Re: CCIE Lab Report - unsuccesful
Chuck, I am truly sorry, and I am also supremely confident that you will someday be Chuck, CCIE. You have been an example to the group both in sharing your preparation methods, and, equally important, your philosophical/emotional approach. Unfortunately, Dilbert's management sometimes wins. That isn't to say, in this case, that the lab wasn't tough but fair. But...things happen. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Venting about another employee [was Re: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply]
Had a similar situation last year, guy is a fake CCNA, lies his way into the company (interview and all) gets a more senior position, then starts asking me and everyone else how to do stuff and blowing off assignments until someone does them. So I think h oppurtunity!, I start happily doing his work (boss knows) and working on CCNA and then CCNP. Guy continues screwing off and even sneaks away from work (everyone knows), so whats next?, he dissapears once too many, gets fired and I get his job and a fat raise to go along with the CCNP stamp and good on the job experience.. Happy Ending ;-) Cheers! George Murphy CCNP It all has to do with where you (or the person making the comments) are coming from. Someone without certs won't value them at all. Someone with a number of certs will usually place a high value on the certs. Of course, experience is everything. We've a guy at our office with his MCSE+DBA who couldn't recall any SQL if you asked him today. He took and passed the 3 required SQL tests last year after brain-dumping and taking them repeatedly (2-3 times per test, I believe). Every time we get an SQL problem, I love sending the call to him and then watch him try to wiggle his way out of it. It took him 3 tries to pass the CCNAv2, and now he's on to the CCNP. He wanted to know why he should do the Remote Access test instead of the Routing test. He's worked with ISDN and T1s and perhaps a few frame connections. I asked him, "What can you tell me about OSPF, EIGRP or BGP," and he said, "EIGRP is a routing protocol like RIP, and I guess the rest are routing protocols." Sorry, I'm venting. I'm just hoping we're not paying him much. I've run across a number of people I'd like to hire to replace him. His idea of research is beeping everyone in the office on their Nextels until he finds out what he needs. It was the funniest night: 3 of us were sitting around last year playing with Windows 2000. I got the first beep from him, asking a general question, and I replied back with a general answer. He beeped one of the other guys in the room with me with a question asking," How do I do 'such and such'." The question was the exact general answer I'd given him. That co-worker then replied with some more specific info, and suggested looking it up on CCO. Next thing we know, not 5 seconds later, he beeps the third engineer in the room and asked him some more details. Anyway, our general feeling about the guy is to ignore him unless there is absolutely nothing else going on. It's one thing to be totally stuck and need a little guidance, but once you're given some guidance, use it until you hit another wall, not just to ask more intelligent questions. My boss just keeps telling me, "Just send him all your grunt work." But even that isn't much solace to me, ask he usually screws up even grunt work and it's just easier to do it myself than delegate to him. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Scott Baron" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone noticed that people arguing the most that certs dont matter are > the ones that haven't 'bothered' to get them. > > I know that isn't true for everyone... so don't flame me but... see where > generalities get you! How shortsited can you be to simply make a blanket > statement... certs don't prove anything... geez. > > Scott M. Baron > CCNP, CCDP, MCP, CNA > > -Original Message- > From: Greg Macaulay [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 03, 2001 9:30 AM > To: The.Rock; [EMAIL PROTECTED] > Subject: RE: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply > > > "certs don't prove anything" ??? I'm not sure that I can agree with that > statement. Certs IMHO represent an interest by the individual in the subject > matter, and a determined effort to undertake studies necessary to become > more knowledgeable. > > Certainly, obtaining a cert. does not make one a guru. But it usually > (albeit not all the time) indicates a person who has shown some willingness > to learn. I view the knowledge I gained by studying for my certs as a > foundation to be built upon over the coming years. Perhaps I have only a > passing or introductory knowledge of some subjects at this juncture -- but I > assume -- and I certainly hope that as every year passes, I will build upon > that foundation knowledge and at some point I will undergo a slow, but > steady metamorphosis into a guru of sorts! But at this juncture with my > certs, I would certainly agree that I have just enough knowledge to be > dangerous! > > I would compare the cert study to obtaining academic and professional > degrees. Certainly upon graduation, grads are not experts in any area, but > they possess the fundamentals upon which to build. A lawyer, for example, > may indeed represent any
Re: CCIE Lab Report - unsuccesful
Chuck, thanks for your sharing. Keep working hard, I believe you can do it finally, and I wish we all do...!! "Chuck Larrieu" wrote in message <000d01c0bfcc$08c90800$[EMAIL PROTECTED]>... >Hey, everyone, how you all been? > >The short story is I did not make it to day 2. The rest of this is a bit >long winded, and easily skipped. > >First of all, I was quite pleased to find upon reading through my Day 1 >scenario that there was nothing I couldn't do, given time. There are plenty >of practice labs from several different sources which cover all the core >topics, so there were no surprises for me. > >Secondly, I was quite pleased when during my review of Day 1 results with >the proctor, he told me they were going to change the written instruction >on a particular section because of the solution I used. I'm actually quite >surprised it hasn't been done before. I was grudgingly given points, >although I was told my solution was definitely not what they had in mind. > >However, in the end, it was a few simple omissions that cost me the points >I would have needed to squeak into Day 2. > >Only one of the six of us who began together was invited to the second day. > >Things I learned: > >1) having the core topics down cold is CRUCIAL. No kidding! > >2) Time is crucial, but not, I believe, in the way I have seen it discussed >in many places. I highly doubt that typing 80 words a minute versus my 20 >WPM was the difference. Not when I spent as much time as I did >contemplating. You can't think it. You have to know it. > >By 2:00 p.m. I knew I didn't have a prayer of hitting all the requirements. >At that point I started counting points, putting myself in a defensive mode. >By quitting time, if I got full credit for everything I thought I deserved, >I would have had 31 points. As I found out in my review, I missed a few >simple things, and blew myself out of the water. This leads back to the >internalization of the core topics. You can't be thinking about how to >configure anything. You have to just bang them out, the same way you bang >out shaving or washing your hands or eating your lunch. > >3) Methodology is crucial. You have to have a good methodology that is >internalized and is habitual. You can't be thinking "what's next?" I don't >believe it matters what your methodology is, so long as you are consistent >and quick. My own methodology failed me because I was constantly adjusting, >rather than banging it out. > >4) I spent a good two hours last night in my hotel room debriefing myself. I >have six pages of notes regarding my day one experience. This will form the >basis of my study plan for my second attempt. I know that it is highly >unlikely I will have a scenario like the one I just worked on next time >through. But I will focus on methodology and speed. > >5) Good rapport with the proctor is helpful. I was able to get the >information I needed by carefully wording my questions and making sure that >my desired result was understood. The proctor is under a bit of stress >himself, with so many folks vying for his attention. He may think you are >asking something you are not. I made sure that if I was not getting an >answer that made sense that I clarified my request, so that the answer was >one that helped me understand. I will say also that the test I saw was >reasonably clear. The questions I had tended to be the result of outputs >from various show and debug commands, to clarify what the expectation was. > >A few other comments: > >I was far too aggressive in scheduling my lab date. Should have pushed it >out 60 days. Don't be in a hurry. Those without a lot of hands on need to >spend several months of several hours a day practicing. No two ways about >it. > >There has been a lot of discussion about the patch panels used in the lab. >All I can say is that the panels are clearly labeled. IMHO you have nothing >to worry about. That said, I did have to revisit the rack twice, in order to >make a cabling change. This was purely the result of a chicken or egg >situation, and not due to any difficulty with the rack itself. People with >home labs know well the issue with hooking up routers back to back. > >I sat next to a guy this morning ( a day 1 candidate ) who was getting up >every few minutes and going to the back of the rack to move cables around. >Completely unnecessary and driving the proctor nuts. There is no need for >any candidate to touch the back of the rack. > >You can't let little stuff stop you. Those with extensive hands on >experience know that sometimes routers do funny things like boot into >rommon> or behave as if there is an extensive paste going on in the >configuration dialogue. I have a router here at home that boots into rommon >once in a while. A reload has always done the trick ( knock on wood ) >sometimes leaning on control-C will stop a misbehaving configuration >dialogue. No this is not NDA because I did not go to troubleshooting. I >experienced one of these things as I g
Re: CCIE Lab Report - unsuccesful
Hi Sorry to hear you did not make it thru the first time around. I have followed your expeirence from close to the start of your list partisipation. I have not kept pace with you, but really I don't know too many people with drive of Chuck Larrieu either!! I have learned much from your questioning and answers, thanks for the input, both here and on the lab list. I sniped most of your report below with the exception of point #5. I have been trying to form a picture of the lab, trying to make it a part of me that I visit on a regular basis. When I was in Taekwon-Do I found that the more time I spent in visualization the better I got. It goes beyond just "seeing it", but a total emersion in the expeirence. And this is what I have been trying to do with the lab, so a little more detail will help me fill out my vision... NDA permiting, what can be asked of the proctor? TIA -- John Hardman CCNP MCSE ""Chuck Larrieu"" <[EMAIL PROTECTED]> wrote in message 000d01c0bfcc$08c90800$[EMAIL PROTECTED]">news:000d01c0bfcc$08c90800$[EMAIL PROTECTED]... > Hey, everyone, how you all been? > > The short story is I did not make it to day 2. The rest of this is a bit > long winded, and easily skipped. > > First of all, I was quite pleased to find upon reading through my Day 1 > scenario that there was nothing I couldn't do, given time. There are plenty > of practice labs from several different sources which cover all the core > topics, so there were no surprises for me. > > Secondly, I was quite pleased when during my review of Day 1 results with > the proctor, he told me they were going to change the written instruction > on a particular section because of the solution I used. I'm actually quite > surprised it hasn't been done before. I was grudgingly given points, > although I was told my solution was definitely not what they had in mind. > > However, in the end, it was a few simple omissions that cost me the points > I would have needed to squeak into Day 2. > > Only one of the six of us who began together was invited to the second day. > > Things I learned: <--Snip--> > 5) Good rapport with the proctor is helpful. I was able to get the > information I needed by carefully wording my questions and making sure that > my desired result was understood. The proctor is under a bit of stress > himself, with so many folks vying for his attention. He may think you are > asking something you are not. I made sure that if I was not getting an > answer that made sense that I clarified my request, so that the answer was > one that helped me understand. I will say also that the test I saw was > reasonably clear. The questions I had tended to be the result of outputs > from various show and debug commands, to clarify what the expectation was. > <--Snip--> _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help please
i think you are in the wrong newsgyoup.. Issaya Ernest wrote: > I've a notebook PC Compaq armada 1560. After > reformating and reintalling windows 95, my notebook > display has been reduced to half the screen size How > can I make the screen full as was before. > Any help will be appreciated. > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bgp filtering
i agrre with you.it should say in ... Alec Smiths wrote: > Router A > > neighbor 2.2.2.2 distribute-list 1 out > access-list 1 deny 160.10.0.0 0.0.255.255 > > In this case router A wants to deny updates for > network 160.0.0.0 propagated from router b (2.2.2.2) > to router a . But why does it say OUT instead of IN, > in the distribute-list ?? > > Thanks > > Alec > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2500 Series RAM
use any old 72 pin memory u have lying araound ..if it is for your lab ..who cares if its for your company get the cisco stuff..though i doubt there is any diffrence Brad Ellis wrote: > Jeremiah, > > The 25xx DRAM is standard 60ns 72pin w/ Parity. If you dont have smartnet > on the router and it isnt under warrantee, you can pretty much use any > memory you'd like. If you have smartnet or the router is under warrantee, I > would not recommend using non-approved third-party memory. (Cisco frowns > highly on that) > > ttyl > -Brad Ellis > CCIE#5796 > [EMAIL PROTECTED] > Optimized Systems Inc > used cisco hardware: www.optsys.net > > ""Jeremiah Wegernoski"" <[EMAIL PROTECTED]> wrote in message > 9albh3$8fa$[EMAIL PROTECTED]">news:9albh3$8fa$[EMAIL PROTECTED]... > > I have heard MANY varying opinions on the ram in the 2500 series routers, > > and would like to get a definite answer. > > > > Is the ram 72pin 60ns parity ram, proprietary cisco, or some other flavor? > > > > Replies are appreciated. > > > > Jeremiah _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ROM/FLASH
maybe this would shed some light.. on a pc command .com would bring the pc up to dos.equvalent to ROM after dos is loades then you clould load win3.11 or windows 95===equivalent IOS lanadm wrote: > Hi > > I am a newbie in Cisco CCNA, I learn form the book that "flash memory" > holds the > operatiing system image (IOS) and "ROM" contains bootstrap program and > operating > system software, so is there any difference between them ? is the term "IOS" > and > operating system software the same ? > > thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router config
it is way to summarize.. that is what is being done by router rip network 192.168.1.0 redistribute static ! ip route 192.168.1.0 255.255.255.0 loopback 0 Hunt Lee wrote: > I don't understand the following routing configs. I understand that > redistribute static means it will redistribute static routes into RIP > network, but that's all I could see. Can anybody please shed some light > on this? > > interface Serial 0 > ip address 192.168.1.1 255.255.255.252 > ! > interface Serial 1 > ip address 192.168.1.5 255.255.255.252 > ! > interface Serial 2 > ip address 192.168.1.9 255.255.255.252 > ! > interface Serial 3 > ip address 192.168.1.13 255.255.255.252 > ! > interface Serial 4 > ip address 192.168.1.17 255.255.255.252 > ! > router rip > network 192.168.1.0 > redistribute static > ! > ip route 192.168.1.0 255.255.255.0 loopback 0 > > Regards, > Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Creating and using aliases
intrestingi did not know myself this was possible..i knew of ip host the first thing that came to my ming was disabling dns lookup no ip domain-lookup "Bradley J. Wilson" wrote: > It occurred to me that a huge time-saver (especially in The Lab) would be to > create an alias in the routers which would ping all the desired destinations > in your network. That way, rather than sit there and ping x, then ping y, > etc., you could just type in the alias, and away it would go. > > So I'm trying to learn how to do this, and it's not going all that well. > I've looked over CCO, and haven't found the detailed help I'm looking for. > Here's what I've got configured on my router: > > alias exec pingall "ping 192.168.1.9;ping 192.168.1.17;ping > 192.168.1.21;ping 192.168.1.13" > > And when I type sho aliases, there it is: > > R4#sho aliases > Exec mode aliases: > h help > lologout > p ping > r resume > s show > u undebug > unundebug > w where > pingall "ping 192.168.1.9;ping 192.168.1.17;ping > 192.168.1.21;ping 192.168.1.13" > > And yet, when I try to use "pingall" at the exec prompt, it tries to do a > DNS translation rather than execute my alias. Can anyone offer any insight > into this? > > Thanks, > > BJ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hackers Advice
Curiosity- does anyone know of computer hacker programs. I bought a Cisco SwitchProbe & it has a 5 or 6 letter (or combination #) password. The box does not timeout after so many tries. It would seem possible to run sum sort of # & letter generator on it. Any ideas Thanks Phil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab Report - unsuccesful
At 06:34 PM 4/7/2001 -0700, Chuck Larrieu wrote: >Hey, everyone, how you all been? > >The short story is I did not make it to day 2. The rest of this is a bit >long winded, and easily skipped. Congratulations Chuck! My motto is, that it is better to try than not try at all. We all appreciate your efforts, help to the community, and feedback. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab Report - unsuccesful
Hey, everyone, how you all been? The short story is I did not make it to day 2. The rest of this is a bit long winded, and easily skipped. First of all, I was quite pleased to find upon reading through my Day 1 scenario that there was nothing I couldn't do, given time. There are plenty of practice labs from several different sources which cover all the core topics, so there were no surprises for me. Secondly, I was quite pleased when during my review of Day 1 results with the proctor, he told me they were going to change the written instruction on a particular section because of the solution I used. I'm actually quite surprised it hasn't been done before. I was grudgingly given points, although I was told my solution was definitely not what they had in mind. However, in the end, it was a few simple omissions that cost me the points I would have needed to squeak into Day 2. Only one of the six of us who began together was invited to the second day. Things I learned: 1) having the core topics down cold is CRUCIAL. No kidding! 2) Time is crucial, but not, I believe, in the way I have seen it discussed in many places. I highly doubt that typing 80 words a minute versus my 20 WPM was the difference. Not when I spent as much time as I did contemplating. You can't think it. You have to know it. By 2:00 p.m. I knew I didn't have a prayer of hitting all the requirements. At that point I started counting points, putting myself in a defensive mode. By quitting time, if I got full credit for everything I thought I deserved, I would have had 31 points. As I found out in my review, I missed a few simple things, and blew myself out of the water. This leads back to the internalization of the core topics. You can't be thinking about how to configure anything. You have to just bang them out, the same way you bang out shaving or washing your hands or eating your lunch. 3) Methodology is crucial. You have to have a good methodology that is internalized and is habitual. You can't be thinking "what's next?" I don't believe it matters what your methodology is, so long as you are consistent and quick. My own methodology failed me because I was constantly adjusting, rather than banging it out. 4) I spent a good two hours last night in my hotel room debriefing myself. I have six pages of notes regarding my day one experience. This will form the basis of my study plan for my second attempt. I know that it is highly unlikely I will have a scenario like the one I just worked on next time through. But I will focus on methodology and speed. 5) Good rapport with the proctor is helpful. I was able to get the information I needed by carefully wording my questions and making sure that my desired result was understood. The proctor is under a bit of stress himself, with so many folks vying for his attention. He may think you are asking something you are not. I made sure that if I was not getting an answer that made sense that I clarified my request, so that the answer was one that helped me understand. I will say also that the test I saw was reasonably clear. The questions I had tended to be the result of outputs from various show and debug commands, to clarify what the expectation was. A few other comments: I was far too aggressive in scheduling my lab date. Should have pushed it out 60 days. Don't be in a hurry. Those without a lot of hands on need to spend several months of several hours a day practicing. No two ways about it. There has been a lot of discussion about the patch panels used in the lab. All I can say is that the panels are clearly labeled. IMHO you have nothing to worry about. That said, I did have to revisit the rack twice, in order to make a cabling change. This was purely the result of a chicken or egg situation, and not due to any difficulty with the rack itself. People with home labs know well the issue with hooking up routers back to back. I sat next to a guy this morning ( a day 1 candidate ) who was getting up every few minutes and going to the back of the rack to move cables around. Completely unnecessary and driving the proctor nuts. There is no need for any candidate to touch the back of the rack. You can't let little stuff stop you. Those with extensive hands on experience know that sometimes routers do funny things like boot into rommon> or behave as if there is an extensive paste going on in the configuration dialogue. I have a router here at home that boots into rommon once in a while. A reload has always done the trick ( knock on wood ) sometimes leaning on control-C will stop a misbehaving configuration dialogue. No this is not NDA because I did not go to troubleshooting. I experienced one of these things as I got into the routers at the very start of my lab. Stuff happens now and again. Rule number one is "don't panic" With a six to seven month backlog, I have plenty of time to follow up on the action plan I developed for myself as part of my debriefing session. That plan includes ex
Re: Looking for a Cisco Job in Denver
Remember we have a special list for job related information. Go to www.groupstudy.com. The list is full of recruiters and employers who are willing to help. And even better, you can read the list off the website. Take care, Paul Borghese - Original Message - From: "Travis Parrill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 07, 2001 4:08 PM Subject: Looking for a Cisco Job in Denver > Dear Cisco Group, > > I have used this site for all of me certifications and on the job issues and > I can't say thank you enough for the tips everyone has given. I am now in > pursuit of a new job in the Denver, CO area and am strugling to say the > least. If any of you know any contacts or jobs openings please contact me. > > Thanks again for all your help, > > Travis Parrill > System Engineer > CCNP CCDA MCSE 4.0 & 2000 > [EMAIL PROTECTED] > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > [GroupStudy.com removed an attachment of type application/msword which had a name of ParrillTravis.doc] > > [GroupStudy.com removed an attachment of type application/msword which had a name of ParrillTravis.doc] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to configure 3Com CoreBuilder 5000 to work with "routing on a stick" with Cisco Fast Ethernet interface?
Hi All - I successfully configured "Routing on a stick" with Cisco 2620 router, using "dot1q" encapsulation. Is 3Com switch (CoreBuilder 5000) working with this method? How do I configure multi-vlan on 3Com switch over one fast ethernet port on the 2620 router? Thanks All! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Drivers for Smart Modular Techonlogies Flash PCMCIA Cards?
Nope, but there are some folks working on Linux drivers for them. I've got a stack of more than 100 flash cards that I'd love to be able to use between laptops if the driver was out there (make copying files >1.44mb easier than dragging out a ZIP drive). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Michael Snyder"" <[EMAIL PROTECTED]> wrote in message news:9afem4$ko8$[EMAIL PROTECTED]... > I was upgrading the flash on a 1600 yesterday. The image was on a 4 meg > flash and the new card was 16 megs. > > I thought no problem, I'll stick both pcmcia cards into my laptop and cut > and paste the image. Well as you can guess, Windows 2000 doesn't have > drivers for these cards. I ended up tftp'ing the image over. > > I know a bit about computers, and there's no reason that a laptop couldn't > read (any) pcmcia flash filesystem. > > I do it with sandisk's from another vendor (TopLayer) all the time. > > Anyone know the where abouts of the needed drivers for reading these cards? > I checked the www.smartm.com website with no luck. > > Thanks for Your Time, > > Michael Snyder > NOC Engineer > CCNP-Security, MCSE, CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-3041 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco practice exam site
http://www.cisco.com/cgi-bin/front.x/wwtraining/colt/ColtLogin.pl -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Nigel Taylor"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > tselvan, > It's been mentioned on the list that the testing site you're > referring too, has poorly written question and answers. However, if this is > the only option you have available then I believe a search of the "archives" > should get you the link... Search using "cisco test site" or "colt" > > HTH > > Nigel. > > - Original Message - > From: tselvan <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, April 04, 2001 1:08 AM > Subject: Cisco practice exam site > > > > Hai, > > > > I am going to write CCNA 2.0 exam. I came to know that using CCO login > > we can test our capability in cisco web site. Can u anyone can please > > tell me the url location in the cisco web site > > > > > > Regds > > Selvam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How long does DNS server cache an entry
Depends on how long the SOA says to cache it. RFCs state that only a minimum of 2 days has to be supports (so even if someone sets 1 hour, many DNS admins won't honor it). C:\>nslookup -q=soa artoo.net Server: c3p0.internal.artoo.net Address: 192.168.45.14 artoo.net primary name server = r2.artoo.net responsible mail addr = jroysdon.artoo.net serial = 2001022603 refresh = 3600 (1 hour) retry = 900 (15 mins) expire = 43200 (12 hours) default TTL = 86400 (1 day) Hmm, I need to bump that back up to a week. We changed IPs a bit ago and I had it decreased to facilitate the cutover. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Ruihai An"" <[EMAIL PROTECTED]> wrote in message 9afgfs$s4e$[EMAIL PROTECTED]">news:9afgfs$s4e$[EMAIL PROTECTED]... > This question is not related to Cisco, but I am sure some Cisco engineer > know the anwer > > How long does DNS server cache an entry it resoved earlier ? > Thanks > Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Venting about another employee [was Re: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply]
That guy works at your place too? Wow, he must get around... :-) --- Dennis -Original Message- From: J Roysdon [mailto:[EMAIL PROTECTED]] Sent: Saturday, April 07, 2001 12:46 PM To: [EMAIL PROTECTED] Subject: OT: Venting about another employee [was Re: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply] It all has to do with where you (or the person making the comments) are coming from. Someone without certs won't value them at all. Someone with a number of certs will usually place a high value on the certs. Of course, experience is everything. We've a guy at our office with his MCSE+DBA who couldn't recall any SQL if you asked him today. He took and passed the 3 required SQL tests last year after brain-dumping and taking them repeatedly (2-3 times per test, I believe). Every time we get an SQL problem, I love sending the call to him and then watch him try to wiggle his way out of it. It took him 3 tries to pass the CCNAv2, and now he's on to the CCNP. He wanted to know why he should do the Remote Access test instead of the Routing test. He's worked with ISDN and T1s and perhaps a few frame connections. I asked him, "What can you tell me about OSPF, EIGRP or BGP," and he said, "EIGRP is a routing protocol like RIP, and I guess the rest are routing protocols." Sorry, I'm venting. I'm just hoping we're not paying him much. I've run across a number of people I'd like to hire to replace him. His idea of research is beeping everyone in the office on their Nextels until he finds out what he needs. It was the funniest night: 3 of us were sitting around last year playing with Windows 2000. I got the first beep from him, asking a general question, and I replied back with a general answer. He beeped one of the other guys in the room with me with a question asking," How do I do 'such and such'." The question was the exact general answer I'd given him. That co-worker then replied with some more specific info, and suggested looking it up on CCO. Next thing we know, not 5 seconds later, he beeps the third engineer in the room and asked him some more details. Anyway, our general feeling about the guy is to ignore him unless there is absolutely nothing else going on. It's one thing to be totally stuck and need a little guidance, but once you're given some guidance, use it until you hit another wall, not just to ask more intelligent questions. My boss just keeps telling me, "Just send him all your grunt work." But even that isn't much solace to me, ask he usually screws up even grunt work and it's just easier to do it myself than delegate to him. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Scott Baron" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone noticed that people arguing the most that certs dont matter are > the ones that haven't 'bothered' to get them. > > I know that isn't true for everyone... so don't flame me but... see where > generalities get you! How shortsited can you be to simply make a blanket > statement... certs don't prove anything... geez. > > Scott M. Baron > CCNP, CCDP, MCP, CNA > > -Original Message- > From: Greg Macaulay [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 03, 2001 9:30 AM > To: The.Rock; [EMAIL PROTECTED] > Subject: RE: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply > > > "certs don't prove anything" ??? I'm not sure that I can agree with that > statement. Certs IMHO represent an interest by the individual in the subject > matter, and a determined effort to undertake studies necessary to become > more knowledgeable. > > Certainly, obtaining a cert. does not make one a guru. But it usually > (albeit not all the time) indicates a person who has shown some willingness > to learn. I view the knowledge I gained by studying for my certs as a > foundation to be built upon over the coming years. Perhaps I have only a > passing or introductory knowledge of some subjects at this juncture -- but I > assume -- and I certainly hope that as every year passes, I will build upon > that foundation knowledge and at some point I will undergo a slow, but > steady metamorphosis into a guru of sorts! But at this juncture with my > certs, I would certainly agree that I have just enough knowledge to be > dangerous! > > I would compare the cert study to obtaining academic and professional > degrees. Certainly upon graduation, grads are not experts in any area, but > they possess the fundamentals upon which to build. A lawyer, for example, > may indeed represent any survivors of a plane crash is his/her back yard on > the day he/she is admitted to the Bar, but law school graduation and passing > a Bar Examination DOES NOT indicate an expertise -- but it does indicate the > individual has the foundational knowledge and the potential to become an > expert at some point in t
Re: Problem in implementing NAT
Is IP space that hard to get in Pakistan? I'd never sign up with an ISP using NAT. ARIN's /19 blocks work out to about US$832/year for a Class C, but then that's 255 addresses you can be charging, say, US$10/month for (which you'll sell more accounts then you have modems/addresses for anyway), which turns into US$30600 even if you didn't oversubscribe those IPs. I had to search for the Bug ID as *05523 in order to find it as CSCdp05523: http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdp05523 Headline NAT causes HIGH CPU Product all Model Component nat Duplicate of Severity 2 Status A Version Found12.0(5) Fixed-in Version Release Notes If the address range defined in a Network Address Translation (NAT) pool is large, CPU utilization may rise to 100 percent. If a large number of translations are still in the NAT table showing large expiration timeout values, then the entries were not exited properly. Workaround: Specifically putting a reduced TCP translation timeout (20 to 30 minutes) has shown improvement. Apparently there are a lot of TCP translations that were not exited properly and the default timeout of 24 hours would leave these translations hanging. Reducing the translation timeout clears the entries earlier. Split the address range into smaller ranges, and define more NAT pools. You've configured something like 'ip nat translation tcp-timeout 1200' (which is 20 minutes), and no help? What about configuring it even lower? Also, instead of configuring one single pool, spread it into 8 /32 pools as the BugID suggests. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Muhammed Khalilullah" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi groupies, > > I am doing job in an ISP in Pakistan, and we are > applying NAT with Overloading on 4500 router. we apply > NAT on 254 Remote Clients with 8 Public IP pool like > (w.x.y.z/248) with the Using of Overloading NAT. After > 5 to 6 hours Our Memory and CPU usage is increasing > abnormally and reaches upto 90% to 95%. and Holding > memory of IP Input Process is also increases > constantly. The DRAM size is 16 MB. > > Cisco has recommended me for decreasing the time-outs > for these translations. I've configured this also but > still the same effect. Cisco has also mentioned that > we might be experiencing a bug CSCds05523. > > I'm not sure what it is! > > Waiting for your earliest replies. > Thanks in advance. > Khalil > CCNP, MCSE > > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3620 router with the NM-2FE2W card
Newer bootroms also support tftp from rommon mode as well, so long as the rom supports the interface you want to use. Since it won't support the FE, I wonder if it'll support a serial interface (1536K from a T1 interface is much faster than 115K from a console if you have to do a large number of them). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""John Kurkjian"" <[EMAIL PROTECTED]> wrote in message 9aeiju$lmg$[EMAIL PROTECTED]">news:9aeiju$lmg$[EMAIL PROTECTED]... > 1) IOS "T" does NOT support FE NM's, "XK" does. > > 2) If you put the flash in a 2600 to upgrade, how will the 2600 boot? As > time consuming as it may be, use the console port to upload the > image - OR- Use a PCMCIA flash card in a router that is up & running & tftp > the 3620 image to the card & use it to boot the new router, then > copy to flash.(I used a 1601R to do this and it worked great) > > Good luck > > John > > P.S - you can increase the baud rate on the console port to speed things up, > just remember the rate for future console connections. > "Thomas" <[EMAIL PROTECTED]> wrote in message > 9aeg25$ig9$[EMAIL PROTECTED]">news:9aeg25$ig9$[EMAIL PROTECTED]... > > Someone told me that IOS version followed with 'T' will support (like > > 12.0(5)T...). Do you think the latest version 12.1.7 will support this > > NM-2FE2W module? Thanks! > > > > > > > > "Nick Brooks" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > 12.0.7XK is the first version to support the new combo modules > > > > > > Thomas wrote: > > > > > > > Hi All - I have a 3620 router and a NM-2FE2W module. What version of > > IOS > > > > supports this NM-2FE2W on 3620? The router is currently has the > > standard IP > > > > IOS version installed. If a different IOS version is needed, is it > > possible > > > > if I place the flash of this 3620 router into a 2600 router and do the > > IOS > > > > upgrade from there, then put it back to the 3620 once done??? Thanks > > All! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: MRTG & PERL [was Re: port monitoring software]
Other than installing PERL (piece of cake with ActivePERL on NT, or using an RPM on RH Linux), where do you really touch PERL with MRTG? Yeah, you can customize the scripts, but I've never needed to even look at them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Rik"" <[EMAIL PROTECTED]> wrote in message 9ad4ar$tqd$[EMAIL PROTECTED]">news:9ad4ar$tqd$[EMAIL PROTECTED]... > I too use MRTG. Not the easiest to setup if you don't have any PERL > experience, but still not too bad. It makes a real nice compliment to > WUG/CiscoView. > > Rik > > ""Allen May"" <[EMAIL PROTECTED]> wrote in message > 01fa01c0bc55$9016cfb0$[EMAIL PROTECTED]">news:01fa01c0bc55$9016cfb0$[EMAIL PROTECTED]... > > Whatsup Gold is nice. I'm sure there are better/cheaper but this one > > definitely works. > > > > Allen > > > > - Original Message - > > From: "Scott" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, April 03, 2001 10:16 AM > > Subject: port monitoring software > > > > > > > I am in need of a software program that will monitor the ports on a > > Catalyst > > > 5505 and log when ports go down and up etc... > > > > > > If anyone has any information on this topic please let me know > > > > > > Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for a Cisco Job in Denver
Dear Cisco Group, I have used this site for all of me certifications and on the job issues and I can't say thank you enough for the tips everyone has given. I am now in pursuit of a new job in the Denver, CO area and am strugling to say the least. If any of you know any contacts or jobs openings please contact me. Thanks again for all your help, Travis Parrill System Engineer CCNP CCDA MCSE 4.0 & 2000 [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com [GroupStudy.com removed an attachment of type application/msword which had a name of ParrillTravis.doc] [GroupStudy.com removed an attachment of type application/msword which had a name of ParrillTravis.doc] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF virtual links
Hey group, I am in the middle of Lab #30 from the CCIE Lab Study Guide which involves OSPF virtual links. Here's my configs: R2503 - backbone router hostname r2503 ! ! ip subnet-zero ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet0 no ip address no ip directed-broadcast shutdown ! interface Serial0 ip address 192.1.1.1 255.255.255.0 no ip directed-broadcast ip ospf interface-retry 0 no ip mroute-cache no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface BRI0 no ip address no ip directed-broadcast shutdown ! router ospf 100 network 192.1.1.1 0.0.0.0 area 0 ! ip classless ! ! ! line con 0 transport input none line aux 0 line vty 0 4 ! end -- R2523- backbone router, link between R2503 & R4000 hostname r2523 ! ! ip subnet-zero ! ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 no ip directed-broadcast ! interface Serial0 ip address 193.1.1.2 255.255.255.0 no ip directed-broadcast ip ospf interface-retry 0 no ip mroute-cache no fair-queue ! interface Serial1 ip address 192.1.1.2 255.255.255.0 no ip directed-broadcast ip ospf interface-retry 0 clockrate 64000 ! interface Serial2 no ip address no ip directed-broadcast shutdown ! interface Serial3 no ip address no ip directed-broadcast shutdown ! interface Serial4 no ip address no ip directed-broadcast shutdown ! interface Serial5 no ip address no ip directed-broadcast shutdown ! interface Serial6 no ip address no ip directed-broadcast shutdown ! interface Serial7 no ip address no ip directed-broadcast shutdown ! interface Serial8 no ip address no ip directed-broadcast shutdown ! interface Serial9 no ip address no ip directed-broadcast shutdown ! interface TokenRing0 no ip address no ip directed-broadcast shutdown ! interface BRI0 no ip address no ip directed-broadcast shutdown ! router ospf 100 area 1 virtual-link 3.3.3.3 network 192.1.1.2 0.0.0.0 area 0 network 193.1.1.2 0.0.0.0 area 1 ! ip classless ! ! ! line con 0 transport input none line aux 0 line vty 0 4 ! end - R4000, in areas 1 & 4, has a virtual link through R2523 hostname r4000 ! ! ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface Ethernet0 ip address 152.1.1.1 255.255.255.0 no keepalive media-type 10BaseT ! interface Serial0 ip address 193.1.1.1 255.255.255.0 no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 no ip address shutdown ! interface TokenRing0 no ip address shutdown ! router ospf 100 network 152.1.1.1 0.0.0.0 area 4 network 193.1.1.1 0.0.0.0 area 1 area 1 virtual-link 2.2.2.2 ! ip classless ! ! ! line con 0 line aux 0 line vty 0 4 login ! end - the virtual link seems to be working fine. Here's a paste of show ip ospf virtual-link from r2523 r2523#show ip ospf vir Virtual Link OSPF_VL0 to router 3.3.3.3 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface Serial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:01 Adjacency State FULL (Hello suppressed) Here's a paste of show ip ospf virtual-link from r4000 r4000#show ip ospf vir Virtual Link OSPF_VL0 to router 2.2.2.2 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface Serial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 Adjacency State FULL (Hello suppressed) Here's the problem. I cannot ping r4000's ethernet interface (which is in area 4) from r2503. the network statement for 152.1.1.0/24 is in r2503's route table, but not in r2523's route table. r2503#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 152.1.0.0/24 is subnetted, 1 subnets O IA152.1.1.0 [110/138] via 192.1.1.2, 00:17:22, Serial0 O IA 193.1.1.0/24 [110/128] via 192.1.1.2, 00:17:22, Serial0 C192.1.1.0/24 is directly connected, Serial0 r2523#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidat
Re: PIX IOS upgrade
I believe you have to first upgrade to 5.1.x before you can go to 5.3. Be sure you back up your config and have a copy of 4.4 around so that you can downgrade easily. A lot has changed since 4.4 and 5.x. For instance, you can't have two default gateways (or two routes to the same networks on two interfaces). This screwed us when we upgraded a while back and had to get RIP working with the PIX to learn all of the inside routes we have. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Paul L Holloway"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm upgrading the IOS on a new PIX. What would be the downside of me upgrading to 5.3 without stepping up incrementally and just going directly from 4.4 to 5.3. I don't see anywhere in the Cisco documentation where they advise against this, but I seem to remember several threads here advising to go up one version at a time. Any thoughts?? > Paul _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Venting about another employee [was Re: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply]
It all has to do with where you (or the person making the comments) are coming from. Someone without certs won't value them at all. Someone with a number of certs will usually place a high value on the certs. Of course, experience is everything. We've a guy at our office with his MCSE+DBA who couldn't recall any SQL if you asked him today. He took and passed the 3 required SQL tests last year after brain-dumping and taking them repeatedly (2-3 times per test, I believe). Every time we get an SQL problem, I love sending the call to him and then watch him try to wiggle his way out of it. It took him 3 tries to pass the CCNAv2, and now he's on to the CCNP. He wanted to know why he should do the Remote Access test instead of the Routing test. He's worked with ISDN and T1s and perhaps a few frame connections. I asked him, "What can you tell me about OSPF, EIGRP or BGP," and he said, "EIGRP is a routing protocol like RIP, and I guess the rest are routing protocols." Sorry, I'm venting. I'm just hoping we're not paying him much. I've run across a number of people I'd like to hire to replace him. His idea of research is beeping everyone in the office on their Nextels until he finds out what he needs. It was the funniest night: 3 of us were sitting around last year playing with Windows 2000. I got the first beep from him, asking a general question, and I replied back with a general answer. He beeped one of the other guys in the room with me with a question asking," How do I do 'such and such'." The question was the exact general answer I'd given him. That co-worker then replied with some more specific info, and suggested looking it up on CCO. Next thing we know, not 5 seconds later, he beeps the third engineer in the room and asked him some more details. Anyway, our general feeling about the guy is to ignore him unless there is absolutely nothing else going on. It's one thing to be totally stuck and need a little guidance, but once you're given some guidance, use it until you hit another wall, not just to ask more intelligent questions. My boss just keeps telling me, "Just send him all your grunt work." But even that isn't much solace to me, ask he usually screws up even grunt work and it's just easier to do it myself than delegate to him. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Scott Baron" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone noticed that people arguing the most that certs dont matter are > the ones that haven't 'bothered' to get them. > > I know that isn't true for everyone... so don't flame me but... see where > generalities get you! How shortsited can you be to simply make a blanket > statement... certs don't prove anything... geez. > > Scott M. Baron > CCNP, CCDP, MCP, CNA > > -Original Message- > From: Greg Macaulay [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 03, 2001 9:30 AM > To: The.Rock; [EMAIL PROTECTED] > Subject: RE: Cisco Certs Becoming Paper CCXX - Senior Citizen Reply > > > "certs don't prove anything" ??? I'm not sure that I can agree with that > statement. Certs IMHO represent an interest by the individual in the subject > matter, and a determined effort to undertake studies necessary to become > more knowledgeable. > > Certainly, obtaining a cert. does not make one a guru. But it usually > (albeit not all the time) indicates a person who has shown some willingness > to learn. I view the knowledge I gained by studying for my certs as a > foundation to be built upon over the coming years. Perhaps I have only a > passing or introductory knowledge of some subjects at this juncture -- but I > assume -- and I certainly hope that as every year passes, I will build upon > that foundation knowledge and at some point I will undergo a slow, but > steady metamorphosis into a guru of sorts! But at this juncture with my > certs, I would certainly agree that I have just enough knowledge to be > dangerous! > > I would compare the cert study to obtaining academic and professional > degrees. Certainly upon graduation, grads are not experts in any area, but > they possess the fundamentals upon which to build. A lawyer, for example, > may indeed represent any survivors of a plane crash is his/her back yard on > the day he/she is admitted to the Bar, but law school graduation and passing > a Bar Examination DOES NOT indicate an expertise -- but it does indicate the > individual has the foundational knowledge and the potential to become an > expert at some point in the future. I would submit that the same goes for > physicians, accountants, architects, etc. > > I think that the real problem is how these certs. have been marketed. > Instead of promising IMMEDIATE big bucks, the certs, should be an entry > ticket into this career. Individuals who possess these certs should be > resp
Re: Strange problem, Pls help
Regarding your problem, Gary, just get on the phone with that ISPs tech support and don't let the engineer off the line until they've removed the filter. I had to battle an engineer at UUNET to get him to double-check their filters as my Sprint blocks weren't getting seen through their AS. When he finally did, he found a few problems, and once corrected I could seem them at cerf & oregon (which, btw, are great BGP looking-glass resources): telnet://route-views.oregon-ix.net telnet://route-server.cerf.net -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Gary Crouch"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have the same problem at my site we are using BGP routing and when the link > to our ISP thats provides us with the IP blocks goes down traffic goes out the > other ling but tries to return on the down link because our bgp routes are be > filter by the other provider that has agried to advertise them. > > What protocols are you using? > > > >>> Gunjan Mathur <[EMAIL PROTECTED]> 04/01/01 10:49PM >>> > Hi, > I hve 2621 router and tow WAN links are terminating on > that, my proble is this is one of my wan link goes > down then second link drop the packets. > What colud be the reason of that. > > ravi > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/?.refer=text > I have the same problem at my site we are using BGP routing and when the > link to our ISP thats provides us with the IP blocks goes down traffic > goes out the other ling but tries to return on the down link because our > bgp routes are be filter by the other provider that has agried to > advertise them. What protocols are you using? > > >>> Gunjan Mathur <[EMAIL PROTECTED]> 04/01/01 10:49PM >>> > Hi, > I hve 2621 router and tow WAN links are terminating on > that, my proble is this is one of my wan link goes > down then second link drop the packets. > What colud be the reason of that. > > ravi > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: (NONE)
http://www.firewallking.com/phpnuke/html/layout.php -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""SumitRanjan"" <[EMAIL PROTECTED]> wrote in message 00a101c0bc13$b4ac86e0$76afc5cb@workgroup">news:00a101c0bc13$b4ac86e0$76afc5cb@workgroup... > Hi all +ACE- > I am a going to take the CCNA coming may. > can u plz. suggest me some place from where i could online CLI testing. > ya , i know there is an r1r2.com but its busy most of the time. > also could you plz. let me know where i can take practice tests(fro free). > > >thanx in anticipation > >Sumit _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router as tftp server
As long as you have reachability, you can do it. Mind you tftp is udp based and subject to getting trampled on, but it works. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Will Klein"" <[EMAIL PROTECTED]> wrote in message 9aao69$6q8$[EMAIL PROTECTED]">news:9aao69$6q8$[EMAIL PROTECTED]... > All, > Can I use a 3640's flash to hold a 2500's image and then tftp that image to > a 2500? The 2500 and the original tftp server are more hops apart than the > 3640. Anybody done this before? Thanks. > > Will _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSHv1 on Cisco IOS
Yeah, but not a hardware/software/feature matrix :/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message 01f701c0bba6$f1393f80$[EMAIL PROTECTED]">news:01f701c0bba6$f1393f80$[EMAIL PROTECTED]... > There is such a tool but you need a CCO login. > > Feature Navigator > > http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl > > > Kevin Wigle > > > - Original Message - > From: "Ben Hockenhull" <[EMAIL PROTECTED]> > To: "jason lynch" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, April 02, 2001 2:13 PM > Subject: Re: SSHv1 on Cisco IOS > > > > > snip < < > > > You know, I was looking for an image that supported the WIC-1ENET, Voice, > > IPSec, and a ton of other things on the 1750 and had a heck of time > > finding an image with 1. the proper hardware support 2. Proper feature > > support, and 3. no killer bugs. > > > > Someone could make a lot of money if they provided IOS release consulting. > > "What's on this image? Is Foo supported on Bar releases? The hell is > > 12.1.5-XC3, anyway?" > > > > The IOS release structure is wholly inscrutable. It'd be neat if you > > could plug in a list of necessary features, supported hardware and such, > > and get back a list of recommended releases. > > > > Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug ip error
Also, assign an IP to the RSM and set the logging to the console as disabled. Then telnet to the RSM IP and turn on terminal monitor. This way you hammer your IP session and not the console session, and should be able to either get in with another telnet session or worst case via the session command to the console. But like Cisco's debug disclaimer always says: debug can hammer a cpu and should be used with caution. This would be a nasty little command to issue to all of your routers: #debug all This may severely impact network performance. Continue? [confirm] All possible debugging has been turned on -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "garrett allen" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > one tip is to issue the no debug all command prior to issuing debug all. that way when > the router display begins spewing debug info you can issue an up arrow and enter command > sequence to get out of debug mode. > > Gayathri wrote: > > > Hi Group, > > > > Recently due to some problems my colleague issued a debug ip error command > > on the rsm. > > > > The problem is we could not stop the process at all. We tried using the no > > debug ip error but it never came out of the process, there was a lot of > > details regarding routing info . Luckily for us we had HSRP. > > > > We had to reboot the RSM , manually i.e, remove the card and insert it back. > > Is this a common thing that we cant stop the debug ip error process. > > > > Thanks > > > > Gayathri _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Creating and using aliases
Hi Bradley, I think you need to get rid of the speech marks. Where did you get the idea for the semi-colons? Was it a guess or are you on the right lines? I was never aware that you could perform multiple line commands with one alias, although I would be interested if you can. Couple of suggestions otherwise: alias exec p1 ping 192.168.1.1 alias exec p2 ping 192.168.1.2 to cut the commands down a little or download the latest version of hyperterminal from www.hilgraeve.com which allows you to assign macro keys, which can be programmed with multiple lines. I don't know how long that feature has been there? It may mean you have to use hyperterminal as opposed to telnet (if you're not consoled in). Regards, Gareth ""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message 00b401c0bf89$dca06da0$6d07f7a5@bwilson">news:00b401c0bf89$dca06da0$6d07f7a5@bwilson... > It occurred to me that a huge time-saver (especially in The Lab) would be to > create an alias in the routers which would ping all the desired destinations > in your network. That way, rather than sit there and ping x, then ping y, > etc., you could just type in the alias, and away it would go. > > So I'm trying to learn how to do this, and it's not going all that well. > I've looked over CCO, and haven't found the detailed help I'm looking for. > Here's what I've got configured on my router: > > alias exec pingall "ping 192.168.1.9;ping 192.168.1.17;ping > 192.168.1.21;ping 192.168.1.13" > > And when I type sho aliases, there it is: > > R4#sho aliases > Exec mode aliases: > h help > lologout > p ping > r resume > s show > u undebug > unundebug > w where > pingall "ping 192.168.1.9;ping 192.168.1.17;ping > 192.168.1.21;ping 192.168.1.13" > > And yet, when I try to use "pingall" at the exec prompt, it tries to do a > DNS translation rather than execute my alias. Can anyone offer any insight > into this? > > Thanks, > > BJ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPM and PIX Firewall Ambiguity
You're not supposed to directly manually edit device ACLs managed by CSPM, but rather use the PRE and POST areas to add additional commands. You can also comment up your own commands in this section using !comment (but it won't be stored in the PIX/router, but at this point you need to do it all from CSPM). The first thing CSPM does is blow away ACLs, so just use it to manage it instead of fighting things. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""kaushik khakhar"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All, Cisco Secure Policy Manager CSPM - Enables one to define a GUI > based policy/topology. The program then uploads this policies to PIX > firewall and there is hindreds of line of configuration in PIX FW. PIX > Firewall - can also be configured manually via command line. But theres > no way this can be uploaded to CSPM and realize the policy/topology from > configuration on PIX. Ambiguity remains, one does not know which commands > are generated by CSPM program after defining the topology. One cannot > upload the manually configured policy to CSPM. Can any one provide some > insight, as to how this ambiguity can be removed and synchrinise both. > Ofcourse, someone who have worked with both multiple times will be able > to help me. Many Thanks in Aniticpation Regards, KaushikTechnical > Consultant > > > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS versioning [was Re: SSHv1 on Cisco IOS]
I was just complaining about that to my CAM the other day. That, and I hate how sometimes an image won't be listed under the most specific model type. For instance, the IPSEC version for an 827 isn't listed under 827, but 820. I think the same problem applies to the 1750s being listed under 1700. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Ben Hockenhull" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm attempting to implement SSH access to a 2600 series router running > > 12.1(7) (yep, the ipsec image). > > I suspect that you don't have an image with SSH included. I think you > need a T train image for 12.1.x to get SSH. It's not in mainline releases > yet, I don't think. > > You know, I was looking for an image that supported the WIC-1ENET, Voice, > IPSec, and a ton of other things on the 1750 and had a heck of time > finding an image with 1. the proper hardware support 2. Proper feature > support, and 3. no killer bugs. > > Someone could make a lot of money if they provided IOS release consulting. > "What's on this image? Is Foo supported on Bar releases? The hell is > 12.1.5-XC3, anyway?" > > The IOS release structure is wholly inscrutable. It'd be neat if you > could plug in a list of necessary features, supported hardware and such, > and get back a list of recommended releases. > > Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: utilization rate calculation
Why do the hard work? Point MRTG at it and let it graph it all for you. Here are some examples: http://artoo.net/mrtg/ Download from: http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sac8456a.085@fsutil01">news:sac8456a.085@fsutil01... > I'll try to restate this in a way that makes sense, but the text you > quoted says it pretty well. The MIB data you are accessing is stored as > a counter that increments for each byte transmitted and received. Let's > say you polled the router and got this information: > > InOctets: 543980 > OutOctets: 234095 > > Does that tell you anything? Not really. However if you wait a minute > and poll it again you could see the amount of traffic in and out of that > interface over a period of time, which gives you a rate. A single poll > will not give you any usefull information. To get a rate, you need to > sample the data over time. In this case the data is stored in bytes so > you multiply times eight to get the rate in bits per second. > > Does that help? If not, I'll try again later after some more coffee. > > > John > > >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 8:50:40 AM >>> > Hi Techies, > > I have recenty been reading Cisco Press' new book called "Peformance > and > Fault Management" and they stated to measure utilization on a WAN > interface > (full-duplex); it is recommended to use the following formula: > > max ( delta(ifInOctets), delta(ifOutOctets) x 8 x 100) > -- > (number of seconds in delta) x ifSpeed > > They state because of "MIB II variables are stored as counters, you > must > take two poll cycles and figure the difference between the two" hence > the > delta number. I don't understand why two poll cycles are needed and why > is > using "counters" attributed to this? > > Thanks, > > David _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
So since the entire global routing tables will never fit into any IGP (and why would you want to?), if you've got two iBGP neighbors with external links to different ISPs, if you ever want them to use the routes learned via iBGP, you must turn off synchronization. Am I mistaken here, or are we missing something? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sac83756.045@fsutil01">news:sac83756.045@fsutil01... > Ah, after checking up on this I see where I was confused. > Synchronization does not specifically refer to the behavior we were > talking about. I thought that synchronization meant that the next-hop > had to be in the routing table before a prefix could be moved from the > BGP table to the routing table. That's not quite correct. I'll quote a > portion of Halabi: > > "The BGP rule states that a BGP router should not advertise to external > neighbors destinations learned from iBGP neighbors unless those > destinations are also known via an IGP. This is known as > synchronization. If a router knows about these destinations via an IGP, > it assumes that the route has already been propagated inside the AS, and > internal reachability is ensured." > > Thanks for pointing this out, Peter. Someone on the list recently > pointed out that BGP synchronization and ip classless seem to be in the > class of misunderstanding. Just when you think you really understand how > it operates, you realize you have it wrong. I think I have it now! > Maybe... > > John > > >>> "Peter Van Oene" <[EMAIL PROTECTED]> 4/2/01 7:03:16 AM >>> > Synch is an issue that gets way too much attention in my opinion. It's > not used at all. It's a legacy feature that is meaningless in todays' > networks. > > What John describes below, the fact that IBGP routers will no post > routes unless they have reachability to the Next_Hop is not a > synchronization issue, rather it is a fundamental function of BGP. If > routers started posting routes that they have no hope of delivering > traffic to, things would get pretty messy pretty fast. Thankfully, > there are no nobs to turn this _behavior_ off :) > > > > *** REPLY SEPARATOR *** > > On 4/1/2001 at 4:58 PM John Neiberger wrote: > > >When an eBGP neighbor forwards routing information to another eBGP > >neighbor, > >it changes the next hop to itself. When an iBGP neighbors exchange > >information they do not, by default, change the next hop. This is > where > >the > >synchronization rule comes in. > > > >An iBGP neighbor will not be able to use a route if it does not have > a > >valid > >route to the next hop in its IGP. Having synchronization turned on > is > >often > >unnecessary, so most people turn it off. You still have a problem, > >though: > >the receiving iBGP neighbor still might not know how to reach the next > hop > >for any of the routes in its BGP table. To solve this, on your iBGP > peers > >use the next-hop-self command. Since the peers already know how to > reach > >each other, this solves your problem. > > > >I hope that helps, and I hope I haven't mischaracterized the issue. > I > >haven't really thought through all of this in a while so I may have > some > >details wrong. > > > >If you really want to understand this stuff, pick up a copy of > Internet > >Routing Architectures (2nd Ed.) by Sam Halabi. > > > >Another book I really liked is short but sweet. It's BGP4: > Interdomain > >Routing in the Internet (or something close to that.) It's very short > but > >it's an excellent resource. Perhaps you should read that first and > then > >read Halabi. > > > >Or you could also get a subscription to Certification Zone and read > >Howard's > >papers on BGP, they're quite excellent. > > > >HTH, > >John > > > >> I'm really confused about the how Next-hop attribute works for IBGP > and > >> EBGP. Can somebody please shed some light on this. Any tips or > help > >> would be greatly appreciated. > >> > >> Regards, > >> Hunt > >___ > >Send a cool gift with your E-Card > >http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
The new Windows 2000 VPN Concentrator v3 client is out, but won't be supported on the PIX until the v6 software is released (and some newer version of IOS to support it on routers). Before dropping money to upgrade the PIX, I'd suggest looking at the Cisco Concentrator line which is geared specifically to do VPN traffic, which the PIX is not. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a pix 515 R, and I have noticed that I have to clear xlate at least > once a day in order to keep it from slowing down internet access, also I > have users complaining on how slow the vpn is, I am using ms pptp, due to > the fact that the windows 2000 client has not come out yet. How can I get > this pix maximize performance without upgrading to the UR, which is what > cisco recommends which is a 6k investment. Is anypne else running into these > issues? Also I have noticed since I am using local authentication, there is > no security on my domain, once in all users can map drives , delete and so > on. I have about 60 users. > > Keep in mind that I have global users that use 56k dial up and then pptp to > the fw. > > TIA > -Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPsec port
Thanks for the correction on ISAKMP! I knew that the second I saw your post, but sometimes my fingers get typing faster than my head is really thinking. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Rizzo Damian" <[EMAIL PROTECTED]> wrote in message 49C181ACF35ED311A7DC00508B5AF61102E52563@NAEXCHANGE">news:49C181ACF35ED311A7DC00508B5AF61102E52563@NAEXCHANGE... > Actually your both right, PPTP (microsoft VPN) uses IP protocol 47 (GRE) and > TCP port 1723. However ISAKMP uses UDP port 500, not TCP. > > > -Rizzo > > > > -Original Message- > From: cisco.groupstudy.com [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:19 AM > To: [EMAIL PROTECTED] > Subject: Re: IPsec port > > > Just to add to what you've stated: > > GRE uses control port 1723. > > -Scott M. Trieste > > > ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message > 9a96ge$rt5$[EMAIL PROTECTED]">news:9a96ge$rt5$[EMAIL PROTECTED]... > > The names and numbers are correct, but as someone else pointed out a few > > posts back, it's not a port number, but a protocol number. > > > > Protocols: > > 6TCP > > 17UDP > > 47GRE (PPTP requirement) > > 50ESP > > 51AH > > > > Just to delve a little further about security protocols, ISAKMP does use > > TCP/500, and you'll need it too. > > > > Bookmark 'em: > > ftp://ftp.isc.org/pub/rfc/rfc1700.txt > > http://www.isi.edu/in-notes/iana/assignments/port-numbers > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > Cisco resources: http://r2cisco.artoo.net/ > > > > > > ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Actually, you have it backwards. AH = port 51. ESP = port 50. > > > > > > Christopher A. Kane, CCNP > > > Senior Network Control Tech > > > Router Ops Center/Hilliard NOC > > > UUNET > > > (614)723-7877 > > > > > > > > > > > > -Original Message- > > > From: Rizzo Damian [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, March 30, 2001 12:19 PM > > > To: 'Ruihai An'; [EMAIL PROTECTED] > > > Subject: RE: IPsec port > > > > > > > > > AH-port 50, ESP-port 51 and ISAKMP-port 500 > > > > > > > > > > > > -Original Message- > > > From: Ruihai An [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, March 30, 2001 12:05 PM > > > To: [EMAIL PROTECTED] > > > Subject: IPsec port > > > > > > > > > I configured my PIX as the IPsec VPN terminator to support DES VPN > client. > > > I have an inbound access-list on my perimeter router. Does any one > know > > > the ports I need to open for IPsec VPN traffic on my perimeter router ? > > > > > > Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco 2600
hello, this is my first time i try to set up an access server. this one is a 2600 series and has an interface with 16 modems. can somebody tell me how to setup this interface to accept dial up calls? ndabarasa michel National University of Rwanda Computing Centre voice office (+250)530666 cell (+250)08510951 -- FREE! The Best in Rwanda Email Address @mail.rw Reserve your name right now at http://mail.rw _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ASN18506 up and running
Memory limitations on the 2621 preclude it. I'm got it up to UUNET+Customers and Sprint+Customers now and 8mb free, so it's pretty stable, at least long enough until we'll be replacing it with a 2651 or better. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""cisco.groupstudy.com"" <[EMAIL PROTECTED]> wrote in message 9aa4oi$g8d$[EMAIL PROTECTED]">news:9aa4oi$g8d$[EMAIL PROTECTED]... > J, > > I am just curious, why did you not go with the entire I-net route table? > > -Scott > > ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message > 9a975p$ua8$[EMAIL PROTECTED]">news:9a975p$ua8$[EMAIL PROTECTED]... > > It was indeed as synchronization problem. My understanding is that in > order > > to bring it from BGP into the routing table, it has to be able to reach > the > > next-hop address from IGP. What's odd is that both WAN links to the > > upstream ISPs were in iBGP, so I need to read up on synchronization some > > more. > > > > For now, 'no synchronization' fixed the problem. > > > > As I posted OT in another post (but perhaps more relevant here): > > I just installed Zebra on my linux server so I can give people IOS-like > > access to a BGP router. telnet://r2.artoo.net:2605 with a password of > 'bgp' > > and you can get a look at the world of BGP from AS18506 via UUNET AS701 > and > > Sprint AS1239. > > > > The Zebra interface is very close to IOS and has nearly all the > BGP-related > > commands. I just wish it had traceroute and show ip route (of course, I > > think I could do it with the main Zebra daemon, but I don't feel like > > messing with it just now). > > > > Zebra is a free routing daemon (bgp, ospf, rip, all with ipv6 support as > > well): http://www.zebra.org/ > > > > > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > Cisco resources: http://r2cisco.artoo.net/ > > > > > > ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message > > sac48e13.088@fsutil01">news:sac48e13.088@fsutil01... > > > [I'm resending this from my work address because the first attempt > > > didn't appear to succeed.] > > > > > > Forgive me if I missed something but this appears to be the famous > > > iBGP > > > synchronization problem, which I believe can be fixed by turning off > > > synchronization and set 'next-hop-self' on advertisements between your > > > two internal routers. > > > > > > When one router takes external routes and passes them to an internal > > > neighbor, it doesn't alter the next hop attribute. When the other > > > internal neighbor receives the route, the next hop is not the other > > > internal peer, > > > but the external peer it was received from. If the second iBGP peer > > > in this > > > example does not have a valid IGP route to that next hop, the route > > > can't > > > be installed into the routing table. > > > > > > I only quickly looked through your post so I may be way off base here. > > > Take > > > it with a grain of salt. > > > > > > HTH, > > > John > > > > > > > > > Ok, more info (plus I have BGP to UUNET up and have the same > > > problem > > > the > > > > > reverse direction). 206.51.253.1 is part of UUNET AS701. > > > 64.6.1.1 is > > > > part > > > > > of Sprint AS1239: > > > > > > > > > > ISC-Mod-3640#sh ip bgp 206.51.253.1 > > > > > BGP routing table entry for 206.51.253.0/24, version 0 > > > > > Paths: (1 available, no best path) > > > > >Not advertised to any peer > > > > >701 > > > > > 157.130.196.245 (metric 1) from 63.107.123.249 > > > (63.107.123.253) > > > > >Origin IGP, localpref 100, valid, internal, not > > > synchronized > > > > > ISC-Mod-3640# > > > > > > > > > > ISC-Tur-2600-2#sh ip bgp 64.6.1.1 > > > > > BGP routing table entry for 64.6.0.0/20, version 0 > > > > > Paths: (1 available, no best path) > > > > >Not advertised to any peer > > > > >1239 > > > > > 144.232.206.65 (metric 1) from 63.107.123.250 (63.172.195.1) > > > > >Origin IGP, metric 60, localpref 100, valid, internal, not > > > > > synchronized > > > > > > > > > > > > > > > There-in lies my problem. How do I get each router to > > > synchronize so > > > it > > > > > will allow it into the routing table? > > > > > > > > > > Two cool public BGP looking glass routers: > > > > > route-views.oregon-ix.net > > > > > route-server.cerf.net > > > > > > > > > > -- > > > > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > > > > List email: [EMAIL PROTECTED] > > > > > Homepage: http://jason.artoo.net/ > > > > > Cisco resources: http://r2cisco.artoo.net/ > > > > > > > > > > > > > > > ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message > > > > > 9a0gj6$c5a$[EMAIL PROTECTED]">news:9a0gj6$c5a$[EMAIL PROTECTED]... > > > > > > It's been delayed time and again, but I've fina
Re: Cisco 2500 Series RAM
Jeremiah, The 25xx DRAM is standard 60ns 72pin w/ Parity. If you dont have smartnet on the router and it isnt under warrantee, you can pretty much use any memory you'd like. If you have smartnet or the router is under warrantee, I would not recommend using non-approved third-party memory. (Cisco frowns highly on that) ttyl -Brad Ellis CCIE#5796 [EMAIL PROTECTED] Optimized Systems Inc used cisco hardware: www.optsys.net ""Jeremiah Wegernoski"" <[EMAIL PROTECTED]> wrote in message 9albh3$8fa$[EMAIL PROTECTED]">news:9albh3$8fa$[EMAIL PROTECTED]... > I have heard MANY varying opinions on the ram in the 2500 series routers, > and would like to get a definite answer. > > Is the ram 72pin 60ns parity ram, proprietary cisco, or some other flavor? > > Replies are appreciated. > > Jeremiah _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Creating and using aliases
It occurred to me that a huge time-saver (especially in The Lab) would be to create an alias in the routers which would ping all the desired destinations in your network. That way, rather than sit there and ping x, then ping y, etc., you could just type in the alias, and away it would go. So I'm trying to learn how to do this, and it's not going all that well. I've looked over CCO, and haven't found the detailed help I'm looking for. Here's what I've got configured on my router: alias exec pingall "ping 192.168.1.9;ping 192.168.1.17;ping 192.168.1.21;ping 192.168.1.13" And when I type sho aliases, there it is: R4#sho aliases Exec mode aliases: h help lologout p ping r resume s show u undebug unundebug w where pingall "ping 192.168.1.9;ping 192.168.1.17;ping 192.168.1.21;ping 192.168.1.13" And yet, when I try to use "pingall" at the exec prompt, it tries to do a DNS translation rather than execute my alias. Can anyone offer any insight into this? Thanks, BJ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
>Ok. I'm even more confused now. So you guys are saying that IBGP >peers will never >progragated its route to other IBGP peers by "no synchronization" - >if no IGP is >running, except by Route Reflectors?? So what's "no >synchronization" used for? I don't understand what you are asking. Route reflectors run iBGP. The purpose of no synchronization is principally to speed convergence in non-transit AS. As others have been said, its importance is vastly overstated. > >I have one more question: Is it true that routes injected into BGP >within an AS carry a >next hop attribute of the BGP router that first advertised the >route? Please explain. That's the usual behavior, although an alternate next hop can be set when needed. For purposes of the CCIE, I wouldn't worry about that case. > >Regards, >Hunt Lee > > >Howard C. Berkowitz wrote: > >> >No worries John. It was I who mentioned the devious nature of >> >classless and synch as well :) >> >> Always remember that the best ISPs have no class. >> >> > >> >Keep in mind that synch was designed for transit networks that have >> >transit providing routers which do not run BGP. Back when the >> >internet was smaller I expect some designs had the IGP in an AS >> >carry the full table, or parts of it and hence it was relevant to >> >make sure your BGP and IGP were synchronized to ensure you didn't >> >blackhole routes. >> >> Precisely. I don't have the document number in front of me, but the >> old RFC on BGP/OSPF interaction, which assumed this model, has been >> recategorized as Historic (i.e., nobody does this, don't try it, it >> was a blind alley) >> >> >Today, BGP is run fully meshed with all transit providing routers in >> >an AS peering with IBGP and hence synch is a complete non issue. >> >> Full mesh, of course, has its scalability issues, and we deal with >> iBGP scalability measures such as route reflectors. There is a trend >> to have the main BGP at the edge, and to have principally an IGP in >> the provider core. The core is stupid, and is traversed by MPLS >> tunnels -- the role of the IGP is to establish reachability for these >> LSPs, which run between BGP speakers on the edges. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Reverse Telnet on a 3640 NOT working!!
Probably line no error, try the following equation to calculate the right line no. that you are using. The below is only for 3600 series. Interface no.=(32 x slot no.) + unit no. +1. Hope htis help Vincent ""Niraj Palikhey"" <[EMAIL PROTECTED]> <6[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > I am trying to setup a 3640 router with 3 async interfaces for reverse > telnet but it's not working. > On the 3640, I consoled in and created 8 loopback interfaces 1-8 with ip's > starting at 1.1.1.1..8.8.8.8. I have ip host R1 2001 1.1.1.1 thru ip > host R8 2008 8.8.8.8 configured. > I also have under line 33 48 > #transport input all > #flowcontrol hardware > > Presently, I only have 2 other routers connected to the 3640. When I type R1 > on the 3640, I get a connection refused error msg. Same for R2. > I unplugged the octal connector and connected it to the second port on the > 1st async interface. Same problem > I configured the other lines and plugged the octal connector to those ports. > Same problem. > Is there something that I am missing or doing wrong. > One thing that I am trying to understand is that Do I have to actually > Telnet to the 3640 and then do a reverse telnet instead of consoling into it > and trying to get to the other router's console?? > Please advise. > Thank you, > Kind regards, > [EMAIL PROTECTED] > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Hi If you are running Linux or UNIX it is very easy to find TACACS+ as a freeware. Likely there are a couple of WinIntel freeware versions too, though I haven't looked for a WinIntel version. I installed tac_plus for Redhat and am using it in production. It can be found with just about any search engine, or www.rpmfind.com. It is pretty easy to setup and configure too. As for using TACACS+ or RADIUS, TAC has some very good docs, and samples for config's on the PIX and switches and routers. HTH -- John Hardman CCNP MCSE ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message 9an562$kg0$[EMAIL PROTECTED]">news:9an562$kg0$[EMAIL PROTECTED]... > Kevin, > <--Snip--> > As far as RADIUS & TACACS, you'll probably have a hard time finding a > shareware/freeware version of TACACS for NT, though RADIUS seems to be > somewhat more available. Cisco has their ACS product, which does TACACS & > RADIUS, and runs on NT/2000. It's real easy to setup (about 30 mins from > setup.exe to TACACS logins). I'd check the search engines for 'shareware > &/or freeware RADIUS'. If you really want TACACS, and are on a budget, you > might want to check out some of the freeware Linux versions, there are many. > Of course, you'd need to setup a Linux box. > > HTH > > Bob > > > Before I ask this question I would like to give something back, below is > the > > config to block aim and napster: > > > > access-list acl_out deny tcp any any eq 5190 > > access-list acl_out deny tcp any any eq 8875 > > access-list acl_out deny tcp any any eq > > access-list acl_out deny tcp any any eq 6699 > > access-list acl_out deny tcp any any eq > > access-group acl_out in interface inside > > access-list acl_out permit tcp any any > > access-list acl_out permit ip any any > > > > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > > widows 2000 domain and I am unsure of how to do this. Please advise. > > > > TIA, > > > > Kevin > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bri interface
>Does any one know if you can connect and configure a 56kbp to a bri >interface of a cisco 1003 router. Not unless it's 56 KBPS ISDN on a BRI. Modems can't work--completely different electrically. >Iknow you can do it through AUX port but can it be done through the BRI >interface > >D'Wayne Saunders >CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reverse Telnet on a 3640 NOT working!!
Hi, I am trying to setup a 3640 router with 3 async interfaces for reverse telnet but it's not working. On the 3640, I consoled in and created 8 loopback interfaces 1-8 with ip's starting at 1.1.1.1..8.8.8.8. I have ip host R1 2001 1.1.1.1 thru ip host R8 2008 8.8.8.8 configured. I also have under line 33 48 #transport input all #flowcontrol hardware Presently, I only have 2 other routers connected to the 3640. When I type R1 on the 3640, I get a connection refused error msg. Same for R2. I unplugged the octal connector and connected it to the second port on the 1st async interface. Same problem I configured the other lines and plugged the octal connector to those ports. Same problem. Is there something that I am missing or doing wrong. One thing that I am trying to understand is that Do I have to actually Telnet to the 3640 and then do a reverse telnet instead of consoling into it and trying to get to the other router's console?? Please advise. Thank you, Kind regards, [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
Ok. I'm even more confused now. So you guys are saying that IBGP peers will never progragated its route to other IBGP peers by "no synchronization" - if no IGP is running, except by Route Reflectors?? So what's "no synchronization" used for? I have one more question: Is it true that routes injected into BGP within an AS carry a next hop attribute of the BGP router that first advertised the route? Please explain. Regards, Hunt Lee Howard C. Berkowitz wrote: > >No worries John. It was I who mentioned the devious nature of > >classless and synch as well :) > > Always remember that the best ISPs have no class. > > > > >Keep in mind that synch was designed for transit networks that have > >transit providing routers which do not run BGP. Back when the > >internet was smaller I expect some designs had the IGP in an AS > >carry the full table, or parts of it and hence it was relevant to > >make sure your BGP and IGP were synchronized to ensure you didn't > >blackhole routes. > > Precisely. I don't have the document number in front of me, but the > old RFC on BGP/OSPF interaction, which assumed this model, has been > recategorized as Historic (i.e., nobody does this, don't try it, it > was a blind alley) > > >Today, BGP is run fully meshed with all transit providing routers in > >an AS peering with IBGP and hence synch is a complete non issue. > > Full mesh, of course, has its scalability issues, and we deal with > iBGP scalability measures such as route reflectors. There is a trend > to have the main BGP at the edge, and to have principally an IGP in > the provider core. The core is stupid, and is traversed by MPLS > tunnels -- the role of the IGP is to establish reachability for these > LSPs, which run between BGP speakers on the edges. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
Ok. I'm even more confused now. So you guys are saying that IBGP peers will never progragated its route to other IBGP peers by "no synchronization" - if no IGP is running, except by Route Reflectors?? So what's "no synchronization" used for? I have one more question: Is it true that routes injected into BGP within an AS carry a next hop attribute of the BGP router that first advertised the route? Please explain. Regards, Hunt Lee Howard C. Berkowitz wrote: > >No worries John. It was I who mentioned the devious nature of > >classless and synch as well :) > > Always remember that the best ISPs have no class. > > > > >Keep in mind that synch was designed for transit networks that have > >transit providing routers which do not run BGP. Back when the > >internet was smaller I expect some designs had the IGP in an AS > >carry the full table, or parts of it and hence it was relevant to > >make sure your BGP and IGP were synchronized to ensure you didn't > >blackhole routes. > > Precisely. I don't have the document number in front of me, but the > old RFC on BGP/OSPF interaction, which assumed this model, has been > recategorized as Historic (i.e., nobody does this, don't try it, it > was a blind alley) > > >Today, BGP is run fully meshed with all transit providing routers in > >an AS peering with IBGP and hence synch is a complete non issue. > > Full mesh, of course, has its scalability issues, and we deal with > iBGP scalability measures such as route reflectors. There is a trend > to have the main BGP at the edge, and to have principally an IGP in > the provider core. The core is stupid, and is traversed by MPLS > tunnels -- the role of the IGP is to establish reachability for these > LSPs, which run between BGP speakers on the edges. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MLPPP & T1 aggregation
Everyone: I have 7206 router with PA-MC-2T3+ card in it. This card support 28 T1 lines. I want to know if I can use MLPPP (multilink point to point protocol) to aggregate multiple T1s to same router at remote end. I plan to use 1750 or 2611 at the remote end. Want to have a bigger pipe going to remote office say about 3 mb or 6 mb. Is there any other way of doing this other than MLPPP. If I can use MLPPP, I was also curious about physical connection. can I use say about 3 T1 lines going to two different routers ( 2 lines to 2611 and 1 to 1750) as a part of same MLPPP link, or do they have to be on same router with multiple interfaces? If anybody can share this knowledge it will be of great help. Thanks in advance. pat. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Implement Secure Shell (SSH) on Cisco 3640 router
If all of the 12.1 T images behaved similarly, there may be something strange with your environment. How are you doing the user authentication? Tacacs, local user database? Is there anything different with the way you are doing authentication for telnet and ssh? Try doing a 'debug ip ssh' on the router while performing an ssh connection. This may show you if there is some problem during ssh authentication. Beyond this, I'd say you'll have to pursue this issue to conclusion with TAC. If this is a critical issue, escalate with TAC and work with them until its resolved. There may not be a quick fix. Regards, Kent On 6 Apr 2001, at 11:40, Sean Young wrote: > I've tried all the 12.1.(x)T images without success. > > Any more ideas? > > > >From: "John Neiberger" <[EMAIL PROTECTED]> > >Reply-To: "John Neiberger" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: Implement Secure Shell (SSH) on Cisco 3640 router > >Date: Fri, 06 Apr 2001 08:49:30 -0600 > > > >Have you tried other IOS images? How did you even get 12.1(7)T? As > >far as I can tell, 12.1(7) just came out and the latest T release > >available on a 3600 is 12.1(5)T. Is downgrading back to 12.1(5)T an > >option? Do you really even need the T release, or would 12.1(5) work > >for you? > > > >It's possible that if you really are using a bleeding-edge IOS > >release that you are running into a bug that they haven't > >resolved--or really even started working on yet. If changing to > >another image is an option, I'd try that to see if the behavior > >changes. > > > > >>> "Howard C. Berkowitz" <[EMAIL PROTECTED]> 4/6/01 8:26:15 AM >>> > > >Someone here must have an answer for this one. Cisco TAC has been > > >absolutely NO HELP. I am sure that 600+ heads in this group, > >together, > > >can help me with this problem. I have to implement this thing > >tomorrow > > >evening. I am sure that I will get lot of calls from unhappy > >customers > > >about the latency issue. > > > >To what extent have you escalated this in the TAC? What is the > >criticality designation of the problem report? To how many levels of > >TAC management have you spoken? > > > >I don't think it will qualify for the highest level, because work can > >still get done, just slowly. But it should be possible to escalate -- > >if for no other reason that it's been an open ticket for a while. > > > >Have you discussed it with your local Cisco office? > > > > > > >PLEASE HELP. > > > > > >>From: "Sean Young" <[EMAIL PROTECTED]> > > >>Reply-To: "Sean Young" <[EMAIL PROTECTED]> > > >>To: [EMAIL PROTECTED] > > >>Subject: Implement Secure Shell (SSH) on Cisco 3640 router > > >>Date: Wed, 04 Apr 2001 21:41:29 -0400 > > >> > > >>Hi everyone, > > >> > > >>I've posted this question last week but never got a satisfactory > >response > > >>so I will post it again; hopefully, I can get a better suggestion > >this > > >>time. > > >> > > >>I am running SSH on a Cisco 3640 router with IOS 12.1.7(T) > > >>version. This router is used a an access server to control other > > >>Cisco > >devices. > > >>Everything is working except it is painfully slow. At first, I > >thought > > >>it might network latency, so I take the router back to the lab, > >connect > > >>the access server FE interface with a cross-over cable to my > > >>laptop > >and > > >>establish a SSH connection to the access server. The connection > > >>is > >still > > >>VERY SLOW. > > > >Do sh ip interfaces on all affected interfaces under both > >configuration options (SSH and non SSH). It would be wise to reboot > >after the configuration change. > > > >Are the interface switching modes different? > > > >If SSH puts an interface in a slow switching mode, that could explain > >the added latency. It doesn't necessarily fix it, but you then have > >a place to look. If the switching mode does change, specifically ask > >the TAC if there is an IOS level in which SSH will run in fast or > >CEF. > > > > >> If I take off SSH and use telnet, it is very fast. However, > > >>disabling SSH is NOT an option for me because this router will be > > >>accessable via the Internet and the customer does not want to use > > >>TELNET (username and password in clear text). They don't want any > >other > > >>option, just SSH. Oh, the router has 32MB Flash and 128MB RAM > > >>which > >I > > >>think is plentiful. Its only purpose is to function as an > >access-server, > > >>nothing else. I still can not, for the life of me, figure out why > >SSH > > >>creates such a latency. I did both "show memory" and "show > >process". > > >>In both cases, SSH doesn't take much memory and cpu resources. I > >give > > >>the "show tech" to Cisco TAC and he has not found a solution for > > >>it. > >As > > >>far as the SSH client is concern, I use either PUTTY or MINDTERM > >which > > >>is extremely slick and fast clients. They both work great when I > >SSH > > >>into Unix boxes. >
Router config
I don't understand the following routing configs. I understand that redistribute static means it will redistribute static routes into RIP network, but that's all I could see. Can anybody please shed some light on this? interface Serial 0 ip address 192.168.1.1 255.255.255.252 ! interface Serial 1 ip address 192.168.1.5 255.255.255.252 ! interface Serial 2 ip address 192.168.1.9 255.255.255.252 ! interface Serial 3 ip address 192.168.1.13 255.255.255.252 ! interface Serial 4 ip address 192.168.1.17 255.255.255.252 ! router rip network 192.168.1.0 redistribute static ! ip route 192.168.1.0 255.255.255.0 loopback 0 Regards, Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bri interface
Does any one know if you can connect and configure a 56kbp to a bri interface of a cisco 1003 router. Iknow you can do it through AUX port but can it be done through the BRI interface D'Wayne Saunders CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO Question?
NetG is a software training company that offers courses on CCNA, CCDA, CCNP and CCDP certifications. I found them to work very well. Mike Bambic [EMAIL PROTECTED] CCNP, CCDP :) - Original Message - From: "Ngo Van Dzung" <[EMAIL PROTECTED]> To: "CISCO Group Study" <[EMAIL PROTECTED]> Sent: Saturday, April 07, 2001 12:33 AM Subject: CISCO Question? > Hi, > > Anyone know What is CISCO Nettrade NetG? > > Cheere, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Kevin, While the port-blocking access-lists will work for most users, many users and applications will know to use alternate ports to gain connectivity. AIM, for example, uses port 5190 by default, though you can simply change it to port 80, if so desired. Same thing for Napster. The best, and maybe only, solution is to block the url or the IP range the servers are in. We're blocking the IP range for Napster (don't recall what it is off the top of my head) and it works like a charm. We currently do not block AIM, but you can probably simply block login.oscar.aol.com. As far as RADIUS & TACACS, you'll probably have a hard time finding a shareware/freeware version of TACACS for NT, though RADIUS seems to be somewhat more available. Cisco has their ACS product, which does TACACS & RADIUS, and runs on NT/2000. It's real easy to setup (about 30 mins from setup.exe to TACACS logins). I'd check the search engines for 'shareware &/or freeware RADIUS'. If you really want TACACS, and are on a budget, you might want to check out some of the freeware Linux versions, there are many. Of course, you'd need to setup a Linux box. HTH Bob > Before I ask this question I would like to give something back, below is the > config to block aim and napster: > > access-list acl_out deny tcp any any eq 5190 > access-list acl_out deny tcp any any eq 8875 > access-list acl_out deny tcp any any eq > access-list acl_out deny tcp any any eq 6699 > access-list acl_out deny tcp any any eq > access-group acl_out in interface inside > access-list acl_out permit tcp any any > access-list acl_out permit ip any any > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > widows 2000 domain and I am unsure of how to do this. Please advise. > > TIA, > > Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO Question?
Hi, Anyone know What is CISCO Nettrade NetG? Cheere, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN B-Channel admined down
Hi Hans, The only way to get the B Channels up would be for the interface that is being backed up to fail (or to remove the backup interface command from the primary interface). The reason they are admin down is because the interface is being used for backup. If the primary fails, the router will bring the B channels up. Hope this helps, Marty >From: "Hans Stout" <[EMAIL PROTECTED]> >Reply-To: "Hans Stout" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: ISDN B-Channel admined down >Date: Fri, 06 Apr 2001 15:50:43 +0200 > >Hello colleagues, > >do you know how I can admin up an ISDN B-Channel ? This is what the config >on my router lools like: > >BRI0/0 10.66.1.11 YES NVRAM standby mode >down >BRI0/0:1 unassigned YES unset administratively down >down >BRI0/0:2 unassigned YES unset administratively down >down > >When I try to access the BRI0/0:1 or BRI0/0:2, the system tells me that I >cannot access the B-channel. > >Thanks for your help in advance. > >Regards, > >Hans > > >_ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tftpdnld
I've got similar problem. Anybody know if there is a similar option on a 2500. Can't see it at the moment. Cheers, Gareth ""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message 011401c0be04$70fab8c0$[EMAIL PROTECTED]">news:011401c0be04$70fab8c0$[EMAIL PROTECTED]... > Dear Group, > > Had a fun day with tftpdnld. > > First, remember that the variables have to entered in UPPERCASE. > > Second - a sort of question to the group.. is there a difference in > checksum "checking" between say unix tftp servers and a tftp server on a > windows box? > > I ask because once I got tftpdnld working, it copied the file but then > aborted due to a checksum mismatch. > > I checked my download from CCO, it matched with my file. > > I then tried to upload a file that I had previously loaded - same problem. > > Then I noticed that there is an option called TFTP_CHECKSUM that I could set > to 0 (zero) which means don't check the checksum. > > I did that and lo and behold, it works. > > The operation continues and the image boots fine. > > So, any opinions on checksumming?? > > Kevin Wigle _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]