Re: "enable password level" command [7:3277]

[Jason Roysdon]

Best practice is to not use enable password period.  Use enable secret.
Regarding your real question, what level to set?  I've never thought or seen
anyone limiting the enable secret command (as this is the "root" command in
essence to the router).  I don't think you'd normally do this, but rather
have AAA or local users defined with levels set.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Albert Lu""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Group,
>
> Could someone give me an explanation and "best practise" in production
> networks for the "enable password level" command? I know that it is
between
> 1-15, with level 1 the lowest and 15 the highest level for most access.
Are
> the levels 2-14 user configurable?
>
>
> Thanks
>
> Albert
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3348&t=3277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Jason Roysdon]

True, true.  Good point.  Of course, you can always disable all the fixups
;-)'

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Carroll Kong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 11:37 PM 5/5/01 -0400, Jason Roysdon wrote:
> >Huh?  How would the PIX fixups possibly lead to security holes?  They're
> >there to protect the end device and only allow in the RFC commands (which
> >can actually be a pain, like with SMTP mailguard being too strict for
SMTP
> >authentication on Exchange).  I don't see how this can be a security
hole,
> >but prevents them on flawed/badly coded end devices.
> >
> >--
> >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> >List email: [EMAIL PROTECTED]
> >Homepage: http://jason.artoo.net/
> >
> >""Carroll Kong""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > At 10:44 AM 5/4/01 -0400, Jim Brown wrote:
> >
> > > The Pix does a bit more (mini-proxy like actions like 'fixups'), so it
> > > actually lends itself to be slightly more vulnerable than say an
OpenBSD
> > > box + IPFilter.
>
> Anytime you try to do more than simple layer 3 packet filtering you are
> running into dangerous territory.  Anytime you try to touch the layer 7
> (fix up / quasi proxy), you are asking for possible danger.
>
> Good security sense due to experience from programming knows, less
> features, less bugs, less exploits despite their best intentions.
>
>
http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3
D2133
>
> In theory, you are right.  In theory, firewalls + proxies create a
powerful
> security environment.  However, in theory of security, you cannot fully
> trust anything, that rule should supercede the other two.  (and of course
> bad users are the ultimate weak link, but I digress).
>
> If an exploit has happened once, do not think it cannot happen again.
>
>
>
> -Carroll Kong
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3350&t=2878
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port (Cisco Trivia) [7:3287]

[Jason Roysdon]

Pray it has 'service config' set and configure a tftp server to upload a
config with an ip.  I've never done it, but I guess it could work.

In fact, does anyone know if allowing 'service config' to remain on a router
is a security risk?  If you have a tftp server listening, you'll see the
broadcast request for the boot config file, and I can't see how any security
could be passed to stop/block getting the wrong config?  I always just set
'no service config' as a matter of best-practices whenever configuring a
router, but I'm wondering if anyone else has tested this?

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Brian Dennis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Anyone know how to get to a Cisco router remotely that doesn't have an IP
> address configured on it? Going in through a console, aux or async line
> doesn't count.
>
> Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> 5G Networks, Inc.
> [EMAIL PROTECTED]
> 925) 260-2724
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > EA Louie
> > Sent: Friday, May 04, 2001 9:00 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Disable telnet port [7:3237]
> >
> >
> > If you have the right version of IOS, you can
> > transport input ssh
> >
> > and to answer Chuck's questions, there is a way to disable telnet and
> > everything else,
> > transport input none
> >
> > - Original Message -
> > From: Jacques Atlas
> > To:
> > Sent: Friday, May 04, 2001 3:12 PM
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > >
> > > |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
> > > |themselves?
> > > |
> > > |If the latter, the most effective way is to require a login but set
no
> > > |password.
> > > |Eg
> > > |
> > > |Line vty 0 4
> > > |Login
> > >
> > > anyone know if you can _disable_ telnet to a cisco and only ssh ?
> > >
> > > something like "no service telnet" would be great
> > >
> > > --
> > > jacques
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3351&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stop Sending me mails this is my fourth mail. [7:3280]

[Jason Roysdon]

Anyone wishing to unsubscribe, please see the Groupstudy.com website
regarding the proper procedure:
http://groupstudy.com/list/help.html

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""M. HASAN USMANI.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> unsubscribe cisco
>
>
> STOP SENDING ME EMAILS!!!
>
> UNSUBSCRIBE CISCO
> UNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCO
>
>
>
>
>
> ___
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3349&t=3280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FS: Rack & Cat 5k (Seattle area only) [7:3331]

[David Cooper]

how much for the carpet fuzz?


On Saturday 05 May 2001 16:54, Jon wrote:
> I liberated a full-size rack from work, so now I have a half-size rack I'd
> like to get rid of.  It's meant to hang from the wall and hold a bunch of
> gear -- this isn't one of those cheap racks from Musician's Friend.  It's
> all steel, and I have no interest in tearing it apart and shipping it, so
> if anyone in the Seattle general area wants it, let me know.
>
> I also have a Cat 5000 that I don't need anymore. I'd prefer to not ship
> this guy, as well, so if I can't find someone local, it'll stay in my rack
> and collect carpet fuzz.
>
> -jon-
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3347&t=3331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port [7:3237]

[Jason Roysdon]

Use ACLs to block.  Not as simple as the command you're looking for.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Jacques Atlas""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Fri, 4 May 2001, Chuck Larrieu wrote:
>
> |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
> |themselves?
> |
> |If the latter, the most effective way is to require a login but set no
> |password.
> |Eg
> |
> |Line vty 0 4
> |Login
>
> anyone know if you can _disable_ telnet to a cisco and only ssh ?
>
> something like "no service telnet" would be great
>
> --
> jacques
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3344&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Jason Roysdon]

I've got a customer with 600 employees using a 506 with no problems.  The
biggest limitation is that it only has two ports, so you're not going to add
a DMZ off it, and IPSEC is only getting something like a 4 or 5mb throughput
(10mbit ports on it).  Of course, this customer only has a T1, so the
1.5mbit connection is the limit, not the PIX.  We're actually doing VPN
IPSEC tunnels to a number of "test sites" (my house, my office, my boss'
house) and have 7960 IP Phones working remotely.  Works great so far.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Chuck Larrieu""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Interesting read. Thanks.
>
> Goes to show - Cisco excels in service and support.  I used to think the
> licensing procedure for Ciscoworks and Baseliner was a pain. Wow, what a
> breeze compared to Checkpoint!
>
> Another interesting comment - the PIX 506 licensing. Cisco has taken to
> being very opaque about what a PIX 506 can and should do. Last time I
> checked, Cisco's party line was that the 506 is good for "up to 10
internet
> connections" and the folks at the pre-sales help line I spoke to were
unable
> to clarify this statement. Interesting, since I had recalled from
> documentation that has long since been deleted from CCO, that the 506 was
> good for several thousand simultaneous TCP connections, which is plenty
for
> any business of a couple hundred users. I suspect Cisco kinda shot
> themselves in the foot with the 506, in that it is undercutting sales of
> 515's to small enterprises.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Dave
> Chappell
> Sent: Friday, May 04, 2001 3:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
> This might be of interest:
>
> http://www.roble.com/docs/fw1_or_pix.html
>
> Dave
>
> -Original Message-
> From: Brian [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 04, 2001 10:52 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
>
> In a serious enterprise of scale, I would indeed consider using both a pix
> and a server based firewall.
>
> Bri
>
> - Original Message -
> From: "Jim Brown"
> To:
> Sent: Friday, May 04, 2001 7:44 AM
> Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
>
> > Security holes in lower layers? Where did you come up with that, your
> Cisco
> > rep?
> >
> > -Original Message-
> > From: Eugene Nine [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 03, 2001 5:01 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
> >
> >
> > PIX goes up to layer 4, so it won't do things like URL filtering.
> > Checkpoint (or other SW) can do higher layer protection but may not be
as
> > well at the lower layers (due to security holes in the OS, etc)
> > Eugene
> >
> > ""Chuck Larrieu""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Asked sincerely, what advantages do you see in provisions PIX plus
> > > checkpoint?
> > >
> > > Chuck
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
> > > [EMAIL PROTECTED]
> > > Sent: Thursday, May 03, 2001 2:47 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
> > >
> > > It depends on your security policy , design and needs  , generally
what
> we
> > > advice our
> > > customers is checkpoint + pix together
> > >
> > > Hatim badr a icrit :
> > >
> > > > Hi ,
> > > >
> > > > I would like to know the pluses and minuses of each product .
> Currently
> > > We
> > > > are using checkpoint and I want to convince my management to switch
to
> > > cisco
> > > > PIX firewall .
> > > >
> > > > Thanks
> > > >
> > > > Hatim
> > > >
> > > > 
> > > > Get free email and a permanent address at
> http://www.netaddress.com/?N=1
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy

Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Carroll Kong]

At 11:37 PM 5/5/01 -0400, Jason Roysdon wrote:
>Huh?  How would the PIX fixups possibly lead to security holes?  They're
>there to protect the end device and only allow in the RFC commands (which
>can actually be a pain, like with SMTP mailguard being too strict for SMTP
>authentication on Exchange).  I don't see how this can be a security hole,
>but prevents them on flawed/badly coded end devices.
>
>--
>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>""Carroll Kong""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 10:44 AM 5/4/01 -0400, Jim Brown wrote:
>
> > The Pix does a bit more (mini-proxy like actions like 'fixups'), so it
> > actually lends itself to be slightly more vulnerable than say an OpenBSD
> > box + IPFilter.

Anytime you try to do more than simple layer 3 packet filtering you are 
running into dangerous territory.  Anytime you try to touch the layer 7 
(fix up / quasi proxy), you are asking for possible danger.

Good security sense due to experience from programming knows, less 
features, less bugs, less exploits despite their best intentions.

http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2133

In theory, you are right.  In theory, firewalls + proxies create a powerful 
security environment.  However, in theory of security, you cannot fully 
trust anything, that rule should supercede the other two.  (and of course 
bad users are the ultimate weak link, but I digress).

If an exploit has happened once, do not think it cannot happen again.



-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3343&t=2878
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port [7:3237]

[Jason Roysdon]

That's actually the best method I've seen to date, and really only requires
adding two lines:

access-list 1 deny   any
line vty 0 4
 access-class 1 in

Of course, if you want it to not just "% Connection refused by remote host"
but just not respond period, you could make a route-map for all telnet
traffic to the router's ips and set it to forward to Null, and then they
just get nothing, period.  More work than it's worth, IMHO ;-)

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Brian Dennis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If you put an access-class in on the vty lines that disables everything
like
> Chuck recommended no one will be able to telnet in. Also a port scan will
> not show anything on port 23. So telnet would appear to be disabled.
>
> There just isn't a way to actually turn off the telnet process on a Cisco
> router. If you really want to stop the telnet process you could power off
> the router but this would stop all the processes 8-)
>
> Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> 5G Networks, Inc.
> [EMAIL PROTECTED]
> (925) 260-2724
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jacques Atlas
> > Sent: Friday, May 04, 2001 4:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > On Fri, 4 May 2001, Chuck Larrieu wrote:
> >
> > |There is no option "no service telnet" on the IOS I have available to
me.
> >
> > :-) that was just an example of something that would be nice.
> >
> > |Your choice would then become an access-list denying telnet to
> > appropriate
> > |router interfaces. You can also apply access lists to the vty
> > ports to limit
> > |who can telnet in. nope, can't delete the vty lines either.
> >
> > acl's for all interfaces is way to complex.
> >
> > telnet is not an option. if you can stop the telnet daemon on a unix box
> > you should be able to do it on a cisco device, if it support another
form
> > of transport.
> >
> > owell
> >
> > --
> > jacques
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3346&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port [7:3237]

[Jason Roysdon]

The port is still listening and will reply with something like "Password
required but none set."  If I don't want telnet (or whatever service), I'd
add it to my ACL incoming filters.

access-list 101 deny tcp any host 1.1.1.1 eq telnet
access-list 101 deny tcp any host 2.2.2.2 eq telnet

(1.1.1.1 & 2.2.2.2 should match all of the routers IPs).

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Chuck Larrieu""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
> themselves?
>
> If the latter, the most effective way is to require a login but set no
> password.
> Eg
>
> Line vty 0 4
> Login
>
> HTH
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Victor Chan
> Sent: Friday, May 04, 2001 12:41 PM
> To: [EMAIL PROTECTED]
> Subject: Disable telnet port [7:3237]
>
> How do you disable telnet port on the cisco router 2524 and 2610?
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3342&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Jason Roysdon]

Huh?  How would the PIX fixups possibly lead to security holes?  They're
there to protect the end device and only allow in the RFC commands (which
can actually be a pain, like with SMTP mailguard being too strict for SMTP
authentication on Exchange).  I don't see how this can be a security hole,
but prevents them on flawed/badly coded end devices.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Carroll Kong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 10:44 AM 5/4/01 -0400, Jim Brown wrote:

> The Pix does a bit more (mini-proxy like actions like 'fixups'), so it
> actually lends itself to be slightly more vulnerable than say an OpenBSD
> box + IPFilter.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3340&t=2878
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1603 router [7:3165]

[Jason Roysdon]

And the Modular Cafe shows they work in 1720 w/12.0.1(XA3).  1600 is shown
to now be supported.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""LeBrun, Tim""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Oh contraire - I have several WIC-2Ts working in 3640s.
>
> Tim LeBrun
> CCNA, CCDA
> Phone: 864-587-3831
> Fax:  413-825-0402
> Cell: 864-621-8044
> [EMAIL PROTECTED]
>
>
> -Original Message-
> From: andyh [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 04, 2001 3:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: 1603 router [7:3165]
>
>
> WIC-2Ts are for 2600s only - don't work in 1700s or 3600s either
>
> Andy
>
> - Original Message -
> From: "Sujal G. Ajmera"
> To:
> Sent: Friday, May 04, 2001 1:01 PM
> Subject: 1603 router [7:3165]
>
>
> > Hi,
> >
> > In the Cisco documentation manual, it doesn't mention that WIC-2T can be
> > used but it does say that WIC-1T can be used.
> >
> > Any thoughts on this?
> >
> > TIA
> >
> > Sujal
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3341&t=3165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boson BCSN [7:3339]

[John Chang]

I'm taking the BCSN on tuesday and wanted to know which Boson to 
purchase.  I looked in the Archives and it seems exam 1 is the one but it 
was dated in Oct./Dec. 2000.  So I ask 1, 2, or 3?  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3339&t=3339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1603 router [7:3165]

[Jason Roysdon]

Everyone, bookmark this URL.

http://www.cisco.com/warp/public/779/servpro/modulecafe/

Solution Finder -> Search Now -> Part Number: WIC-2T

Supported Platforms &
Minimum IOS Versions
 3660 series - 12007XK
3640 - 12.1(1)T
3620 - 12.1(1)T
2650 - 12.1(3)T
2600 series - 11.3(2)XA
1720 - 12.0.1(XA3)
1600 series - Not Available

4 clicks, question answered.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Sujal G. Ajmera""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> In the Cisco documentation manual, it doesn't mention that WIC-2T can be
> used but it does say that WIC-1T can be used.
>
> Any thoughts on this?
>
> TIA
>
> Sujal
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3338&t=3165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written ...really dumb Q`s [7:3161]

[Jason Roysdon]

I'm no Novell/IPX wizard, but I was troubleshooting some broadcast storms
Friday.  Both routers and servers were broadcasting Novell SAPs.  Digging
further:

http://www.cisco.com/warp/public/111/3.html

"Prior to software releases 9.1(13) 9.17(11) 9.14(9) 9.21(5) 10.0(5), a
Cisco router had a default GNS delay of 500 ms. The default GNS delay for
any later release is 0 ms. If you find you need a delay as discussed below,
use the command ipx gns-response-delay to add an apropriate delay. Sh ipx
int will show you the configured GNS delay for a particular interface."

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Vincent Chong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi;
>
> 1) 7500 series for big enterprise
> 3600 is suitable for small enterprise or branch.
> You pick one.
>
> 2) Router will not broadcast SAP table.  Router rather matintain their
> own sap table.
> If the sap client could not find the sever in the local segment,
the
> sap client will forward the request the
> to the router, the router will forward the request to the nearest
> Novell Server maintained in the sap table.
> Read ICRC or ACRC have more detail.
>
> HTH
> Vincent Chong
>
>   Memo from Steve Skinner of PricewaterhouseCoopers
> >
> >  Start of message text 
> >
> > sorry ,
> >
> > my brain has turned to mush...pleae help
> >
> > Q1
> > out fo these routers which is best in enterprsie
> > 3600,7500,1 ?..
> >
> > Q2
> > if a routers gets a GNS request what will it do
> >
> > a ignore it
> > b pass to next sever on segment
> > c pass to nearest server
> >
> > Q1 1
> > Q2 c
> >
> > am i right ...i can`t think panic button has been
> > pressed...unable to sleep
> >
> > thanks
> >
> > steve
> >
> > - End of message text 
> >
> > The principal place of business of PricewaterhouseCoopers and its
> associate
> > partnerships is 1 Embankment Place, London WC2N 6NN where lists of the
> > partners' names are available for inspection. All partners in the
> associate
> > partnerships are authorised to conduct business as agents of, and all
> > contracts for services to clients are with, PricewaterhouseCoopers. The
UK
> > firm of PricewaterhouseCoopers is authorised by the Institute of
Chartered
> > Accountants in England and Wales to carry on investment business.
> > PricewaterhouseCoopers is a member of the world-wide
> > PricewaterhouseCoopers organisation.
> > 
> > The information transmitted is intended only for the person or entity to
> > which it is addressed and may contain confidential and/or privileged
> > material.  Any review, retransmission, dissemination or other use of, or
> > taking of any action in reliance upon, this information by persons or
> > entities other than the intended recipient is prohibited.   If you
> received
> > this in error, please contact the sender and delete the material from
any
> > computer.
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3337&t=3161
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2501 [7:3332]

[rick]

On Sat, 5 May 2001, ahall wrote:

:Date: Sat, 5 May 2001 19:13:56 -0400
:From: ahall 
:To: [EMAIL PROTECTED]
:Subject: 2501 [7:3332]
:
:i can purchase (max of 4) 2501's to play with .. home setup
:(two serial.. one ethernet interface)
:
:ios 11.2
:8MB flash
:16MB dram
:
:no cables ... all units all 100 percent operational ...
:
:what would be a good price for each or for the complete set

I think maximim would be $650 each.  You can meet or beat that price
on usenet.

-- 
--Rick

Mechanical engineers design weapons. Civil engineers design targets.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3336&t=3332
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP: questions on "ip summary-address" command [7:3335]

[Jerry Seven]

Hi group,

I'm get confused to this command, according to explaination in Routing TC/IP
p724, the eigrp xx is where the summary address sent to, so in p380, the
example on redistribute eigrp route to igrp domain, why the command can also
be used, for we want to send the summary route to igrp but not eigrp
process.

Another question is in p726, the second paragraph from bottom says that ip
summary-address only filter external routes, I reproduced this case study in
my home lab, but on Snider I don't see 192.168.4.0,  my IOS version are all
12.0.

Any ideas?

Thanks,

Jerry



_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3335&t=3335
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Test [7:3334]

[sffff sfd]

Test




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3334&t=3334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE LAB TEST [7:3333]

[Jeongwoo Park]

Hi all
Are ATM and VOIP a part of CCIE routing and switching lab test?

JP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=&t=
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2501 [7:3332]

[ahall]

i can purchase (max of 4) 2501's to play with .. home setup
(two serial.. one ethernet interface)

ios 11.2
8MB flash
16MB dram

no cables ... all units all 100 percent operational ...

what would be a good price for each or for the complete set

thanks

armond




-

Made With Macintosh Powerbook ...

-

[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3332&t=3332
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FS: Rack & Cat 5k (Seattle area only) [7:3331]

[Jon]

I liberated a full-size rack from work, so now I have a half-size rack I'd
like to get rid of.  It's meant to hang from the wall and hold a bunch of
gear -- this isn't one of those cheap racks from Musician's Friend.  It's
all steel, and I have no interest in tearing it apart and shipping it, so
if anyone in the Seattle general area wants it, let me know.

I also have a Cat 5000 that I don't need anymore. I'd prefer to not ship
this guy, as well, so if I can't find someone local, it'll stay in my rack
and collect carpet fuzz.

-jon-

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3331&t=3331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: free online catalyst lab [7:3270]

[C555]

Neal,

Thanks for the use of the kit. I have now configured a scenario and all is
working.  Here is the challenge for those who want to have a go, config is
included for those who get stuck:

1 x Cat Switch , ISL capable
1 x Router , ISL capable
2 x Routers

Blow away the configs on the Cat and Routers. You won't loose access as you
connect via the console ports. Set router and Cat prompts.

All routers connect to the switch. Use CDP to discover where.

Configure the 2 routers as IP Hosts (no ip routing), each router to be in a
seperate VLAN.

Configure the ISL capable router for inter-vlan routing between the two IP
hosts (the 2 routers).

Put the Catalyst switch into the same VLAN as either host 1 or host 2
(router 1 or router 2).

Check you have full IP connectivity by pinging from the catalyst to the ISL
router and the other two IP hosts (routers).

Extras:

The Catalyst should have a ststaic cam entry for IP Host 1 (router 1)
Set SNMP parameters, include the enabling of traps.
Any ports not in use should not be in VLAN1 or any VLAN that is active.
Set the system time on the Cat.
Practice the command for sending the Cat config to a TFTP server and then
back again (won't actually work as there is no TFTP server).
Use sh ip route, show arp, sh cam static, sh cam dynamic on the Cat - what
is each telling you.
Use show vlan on the ISL router.
Use debug arp and IP packet detail, on all the routers.  What happens when
you change the Cat sc0 interface into another VLAN, do pings work straight
away.
How can you ensure the Cat is will be the root bridge if another Cat is
added to the network.
How can you ensure VTP does not  wipe out  another Cat if added to the
network.
Set the Cat so your session never logs out.
Set port security on one port - how can it dynamically learn. How can you
test this to prove it works and shuts the port down?
Configure a port for a protocol analyser to look at Receive traffic on one
of the VLANS.
Enable the switch for IP multicasting.


Configs below:









Cat:
sh conf
.
.
.
..

begin
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt cat2926T>
set length 24 default
set logout 0
set banner motd ^C^C
!
#system
set system baud  9600
set system modem disable
set system name  Cat2926T
set system location on_the_internet_somewhere
set system contact  [EMAIL PROTECTED]
!
#snmp
set snmp community read-only  can_read
set snmp community read-write can_write
--More--        set snmp community read-write-all can_do_all
set snmp rmon disable
set snmp trap enable  module
set snmp trap enable  chassis
set snmp trap enable  bridge
set snmp trap enable  repeater
set snmp trap enable  vtp
set snmp trap enable  auth
set snmp trap enable  ippermit
set snmp trap enable  vmps
set snmp trap 10.10.10.10 can_read
!
#ip
set interface sc0 2 10.1.1.253 255.255.255.0 10.1.1.255

set interface sl0 0.0.0.0 0.0.0.0
set arp agingtime 1200
set ip redirect   enable
set ip unreachable   enable
set ip fragmentation enable
set ip route 0.0.0.0 10.1.1.254  1
set ip alias default 0.0.0.0
!
--More--        #Command alias
!
#vmps
set vmps server retry 3
set vmps server reconfirminterval 60
set vmps tftpserver 0.0.0.0 vmps-config-database.1
set vmps state disable

!
#dns
set ip dns disable
!
#tacacs+
set tacacs attempts 3
set tacacs directedrequest disable
set tacacs timeout 5
set authentication login tacacs disable
set authentication login local enable
set authentication enable tacacs disable
set authentication enable local enable
!
#bridge
set bridge ipx snaptoether   8023raw
--More--        set bridge ipx 8022toether   8023
set bridge ipx 8023rawtofddi snap
!
#vtp
set vtp domain Craig
set vtp mode transparent
set vtp v2 disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
set vlan 1 name default type ethernet mtu 1500 said 11 state active
set vlan 2 name Sales type ethernet mtu 1500 said 12 state active
set vlan 3 name Engineering type ethernet mtu 1500 said 13 state active
set vlan 99 name SPARE type ethernet mtu 1500 said 100099 state suspend
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state
activ
e bridge 0x0 stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
active br
idge 0x0 stp ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state
acti
ve parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7
set interface sc0 2 10.1.1.253 255.255.255.0 10.1.1.255

!
#spantree
#uplinkfast groups
set spantree uplinkfast disable
--More--        #vlan 1
set spantree enable 1
set spantree fwddelay 151
set spantree hello2 1
set spantree maxage   201
set spantree priority 32768 1
#vlan 2
set spantree enable 2
set spantree fwddelay 152
set spantree hello2

Re: Serial condition [7:3146]

[David Chandler]

Please send the configs and IOS ver:

I just check a dozen SDLLC and QLLC connections and I can not find any
DOWN/UP conditions.
If it's the DCE and it sees DTR it goes up/up. If its the DTE and sees
DSR & DCD it goes up/up.


DaveC



"Hawthorne, Mike MM" wrote:
> 
> Can anyone explain this condition!!!
> 
> SBCEN5_8TH_FLOOR_PHASE1#sh int s0
> Serial0 is down, line protocol is up
>   Hardware is HD64570
>   Description: MSWAP (RMSPEBD6)
>   MTU 1500 bytes, BW 10 Kbit, DLY 2 usec, rely 255/255, load 1/255
>   Encapsulation SDLC, loopback not set
> Router link station role: PRIMARY (DCE)
> Router link station metrics:
>   slow-poll 10 seconds
>   T1 (reply time out) 3000 milliseconds
>   N1 (max frame size) 12016 bits
>   N2 (retry count) 20
>   poll-pause-timer 10 milliseconds
>   poll-limit-value 1
>   k (windowsize) 7
>   modulo 8
>   sdlc vmac: 5043.C2AD.A1--
>   sdlc addr C6 state is DISCONNECT
>   cls_state is CLS_STN_CLOSED
>   VS 0, VR 0, Remote VR 0, Current retransmit count 0
>   Hold queue: 0/200 IFRAMEs 0/0
>   TESTs 0/0 XIDs 0/0, DMs 0/0 FRMRs 0/0
>   RNRs 0/0 SNRMs 15959/0 DISC/RDs 0/0 REJs 0/0
>   Poll: clear, Poll count: 0, chain: C6/C6
>   Last input never, output 00:01:36, output hang never
>   Last clearing of "show interface" counters never
>   Queueing strategy: fifo
>   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
>   5 minute input rate 0 bits/sec, 0 packets/sec
>5 minute output rate 0 bits/sec, 0 packets/sec
>  0 packets input, 0 bytes, 0 no buffer
>  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>  15959 packets output, 31918 bytes, 0 underruns
>  0 output errors, 0 collisions, 59 interface resets
>  0 output buffer failures, 0 output buffers swapped out
>  244682856 carrier transitions
>  DCD=up  DSR=up  DTR=down  RTS=down  CTS=up
> 
> Mike Hawthorne
> Johanesburg
> South Africa
> 
> __
> 
> Disclaimer and confidentiality note
> 
> Everything in this e-mail and any attachments relating to the official
> business of Standard Bank Investment Corporation (Stanbic)
> is proprietary to the company. It is confidential, legally privileged and
> protected by law.\
> Stanbic does not own and endorse any other content. Views and opinions are
> those of the sender unless clearly stated as being that of Stanbic.
> 
> The person addressed in the e-mail is the sole authorised recipient.
> Please notify the sender immediately if it has unintentionally reached you
> and do not read, disclose or use the content in any way.
> 
> Stanbic can not assure that the integrity of this communication has been
> maintained
> nor that it is free of errors, virus, interception or interference.
> 
> __
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3329&t=3146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

troubleshooting DDR [7:3328]

[JRoberts]

I have several production 2610 routers setup with DDR as a failover for a
Frame-Relay connection.  All the routers are configured identically, but a
couple of them are attempting dial out  the Async interface even when the
Frame-Relay connection does not go down.  We have already replaced the WIC
and then the entire chassis.  Any suggestions for trouble shooting?  I don't
have access to the configs right this minute, I will post them ASAP.

I would appreciate any ideas.


--
Julie Roberts, CCNA
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3328&t=3328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Printing Boson Exams [7:3327]

[Kevin Wigle]

Dear Group,

Lost the original post but here's an answer of sorts.

At the top in the File menu tree you can print each question.

The print operation doesn't ask you where to print, it just uses the default
printer.

So, create a new "printer" that prints to file (local printer - Generic) and
make it the default while you're doing the questions.

Not very elegant actually as each question will overwrite the last one
saved.  So keep windows explorer open and rename the output each time.

Unfortunately, graphics won't come across too well.

So if you own the Adobe Editor - it installs the Adobe Distiller which is
another print to file operation but you get to keep all the graphics and its
in .pdf format.

So you can't dump an exam but you can get all the info you want one by one
if you're patient.

Kevin Wigle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3327&t=3327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Test Exams for CCNA WAN Sw [7:3326]

[hal9001]

I know about the test exams published by BOSON for the CCNA WAN Sw Exam
#640-410 but I did come across another vendor who I have lost the link to -
anyone any ideas please.

Karl HUTCHINSON




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3326&t=3326
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stop Sending me mails this is my fourth mail. [7:3280]

[hal9001]

And quite alot of ignorance on one persons part.

Karl
- Original Message -
From: "William E. Gragido" 
To: 
Sent: Saturday, May 05, 2001 8:01 PM
Subject: RE: Stop Sending me mails this is my fourth mail. [7:3280]


> I am detecting a lot of hostility here...
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Larry Osei-Kwaku
> Sent: Saturday, May 05, 2001 5:31 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Stop Sending me mails this is my fourth mail. [7:3280]
>
>
> You Fool !
>
> Go to WWW.groupstudy.com and unsubscribe yourself.
>
>
> --- "M. HASAN USMANI."  wrote: >
> unsubscribe cisco
> >
> >
> > STOP SENDING ME EMAILS!!!
> >
> > UNSUBSCRIBE CISCO
> > UNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> > CISCOUNSUBSCRIBE CISCO
> >
> >
> >
> >
> >
> >
> ___
> > Send a cool gift with your E-Card
> > http://www.bluemountain.com/giftcenter/
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
> >
> >
>
>
> =
> "Wear a smile and have friends; wear a scowl and  have wrinkles."
>   - George Eliot
>
> "the greatest glory is not in never falling, but rising up each time we
> fall."
>
> "The greatest man is not he who does not fall but he who falls and rises
> again to win"
>
> 
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3325&t=3280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Stop Sending me mails this is my fourth mail. [7:3280]

[William E. Gragido]

I am detecting a lot of hostility here...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Larry Osei-Kwaku
Sent: Saturday, May 05, 2001 5:31 AM
To: [EMAIL PROTECTED]
Subject: Re: Stop Sending me mails this is my fourth mail. [7:3280]


You Fool !

Go to WWW.groupstudy.com and unsubscribe yourself.


--- "M. HASAN USMANI."  wrote: >
unsubscribe cisco
>
>
> STOP SENDING ME EMAILS!!!
>
> UNSUBSCRIBE CISCO
> UNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCO
>
>
>
>
>
>
___
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
>


=
"Wear a smile and have friends; wear a scowl and  have wrinkles."
  - George Eliot

"the greatest glory is not in never falling, but rising up each time we
fall."

"The greatest man is not he who does not fall but he who falls and rises
again to win"


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3324&t=3280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco PIX [7:3323]

[Shibu Pillai]

Hello,
I would  appreciate if  any one  could help me  in this .
For  a   cisco pix firewall course  , how  would be  the classroom
setup and  which  book should be followed ( other than the official
curriculum ) .
 Regards,
 Shibu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3323&t=3323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCMSN [7:3322]

[Shane Stockman]

I will be writing BCMSN this coming Friday and would like some pointers 
before I write on what I should more effort on.

Thanks in Advance
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3322&t=3322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CATM HELP REQUIRED [7:3321]

[Faisal Athar]

Hey Guys...

Any one knows any good source for CATM???

I have a very  little time to get prepare for it..cause its getting expired
on
14th of this month..

Any tips /tricks or shortcuts??

Any help would be highly appreciated.

Thanks.
Faisal.


Get free email and a permanent address at http://www.netaddress.com/?N=1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3321&t=3321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Certifications worth? [7:3311]

[Drew Simonis]

ccnawan wrote:
> 
> I have to ask this question in light of so many experienced certified
people
> looking for work. Why is there so many advertising on the jobs list, and
> here. I see it everywhere, if being certified is worthwhile? It is not
> because of the recent down turn. I saw this before. The advertised figure
is
> 150,000 supposedly open computer positions in the U.S.

These figures are misleading.  Open positions or not, companies
tend to make do with what they have, and esp. in a time of uncertain
economic conditions such as this.  Certifications help, but they
don't, IMO, do the job alone.  You need a broad base of experience
to give weight to the certifications, not the other way around.


> My last position my pay was 54,000 + expenses, mileage, pretty good for
> Kentucky. I recently got a call that wanted to pay me 40,000 for a more
> advanced position. Network engineer. Companies are trying to pay less, and
> less. Auto mechanics make more than 40,000 a year.

College graduates in the computer field average 40K as a starting
wage.  I have been looking for a new position over the last few 
weeks, and have gotten several offers, the smallest of which was a
15% raise, and the greatest close to 40%.  Its all in how you sell
yourself, and what skills you have.  As a reference, my current pay
is closer to 100 than it is to 50.  Keep looking, its out there.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3320&t=3311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port [7:3237]

[John Starta]

Understood. But why attempt to stop the telnet daemon if not to prevent 
telnet to/from the router? Setting the transport to "none" for input and 
output is a very effective way of accomplishing this task.

jas

At 12:28 PM 5/5/01 -0400, Brian Dennis wrote:
>His intent was to "stop the telnet daemon" as he put it. You can not
>actually stop the "telnet" process on a router. Access-class and transport
>input none just stop access to the lines that it is applied to. It doesn't
>actually stop telnet as a process on the router.
>
>Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
>5G Networks, Inc.
>[EMAIL PROTECTED]
>(925) 260-2724
>
> > -Original Message-
> > From: John Starta [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, May 05, 2001 8:58 AM
> > To: Brian Dennis
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > If the intent is to prevent connections TO the router via telnet adding
> > "transport input none" to the vty's will accomplish this. To
> > prevent telnet
> > connections FROM the router add "transport output none" to the vty's. Add
> > both and you have effectively disabled telnet on the router.
> >
> > weezer#192.168.0.30
> > % Unknown command or computer name, or unable to find computer
address
> > weezer#telnet 192.168.0.30
> > % telnet connections not permitted from this terminal
> >
> > jas
> >
> > At 01:15 AM 5/5/01 -0400, Brian Dennis wrote:
> > >John,
> > >He was asking to disable the telnet process. This just disables
> > port 23 for
> > >the vty lines like an access-class does. There is not way to disable the
> > >process itself.
> > >
> > >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > >5G Networks, Inc.
> > >[EMAIL PROTECTED]
> > >(925) 260-2724
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > > john mcguinn
> > > > Sent: Friday, May 04, 2001 7:22 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Disable telnet port [7:3237]
> > > >
> > > >
> > > > config t
> > > > line vty 0 4
> > > > transport input none
> > > >
> > > > You have successfully disabled telnet port.
> > > > Jack
> > > >
> > > > - Original Message -
> > > > From: "Brian Dennis"
> > > > To:
> > > > Sent: Friday, May 04, 2001 7:21 PM
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > > If you put an access-class in on the vty lines that
> > disables everything
> > > > like
> > > > > Chuck recommended no one will be able to telnet in. Also a port
> > > > scan will
> > > > > not show anything on port 23. So telnet would appear to be
disabled.
> > > > >
> > > > > There just isn't a way to actually turn off the telnet process
> > > > on a Cisco
> > > > > router. If you really want to stop the telnet process you could
> > > > power off
> > > > > the router but this would stop all the processes 8-)
> > > > >
> > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > > > 5G Networks, Inc.
> > > > > [EMAIL PROTECTED]
> > > > > (925) 260-2724
> > > > >
> > > > >
> > > > > > -Original Message-
> > > > > > From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > > Jacques Atlas
> > > > > Sent: Friday, May 04, 2001 4:09 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: RE: Disable telnet port [7:3237]
> > > > >
> > > > >
> > > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > > >
> > > > > |There is no option "no service telnet" on the IOS I have available
>to
> > > me.
> > > > >
> > > > > :-) that was just an example of something that would be nice.
> > > > >
> > > > > |Your choice would then become an access-list denying telnet to
> > > > > appropriate
> > > > > |router interfaces. You can also apply access lists to the vty
> > > > > ports to limit
> > > > > |who can telnet in. nope, can't delete the vty lines either.
> > > > >
> > > > > acl's for all interfaces is way to complex.
> > > > >
> > > > > telnet is not an option. if you can stop the telnet daemon on
> > > a unix box
> > > > > you should be able to do it on a cisco device, if it support
another
> > > form
> > > > > of transport.
> > > > >
> > > > > owell
> > > > >
> > > > > --
> > > > > jacques
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report

Re: Certifications worth? [7:3311]

[Tony Mesias]

I've noticed this down turn too.  I'm luck to make what I make now knowing
that net achitects seems to be commanding less and less.  Saturation?  Don't
know but it seems like it.
""ccnawan""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have to ask this question in light of so many experienced certified
people
> looking for work. Why is there so many advertising on the jobs list, and
> here. I see it everywhere, if being certified is worthwhile? It is not
> because of the recent down turn. I saw this before. The advertised figure
is
> 150,000 supposedly open computer positions in the U.S.
>
> My last position my pay was 54,000 + expenses, mileage, pretty good for
> Kentucky. I recently got a call that wanted to pay me 40,000 for a more
> advanced position. Network engineer. Companies are trying to pay less, and
> less. Auto mechanics make more than 40,000 a year.
>
> Dan Evensen ccnaws
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3318&t=3311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port (Cisco Trivia) [7:3289]

[Jason]

1. I assume across WAN means using routable protocol.
2. IPX is the alternative routable protocol.
3. SNMP supports IPX ... Not having tested that with Cisco, I cannot be
sure... is that one of the solutions ?

Jason

""Brian Dennis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> No it's not a bug or security hole.
>
> The object is to connect to a router remotely (i.e. over a WAN) that
doesn't
> have an IP address configured.
>
> Brian
>
> > -Original Message-
> > From: Brian [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, May 04, 2001 10:49 PM
> > To: Brian Dennis
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port (Cisco Trivia) [7:3287]
> >
> >
> > hmm, no ip, no console?
> >
> > Running other routing protocols?
> >
> > What are you trying to do?
> >
> > If its your router, you should know the ios version, some have known
> > weaknesses.
> >
> > Brian "Sonic" Whalen
> > Success = Preparation + Opportunity
> >
> >
> > On Sat, 5 May 2001, Brian Dennis wrote:
> >
> > > Anyone know how to get to a Cisco router remotely that doesn't
> > have an IP
> > > address configured on it? Going in through a console, aux or async
line
> > > doesn't count.
> > >
> > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > 5G Networks, Inc.
> > > [EMAIL PROTECTED]
> > > 925) 260-2724
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > > EA Louie
> > > > Sent: Friday, May 04, 2001 9:00 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Disable telnet port [7:3237]
> > > >
> > > >
> > > > If you have the right version of IOS, you can
> > > > transport input ssh
> > > >
> > > > and to answer Chuck's questions, there is a way to disable telnet
and
> > > > everything else,
> > > > transport input none
> > > >
> > > > - Original Message -
> > > > From: Jacques Atlas
> > > > To:
> > > > Sent: Friday, May 04, 2001 3:12 PM
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > > >
> > > > > |By "telnet port" do you mean TCP port 23. Or do you mean the
VTY's
> > > > > |themselves?
> > > > > |
> > > > > |If the latter, the most effective way is to require a
> > login but set no
> > > > > |password.
> > > > > |Eg
> > > > > |
> > > > > |Line vty 0 4
> > > > > |Login
> > > > >
> > > > > anyone know if you can _disable_ telnet to a cisco and only ssh ?
> > > > >
> > > > > something like "no service telnet" would be great
> > > > >
> > > > > --
> > > > > jacques
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3316&t=3289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port [7:3237]

[Brian Dennis]

His intent was to "stop the telnet daemon" as he put it. You can not
actually stop the "telnet" process on a router. Access-class and transport
input none just stop access to the lines that it is applied to. It doesn't
actually stop telnet as a process on the router.

Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
5G Networks, Inc.
[EMAIL PROTECTED]
(925) 260-2724

> -Original Message-
> From: John Starta [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 05, 2001 8:58 AM
> To: Brian Dennis
> Cc: [EMAIL PROTECTED]
> Subject: RE: Disable telnet port [7:3237]
>
>
> If the intent is to prevent connections TO the router via telnet adding
> "transport input none" to the vty's will accomplish this. To
> prevent telnet
> connections FROM the router add "transport output none" to the vty's. Add
> both and you have effectively disabled telnet on the router.
>
> weezer#192.168.0.30
> % Unknown command or computer name, or unable to find computer address
> weezer#telnet 192.168.0.30
> % telnet connections not permitted from this terminal
>
> jas
>
> At 01:15 AM 5/5/01 -0400, Brian Dennis wrote:
> >John,
> >He was asking to disable the telnet process. This just disables
> port 23 for
> >the vty lines like an access-class does. There is not way to disable the
> >process itself.
> >
> >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> >5G Networks, Inc.
> >[EMAIL PROTECTED]
> >(925) 260-2724
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > john mcguinn
> > > Sent: Friday, May 04, 2001 7:22 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Disable telnet port [7:3237]
> > >
> > >
> > > config t
> > > line vty 0 4
> > > transport input none
> > >
> > > You have successfully disabled telnet port.
> > > Jack
> > >
> > > - Original Message -
> > > From: "Brian Dennis"
> > > To:
> > > Sent: Friday, May 04, 2001 7:21 PM
> > > Subject: RE: Disable telnet port [7:3237]
> > >
> > >
> > > > If you put an access-class in on the vty lines that
> disables everything
> > > like
> > > > Chuck recommended no one will be able to telnet in. Also a port
> > > scan will
> > > > not show anything on port 23. So telnet would appear to be disabled.
> > > >
> > > > There just isn't a way to actually turn off the telnet process
> > > on a Cisco
> > > > router. If you really want to stop the telnet process you could
> > > power off
> > > > the router but this would stop all the processes 8-)
> > > >
> > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > > 5G Networks, Inc.
> > > > [EMAIL PROTECTED]
> > > > (925) 260-2724
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Jacques Atlas
> > > > Sent: Friday, May 04, 2001 4:09 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > >
> > > > |There is no option "no service telnet" on the IOS I have available
to
> > me.
> > > >
> > > > :-) that was just an example of something that would be nice.
> > > >
> > > > |Your choice would then become an access-list denying telnet to
> > > > appropriate
> > > > |router interfaces. You can also apply access lists to the vty
> > > > ports to limit
> > > > |who can telnet in. nope, can't delete the vty lines either.
> > > >
> > > > acl's for all interfaces is way to complex.
> > > >
> > > > telnet is not an option. if you can stop the telnet daemon on
> > a unix box
> > > > you should be able to do it on a cisco device, if it support another
> > form
> > > > of transport.
> > > >
> > > > owell
> > > >
> > > > --
> > > > jacques
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3315&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[Brian Dennis]

That's pretty good ElephantChild. An example using pad for X.25 and
connecting using X.28 with the configs are below . This could be a "very"
creative way to secure a router ;)

Brian

** Example **


R1#pad 
Trying ...Open

R2>exit

[Connection to  closed by foreign host]
R1#x28

*call 

COM

R2>exit

CLR CONF

*exit
R1#


* R1 *

R1#wr t
Building configuration...

Current configuration:
!
hostname R1
!
interface Serial1/2
 encapsulation x25
 x25 address 
 clockrate 64000
!
end

R1#

* R2 *

R2#wr t
Building configuration...

Current configuration:
!
hostname R2
!
interface Serial0/0
 encapsulation x25 dce
 x25 address 
!
end

R2#








> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> ElephantChild
> Sent: Saturday, May 05, 2001 1:49 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Disable telnet port (Cisco Trivia) [7:3287]
>
>
> On Sat, 5 May 2001, Brian Dennis wrote:
>
> > Anyone know how to get to a Cisco router remotely that doesn't
> have an IP
> > address configured on it? Going in through a console, aux or async line
> > doesn't count.
>
> Only things that comes to mind are X28 and Decnet.
>
> --
> "Someone approached me and asked me to teach a javascript course. I was
> about to decline, saying that my complete ignorance of the subject made
> me unsuitable, then I thought again, that maybe it doesn't, as driving
> people away from it is a desirable outcome." --Me
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3313&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port [7:3237]

[John Starta]

If the intent is to prevent connections TO the router via telnet adding 
"transport input none" to the vty's will accomplish this. To prevent telnet 
connections FROM the router add "transport output none" to the vty's. Add 
both and you have effectively disabled telnet on the router.

weezer#192.168.0.30
% Unknown command or computer name, or unable to find computer address
weezer#telnet 192.168.0.30
% telnet connections not permitted from this terminal

jas

At 01:15 AM 5/5/01 -0400, Brian Dennis wrote:
>John,
>He was asking to disable the telnet process. This just disables port 23 for
>the vty lines like an access-class does. There is not way to disable the
>process itself.
>
>Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
>5G Networks, Inc.
>[EMAIL PROTECTED]
>(925) 260-2724
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > john mcguinn
> > Sent: Friday, May 04, 2001 7:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Disable telnet port [7:3237]
> >
> >
> > config t
> > line vty 0 4
> > transport input none
> >
> > You have successfully disabled telnet port.
> > Jack
> >
> > - Original Message -
> > From: "Brian Dennis"
> > To:
> > Sent: Friday, May 04, 2001 7:21 PM
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > > If you put an access-class in on the vty lines that disables everything
> > like
> > > Chuck recommended no one will be able to telnet in. Also a port
> > scan will
> > > not show anything on port 23. So telnet would appear to be disabled.
> > >
> > > There just isn't a way to actually turn off the telnet process
> > on a Cisco
> > > router. If you really want to stop the telnet process you could
> > power off
> > > the router but this would stop all the processes 8-)
> > >
> > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > 5G Networks, Inc.
> > > [EMAIL PROTECTED]
> > > (925) 260-2724
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > > Jacques Atlas
> > > > Sent: Friday, May 04, 2001 4:09 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > >
> > > > |There is no option "no service telnet" on the IOS I have available
to
> > me.
> > > >
> > > > :-) that was just an example of something that would be nice.
> > > >
> > > > |Your choice would then become an access-list denying telnet to
> > > > appropriate
> > > > |router interfaces. You can also apply access lists to the vty
> > > > ports to limit
> > > > |who can telnet in. nope, can't delete the vty lines either.
> > > >
> > > > acl's for all interfaces is way to complex.
> > > >
> > > > telnet is not an option. if you can stop the telnet daemon on
> > a unix box
> > > > you should be able to do it on a cisco device, if it support another
> > form
> > > > of transport.
> > > >
> > > > owell
> > > >
> > > > --
> > > > jacques
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3314&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[John Starta]

You can use the Maintenance Operations Protocol (MOP) of DECnet to connect 
to the router. All this requires is the physical address of the router. 
(You can use node names if you have configured a hardware address for the 
node in your NCP database.)

jas

At 01:51 AM 5/5/01 -0400, Brian Dennis wrote:
>Anyone know how to get to a Cisco router remotely that doesn't have an IP
>address configured on it? Going in through a console, aux or async line
>doesn't count.
>
>Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
>5G Networks, Inc.
>[EMAIL PROTECTED]
>925) 260-2724
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > EA Louie
> > Sent: Friday, May 04, 2001 9:00 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Disable telnet port [7:3237]
> >
> >
> > If you have the right version of IOS, you can
> > transport input ssh
> >
> > and to answer Chuck's questions, there is a way to disable telnet and
> > everything else,
> > transport input none
> >
> > - Original Message -
> > From: Jacques Atlas
> > To:
> > Sent: Friday, May 04, 2001 3:12 PM
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > >
> > > |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
> > > |themselves?
> > > |
> > > |If the latter, the most effective way is to require a login but set no
> > > |password.
> > > |Eg
> > > |
> > > |Line vty 0 4
> > > |Login
> > >
> > > anyone know if you can _disable_ telnet to a cisco and only ssh ?
> > >
> > > something like "no service telnet" would be great
> > >
> > > --
> > > jacques
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3312&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Certifications worth? [7:3311]

[ccnawan]

I have to ask this question in light of so many experienced certified people
looking for work. Why is there so many advertising on the jobs list, and
here. I see it everywhere, if being certified is worthwhile? It is not
because of the recent down turn. I saw this before. The advertised figure is
150,000 supposedly open computer positions in the U.S.

My last position my pay was 54,000 + expenses, mileage, pretty good for
Kentucky. I recently got a call that wanted to pay me 40,000 for a more
advanced position. Network engineer. Companies are trying to pay less, and
less. Auto mechanics make more than 40,000 a year.

Dan Evensen ccnaws




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3311&t=3311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Free use of Cisco lab this weekend [7:3307]

[P. Gregory]

Break the password and have free use this weekend of 208.40.24.126
Loopback0 1.1.1.1 
16 routers and switches hanging off it.
1602,804,827,3640,2511,2513,2524,2524,1800,5000,2900,1990
enjoy!


Paul

voxcomm.com/voxcomm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3307&t=3307
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: free online catalyst lab [7:3270]

[bill]

Neal,

Excellent news, thanks very much.

I'm on the kit at the moment (sat 5/5 11:35 GMT)

One problem, I can't configure the 4500 for ISL trunking as the 4500 is
connected to port 2/12 on the Cat which does not support trunking, is it
possible to connect the 4500 to port 1/1 or 1/2 on the Cat as these support
trunking.

BTW,  as a suggestion I would put an addition to the term_serv config

under the various lines put the command
refuse-message ^z
The console session is currently in use.^z

Once done I will post my configs - i want to perfrom ISL trunking,
Spanning-tree parameter modification, static cam entry, snmp config, vtp
config, ip multicast config on routers and cat, system parameter config.

Cheers
Craig



"Neal Rauhauser"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> There was nothing good on TV tonight so I assembled a fairly
> complete Catalyst lab for people to check out - its available at these
> addresses
>
>
> 24.3.233.101 2008Catalyst 2926T
>
> 24.3.233.101 2007Cisco 4500 /w Fast Ethernet
>
> 24.3.233.101 2006Cisco 2610
>
> 24.3.233.101 2005Cisco 3810
>
>
>
> I'm not going to give my usual full cabling description since
> anyone far enough along to play with this should understand how Cisco
> Discovery Protocol
> works - it is up to you to figure out what connects where. I also set
> the exec-timeout on the 2511 to five minutes - no more people idling for
> sixteen hours
> before I notice and clear the session.
>
>
> As always, play nice, no setting passwords, access lists, etc,
> so others can't get in, and if you dork it up email me at
> mailto:[EMAIL PROTECTED] so I can
> make sure its available.
>
>
>
> We also owe a big thank you to the guys at
> http://www.optimumdata.com who have kindly loaned us this 4500 with fast
> ethernet so this is a full lab instead
> of the catalyst only thing I put up yesterday. I had to move about a
> dozen new boxed cisco 2610s to get to the shelf where I found this 4500
> today and I counted
> about 75 25xx routers in the same area - I saw a lot of 2514s, 2521s,
> and I think a few 2523s - they have plenty of good stuff if you're
> trying to build your lab
> out.. I believe Michael Beacom ( mailto:[EMAIL PROTECTED] ) has
> been handling education sales since I left Optimum Data - you can reach
> him via
> their main number 800-879-8795.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3302&t=3270
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stop Sending me mails this is my fourth mail. [7:3280]

[Circusnuts]

> I just wanted to say, and I mean this from the bottom of my heart, there
are
> decaffeinated coffees that taste every bit as good as the real thing...
> Just my $.02 :-)

Note to Self :o)

Phil
- Original Message -
From: Dennis Laganiere 
To: 
Sent: Saturday, May 05, 2001 1:38 AM
Subject: RE: Stop Sending me mails this is my fourth mail. [7:3280]


> I just wanted to say, and I mean this from the bottom of my heart, there
are
> decaffeinated coffees that taste every bit as good as the real thing...
> Just my $.02 :-)
>
> --- Dennis
>
> -Original Message-
> From: M. HASAN USMANI. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 04, 2001 10:14 PM
> To: [EMAIL PROTECTED]
> Subject: Stop Sending me mails this is my fourth mail. [7:3280]
>
>
> unsubscribe cisco
>
>
> STOP SENDING ME EMAILS!!!
>
> UNSUBSCRIBE CISCO
> UNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCO
>
>
>
>
>
> ___
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3310&t=3280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: X21 connectivity with MUX, serial up but , line down [7:3309]

[Gareth Hinton]

Haven't seen any replies yet, but my Newsreader seems to be throwing threads
all over the place at the moment, so I'll pitch in again if only to stir up
a little response.

Good to hear the last bit worked, but to be honest you're just fooling the
router into thinking it's connected to a MUX.
With X21, once you've looped Control and Indicate, there is only the passing
of clocks and data (Only?).
What MUX are you using? Just on the off chance that anybody has used it.

I would have a look at the clocking configuration on the Mux's.
Failing that it's getting a bit tricky, unless you have a Protocol Analyser/
BERT tester. At least then you can do loop tests. Make a loop back plug for
one end. From memory you will need 2-4 and 9-11 to loop the data.

Depends how important this link is I suppose. Do you have the option to hire
a BERT tester perhaps. I have no idea how much they cost. They may be
reasonable at the lower end of the range.

Regards,

Gaz

""Shoaib Waqar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> One of my friends adviced me regarding my issue of X21
> DTE cable connectivity with MUX, to short pins 3 and
> 5, and pins 10 and 12 in order to force the CTS up, it
> worked and serial controller is up on both sides, but
> the issue is that line protocol is not coming up. The
> configuration at each router is very simple on their
> serial interfaces with IP address and encapsulation
> ppp. I have also confirmed that the two muxes are
> communicationg well with each other over 64K microwave
> link. Can anyone plz help out??
>
> Shoaib
>
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3309&t=3309
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route metrics on broadcast networks [7:3308]

[Andy Harding]

bit of a teaser I have been thinking about for a while, and haven't really
been able to get clear in my mind:

how do routing protocols calculate metrics on broadcast networks where the
metric may be different between different neighbors?

As an example, say you have a core router with a GE downlink into an ethernet
switch, and you have you distribution switches attached with FE.  Do the
distribution-level routers know to prefer the core router's uplink (all other
things being equal)? and if so, how?

many thanks

Andy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3308&t=3308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson for the lab - review [7:3275]

[David L. Blair]

It is intentional hard to cut and paste so that people will be less likely
to copy the test questions.

-dlb

""Nick Lesewski""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> By the way, I forgot to mention the one bad thing I found.  There's a lot
of
> good information in the explanations I would like to cut&paste into my
study
> notes.  I couldn't see a way to do it, so if somebody figures that out,
let
> me know.
>
>
> >From: "Nick Lesewski"
> >Reply-To: "Nick Lesewski"
> >To: [EMAIL PROTECTED]
> >Subject: Boson for the lab - review [7:3275]
> >Date: Sat, 5 May 2001 00:20:34 -0400
> >
> >I asked a few days ago about the new test for the R/S lab on the boson
> >site.
> >   The only answer I got was one about the sample questions.  Since
nobody
> >said anything, I figured I'd put my money up ($30). To give you an idea
of
> >where I'm coming from, I'm a ccnp, so I have that level of experience
with
> >ISDN.
> >
> >I thought I know ISDN, but I learned a lot about dialback, how to prevent
> >different routing protocols from keeping a ddr up, and troubleshooting
ISDN
> >problems.  There were a lot of "find the problem" configurations, and a
> >whole bunch of troubleshooting.  I got at least as much from this as I
did
> >from any of the $70 books I've been buying at a rate of two a week, and I
> >feel like I got more from this since it's interactive (my mind works that
> >way).  I figure this gives me a good running start at configuring my
2503's
> >when they get here.  Anyway, I hope they come out with a few more, and
> >cover
> >stuff like ATM and VoIP.
> >
> >
> >
> >
> >_
> >Get your FREE download of MSN Explorer at http://explorer.msn.com
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3306&t=3275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: HSRP preempt statement !! [7:3291]

[Larry Lamb]

In article , "Larry Lamb"
 wrote:

That should be without preempt

> With
> preempt the secondary would have to go down for the original primary to
> take over.  I hope this makes sense.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3305&t=3291
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: HSRP preempt statement !! [7:3291]

[Larry Lamb]

In article , "Jeongwoo Park"
 wrote:

preempt should be used on the router you wish to be the primary.  It
allows the main router to take over the primary role even if it goes
down, the secondary takes over, and the primary comes back up.  With
preempt the secondary would have to go down for the original primary to
take over.  I hope this makes sense.

Larry Lamb, CCNP, MCSE, MCP+I

> Should preempt statement be on both routers that are configured for HSRP
> or only on active router?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3304&t=3291
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port (Cisco Trivia) [7:3289]

[Vincent Chong]

Are you going connect  local and remote router via bridging?

rgds;
Vincent Chong

""Brian Dennis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> No it's not a bug or security hole.
>
> The object is to connect to a router remotely (i.e. over a WAN) that
doesn't
> have an IP address configured.
>
> Brian
>
> > -Original Message-
> > From: Brian [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, May 04, 2001 10:49 PM
> > To: Brian Dennis
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port (Cisco Trivia) [7:3287]
> >
> >
> > hmm, no ip, no console?
> >
> > Running other routing protocols?
> >
> > What are you trying to do?
> >
> > If its your router, you should know the ios version, some have known
> > weaknesses.
> >
> > Brian "Sonic" Whalen
> > Success = Preparation + Opportunity
> >
> >
> > On Sat, 5 May 2001, Brian Dennis wrote:
> >
> > > Anyone know how to get to a Cisco router remotely that doesn't
> > have an IP
> > > address configured on it? Going in through a console, aux or async
line
> > > doesn't count.
> > >
> > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > 5G Networks, Inc.
> > > [EMAIL PROTECTED]
> > > 925) 260-2724
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > > EA Louie
> > > > Sent: Friday, May 04, 2001 9:00 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Disable telnet port [7:3237]
> > > >
> > > >
> > > > If you have the right version of IOS, you can
> > > > transport input ssh
> > > >
> > > > and to answer Chuck's questions, there is a way to disable telnet
and
> > > > everything else,
> > > > transport input none
> > > >
> > > > - Original Message -
> > > > From: Jacques Atlas
> > > > To:
> > > > Sent: Friday, May 04, 2001 3:12 PM
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > > >
> > > > > |By "telnet port" do you mean TCP port 23. Or do you mean the
VTY's
> > > > > |themselves?
> > > > > |
> > > > > |If the latter, the most effective way is to require a
> > login but set no
> > > > > |password.
> > > > > |Eg
> > > > > |
> > > > > |Line vty 0 4
> > > > > |Login
> > > > >
> > > > > anyone know if you can _disable_ telnet to a cisco and only ssh ?
> > > > >
> > > > > something like "no service telnet" would be great
> > > > >
> > > > > --
> > > > > jacques
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3303&t=3289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1603 router [7:3165]

[Vincent Chong]

WIC-2T  will works on 1700, 2600, 3600 series but it will never work on 1600
series accroding the following document.

http://www.cisco.com/univercd/cc/td/doc/pcat/sewn__y2.htm

Be caution, for 1700 adn 3600 is depend on the IOS version, the above
document explains the detail.

HTH
Vincent Chong

""andyh""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> my mistake then - certainly didn't use to a while back.  good that they do
> now as I really like them to bump up port density, even if you need
> different cables
>
> Andy
>
> - Original Message -
> From: "LeBrun, Tim"
> To:
> Sent: Friday, May 04, 2001 8:41 PM
> Subject: RE: 1603 router [7:3165]
>
>
> > Oh contraire - I have several WIC-2Ts working in 3640s.
> >
> > Tim LeBrun
> > CCNA, CCDA
> > Phone: 864-587-3831
> > Fax:  413-825-0402
> > Cell: 864-621-8044
> > [EMAIL PROTECTED]
> >
> >
> > -Original Message-
> > From: andyh [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, May 04, 2001 3:15 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: 1603 router [7:3165]
> >
> >
> > WIC-2Ts are for 2600s only - don't work in 1700s or 3600s either
> >
> > Andy
> >
> > - Original Message -
> > From: "Sujal G. Ajmera"
> > To:
> > Sent: Friday, May 04, 2001 1:01 PM
> > Subject: 1603 router [7:3165]
> >
> >
> > > Hi,
> > >
> > > In the Cisco documentation manual, it doesn't mention that WIC-2T can
be
> > > used but it does say that WIC-1T can be used.
> > >
> > > Any thoughts on this?
> > >
> > > TIA
> > >
> > > Sujal
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3301&t=3165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stop Sending me mails this is my fourth mail. [7:3280]

[Larry Osei-Kwaku]

You Fool !

Go to WWW.groupstudy.com and unsubscribe yourself.


--- "M. HASAN USMANI."  wrote: >
unsubscribe cisco
> 
> 
> STOP SENDING ME EMAILS!!!
> 
> UNSUBSCRIBE CISCO
> UNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE CISCOUNSUBSCRIBE
> CISCOUNSUBSCRIBE CISCO
> 
> 
> 
> 
> 
>
___
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> 
> 
> 


=
"Wear a smile and have friends; wear a scowl and  have wrinkles."
  - George Eliot

"the greatest glory is not in never falling, but rising up each time we
fall."

"The greatest man is not he who does not fall but he who falls and rises
again to win"


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3300&t=3280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[Jacques Atlas]

On Sat, 5 May 2001, ElephantChild wrote:

|Read the question again. What helper address are you going to configure,
|if your target router doesn't have any IP address assigned to any of its
|interfaces?

router b (no config)
  |
  | sync interface
  |
router a (config with access to the world)

you give the interface on router a an ip address say 10.0.1.1/30 and
when router b boots (i have not checked to see if the router will retry if
it is still in the autoconfigure stage but i think it will) slarp will do
the rest.

-- 
jacques




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3299&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[ElephantChild]

On Sat, 5 May 2001, Jacques Atlas wrote:

> On Sat, 5 May 2001, Brian Dennis wrote:
> 
> |Anyone know how to get to a Cisco router remotely that doesn't have an IP
> |address configured on it? Going in through a console, aux or async line
> |doesn't count.
> 
> cool so we can do this through a sync interface :-)
> 
> use ip helper-address, just tested it

Read the question again. What helper address are you going to configure,
if your target router doesn't have any IP address assigned to any of its
interfaces?

-- 
"Someone approached me and asked me to teach a javascript course. I was
about to decline, saying that my complete ignorance of the subject made
me unsuitable, then I thought again, that maybe it doesn't, as driving
people away from it is a desirable outcome." --Me




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3298&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[Jacques Atlas]

On Sat, 5 May 2001, Brian Dennis wrote:

|Anyone know how to get to a Cisco router remotely that doesn't have an IP
|address configured on it? Going in through a console, aux or async line
|doesn't count.

cool so we can do this through a sync interface :-)

use ip helper-address, just tested it

-- 
jacques




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3296&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[ElephantChild]

On Sat, 5 May 2001, Brian Dennis wrote:

> Anyone know how to get to a Cisco router remotely that doesn't have an IP
> address configured on it? Going in through a console, aux or async line
> doesn't count.

Only things that comes to mind are X28 and Decnet.

-- 
"Someone approached me and asked me to teach a javascript course. I was
about to decline, saying that my complete ignorance of the subject made
me unsuitable, then I thought again, that maybe it doesn't, as driving
people away from it is a desirable outcome." --Me




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3297&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Is WRED supported on Frame Relay PVCs? [7:3295]

[Vladimir Litovka]

Hello,

 I'm using FRTS on interface and few PVCs are constantly congested, so I
 need to use RED in order to reduce drops on interface. Is it possible to
 use WRED on particular FR PVCs?
 
 Router is 7206VXR with NSE-1 and IOS 12.2(1)

 Thank you.

-- 
Vladimir Litovka   | "I've seen the future and it's
 . Phone/Fax: +380 44 4900111   |  Cisco switches!"
 . ICQ/none, talk/none ;)   |Cat Alyst




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3295&t=3295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Disable telnet port (Cisco Trivia) [7:3287]

[Hire, Ejay]

What was that Avian-carrier Rfc?


-Original Message-
From: Brian Dennis [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 05, 2001 1:52 AM
To: [EMAIL PROTECTED]
Subject: RE: Disable telnet port (Cisco Trivia) [7:3287]


Anyone know how to get to a Cisco router remotely that doesn't have an IP
address configured on it? Going in through a console, aux or async line
doesn't count.

Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
5G Networks, Inc.
[EMAIL PROTECTED]
925) 260-2724

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> EA Louie
> Sent: Friday, May 04, 2001 9:00 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Disable telnet port [7:3237]
>
>
> If you have the right version of IOS, you can
> transport input ssh
>
> and to answer Chuck's questions, there is a way to disable telnet and
> everything else,
> transport input none
>
> - Original Message -
> From: Jacques Atlas
> To:
> Sent: Friday, May 04, 2001 3:12 PM
> Subject: RE: Disable telnet port [7:3237]
>
>
> > On Fri, 4 May 2001, Chuck Larrieu wrote:
> >
> > |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
> > |themselves?
> > |
> > |If the latter, the most effective way is to require a login but set no
> > |password.
> > |Eg
> > |
> > |Line vty 0 4
> > |Login
> >
> > anyone know if you can _disable_ telnet to a cisco and only ssh ?
> >
> > something like "no service telnet" would be great
> >
> > --
> > jacques
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3294&t=3287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disable telnet port [7:3237]

[Jacques Atlas]

hi

On Sat, 5 May 2001, EA Louie wrote:

|If you have the right version of IOS, you can
|transport input ssh

that works :-)

thanks

-- 
jacques




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3293&t=3237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]