To specifay the feature of switch and router [7:1061]
Help!Help! I am making a list of specification to buy router and switch for a company but some things are not clear. How do I determine the size of the ARP table?Does it have to be the same size with the MAC address? What about the routing table size, I mean what I have to consider to determine the size of routing table? Also Do I have to specify the size of backplane for the router? Thank you very much in advance. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1061&t=1061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bay cisco and ospf [7:1036]
Also 'term mon' if you are telnet'd in. Make sure the OSPF network types are the same and the Bay OSPF MTU option matches Cisco MTU or vice versa. Cisco and Bay default MTU sizes are different and depending on code versions the neighbor may form or may not. Bay also has OSPF setting for MisMatch MTU which you might have to toggle. On Bay, you can do 'log -ffwitd -eOSPF' to see whats going on. Let me know if you need more help. I work on both. HTH, Erick --- Curtis Call wrote: > Given that your debugs are not showing anything you > probably have some sort > of a config problem on your Cisco because if it was > setup right then I > believe it should be sending out hellos every 10 > seconds to the Ethernet > interface whether it has a neighbor there or not. > > Post your configs... > > At 08:45 PM 4/17/01, you wrote: > >Any magic that need that i am not aware of ... > > > >debug ip ospf adjencencie > >debug ip ospf packet > >debug ip ospf events > > > >show nothing the router is quiet __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1060&t=1036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2nd hand routers/switch's for sale ??????? [7:1059]
G'day Any one have any equipt for sale ? Mates rates of course Thanks John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1059&t=1059 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network analysis of T1 [7:1057]
I would like to know the best/least expensive software on the market that will analyze my T1 links for %usage. I have all cisco routers but think the CiscoWorks RWAN is a bit expensive ($15,000)? Thanks, Anthony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1057&t=1057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
traffic shaping question [7:1058]
Hi.. 1) Refer to output below. May I know what is mean by target rate 64000. This is a 256K link. Does it mean limit to 25% of bandwidth for access-list 102?? Then what is mean by Byte limit and excess bits?? 2)The second output show queue depth = 3 what is the unit?? 3)Take a look on the access-list below(last one)- why they config "permit tcp any eq 102 any" in access-list 102?? can explain?? sin03#sh traffic serial 1/2 Interface Se1/2 Access TargetByte Sustain ExcessInterval Increment Adapt VC List Rate Limit bits/int bits/int (ms) (bytes) Active - 10264000 2000 8000 8000 125 1000 - sin03#sh traffic stat Access Queue Packets Bytes Packets Bytes Shaping I/F List Depth Delayed Delayed Active Se1/2 1023 60581 50604741 37238 42926132 yes sin03#sh access-list Extended IP access list 102 permit tcp any eq smtp any permit tcp any eq 102 any (2270216 matches) permit tcp any any eq 102 (7253461 matches) permit tcp any any eq smtp _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1058&t=1058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Change EIGRP routing path [7:1048]
Delay is used in most of the organizations that I'm familiar with, however, the obvious question is why do you wish to do this? Also, remember that this will force a query during the process. --- Dove wrote: > Hi all, > > My network is running EIGRP routing protocol. I want > to force the routing > path so that the routing will not go through the > shortest path (e.g. force > the route from "R1" to "R3" which must go through > "R2" and "R4"). What is > the proper way to do so? Should I change the > parameter "BANDWIDTH", "DELAY" > or others? > > > R1 10 R2 > | | > | | > 10 10 > | | > R3 10 R4 > > > Thanks. > dovelet > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1056&t=1048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Networkers 2001 session papers [7:1055]
For those who are interested, the session papers from Networkers 2001 (Brisbane) are at http://www.cisco.com/networkers/au/internal_html/sessions/sessions.html (watch the wrap). Drill down to the stream you're interested in - the PDF icons are next to each session description. JMcL Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1055&t=1055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
Actually a year to take the lab, much more to time to pass. With the schedule delay growing Cisco will have to add more US lab sites or change the 12 month time limit for the first try. -- John Hardman CCNP MCSE ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Congrats !!! The clock is has begun- 12 months to pass the lab :o) > > Phil > > - Original Message - > From: Buri, Heather H > To: > Sent: Tuesday, April 17, 2001 4:31 PM > Subject: RE: 2 hours are over and I passed the CCIE written [7:966] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1054&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question RE: Windows XP and Catalyst 5000 Issues ... [7:1053]
For those not familiar with the original problem. Supervisor 1 and 2 models are most likely to have EARLs in this range - Sup IIIs typically have EARL 2 with NFFC-2. Check your system - and seriously consider the upgrade of CatOS. 'Be careful out there!' Cisco Security Advisory: Catalyst 5000 Series 802.1x Vulnerability = Revision 1.0 For Public Release 2001 April 16 at 1500 UTC Summary === When an 802.1x frame is received by an affected Catalyst 5000 series switch on a STP blocked port it is forwarded in that VLAN instead of being dropped. This causes a performance impacting 802.1x frames network storm in that part of the network, which is made up of the affected Catalyst 5000 series switches. This network storm only subsides when the source of the 802.1x frames is removed or one of the workarounds in the workaround section is applied. This vulnerability can be exploited to produce a denial of service (DoS) attack. This vulnerability is described in Cisco bug id CSCdt62732. This notice will be posted at http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml Affected Products = Cisco Catalyst 5000 series switches based on any of the following EARL (Encoded Address Recognition Logic) hardware revisions: * EARL 1 * EARL 1+ * EARL 1++ and running any of the following switch software revisions: * 4.5 (11) or earlier * 5.5 (6) or earlier * 6.1 (2) or earlier are affected by this vulnerability. This series includes the Catalyst models 5000, 5002, 5500, 5505, 5509, 2901, 2902 and 2926 switches. To determine your hardware and software revision type sh mod on the console prompt of the switch. Products Not Affected = Catalyst 5000 series switches based on EARL 2 or later hardware revisions are not affected by this vulnerability. Catalyst 5000 series switches regardless of the EARL hardware revision, running the following switch software revisions * 4.5 (12) or later - expected general availability before 2001, May 1 * 5.5 (7) or later * 6.1 (3) or later are not affected by this vulnerability. No other Cisco product is currently known to be affected by this vulnerability. This includes the Catalyst 6000, 4000, 3500XL, 2900XL and 2948G switches. Details === When an 802.1x (IEEE standard for port based network access control) frame is received by an affected Catalyst 5000 series switch on a STP (Spanning Tree Protocol) blocked port it is forwarded in that VLAN (Virtual Local Area Network) instead of being dropped. This causes a performance impacting 802.1x frames network storm in that part of the network, which is made up of the affected Catalyst 5000 series switches. This network storm only subsides when the source of the 802.1x frames is removed or one of the workarounds in the workaround section is applied. The vulnerability is documented as Cisco bug id CSCdt62732. Impact == When an affected Catalyst 5000 series switch network receives an 802.1x frame it causes an 802.1x frames network storm. This network storm degrades the performance of the network. Slower ports on the affected Catalyst 5000 series switches may stop passing user data. The affected Catalyst 5000 series switches may not respond to any management inquiries via SNMP, Telnet or HTTP. However, management via the console port on the switches is still possible and can be used to apply the workarounds. Software Versions and Fixes === This vulnerability has been fixed in the following switch software revisions * 4.5 (12) or later - expected availability before 2001, May 1 * 5.5 (7) or later * 6.1 (3) or later and the fix will be carried forward in all future releases. Software upgrade can be performed via the console interface. Obtaining Fixed Software Cisco is offering free software upgrades to remedy this vulnerability for all affected customers. Customers with service contracts may upgrade to any software release. Customers may install only the feature sets they have purchased. Fixed software is currently available except where noted. Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained via Cisco's Software Center at http://www.cisco.com/. Customers without contracts or warranty should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) as shown below: * (800) 553-2447 (toll-free in North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: [EMAIL PROTECTED] See http://www.cisco.com/warp/public/687/Directory.shtml for additional TAC contact information, including instructions and e-mail addresses for use in various languages. Give the URL of this notice as evidence
Static & Port Centric in VLAN ? [7:1052]
Right now i have been studying in CNAP ITB Indonesia and until now i confuse different between to assign ports VLAN manuaaly (static) and assign ports VLAN as port centric ? As long i know it's same way because when we to assign port centric just like we do manually. Thanx all Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1052&t=1052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Change EIGRP routing path [7:1048]
I would increase the delay on the R1 to R3 link to a suitable value that will make the longer route preferred over the short path. If you change the bandwidth it could affect other processes on the router. At 10:21 PM 4/17/01, you wrote: >Hi all, > >My network is running EIGRP routing protocol. I want to force the routing >path so that the routing will not go through the shortest path (e.g. force >the route from "R1" to "R3" which must go through "R2" and "R4"). What is >the proper way to do so? Should I change the parameter "BANDWIDTH", "DELAY" >or others? > > >R1 10 R2 >| | >| | >10 10 >| | >R3 10 R4 > > >Thanks. >dovelet >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1051&t=1048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Change EIGRP routing path [7:1048]
Best to modify the interface bandwidth parameter. Don't think you want to be messing with the EIGRP default metrics. Btw, to quote a sage, what problem are you trying to solve? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dove Sent: Tuesday, April 17, 2001 9:21 PM To: [EMAIL PROTECTED] Subject:Change EIGRP routing path [7:1048] Hi all, My network is running EIGRP routing protocol. I want to force the routing path so that the routing will not go through the shortest path (e.g. force the route from "R1" to "R3" which must go through "R2" and "R4"). What is the proper way to do so? Should I change the parameter "BANDWIDTH", "DELAY" or others? R1 10 R2 | | | | 10 10 | | R3 10 R4 Thanks. dovelet FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1050&t=1048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question RE: Windows XP and Catalyst 5000 Issues ... [7:1049]
As many have pointed out -- show module If that doesn't work try -- show test "Hennen, David" wrote: > Well, this could be a problem. > > Does anyone out there know of a way to remotely determine what version of > EARL is on the various Cat 5xxx supervisor blades? > > Thanks if you can help, > Dave H > > -Original Message- > From: Daniel Cotts [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 5:47 PM > To: [EMAIL PROTECTED] > Subject: RE: Windows XP and Catalyst 5000 Issues ... [7:816] > > Here's the Cisco Advisory: > http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml > > > -Original Message- > > From: Hornbeck, Timothy [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 16, 2001 3:30 PM > > To: [EMAIL PROTECTED] > > Subject: Windows XP and Catalyst 5000 Issues ... [7:816] > > > > > > Do Not Plug WXP In Your Cisco Network Yet: Crash Warning > > > > > > Computer Reseller News reported something 'interesting'. MS > > found out about > > an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 > > switch. The conflicts can cause your corporate networks to crash. The > > unexpected incompatibility sits between the 802.1x wireless > > security feature > > in Windows XP and the Cisco switch software that has a bug. > > Cisco has a fix > > on its website. > > > > This week, Redmond sent an e-mail to all of Microsoft > > Consulting Services > > (MCS) to not plug Windows XP machines into any network > > without explicit > > approval of the client's IT department. What seems to have > > happened is that > > a Microsoft consultant plugged a laptop running Windows XP > > into a site and > > took the entire company down. > > > > Some adventurous souls in Xerox did the same, and brought the > > whole network > > down. Xerox sent an email to all 50,000 employees and told > > them that if they > > plugged in WXP and brought the network down, they would pay > > for the damage > > out of their paycheck. Sounds like they mean it. More at: > > http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash > > __ > > Nathan C. Broome CNE,MCSE > > Network Administrator > > Mayfran International > > 440-461-4100x160 > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1049&t=1049 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Change EIGRP routing path [7:1048]
Hi all, My network is running EIGRP routing protocol. I want to force the routing path so that the routing will not go through the shortest path (e.g. force the route from "R1" to "R3" which must go through "R2" and "R4"). What is the proper way to do so? Should I change the parameter "BANDWIDTH", "DELAY" or others? R1 10 R2 | | | | 10 10 | | R3 10 R4 Thanks. dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1048&t=1048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Taking BSCN on Friday, any last minute tips? [7:1047]
I am taking BSCN on Friday, any last minute tips? Anything to really cram on and things to watch out for? Thanks anyone! Brad Shifflett Micromenders, Inc [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1047&t=1047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless question. [7:1034]
Having passed the wireless exams just a while back I don't think anyone can really answer these questions for you. I can't remember a NDA but I'm sure something was there to agree to. I'm a bit concerned that you posted them. Although it is easy to copy them I don't think that means you should post them publicly. This particular exam - although it has to be passed by a "person", does not give the "person" a qualification. The qualification goes to the Cisco Reseller/Partner. If you work for a Reseller/Partner you can go to the on-line learning site where you can receive the courses that Cisco recommends. All that information is there. If you read this page: (requires CCO login) http://www.cisco.com/warp/customer/765/partner_programs/specialization/wlan/ requirements.shtml you will see where you can get the info to answer these questions. I took all three courses - having a high speed internet connection helps. However, the slides and audio can be downloaded. (the video is just a talking head anyway..) Although a bit lengthy, the courses allowed me to pass with no problems. (that and having taught radio/antenna theory in the military) Please do the correct thing and study for the exam instead of asking for the answers. These are basic knowledge questions. If you can't answer them - you shouldn't be selling it or designing wireless networks for clients. Kevin Wigle EffectiveNets Cisco Partner, Premier Certified Wireless Specialist Partner - Original Message - From: "Ryan Ngai Hon Kong" To: Sent: Tuesday, 17 April, 2001 22:15 Subject: Wireless question. [7:1034] > Guys, > > Hope you don't mind helping me with this. > > 1) What is the purpose for including a fade margin of 10 dB into the antenna > calculation utility? > a. To increase the distances achieved > b. There are no discernable differences by including a fade margin or not > c. To offset weather conditions such as rain or snow > d. None of the above > > 2) The range or coverage of an 802.11b Direct Sequence Wireless LAN > depends on: (Choose the best answer.) > a. Transmit Power and Antenna System > b. Radio Sensitivity and Processing Gain > c. Transmit Power, Radio Sensitivity, and Antenna System > d. A and B > > 3) A lightning arrestor is used in conjunction with the bridges to > facilitate the following: > a. Bleed off static charges to help prevent a direct lightning hit > b. To dissipate any energy from a near lightning strike > c. Neither A nor B > d. Both A and B > > 4) 802.11 Direct Sequence individual channels occupy how much of the > spectrum? > a. 11 MHz > b. 1 MHz > c. 22 MHz > d. 83.5 MHz > > 5) The most common occurrence of multipath interference comes from: > a. Point-to-point bridge link > b. Point-to-multipoint bridge link > c. In-building open air coverage > d. In-building cluttered environment > > 6) More data can be sent over the airwaves in one of two manners: More > frequency or... > a. using lower frequencies. > b. using more complex modulation. > c. using better filtering on the receiver. > d. None of the above > > 7) What is the minimum overlap in RF coverage that is needed to allow a > repeater to associate to a root AP? > a. 25% > b. 50% > c. 100% > d. There is no minimal coverage required > > 8) Antenna Diversity is useful because: > a. It helps to overcome multi-path distortion > b. Adding more coverage area by using directional Antenna > c. Looks nice > d. None of the above > > 9) Which of the follow statements are false? > a. The access point model AP342E2C is designed to support mobile users. > b. Two wireless bridges model BR342 could be used to connect a LAN to LAN. > c. Two access points model AP342E2C could be used to connect a LAN to LAN. > d. None of the above > > 10) For a BR342 to pass IP traffic properly from one LAN to another LAN > the following is true. > a. An IP address has to be set on both bridges. > b. The root bridges IP address has to be set as the gateway for all the > non-root bridges IP stack. > c. No IP address needs to be set in either bridge, it will pass all > traffic. > d. None of the above > > 11) The FCC requires the use of how many channels with a 2.4 GHz FHSS > system before repeating the pattern? > a. 79 > b. 75 > c. 70 > d. 83 > > Those question are taken from certification net and I have no clue where to > get those info. > Thanks a lot. > Best wishes, > > Ryan > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1046&t=1034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Opinions on Cisco Access Pro AP-EC's [7:1045]
I saw this device mentioned on another mailing list I read as a good item for a home lab. Basically, its a 2501 on a PC card. I wonder why I haven't seen this device mentioned in this group as a good piece to have. Are there any issues with this product that make it less suitable than a 1601, 2501, etc?? Curious... -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1045&t=1045 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
Congrats !!! The clock is has begun- 12 months to pass the lab :o) Phil - Original Message - From: Buri, Heather H To: Sent: Tuesday, April 17, 2001 4:31 PM Subject: RE: 2 hours are over and I passed the CCIE written [7:966] > WooHoo!! Congrats! > > Heather Buri > CSC Technology Services - Houston > > Phone: (713)-961-8592 > Fax: (713)-961-8249 > Mobile: > Alpha Page: > > Mailing: 1360 Post Oak Blvd > Suite 500 > Houston, TX 77056 > > > > -Original Message- > From: Michael Bambic [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 3:06 PM > To: [EMAIL PROTECTED] > Subject: 2 hours are over and I passed the CCIE written [7:966] > > > It was not as difficult as I thought but then my score wasn't as high as it > should have been. There wasn't as much token as expected but that's OK. My > networking experience definitely helped out but then so did the Todd Lammle > CCIE book and the Casco book as well as a ton of information from Cisco's > site. > I finally figured out that the RIF length field is inclusive of the RC and > RD. Only one question on that any how. > :) > I wish I could remember better what was on the test but it's all a blur now, > kind of like post traumatic stress syndrome or whatever it's called. > > Mike Bambic > Lead Mentor > Phoenix Branch > 602-955-5888 > Cisco Regional Business Development Manager > TechSkills > www.techskills.com > [EMAIL PROTECTED] > > [GroupStudy.com removed an attachment of type application/ms-tnef which had > a name of winmail.dat] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1044&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Study Techniques [7:1033]
Can't resist the comments inserted below: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Cthulu Sent: Tuesday, April 17, 2001 7:08 PM To: [EMAIL PROTECTED] Subject:Study Techniques [7:1033] Hey, all, I was wrong in my previous posting... I actually have 4 months, not 3. CL: either way, it's about 60 days too few..;-> his is a longish post, so delete if not to your liking. CL: cthulu long winded? Nah.. I'd be interested in hearing how others are preparing. Anyways, a friend (whom I call the Professor) and I are both preparing for the lab in lock-step (as opposed to lock and key), and thought I would share the techniques we are using to prepare for our upcoming lab date...August 17, 2001! Whoo hee! It is an understatement to say that I am studying better and learning better with another person than by myself. Having a study partner can really motivate you to do more and do more better! Our personalities and study habits are radically different. The professor tends to be full of facts and is able to recall an amazing amount of information about things Cisco, both hardware and software. My approach is more Rainman: I can do it, but I would be at a loss to explain how or why I did it. So, the partnership works real well... Routers, routers, and more routers! You can not have too many. My rack has 8, the Professor has 7; together, we can make 15, which is actually one shy of being unreachable if you are a certain DV routing protocol. We study our individual topics apart, and then link up the racks to do a big exercises containing everything that we just studied separately. CL: may I suggest configuring your edge devices with IGRP, and then redistributing in to rip with a metric of 5 - then watch the fun begin too bad you can't do something similar with (E)IGRP. I've always been curious about the 255 hop limit. I know why it is, I'd just like to see it in action some time. Read, read, and read some more! Stephen King and Faulkner have fallen by the way side, replaced by Caslow, Doyle, Oppenheimer, et al. While reading, I highlight the critical points, and then summarize them into a 2-3 page crib sheet. CL: this leads to an interesting debate, to whit - the ratio of reading to hands on practice. What to read. E.g. RFC's? Which books and why? The debate can go on a long time. My own personal opinion is the reading should be the command references and config guides, and things like Doyle and Caslow and Slattery and Hutnik. For CCIE lab prep my own opinion is that Perlman and Berkowitz and Greenberg are not the best way to spend one's time. The Professor and I have also started a once a week lunch and learn session where we lecture about a chosen topic. The twist? Given a list of topics, pick the topic that you know the least about and the other person knows more about than you: you'll learn more, and the other person can tell you if you got it or not. Great technique, highly recommend it! Also, Cisco may also help and I don't guarantee this. If your company is a big customer of Cisco AND you have passed your written AND have a lab date scheduled, you may be able to use the local Cisco lab facilities in the city nearest you to practice topics that you may not otherwise be able to...I refer to ATM, VOxx, token ring switches, ISDN, etc. Check with your local Cisco rep about this.These resources are limited so I would not waste them on a topic such as RIP; instead, budget lab time for the big ticket items as mentioned. As much as I hate to part with the money, I am going to purhcase an ISDN simulator, probably from http://www.bigdcom.com/teleline.html (last price quote was $1688 for a 2-line BRI model). ISDN can be a very troublesome topic even though it is relatively simple: when you start doing DDR that, CHAP this, snapshot over here, and so on and so on over ISDN, you need to know ISDN better than Howard can quote RFCs verbatim. CL: hh. let's just say that to judge from a number of my practice sources, you are correct. If you have to sell blood or your mother-in-law, CL: heh heh heh get the ccbootcamp labs! I have them, the Professor has them, and together, we have praised and cursed the name of Marc Russell. Those labs are TOUGH, and have made us think in new ways, and look at technologies from a different angle... sort of like Robin Williams in Dead Poets Society (Dead Routes Society, perhaps?) Once again, Marc doesn't pay for the commercial. CL: definitely one good source of practice materials Finally, the Professor and I will be attending the ECP class in July to learn our weaknesses and hopefully, overcome them. We will also probably schedule several days at Wichita before and after the ECP class to indulge our need for lab simulation torture. CL: agreed - if you can afford it or the boss will pay for it, take it. But be advised - this class is not someplace to learn what you need
Can anyone recommend this book [7:1042]
Thanks Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1042&t=1042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bay cisco and ospf [7:1036]
Given that your debugs are not showing anything you probably have some sort of a config problem on your Cisco because if it was setup right then I believe it should be sending out hellos every 10 seconds to the Ethernet interface whether it has a neighbor there or not. Post your configs... At 08:45 PM 4/17/01, you wrote: >Any magic that need that i am not aware of ... > >debug ip ospf adjencencie >debug ip ospf packet >debug ip ospf events > >show nothing the router is quiet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1041&t=1036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless question. [7:1034]
The questions seems capture form the Certification .net Cisco Channel Certification Wireless Lan EXAM You have so much time to do it before clicking the SUBMIT button , cause it is a web exam. Ken ""Ryan Ngai Hon Kong"" Guys, > > Hope you don't mind helping me with this. > > 1) What is the purpose for including a fade margin of 10 dB into the antenna > calculation utility? > a. To increase the distances achieved > b. There are no discernable differences by including a fade margin or not > c. To offset weather conditions such as rain or snow > d. None of the above > > 2) The range or coverage of an 802.11b Direct Sequence Wireless LAN > depends on: (Choose the best answer.) > a. Transmit Power and Antenna System > b. Radio Sensitivity and Processing Gain > c. Transmit Power, Radio Sensitivity, and Antenna System > d. A and B > > 3) A lightning arrestor is used in conjunction with the bridges to > facilitate the following: > a. Bleed off static charges to help prevent a direct lightning hit > b. To dissipate any energy from a near lightning strike > c. Neither A nor B > d. Both A and B > > 4) 802.11 Direct Sequence individual channels occupy how much of the > spectrum? > a. 11 MHz > b. 1 MHz > c. 22 MHz > d. 83.5 MHz > > 5) The most common occurrence of multipath interference comes from: > a. Point-to-point bridge link > b. Point-to-multipoint bridge link > c. In-building open air coverage > d. In-building cluttered environment > > 6) More data can be sent over the airwaves in one of two manners: More > frequency or... > a. using lower frequencies. > b. using more complex modulation. > c. using better filtering on the receiver. > d. None of the above > > 7) What is the minimum overlap in RF coverage that is needed to allow a > repeater to associate to a root AP? > a. 25% > b. 50% > c. 100% > d. There is no minimal coverage required > > 8) Antenna Diversity is useful because: > a. It helps to overcome multi-path distortion > b. Adding more coverage area by using directional Antenna > c. Looks nice > d. None of the above > > 9) Which of the follow statements are false? > a. The access point model AP342E2C is designed to support mobile users. > b. Two wireless bridges model BR342 could be used to connect a LAN to LAN. > c. Two access points model AP342E2C could be used to connect a LAN to LAN. > d. None of the above > > 10) For a BR342 to pass IP traffic properly from one LAN to another LAN > the following is true. > a. An IP address has to be set on both bridges. > b. The root bridges IP address has to be set as the gateway for all the > non-root bridges IP stack. > c. No IP address needs to be set in either bridge, it will pass all > traffic. > d. None of the above > > 11) The FCC requires the use of how many channels with a 2.4 GHz FHSS > system before repeating the pattern? > a. 79 > b. 75 > c. 70 > d. 83 > > Those question are taken from certification net and I have no clue where to > get those info. > Thanks a lot. > Best wishes, > > Ryan > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1040&t=1034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Definitely at least get something (especially before they get switches and make sniffing harder), but I think Fluke is a bit pricey for most unless that's what you really need (same with Sniffer Pro, etc.). Speaking of which, I believe we just got approved to get a Dolch box with Sniffer Pro and a ton of hardware interfaces (including 802.11). Our old box just wouldn't support some of our older WAN cards once we upgraded to GUI, and the DOS version is so outdated (but still required if we wanted to do anything with our v.35 interface). Speaking of, any idea when Sniffer Pro split into a LAN and WAN (and even "High Speed") versions? I wasn't in on specing out our new box, so I didn't know until I just looked at their site. Hey, and it looks like they even rent packaged boxes as "Sniffer Express" for week and month periods: http://www.sniffer.com/services/sniffer-rentals/default.asp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > They should get the troubleshooting tools first, in my opinion. There are > free protocol analyzers available. The problem may be some network-hog > application that doesn't belong on the network, such as Napster or > something. The problem could continue to lurk even if they did get a switch. > > Of course, protocol analysis can be very time-consuming, and time is money, > so perhaps throwing a switch in the network might be a good approach > too. Mwave.com is advertising a D-Link 8-port 10/100 switch for only > $69.99, while supplies last. They also have a 3-Com 4-port switch for only > $92 and really cheap LinkSys switches. Those are all good name brands. (No, > I don't work for them! ;-) > > Priscilla > > At 09:05 PM 4/17/01, Jason J. Roysdon wrote: > >Convince them to get troubleshooting tools when they don't even have > >switches? *chuckles* Good luck. > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Chuck Larrieu"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hhm.. > > > > > > Are these hubs daisy chained? > > > > > > Does the noticeable slowdown happen al the time, or can you isolate it to > > > particular times of day? > > > > > > Do you have an internet connection? > > > > > > Do you have anyone using any kind of dial up to an external service of > >some > > > kind? > > > > > > Have people set up their own little Windows networking networks, in > >addition > > > to your network - file and print sharing stuff? > > > > > > Are people having to print a lot of things they weren't doing before? > > > > > > Story time: > > > > > > Back at the brokerage firm, there was an occasion where my help desk > >started > > > getting calls about the network being down. In general, this kind of > > > complaint could be attributed to not being logged on to the network, and > > > usually we would blow off the callers with the instruction to log on. > >Well, > > > upon thinking about the fact that people who were complaining were in > many > > > cases "good" users, and the fact that there were so many calls that > >morning, > > > I traced back one of the end user stations to a particular hub ( we had > >hubs > > > plugged into switches at the time ) and I was shocked to see the > collision > > > light solid red. I was able to use the HP stack manager software to > >discover > > > that a particular port was just saturating the hub with traffic. Tracking > > > down that user, I learned that particular person was connected to a > > > particular internet based service ( some kind of research database ) and > >was > > > downloading and updating a complex database file using a particular > > > proprietary piece of software. The damn thing practically seized the > >entire > > > bandwidth of that hub, and so monopolized the traffic that other folks > >were > > > losing their connections to the Novell servers, I am guessing because of > > > lack of keepalives. > > > > > > Once the problem was identified, I gave this particular user a dedicated > > > switch port, and life was good after that. > > > > > > My point being that even though you have a very few users, all it takes > is > > > one bandwidth piggy, and your shared collision domain network is toast. > > > Might want to convince the boss that investment in a Fluke meter or some > > > kind of management software is a good thing. > > > > > > Chuck > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > >John > > > Brandis > > > Sent: Tuesday, April 17, 2001 5:09 PM > > > To: [EMAIL PROTECTED] > > > Subject: Network Collisions [7:1006] > > > > > > G'day all where ever you may be. > > > > > > I have been watching my network here in my office and I have noticed that > > > over
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
The Novell client doesn't use the windows login password (they keep them blank and actually have a script that deletes *.pwl), and is also configured to blank out the username. This can be done with NT as well (or at least instruct users to use blank local windows passwords). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > User name is easily found by looking at the default login screen on a > windoze device. > > As for the password, it's no doubt easily found on one of the post-it's on > the edge of the monitor. ;-> > > I'm with Howard - exactly what does a layer two security feature accomplish > in real terms? > > Chuck > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 5:51 PM > To: [EMAIL PROTECTED] > Subject: Re: Windows XP and Catalyst 5000 Issues ... [7:911] > > True, but even if you sat down at a PC and got its MAC address (or just used > that same PC), you'd still have to have the username/password for any real > access, as even their Bordermanager proxy is based on being authenticated to > NDS. But good point if that's all a person was using to verify a valid > connection to a network. > > But the without locking it down to a MAC address, what would stop a > broadcast storm at the local switch? What other authentication methods are > there at layer 2? I mean, I guess you could have some sort of script that > would disable the port if the user failed to authenticate with your servers > within a given amount of time... but in that time a WinXP PC would have > melted a Cat5k (or worse: a program that simulates the same problem that can > be run on an OS). > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Howard C. Berkowitz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Frankly, I'm very dubious about any security scheme based on MAC > > address alone, for wired or wireless networks. At best, it's > > controlling which device can plug into a port, using an identifier > > that can be spoofed without all that much effort. The MAC address > > proves absolutely nothing about the identity of the person using the > > device. I'm really not sure what problem, in most cases, it solves. > > Once the device is connected, there are no controls. > > > > Data link level encryption does make sense for wireless networks. > > > > If I am concerned about random devices plugging into a LAN and doing > > evil, I'd much rather that they have to connect to an authenticating > > proxy server, or let them in but control server access, or require > > encryption with authentication of the user ID. There are other > > methods for controlling broadcast attacks. > > > > >Regarding layer 2 security, it all comes down to how much of an > > >administrative load you can handle. We have one customer that locks each > > >port down to the MAC address of what is supposed to be there. No > > >unauthorized traffic is allowed to touch the network beyond the switch > port > > >which just drops it. They very rarely if ever have moves, and when they > do > > >it all has to be coordinated with the lan/switch netadmin. I hate it > > >because I can't just come in and plug in my laptop anywhere ;-p > > > > > >Of course, this wouldn't work with an IP phone install where you're > expected > > >to be able to move phones all of the time. I'm sure there is some way to > > >create a list of MAC addresses (and maybe tag them with an appropriate > VLAN, > > >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is > > >essentially firewalled from the rest of the network). Still, this same > bug > > >would have melted a network configured as such. > > > > > > > > >-- > > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > >List email: [EMAIL PROTECTED] > > >Homepage: http://jason.artoo.net/ > > > > > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >> Taking a step back, she asked, "so what's with this 802.1x standard, > > >> anyway?" Is anyone actually using it? > > >> > > >> Data-link-layer security definitely makes sense for 802.11 wireless > > >> networks. Does it really make sense for wired networks? Is the bug > > >> happening with wired or wireless networks? It sounds like it's > happening > > >> with wired networks since the bug is with the Catalyst 5000 EARL, > though > > >> some of the reports have called 802.1x a wireless standard. That's > pretty > > >> bad that the switches forward the multicasts out blocked ports. How > could > > >> that have happened? Just a bug I guess. > > >> > > >> Back to my original question. Does security at the data-link-layer > make > > >> sense for wired netwo
RE: Keystrokes to stop traceroute or Ping... [7:978]
And if you are reverse telnetted into a router, hit Control + Shift + 6 6. This way, you won't get shot back to the terminal server. Fred >From: "tim sullivan" Reply-To: "tim sullivan" To: [EMAIL PROTECTED] >Subject: RE: Keystrokes to stop traceroute or Ping... [7:978] Date: Tue, 17 >Apr 2001 17:28:04 -0400 > >ctrl/shift 6 at the same time and then x for traceroute ctrl/shift 6 at >thesame time for ping > > >From: "[EMAIL PROTECTED]" >Reply-To: "[EMAIL PROTECTED]" > >To: [EMAIL PROTECTED] >Subject: RE: Keystrokes to stop traceroute or >Ping... [7:978] >Date: Tue, 17 Apr 2001 16:57:30 -0400 > >ctrl/shift, then >6 > >-Original Message- >From: Rizzo Damian >[mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 17, 2001 13:51 >To: >[EMAIL PROTECTED] >Subject: Keystrokes to stop traceroute or Ping... >[7:978] > > >Anyone remember the keystrokes to stop a router from >performing an endless >traceroute or ping?... Thanks. > > > -Rizzo >FAQ, >list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html >Report misconduct and >Nondisclosure violations to [EMAIL PROTECTED] >FAQ, list archives, and >subscription info: >http://www.groupstudy.com/list/cisco.html >Report >misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ Get your >FREE download of MSN Explorer at http://explorer.msn.com >subscription info: http://www.groupstudy.com/list/cisco.html Report >misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1037&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bay cisco and ospf [7:1036]
hello all: here is a question. I have a setup as this R1-etherR2 R1=cisco 2501 R2=BAy ARN now i have batled a for a bit with this scenario..routing rip between the is easy but; OSPF my gooness. I do not want to go into writting the configs but r1 and r2 all interfaces in area 0.I have not been able to stablish adjencencies between the two. now this is what i have found out so share something outside of the below if you are willing to coment. area number in bay routers are in dotted notation only cisco can do both dotted and decimal.so i am using area 0 for both routers 0.0.0.0...common denominator i am using dotted notation i found out that the MTU size for ospf for BAy is 1576 and cisco 1500 and they must both match in order to form adjencencies between both. I have set the mtu size on bay 1500. still no adjencencies but they can ping each other..What am I missing ?? Any magic that need that i am not aware of ... debug ip ospf adjencencie debug ip ospf packet debug ip ospf events show nothing the router is quiet any help apreciated.. El pingu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1036&t=1036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Studying for the CCIE... [7:1035]
I got an email asking for some help with info regarding studying for the CCIE. Since it seemed to me that this stuff might be of use to alot of other people I've gone ahead and posted my response. Hope you don't mind. Karen - On 4/15/2001 at 4:45 PM @yahoo.com wrote: >i have passed ccna and wanna to appear for ccie directly.can u plz >help me what to do study,from where and what r good links and good >s/w for both ccnp and ccie. > *** REPLY *** A CCIE friend of mine said that the difference between a CCIE and a CCNP is the amount and quality of the experience. A CCNP may have as much or even more knowledge and information, but a CCIE has experienced it and understands what to do with it and what its good for. That being said, I'd say that if you want to go for CCIE you should get as much experience as you can until you know the basics in your sleep and understand the rest thoroughly. I've included a list of URLs for assorted resources that may be of use to you. There are any number of books out there that have the information but it will only take you so far. The groupstudy list archives and the Cisco CCIE recommended reading list are a good place to start when putting together a reading list. Computer Based Training (CBTs) and the Cisco CIMs are another option but you should be warned that alot of CBTs have errors so you'll need to double check all of the info with the Cisco web site and/or books anyway. Also, CBTs and Cisco CIMs tend to be rather pricey. However, if you learn best in an interactive environment, you can't do any better without actually touching a router or switch. Having a certain familiarity with the RFCs out there can be good if only so that you know what information they contain and what they DON'T contain. Knowing - and understanding, the OSI model is absolutely essential. If you know the OSI model it can help you with the troubleshooting skills that you'll need for the CCIE lab. Knowing what tasks each layer performs and what protocols/technologies fall into each layer can help you narrow down a fault faster than anything but actual experience. Understanding the basic technologies involved is also essential. Knowing how a protocol works and behaves is all very well and good, but understanding the physical technology it's running over can tell you as much or more about the practical limitations and behavior of the network. Needless to say, knowing how the physical technologies work won't do you any good unless you know how the protocols that run over them work. The best way to learn is, of course, through hands on. There are a number of router labs that are available online. Some are free, but most charge a fee for access. Since the CCIE lab requires you to show a certain amount of adeptness with entering in configs, you can get additional practice by pretending that a text editer is a router command line and type in the commands over and over until the commands are second nature. Be careful though, you should verify that a command or series of commands actually works the way you think it does before you drill it into memory through such practice. Practice labs are a good way of getting the practice you need, but you should also make a list of all the configuration tasks that should be known by CCNAs and CCNPs and make that list the core of what you study. These are the things that I meant by "basics" in the first paragraph. The configuration cookbooks available on the Cisco website are a good source of working configs that cover these basics. Another hands-on type of practice is with the Cisco Documentation CD. Since this CD is provided in the CCIE lab you should be thoroughly familiar with what information is included in it and how that info is structured so that when the time comes for the lab you can find the information you need in a short period of time. Before I paste in the list of URLs I'll leave you with one more thing. That CCIE friend of mine gave me one bit of wisdom that I think that any network person should know by heart... "Just because you can, doesn't mean you should." A good corollary for this is Howard Berkowitz's "What is the problem you are trying to solve?". It might not help you with the lab, but its certainly worth knowing for your professional life/career. As for your personal life... that really cool thing you want to implement may not be practical, but it can ALWAYS be justified by applying the magic words "Its for practice..." Hope this helps and Good Luck! Karen E Young URLS: -- Note: This list isn't exhaustive and it certainly isn't organized. There's alot more resources out there but this should get you started. http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html http://www.cisco.com/networkers/presentations/ http://www.cisco.com/networkers/nw99_pres/index.htm htt
Wireless question. [7:1034]
Guys, Hope you don't mind helping me with this. 1) What is the purpose for including a fade margin of 10 dB into the antenna calculation utility? a. To increase the distances achieved b. There are no discernable differences by including a fade margin or not c. To offset weather conditions such as rain or snow d. None of the above 2) The range or coverage of an 802.11b Direct Sequence Wireless LAN depends on: (Choose the best answer.) a. Transmit Power and Antenna System b. Radio Sensitivity and Processing Gain c. Transmit Power, Radio Sensitivity, and Antenna System d. A and B 3) A lightning arrestor is used in conjunction with the bridges to facilitate the following: a. Bleed off static charges to help prevent a direct lightning hit b. To dissipate any energy from a near lightning strike c. Neither A nor B d. Both A and B 4) 802.11 Direct Sequence individual channels occupy how much of the spectrum? a. 11 MHz b. 1 MHz c. 22 MHz d. 83.5 MHz 5) The most common occurrence of multipath interference comes from: a. Point-to-point bridge link b. Point-to-multipoint bridge link c. In-building open air coverage d. In-building cluttered environment 6) More data can be sent over the airwaves in one of two manners: More frequency or... a. using lower frequencies. b. using more complex modulation. c. using better filtering on the receiver. d. None of the above 7) What is the minimum overlap in RF coverage that is needed to allow a repeater to associate to a root AP? a. 25% b. 50% c. 100% d. There is no minimal coverage required 8) Antenna Diversity is useful because: a. It helps to overcome multi-path distortion b. Adding more coverage area by using directional Antenna c. Looks nice d. None of the above 9) Which of the follow statements are false? a. The access point model AP342E2C is designed to support mobile users. b. Two wireless bridges model BR342 could be used to connect a LAN to LAN. c. Two access points model AP342E2C could be used to connect a LAN to LAN. d. None of the above 10) For a BR342 to pass IP traffic properly from one LAN to another LAN the following is true. a. An IP address has to be set on both bridges. b. The root bridges IP address has to be set as the gateway for all the non-root bridges IP stack. c. No IP address needs to be set in either bridge, it will pass all traffic. d. None of the above 11) The FCC requires the use of how many channels with a 2.4 GHz FHSS system before repeating the pattern? a. 79 b. 75 c. 70 d. 83 Those question are taken from certification net and I have no clue where to get those info. Thanks a lot. Best wishes, Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1034&t=1034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Study Techniques [7:1033]
Hey, all, I was wrong in my previous posting... I actually have 4 months, not 3. This is a longish post, so delete if not to your liking. I'd be interested in hearing how others are preparing. Anyways, a friend (whom I call the Professor) and I are both preparing for the lab in lock-step (as opposed to lock and key), and thought I would share the techniques we are using to prepare for our upcoming lab date...August 17, 2001! Whoo hee! It is an understatement to say that I am studying better and learning better with another person than by myself. Having a study partner can really motivate you to do more and do more better! Our personalities and study habits are radically different. The professor tends to be full of facts and is able to recall an amazing amount of information about things Cisco, both hardware and software. My approach is more Rainman: I can do it, but I would be at a loss to explain how or why I did it. So, the partnership works real well... Routers, routers, and more routers! You can not have too many. My rack has 8, the Professor has 7; together, we can make 15, which is actually one shy of being unreachable if you are a certain DV routing protocol. We study our individual topics apart, and then link up the racks to do a big exercises containing everything that we just studied separately. Read, read, and read some more! Stephen King and Faulkner have fallen by the way side, replaced by Caslow, Doyle, Oppenheimer, et al. While reading, I highlight the critical points, and then summarize them into a 2-3 page crib sheet. The Professor and I have also started a once a week lunch and learn session where we lecture about a chosen topic. The twist? Given a list of topics, pick the topic that you know the least about and the other person knows more about than you: you'll learn more, and the other person can tell you if you got it or not. Great technique, highly recommend it! Also, Cisco may also help and I don't guarantee this. If your company is a big customer of Cisco AND you have passed your written AND have a lab date scheduled, you may be able to use the local Cisco lab facilities in the city nearest you to practice topics that you may not otherwise be able to...I refer to ATM, VOxx, token ring switches, ISDN, etc. Check with your local Cisco rep about this.These resources are limited so I would not waste them on a topic such as RIP; instead, budget lab time for the big ticket items as mentioned. As much as I hate to part with the money, I am going to purhcase an ISDN simulator, probably from http://www.bigdcom.com/teleline.html (last price quote was $1688 for a 2-line BRI model). ISDN can be a very troublesome topic even though it is relatively simple: when you start doing DDR that, CHAP this, snapshot over here, and so on and so on over ISDN, you need to know ISDN better than Howard can quote RFCs verbatim. If you have to sell blood or your mother-in-law, get the ccbootcamp labs! I have them, the Professor has them, and together, we have praised and cursed the name of Marc Russell. Those labs are TOUGH, and have made us think in new ways, and look at technologies from a different angle... sort of like Robin Williams in Dead Poets Society (Dead Routes Society, perhaps?) Once again, Marc doesn't pay for the commerical. Finally, the Professor and I will be attending the ECP class in July to learn our weaknesses and hopefully, overcome them. We will also probably schedule several days at Wichita before and after the ECP class to indulge our need for lab simulation torture. If, after all this preparation, one of us passes and the other doesn't: the passer will run while the non-passer playfully chases behind with a knife, perhaps Ginsu, shouting mock expletives. If neither passes, then we will have to do the unthinkable and renew our MCSE certifications and go back to providing Microsoft support. There's an incentive... HTH, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1033&t=1033 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written questions [7:1005]
Hi Following your format... 1) Yes it has all the stuff droped from the lab. 2) The CCNx tests are frankly not all that deep compared to the CCIE written test. The depth and bredth of the CCIE is vast. Yes the test is fairly easy, IF YOU KNOW THE ANSWER. And they will throw in some pretty obscure and tricky subjects. I would strongly suggest that you do not under or over estimate this test. Go to the CCO site and use the recommended reading list and blueprint. 3) Well... there are two camps on this. Getting yourself up for that lab will definately help for the written. I figure that I really started studying for the lab the day I got my first router for home. But doing labs and developing a lab method will NOT beat RIFs into your head, it won't help you understand 4D/5D, etc, etc. On the other hand will studying for the written help with the lab, sure, every little bit of knowledge you can draw on is a good thing. $0.02 -- John Hardman CCNP MCSE ""No Data"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1. Does the CCIE Written test still contain the topics > that have been droped from the lab (i.e. LANE, > Appletalk, etc.) or have they been dropped from the > written test as well? > > 2. How hard is the written test compared to the CCNP > tests? I just have CIT to go and so far have been > scoring right around 900, is the test significantly > harder than the others? > > 3. I've heard that studying for the Lab and the > Written at the same time is not a good idea. This > doesn't make sense to me as the way I solidify my > grasp of concepts is to log onto my routers, try it > out, and see what it does. Does anyone have any > comments on studying for both at the same time? > > Thanks, > Ben > > PS Im new here so hi everyone :) > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1032&t=1005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
I freely admit I'm not a Windows networking person. But it's not clear to me what the threat is that is being protected against. >True, but even if you sat down at a PC and got its MAC address (or just used >that same PC), you'd still have to have the username/password for any real >access, as even their Bordermanager proxy is based on being authenticated to >NDS. But good point if that's all a person was using to verify a valid >connection to a network. > >But the without locking it down to a MAC address, what would stop a >broadcast storm at the local switch? Is the MAC address relevant if you simply rate-limit broadcasts at the port? Block the port if it senses > 500 broadcasts per second over more than 1 second? > What other authentication methods are >there at layer 2? But why should the authentication be done at layer 2? Are you protecting against a rogue host doing a denial of service on the LAN? Or are you protecting servers? I can understand rate limiting ports. I just am not sure why you would do it on a MAC address basis. >I mean, I guess you could have some sort of script that >would disable the port if the user failed to authenticate with your servers >within a given amount of time... but in that time a WinXP PC would have >melted a Cat5k (or worse: a program that simulates the same problem that can >be run on an OS). > >-- >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ >List email: [EMAIL PROTECTED] >Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1031&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
They should get the troubleshooting tools first, in my opinion. There are
free protocol analyzers available. The problem may be some network-hog
application that doesn't belong on the network, such as Napster or
something. The problem could continue to lurk even if they did get a switch.
Of course, protocol analysis can be very time-consuming, and time is money,
so perhaps throwing a switch in the network might be a good approach
too. Mwave.com is advertising a D-Link 8-port 10/100 switch for only
$69.99, while supplies last. They also have a 3-Com 4-port switch for only
$92 and really cheap LinkSys switches. Those are all good name brands. (No,
I don't work for them! ;-)
Priscilla
At 09:05 PM 4/17/01, Jason J. Roysdon wrote:
>Convince them to get troubleshooting tools when they don't even have
>switches? *chuckles* Good luck.
>
>--
>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>""Chuck Larrieu"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hhm..
> >
> > Are these hubs daisy chained?
> >
> > Does the noticeable slowdown happen al the time, or can you isolate it to
> > particular times of day?
> >
> > Do you have an internet connection?
> >
> > Do you have anyone using any kind of dial up to an external service of
>some
> > kind?
> >
> > Have people set up their own little Windows networking networks, in
>addition
> > to your network - file and print sharing stuff?
> >
> > Are people having to print a lot of things they weren't doing before?
> >
> > Story time:
> >
> > Back at the brokerage firm, there was an occasion where my help desk
>started
> > getting calls about the network being down. In general, this kind of
> > complaint could be attributed to not being logged on to the network, and
> > usually we would blow off the callers with the instruction to log on.
>Well,
> > upon thinking about the fact that people who were complaining were in
many
> > cases "good" users, and the fact that there were so many calls that
>morning,
> > I traced back one of the end user stations to a particular hub ( we had
>hubs
> > plugged into switches at the time ) and I was shocked to see the
collision
> > light solid red. I was able to use the HP stack manager software to
>discover
> > that a particular port was just saturating the hub with traffic. Tracking
> > down that user, I learned that particular person was connected to a
> > particular internet based service ( some kind of research database ) and
>was
> > downloading and updating a complex database file using a particular
> > proprietary piece of software. The damn thing practically seized the
>entire
> > bandwidth of that hub, and so monopolized the traffic that other folks
>were
> > losing their connections to the Novell servers, I am guessing because of
> > lack of keepalives.
> >
> > Once the problem was identified, I gave this particular user a dedicated
> > switch port, and life was good after that.
> >
> > My point being that even though you have a very few users, all it takes
is
> > one bandwidth piggy, and your shared collision domain network is toast.
> > Might want to convince the boss that investment in a Fluke meter or some
> > kind of management software is a good thing.
> >
> > Chuck
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>John
> > Brandis
> > Sent: Tuesday, April 17, 2001 5:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: Network Collisions [7:1006]
> >
> > G'day all where ever you may be.
> >
> > I have been watching my network here in my office and I have noticed that
> > over
> > the last week, that the network is slowing down. Due to financial
> > constraints,
> > we are using 10/100 16 port hubs (2) {just thought I would point that
out}
>I
> > have noticed that the collision LED's are on a fair bit these days. I
> > checked
> > to see if the errors where due to cable problems or broken ports on the
>hub,
> > but this was not the case. I made sure all the PC's were using the same
> > protocol and still I have an abnormal amount of collisions. I understand
> > that
> > I will have collisons but for a 11 user network that is centerd around a
> > WIN2k
> > Server/Exchange server I have about a 40% collision rate.
> > Does any one have any idea's (besides the obvious of buying a switch) on
>how
> > I
> > can troubleshoot this or fix the problem...
> >
> > Thanks gang
> >
> > John Brandis
> > Network Engineer
> > GoWireless Communications
> > 155 George Street Sydney
> > +61 2 9251 5000
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>ht
Re: CCNP study book [7:1010]
First & foremost- experience in the field is you best teacher. I had about 2 years as a CCNA & finished all 4 CCNP exams in a little over a months time. Having said that, I used the Cisco CCNP library & the 4 CCNP Exam Cram series books. Between the two & maybe testing your knowledge on the www.Boson.com exams... you should have no problems with the CCNP cert. Good Luck Phil - Original Message - From: Culx One To: Sent: Tuesday, April 17, 2001 8:27 PM Subject: CCNP study book [7:1010] > Hello, > > I just completed my CCNA and thinking of proceeding to CCNP, but I need you > guys advise on the book to use for the study. I have two books I thinking of > buying one, they are CCNP exam certification library and CCNP exam > preparation library both from Cisco. > > I need anyone advise on this issue. Thank you. > > Culx > ___ > Visit http://www.visto.com/info, your free web-based communications center. > Visto.com. Life on the Dot. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1027&t=1010 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows XP and Catalyst 5000 Issues ... [7:911]
User name is easily found by looking at the default login screen on a windoze device. As for the password, it's no doubt easily found on one of the post-it's on the edge of the monitor. ;-> I'm with Howard - exactly what does a layer two security feature accomplish in real terms? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 5:51 PM To: [EMAIL PROTECTED] Subject:Re: Windows XP and Catalyst 5000 Issues ... [7:911] True, but even if you sat down at a PC and got its MAC address (or just used that same PC), you'd still have to have the username/password for any real access, as even their Bordermanager proxy is based on being authenticated to NDS. But good point if that's all a person was using to verify a valid connection to a network. But the without locking it down to a MAC address, what would stop a broadcast storm at the local switch? What other authentication methods are there at layer 2? I mean, I guess you could have some sort of script that would disable the port if the user failed to authenticate with your servers within a given amount of time... but in that time a WinXP PC would have melted a Cat5k (or worse: a program that simulates the same problem that can be run on an OS). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Frankly, I'm very dubious about any security scheme based on MAC > address alone, for wired or wireless networks. At best, it's > controlling which device can plug into a port, using an identifier > that can be spoofed without all that much effort. The MAC address > proves absolutely nothing about the identity of the person using the > device. I'm really not sure what problem, in most cases, it solves. > Once the device is connected, there are no controls. > > Data link level encryption does make sense for wireless networks. > > If I am concerned about random devices plugging into a LAN and doing > evil, I'd much rather that they have to connect to an authenticating > proxy server, or let them in but control server access, or require > encryption with authentication of the user ID. There are other > methods for controlling broadcast attacks. > > >Regarding layer 2 security, it all comes down to how much of an > >administrative load you can handle. We have one customer that locks each > >port down to the MAC address of what is supposed to be there. No > >unauthorized traffic is allowed to touch the network beyond the switch port > >which just drops it. They very rarely if ever have moves, and when they do > >it all has to be coordinated with the lan/switch netadmin. I hate it > >because I can't just come in and plug in my laptop anywhere ;-p > > > >Of course, this wouldn't work with an IP phone install where you're expected > >to be able to move phones all of the time. I'm sure there is some way to > >create a list of MAC addresses (and maybe tag them with an appropriate VLAN, > >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is > >essentially firewalled from the rest of the network). Still, this same bug > >would have melted a network configured as such. > > > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> Taking a step back, she asked, "so what's with this 802.1x standard, > >> anyway?" Is anyone actually using it? > >> > >> Data-link-layer security definitely makes sense for 802.11 wireless > >> networks. Does it really make sense for wired networks? Is the bug > >> happening with wired or wireless networks? It sounds like it's happening > >> with wired networks since the bug is with the Catalyst 5000 EARL, though > >> some of the reports have called 802.1x a wireless standard. That's pretty > >> bad that the switches forward the multicasts out blocked ports. How could > >> that have happened? Just a bug I guess. > >> > >> Back to my original question. Does security at the data-link-layer make > >> sense for wired networks? I guess there could be cases where a person has > >> physical access to an Ethernet port but is not supposed to be able to use > >> the network. Maybe in a conference room or lobby. How does the > >> authentication actually take place? Do you need to use Radius or TACACS > >also? > >> > >> And one more question, is anyone actually using Windows XP yet? I guess > >> people must be for this bug to have been found. > >> > >> Interesting thread. Would anyone care to share some "big picture" > comments > >> on the subject? > >> > >> Priscilla > >> > >> At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > >> > > Possible solution? > >> > > > >> > > * Oper
RE: CCIE Written questions [7:1005]
Comment below: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of No Data Sent: Tuesday, April 17, 2001 4:46 PM To: [EMAIL PROTECTED] Subject:CCIE Written questions [7:1005] 3. I've heard that studying for the Lab and the Written at the same time is not a good idea. This doesn't make sense to me as the way I solidify my grasp of concepts is to log onto my routers, try it out, and see what it does. Does anyone have any comments on studying for both at the same time? Check out Doyle - pp 883 ff ( appendix C ) for a different opinion Thanks, Ben PS Im new here so hi everyone :) __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1028&t=1005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DC Spring Cisco Picnic Saturday [7:1001]
This is really cool, but I guess if there is one in NYC it definitely should not be on this coming Saturday unless it is in Yankee Stadium, Red Sox in town! Bruce or anyone has been in the picnic last year, could you guys let us know how things like in the past, one day is not a whole lot of time of doing something, when you finish hooking everything up, it is lunch time, after lunch time.., sunset already... :) got to be a great chance to know nice folks from the list. Do other regions have the similar events? Thanks Kent ""Zolt"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Cool! > > Does anyone plan similar picnic in NYC area? I would be interested. > > Zolt > > ""Bruce Evry"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > This is to invite you to attend our Cisco-DC get-together coming > > up this Saturday, April 21, 2001. This is our Spring Picnic, aka Router > > Roast. (but no, we don't roast routers, we just use them as warming > > trays, really, they work great) > > > > Saturday, April 21, 2001 > > Time: 10 am to 4 pm, lunch around noon > > Place: Bruce Evry's House (aka The Hilltop Estate) > > > > This time we are planning on doing all the exciting hands-on lab > > stuff in the early morning and then have some talks on various topics in > > the afternoon. > > > > There is no charge or fee. If you'd like to bring snacks or sodas > > or desserts to share, that is always appreciated! > > > > You can also bring routers, switches, and laptops, of course. > > Just make sure that all things you bring are carefully marked! > > > > DIRECTIONS TO THE HOUSE > > > > 1607 Thomas Road, > >Fort Washington, MD 20744 > > > > From Maryland take I-95 to exit 3a in MD, > > From Virginia take Exit 2 in MD > > > >To the Indian Head Highway South. > > > > Go about 3 miles, turn Left on Old Fort Road. > > > > Go exactly 2 miles on Old Fort Road, > >Turn Right on Thomas Road. > > We are 1607 Thomas Rd, > > almost all the way down the street on the left. > > > > Look for bright orange pumpkin & a long gravel driveway > > With no House visible from street! > > > > If lost, our phone # is 301-292-5231, call us! > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1026&t=1001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Have CS-508 and CS-516 terminal servers for sale or trade [7:1025]
Let me know at [EMAIL PROTECTED] if you are interested. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1025&t=1025 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: DC Spring Cisco Picnic Saturday [7:1024]
Anybody in Minneapolis care to do something like this? I can host. Peter - Original Message - From: "Bruce Evry" To: Cc: Sent: Tuesday, April 17, 2001 6:22 PM Subject: DC Spring Cisco Picnic Saturday > Hello, > > This is to invite you to attend our Cisco-DC get-together coming > up this Saturday, April 21, 2001. This is our Spring Picnic, aka Router > Roast. (but no, we don't roast routers, we just use them as warming > trays, really, they work great) > > Saturday, April 21, 2001 > Time: 10 am to 4 pm, lunch around noon > Place: Bruce Evry's House (aka The Hilltop Estate) > > This time we are planning on doing all the exciting hands-on lab > stuff in the early morning and then have some talks on various topics in > the afternoon. > > There is no charge or fee. If you'd like to bring snacks or sodas > or desserts to share, that is always appreciated! > > You can also bring routers, switches, and laptops, of course. > Just make sure that all things you bring are carefully marked! > > DIRECTIONS TO THE HOUSE > > 1607 Thomas Road, >Fort Washington, MD 20744 > > From Maryland take I-95 to exit 3a in MD, > From Virginia take Exit 2 in MD > >To the Indian Head Highway South. > > Go about 3 miles, turn Left on Old Fort Road. > > Go exactly 2 miles on Old Fort Road, >Turn Right on Thomas Road. > We are 1607 Thomas Rd, > almost all the way down the street on the left. > > Look for bright orange pumpkin & a long gravel driveway > With no House visible from street! > > If lost, our phone # is 301-292-5231, call us! > **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1024&t=1024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Here are some thoughts in no particular order:
Try plugging in a Sniffer and look for late collisions or other symptoms.
Oops, I forgot you have no money. For those of us who don't have $40,000
U.S. to spend on a Sniffer, there are shareware versions out on the Internet
that could help.
Check and make sure that you do not have a duplex mismatch. Duplex should
always be set manually on all devices. I never trust autonegotation because
the Nic makers and the hub makers didn't cooperate, and therefore duplex
negotiation can be random. Have you had a power outage in the last week?
Things can run along fine until a power outage or reboot, and then duplex
gets renegotiated, and then it's wrong. Such a problem can make a network
miserable.
>From a command prompt type netstat -s might help you a little.
Try unplugging devices one at a time, and see which one causes the collision
light blink less frequently. Check for a bad NIC. Try changing NICs.
Remember the arp cache on a Cisco router is 4 hours. Flush your cache.
It may just turn out that you have a ton of traffic. You have to remember
that ever since the Pentium, a single computer is able to flood a 10Mb wire.
You say that it happened this week. Check and see if someone has installed
new software recently. Check directory creation dates. Has someone installed
a new computer recently?
I hope that helps.
""John Brandis"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> G'day all where ever you may be.
>
> I have been watching my network here in my office and I have noticed that
> over
> the last week, that the network is slowing down. Due to financial
> constraints,
> we are using 10/100 16 port hubs (2) {just thought I would point that out}
I
> have noticed that the collision LED's are on a fair bit these days. I
checked
> to see if the errors where due to cable problems or broken ports on the
hub,
> but this was not the case. I made sure all the PC's were using the same
> protocol and still I have an abnormal amount of collisions. I understand
that
> I will have collisons but for a 11 user network that is centerd around a
> WIN2k
> Server/Exchange server I have about a 40% collision rate.
> Does any one have any idea's (besides the obvious of buying a switch) on
how
> I
> can troubleshoot this or fix the problem...
>
> Thanks gang
>
> John Brandis
> Network Engineer
> GoWireless Communications
> 155 George Street Sydney
> +61 2 9251 5000
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1023&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Convince them to get troubleshooting tools when they don't even have
switches? *chuckles* Good luck.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Chuck Larrieu"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hhm..
>
> Are these hubs daisy chained?
>
> Does the noticeable slowdown happen al the time, or can you isolate it to
> particular times of day?
>
> Do you have an internet connection?
>
> Do you have anyone using any kind of dial up to an external service of
some
> kind?
>
> Have people set up their own little Windows networking networks, in
addition
> to your network - file and print sharing stuff?
>
> Are people having to print a lot of things they weren't doing before?
>
> Story time:
>
> Back at the brokerage firm, there was an occasion where my help desk
started
> getting calls about the network being down. In general, this kind of
> complaint could be attributed to not being logged on to the network, and
> usually we would blow off the callers with the instruction to log on.
Well,
> upon thinking about the fact that people who were complaining were in many
> cases "good" users, and the fact that there were so many calls that
morning,
> I traced back one of the end user stations to a particular hub ( we had
hubs
> plugged into switches at the time ) and I was shocked to see the collision
> light solid red. I was able to use the HP stack manager software to
discover
> that a particular port was just saturating the hub with traffic. Tracking
> down that user, I learned that particular person was connected to a
> particular internet based service ( some kind of research database ) and
was
> downloading and updating a complex database file using a particular
> proprietary piece of software. The damn thing practically seized the
entire
> bandwidth of that hub, and so monopolized the traffic that other folks
were
> losing their connections to the Novell servers, I am guessing because of
> lack of keepalives.
>
> Once the problem was identified, I gave this particular user a dedicated
> switch port, and life was good after that.
>
> My point being that even though you have a very few users, all it takes is
> one bandwidth piggy, and your shared collision domain network is toast.
> Might want to convince the boss that investment in a Fluke meter or some
> kind of management software is a good thing.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John
> Brandis
> Sent: Tuesday, April 17, 2001 5:09 PM
> To: [EMAIL PROTECTED]
> Subject: Network Collisions [7:1006]
>
> G'day all where ever you may be.
>
> I have been watching my network here in my office and I have noticed that
> over
> the last week, that the network is slowing down. Due to financial
> constraints,
> we are using 10/100 16 port hubs (2) {just thought I would point that out}
I
> have noticed that the collision LED's are on a fair bit these days. I
> checked
> to see if the errors where due to cable problems or broken ports on the
hub,
> but this was not the case. I made sure all the PC's were using the same
> protocol and still I have an abnormal amount of collisions. I understand
> that
> I will have collisons but for a 11 user network that is centerd around a
> WIN2k
> Server/Exchange server I have about a 40% collision rate.
> Does any one have any idea's (besides the obvious of buying a switch) on
how
> I
> can troubleshoot this or fix the problem...
>
> Thanks gang
>
> John Brandis
> Network Engineer
> GoWireless Communications
> 155 George Street Sydney
> +61 2 9251 5000
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1022&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Should be easy enough to troubleshoot with a sniffer. Search the archives
here and you'll find a number of references to free/trial versions.
The solution is to segment with switches if it's not a misbehaving device
(and even still, switches are so cheap these days). How many nodes and how
many hubs?
As much as I'd like to recommend a Cisco product, for those that have a
bottom line, there is always the Linksys product line. Even a single switch
with the server(s) plugged into it running 100/full-duplex and the hubs all
connected to it would solve a lot of the collision problems for a while.
The best solution, IMHO, would be to get the cheapest Cisco switch that
supports Fast Etherchannel and a multi-port NIC that supports Fast
Etherchannel for your server(s) (Adaptec and Intel make them).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""John Brandis"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> G'day all where ever you may be.
>
> I have been watching my network here in my office and I have noticed that
> over
> the last week, that the network is slowing down. Due to financial
> constraints,
> we are using 10/100 16 port hubs (2) {just thought I would point that out}
I
> have noticed that the collision LED's are on a fair bit these days. I
checked
> to see if the errors where due to cable problems or broken ports on the
hub,
> but this was not the case. I made sure all the PC's were using the same
> protocol and still I have an abnormal amount of collisions. I understand
that
> I will have collisons but for a 11 user network that is centerd around a
> WIN2k
> Server/Exchange server I have about a 40% collision rate.
> Does any one have any idea's (besides the obvious of buying a switch) on
how
> I
> can troubleshoot this or fix the problem...
>
> Thanks gang
>
> John Brandis
> Network Engineer
> GoWireless Communications
> 155 George Street Sydney
> +61 2 9251 5000
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1021&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
Congratulations Mike. Raj :) "Michael Bambic" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It was not as difficult as I thought but then my score wasn't as high as it > should have been. There wasn't as much token as expected but that's OK. My > networking experience definitely helped out but then so did the Todd Lammle > CCIE book and the Casco book as well as a ton of information from Cisco's > site. > I finally figured out that the RIF length field is inclusive of the RC and > RD. Only one question on that any how. > :) > I wish I could remember better what was on the test but it's all a blur now, > kind of like post traumatic stress syndrome or whatever it's called. > > Mike Bambic > Lead Mentor > Phoenix Branch > 602-955-5888 > Cisco Regional Business Development Manager > TechSkills > www.techskills.com > [EMAIL PROTECTED] > > [GroupStudy.com removed an attachment of type application/ms-tnef which had > a name of winmail.dat] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1020&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
True, but even if you sat down at a PC and got its MAC address (or just used that same PC), you'd still have to have the username/password for any real access, as even their Bordermanager proxy is based on being authenticated to NDS. But good point if that's all a person was using to verify a valid connection to a network. But the without locking it down to a MAC address, what would stop a broadcast storm at the local switch? What other authentication methods are there at layer 2? I mean, I guess you could have some sort of script that would disable the port if the user failed to authenticate with your servers within a given amount of time... but in that time a WinXP PC would have melted a Cat5k (or worse: a program that simulates the same problem that can be run on an OS). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Frankly, I'm very dubious about any security scheme based on MAC > address alone, for wired or wireless networks. At best, it's > controlling which device can plug into a port, using an identifier > that can be spoofed without all that much effort. The MAC address > proves absolutely nothing about the identity of the person using the > device. I'm really not sure what problem, in most cases, it solves. > Once the device is connected, there are no controls. > > Data link level encryption does make sense for wireless networks. > > If I am concerned about random devices plugging into a LAN and doing > evil, I'd much rather that they have to connect to an authenticating > proxy server, or let them in but control server access, or require > encryption with authentication of the user ID. There are other > methods for controlling broadcast attacks. > > >Regarding layer 2 security, it all comes down to how much of an > >administrative load you can handle. We have one customer that locks each > >port down to the MAC address of what is supposed to be there. No > >unauthorized traffic is allowed to touch the network beyond the switch port > >which just drops it. They very rarely if ever have moves, and when they do > >it all has to be coordinated with the lan/switch netadmin. I hate it > >because I can't just come in and plug in my laptop anywhere ;-p > > > >Of course, this wouldn't work with an IP phone install where you're expected > >to be able to move phones all of the time. I'm sure there is some way to > >create a list of MAC addresses (and maybe tag them with an appropriate VLAN, > >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is > >essentially firewalled from the rest of the network). Still, this same bug > >would have melted a network configured as such. > > > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> Taking a step back, she asked, "so what's with this 802.1x standard, > >> anyway?" Is anyone actually using it? > >> > >> Data-link-layer security definitely makes sense for 802.11 wireless > >> networks. Does it really make sense for wired networks? Is the bug > >> happening with wired or wireless networks? It sounds like it's happening > >> with wired networks since the bug is with the Catalyst 5000 EARL, though > >> some of the reports have called 802.1x a wireless standard. That's pretty > >> bad that the switches forward the multicasts out blocked ports. How could > >> that have happened? Just a bug I guess. > >> > >> Back to my original question. Does security at the data-link-layer make > >> sense for wired networks? I guess there could be cases where a person has > >> physical access to an Ethernet port but is not supposed to be able to use > >> the network. Maybe in a conference room or lobby. How does the > >> authentication actually take place? Do you need to use Radius or TACACS > >also? > >> > >> And one more question, is anyone actually using Windows XP yet? I guess > >> people must be for this bug to have been found. > >> > >> Interesting thread. Would anyone care to share some "big picture" > comments > >> on the subject? > >> > >> Priscilla > >> > >> At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > >> > > Possible solution? > >> > > > >> > > * Operating systems, such as Windows XP, will attempt 802.1X > >> > > authentication by sending frames to the Authenticator PAE on the > >> > > destination multicast address 01-80-c2-00-00-0f and > 01-80-c2-00-00-03. > >On > >> > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or > EARL1.1, > >> > > these frames will be forwarded on all ports including spanning tree > >> > > blocking ports. Because these frames are forwarded on blocked ports, > >the > >> > > network will experience a Layer
Re: Need VPN success story. [7:1000]
Click on the size of the organization, and once the next screen loads you'll have a "Success Stories" button on the bottom left. You'll never find a lack of Cisco sales-fluff on CCO ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Cisco Newsgroup"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could you please tell me where I can find some VPN success stories? > > Thanks. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1018&t=1000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written questions [7:1005]
Amen, brother! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Will Sent: Tuesday, April 17, 2001 5:27 PM To: [EMAIL PROTECTED] Subject:Re: CCIE Written questions [7:1005] 1) The written test still covers all those topics. 2) I think that the written was comparable to the CCNP tests in difficulty, but it covered all topics, not just Switching, etc. 3) That makes sense to me too. I wouldn't say that studying for the written compares anywhere near studying for the lab though. Will ""No Data"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1. Does the CCIE Written test still contain the topics > that have been droped from the lab (i.e. LANE, > Appletalk, etc.) or have they been dropped from the > written test as well? > > 2. How hard is the written test compared to the CCNP > tests? I just have CIT to go and so far have been > scoring right around 900, is the test significantly > harder than the others? > > 3. I've heard that studying for the Lab and the > Written at the same time is not a good idea. This > doesn't make sense to me as the way I solidify my > grasp of concepts is to log onto my routers, try it > out, and see what it does. Does anyone have any > comments on studying for both at the same time? > > Thanks, > Ben > > PS Im new here so hi everyone :) > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1017&t=1005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlans and broadcasts [7:984]
[demime could not interpret encoding binary - treating as plain text] Jason, e.g. If several switches have been trunked and let's say vlan 1 exits in all these switches, any w/s (connected to vlan 1) sending a broadcast will reach all devices in vlan 1 across all switches. On the other hand, if some of these switches don't require to have vlan 1 configured, the sensible thing to do is to prune vlan 1 from the trunk going to these switches in order to save bandwidth. Some time ago, I explained that instead of pruning (that have some issues) is better to clear undesire vlans from the trunk. Hope this is of help. Regards, Frank. >Date: Tue, 17 Apr 2001 17:01:29 -0400 >From: "[EMAIL PROTECTED]" >To: [EMAIL PROTECTED] >Subject: vlans and broadcasts [7:984] >Reply-To: "[EMAIL PROTECTED]" > >Does VTP pruning have to be enabled in order to eliminate broadcasts on >desired switches? I thought VLANs already took care of that but >apparently, I'm reading a book that states that even though a client >sends out a broadcast message, every switch in the network receives this >broadcast, even though some of the switches don't have any ports in the >same VLAN. ? > >jd >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Are you a web investor? Free email at http://www.webinvestor.com.au EquityCafe: for web investors. Click here: http://www.equitycafe.com.au Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1016&t=984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Collisions [7:1006]
Hhm..
Are these hubs daisy chained?
Does the noticeable slowdown happen al the time, or can you isolate it to
particular times of day?
Do you have an internet connection?
Do you have anyone using any kind of dial up to an external service of some
kind?
Have people set up their own little Windows networking networks, in addition
to your network - file and print sharing stuff?
Are people having to print a lot of things they weren't doing before?
Story time:
Back at the brokerage firm, there was an occasion where my help desk started
getting calls about the network being down. In general, this kind of
complaint could be attributed to not being logged on to the network, and
usually we would blow off the callers with the instruction to log on. Well,
upon thinking about the fact that people who were complaining were in many
cases "good" users, and the fact that there were so many calls that morning,
I traced back one of the end user stations to a particular hub ( we had hubs
plugged into switches at the time ) and I was shocked to see the collision
light solid red. I was able to use the HP stack manager software to discover
that a particular port was just saturating the hub with traffic. Tracking
down that user, I learned that particular person was connected to a
particular internet based service ( some kind of research database ) and was
downloading and updating a complex database file using a particular
proprietary piece of software. The damn thing practically seized the entire
bandwidth of that hub, and so monopolized the traffic that other folks were
losing their connections to the Novell servers, I am guessing because of
lack of keepalives.
Once the problem was identified, I gave this particular user a dedicated
switch port, and life was good after that.
My point being that even though you have a very few users, all it takes is
one bandwidth piggy, and your shared collision domain network is toast.
Might want to convince the boss that investment in a Fluke meter or some
kind of management software is a good thing.
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John
Brandis
Sent: Tuesday, April 17, 2001 5:09 PM
To: [EMAIL PROTECTED]
Subject:Network Collisions [7:1006]
G'day all where ever you may be.
I have been watching my network here in my office and I have noticed that
over
the last week, that the network is slowing down. Due to financial
constraints,
we are using 10/100 16 port hubs (2) {just thought I would point that out} I
have noticed that the collision LED's are on a fair bit these days. I
checked
to see if the errors where due to cable problems or broken ports on the hub,
but this was not the case. I made sure all the PC's were using the same
protocol and still I have an abnormal amount of collisions. I understand
that
I will have collisons but for a 11 user network that is centerd around a
WIN2k
Server/Exchange server I have about a 40% collision rate.
Does any one have any idea's (besides the obvious of buying a switch) on how
I
can troubleshoot this or fix the problem...
Thanks gang
John Brandis
Network Engineer
GoWireless Communications
155 George Street Sydney
+61 2 9251 5000
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1015&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Collisions [7:1006]
If things have not changed on the network to cause this (IE added a system,
upgraded a system, changed a NIC, etc) then you probably have a bad (Chatty)
NIC. Without test equipment, the simplest way to trouble shoot is, pull out
the cable from one NIC at a time to see which one might be causing the
problems.
Tom McNamara
MCSE, CCNA
Account Manager, U.S. Datacom
[EMAIL PROTECTED]
Direct line: (407)398-6521
Toll-Free: (800)216-5517
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Brandis
Sent: Tuesday, April 17, 2001 8:09 PM
To: [EMAIL PROTECTED]
Subject: Network Collisions [7:1006]
G'day all where ever you may be.
I have been watching my network here in my office and I have noticed that
over
the last week, that the network is slowing down. Due to financial
constraints,
we are using 10/100 16 port hubs (2) {just thought I would point that out} I
have noticed that the collision LED's are on a fair bit these days. I
checked
to see if the errors where due to cable problems or broken ports on the hub,
but this was not the case. I made sure all the PC's were using the same
protocol and still I have an abnormal amount of collisions. I understand
that
I will have collisons but for a 11 user network that is centerd around a
WIN2k
Server/Exchange server I have about a 40% collision rate.
Does any one have any idea's (besides the obvious of buying a switch) on how
I
can troubleshoot this or fix the problem...
Thanks gang
John Brandis
Network Engineer
GoWireless Communications
155 George Street Sydney
+61 2 9251 5000
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of Tom McNamara.vcf]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1014&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DC Spring Cisco Picnic Saturday [7:1001]
Cool! Does anyone plan similar picnic in NYC area? I would be interested. Zolt ""Bruce Evry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > This is to invite you to attend our Cisco-DC get-together coming > up this Saturday, April 21, 2001. This is our Spring Picnic, aka Router > Roast. (but no, we don't roast routers, we just use them as warming > trays, really, they work great) > > Saturday, April 21, 2001 > Time: 10 am to 4 pm, lunch around noon > Place: Bruce Evry's House (aka The Hilltop Estate) > > This time we are planning on doing all the exciting hands-on lab > stuff in the early morning and then have some talks on various topics in > the afternoon. > > There is no charge or fee. If you'd like to bring snacks or sodas > or desserts to share, that is always appreciated! > > You can also bring routers, switches, and laptops, of course. > Just make sure that all things you bring are carefully marked! > > DIRECTIONS TO THE HOUSE > > 1607 Thomas Road, >Fort Washington, MD 20744 > > From Maryland take I-95 to exit 3a in MD, > From Virginia take Exit 2 in MD > >To the Indian Head Highway South. > > Go about 3 miles, turn Left on Old Fort Road. > > Go exactly 2 miles on Old Fort Road, >Turn Right on Thomas Road. > We are 1607 Thomas Rd, > almost all the way down the street on the left. > > Look for bright orange pumpkin & a long gravel driveway > With no House visible from street! > > If lost, our phone # is 301-292-5231, call us! > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1013&t=1001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Forbidden words [7:1012]
As a result of recent spam attacks, Paul Borghese has instituted software which now segregates e-mail that contains certain forbidden language. Along with some obvious choices, one of the these forbidden words is the readable portion of xxx_brain_dump_xxx There have been a couple of messages today that contained this particular forbidden word. Sorry for the delay in posting. Chuck One IOS to forward them all. One IOS to find them. One IOS to summarize them all And in the routing table bind them. -JRR Chambers- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1012&t=1012 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP study book [7:1010]
Hello, I just completed my CCNA and thinking of proceeding to CCNP, but I need you guys advise on the book to use for the study. I have two books I thinking of buying one, they are CCNP exam certification library and CCNP exam preparation library both from Cisco. I need anyone advise on this issue. Thank you. Culx ___ Visit http://www.visto.com/info, your free web-based communications center. Visto.com. Life on the Dot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1010&t=1010 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written questions [7:1005]
1) The written test still covers all those topics. 2) I think that the written was comparable to the CCNP tests in difficulty, but it covered all topics, not just Switching, etc. 3) That makes sense to me too. I wouldn't say that studying for the written compares anywhere near studying for the lab though. Will ""No Data"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1. Does the CCIE Written test still contain the topics > that have been droped from the lab (i.e. LANE, > Appletalk, etc.) or have they been dropped from the > written test as well? > > 2. How hard is the written test compared to the CCNP > tests? I just have CIT to go and so far have been > scoring right around 900, is the test significantly > harder than the others? > > 3. I've heard that studying for the Lab and the > Written at the same time is not a good idea. This > doesn't make sense to me as the way I solidify my > grasp of concepts is to log onto my routers, try it > out, and see what it does. Does anyone have any > comments on studying for both at the same time? > > Thanks, > Ben > > PS Im new here so hi everyone :) > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1011&t=1005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ECP for CCIE prep ?? [7:852]
better still, if we were one of Neo's pals (The Matrix) we could just download what we needed... Kevin Wigle - Original Message - From: "Cthulu" To: Sent: Tuesday, 17 April, 2001 19:44 Subject: Re: ECP for CCIE prep ?? [7:852] > Chuck, > > D**n it, you ruined the class for me... no brain dump!?! Oh, man, I will > never pass now! LOL > > Seriously, do they give you any labs, references, manuals, etc. that you can > take back with you and practice on your own, or is the Caslow book the only > hardcopy materials you get out of the class? > > Charles > > P.S 3 months and counting... oh gawd... why didn't I content myself with > the Banyan Vines certs? > > > P.S.S Wouldn't it be cool to be part of a Borg collective that contained > Caslow and other big brains... we'd know what they know without studying! > Talk about "adaptive" testing! > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1008&t=852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ECP for CCIE prep ?? [7:852]
Ah ah ah. You used a forbidden word in your message. I have edited it in my reply so this message doesn't get locked away again. Also, see what you miss by not being on the CCIE study list? ;-> Yes you get to keep your class case study book, with a bazillion labs in it. Great for reminding yourself how much you don't know. Seriously, lots of good materials in the case book. too much to cover in a week, despite the 14 hour days. No kidding. As for reading, yeah I suppose you get to look through any of the books you may bring in with you. I did reference Caslow/Pavlichenko several times for things I should have known going in. I am told that no matter who your instructor is, be it Caslow, Pavlichenko, Ingham, or Burts, that you are in for a treat. Chuck One IOS to forward them all One IOS to find them. One IOS to summarize them all And in the routing table bind them -JRR Chambers- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Cthulu Sent: Tuesday, April 17, 2001 4:45 PM To: [EMAIL PROTECTED] Subject:Re: ECP for CCIE prep ?? [7:852] Chuck, D**n it, you ruined the class for me... no xx_brain_dump_xx!?! Oh, man, I will never pass now! LOL Seriously, do they give you any labs, references, manuals, etc. that you can take back with you and practice on your own, or is the Caslow book the only hardcopy materials you get out of the class? Charles P.S 3 months and counting... oh gawd... why didn't I content myself with the Banyan Vines certs? P.S.S Wouldn't it be cool to be part of a Borg collective that contained Caslow and other big brains... we'd know what they know without studying! Talk about "adaptive" testing! FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1009&t=852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
Priscilla, Cisco has had a proprietary product for doing just what 802.1x standardizes. This would be URT http://www.cisco.com/warp/public/cc/pd/wr2k/urto/ David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com - Original Message - From: "Priscilla Oppenheimer" To: Sent: Tuesday, April 17, 2001 6:15 PM Subject: RE: Windows XP and Catalyst 5000 Issues ... [7:911] > Taking a step back, she asked, "so what's with this 802.1x standard, > anyway?" Is anyone actually using it? > > Data-link-layer security definitely makes sense for 802.11 wireless > networks. Does it really make sense for wired networks? Is the bug > happening with wired or wireless networks? It sounds like it's happening > with wired networks since the bug is with the Catalyst 5000 EARL, though > some of the reports have called 802.1x a wireless standard. That's pretty > bad that the switches forward the multicasts out blocked ports. How could > that have happened? Just a bug I guess. > > Back to my original question. Does security at the data-link-layer make > sense for wired networks? I guess there could be cases where a person has > physical access to an Ethernet port but is not supposed to be able to use > the network. Maybe in a conference room or lobby. How does the > authentication actually take place? Do you need to use Radius or TACACS also? > > And one more question, is anyone actually using Windows XP yet? I guess > people must be for this bug to have been found. > > Interesting thread. Would anyone care to share some "big picture" comments > on the subject? > > Priscilla > > At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > > > Possible solution? > > > > > > * Operating systems, such as Windows XP, will attempt 802.1X > > > authentication by sending frames to the Authenticator PAE on the > > > destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. On > > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, > > > these frames will be forwarded on all ports including spanning tree > > > blocking ports. Because these frames are forwarded on blocked ports, the > > > network will experience a Layer 2 multicast storm. > > > Workaround 1: Enter the following commands to configure a permanent CAM > > > entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out an > > > unused port. > > > * set cam permanent 01-80-c2-00-00-0f mod/port > > > * set cam permanent 01-80-c2-00-00-03 mod/port > > > Workaround 2: Follow this procedure to configure Windows XP to not send > > > these frames: > > > a. Cick on the associated Local Area Connection under Network > > > Connections. > > > b. Click on the Authentication Tab. > > > c. Uncheck "Network Access Control using IEEE 802.1x." > > > This problem is resolved in software release 6.2(1). (CSCdt62732) > > > > >Timothy J. Hornbeck > >Technical Analyst III > >Infrastructure Implementation - LAN/WAN > >"6EQUJ5" - By Unknown > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1007&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Collisions [7:1006]
G'day all where ever you may be.
I have been watching my network here in my office and I have noticed that
over
the last week, that the network is slowing down. Due to financial
constraints,
we are using 10/100 16 port hubs (2) {just thought I would point that out} I
have noticed that the collision LED's are on a fair bit these days. I checked
to see if the errors where due to cable problems or broken ports on the hub,
but this was not the case. I made sure all the PC's were using the same
protocol and still I have an abnormal amount of collisions. I understand that
I will have collisons but for a 11 user network that is centerd around a
WIN2k
Server/Exchange server I have about a 40% collision rate.
Does any one have any idea's (besides the obvious of buying a switch) on how
I
can troubleshoot this or fix the problem...
Thanks gang
John Brandis
Network Engineer
GoWireless Communications
155 George Street Sydney
+61 2 9251 5000
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1006&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written questions [7:1005]
1. Does the CCIE Written test still contain the topics that have been droped from the lab (i.e. LANE, Appletalk, etc.) or have they been dropped from the written test as well? 2. How hard is the written test compared to the CCNP tests? I just have CIT to go and so far have been scoring right around 900, is the test significantly harder than the others? 3. I've heard that studying for the Lab and the Written at the same time is not a good idea. This doesn't make sense to me as the way I solidify my grasp of concepts is to log onto my routers, try it out, and see what it does. Does anyone have any comments on studying for both at the same time? Thanks, Ben PS Im new here so hi everyone :) __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1005&t=1005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need VPN success story. [7:1000]
>Could you please tell me where I can find some VPN success stories? > >Thanks. How do you define success? When I taught the Cisco University VPN seminar, I used to observe that a VPN was the ultimate product for sales. Since sales loves to sell things that don't exist, and, by definition, a VPN isn't real, VPNs are perfect to sell. What problem are you trying to solve? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1004&t=1000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ECP for CCIE prep ?? [7:852]
Chuck, D**n it, you ruined the class for me... no brain dump!?! Oh, man, I will never pass now! LOL Seriously, do they give you any labs, references, manuals, etc. that you can take back with you and practice on your own, or is the Caslow book the only hardcopy materials you get out of the class? Charles P.S 3 months and counting... oh gawd... why didn't I content myself with the Banyan Vines certs? P.S.S Wouldn't it be cool to be part of a Borg collective that contained Caslow and other big brains... we'd know what they know without studying! Talk about "adaptive" testing! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=943&t=852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
Frankly, I'm very dubious about any security scheme based on MAC address alone, for wired or wireless networks. At best, it's controlling which device can plug into a port, using an identifier that can be spoofed without all that much effort. The MAC address proves absolutely nothing about the identity of the person using the device. I'm really not sure what problem, in most cases, it solves. Once the device is connected, there are no controls. Data link level encryption does make sense for wireless networks. If I am concerned about random devices plugging into a LAN and doing evil, I'd much rather that they have to connect to an authenticating proxy server, or let them in but control server access, or require encryption with authentication of the user ID. There are other methods for controlling broadcast attacks. >Regarding layer 2 security, it all comes down to how much of an >administrative load you can handle. We have one customer that locks each >port down to the MAC address of what is supposed to be there. No >unauthorized traffic is allowed to touch the network beyond the switch port >which just drops it. They very rarely if ever have moves, and when they do >it all has to be coordinated with the lan/switch netadmin. I hate it >because I can't just come in and plug in my laptop anywhere ;-p > >Of course, this wouldn't work with an IP phone install where you're expected >to be able to move phones all of the time. I'm sure there is some way to >create a list of MAC addresses (and maybe tag them with an appropriate VLAN, >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is >essentially firewalled from the rest of the network). Still, this same bug >would have melted a network configured as such. > > >-- >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ >List email: [EMAIL PROTECTED] >Homepage: http://jason.artoo.net/ > > > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Taking a step back, she asked, "so what's with this 802.1x standard, >> anyway?" Is anyone actually using it? >> >> Data-link-layer security definitely makes sense for 802.11 wireless >> networks. Does it really make sense for wired networks? Is the bug >> happening with wired or wireless networks? It sounds like it's happening >> with wired networks since the bug is with the Catalyst 5000 EARL, though >> some of the reports have called 802.1x a wireless standard. That's pretty >> bad that the switches forward the multicasts out blocked ports. How could >> that have happened? Just a bug I guess. >> >> Back to my original question. Does security at the data-link-layer make >> sense for wired networks? I guess there could be cases where a person has >> physical access to an Ethernet port but is not supposed to be able to use >> the network. Maybe in a conference room or lobby. How does the >> authentication actually take place? Do you need to use Radius or TACACS >also? >> >> And one more question, is anyone actually using Windows XP yet? I guess >> people must be for this bug to have been found. >> >> Interesting thread. Would anyone care to share some "big picture" comments >> on the subject? >> >> Priscilla >> >> At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: >> > > Possible solution? >> > > >> > > * Operating systems, such as Windows XP, will attempt 802.1X >> > > authentication by sending frames to the Authenticator PAE on the >> > > destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. >On >> > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, >> > > these frames will be forwarded on all ports including spanning tree >> > > blocking ports. Because these frames are forwarded on blocked ports, >the >> > > network will experience a Layer 2 multicast storm. >> > > Workaround 1: Enter the following commands to configure a permanent >CAM >> > > entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out >an >> > > unused port. >> > > * set cam permanent 01-80-c2-00-00-0f mod/port > > > > * set cam permanent 01-80-c2-00-00-03 mod/port >> > > Workaround 2: Follow this procedure to configure Windows XP to not >send >> > > these frames: >> > > a. Cick on the associated Local Area Connection under Network >> > > Connections. >> > > b. Click on the Authentication Tab. >> > > c. Uncheck "Network Access Control using IEEE 802.1x." >> > > This problem is resolved in software release 6.2(1). (CSCdt62732) > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1003&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Test is in 2 hours and I'm having difficulties with RIF [7:1002]
Yes; I see. I was not looking at the RDs. I was focused on the RC length. So therefor both examples are wrong for differnet reasons. Isn't that a great way to prepare for a test... "Pick the least wrong answer" :-> DaveC John Neiberger wrote: > > That example ends in a 3, but a valid RIF will end with a zero because > the last step in a route will always be a ring, not a bridge. Therefore > the last bridge field will be a zero. > > >>> "David Chandler" 4/17/01 2:18:03 PM >>> > Why can't the 3 be correct? > > The only 3 in the rif is part of a RD (route > designator field) the 0810 is the RC (route > control field). > > RC= > Type 3 bits = 000 (directed explorer > non-broadcast) > Length 5 bits = 01000 = 8 bytes = # of bytes of > the rif RC + RD; in this example 1 RC + 3 RDs (2 > bytes each) > Direction 1 bit = 0 = left to right > Largest 3 bit = 001 = 1500 bytes > > DaveC > > John Neiberger wrote: > > > > That is a great link! Thanks for posting it, that's going to be > very > > helpful. > > > > >>> "Sean C." 4/17/01 12:59:51 PM >>> > > Hi Mike, > > > > Have been following your statements on various RIF docuements. Your > > second > > RIF: > > 0810 00A1 00B2 00C3 > > cannot be valid because it ends in a 3 - and I assume you know that > > it's > > supposed to end in a 0 so I'll take the guess that this is just a > > typo. > > > > I referenced your two links and I think the Cisco link is incorrect. > > I > > could not find where in the CCPrep document it states that an 8 > equals > > a 3 > > bridge/ring combo. On page 5 of the CCPrep paper (almost at the > > bottom) it > > states "A value of '8' means that there are two bridges" which > would > > be > > consistent with the rest of that RIF. > > > > Have you tried this link: > > > > http://www.loopy.org/rif.cgi > > > > Good luck, > > > > Sean C. > > CCNP, CCDP, MCSE > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1002&t=1002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DC Spring Cisco Picnic Saturday [7:1001]
Hello, This is to invite you to attend our Cisco-DC get-together coming up this Saturday, April 21, 2001. This is our Spring Picnic, aka Router Roast. (but no, we don't roast routers, we just use them as warming trays, really, they work great) Saturday, April 21, 2001 Time: 10 am to 4 pm, lunch around noon Place: Bruce Evry's House (aka The Hilltop Estate) This time we are planning on doing all the exciting hands-on lab stuff in the early morning and then have some talks on various topics in the afternoon. There is no charge or fee. If you'd like to bring snacks or sodas or desserts to share, that is always appreciated! You can also bring routers, switches, and laptops, of course. Just make sure that all things you bring are carefully marked! DIRECTIONS TO THE HOUSE 1607 Thomas Road, Fort Washington, MD 20744 >From Maryland take I-95 to exit 3a in MD, >From Virginia take Exit 2 in MD To the Indian Head Highway South. Go about 3 miles, turn Left on Old Fort Road. Go exactly 2 miles on Old Fort Road, Turn Right on Thomas Road. We are 1607 Thomas Rd, almost all the way down the street on the left. Look for bright orange pumpkin & a long gravel driveway With no House visible from street! If lost, our phone # is 301-292-5231, call us! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1001&t=1001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need VPN success story. [7:1000]
Could you please tell me where I can find some VPN success stories? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1000&t=1000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
Regarding layer 2 security, it all comes down to how much of an administrative load you can handle. We have one customer that locks each port down to the MAC address of what is supposed to be there. No unauthorized traffic is allowed to touch the network beyond the switch port which just drops it. They very rarely if ever have moves, and when they do it all has to be coordinated with the lan/switch netadmin. I hate it because I can't just come in and plug in my laptop anywhere ;-p Of course, this wouldn't work with an IP phone install where you're expected to be able to move phones all of the time. I'm sure there is some way to create a list of MAC addresses (and maybe tag them with an appropriate VLAN, like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is essentially firewalled from the rest of the network). Still, this same bug would have melted a network configured as such. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Taking a step back, she asked, "so what's with this 802.1x standard, > anyway?" Is anyone actually using it? > > Data-link-layer security definitely makes sense for 802.11 wireless > networks. Does it really make sense for wired networks? Is the bug > happening with wired or wireless networks? It sounds like it's happening > with wired networks since the bug is with the Catalyst 5000 EARL, though > some of the reports have called 802.1x a wireless standard. That's pretty > bad that the switches forward the multicasts out blocked ports. How could > that have happened? Just a bug I guess. > > Back to my original question. Does security at the data-link-layer make > sense for wired networks? I guess there could be cases where a person has > physical access to an Ethernet port but is not supposed to be able to use > the network. Maybe in a conference room or lobby. How does the > authentication actually take place? Do you need to use Radius or TACACS also? > > And one more question, is anyone actually using Windows XP yet? I guess > people must be for this bug to have been found. > > Interesting thread. Would anyone care to share some "big picture" comments > on the subject? > > Priscilla > > At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > > > Possible solution? > > > > > > * Operating systems, such as Windows XP, will attempt 802.1X > > > authentication by sending frames to the Authenticator PAE on the > > > destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. On > > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, > > > these frames will be forwarded on all ports including spanning tree > > > blocking ports. Because these frames are forwarded on blocked ports, the > > > network will experience a Layer 2 multicast storm. > > > Workaround 1: Enter the following commands to configure a permanent CAM > > > entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out an > > > unused port. > > > * set cam permanent 01-80-c2-00-00-0f mod/port > > > * set cam permanent 01-80-c2-00-00-03 mod/port > > > Workaround 2: Follow this procedure to configure Windows XP to not send > > > these frames: > > > a. Cick on the associated Local Area Connection under Network > > > Connections. > > > b. Click on the Authentication Tab. > > > c. Uncheck "Network Access Control using IEEE 802.1x." > > > This problem is resolved in software release 6.2(1). (CSCdt62732) > > > > >Timothy J. Hornbeck > >Technical Analyst III > >Infrastructure Implementation - LAN/WAN > >"6EQUJ5" - By Unknown > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=998&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Keystrokes to stop traceroute or Ping... [7:978]
>"tim sullivan" quite correctly observed, >ctrl/shift 6 at the same time and then x for traceroute >ctrl/shift 6 at thesame time for ping But I can't get a mental movie image out of my mind, written on a wall somewhere: "stop me before I ping again" > >>From: "[EMAIL PROTECTED]" >>Reply-To: "[EMAIL PROTECTED]" >>To: [EMAIL PROTECTED] >>Subject: RE: Keystrokes to stop traceroute or Ping... [7:978] >>Date: Tue, 17 Apr 2001 16:57:30 -0400 >> >>ctrl/shift, then 6 >> >>-Original Message- >>From: Rizzo Damian [mailto:[EMAIL PROTECTED]] >>Sent: Tuesday, April 17, 2001 13:51 >>To: [EMAIL PROTECTED] >>Subject: Keystrokes to stop traceroute or Ping... [7:978] >> >> >>Anyone remember the keystrokes to stop a router from performing an endless >>traceroute or ping?... Thanks. >> >> >> -Rizzo >>FAQ, list archives, and subscription info: >>http://www.groupstudy.com/list/cisco.html >>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >>FAQ, list archives, and subscription info: >>http://www.groupstudy.com/list/cisco.html >>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >Get your FREE download of MSN Explorer at http://explorer.msn.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=997&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: Re: sharing a Juniper exam experience [7:991]
C'mon Sean, do yourself some credit, I was sitting next to you and you finished in just under 15 minutes and got a 99%. I would say the Juniper exam is more like a gillion, zillion times more difficult than the CCIE exam. If anyone doubts any of this, you can check with the easterbunny, he was in seat #3, or elvis, in seat #4. I must admit being a bit shocked when John Chambers ran in and put a gold star on Sean's score report and offered to hire him away from his job at Juniper's Marketing Department. All in good fun. Quoting Sean Young : > Hi everyone, > > I took the Juniper exam yesterday and passed the exam with a score of > 80% (the passing score is 80%). In restropect, I have to say that the > materials are really difficult, the questions are very tricky but fair. > One thing I like about Juniper is that the exam is that even though the > questions are tricky, they are very interesting and challenging. The > exam lasted 90 minutes and I actually used the whole 90 minutes. When I > took the CCIE written 2 months ago, I don't remember the CCIE to be that > difficult. I remembered finishing the CCIE exam in about 30 minutes. > My score on the CCIE written was 95% so I think I got the concept down > very well. However, if anyone think that if you have a easy time with > the CCIE written, you should also have an easy with the Juniper exam, > then you are DEAD wrong (if I am wrong, please correct me on this one). > The juniper exam will make Cisco exam looks like child's play. If you > don't have hand-on experience with Juniper, you will have a very > difficult time with Juniper exam. Attending Juniper training will help > you somewhat for the exam, but it will not totally prepare for the exam. > With Juniper exam, if you don't have BGP, OSPF and MPLS down cold, and > I really mean it, you can just forget about taking the exam. Between > CCIE and Juniper, I would have to say that Juniper is about 5 times more > difficult than CCIE exam because I don't think any of us has that much > experience with traffic engineering. After taking the exam, I really > have an appreciation for Juniper Engineers. They REALLY know their > stuffs. There is just no f***ing at the core. If you are working with > Juniper product, you are at the major league. > > Anyone who did take the Juniper exam or about to and would like to share > your experience, I would like to hear from you. > > Sean > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > -- FREE ANONYMOUS EMAIL! Sign up now. http://www.subdimension.com/freemail - End forwarded message - -- FREE ANONYMOUS EMAIL! Sign up now. http://www.subdimension.com/freemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=996&t=991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows XP and Catalyst 5000 Issues ... [7:911]
Taking a step back, she asked, "so what's with this 802.1x standard, anyway?" Is anyone actually using it? Data-link-layer security definitely makes sense for 802.11 wireless networks. Does it really make sense for wired networks? Is the bug happening with wired or wireless networks? It sounds like it's happening with wired networks since the bug is with the Catalyst 5000 EARL, though some of the reports have called 802.1x a wireless standard. That's pretty bad that the switches forward the multicasts out blocked ports. How could that have happened? Just a bug I guess. Back to my original question. Does security at the data-link-layer make sense for wired networks? I guess there could be cases where a person has physical access to an Ethernet port but is not supposed to be able to use the network. Maybe in a conference room or lobby. How does the authentication actually take place? Do you need to use Radius or TACACS also? And one more question, is anyone actually using Windows XP yet? I guess people must be for this bug to have been found. Interesting thread. Would anyone care to share some "big picture" comments on the subject? Priscilla At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > > Possible solution? > > > > * Operating systems, such as Windows XP, will attempt 802.1X > > authentication by sending frames to the Authenticator PAE on the > > destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. On > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, > > these frames will be forwarded on all ports including spanning tree > > blocking ports. Because these frames are forwarded on blocked ports, the > > network will experience a Layer 2 multicast storm. > > Workaround 1: Enter the following commands to configure a permanent CAM > > entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out an > > unused port. > > * set cam permanent 01-80-c2-00-00-0f mod/port > > * set cam permanent 01-80-c2-00-00-03 mod/port > > Workaround 2: Follow this procedure to configure Windows XP to not send > > these frames: > > a. Cick on the associated Local Area Connection under Network > > Connections. > > b. Click on the Authentication Tab. > > c. Uncheck "Network Access Control using IEEE 802.1x." > > This problem is resolved in software release 6.2(1). (CSCdt62732) > > >Timothy J. Hornbeck >Technical Analyst III >Infrastructure Implementation - LAN/WAN >"6EQUJ5" - By Unknown >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=995&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Keystrokes to stop traceroute or Ping... [7:978]
*snort* You only do that when you typo an ip address you want to telnet to and it just sits there waiting to time out ;-p Otherwise, use CTRL+^ followed by x (CTRL, SHIFT, 6 release keys and x). If you're telnetting into a router and then into another, you can stack the CTRL+^ twice and then x (CTRL, SHIFT, 6, release, CTRL, SHIFT, 6, release and x). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > or login again and clear the vty line you're on... ;-) > > -Original Message- > From: Rizzo Damian [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 13:51 > To: [EMAIL PROTECTED] > Subject: Keystrokes to stop traceroute or Ping... [7:978] > > > Anyone remember the keystrokes to stop a router from performing an endless > traceroute or ping?... Thanks. > > >-Rizzo > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=994&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT- Need modem sharing help [7:993]
Hey gang sorry for the OT but the CTO demands info. We have servers that need to dial out and transmit info to certain locations. Shiva no longer exists, Ascend no longer exists, and they won't buy off on the 6 port modem card for a router. They want a device similar to Shiva LanRover. Can anyone advise with experience a comparable device that my servers can port map to and dial out? Thanks in advance, Steve Smith MCSE, CCNA Data Networks Technical Manager Freeliant.com 901-309-3919 [EMAIL PROTECTED] "Try not to become a man of success, but rather try to become a man of value." -Albert Einstein Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=993&t=993 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP [7:922]
I did mine in this order: BCMSN REMOTE BSCN SUPPORT Just a suggestion... ""BASSOLE Rock"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello group, > > In order to certify for CCNP, what is the order recommanded to take the exam > for each course (CIT, BCRAN,BSCN,BCMSN)?. > > > Rock BASSOLE > Til: +33 (0) 1 45 96 22 03 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=992&t=922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
sharing a Juniper exam experience [7:991]
Hi everyone, I took the Juniper exam yesterday and passed the exam with a score of 80% (the passing score is 80%). In restropect, I have to say that the materials are really difficult, the questions are very tricky but fair. One thing I like about Juniper is that the exam is that even though the questions are tricky, they are very interesting and challenging. The exam lasted 90 minutes and I actually used the whole 90 minutes. When I took the CCIE written 2 months ago, I don't remember the CCIE to be that difficult. I remembered finishing the CCIE exam in about 30 minutes. My score on the CCIE written was 95% so I think I got the concept down very well. However, if anyone think that if you have a easy time with the CCIE written, you should also have an easy with the Juniper exam, then you are DEAD wrong (if I am wrong, please correct me on this one). The juniper exam will make Cisco exam looks like child's play. If you don't have hand-on experience with Juniper, you will have a very difficult time with Juniper exam. Attending Juniper training will help you somewhat for the exam, but it will not totally prepare for the exam. With Juniper exam, if you don't have BGP, OSPF and MPLS down cold, and I really mean it, you can just forget about taking the exam. Between CCIE and Juniper, I would have to say that Juniper is about 5 times more difficult than CCIE exam because I don't think any of us has that much experience with traffic engineering. After taking the exam, I really have an appreciation for Juniper Engineers. They REALLY know their stuffs. There is just no f***ing at the core. If you are working with Juniper product, you are at the major league. Anyone who did take the Juniper exam or about to and would like to share your experience, I would like to hear from you. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=991&t=991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Keystrokes to stop traceroute or Ping... [7:978]
ctrl/shift 6 at the same time and then x for traceroute ctrl/shift 6 at thesame time for ping >From: "[EMAIL PROTECTED]" >Reply-To: "[EMAIL PROTECTED]" >To: [EMAIL PROTECTED] >Subject: RE: Keystrokes to stop traceroute or Ping... [7:978] >Date: Tue, 17 Apr 2001 16:57:30 -0400 > >ctrl/shift, then 6 > >-Original Message- >From: Rizzo Damian [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 17, 2001 13:51 >To: [EMAIL PROTECTED] >Subject: Keystrokes to stop traceroute or Ping... [7:978] > > >Anyone remember the keystrokes to stop a router from performing an endless >traceroute or ping?... Thanks. > > >-Rizzo >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=990&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrade Catalyst 6509 MSFC problem [7:949]
first do SWX>(enable)sh flash to see the correct file name then do SWX>(enable)delete filename Let me know if you need other help. Thanx. Edward CCNP,CCDP,MCP,CNA,A+,Network+ -Original Message- From: Kim Seng [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: RE: Upgrade Catalyst 6509 MSFC problem [7:949] How do I erase the current flash. The erase flash cmd does not work on the Catalyst 6500. Do I need to switch to ROMMON to erase the current IOS and upgrade the new IOS from there? Kim. --- VOIP 2000 wrote: > Kim, > > You have to delete the old IOS and make sure you > have enough Flash > available. > > EM > --- > I am trying to upgrade my Catalyst 6509 MFSC to > version 12.1.5. When I issued the cmd: > copy tftp flash at the router prompt. It failed and > told me that there are not enough space to upgrade > the > new image. Can someone help me with this. I am > digging > cisco web site for reading right now. Sorry this is > my > first time with this. > > Kim. > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great > prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com. > __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=989&t=949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlans and broadcasts [7:984]
Imagine three switches: A, B, and C. A has a trunk to B and to C. A - B | | | C B has only VLAN 1 and 2 with 100 hosts hanging off of it somewhere, all in VLAN2. C has VLAN 1 and 5, with all hosts in 5. On those trunks, A-B and A-C, all three VLANs are present. This is true even though there are no hosts on B in VLAN 5 and no hosts on C in VLAN 2. Because those VLANs are being trunked across those lines, any broadcasts or multicasts in that VLAN are going to be transmitted across them. This might not be a big deal in a small network but can become a problem as your network grows. The solution is to prune VLAN 2 from the A-C trunk and VLAN 5 from the A-B trunk. This will eliminate unnecessary forwarding of broadcast and multicast traffic to destinations that can't use it. HTH, John >>> "[EMAIL PROTECTED]" 4/17/01 3:01:29 PM >>> Does VTP pruning have to be enabled in order to eliminate broadcasts on desired switches? I thought VLANs already took care of that but apparently, I'm reading a book that states that even though a client sends out a broadcast message, every switch in the network receives this broadcast, even though some of the switches don't have any ports in the same VLAN. ? jd FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=988&t=984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN...any questions on 700 series(Chapter 9) [7:930]
Hi, I just took the BCRAN, last Wednesday, passed with 808, there wasn't much on the 700 series router, but do know more about modems. -- Regards, John ""Cisco Kidd"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Are there any questions on the 700 series(Chapter 9 in the BCRAN book )? In > the cisco online curriculum they have the 700 series as an appendix instead > of a chapter...does this mean questions on this topic wont appear on the > testthanks for the help :-) > > Paul > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=987&t=930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: syslog service freeware [7:932]
simon, go to www.3com.com and download the 3CDaemon software. It is fast, small and sleek. It has tftp, ftp and syslog in the same program. Sean >From: "[EMAIL PROTECTED]" >Reply-To: "[EMAIL PROTECTED]" >To: [EMAIL PROTECTED] >Subject: syslog service freeware [7:932] >Date: Tue, 17 Apr 2001 12:33:34 -0400 > >Hi all, >has anyone got any suggestions where I can download syslog service software >to run on a NT worstation, the downloaded software i've got is toilet > > >Regards >simon halder >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=985&t=932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCMSN tomorrow [7:986]
Any last minute advice on the BCMSN ? I will be taking the test tomorrow, and was just wondering if the test focused heavily in one area or another. I have been working exclusively with 6509's with a wide array of line cards, VTP modes, InterVLAN routing,MLS, etc. Any help would be appreciated Thanks, Duncan Duncan Wallace Network Engineer 800.COM Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=986&t=986 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: [syslog service freeware [7:932]
-Original Message- From: Tim Rutherford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 4:36 PM To: [EMAIL PROTECTED] Subject: Re: [syslog service freeware [7:932] "[EMAIL PROTECTED]" wrote: Hi all, has anyone got any suggestions where I can download syslog service software to run on a NT worstation, the downloaded software i've got is toilet Regards simon halder FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get free email and a permanent address at http://www.amexmail.com/?A=1 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=983&t=932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
you passed! (Congratulations!) -e- - Original Message - From: "Michael Bambic" To: Sent: Tuesday, April 17, 2001 1:06 PM Subject: 2 hours are over and I passed the CCIE written [7:966] > It was not as difficult as I thought but then my score wasn't as high as it > should have been. There wasn't as much token as expected but that's OK. My > networking experience definitely helped out but then so did the Todd Lammle > CCIE book and the Casco book as well as a ton of information from Cisco's > site. > I finally figured out that the RIF length field is inclusive of the RC and > RD. Only one question on that any how. > :) > I wish I could remember better what was on the test but it's all a blur now, > kind of like post traumatic stress syndrome or whatever it's called. > > Mike Bambic > Lead Mentor > Phoenix Branch > 602-955-5888 > Cisco Regional Business Development Manager > TechSkills > www.techskills.com > [EMAIL PROTECTED] > > [GroupStudy.com removed an attachment of type application/ms-tnef which had > a name of winmail.dat] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=982&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlans and broadcasts [7:984]
Does VTP pruning have to be enabled in order to eliminate broadcasts on desired switches? I thought VLANs already took care of that but apparently, I'm reading a book that states that even though a client sends out a broadcast message, every switch in the network receives this broadcast, even though some of the switches don't have any ports in the same VLAN. ? jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=984&t=984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Keystrokes to stop traceroute or Ping... [7:978]
or login again and clear the vty line you're on... ;-) -Original Message- From: Rizzo Damian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 13:51 To: [EMAIL PROTECTED] Subject: Keystrokes to stop traceroute or Ping... [7:978] Anyone remember the keystrokes to stop a router from performing an endless traceroute or ping?... Thanks. -Rizzo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=981&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Keystrokes to stop traceroute or Ping... [7:978]
ctrl/shift, then 6 -Original Message- From: Rizzo Damian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 13:51 To: [EMAIL PROTECTED] Subject: Keystrokes to stop traceroute or Ping... [7:978] Anyone remember the keystrokes to stop a router from performing an endless traceroute or ping?... Thanks. -Rizzo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=980&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: [syslog service freeware [7:932]
Simon, You may want to try either Kiwi's Syslog Daemon (http://www.kiwi-enterprises.com/) or 3com's 3CDaemon (http://support.3com.com/software/utilities_for_windows_32_bit.htm) They are both good Syslog servers. Hope they help! Eddie -- Edward J. Gomez, MCSE, CNE, CCNA Information Systems Manager ProxyMed, Inc 2555 Davie Road, Suite 110 Fort Lauderdale, Florida 33317 (954) 473-1001 x315 http://www.proxymed.com -Original Message- From: Tim Rutherford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 4:36 PM To: [EMAIL PROTECTED] Subject: Re: [syslog service freeware [7:932] "[EMAIL PROTECTED]" wrote: Hi all, has anyone got any suggestions where I can download syslog service software to run on a NT worstation, the downloaded software i've got is toilet Regards simon halder FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get free email and a permanent address at http://www.amexmail.com/?A=1 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=979&t=932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Keystrokes to stop traceroute or Ping... [7:978]
Anyone remember the keystrokes to stop a router from performing an endless traceroute or ping?... Thanks. -Rizzo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=978&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
Hey, congrats Mike!! I'm taking the written within the week and your panic in the last few hours have put me in a panic for the last few days! So the RIF was less than you thought, interesting. From the amount of concern this has generated in the last few months you would think half the test is RIF stuff. Congrats again! Sean C. CCNP, CCDP, MCSE Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=977&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question RE: Windows XP and Catalyst 5000 Issues ... [7:976]
For anyone interested, here's some info we got from TAC regarding the Win XP/Catalyst 5000 issue Determining the EARL can be a bit tricky, and it really depends on which supervisor you are running. - If you have a Supervisor I, it will be an EARL 1. - WS-X5509, WS-X5506, WS-X5505 are all EARL1+ based. - If the front label says just "Supervisor III" or "Supervisor IIIF" then it's probably EARL1++ (unless it has been field upgraded) - If the Supervisor III has not been field upgraded, and the front panel reads "Supervisor III w/ NFFC", then it is an EARL2. - You can look at a "show mod" from the switch, and if you are running 4.4(1) or higher, it will show an NFFCII (WS-F553) at the bottom. This is an EARL3. Dave H -Original Message- From: Jason J. Roysdon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 2:17 PM To: [EMAIL PROTECTED] Subject: Re: Question RE: Windows XP and Catalyst 5000 Issues ... [7:952] I received this from a fellow engineer who contacted TAC: From: Mangieri,Joe Sent: Tuesday, April 17, 2001 10:46 AM To: 'Jason Roysdon' Subject: RE: Microsoft Windows XP, and CISCO's 5000 Series Switches On a Supervisor Engine III, the show module command provides information about the EARL and uplink modules. Naturally we have a Sup II. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Hennen, David"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Well, this could be a problem. > > Does anyone out there know of a way to remotely determine what version of > EARL is on the various Cat 5xxx supervisor blades? > > Thanks if you can help, > Dave H > > -Original Message- > From: Daniel Cotts [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 5:47 PM > To: [EMAIL PROTECTED] > Subject: RE: Windows XP and Catalyst 5000 Issues ... [7:816] > > > Here's the Cisco Advisory: > http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml > > > -Original Message- > > From: Hornbeck, Timothy [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 16, 2001 3:30 PM > > To: [EMAIL PROTECTED] > > Subject: Windows XP and Catalyst 5000 Issues ... [7:816] > > > > > > Do Not Plug WXP In Your Cisco Network Yet: Crash Warning > > > > > > Computer Reseller News reported something 'interesting'. MS > > found out about > > an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 > > switch. The conflicts can cause your corporate networks to crash. The > > unexpected incompatibility sits between the 802.1x wireless > > security feature > > in Windows XP and the Cisco switch software that has a bug. > > Cisco has a fix > > on its website. > > > > This week, Redmond sent an e-mail to all of Microsoft > > Consulting Services > > (MCS) to not plug Windows XP machines into any network > > without explicit > > approval of the client's IT department. What seems to have > > happened is that > > a Microsoft consultant plugged a laptop running Windows XP > > into a site and > > took the entire company down. > > > > Some adventurous souls in Xerox did the same, and brought the > > whole network > > down. Xerox sent an email to all 50,000 employees and told > > them that if they > > plugged in WXP and brought the network down, they would pay > > for the damage > > out of their paycheck. Sounds like they mean it. More at: > > http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash > > __ > > Nathan C. Broome CNE,MCSE > > Network Administrator > > Mayfran International > > 440-461-4100x160 > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=976&t=976 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Test is in 2 hours and I'm having difficulties with RIF [7: [7:975]
That example ends in a 3, but a valid RIF will end with a zero because the last step in a route will always be a ring, not a bridge. Therefore the last bridge field will be a zero. >>> "David Chandler" 4/17/01 2:18:03 PM >>> Why can't the 3 be correct? The only 3 in the rif is part of a RD (route designator field) the 0810 is the RC (route control field). RC= Type 3 bits = 000 (directed explorer non-broadcast) Length 5 bits = 01000 = 8 bytes = # of bytes of the rif RC + RD; in this example 1 RC + 3 RDs (2 bytes each) Direction 1 bit = 0 = left to right Largest 3 bit = 001 = 1500 bytes DaveC John Neiberger wrote: > > That is a great link! Thanks for posting it, that's going to be very > helpful. > > >>> "Sean C." 4/17/01 12:59:51 PM >>> > Hi Mike, > > Have been following your statements on various RIF docuements. Your > second > RIF: > 0810 00A1 00B2 00C3 > cannot be valid because it ends in a 3 - and I assume you know that > it's > supposed to end in a 0 so I'll take the guess that this is just a > typo. > > I referenced your two links and I think the Cisco link is incorrect. > I > could not find where in the CCPrep document it states that an 8 equals > a 3 > bridge/ring combo. On page 5 of the CCPrep paper (almost at the > bottom) it > states "A value of '8' means that there are two bridges" which would > be > consistent with the rest of that RIF. > > Have you tried this link: > > http://www.loopy.org/rif.cgi > > Good luck, > > Sean C. > CCNP, CCDP, MCSE > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=975&t=975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [syslog service freeware [7:932]
"[EMAIL PROTECTED]" wrote: Hi all, has anyone got any suggestions where I can download syslog service software to run on a NT worstation, the downloaded software i've got is toilet Regards simon halder FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get free email and a permanent address at http://www.amexmail.com/?A=1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=974&t=932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 hours are over and I passed the CCIE written [7:966]
Did you find that the questions were well written or did you have engage your psychic abilities to understand the questions? Was the test as comprehensive as you thought? Did you find yourself overprepared in some areas and underprepared in others? Do you find me asking too many questions? :-) thanks, John >>> "Michael Bambic" 4/17/01 2:06:26 PM >>> It was not as difficult as I thought but then my score wasn't as high as it should have been. There wasn't as much token as expected but that's OK. My networking experience definitely helped out but then so did the Todd Lammle CCIE book and the Casco book as well as a ton of information from Cisco's site. I finally figured out that the RIF length field is inclusive of the RC and RD. Only one question on that any how. :) I wish I could remember better what was on the test but it's all a blur now, kind of like post traumatic stress syndrome or whatever it's called. Mike Bambic Lead Mentor Phoenix Branch 602-955-5888 Cisco Regional Business Development Manager TechSkills www.techskills.com [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=973&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2 hours are over and I passed the CCIE written [7:966]
WooHoo!! Congrats! Heather Buri CSC Technology Services - Houston Phone: (713)-961-8592 Fax:(713)-961-8249 Mobile: Alpha Page: Mailing:1360 Post Oak Blvd Suite 500 Houston, TX 77056 -Original Message- From: Michael Bambic [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 3:06 PM To: [EMAIL PROTECTED] Subject: 2 hours are over and I passed the CCIE written [7:966] It was not as difficult as I thought but then my score wasn't as high as it should have been. There wasn't as much token as expected but that's OK. My networking experience definitely helped out but then so did the Todd Lammle CCIE book and the Casco book as well as a ton of information from Cisco's site. I finally figured out that the RIF length field is inclusive of the RC and RD. Only one question on that any how. :) I wish I could remember better what was on the test but it's all a blur now, kind of like post traumatic stress syndrome or whatever it's called. Mike Bambic Lead Mentor Phoenix Branch 602-955-5888 Cisco Regional Business Development Manager TechSkills www.techskills.com [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=972&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Test is in 2 hours and I'm having difficulties with RIF [7: [7:970]
Why can't the 3 be correct? The only 3 in the rif is part of a RD (route designator field) the 0810 is the RC (route control field). RC= Type 3 bits = 000 (directed explorer non-broadcast) Length 5 bits = 01000 = 8 bytes = # of bytes of the rif RC + RD; in this example 1 RC + 3 RDs (2 bytes each) Direction 1 bit = 0 = left to right Largest 3 bit = 001 = 1500 bytes DaveC John Neiberger wrote: > > That is a great link! Thanks for posting it, that's going to be very > helpful. > > >>> "Sean C." 4/17/01 12:59:51 PM >>> > Hi Mike, > > Have been following your statements on various RIF docuements. Your > second > RIF: > 0810 00A1 00B2 00C3 > cannot be valid because it ends in a 3 - and I assume you know that > it's > supposed to end in a 0 so I'll take the guess that this is just a > typo. > > I referenced your two links and I think the Cisco link is incorrect. > I > could not find where in the CCPrep document it states that an 8 equals > a 3 > bridge/ring combo. On page 5 of the CCPrep paper (almost at the > bottom) it > states "A value of '8' means that there are two bridges" which would > be > consistent with the rest of that RIF. > > Have you tried this link: > > http://www.loopy.org/rif.cgi > > Good luck, > > Sean C. > CCNP, CCDP, MCSE > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=970&t=970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
oh so witty !! [7:971]
www.theregister.co.uk which is actually quite a witty and cynically well informed UK IT related news site recently ran a story about how Juniper were trouncing Cisco at the top end. the headline was 'Juniper berries Cisco' .. groan ! ian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=971&t=971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Upgrade Catalyst 6509 MSFC problem [7:949]
Slight typo in the "copy run" command. I meant to say "copy run tftp". I'm slightly jaded from sitting between two nice warm servers for a few hours now. Sorry. Vijay Ramcharan, CCNP,CCDP,MCSE Network Manager The Deal, L.L.C. http://www.thedeal.com mailto:[EMAIL PROTECTED] -Original Message- From: Vijay Ramcharan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 3:48 PM To: 'Kim Seng'; '[EMAIL PROTECTED]' Subject: RE: Upgrade Catalyst 6509 MSFC problem [7:949] Upgrading a Catalyst 6509 is actually pretty much the same as upgrading a lower end router like a 2600 with a couple of variations. Use below commands at your own risk. Start up your TFTP server and make sure you can ping it from the MSFC prompt. Be sure your image is located in the appropriate TFTP directory. Use the "dir" command to see the images in flash and how much space you have on your flash. Use the "copy flash tftp" command to copy backups of your images in flash in case you need to recover. Use the "copy run flash" command to get a backup of your config. Use the "delete bootflash:" command to delete the IOS image file from flash. Don't delete the image with "boot" in the filename because that image is used to load a minimal version of the IOS software in the event that the normal IOS can't be loaded. Use the "squeeze bootflash:" command to permanently delete the file from flash. Example: MSFC#dir Directory of bootflash:/ 1 -rw- 1644336 Jan 01 2000 01:41:17 c6msfc-boot-mz.121-2.E.bin 3 -rw-11602828 Jan 01 2000 00:11:57 c6msfc-jsv-mz.121-6.E1 15990784 bytes total (2521184 bytes free) MSFC#delete bootflash: ? MSFC#delete bootflash:c6msfc-jsv-mz.121-6.E1 Delete filename [c6msfc-jsv-mz.121-6.E1]? y Delete bootflash:n? [confirm]y Use "copy tftp flash" command to copy your new image over to the flash. Use the command "boot system flash bootflash:" to tell the MSFC which image to load. Issue a "dir" and "show run" and make sure that your image names match. Make sure that you have a command similar to below in your "show run" output to boot your restricted IOS in case something happens. boot bootldr bootflash:c6msfc-boot-mz.121-2.E.bin Save your config. Reset the MSFC and cross your fingers. Take your time and make sure that you can go back to your previous config if the upgrade doesn't work. Oh, and if you happen to mess up, read the link below. http://www.cisco.com/warp/customer/473/14.html Vijay Ramcharan, CCNP,CCDP,MCSE Network Manager The Deal, L.L.C. http://www.thedeal.com mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Seng Sent: Tuesday, April 17, 2001 1:54 PM To: [EMAIL PROTECTED] Subject: Upgrade Catalyst 6509 MSFC problem [7:949] I am trying to upgrade my Catalyst 6509 MFSC to version 12.1.5. When I issued the cmd: copy tftp flash at the router prompt. It failed and told me that there are not enough space to upgrade the new image. Can someone help me with this. I am digging cisco web site for reading right now. Sorry this is my first time with this. Kim. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=969&t=949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Policy Map and Performance [7:967]
I have a device in our network that does not have the ability to change the IP precedence of the traffic it generates. I wanted to set the IP precedence to critical for that device and implemented a policy map on the router it connects to, a 7513 with an RSP4. This device is a Cisco 3510 MCU video conferencing unit and I'm wondering if I may be creating one problem by solving another. here's what I mean... WFQ by default will look at the IP precedence of a flow when deciding how to queue it, but queueing only happens when the interface is congested. With the policy map I have configured, it has to process every packet in that flow regardless of congestion. My question really is how much latency would processing like this add? In this scenario, do the negatives outweigh the positives? To be honest, I haven't noticed much of a difference but I've been working with TAC to resolve some performance issues with the 3510 so we've been trying a lot of different things including playing around the QoS. One engineer suggested I use "ip rtp priority" on the outgoing interfaces but another engineer wants me to remove that and use this policy map with WFQ. ugh. It's like being pecked to death by bunch of chickens! Anyway, I was just wondering if any of you had any insight into the performance hit that this type of policy map might produce. Thanks for putting up with my rambling John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=967&t=967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute !A * !A meaning [7:915]
you are correct This is a single 256k frame relay link >>> "Marty Adkins" 04/17/01 12:51PM >>> "Howard C. Berkowitz" wrote: > > Only a suggestion, but the fact that there are pairs of !A suggest > that there might be per-packet load balancing going on, and the ACL > applies only to one of the paths in the load-shared bundle. That > could be why you get through on half the attempts (ignoring the * > timeout which I'll assume is a random error). > > If I were being truly perverse, though, I might think the load > balancing is across five paths, two of which have ACLs, two of which > don't, and one of which has a reachability problem. > > >You're right. !A is "administratively unreachable" which is generally an > >ACL... This almost certainly occurred on a single path. All three iterations were blocked by an ACL, which caused the router that did so to generate an ICMP administratively prohibited unreachable to the source. The generation of all ICMP unreachables is rate-limited by IOS to no more than one per second to the same source. Hence the packet was silently dropped on #2 which produced a three-second timeout at the source. To see the pattern, perform an extended trace and set the probe count to 5 or 7 -- notice that every other iteration is a timeout. This self-protection mechanism slows down a persistent sender, and aims to limit the potential impact on all other traffic flows. Generating ICMP messages takes extra CPU time, beyond just the ACL check, because all message generation must be performed by an IOS process, rather than in interrupt mode (fast-switching, etc.) Marty Adkins Email: [EMAIL PROTECTED] Mentor Technologies Phone: 240-568-6526 133 National Business Pkwy WWW: http://www.mentortech.com Annapolis Junction, MD 20701Cisco CCIE #1289 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] you are correct This is a single 256k frame relay link >>> "Marty Adkins" 04/17/01 12:51PM >>> "Howard C. Berkowitz" wrote: > > Only a suggestion, but the fact that there are pairs of !A suggest > that there might be per-packet load balancing going on, and the ACL > applies only to one of the paths in the load-shared bundle. That > could be why you get through on half the attempts (ignoring the * > timeout which I'll assume is a random error). > > If I were being truly perverse, though, I might think the load > balancing is across five paths, two of which have ACLs, two of which > don't, and one of which has a reachability problem. > > >You're right. !A is "administratively unreachable" which is generally an > >ACL... This almost certainly occurred on a single path. All three iterations were blocked by an ACL, which caused the router that did so to generate an ICMP administratively prohibited unreachable to the source. The generation of all ICMP unreachables is rate-limited by IOS to no more than one per second to the same source. Hence the packet was silently dropped on #2 which produced a three-second timeout at the source. To see the pattern, perform an extended trace and set the probe count to 5 or 7 -- notice that every other iteration is a timeout. This self-protection mechanism slows down a persistent sender, and aims to limit the potential impact on all other traffic flows. Generating ICMP messages takes extra CPU time, beyond just the ACL check, because all message generation must be performed by an IOS process, rather than in interrupt mode (fast-switching, etc.) Marty Adkins Email: [EMAIL PROTECTED] Mentor Technologies Phone: 240-568-6526 133 National Business Pkwy WWW: http://www.mentortech.com Annapolis Junction, MD 20701Cisco CCIE #1289 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=968&t=915 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 hours are over and I passed the CCIE written [7:966]
It was not as difficult as I thought but then my score wasn't as high as it should have been. There wasn't as much token as expected but that's OK. My networking experience definitely helped out but then so did the Todd Lammle CCIE book and the Casco book as well as a ton of information from Cisco's site. I finally figured out that the RIF length field is inclusive of the RC and RD. Only one question on that any how. :) I wish I could remember better what was on the test but it's all a blur now, kind of like post traumatic stress syndrome or whatever it's called. Mike Bambic Lead Mentor Phoenix Branch 602-955-5888 Cisco Regional Business Development Manager TechSkills www.techskills.com [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=966&t=966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst traceroute problem [7:965]
Shane Stockman wrote: > > My problem is that when I try to tracroute to a printer on a vlan it just > gives me the stars , but I can ping quite easily from the same switch.I had > a trace done from the mainframe and it stops at this switch and I had > another mainframe trace done from a mainframe in Europe and it still stops > at this switch.I can ping the printer address and get a 100% reply from both > mainframes. > Keep in mind that a traceroute performed by a Cisco or Unix device sends a UDP packet to a high (bogus) port (e.g., 33534). Since the target should have no application running at that port, it should reply with an ICMP port unreachable. It's possible that some device is filtering the UDP packets in the forward direction, or the ICMP unreachables in the reverse direction, while happily passing ICMP echo/echo-reply. Marty Adkins Email: [EMAIL PROTECTED] Mentor Technologies Phone: 240-568-6526 133 National Business Pkwy WWW: http://www.mentortech.com Annapolis Junction, MD 20701Cisco CCIE #1289 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=965&t=965 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrade Catalyst 6509 MSFC problem [7:949]
Upgrading a Catalyst 6509 is actually pretty much the same as upgrading a lower end router like a 2600 with a couple of variations. Use below commands at your own risk. Start up your TFTP server and make sure you can ping it from the MSFC prompt. Be sure your image is located in the appropriate TFTP directory. Use the "dir" command to see the images in flash and how much space you have on your flash. Use the "copy flash tftp" command to copy backups of your images in flash in case you need to recover. Use the "copy run flash" command to get a backup of your config. Use the "delete bootflash:" command to delete the IOS image file from flash. Don't delete the image with "boot" in the filename because that image is used to load a minimal version of the IOS software in the event that the normal IOS can't be loaded. Use the "squeeze bootflash:" command to permanently delete the file from flash. Example: MSFC#dir Directory of bootflash:/ 1 -rw- 1644336 Jan 01 2000 01:41:17 c6msfc-boot-mz.121-2.E.bin 3 -rw-11602828 Jan 01 2000 00:11:57 c6msfc-jsv-mz.121-6.E1 15990784 bytes total (2521184 bytes free) MSFC#delete bootflash: ? MSFC#delete bootflash:c6msfc-jsv-mz.121-6.E1 Delete filename [c6msfc-jsv-mz.121-6.E1]? y Delete bootflash:n? [confirm]y Use "copy tftp flash" command to copy your new image over to the flash. Use the command "boot system flash bootflash:" to tell the MSFC which image to load. Issue a "dir" and "show run" and make sure that your image names match. Make sure that you have a command similar to below in your "show run" output to boot your restricted IOS in case something happens. boot bootldr bootflash:c6msfc-boot-mz.121-2.E.bin Save your config. Reset the MSFC and cross your fingers. Take your time and make sure that you can go back to your previous config if the upgrade doesn't work. Oh, and if you happen to mess up, read the link below. http://www.cisco.com/warp/customer/473/14.html Vijay Ramcharan, CCNP,CCDP,MCSE Network Manager The Deal, L.L.C. http://www.thedeal.com mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Seng Sent: Tuesday, April 17, 2001 1:54 PM To: [EMAIL PROTECTED] Subject: Upgrade Catalyst 6509 MSFC problem [7:949] I am trying to upgrade my Catalyst 6509 MFSC to version 12.1.5. When I issued the cmd: copy tftp flash at the router prompt. It failed and told me that there are not enough space to upgrade the new image. Can someone help me with this. I am digging cisco web site for reading right now. Sorry this is my first time with this. Kim. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=964&t=949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute !A * !A meaning [7:915]
"Howard C. Berkowitz" wrote: > > Only a suggestion, but the fact that there are pairs of !A suggest > that there might be per-packet load balancing going on, and the ACL > applies only to one of the paths in the load-shared bundle. That > could be why you get through on half the attempts (ignoring the * > timeout which I'll assume is a random error). > > If I were being truly perverse, though, I might think the load > balancing is across five paths, two of which have ACLs, two of which > don't, and one of which has a reachability problem. > > >You're right. !A is "administratively unreachable" which is generally an > >ACL... This almost certainly occurred on a single path. All three iterations were blocked by an ACL, which caused the router that did so to generate an ICMP administratively prohibited unreachable to the source. The generation of all ICMP unreachables is rate-limited by IOS to no more than one per second to the same source. Hence the packet was silently dropped on #2 which produced a three-second timeout at the source. To see the pattern, perform an extended trace and set the probe count to 5 or 7 -- notice that every other iteration is a timeout. This self-protection mechanism slows down a persistent sender, and aims to limit the potential impact on all other traffic flows. Generating ICMP messages takes extra CPU time, beyond just the ACL check, because all message generation must be performed by an IOS process, rather than in interrupt mode (fast-switching, etc.) Marty Adkins Email: [EMAIL PROTECTED] Mentor Technologies Phone: 240-568-6526 133 National Business Pkwy WWW: http://www.mentortech.com Annapolis Junction, MD 20701Cisco CCIE #1289 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=963&t=915 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balance and Fault Redundancy [7:962]
One of our customers asks for load balance and fault redundancy. They have a Cisco router 1605 with a serial0 for T1 (216.94.x.x), and eth0 for local network, eth1 for DSL (66.59.x.x). This router satisfies their scenario hardware requirements. How to configure the Cisco router 1605 (just one router, not HSRP) to implement load balance and fault redundancy, and serial0 and eth1 are using different ip block? When DSL and T1 lines are both working fine, they want to have load balance. If one of the lines, either T1 or DSL, is down, they need fault tolerance. Let's say, T1 is down, all the users on the local network automatically use DSL to get to the Internet. Any suggestions will be highly appreciated. Shawn Xu _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=962&t=962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
