi,

Can you unzip the .zip file and view the Q&A's?
Why it asked for a password when I try to unzip it?


-Original Message-
From: Dave W. [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 25, 2001 10:31 AM
To: [EMAIL PROTECTED]
Subject: Re: Free download of Exam Qs!


I have viewed the Q & A's and I have a strong feeling
that those questions 
are more suitable for CCNP v1 rather than CCNP v2. 
They don't even follow 
the exam objectives.

And they cost $$$? I don't think they worth it.  Let's
save some bucks and 
time and get moving with Cisco study guides. :)

Dave


Original Message Follows
From: "Noel Fredrick" <[EMAIL PROTECTED]>
Reply-To: "Noel Fredrick" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Free download of Exam Qs!
Date: Sat, 24 Feb 2001 23:38:38 +0530

Hi listers,
Visit this site it has got 100 BSCN and 75 BCMSN free
downloadable Qs & =
Answers with explanations.
=20
www.sureshhomepage.com

thanks
Noel

_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


_
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

About PIX 520 update

[wangjun]

hi,all!
  can someone help to update our PIX 520 from IOS 4.3(2)  to IOS 4.4(5).Because my 
cco account can't download IOS 4.4(5)
for PIX 520 so I only need someone help me !



ÖÂ
Àñ£¡

wangjun
[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Acess list (only for me)

[Muhammed Khalilullah]

Hi!
It is not exactly like that. Make an access-list as
access-list 1 permit host 192.168.1.52
and then
!
line vty 0 4
   access-class 1 in
!

This access-list will be assigned on all the VTY lines
where you log on.

Muhammad Khalilullah
Network Engineer
MCSE, CCNP

It will work what you want to do
--- jeongwoo park <[EMAIL PROTECTED]> wrote:
> Hi all
> I am playing with 3620 router that has an ethernet.
> There are several hosts hanging off the ethernet.
> I want nobody but myself to telnet to this router.
> So, I made access list as following;
> 
> access-list 101 permit tcp host 192.168.1.52 eq
> telnet any
> !
> ip access-group 101 in
> 
> 192.168.1.52 is my ip address
> 
> I couldn't telnet in.
> What am I missing?
> 
> Thanks in adv.
> 
> 
> 
> --
> jeongwoo
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: finished ccnp

[Muhammed Khalilullah]

Hi !
Congratulations. I also took the old ACRC paper and
I'm now CCNP 1.0 certified. In order to upgrade myself
to CCNP 2.0 I've to appear in Routing 2.0 But the
certification is offcourse valid till next 2 years and
I'm not interested right now. Not willing to spend moe
:)

Muhammad Khalilullah
Network Engineer
CCNP, MCSE

--- Iakovos Svolakis <[EMAIL PROTECTED]> wrote:
> Hi all,
> 
> I have just finished CIT exam yesterday so from
> today I am a CCNP.
> The problem is that I passed the old ACRC exam not
> the new BSCN.
> Does anyone know if there is a problem with that?
> And one more question about the CVOICE
> specialization: is there any book =
> to read
> for the exam?
> 
> 
> Thanks
> 
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CIT (exam # 640-506)

[Bolaji Charles Olatunji]

Please, can anyone tell me what topics & where (in the Cisco press CIT book) to focus 
on - as i'm due to take the exam this week end? 

i'd appreciate direct replies as i'm not subscribed to the list.

thanks,

Bolaji 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: Acess list (only for me)

[Johnny Sun]

Hi Jeongwoo,

Just change the access-list like this:
access-list 101 permit tcp host 192.168.1.52 any eq telnet

regards.

Johnny Sun


-Original Message-
·¢¼þÈË: jeongwoo park <[EMAIL PROTECTED]>
ÐÂÎÅ×é: groupstudy.cisco
ÊÕ¼þÈË: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
ÈÕÆÚ: 2001Äê3ÔÂ1ÈÕ 16:47
Ö÷Ìâ: Acess list (only for me)


>Hi all
>I am playing with 3620 router that has an ethernet.
>There are several hosts hanging off the ethernet.
>I want nobody but myself to telnet to this router.
>So, I made access list as following;
>
>access-list 101 permit tcp host 192.168.1.52 eq telnet any
>!
>ip access-group 101 in
>
>192.168.1.52 is my ip address
>
>I couldn't telnet in.
>What am I missing?
>
>Thanks in adv.
>
>
>
>--
>jeongwoo
>
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: About PIX 520 update

[Tim O'Brien]

You will need to update your smartnet contract, contact your reseller or the
local Cisco office...

Tim

- Original Message -
From: "wangjun" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 01, 2001 3:48 AM
Subject: About PIX 520 update


hi,all!
  can someone help to update our PIX 520 from IOS 4.3(2)  to IOS
4.4(5).Because my cco account can't download IOS 4.4(5)
for PIX 520 so I only need someone help me !



ÖÂ
Àñ£¡

wangjun
[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Connection Options in the UK.

[Stephen Skinner]

Hello,

First of all your not limited to BT.
I use colt telecoms all the time, and not only are they cheeper,but they are 
more reliable.

I think you should forget dial-up...they are so expensive(if you are not 
using them for a back-up link).

Thet last time i requested services(new install) from colt Aug last 
year,they quoted me for a 2meg leased line(if your going to have video/music 
it would be best).
Price comparison
Colt ..install £1000 year line rental(no call charges) £3,800
BT   ..install £2800 year line rental (no cal charges) £3,900

Bt ..install in 2-3 months ...colt 1-4 weeks

the reason i say leased line is because of 3 reasons ..

1 if you go for a permernant connection instead of a dial-up , you DO get 
better speed/throuhput,i am working at Exxon/Mobil(leaving in a week or so) 
and we have a permanent 2meg leased line ,with isdn 30 backup(full 30 
channels) and we notice at least a 5-10% drop-off in speed when we change to 
the back-up..(the BT line is constantly going up and down at the mo)
2 frame-relay is quite expensive to install ,and dosen`t matter who you buy 
it from ,it will come from BT.
3 ATM is FAR to expensive for anything less than 100 meg.

It may seem expensive but the benifit you get from being permenant is that 
you traffic is QOS`d with all the other buisness traffic.when on dial-up you 
get QOS`d with all that traffic..
QOS basic is when BT or Colt prioratise traffic as to who is important .
The business stuff comes first and the SOHO/Home stuff comes second (or 
sometimes 4/5th).

HTH

steve


>From: "Stuart J Pittwood" Reply-To: "Stuart J Pittwood" To: Subject: 
>Connection Options in the UK. Date: Wed, 28 Feb 2001 17:55:12 -
>
>Hi,
>
>Just after a little advice.
>
>We currently have a 4 BRI Channels to provide internet access & email to 
>about 200 Users.
>
>This, as you can imagine is a touch slow at peek times. We have caching 
>servers at our end to try to help this (which it does), but we need 
>somthing faster.
>
>We use no audio or video yet (but it will happen in the next 12 months)
>
>We dont have access to BTs ADSL service (if it actually exists, i've seen 
>very little evidence and BT will not give me a date for when we will have 
>it).
>
>What other connection options do we have? and are we stuck with BT 
>providing these services?
>
>BTs web site is less than helpful to say the least.
>
>I'm quite new to this stuff so any help/advice/pointers is/are greatly 
>appreciated.
>
>Thanks in advance __ Stuart J Pittwood, CCNA 
>[EMAIL PROTECTED] http://www.stuartpittwood.net
>
>_ FAQ, list archives, and subscription 
>info: http://www.groupstudy.com/list/cisco.html Report misconduct and 
>Nondisclosure violations to [EMAIL PROTECTED]
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

package lose

[shanjun zou]

hello,every one:

In my Cisco 4500 router, I ping my s0 interface, it reported that the losing
rate is 4%, but use the command "show interface s0", you could see "no
error". I was confused.

why? could anyone tell me the truth?


thanks very much.


shanjun zou




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Callback btw router and win

[Tomaz Klemencic]

Hi all !

I am trying to connect win2000 station to cisco 2600 and to use callback. I
get connected, authenticated and
callback doesn`t happen. Station stays connected as if there was no callback
configured on the router. If I remove dialer callback-secure command from
dialer interface, call gets rejected and the "number of incoming call
rejected for callback" under sh dial are incremented. Does anybody have any
sugestions or maybe working config for this situation ? Here is my config:

username test callback-dialstring 123 password xxx
ip subnet-zero
isdn switch-type basic-net3
!
nterface BRI1/1
  no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer pool-member 2
 isdn switch-type basic-net3
 ppp authentication ms-chap chap
!
interface Dialer3
 ip unnumbered Loopback1
 no ip directed-broadcast
 ip nat inside
 encapsulation ppp
 dialer remote-name dostop
 dialer idle-timeout 100
 dialer callback-secure
 dialer string 123 class test
 dialer caller 123 callback
 dialer pool 2
 dialer-group 1
 peer default ip address pool dostop
 ppp callback accept
 ppp authentication ms-chap chap
!
ip local pool dostop 192.168.31.1 192.168.31.2
!
map-class dialer test
 dialer callback-server username
dialer-list 1 protocol ip permit

-
Tomaz Klemencic
Hermes Plus, d.d., PE Celje
Kersnikova 19, 3000 Celje
+386-3-4284022

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM Vs Frame-relay

[Bikram Kumar Gupta]

Hi,

Why ATM can go upto 10 Gbps whereas Frame-relay upto
45 Mbps only? If so, please explain why it's impossible
to build a frame-relay interface to deliver 1 Gbps. 

Thanks in advance.

Regards,
Bikram.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNA2 book recommendation, please.

[Dave W.]

Sybex: CCNA Study Guide (640-507) by Todd Lammle.
For CCNP and higher, use Cisco Press instead.

Dave
Original Message Follows
From: "BB" <[EMAIL PROTECTED]>
Reply-To: "BB" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CCNA2 book recommendation, please.
Date: Thu, 1 Mar 2001 07:37:27 -

Hello to all,

Kind enough to recommend a good book for CCNA2 exam study.


Cheers.



_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what is the average age of people in this stuff?

[Ruben Arias]

Tom, I think that you shouldn't wait to do CCIE, because probably when you reach 65, 
CCIE will
no longer be there.
Not many years ago I was preparing to certify on OS/2 (3.0), at that time I already 
had been
working for 6 years with it. When I thought I was ready, the test was on Warp and 
included
Voice Recognition.  The end of the story is I never did certify and probably never 
will.

Tom Lisa wrote:

> Well, I guess this puts me in the "old geezer" category.  I got my Bachelor degree 
>when I
> was 40, my Masters at 45 and my CCNA at 55.  I'm just now starting on the CCNP and 
>hope to
> achieve CCIE status by 65 (Would this make me the oldest to finally get a CCIE?), 
>just in
> time to retire from teaching (my third career) and start on my Ph.D. in earnest.  
>For me
> the joy is in the journey.  Besides, how else am I going to stay one step ahead of my
> grandkids?
>
> Tom Lisa, Instructor, CCNA, CCAI
> Community College of Southern Nevada
> Cisco Regional Networking Academy
>
> Fred Ingham wrote:
>
> > rtc:  I passed my ccie when I was 20 years your senior.  Age isn't an
> > excuse.
> > Fred.
> >
> > rtc wrote:
> > >
> > >  I'm 40--am I getting too old for this stuff? Cant remember anything worth a
> > > damn,
> > > especially the commands nd command syntax
> > >
> > > _
> > > FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

details - new equipment

[Vik Evans]

Alright, I don't know why I am having so many problems, but for everyone who
wrote me regarding the Cisco 2610 equipment, my replies have all been
returned undeliverable.

Here are the details:

Standard 2610 router

32 MB DRAM
8 MB Flash
Cables and Documentation

$1000.00 with out DSU
$1100.00 with DSU

Send me contact info if you are interested, along with actual e-mail
addresses. I have been seeing this problem with NetZero lately.

Thanks,
Vik


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TACACS+ Server for Solaris WHERE?????

[McCallum, Robert]

Hello,

Can anyone let me know where I can fine a copy (free or otherwise) for a sun
solaris server.  Much appreciated.

Robert McCallum
10 days till first born is due, 6 months till CCIE lab due.Which
will be worse

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TACACS+ Server for Solaris WHERE?????

[roger . gore]

I'd try

http://www.sun.com

or

http://www.cnet.com

or 

http://www.computershopper.com

Isn't the Internet a wonderful place?!

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 06:29
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: TACACS+ Server for Solaris WHERE?


Hello,

Can anyone let me know where I can fine a copy (free or otherwise) for a sun
solaris server.  Much appreciated.

Robert McCallum
10 days till first born is due, 6 months till CCIE lab due.Which
will be worse

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to stash more than 100 ACLs in a router

[Howard C. Berkowitz]

>[EMAIL PROTECTED]  wrote,



>On the higher-end routers you can compile the ACLs and
>they get processed a little bit quicker. The feature
>is called Turbo ACLs. I haven't had a oppurtunity to
>be around a higher-end router long enough to really
>test them to see how much of a difference it makes.


True.  As you suggest, it _is_ important to see if access list
performance problems actually are significant in _your_ context.

Fact, as can be seen from any number of posts on the NANOG mailing
list:  providers that exchange large exterior routing tables can't
filter them even if they want to.  In general, such providers trust
their peers will already have filtered their provider routes, but are
exposed to someone that hacks their peer network from the inside, or
simply a misconfiguration inside their peer. But, in this context,
we are talking about access lists with tens of thousands of rules.

Processing power isn't always the limitation in working with such
filters.  One large provider, who filters extensively, has a bold
warning sign on its main router consoles:  DO NOT WRITE MEM/SAVE RUNNING START.
Their access lists exceed the size of NVRAM, and cannot be saved to 
it.  They MUST keep a small configuration in NVRAM, and then TFTP in 
the access lists.

Processors are much faster now than on earlier routers, and 
processing power isn't always the problem. Yes, it is sometimes.  But 
I don't recommend huge amounts of effort to minimize access lists 
unless:

 1.  You regularly monitor CPU utilization and see either a trend
 or actual statistics that will take you much above t50-60%
 5-minute utilization. There are LOTS of simplifying assumptions
 here; it's only a guideline.

 2.  You are CERTAIN that you have enough outgoing bandwidth that
 queueing for the medium isn't a problem

 3.  You are CERTAIN your processing load can't be reduced by
 configuring different switching modes and/or thinking through
 carefully that you have the most efficient placement of access
 lists with respect to interfaces.  In other words, it might
 be much better not to have access lists at all on inbound
 interfaces, but only on outbound interfaces, because the load
 often depends more on the presence or absence of an access list
 (and the consequent effect on switching path) than it does on
 number of lines in the list.

>
>--- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
>>  >You need to limit your ACLs because the more ACLs
>>  your CPU usage will go up.
>>
>>
>>  No, the total number of ACLs affects memory but not
>>  CPU.
>>
>>  The number of lines in each ACL affects CPU.
>>
>>  Depending on platform and switching mode, adding
>>  access-lists at ALL
>>  is the main impact on performance and CPU.
>>
>>  But saying you need to limit your ACL's because
>>  usage will go up
>>  doesn't make sense.  If you have a legitimate need
>>  for the functions
>>  that the ACLs perform, and your CPU isn't fast
>>  enough, you need to
>>  get a router with a faster CPU.  The ACLs are there
>>  for a business
>>  reason.  The only justification for the router is to
>>  meet business
>>  requirements.  There's no value to conserving a
>>  resource just for the
>  > sake of conserving it.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

linux firewall

[stephano mwendo]

Heloo there,
Can anyone please assist me with with how to set up a
linux firewall. I tried from the HOWTO without
success.
Thanks in advance.

=
*
STEPHANO MWENDO
PO BOX 8806, DAR ES SALAAM, TANZANIA.
TEL 255 22 2114053
FAX 255 22 2118956
MOBILE: 255 744 275559

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1900 switch

[Hornbeck, Timothy]

If it is an older original 1900 switch, you will need to use a null modem
cable and HyperTerminal.

- Tim

-Original Message-
From: Tom Lisa [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 1:03 AM
Cc: [EMAIL PROTECTED]
Subject: Re: 1900 switch


If he is using Hyperterminal to the console port, he should be using a
roll-over cable.
Also, make sure the DB9/RJ45 connector pin-out are correct.  Don't have my
chart handy
or I would include (it's available on CCO somewhere + I'm sure it's in the
archives).

Tom Lisa, Instructor, CCNA, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy

Rizzo Damian wrote:

> Did you try another straight through cable? 9 times out of 10, the cable
is
> to blame.
>
> -Original Message-
> From: Charles Paver [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 28, 2001 9:24 PM
> To: [EMAIL PROTECTED]
> Subject: 1900 switch
>
> Hi--I cant hyperterminal into my new 1900 series
> switch!  I changed the baud rate to 9600, and left all
> the same, but still no dice!  Also, I changed the flow
> control to hware, to none...and I cant get on.
> Also,Im using nt ws, as well as windows 98.  Same
> error every time--weird characters across the screen.
> such as atx0h0
>
> its weird...
> any ideas?
>
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM Vs Frame-relay

[Howard C. Berkowitz]

>Hi,
>
>Why ATM can go upto 10 Gbps whereas Frame-relay upto
>45 Mbps only?

There isn't market demand to do so, so carriers don't offer it.
There is no inherent reason why it can't, but I would tend to
say that the demand for frame relay aggregate bandwidth is being
outstripped by MPLS demands.

At the US Y2K information center, we had OC-3 interfaces to the
routers, the ATM PVCs on which included 15 Mbps pipes to the hosting
centers, and dozens of channels which started as frame relay but were
mapped to ATM at the far end.

>If so, please explain why it's impossible
>to build a frame-relay interface to deliver 1 Gbps.

It isn't.

I could argue, however, that there is no such thing as a frame relay 
interface.  Frame relay is layer 2, while interfaces are layer 1.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: [Re: what is the average age of people in this stuff?]

[Petra Hofmann]

You left out Col. Saunders!  hahahahah

More important what is the average age of someone asking the question in the
first place??


"Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> >Jess:
> >
> >Not to worry, I contacted AARP and was assured we can get a "senior 
> >discount" on
> >blueberries and no-doze so we can compete with these young 
> >whipper-snappers!  :)
> >
> >Tom Lisa, Instructor, CCNA, CCAI
> >Community College of Southern Nevada
> >Cisco Regional Networking Academy
> 
> 
> You contacted the AppleTalk Address Resolution Protocol?
> 
> More seriously, some stereotyping is floating around.  I'm thinking 
> of one of the most charismatic, impatient to fools yet committed to 
> teaching those willing to learn, and out-of-the-box crazy thinkers 
> I've ever met:  Grace Murray Hopper. Gee...I may have met her when 
> she wasn't even 70 yet.
> 
> I was saddened by an obituary I ran across today:  Claude Shannon. 
> Shannon was the father of modern information theory. Shannon died on 
> February 24, of Alzheimer's disease...which must have had to work 
> very hard to conquer such a mind.   Having passed earlier, but also 
> not to be forgotten, was Norbert Wiener.  We throw around the 
> buzzword "cyber" so freely these days, but we forget Wiener was the 
> person who formally defined "cybernetics."
> 
> On a brighter note, involving even older people who are still vidal 
> and active,Vint Cerf is the only person that does attend the IETF in 
> a three-piece suit, which is treated as an honorary T-shirt.
> 
> I can see someone young in years resenting a Dilbert-style manager 
> who holds their position by playing corporate games.  But don't leap 
> to conclusions -- someone who simply is "older" might very well be 
> more technical.
> 
> MCI's ads about Generation D thoroughly annoy me, with their talk of 
> "Generation D," the first generation that's grown up digital. 
> Ummm...take a look at a wonderful book called _The Victorian 
> Internet_.  While there is debate about the 1790-ish French semaphore 
> system being digital in the modern sense, the Morse telegraph in 1845 
> is digital (if you'll include pulse width modulation in the 
> definition and had recognizable protocols.   I don't know, offhand, 
> when the teletypewriter was invented, but Nyquist's theorems on 
> bandwidth were published in 1928.
> 
> Depending on how you define "computer" (does it need a stored 
> program, or self-modifiable program?), the first digital computer was 
> late-1930 (Eckert & Mauchly, and the independent German developer 
> whose name escapes me), or around 1950 with Von Neumann machines. 
> FORTRAN was available in 1956 or so, admittedly when the head of IBM 
> thought there would be a national market for about 6 computers. 
> There were packet networks in the early 1970s.
> 
> Exactly when did "Generation D" start?
> 
> Some of us older folk have been getting better at this for a long, 
> long time, and haven't slowed down. Might have changed emphasis.
> 
> >
> >
> >[EMAIL PROTECTED] wrote:
> >
> >>  Tom:
> >>
> >>  You are not alone; I just turned 50 on Thursday and am working on 
> >>my CCNA and
> >>  hope to test in June, then go on for my CCNP.
> >>
> >>  Regards,
> >>
> >>  Jess
> >  > MCP
> 
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get free email and a permanent address at http://www.netaddress.com/?N=1

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How to setup VLAN, Pls help.

[Gunjan Mathur]

Hi,

I'm new to this field, and my boss want to implement
VLAN in my network. We are using Cisco 2900/1900
switches. 
Pls guide me or send me links, which explain the
procedure to implement the VLAN.

Thanks,

Gm

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: linux firewall

[RG]

try here:
http://www.linux-firewall-tools.com/linux/
- Original Message -
From: "stephano mwendo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 01, 2001 8:42 AM
Subject: linux firewall


> Heloo there,
> Can anyone please assist me with with how to set up a
> linux firewall. I tried from the HOWTO without
> success.
> Thanks in advance.
>
> =
> *
> STEPHANO MWENDO
> PO BOX 8806, DAR ES SALAAM, TANZANIA.
> TEL 255 22 2114053
> FAX 255 22 2118956
> MOBILE: 255 744 275559
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: 1900 switch

[David Toalson]

What cables are you using?  I had this problem recently and after getting
BTAC support involved we discovered that you need a "NULL" modem cable to
connect your PC/laptop to the 9 pin console port of your 1900 switch.  It
took 3 CCIE's, a CCNP, two service reps, a service technician and a wannabe
before we discovered the answer.  The third CCIE finally came up with the
solution.

David Toalson
816-701-4142

> --
> From: Charles Paver[SMTP:[EMAIL PROTECTED]]
> Reply To: Charles Paver
> Sent: Wednesday, February 28, 2001 8:23 PM
> To:   [EMAIL PROTECTED]
> Subject:  1900 switch
> 
> Hi--I cant hyperterminal into my new 1900 series
> switch!  I changed the baud rate to 9600, and left all
> the same, but still no dice!  Also, I changed the flow
> control to hware, to none...and I cant get on. 
> Also,Im using nt ws, as well as windows 98.  Same
> error every time--weird characters across the screen. 
> such as atx0h0
> 
> its weird...
> any ideas?
>  
> 
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail. 
> http://personal.mail.yahoo.com/
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Seeing the Internet through a firewall

[kent . hundley]

Howard,

The architecture of a security perimeter depends a lot on your 
particular policies, so you should really do some research on what 
sorts of traffic you want to allow in and out of your network.  
However, a quick and dirty solution that should work for most small 
networks like you describe is:

outside interface (typically a serial interface)
  ip access-group 101 in

ip access-list 101 permit tcp any host  eq 80
ip access-list 101 permit tcp any host  eq 443 
ip access-list 101 permit tcp any any gt 1023 established
ip access-list 101 permit udp any eq 53 any gt 1023

You may want to also take a look at phrack issue 55 at 
phrack.infonexus.com, there is a pretty decent paper on securing a 
cisco router: "building bastion routers with ios".  If you need more 
info on access-lists in general you may also want to take a look at 
the cisco IOS documentation or "Cisco Access List Field Guide" of 
which I am co-author.

HTH,
Kent

On 27 Feb 2001, at 15:41, Howard Yuan wrote:

> Hi,
> 
> I'm trying to put a firewall into my company's router.  They have a
> webserver which hosts their webpage and every computer on the Internet
> has the ability to see the Internet through the router.  What lines
> would I need to put into an access-list to keep the webserver seen and
> reachable, and allow the other computers on the network to be able to
> see the Internet? Which side should I put the access-list on?  Inbound
> or outbound?  Thank you in advanced.
> 
> Howard
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Catalyst 1900 switch purchase guidance - HELP !

[Navin Parwal]

Hi Everyone ,
  I wanted to know the major differences between Cisco
Catalyst 1900 Standard and Enterprise editions avaialble.

 1)I want to know firstly that if the standard edition of 1900 catalyst
has the inbuilt IOS and runs CLI commands and web interface utility  for
basic configuration and can it support VLAN  ?

2)   Secondly I wanted as it mentions on the product that it can be
upgradedto the enterprise edition , how much approx does the upgrade kit
cost and is it only a software upgrade ?

3)  I guess it is a software upgrade , can I upgrade two switches with a
single upgrade kit ?

  I had gone to the Cisco web site but I could not find the detailed
information about all this , is there anyone who has worked on this product
,  they would be the best to guide me regarding it  .
I was planning to buy this product for studying for CCNA and then later
on CCNP as well.

thanks in advance .

regards,

Navin Parwal



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to setup VLAN, Pls help.

[Rizzo Damian]

Try here...

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/v
lans.htm

-Original Message-
From: Gunjan Mathur [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 9:14 AM
To: [EMAIL PROTECTED]
Subject: How to setup VLAN, Pls help.


Hi,

I'm new to this field, and my boss want to implement
VLAN in my network. We are using Cisco 2900/1900
switches. 
Pls guide me or send me links, which explain the
procedure to implement the VLAN.

Thanks,

Gm

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HEX

[Dale Frohman]

Does anyone have a way/tricks in remembering how to do HEX conversions?

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP cef

[Ricardo Ciganda]

Hi all!

I have got two questions.

Is IP cef incompatible with IP fast switching?

Could VoIP work with IP cef?

Ricardo Ciganda
CCNA, CCDA, Security
BCMSN, BCRAN, CIT
Systems Engineer and Network Consultant
BYTEMASTER, S.A.
C/ Gran Capitan 2-4 4ª Planta
Barcelona, SPAIN 08034
[EMAIL PROTECTED]
Phone:  (+34) 93-2520540
Fax:(+34) 93-2520541


Ask me I won't say no, how could I?
The Smiths

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boot Rom for Cisco 2500 series routers

[John Hardman]

Humm... Interesting, Cisco is willing to give them away free, but they do
not ship for free. I wonder which is the better deal, your price for
something free or something for free.

HTH
--
John Hardman CCNP MCSE+I


""CiScO"" <[EMAIL PROTECTED]> wrote in message
97kpdn$883$[EMAIL PROTECTED]">news:97kpdn$883$[EMAIL PROTECTED]...
> Is there anyone looking for Cisco 2500 router boot roms? I have the latest
> from Cisco,  version 11.0(10c)XB2. I currently have several sets left. All
> brand new. I am willing to ship the item at no cost within the US. If
you're
> interested please send an email so we can arrange shipping and payment.
>
> Helpful Links below:
>
> Boot Rom features and fixes:
> http://www.cisco.com/warp/public/471/30.shtml
>
> Replacing Boot Rom chips Instructions:
>
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2500c
> fig/bootrom.htm
>
>
> Thanks!
>
> Joe N. CCNA
> http://www.tmjf.com
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what is the average age of people in this stuff?

[Bruce Moran]

Bad Marlon Brando accent "We appreciate the endeavor of youth but these
things they should not be intruding on with their impetuousness."
- Original Message -
From: Allen May <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 27, 2001 3:12 PM
Subject: Re: what is the average age of people in this stuff?


> Sounds like The Godfather or some mafia control thing starting here ;)
Get
> off my territory!  haha
>
> Allen

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to stash more than 100 ACLs in a router

[kent . hundley]

Another alternative is to use named access-lists, which allow you 
to reference an acl using a user-defined name instead of a number. 
 This feature was introduced in IOS 11.2 and theoretically allows 
you to create an unlimited number of acls.  

HTH,
Kent

On 28 Feb 2001, at 21:37, Brian wrote:

> 
> if you're talking about IP acl's, in 12.1 / 12.0T cisco has added more
> acl's for ip, check the release notes, its no longer limited to 100
> extended and standard ip acl's
> 
> On Wed, 28 Feb 2001, ciscojolof wrote:
> 
> > Guys,
> >
> > I have a problem, in our network we are rate-limiting customers but
> > we cannot get more than 100 ACLs per router so once we have over 100
> > customers we are compelled to install a second router.
> >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html Report misconduct and
> > Nondisclosure violations to [EMAIL PROTECTED]
> >
> 
> 
> ---
> Special: Catalyst 3100 switch & 2503 router
>   module $1000.00 (16MB / 8MB)!!!
> 
> I'm buying / selling used CISCO gear!!
> email me for a quote
> 
> Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
> [EMAIL PROTECTED] [EMAIL PROTECTED]
> 318-222-2638 x 109318-222-2638 x 101
> 
> Netjam, LLC http://www.netjam.net
> 1401 Oden St.   VISA/MC/AMEX/COD
> Suite 18Cisco Channel Partner
> Shreveport, LA 71104
> Fax 318-221-6612
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TACACS+ Server for Solaris WHERE?????

[kent . hundley]

Robert,

Funny you should ask, I just downloaded and installed a copy of 
the free cisco tacacs server a few days ago.  You can pick it up at 
ftp-eng.cisco.com/pub/tacacs.

Be aware that this is an unsupported product with no warranties, 
although it does come with a decent user guide.  You cannot get 
assistance from Cisco on this code, but you do have the source so 
if your a code hacker you can pretty much do whatever you want.  
It runs fine on my sparc5 with sol8.

Good luck,
Kent

On 1 Mar 2001, at 13:29, McCallum, Robert wrote:

> Hello,
> 
> Can anyone let me know where I can fine a copy (free or otherwise) for
> a sun solaris server.  Much appreciated.
> 
> Robert McCallum
> 10 days till first born is due, 6 months till CCIE lab
> due.Which will be worse
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

No Subject

[Murat Kezlev]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Free download of Exam Qs!

[Rick Cossey]

I looked at them and saw several errors and the questions don't really look
like
they were written for BSCN or CCNP v2. I suggest you look closely at what
Cisco
says to study.
Just my opinion
Rick






_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Portfast

[John Chang]

In the below website it says not to have portfast on if you connect 
switches, hubs, or routers.  I understand that point but what if a user 
connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) 
or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he 
could connect multiple computers.  Would this cause any problems?  Thank you!


http://www-1.cisco.com/warp/public/473/12.html

Note: The portfast feature should never be used on switch ports that 
connect to other switches, hubs, or routers. These connections may cause 
physical loops
and it is very important that spanning tree go through the full 
initialization procedure in these situations. A spanning tree loop can 
bring your network down. If portfast
is turned on for a port that is part of a physical loop, it can cause a 
window of time where packets could possibly be continuously forwarded (and 
even multiply) in
such a way that the network cannot recover. 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Telnet Bandwidth

[Christopher Supino]

Hey all,


Slightly off topic(maybe not). How much bandwidth does your average telnet
session take up?

Christopher Supino
Senior System Engineer,
CCNA, MCSE, CNA5, ASE
TransNet Corp.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Design...too much?

[Mark Holloway]

Looking at Cisco's requirements for all of their CCIE tracks, it looks like
the CCIE Design Lab requires "the candidate to configure all of the devices
included in the design."

So not only do you design that proposed network, you must configure it too.
For those of use who work in the pre-sales engineering field where the CCDA
and CCDP made the most sense, I think this is going a little too steep for
CCIE Design.  I'm not opposed to learning how to configure equipment, but
the list of equipment is literally impossible to build a home lab (Catalyst
6500, 3500, 2900, PIX, Local Director, 7500, 7200, 4700, 3600, 2600, 2500,
7830 Call Manager, and more).  This is double the R/S Exam.  Is it really
realistic to expect someone who designs networks (as opposed to
administering/troubleshooting) to know all of this?  I'm assuming the
required knowledge of this technology needs to be top-notch, like with the
other CCIE exams.

I always felt the design path was more geared toward pre-deployment and not
post.  Of course, some knowledge of the hands on is good, but in my job
today I may sit with a client or a Data Engineer and go over some configs,
but I don't maintain the equipment.

Just my .02!  Opinion appreciated..

Regards,
Mark



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to setup VLAN, Pls help.

[David Armstrong]

I don't think the link to the Catalyst 5000 will help him much. He's got an
IOS based switch. Here's a couple of links that go over 2900XL switch
configuration. You might want to download the pdf file format for easier
readability.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/scg/inde
x.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/scg/kivl
an.htm

David Armstrong


"Rizzo Damian" <[EMAIL PROTECTED]> wrote in message
49C181ACF35ED311A7DC00508B5AF61102E52464@NAEXCHANGE">news:49C181ACF35ED311A7DC00508B5AF61102E52464@NAEXCHANGE...
> Try here...
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/v
> lans.htm
>
> -Original Message-
> From: Gunjan Mathur [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 9:14 AM
> To: [EMAIL PROTECTED]
> Subject: How to setup VLAN, Pls help.
>
>
> Hi,
>
> I'm new to this field, and my boss want to implement
> VLAN in my network. We are using Cisco 2900/1900
> switches.
> Pls guide me or send me links, which explain the
> procedure to implement the VLAN.
>
> Thanks,
>
> Gm
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to setup a cisco secure VPN client with a PIX 515 only?

[Bullock, Jason (1125)]

Hey list, 

I want to check to see if there was a member of the list that has put this
type of solution together.

I am running a cisco PIX 515 with 4.4 os and no failover.  We have clients
that will use a local ISP to dial up internet connectivity, and they then
want to vpn into our corporate network.  

I have purchased the cisco Secure VPN software for the clients and I am
looking for the best way to configure the PIX as the VPN endpoint for the
clients coming from the internet.

Anyone done this kind of thing successfully, ?   want to share some
pointers?  

thanks,
jason


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Referce book or cheat list

[John Chang]

Does anyone know of a small reference book set up like a dictionary that 
gives a small explanation of the command, parameters, and an example for a 
specific router/switch/IOS version.  If not someone should publish it and 
put me on the buy list.  Thanks.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

test2

[Murat Kezlev]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP cef

[Javier Contreras]

Hola Ricardo

Ip Cef and FS are to different forms of optimizing the flow of packets
in a router. They are mutually exclusive "per interface", as I have
seen configurations with 2 interfaces on cef and 1 in FS.
If you want a good explanation of the different modes, check the cisco 
press book "inside cisco IOS architectures" (puedes comprarlo en diaz 
de santos en BCN)

You NEED fast switching for some configuration modes of VoIP. For
example
on my tests a 3640, running 12.1.3t, for optimizing PPP (using 
interleaving), it does not mantains the quality over load, without FS.
Just take care that the results are platform and IOS version dependant.
BTW: in the same config, CEF did not mantained the quality.

Saludos!



Ricardo Ciganda wrote:
> 
> Hi all!
> 
> I have got two questions.
> 
> Is IP cef incompatible with IP fast switching?
> 
> Could VoIP work with IP cef?
> 
> Ricardo Ciganda
> CCNA, CCDA, Security
> BCMSN, BCRAN, CIT
> Systems Engineer and Network Consultant
> BYTEMASTER, S.A.
> C/ Gran Capitan 2-4 4ª Planta
> Barcelona, SPAIN 08034
> [EMAIL PROTECTED]
> Phone:  (+34) 93-2520540
> Fax:(+34) 93-2520541
> 
> Ask me I won't say no, how could I?
> The Smiths
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

-- 
---
Javier Contreras Albesa
Professional Trainer

PRO IN Training S.L.
PROfessional Information Networks
World Trade Center, Moll de Barcelona S/N
Edif Sur, Planta 4

Phone: (+34) 93-5088850 E-mail:
[EMAIL PROTECTED]
Fax:  (+34) 93-5088860 Internet:  http://www.proin.com

SHAPING THE FUTURE - BE PART OF IT!

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[McCallum, Robert]

yes, but only if he then connects another link to another hub / switch and
causes a bridging loop.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:08
To: [EMAIL PROTECTED]
Subject: Portfast


In the below website it says not to have portfast on if you connect 
switches, hubs, or routers.  I understand that point but what if a user 
connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) 
or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he 
could connect multiple computers.  Would this cause any problems?  Thank
you!


http://www-1.cisco.com/warp/public/473/12.html

Note: The portfast feature should never be used on switch ports that 
connect to other switches, hubs, or routers. These connections may cause 
physical loops
and it is very important that spanning tree go through the full 
initialization procedure in these situations. A spanning tree loop can 
bring your network down. If portfast
is turned on for a port that is part of a physical loop, it can cause a 
window of time where packets could possibly be continuously forwarded (and 
even multiply) in
such a way that the network cannot recover. 

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to setup VLAN, Pls help.

[Rizzo Damian]

Your absolutely right. I apologize, I didn't realize that was for a Cat
5000.



-Original Message-
From: David Armstrong [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:23 AM
To: [EMAIL PROTECTED]
Subject: Re: How to setup VLAN, Pls help.


I don't think the link to the Catalyst 5000 will help him much. He's got an
IOS based switch. Here's a couple of links that go over 2900XL switch
configuration. You might want to download the pdf file format for easier
readability.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/scg/inde
x.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/scg/kivl
an.htm

David Armstrong


"Rizzo Damian" <[EMAIL PROTECTED]> wrote in message
49C181ACF35ED311A7DC00508B5AF61102E52464@NAEXCHANGE">news:49C181ACF35ED311A7DC00508B5AF61102E52464@NAEXCHANGE...
> Try here...
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/v
> lans.htm
>
> -Original Message-
> From: Gunjan Mathur [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 9:14 AM
> To: [EMAIL PROTECTED]
> Subject: How to setup VLAN, Pls help.
>
>
> Hi,
>
> I'm new to this field, and my boss want to implement
> VLAN in my network. We are using Cisco 2900/1900
> switches.
> Pls guide me or send me links, which explain the
> procedure to implement the VLAN.
>
> Thanks,
>
> Gm
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to setup VLAN, Pls help.

[Howard C. Berkowitz]

>Hi,
>
>I'm new to this field, and my boss want to implement
>VLAN in my network. We are using Cisco 2900/1900
>switches.


What problems is your boss trying to solve with a VLAN?

There are lots of ways to use VLANs.  Start with the problem to 
solve, and then select appropriate technology.

It would also be useful to know what resources you already have 
consulted, so people don't point you to things you already know. If 
you haven't looked at any resources, a search at cco.cisco.com would 
be an excellent start.

>Pls guide me or send me links, which explain the
>procedure to implement the VLAN.
>
>Thanks,
>
>Gm

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[McCallum, Robert]

No,

The problem occurs if he creates a loop i.e. you have a main switch a cable
from the main switch goes to user A.  User A decides to connect a hub and a
few terminals - Outcome fine.  User B then says hey user A can you access
those terminals and the main network.  User A says yeah how do you want to
connect?  User A says yes and inadvertently patches his own pc and the
original connection that was from him to the main switch outcome is now main
switch has 2 connections to the minihub.  NOW spanning tree goes oh my and
recalculates - outcome 30 second outage for everyone on that vlan.  Then the
users go home, switch off their kit and go to the pub.  
Next day. The mini hub is switched back on - because portfast is enabled
the ports go whoosh straight into forwarding mode - result - spanning tree
goes oh my!! and recalculates.  

Outcome -- You and every other support member run about like loonies
trying to find this fault which occurs only when the user decides to switch
on his equipment.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:34
To: McCallum, Robert
Subject: RE: Portfast


Let me see if I got this correct.  If he only connects one mini-hub or 
mini-switch it is OK to have portfast on on the main switch.  If he then 
connects another mini-hub or mini-switch onto the first mini-hub or 
mini-switch than there will be a problem.  But when you connect 2 mini-hubs 
aren't you just extending the amount of ports and in a sense there is only 
one virtual mini-hub?

At 03:24 PM 3/1/2001 +, you wrote:
>yes, but only if he then connects another link to another hub / switch and
>causes a bridging loop.
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: 01 March 2001 15:08
>To: [EMAIL PROTECTED]
>Subject: Portfast
>
>
>In the below website it says not to have portfast on if you connect
>switches, hubs, or routers.  I understand that point but what if a user
>connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
>or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
>could connect multiple computers.  Would this cause any problems?  Thank
>you!
>
>
>http://www-1.cisco.com/warp/public/473/12.html
>
>Note: The portfast feature should never be used on switch ports that
>connect to other switches, hubs, or routers. These connections may cause
>physical loops
>and it is very important that spanning tree go through the full
>initialization procedure in these situations. A spanning tree loop can
>bring your network down. If portfast
>is turned on for a port that is part of a physical loop, it can cause a
>window of time where packets could possibly be continuously forwarded (and
>even multiply) in
>such a way that the network cannot recover.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF design question re: location of Area Border Router

[Hennen, David]

Jenny,

Yes, the 4500 will be the only router at the remote site.  There will be a
Catalyst 5500 and there will be several intra-area vlans being routed by the
4500, I'll try summarizing those.  It should be a fun project.

If things go well, there might be a couple of other sites that would be
setup similarly on this same 7513 router.  More than anything, I'm trying to
explore some other features OSPF can offer instead of making everything part
of one big area 0, which has worked fine so far.

Dave H

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 28, 2001 4:54 PM
To: [EMAIL PROTECTED]
Subject: OSPF design question re: location of Area Border Router


John,
You could equally well have the 7513 with one interface in area 1 and the
rest in area 0, and the 4500 with all interfaces in area 1, in which case
the 7513 is the ABR.

David,
Am I correct in thinking that the only router at the remote site is the
4500?  Or is there more 'behind it'?  Because if the 4500 is the only
router, you're not gaining much by making the 4500 the ABR.  Area 0 will
still include all the routers in your network, and the 4500 will still have
all the area 0 information.  You can summarise your remote site routes into
area 0, but that's about it.
Are you planning on extending this idea and having lots of other areas set
up in the same way?  Generally regarded as not a good idea to have 'too
many' areas defined on one router - the guidelines I saw last (quite a
while ago) suggested a maximum of three areas per router but even at the
time that was a very vague rule of thumb - they also suggested a maximum of
about 60 routers in an area which you are obviously exceeding, presumably
without problems.
Running area 0 over WAN links is not necessarily a terrible thing to do -
if your network is stable, OSPF doesn't spew out lots of traffic.
Making the 7513 the ABR is probably your best bet - it sounds like your
7513 can cope with it (check your memory usage as well, though).

JMcL


-- Forwarded by Jenny Mcleod/NSO/CSDA on 01/03/2001
08:38 am ---


"John Neiberger" <[EMAIL PROTECTED]>@groupstudy.com on
01/03/2001 04:19:39 am

Please respond to "John Neiberger" <[EMAIL PROTECTED]>

Sent by:  [EMAIL PROTECTED]



To:   [EMAIL PROTECTED]
cc:


Subject:  OSPF design question re: location of Area Border Router


I think I must be missing something here, or I don't understand the
concept of ABR.

If you have a 7513 in area 0 connected to a 4500 in area 1, for
instance, then the 4500 will have one interface in area0 and the rest
presumably in area 1.  By definition, that makes the 4500 an ABR,
doesn't it?  I don't see how you have any choice in this matter at all,
but since I've never actually configured OSPF perhaps someone will
enlighten me.

>>> "Hennen, David" <[EMAIL PROTECTED]> 2/28/01 9:32:59 AM >>>
Hi, I am preparing to bring up a new site in an ospf network.  The new
site
will be a training facility connected back to the main office by a t1.
Currently we use OSPF and have everything in area 0, around 100
routers.

I want to make this new site a different area and to make the new area
a
Totally Stubby Area.  We have two 7513 routers at the main office that
handle all the wan traffic, the new remote office would connect to one
of
these.  The remote training office will have a 4500.

One of my coworkers suggested that the 7513 at the main office should
be the
Area Border Router, because we should keep area 0 from being spread out
over
a bunch of wan links.  I had it in mind that the remote 4500 should be
the
ABR.  I don't have a strong reason for thinking that way.  The cpu of
the
7513 runs between 20-30 % utilization according to snmp info.

Are there any rules of thumb regarding this?  I looked through the
Cisco
OSPF network design book and can see some examples that support having
the
ABR at the main office.  Is that the accepted practice?  Are there any
gotcha's to look out for?

Thanks if you can help
dave h

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[Buri, Heather H]

John,

It should not cause any problems provided that the device in question is not
using any kind of dual uplinks.  Basically, all portfast does is allow that
port to skip through a majority of the Spanning Tree protocol checking
process.  Obviously this is okay for end stations and servers.  

We have portfast turned on all the ports in our closet switches and we have
wirless hubs on all floors as well as users who have mini hubs at their
desks and we have not experienced any problems thus far.

Heather - CCNA

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Portfast


In the below website it says not to have portfast on if you connect 
switches, hubs, or routers.  I understand that point but what if a user 
connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) 
or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he 
could connect multiple computers.  Would this cause any problems?  Thank
you!


http://www-1.cisco.com/warp/public/473/12.html

Note: The portfast feature should never be used on switch ports that 
connect to other switches, hubs, or routers. These connections may cause 
physical loops
and it is very important that spanning tree go through the full 
initialization procedure in these situations. A spanning tree loop can 
bring your network down. If portfast
is turned on for a port that is part of a physical loop, it can cause a 
window of time where packets could possibly be continuously forwarded (and 
even multiply) in
such a way that the network cannot recover. 

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Referce book or cheat list

[Lowell Sharrah]

that would be sweet.

>>> John Chang <[EMAIL PROTECTED]> 03/01/01 10:27AM >>>
Does anyone know of a small reference book set up like a dictionary that 
gives a small explanation of the command, parameters, and an example for a 
specific router/switch/IOS version.  If not someone should publish it and 
put me on the buy list.  Thanks.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NO FORMAT DEFINE alarm

[Roberts, Timothy]

What does the "NO FORMAT DEFINED" alarm represent on a 6509?   

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TACACS+ Server for Solaris WHERE?????

[Randy Feliz]

Robert,
You can also install cisco secure for unix...cisco gives a 60 day evaluation
key...all you have to do is get a new key every 60 days...this lets you do
TACACS+ and RADIUS..it has a gui and a command line

Randy Feliz
Senior Network Engineer
CCIE# 4331(R/S, ISP Dial)
- Original Message -
From: <[EMAIL PROTECTED]>
To: 'Ccielab' (E-mail) <[EMAIL PROTECTED]>; Cisco@Groupstudy. Com
(E-mail) <[EMAIL PROTECTED]>; McCallum, Robert
<[EMAIL PROTECTED]>
Sent: Thursday, March 01, 2001 8:57 AM
Subject: Re: TACACS+ Server for Solaris WHERE?


> Robert,
>
> Funny you should ask, I just downloaded and installed a copy of
> the free cisco tacacs server a few days ago.  You can pick it up at
> ftp-eng.cisco.com/pub/tacacs.
>
> Be aware that this is an unsupported product with no warranties,
> although it does come with a decent user guide.  You cannot get
> assistance from Cisco on this code, but you do have the source so
> if your a code hacker you can pretty much do whatever you want.
> It runs fine on my sparc5 with sol8.
>
> Good luck,
> Kent
>
> On 1 Mar 2001, at 13:29, McCallum, Robert wrote:
>
> > Hello,
> >
> > Can anyone let me know where I can fine a copy (free or otherwise) for
> > a sun solaris server.  Much appreciated.
> >
> > Robert McCallum
> > 10 days till first born is due, 6 months till CCIE lab
> > due.Which will be worse
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html Report misconduct and
> > Nondisclosure violations to [EMAIL PROTECTED]
>
>
> ___
> To unsubscribe from the CCIELAB list, send a message to
> [EMAIL PROTECTED] with the body containing:
> unsubscribe ccielab


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Callback btw router and win

[Charlie Hartwell]

 OK, you've got a nice combination of ppp-callback, ms-callback, and
ISDN (CLI) callback all combined in that config.

 You need to just have ms-callback so remove the "class test" stuff
from the dialer sting and also the "dialer caller 123 callback" line,
then change the "dialer remote-name" to "test".

 That ought to do it.

 If you change the username section to "username test
callback-dialstring "" password x" the remote client will be
prompted for a callback number.

Good luck!

Charlie


--- Tomaz Klemencic <[EMAIL PROTECTED]> wrote: > Hi all !
> 
> I am trying to connect win2000 station to cisco 2600 and to use
> callback. I
> get connected, authenticated and
> callback doesn`t happen. Station stays connected as if there was no
> callback
> configured on the router. If I remove dialer callback-secure
> command from
> dialer interface, call gets rejected and the "number of incoming
> call
> rejected for callback" under sh dial are incremented. Does anybody
> have any
> sugestions or maybe working config for this situation ? Here is my
> config:
> 
> username test callback-dialstring 123 password xxx
> ip subnet-zero
> isdn switch-type basic-net3
> !
> nterface BRI1/1
>   no ip address
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer pool-member 2
>  isdn switch-type basic-net3
>  ppp authentication ms-chap chap
> !
> interface Dialer3
>  ip unnumbered Loopback1
>  no ip directed-broadcast
>  ip nat inside
>  encapsulation ppp
>  dialer remote-name dostop
>  dialer idle-timeout 100
>  dialer callback-secure
>  dialer string 123 class test
>  dialer caller 123 callback
>  dialer pool 2
>  dialer-group 1
>  peer default ip address pool dostop
>  ppp callback accept
>  ppp authentication ms-chap chap
> !
> ip local pool dostop 192.168.31.1 192.168.31.2
> !
> map-class dialer test
>  dialer callback-server username
> dialer-list 1 protocol ip permit
> 
> -
> Tomaz Klemencic
> Hermes Plus, d.d., PE Celje
> Kersnikova 19, 3000 Celje
> +386-3-4284022
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Referce book or cheat list

[Daniel Cotts]

In the old printed IOS documentation there was a book called the "Cisco IOS
Software Command Summary". The one for 11.1 is 2-1/4 inches thick in a 7 by
8 inch format. However, no examples given.

The latest is located at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121sup/index
.htm
I do not know if a print version is available.
It seems to be a condensed version of the Configuration Guides and
Command References. 

> -Original Message-
> From: John Chang [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 9:27 AM
> To: [EMAIL PROTECTED]
> Subject: Referce book or cheat list
> 
> 
> Does anyone know of a small reference book set up like a 
> dictionary that 
> gives a small explanation of the command, parameters, and an 
> example for a 
> specific router/switch/IOS version.  If not someone should 
> publish it and 
> put me on the buy list.  Thanks.
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: HEX

[Craig Lindstrom]

I usaully break things down to a nibble at a time if I'm doing binary to
hex.  4 bits is exactly 1 Hex digit.  Then I make a little chart (stick this
chart in your wallet if you cant make it as fast as you can write)
Bin  = Hex=Dec
=0=0
0001=1=1
0010=2=2
0011=3=3
0100=4=4
0101=5=5
0110=6=6
0111=7=7
1000=8=8
1001=9=9
1010=A=10
1011=B=11
1100=C=12
1101=D=13
1110=E=14
=F=15

To Go From BIN to HEX or HEX to bin
Take any binary number 10101100 break it up into nibbles
1010 1100
Look it up
AC
Take a Hex number
FF
Look it up
 
Your done


Sometimes I don't do the table I just covert the nibble to decimal then to
hex remembering that 10=A 11=B etc

>From Hex to Decimal is only a little harder.
If I have my table already I conver it back to binary then to decimal. I do
this becase I am faster at Binary to decimal that Hex to decimal.  If you
really want to go from hex to decimal. just remeber that each digit is
16^number digit.  I have a hard time doing that it my head. But since most
hex is expressed two digits at a time you can take the LSD(least significant
digit) and look it up in the table
C=12
Then take the MSD(Most Significant Digit) and times it by 16
A=10*16=160
Add the MSD+LSD and there is you answer
160+12=172

When I do Decimal to Hex I convert the decimal to Binary then I do Binary to
Hex.  I can do Dec to Bin then Bin to Hext a lot faster than Dec to Hex.  I
know my 2^n table better than my 16^n table.

I hope that helped.

Craig

"Dale Frohman" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone have a way/tricks in remembering how to do HEX conversions?
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Portfast

[Oleg Mazurov]

If you are not going to form the loops you can turn the Spanning Tree
off. But if you connect a hub or a switch or something you are not going
to switch on/off very often, there's no point. You connect the hub to
the switchport, you wait 30 seconds, you forget about it forever.
Conecting/disconnecting stations to the hub doesn't bother the switch's
spanning tree, the switch port is still sniffing the hub's heartbeat and
stays in the forwarding state.

/felis

John Chang wrote:
> 
> In the below website it says not to have portfast on if you connect
> switches, hubs, or routers.  I understand that point but what if a user
> connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
> or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
> could connect multiple computers.  Would this cause any problems?  Thank you!
> 
> http://www-1.cisco.com/warp/public/473/12.html
> 
> Note: The portfast feature should never be used on switch ports that
> connect to other switches, hubs, or routers. These connections may cause
> physical loops
> and it is very important that spanning tree go through the full
> initialization procedure in these situations. A spanning tree loop can
> bring your network down. If portfast
> is turned on for a port that is part of a physical loop, it can cause a
> window of time where packets could possibly be continuously forwarded (and
> even multiply) in
> such a way that the network cannot recover.
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

help

[Olusegun Akinfemi]

Hi,

Kindly direct me on how to get free ccna test/exam
practise , trascender and free simulator.

thank you

=
Akinfemi Olusegun (MCP)
SmartCard Nigeria Plc (ValuCard Scheme)
3 Idowu Taylor Street, P. O .Box 70767
Victoria Island , Lagos
Lagos State, Nigeria.
Tel.(office) 234-1-2625593,4701627-8,7742441,
Tel.(home)234-1-5893435


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Fail-over config

[Richard Fulton]

Your opinions regarding the solution please,

   Server
   www/dns
   |
 512   |
  Kb   |
InternetRouter A-Switch--Router B---LAN
  |
  |128Kb
  |
 Router C
 New Intranet connection
 (Can provide access to
 Internet)


Goals:
1>Have Intranet connection act as fail over connection to internet for LAN

2>Connect to intranet servers seamlessly from LAN via 128Kb connection at all
times

3>www/dns server is accessible from internet while network is in fail-over mode
and LAN
still uses server as primary dns server


Solution
1>Use EIGRP on Routers A,B,C to facilitate fail-over/fail-back
2>Add static routes for the specific intranet sub-nets on Router B
3>?

Thank you in advance for your time,

Rick Fulton
CCNA





_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLANS and DHCP

[W. Alan Robertson]

Chris,

While that would certainly work, it's not the most elegant way of meeting your
requirement.

DHCP servers support different Scopes (think ranges of addresses, or different
subnets).  When you enable the 'ip helper address' on an interface supporting a
network where no DHCP or BOOTP server resides, the broadcast DHCP request is
repackaged as a unicast message with the destination address you provide in the
helper address statement.  The 'source ip address' field of that unicast packet
is the IP address of the router inteface from which the request originated, and
the DHCP uses it to determine which Scope (Pool of addresses, or Subnet range)
to allocate the new address from.

The DHCP forwards the DHCP response back to the router that handled the request,
and the router dumps it back onto the segment from which it came.

Presumably, the next step is the limit network access based on user class
(Administrative, Regular, Etc.).  Simply build your access-lists to suit your
needs.

Hope this helps,

Alan

- Original Message -
From: "Chris Sees" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 01, 2001 11:15 AM
Subject: VLANS and DHCP


> HI,
> Does anyone have suggestions for implementing DHCP in an enterprise
> environment that wants to use VLAN's (for administratve, regular users,
> etc. - for security purposes) and DHCP at the same time? It seems like you
> would need multiple DHCP servers (carefully placed). ?
> Thanks in advance.
>
>
> Chris
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[Latimer, Keith]

Check out the new portfast bpdu guard feature. It can shut down ports that
have portfast enabled when detecting bpdus on the line.
Keith 

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:44 AM
To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


No,

The problem occurs if he creates a loop i.e. you have a main switch a cable
from the main switch goes to user A.  User A decides to connect a hub and a
few terminals - Outcome fine.  User B then says hey user A can you access
those terminals and the main network.  User A says yeah how do you want to
connect?  User A says yes and inadvertently patches his own pc and the
original connection that was from him to the main switch outcome is now main
switch has 2 connections to the minihub.  NOW spanning tree goes oh my and
recalculates - outcome 30 second outage for everyone on that vlan.  Then the
users go home, switch off their kit and go to the pub.  
Next day. The mini hub is switched back on - because portfast is enabled
the ports go whoosh straight into forwarding mode - result - spanning tree
goes oh my!! and recalculates.  

Outcome -- You and every other support member run about like loonies
trying to find this fault which occurs only when the user decides to switch
on his equipment.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:34
To: McCallum, Robert
Subject: RE: Portfast


Let me see if I got this correct.  If he only connects one mini-hub or 
mini-switch it is OK to have portfast on on the main switch.  If he then 
connects another mini-hub or mini-switch onto the first mini-hub or 
mini-switch than there will be a problem.  But when you connect 2 mini-hubs 
aren't you just extending the amount of ports and in a sense there is only 
one virtual mini-hub?

At 03:24 PM 3/1/2001 +, you wrote:
>yes, but only if he then connects another link to another hub / switch and
>causes a bridging loop.
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: 01 March 2001 15:08
>To: [EMAIL PROTECTED]
>Subject: Portfast
>
>
>In the below website it says not to have portfast on if you connect
>switches, hubs, or routers.  I understand that point but what if a user
>connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
>or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
>could connect multiple computers.  Would this cause any problems?  Thank
>you!
>
>
>http://www-1.cisco.com/warp/public/473/12.html
>
>Note: The portfast feature should never be used on switch ports that
>connect to other switches, hubs, or routers. These connections may cause
>physical loops
>and it is very important that spanning tree go through the full
>initialization procedure in these situations. A spanning tree loop can
>bring your network down. If portfast
>is turned on for a port that is part of a physical loop, it can cause a
>window of time where packets could possibly be continuously forwarded (and
>even multiply) in
>such a way that the network cannot recover.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Preparation Library vs. CCNP Certification Library

[Piatnitchi Cristian]

Hi all

Which one ? Any differences between this two ? 
Please see 
http://www.ciscopress.com/book.cfm?series=2&book=167

and 

http://www.ciscopress.com/book.cfm?series=2&book=178


Which one shall I buy for CCNP preparation ?

Another question 

Is the CCNP track included in CCIE track. As I understood from Cisco's site
it isn't.
Am I right ?

Thanks in advance
Cristian

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

embarrasing question...

[Rizzo Damian]

Please excuse my ignorance, but what the heck is the command to enable
events and messages to be displayed via a Telnet
session instead of the default console session?  Thank you!






Damian Rizzo-CCNA+ Security, CNE, MCP 
Senior IT Engineer
Marakon Associates
203-978-6341
[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: help

[Daniel Cotts]

The best free information is the Cisco web site. Read the certification
requirements - then look up the answers. You will be much stronger for doing
so. For subnetting try this:
http://www.3com.com/nsc/501302s.html

> -Original Message-
> From: Olusegun Akinfemi [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: help
> 
> 
> Hi,
> 
> Kindly direct me on how to get free ccna test/exam
> practise , trascender and free simulator.
> 
> thank you
> 
> =
> Akinfemi Olusegun (MCP)
> SmartCard Nigeria Plc (ValuCard Scheme)
> 3 Idowu Taylor Street, P. O .Box 70767
> Victoria Island , Lagos
> Lagos State, Nigeria.
> Tel.(office) 234-1-2625593,4701627-8,7742441,
> Tel.(home)234-1-5893435
> 
> 
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLANS and DHCP

[Marcos Pacheco]

Hi Chris:

You can use only one server for DHCP purposes, and you
must to enable the ip helper-address option in each of
the interfaces of the router, I mean:

Int vlan1
ip address ip1 mask1
ip helper-address 
ip helper-address


Int vlan2
ip address ip2 mask2
ip helper-address 
ip helper-address

 



Int vlann
ip address ipn maskn
ip helper-address 
ip helper-address



In this case, we are using two DHCP servers in
different locations (just in failure case), but you
can use one, two, whatever).

Regards:
Marcos Pacheco.
Routing and Switching CCNP.


--- Chris Sees <[EMAIL PROTECTED]> escribió: > HI,
> Does anyone have suggestions for implementing DHCP
> in an enterprise
> environment that wants to use VLAN's (for
> administratve, regular users,
> etc. - for security purposes) and DHCP at the same
> time? It seems like you
> would need multiple DHCP servers (carefully placed).
> ?
> Thanks in advance.
> 
> 
> Chris
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


_
Do You Yahoo!?
Obtenga su dirección de correo-e gratis @yahoo.com
en http://correo.espanol.yahoo.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: embarrasing question...

[Rizzo Damian]

Ahhh yesthank you very much!




-Original Message-
From: Foulks, Brian, CTR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 12:34 PM
To: 'Rizzo Damian'; '[EMAIL PROTECTED]'
Subject: RE: embarrasing question...


term mon

> -Original Message-
> From: Rizzo Damian [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 10:24
> To:   '[EMAIL PROTECTED]'
> Subject:  embarrasing question...
> 
> Please excuse my ignorance, but what the heck is the command to enable
> events and messages to be displayed via a Telnet
> session instead of the default console session?  Thank you!
> 
> 
> 
> 
> 
> 
> Damian Rizzo-CCNA+ Security, CNE, MCP 
> Senior IT Engineer
> Marakon Associates
> 203-978-6341
> [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: embarrasing question...

[Foulks, Brian, CTR]

term mon

> -Original Message-
> From: Rizzo Damian [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 10:24
> To:   '[EMAIL PROTECTED]'
> Subject:  embarrasing question...
> 
> Please excuse my ignorance, but what the heck is the command to enable
> events and messages to be displayed via a Telnet
> session instead of the default console session?  Thank you!
> 
> 
> 
> 
> 
> 
> Damian Rizzo-CCNA+ Security, CNE, MCP 
> Senior IT Engineer
> Marakon Associates
> 203-978-6341
> [EMAIL PROTECTED]
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: embarrasing question...

[Buri, Heather H]

Are you talking about "term mon"?  That displays events from debug on your
terminal session.  

Heather - CCNA

-Original Message-
From: Rizzo Damian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 11:24 AM
To: '[EMAIL PROTECTED]'
Subject: embarrasing question...


Please excuse my ignorance, but what the heck is the command to enable
events and messages to be displayed via a Telnet
session instead of the default console session?  Thank you!






Damian Rizzo-CCNA+ Security, CNE, MCP 
Senior IT Engineer
Marakon Associates
203-978-6341
[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VLANS and DHCP

[Chris Sees]

HI,
Does anyone have suggestions for implementing DHCP in an enterprise
environment that wants to use VLAN's (for administratve, regular users,
etc. - for security purposes) and DHCP at the same time? It seems like you
would need multiple DHCP servers (carefully placed). ?
Thanks in advance.


Chris


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cat 6509 Frame Distribution

[Hinds, Christopher]

Hi,

On the config of a 6509 I have inherited I have a command I don't understand
nor ca find any info on ! Can anyone explain what :

#frame distribution method
set port channel all distribution ip both 

means ???

many thanks

Chris 


**
This communication is confidential and is intended only for 
the person to whom it is addressed.  If you are not that 
person you are not permitted to make use of the information 
and you are requested to notify mailto:[EMAIL PROTECTED] 
immediately that you have received it and then destroy the 
copy in your possession.
comdirect ltd is regulated by the SFA and is a member of the LSE.
**

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Consoling into a WX-C1400 FDDI

[Medley, Tim]

I'm trying to console into a 1400 FDDI concentrator. I've check CCO and all
my term settings are correct. Is there a special console cable I need or a
trick? 

Anyone have any experience with these guys?

tim

I hear and I forget
I see and I believe
I do and I understand
 -Confucius


Tim Medley - CCNA, CCDA
Network Architect
VoIP 
704-943-3615 - Phone
704-525-9119 - Fax
877-6-iReady - Helpdesk


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Referce book or cheat list

[Howard C. Berkowitz]

>Does anyone know of a small reference book set up like a dictionary that
>gives a small explanation of the command, parameters, and an example for a
>specific router/switch/IOS version.  If not someone should publish it and
>put me on the buy list.  Thanks.
>
Small?

I went through an exercise a while back.  I weighed the first Cisco 
command reference I owned (9.0 or 9.1) on my kitchen scale, and it 
was about 4 ounces.  I then weighed a 10.x reference, and it was 
closer to a pound.  When I put the 11.x reference on the 
two-pound-capacity scale, it went *klunk* and the needle pinned at 
the end of the scale.

To keep it small, you would need to restrict the commands to be considered.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Design...too much?

[Howard C. Berkowitz]

>"Mark Holloway" <[EMAIL PROTECTED]>  wrote,

First, emphatic agreement with your concern.  Design and 
implementation/support, at a serious level, tend to involve different 
skill sets and even mind sets.

Second, the CCIE R&S lab introduces lots of artificial conditions due 
to the limited number of devices and the time constraints of 
configuring.  For example, think of a relatively straightforward 
hierarchical, but high-reliability, enterprise design, using OSPF as 
the IGP but realistically using static routes at the edges.  I'll 
assume the enterprise is in the process of acquiring two or more new 
companies, one of which uses OSPF and one uses RIP.

You need at least two core routers, which indeed also could be ABRs. 
To avoid single points of failure, however, you presumably want two 
ABRs per area.  Multiple ABRs per area also let you explore the 
quirks of nonzero area partitioning, and using virtual links to 
restore backbone partitioning.

Each ABR needs to connect to at least two intra-area interfaces so 
you can see inter-area patterns.  It's highly likely there should be 
one or more internal and/or ASBRs in the nonzero areas, and an 
assortment of edge routers that accept default from a distribution 
tier intra-area router, and to which the distribution router(s) have 
static routes redistributed into OSPF.

The company being acquired doesn't yet have physical connectivity to 
your backbone, so they need to use a virtual link to reach it.  To 
support a virtual link, the nonzero area it traverses can in no way 
be stubby.  Areas into which static or RIP routes are redistributed 
must have an ASBR, so they must be either regular or NSSA.  It's 
quite plausible, however, that you might have a data center or other 
corporate area that qualifies to be stubby or totally stubby.

You want to explore load sharing to the Internet, so you need at 
least two ASBRs, in the backbone or elsewhere, that simulate your ISP 
connections.

Now, you could force this to go onto a very small number of routers. 
But the configurations involved become nightmarishly complex, and I'm 
not sure that the ability to build and troubleshoot such 
configurations is really relevant to demonstrating understanding of 
design tradeoffs (e.g., I have to have an ASBR in this area, but 
should the area be stubby or NSSA?  As a start, does the area have to 
support a virtual link?)

>Looking at Cisco's requirements for all of their CCIE tracks, it looks like
>the CCIE Design Lab requires "the candidate to configure all of the devices
>included in the design."
>
>So not only do you design that proposed network, you must configure it too.
>For those of use who work in the pre-sales engineering field where the CCDA
>and CCDP made the most sense, I think this is going a little too steep for
>CCIE Design.  I'm not opposed to learning how to configure equipment, but
>the list of equipment is literally impossible to build a home lab (Catalyst
>6500, 3500, 2900, PIX, Local Director, 7500, 7200, 4700, 3600, 2600, 2500,
>7830 Call Manager, and more).  This is double the R/S Exam.  Is it really
>realistic to expect someone who designs networks (as opposed to
>administering/troubleshooting) to know all of this?

No.  Indeed, if one considers ISP design, you might not even need to 
know which vendors' routers are involved, but you had better 
understand routing policy specification REALLY WELL.

>I'm assuming the
>required knowledge of this technology needs to be top-notch, like with the
>other CCIE exams.
>
>I always felt the design path was more geared toward pre-deployment and not
>post.  Of course, some knowledge of the hands on is good, but in my job
>today I may sit with a client or a Data Engineer and go over some configs,
>but I don't maintain the equipment.

Again, strong agreement.

Historically, there's been a tremendous lack of understanding, in 
Cisco's training and certification programs, of what good designers 
actually do.  It's far easier to test "measurable" things like 
commands.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Design...too much?

[Mask Of Zorro]

One skill required of designers, that can be measured in a lab environment, 
is the ability to specify appropriate equipment for the proposed 
technologies to be implemented. The designer needs to be able to specify a 
product that supports the proposed design.

Remember that the CCIE Design measures the candidates ability to design 
*CISCO* networks - recommending technologies appropriate to the scenario 
limitations and then recommending Cisco hardware appropriate to the 
technologies.

Can technology X be implemented on Cisco platform Y? If so, how? Are there 
caveats, tradeoffs, or flaming hoops to jump through in order to get product 
Z to effectively run feature A, B, and C at the same time?

I think that this is the approach that Cisco is taking with the CCIE Design 
track. Certainly designers are not expected to be responsible for 
implementing and maintaining hardware, but they need to be certain that 
their designs CAN be implemented on the hardware available (in this case, 
Cisco's), and one good way to determine if a person knows this is to have 
them do it, at least once, in the lab.

With this in mind, I think that Cisco is right on track.

Z


>From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: CCIE Design...too much?
>Date: Thu, 1 Mar 2001 11:13:08 -0500
>
> >"Mark Holloway" <[EMAIL PROTECTED]>  wrote,
>
>First, emphatic agreement with your concern.  Design and
>implementation/support, at a serious level, tend to involve different
>skill sets and even mind sets.
>
>Second, the CCIE R&S lab introduces lots of artificial conditions due
>to the limited number of devices and the time constraints of
>configuring.  For example, think of a relatively straightforward
>hierarchical, but high-reliability, enterprise design, using OSPF as
>the IGP but realistically using static routes at the edges.  I'll
>assume the enterprise is in the process of acquiring two or more new
>companies, one of which uses OSPF and one uses RIP.
>
>You need at least two core routers, which indeed also could be ABRs.
>To avoid single points of failure, however, you presumably want two
>ABRs per area.  Multiple ABRs per area also let you explore the
>quirks of nonzero area partitioning, and using virtual links to
>restore backbone partitioning.
>
>Each ABR needs to connect to at least two intra-area interfaces so
>you can see inter-area patterns.  It's highly likely there should be
>one or more internal and/or ASBRs in the nonzero areas, and an
>assortment of edge routers that accept default from a distribution
>tier intra-area router, and to which the distribution router(s) have
>static routes redistributed into OSPF.
>
>The company being acquired doesn't yet have physical connectivity to
>your backbone, so they need to use a virtual link to reach it.  To
>support a virtual link, the nonzero area it traverses can in no way
>be stubby.  Areas into which static or RIP routes are redistributed
>must have an ASBR, so they must be either regular or NSSA.  It's
>quite plausible, however, that you might have a data center or other
>corporate area that qualifies to be stubby or totally stubby.
>
>You want to explore load sharing to the Internet, so you need at
>least two ASBRs, in the backbone or elsewhere, that simulate your ISP
>connections.
>
>Now, you could force this to go onto a very small number of routers.
>But the configurations involved become nightmarishly complex, and I'm
>not sure that the ability to build and troubleshoot such
>configurations is really relevant to demonstrating understanding of
>design tradeoffs (e.g., I have to have an ASBR in this area, but
>should the area be stubby or NSSA?  As a start, does the area have to
>support a virtual link?)
>
> >Looking at Cisco's requirements for all of their CCIE tracks, it looks 
>like
> >the CCIE Design Lab requires "the candidate to configure all of the 
>devices
> >included in the design."
> >
> >So not only do you design that proposed network, you must configure it 
>too.
> >For those of use who work in the pre-sales engineering field where the 
>CCDA
> >and CCDP made the most sense, I think this is going a little too steep 
>for
> >CCIE Design.  I'm not opposed to learning how to configure equipment, but
> >the list of equipment is literally impossible to build a home lab 
>(Catalyst
> >6500, 3500, 2900, PIX, Local Director, 7500, 7200, 4700, 3600, 2600, 
>2500,
> >7830 Call Manager, and more).  This is double the R/S Exam.  Is it really
> >realistic to expect someone who designs networks (as opposed to
> >administering/troubleshooting) to know all of this?
>
>No.  Indeed, if one considers ISP design, you might not even need to
>know which vendors' routers are involved, but you had better
>understand routing policy specification REALLY WELL.
>
> >I'm assuming the
> >required knowledge of this technology needs to be top-notch, like with 
>the
> >other CCIE exams.
> >
> >I alwa

Re: cat 6509 Frame Distribution

[Drew Simonis]

"Hinds, Christopher" wrote:
> 
> Hi,
> 
> On the config of a 6509 I have inherited I have a command I don't understand
> nor ca find any info on ! Can anyone explain what :
> 
> #frame distribution method
> set port channel all distribution ip both
> 

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/channel.htm

(took all of 3 seconds to find that at the Cisco site...)

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT (exam # 640-506)

[Paul Immo]

I used the Sybex book


--- Bolaji Charles Olatunji <[EMAIL PROTECTED]>
wrote:
> Please, can anyone tell me what topics & where (in
> the Cisco press CIT book) to focus on - as i'm due
> to take the exam this week end? 
> 
> i'd appreciate direct replies as i'm not subscribed
> to the list.
> 
> thanks,
> 
> Bolaji 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Design...too much?

[new_user]

Info from a post on TCPMAG regarding the design CCIE tract..

The CCDP is worthwhile since the CCIE design track is taken off line. I have
the CCNP/DP certs. and have seen some, but few, contracting postings for the
DP. It is a marketing issue. Design certs. are tough to create, hence Cisco'
s problem with the design lab, it did not reflect real world conditions. How
can you properly gauge a persons design proficiency since there are many
ways to design a network and no one method is the defacto. Design topics,
approaches and methodologies are subjective so are customers design
requirements. Support certs. are easier for they are binary in nature the
fact is either true or false. Design certs. have many gray areas. If you
have or are going through the CCNP you might as well get the DP to round out
you knowledge of basic design principals. That is worth something.I agree
that this is frustrating for I too have over 16 years oh high level
networking experience and I need a cert to validate my track record. That is
the fault of loser recruiters and stupid corporate HR mangers that cannot
accurately define a set of requirements for a consultant or FTE. so, the HR
industry relies on CERTs. as a basic qualifier. i.e I need a someone for a
network support position with CCIE, CCNP, MSCE, A+ CNX, is easier to state
and rely on then actually listing what is really required and properly
interviewing the candidate.
""Mark Holloway"" <[EMAIL PROTECTED]> wrote in message
97ltiq$r39$[EMAIL PROTECTED]">news:97ltiq$r39$[EMAIL PROTECTED]...
> Looking at Cisco's requirements for all of their CCIE tracks, it looks
like
> the CCIE Design Lab requires "the candidate to configure all of the
devices
> included in the design."
>
> So not only do you design that proposed network, you must configure it
too.
> For those of use who work in the pre-sales engineering field where the
CCDA
> and CCDP made the most sense, I think this is going a little too steep for
> CCIE Design.  I'm not opposed to learning how to configure equipment, but
> the list of equipment is literally impossible to build a home lab
(Catalyst
> 6500, 3500, 2900, PIX, Local Director, 7500, 7200, 4700, 3600, 2600, 2500,
> 7830 Call Manager, and more).  This is double the R/S Exam.  Is it really
> realistic to expect someone who designs networks (as opposed to
> administering/troubleshooting) to know all of this?  I'm assuming the
> required knowledge of this technology needs to be top-notch, like with the
> other CCIE exams.
>
> I always felt the design path was more geared toward pre-deployment and
not
> post.  Of course, some knowledge of the hands on is good, but in my job
> today I may sit with a client or a Data Engineer and go over some configs,
> but I don't maintain the equipment.
>
> Just my .02!  Opinion appreciated..
>
> Regards,
> Mark
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TCP Load Balancing with a PIX

[Jim Barksdale]

I know using a Router and NAT you can map a single external address to a
virtual host with an internal address,  which then load balances across
several real hosts.
(TCP Load Balancing)
Can the same thing be done on a PIX?

I currently have 1 web server on the DMZ and want to add a second web
server (mirror of the first).  I then want to load balance across the
two of them.
I don't have the budget to buy a 'Local Director'.

Thanks for your help

Jim

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CID beta

[Fomes Iain]

Anyone got their results yet?
*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TCP Load Balancing with a PIX

[Tim O'Brien]

Jim,

Load Balancing is not currently a feature of the PIX. This is what the Local
Director or the Content Switches are for.

Tim



"Jim Barksdale" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I know using a Router and NAT you can map a single external address to a
virtual host with an internal address,  which then load balances across
several real hosts.
(TCP Load Balancing)
Can the same thing be done on a PIX?

I currently have 1 web server on the DMZ and want to add a second web
server (mirror of the first).  I then want to load balance across the
two of them.
I don't have the budget to buy a 'Local Director'.

Thanks for your help

Jim

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: finished ccnp

[Kilkis01]

I have just finished the CCNA and i 'm working in ccnp you know any book for the exam??

thanks and congratulation for the ccnp

Iakovos Svolakis wrote:

> Hi all,
>
> I have just finished CIT exam yesterday so from today I am a CCNP.
> The problem is that I passed the old ACRC exam not the new BSCN.
> Does anyone know if there is a problem with that?
> And one more question about the CVOICE specialization: is there any book =
> to read
> for the exam?
>
> Thanks
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

book help

[xzadio]

I just finished the CCNA and i want to start the CCNP, could you help me
to find
the books for the exams please.

Thank you all.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet Bandwidth

[Tony van Ree]

Hi,

It depends on how fast you can type and how fast the screen comes back from your 
server.  Telnet is quite low in bandwidth but high in packets.  Often each character 
typed becomes a packet therefore you produce a high number of small packets.  This 
however is usually still far slower than the ability of a server to return large ftp 
packets.

Teunis
Hobart, Tasmania
Australia

On Thursday, March 01, 2001 at 10:16:08 AM, Christopher Supino wrote:

> 
> Hey all,
> 
> 
> Slightly off topic(maybe not). How much bandwidth does your average telnet
> session take up?
> 
> Christopher Supino
> Senior System Engineer,
> CCNA, MCSE, CNA5, ASE
> TransNet Corp.
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Design...too much?

[Howard C. Berkowitz]

>One skill required of designers, that can be measured in a lab 
>environment, is the ability to specify appropriate equipment for the 
>proposed technologies to be implemented. The designer needs to be 
>able to specify a product that supports the proposed design.
>
>Remember that the CCIE Design measures the candidates ability to 
>design *CISCO* networks - recommending technologies appropriate to 
>the scenario limitations and then recommending Cisco hardware 
>appropriate to the technologies.

When I taught CID, I had a running argument with Cisco that it was 
far more important to put a current catalog and price list into the 
student kit than, say, a command reference. I was always told this 
was too expensive.

But, to refer back to your point about *CISCO* networks, pricing 
(and, for that matter, relevant discounts and support costs) is more 
important, IMNSHO, than the ability to configure a representative 
system in the lab (if you can -- see below).

In designing real networks (not solutions -- also see below), the 
cost-effective way to do things isn't necessarily the most elegant. 
For example, the conventional wisdom is to "pick the best box" to 
meet some set of requirements.  But a single best box isn't 
necessarily the most cost-effective.

This is going back a bit, but I remember several cases I had where 
there was a need to do assorted SNA stuff.  It needed more token ring 
interfaces than were available on a small platform, so the school 
solution was to use a 7000.

But the 7000 didn't have that fast a CPU, only a 68040.  In contrast, 
a 2500 series has only a 68030, with a speed of 0.5 relative to the 
68040 in the 7000.

But by stacking four 2500's, I could get 4 or 8 TR interfaces, with 
twice the CPU power of the 7000.

In a different scenario, I had lots of RSRB circuits to be 
terminated.  They were TCP encapsulated, so that took lots of CPU. 
There was a need to use an IBM channel interface, which only plugged 
into a 7x00 router.  To get the necessary CPU power, the school 
solution was to use a 7500.  But a better approach, for the specific 
customer, was to use a 7010 with a CIP card and a Fast Ethernet card, 
using the FE card to link to a 4700 that handled the TCP sessions.

>
>Can technology X be implemented on Cisco platform Y? If so, how? Are 
>there caveats, tradeoffs, or flaming hoops to jump through in order 
>to get product Z to effectively run feature A, B, and C at the same 
>time?
>
>I think that this is the approach that Cisco is taking with the CCIE 
>Design track. Certainly designers are not expected to be responsible 
>for implementing and maintaining hardware, but they need to be 
>certain that their designs CAN be implemented on the hardware 
>available (in this case, Cisco's), and one good way to determine if 
>a person knows this is to have them do it, at least once, in the lab.

But in a practical amount of time in the lab, how many devices can 
you configure?  Even a relatively small network might have dozens of 
access routers, several distribution points with distribution routers 
plus switches for regional servers, and a core. At what point is a 
lab setup using a lesser number of devices going to validate both 
functionality AND WORKLOAD/PERFORMANCE?

If I were going to require anything along a lab, as opposed to, say, 
a presentation before qualified designers, I'd much rather the 
demonstration use a block-level simulator such as BONES.  Netsys is 
at too fine a level, because it depends on configurations.


>
>With this in mind, I think that Cisco is right on track.
>
>Z

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[Chuck Church]

If this bdpu guard works as it supposed to, I'll definitely use it.  Windows
2000 machines seem to need portfast for DHCP, and almost all Windows
machines need it for IPX.  I've always pointed out to the customer about
NEVER connecting other layer 2 devices to the ports I configured portfast
on.  This is good insurance.

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218


-Original Message-
From: Latimer, Keith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 11:13 AM
To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail);
Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


Check out the new portfast bpdu guard feature. It can shut down ports that
have portfast enabled when detecting bpdus on the line.
Keith 

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:44 AM
To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


No,

The problem occurs if he creates a loop i.e. you have a main switch a cable
from the main switch goes to user A.  User A decides to connect a hub and a
few terminals - Outcome fine.  User B then says hey user A can you access
those terminals and the main network.  User A says yeah how do you want to
connect?  User A says yes and inadvertently patches his own pc and the
original connection that was from him to the main switch outcome is now main
switch has 2 connections to the minihub.  NOW spanning tree goes oh my and
recalculates - outcome 30 second outage for everyone on that vlan.  Then the
users go home, switch off their kit and go to the pub.  
Next day. The mini hub is switched back on - because portfast is enabled
the ports go whoosh straight into forwarding mode - result - spanning tree
goes oh my!! and recalculates.  

Outcome -- You and every other support member run about like loonies
trying to find this fault which occurs only when the user decides to switch
on his equipment.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:34
To: McCallum, Robert
Subject: RE: Portfast


Let me see if I got this correct.  If he only connects one mini-hub or 
mini-switch it is OK to have portfast on on the main switch.  If he then 
connects another mini-hub or mini-switch onto the first mini-hub or 
mini-switch than there will be a problem.  But when you connect 2 mini-hubs 
aren't you just extending the amount of ports and in a sense there is only 
one virtual mini-hub?

At 03:24 PM 3/1/2001 +, you wrote:
>yes, but only if he then connects another link to another hub / switch and
>causes a bridging loop.
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: 01 March 2001 15:08
>To: [EMAIL PROTECTED]
>Subject: Portfast
>
>
>In the below website it says not to have portfast on if you connect
>switches, hubs, or routers.  I understand that point but what if a user
>connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
>or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
>could connect multiple computers.  Would this cause any problems?  Thank
>you!
>
>
>http://www-1.cisco.com/warp/public/473/12.html
>
>Note: The portfast feature should never be used on switch ports that
>connect to other switches, hubs, or routers. These connections may cause
>physical loops
>and it is very important that spanning tree go through the full
>initialization procedure in these situations. A spanning tree loop can
>bring your network down. If portfast
>is turned on for a port that is part of a physical loop, it can cause a
>window of time where packets could possibly be continuously forwarded (and
>even multiply) in
>such a way that the network cannot recover.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CIT for CCNP 2.0

[sathesh]

i am taking my CIT exam next week. answers to one or more of the following 
clarifications will highly be appreciated.

1. i am using ISBN 81-7635-210-1. is this the right book of cisco press that i should 
be using ?

2. what series of catalyst switches are covered in LAN troubleshooting ?

3. in CIT, do you still have the option of selecting the right command from the 
command list ?

sathesh

-
Get free personalized email at http://email.lycos.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: book help

[Zorinan Kasilag]

xz, you can try the CCNP prepartion library from Ciscopress.  I'm using that
now.  It seems to suffice thusfar.  Use these to get yourself started.


Regards and good luck,

  _  

Zorinan Kasilag
Network Engineer
Global Network Operations Center
All-Tech Direct, Inc.
Montvale, NJ 07645
(201)782-0200 ext.282

   
 


-Original Message-
From: xzadio [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 5:57 PM
To: [EMAIL PROTECTED]
Subject: book help


I just finished the CCNA and i want to start the CCNP, could you help me
to find
the books for the exams please.

Thank you all.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[Virnoche, Phil]

We use it on all of our L2 and L3 Cat6509's...  greatest thing since
sliced bread. We were having a SEVERE problem with Win98 clients not being
able to log on because of timing issues (AutoIPconfiguration feature of
Win98 )  that portfast could correct. Before BPDU GUARD it was a manual
config for each affected port. BPDU Guard allows you to do it globally.



Philip G. Virnoche  CCNA
Network Engineer - AT&T Wireless
phone: 425.580.5239
cell: 206.601.3134

"HAM AND EGGS - A day's work for a chicken; A lifetime commitment for a
pig."


-Original Message-
From: Chuck Church [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 1:22 PM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


If this bdpu guard works as it supposed to, I'll definitely use it.  Windows
2000 machines seem to need portfast for DHCP, and almost all Windows
machines need it for IPX.  I've always pointed out to the customer about
NEVER connecting other layer 2 devices to the ports I configured portfast
on.  This is good insurance.

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218


-Original Message-
From: Latimer, Keith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 11:13 AM
To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail);
Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


Check out the new portfast bpdu guard feature. It can shut down ports that
have portfast enabled when detecting bpdus on the line.
Keith 

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:44 AM
To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


No,

The problem occurs if he creates a loop i.e. you have a main switch a cable
from the main switch goes to user A.  User A decides to connect a hub and a
few terminals - Outcome fine.  User B then says hey user A can you access
those terminals and the main network.  User A says yeah how do you want to
connect?  User A says yes and inadvertently patches his own pc and the
original connection that was from him to the main switch outcome is now main
switch has 2 connections to the minihub.  NOW spanning tree goes oh my and
recalculates - outcome 30 second outage for everyone on that vlan.  Then the
users go home, switch off their kit and go to the pub.  
Next day. The mini hub is switched back on - because portfast is enabled
the ports go whoosh straight into forwarding mode - result - spanning tree
goes oh my!! and recalculates.  

Outcome -- You and every other support member run about like loonies
trying to find this fault which occurs only when the user decides to switch
on his equipment.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:34
To: McCallum, Robert
Subject: RE: Portfast


Let me see if I got this correct.  If he only connects one mini-hub or 
mini-switch it is OK to have portfast on on the main switch.  If he then 
connects another mini-hub or mini-switch onto the first mini-hub or 
mini-switch than there will be a problem.  But when you connect 2 mini-hubs 
aren't you just extending the amount of ports and in a sense there is only 
one virtual mini-hub?

At 03:24 PM 3/1/2001 +, you wrote:
>yes, but only if he then connects another link to another hub / switch and
>causes a bridging loop.
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: 01 March 2001 15:08
>To: [EMAIL PROTECTED]
>Subject: Portfast
>
>
>In the below website it says not to have portfast on if you connect
>switches, hubs, or routers.  I understand that point but what if a user
>connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
>or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
>could connect multiple computers.  Would this cause any problems?  Thank
>you!
>
>
>http://www-1.cisco.com/warp/public/473/12.html
>
>Note: The portfast feature should never be used on switch ports that
>connect to other switches, hubs, or routers. These connections may cause
>physical loops
>and it is very important that spanning tree go through the full
>initialization procedure in these situations. A spanning tree loop can
>bring your network down. If portfast
>is turned on for a port that is part of a physical loop, it can cause a
>window of time where packets could possibly be continuously forwarded (and
>even multiply) in
>such a way that the network cannot recover.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

___

Passed BCRAN today

[Kevin Welch]

Thought I would drop a line letting you know that I passed my BCRAN exam
today, my final score was 849/1000.  I was suprised by the amount of design
oriented questions and there was a very large focus on isdn technology.  I
plan on completing the BSCN and CID exams over the enxt few months, maybe
then I can justify raising my rates as a consultant :-)

-- Kevin

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM Vs Frame-relay

[Tony van Ree]

Hi,

Frame relay and ATM do use different technologies.  Different switches.  Differnet 
ways data is put on a link.  Different framing.

Teunis
Hobart, Tasmania
Australia


On Thursday, March 01, 2001 at 08:43:19 AM, Howard C. Berkowitz wrote:

> >Hi,
> >
> >Why ATM can go upto 10 Gbps whereas Frame-relay upto
> >45 Mbps only?
> 
> There isn't market demand to do so, so carriers don't offer it.
> There is no inherent reason why it can't, but I would tend to
> say that the demand for frame relay aggregate bandwidth is being
> outstripped by MPLS demands.
> 
> At the US Y2K information center, we had OC-3 interfaces to the
> routers, the ATM PVCs on which included 15 Mbps pipes to the hosting
> centers, and dozens of channels which started as frame relay but were
> mapped to ATM at the far end.
> 
> >If so, please explain why it's impossible
> >to build a frame-relay interface to deliver 1 Gbps.
> 
> It isn't.
> 
> I could argue, however, that there is no such thing as a frame relay 
> interface.  Frame relay is layer 2, while interfaces are layer 1.
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Portfast

[Scott Morris]

It's not specific to Windows 2000 machines...  Any machine that needs DHCP
and boots up with any speed (less than 50 seconds), or any machine running a
novell client where it would try a GetNearestServer and find nothing

Scott

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Chuck Church
Sent: Thursday, March 01, 2001 4:22 PM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


If this bdpu guard works as it supposed to, I'll definitely use it.  Windows
2000 machines seem to need portfast for DHCP, and almost all Windows
machines need it for IPX.  I've always pointed out to the customer about
NEVER connecting other layer 2 devices to the ports I configured portfast
on.  This is good insurance.

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218


-Original Message-
From: Latimer, Keith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 11:13 AM
To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail);
Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


Check out the new portfast bpdu guard feature. It can shut down ports that
have portfast enabled when detecting bpdus on the line.
Keith

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:44 AM
To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail)
Subject: RE: Portfast


No,

The problem occurs if he creates a loop i.e. you have a main switch a cable
from the main switch goes to user A.  User A decides to connect a hub and a
few terminals - Outcome fine.  User B then says hey user A can you access
those terminals and the main network.  User A says yeah how do you want to
connect?  User A says yes and inadvertently patches his own pc and the
original connection that was from him to the main switch outcome is now main
switch has 2 connections to the minihub.  NOW spanning tree goes oh my and
recalculates - outcome 30 second outage for everyone on that vlan.  Then the
users go home, switch off their kit and go to the pub.
Next day. The mini hub is switched back on - because portfast is enabled
the ports go whoosh straight into forwarding mode - result - spanning tree
goes oh my!! and recalculates.

Outcome -- You and every other support member run about like loonies
trying to find this fault which occurs only when the user decides to switch
on his equipment.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: 01 March 2001 15:34
To: McCallum, Robert
Subject: RE: Portfast


Let me see if I got this correct.  If he only connects one mini-hub or
mini-switch it is OK to have portfast on on the main switch.  If he then
connects another mini-hub or mini-switch onto the first mini-hub or
mini-switch than there will be a problem.  But when you connect 2 mini-hubs
aren't you just extending the amount of ports and in a sense there is only
one virtual mini-hub?

At 03:24 PM 3/1/2001 +, you wrote:
>yes, but only if he then connects another link to another hub / switch and
>causes a bridging loop.
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: 01 March 2001 15:08
>To: [EMAIL PROTECTED]
>Subject: Portfast
>
>
>In the below website it says not to have portfast on if you connect
>switches, hubs, or routers.  I understand that point but what if a user
>connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub)
>or  unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he
>could connect multiple computers.  Would this cause any problems?  Thank
>you!
>
>
>http://www-1.cisco.com/warp/public/473/12.html
>
>Note: The portfast feature should never be used on switch ports that
>connect to other switches, hubs, or routers. These connections may cause
>physical loops
>and it is very important that spanning tree go through the full
>initialization procedure in these situations. A spanning tree loop can
>bring your network down. If portfast
>is turned on for a port that is part of a physical loop, it can cause a
>window of time where packets could possibly be continuously forwarded (and
>even multiply) in
>such a way that the network cannot recover.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
un

RE: Referce book or cheat list

[jenny . mcleod]

For IOS 9.1, the 'router products command summary' book was indeed a
convenient size - about 20cm by 12 cm, and about 1.5 cm thick, and it did
include short examples.  By IOS 10.3 (from memory) it was the same
height/width but about 4cm thick.  11.3 is the latest hardcopy I've seen
(it's now the 'Cisco IOS software command summary'), and Cisco wasn't wild
about providing them (they'd prefer to give you the CD, not surprisingly),
and it's about 28cm by 20 cm, and 5.5 cm thick.  Admittedly, the type is
larger than for the IOS 9.1 book, and there's more white space.   But it no
longer includes even brief examples.  And it only covers IOS, not the
various switch interfaces.

If you want a *small* reference book to include all that, expect a very
small font.

JMcL
-- Forwarded by Jenny Mcleod/NSO/CSDA on 02/03/2001
08:28 am ---


Daniel Cotts <[EMAIL PROTECTED]>@groupstudy.com on 02/03/2001 02:59:22
am

Please respond to Daniel Cotts <[EMAIL PROTECTED]>

Sent by:  [EMAIL PROTECTED]



To:   "'John Chang'" <[EMAIL PROTECTED]>
  [EMAIL PROTECTED]
cc:


Subject:  RE: Referce book or cheat list


In the old printed IOS documentation there was a book called the "Cisco IOS
Software Command Summary". The one for 11.1 is 2-1/4 inches thick in a 7 by
8 inch format. However, no examples given.

The latest is located at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121sup/index

.htm
I do not know if a print version is available.
It seems to be a condensed version of the Configuration Guides and
Command References.

> -Original Message-
> From: John Chang [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 9:27 AM
> To: [EMAIL PROTECTED]
> Subject: Referce book or cheat list
>
>
> Does anyone know of a small reference book set up like a
> dictionary that
> gives a small explanation of the command, parameters, and an
> example for a
> specific router/switch/IOS version.  If not someone should
> publish it and
> put me on the buy list.  Thanks.
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct
> and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: package lose

[Tony van Ree]

Hi,

The packet loss might not be due to an error.  A link that is really busy will drop 
packets because they timeout.  The remote device maybe too busy once again timeouts. 

Not all loss is due to an error condition.

Teunis
Hobart, Tasmania
Australia


On Thursday, March 01, 2001 at 06:38:30 PM, shanjun zou wrote:

> hello,every one:
> 
> In my Cisco 4500 router, I ping my s0 interface, it reported that the losing
> rate is 4%, but use the command "show interface s0", you could see "no
> error". I was confused.
> 
> why? could anyone tell me the truth?
> 
> 
> thanks very much.
> 
> 
> shanjun zou
> 
> 
> 
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT for CCNP 2.0

[Neil Schneider]

the answer to #3 is no.  You have to just type in the command.

Neil Schneider


<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> i am taking my CIT exam next week. answers to one or more of the following
clarifications will highly be appreciated.
>
> 1. i am using ISBN 81-7635-210-1. is this the right book of cisco press
that i should be using ?
>
> 2. what series of catalyst switches are covered in LAN troubleshooting ?
>
> 3. in CIT, do you still have the option of selecting the right command
from the command list ?
>
> sathesh
>
> -
> Get free personalized email at http://email.lycos.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet Bandwidth

[Russ Kreigh]

I remember seeing something about a service called "nagle" that groups
telnet packets.

enter config mode and type "service nagle" to enable it.

-Russ

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tony van Ree
Sent: Thursday, March 01, 2001 4:13 PM
To: Christopher Supino; [EMAIL PROTECTED]
Subject: Re: Telnet Bandwidth


Hi,

It depends on how fast you can type and how fast the screen comes back from
your server.  Telnet is quite low in bandwidth but high in packets.  Often
each character typed becomes a packet therefore you produce a high number of
small packets.  This however is usually still far slower than the ability of
a server to return large ftp packets.

Teunis
Hobart, Tasmania
Australia

On Thursday, March 01, 2001 at 10:16:08 AM, Christopher Supino wrote:

>
> Hey all,
>
>
> Slightly off topic(maybe not). How much bandwidth does your average telnet
> session take up?
>
> Christopher Supino
> Senior System Engineer,
> CCNA, MCSE, CNA5, ASE
> TransNet Corp.
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>


--
www.tasmail.com


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM Vs Frame-relay

[Howard C. Berkowitz]

>Hi,
>
>Frame relay and ATM do use different technologies.  Different 
>switches.  Differnet ways data is put on a link.  Different framing.
>
>Teunis
>Hobart, Tasmania
>Australia

Frame relay was specifically defined as part of ATM, as a low- to 
medium-speed data access servers.  Most WAN switches do both.

I will admit that it's hard to make a direct comparison between the 
ATM cell layer and frame relay, but there certainly is comparability 
between AAL and frame.  Frame relay to ATM interworking is well 
defined.

Of course, the circle closes as frame relay fragmentation chops up 
frames to give latency characteristics more like ATM.

>
>
>On Thursday, March 01, 2001 at 08:43:19 AM, Howard C. Berkowitz wrote:
>
>>  >Hi,
>>  >
>>  >Why ATM can go upto 10 Gbps whereas Frame-relay upto
>>  >45 Mbps only?
>>
>>  There isn't market demand to do so, so carriers don't offer it.
>>  There is no inherent reason why it can't, but I would tend to
>>  say that the demand for frame relay aggregate bandwidth is being
>>  outstripped by MPLS demands.
>>
>>  At the US Y2K information center, we had OC-3 interfaces to the
>>  routers, the ATM PVCs on which included 15 Mbps pipes to the hosting
>>  centers, and dozens of channels which started as frame relay but were
>>  mapped to ATM at the far end.
>>
>>  >If so, please explain why it's impossible
>>  >to build a frame-relay interface to deliver 1 Gbps.
>>
>>  It isn't.
>>
>>  I could argue, however, that there is no such thing as a frame relay
>>  interface.  Frame relay is layer 2, while interfaces are layer 1.
>>
>>  _
>>  FAQ, list archives, and subscription info: 
>>http://www.groupstudy.com/list/cisco.html
>>  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>>
>
>
>--
>www.tasmail.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FW: book help

[xzadio]

Thank you zori but the cisco prep.  books are they news? Because i listen that the 2
off them are pass and now cisco want to publish a new version.

My regards

Zorinan Kasilag wrote:

> xz, you can try the CCNP prepartion library from Ciscopress.  I'm using that
> now.  It seems to suffice thusfar.  Use these to get yourself started.
>
> Regards and good luck,
>
>   _
>
> Zorinan Kasilag
> Network Engineer
> Global Network Operations Center
> All-Tech Direct, Inc.
> Montvale, NJ 07645
> (201)782-0200 ext.282
>
>  
>
>
> -Original Message-
> From: xzadio [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 5:57 PM
> To: [EMAIL PROTECTED]
> Subject: book help
>
> I just finished the CCNA and i want to start the CCNP, could you help me
> to find
> the books for the exams please.
>
> Thank you all.
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLANS and DHCP

[Tony van Ree]

Hi,

Using a helper-address on the interfaces where you don't have the DHCP server.  The 
helper-address points to the DHCP server.  This can even happen across a WAN.


Teunis,
Hobart, Tasmania
Australia

On Thursday, March 01, 2001 at 12:09:31 PM, W. Alan Robertson wrote:

> Chris,
> 
> While that would certainly work, it's not the most elegant way of meeting your
> requirement.
> 
> DHCP servers support different Scopes (think ranges of addresses, or different
> subnets).  When you enable the 'ip helper address' on an interface supporting a
> network where no DHCP or BOOTP server resides, the broadcast DHCP request is
> repackaged as a unicast message with the destination address you provide in the
> helper address statement.  The 'source ip address' field of that unicast packet
> is the IP address of the router inteface from which the request originated, and
> the DHCP uses it to determine which Scope (Pool of addresses, or Subnet range)
> to allocate the new address from.
> 
> The DHCP forwards the DHCP response back to the router that handled the request,
> and the router dumps it back onto the segment from which it came.
> 
> Presumably, the next step is the limit network access based on user class
> (Administrative, Regular, Etc.).  Simply build your access-lists to suit your
> needs.
> 
> Hope this helps,
> 
> Alan
> 
> - Original Message -
> From: "Chris Sees" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 01, 2001 11:15 AM
> Subject: VLANS and DHCP
> 
> 
> > HI,
> > Does anyone have suggestions for implementing DHCP in an enterprise
> > environment that wants to use VLAN's (for administratve, regular users,
> > etc. - for security purposes) and DHCP at the same time? It seems like you
> > would need multiple DHCP servers (carefully placed). ?
> > Thanks in advance.
> >
> >
> > Chris
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> 
> _
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]