RE: Pix firewall and mail server - bad combo? [7:4748]

[PSIHOYIOS PANAYIOTIS]

Hi, 

I have run several times into such problems (up to version 5.2). The only
solution I've found so far is to disable the smtp guard (no fixup protocol
smtp 25).



=
Panayiotis PsihoyiosSyNET S.A.
CCNP (Security, ATM), CCDP, MCP 118 B, Agias Eleoussis Street
Network EngineerGR 151 25 Maroussi
email: [EMAIL PROTECTED]   Athens - Greece
Tel:++ 301 61 29 500Fax: ++ 301 61 25 313
=

> -Original Message-
> From: Chewy Gravy [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 12:32 AM
> To: [EMAIL PROTECTED]
> Subject: Pix firewall and mail server - bad combo? [7:4748]
> 
> 
> Hi all -
> 
> I'm encountering some problems with mail delivery, and it 
> seems that the
> Pix firewall may be the culprit. Here are the symptoms (IP and domain
> names have ben changed to protect the inept):
> 
> - telnet to port 25 from a machine not passing through the pix and you
> get a standard response:
> 220 mail.mydomain.com ESMTP server (Post.Office v3.5.3 
> release 223) ready
> Wed, 16 May 2001 14:23:12 -0700
> ehlo mydomain.com (my input)
> 250-mail.mydomain.com
> 250-HELP
> 250-EXPN
> 250-XREMOTEQUEUE
> 250-ETRN
> 250-PIPELINING
> 250 SIZE
> 
> - telnet to port 25 from a machine that passes through the 
> Pix, and you
> get this mess:
> telnet mail.mydomain.com 25
> Trying 172.16.16.16...
> Connected to mail.mydomain.com.
> Escape character is '^]'.
> 220
> 22
> **0***20***00**00*0***200*2**0*00
> ehlo mydomain.com (my input)
> 500 Command unknown: ''
> 
> In the Pix config I have the following relevant entries (IP addresses
> have been changed):
> fixup protocol smtp 25
> static (inside,outside) 172.16.16.16 172.16.16.16 netmask 
> 255.255.255.255
> 0 0
> conduit permit tcp host 172.16.16.16 eq smtp any
> conduit permit tcp host 172.16.16.16 eq pop3 any
> 
> We're also getting log entries on the mail server that 
> indicate timeouts
> - the biggest problem is that some of my users are getting repeats of
> messages - sometimes hundreds of them over the course of a 
> week or more.
> 
> Ideas?
> 
> Doug
> [EMAIL PROTECTED]
> =
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4814&t=4748
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1600's - Using to make a Frame Switch [7:4643]

[Niraj Palikhey]

Well, after spending some time once again on CCO, this time using TAC's 
help, I finally figured out how to configure a 1602 router as a frame-relay 
switch and connect another router to it. It's actally very simple with one 
side R-1 providing the clock(56000) and the other side R-2 configured with 
the frame-relay switching command. Both routers are configured with s0.1 
point-to-point subif and an ip address, a common dlci specified for both and 
only on R-2 the frame-relay intf-type dce command configured. It works!!
Now the next step is to install another 56kbps wic on one and configure it 
to route frame packets b/w 2 dlci's. It should be the same as for the 2501, 
I figure.
Also figured out that the frame-relay intf-type and the frame-relay route 
commands can actually be configured on the routers.
Thanks, Phil once again for your help.
Kind regards,
Niraj

I guess this helps the other gentleman who needed to know this.



>From: "Circusnuts" 
>Reply-To: "Circusnuts" 
>To: [EMAIL PROTECTED]
>Subject: Re: 1600's - Using to make a Frame Switch [7:4643]
>Date: Wed, 16 May 2001 19:38:44 -0400
>
>Might not be possible...  I checked the CCO & I don't see an Enterprise
>model IOS (but I did notice 12.2 is out :o)  Do you have a CCO login ???
>You could try Open Forum.  I would guess not too many people have 1600
>routers in their homelab.
>
>Sorry
>Phil
>
>- Original Message -
>From: Niraj Palikhey
>To:
>Sent: Wednesday, May 16, 2001 12:11 PM
>Subject: Re: 1600's - Using to make a Frame Switch [7:4643]
>
>
> > Hi Phil,
> > It's you to the rescue again. :-)
> > But unfortunately, it will not let me type the frame-relay intf-type dce
>and
> > the frame-relay route 100. commands. Is there something that I have 
>to
> > do on the 1602 for this?(Since it has a 56kbps wic with a built-in
>csu/dsu).
> > I scoured the CCO with no luck.
> > I am wondering there should be a way because it DOES let me type the
> > frame-relay switching global config command?
> > Thanks,
> > Niraj
> > ** Anyone out there that can help :-( **
> >
> >
> > >From: "Circusnuts"
> > >Reply-To: "Circusnuts"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: 1600's - Using  to make a Frame Switch [7:4643]
> > >Date: Wed, 16 May 2001 00:21:52 -0400
> > >
> > >It shouldn't be any different than a 4 port router.  I'm not sure what 
>is
> > >supported in the 1600 IOS, but here is a basic template of the Telco
>Cloud
> > >config.
> > >
> > >interface Serial0
> > >  no ip address
> > >  encapsulation frame-relay
> > >  frame-relay lmi-type ansi
> > >  frame-relay intf-type dce
> > >  frame-relay route 102 interface Serial1 201
> > >  frame-relay route 103 interface Serial2 301
> > >  frame-relay route 105 interface Serial3 501
> > >!
> > >interface Serial1
> > >  no ip address
> > >  encapsulation frame-relay
> > >  frame-relay lmi-type ansi
> > >  frame-relay intf-type dce
> > >  frame-relay route 201 interface Serial0 102
> > >
> > >Phil
> > >
> > >- Original Message -
> > >From: Gary Hughes
> > >To:
> > >Sent: Tuesday, May 15, 2001 11:52 PM
> > >Subject: 1600's - Using to make a Frame Switch [7:4643]
> > >
> > >
> > > > Anybody know the config's to make a 4 port Frame-Switch from 2 
>1600's
> > >(both
> > > > with 2 serial ports)
> > > > FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to 
>[EMAIL PROTECTED]
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4815&t=4643
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Has anybody seen IS-IS used anywhere but ISP's? [7:4784]

[Robert Nelson-Cox]

>
>Other than in ISP's, has anybody seen IS-IS in use in a real production
>network?

ISIS is used in most telcos, where a DCN is used for getting billing 
information back from the switches.  The switches being standardised all 
talk X.25 over async, and ADMs all talk ISO, so ISIS is always the best 
option.  Management traffic for the ADMs, and the Billing information 
normally travel over the same network, which should be provided out of band 
(AT&T, are you listening?)

So, a telco running SDH (I know alcatel now support IP, not sure about the 
rest), should run ISIS.

I Love ISIS, it's so easy to work with.

Rob./

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4816&t=4784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback interface for OSPF [7:4802]

[Vincent Chong]

By the way, cisco has new command can control the router id under ospf
router configuration.

router-id x.w.y.z (in ip address format)

Vincent Chong

""Brad McConnell""   There's not much point in putting the loopbacks in
their own area unless
> you're in a lab scenario and trying to make a bigger, more complicated
> network.  ..At least not that I can think of.  However, there is
definitely
> a usefulness for loopback interfaces in OSPF -- use them to set your RIDs
> (used to indentify the router in OSPF LSA's) to controllable, meaningfull
> addresses.  This doesn't even require that the loopbacks be part of the
OSPF
> domain, just that they be configured and up.  Highest loopback IP on the
> router will be the OSPF RID of any LSA's generated by that router (as
shown
> in commands such as show ip ospf neighbor, etc)...
>
> -Brad McConnell
>
> ""Vincent Chong""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi;
> >
> >  For OSPF implementation, an area can be configured in the Loopback
> > interface.
> > But what purpose, when should I do it?
> >
> > TIA
> > Vincent Chong
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4817&t=4802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bridge group [7:4818]

[jegcitroen]

Hi,

Could anyone explain the concept "bridge group" for me?

I think that all the interfaces belonging to a bridge group
should be in one broadcast domain instead of a collision
domain. Am I right?


thanx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4818&t=4818
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Has anybody seen IS-IS used anywhere but ISP's? [7:4784]

[McCallum, Robert]

Very similar to Robert Nelsons comments.  I have just designed and
implemented an International "out of band" management network using IS-IS.
This as Robert has already said is to use firstly and primarily manage the
SDH equipment we have.

I find it quite straight forward although I seem to be having problems when
trying to summarize IP addresses which in turn then stop full CLNS
connectivity.

Maybe a posting later if I can't figure out what is going on!

Cheers

-Original Message-
From: nrf [mailto:[EMAIL PROTECTED]]
Sent: 17 May 2001 04:43
To: [EMAIL PROTECTED]
Subject: Re: Has anybody seen IS-IS used anywhere but ISP's? [7:4784]


Damn, I forgot about that whole Decnet thing.  That's right, that's right,
Decnet implements Is-Is for PhaseV migration.  I have even worked on a
network like that, how foolish of me to forget.

So I guess I should have narrowed my question.  What I should have said is,
has anybody seen Integrated IS-IS (for IP routing only) being used in a real
working network other than an ISP?





""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >Other than in ISP's, has anybody seen IS-IS in use in a real production
> >network?
> >
> A subset is used for SONET managment in telcos. I have also seen it
> used in some conversions from DECnet Phase IV to Phase V (which is
> OSI) in order to get dual OSI and IP routing.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4819&t=4784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 4006 Port channel interface [7:4820]

[Andrew Larkins]

Is it possible to assign multiple IP address ranges to a single port channel
interface on the layer 3 blade? I want to achieve the same effect as adding
a secondary IP address on a router Ethernet port.
I have 2 subnets on the clients network that need to remain in the same VLAN
- i.e. VLAN 1. If the above is not possible, the I need to create 2 VLANs
and 2 port channel interfaces, which the client does not want.

Thanks in advance


Andrew Larkins
BCom, CCNA, CCDA
Bytes Technology Group Limited
Tel :  +27 11 800 9467
Fax : +27 11 800 9496
Mobile : +27 83 656 7214
Email :  [EMAIL PROTECTED]
OR  [EMAIL PROTECTED]
   

"This message may contain information which is confidential and subject to
legal privilege.  If you are not the intended recipient, you may not peruse,
use, disseminate, distribute or copy this message.  If you have received
this message in error, please notify the sender immediately by email,
facsimile or telephone and return and/or destroy the original message."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4820&t=4820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

any body has transcender for ccnp.??. [7:4821]

[Ahmed Malkawi]

any body has transcender for ccnp.??.we can trade in or we can buy it and
share the cost .


Regards


--
Ahmed Malkawi MCSE/CCNA
Business Solutions Dep.
Tel.+974 447 0 369
Mobile+974 557 1 275
---
Afkar Information Tech.
Tel.   +974 447 0 447
P.O.BOX   20732
Doha - Qatar
www.afkaronline.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4821&t=4821
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 4006 Port channel interface [7:4820]

[Andrew Larkins]

I have 2 subnets that are scattered around the building. Users roam the
premises and connected where ever. Can I have port-channel 1.1 and 1.2 being
both in VLAN 1 or must I separate them into VLAN 1 and VLAN 2??. I would
prefer that they are in the same VLAN  in order to make things simpler -
there are no requirements to have separate, secure VLANs - security here is
not an issue.

Separate VLANs cause some major headaches due to the way the client has
rolled out the subnets and cabled the points.

Basically I need the layer 3 module on the switch to do the routing between
subnets, because the current BAY AN router is taking too much strain. 

All the existing switches are BAYs, with the central switch being the Cisco
4006

Thanks

Andrew

-Original Message-
From: imtiaz khan [mailto:[EMAIL PROTECTED]]
Sent: 17 May 2001 11:02
To: Andrew Larkins
Subject: Re: Cisco 4006 Port channel interface [7:4820]


hi,

this can be done by creating subinterfaces on a single
port-channel like port-channel1.1, 1.2 , etc and
assigning each vlan to the individual sub-interface,
which is helpful for u to route between vlans 

for further info get into this url

http://www.cisco.com/warp/public/473/28.html

okay bye 

imtiaz khan
--- Andrew Larkins 
wrote:
> Is it possible to assign multiple IP address ranges
> to a single port channel
> interface on the layer 3 blade? I want to achieve
> the same effect as adding
> a secondary IP address on a router Ethernet port.
> I have 2 subnets on the clients network that need to
> remain in the same VLAN
> - i.e. VLAN 1. If the above is not possible, the I
> need to create 2 VLANs
> and 2 port channel interfaces, which the client does
> not want.
> 
> Thanks in advance
> 
> 
> Andrew Larkins
> BCom, CCNA, CCDA
> Bytes Technology Group Limited
> Tel :  +27 11 800 9467
> Fax : +27 11 800 9496
> Mobile : +27 83 656 7214
> Email :  [EMAIL PROTECTED]
> OR  [EMAIL PROTECTED]
>
> 
> "This message may contain information which is
> confidential and subject to
> legal privilege.  If you are not the intended
> recipient, you may not peruse,
> use, disseminate, distribute or copy this message. 
> If you have received
> this message in error, please notify the sender
> immediately by email,
> facsimile or telephone and return and/or destroy the
> original message."
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4822&t=4820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed CID today [7:4714]

[Stephen Skinner]

hi,

congrats on the pass,

can i leach some info of you 

which boson test did you use 

cheers

steve


>From: "Barronton, Ken" 
>Reply-To: "Barronton, Ken" 
>To: [EMAIL PROTECTED]
>Subject: Passed CID today [7:4714]
>Date: Wed, 16 May 2001 14:13:21 -0400
>
>Hi group,
>I passed CID today to complete the CCDP. The test was not too difficult. I
>used the Cisco Press book, Boson, and Cisco's web site to supplement info
>about Stratacom.
>
>The Cramsession from Brainbuzz is a very good "hit the highlights" guide,
>however I found some differences about the format of the test.
>
>The Cramsession said:
>100 questions
>65 to pass
>120 minutes
>CAN review questions.
>
>My test:
>100 questions
>755 to pass
>120 minutes
>CAN NOT review questions.
>
>Hope this helps...
>
>Ken
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4823&t=4714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

remove [7:4824]

[[EMAIL PROTECTED]]

Please remove [EMAIL PROTECTED] and [EMAIL PROTECTED]

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4824&t=4824
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback interface for OSPF [7:4802]

[Circusnuts]

>

Couple off the top of my head:

OSPF Area router ID

If you're running OSPF as your IGP in a hub/spoke type topology, you'd want
BGP sourced on an interface that doesn't have a potential to go down.

Phil


- Original Message -
From: Vincent Chong 
To: 
Sent: Thursday, May 17, 2001 1:16 AM
Subject: Loopback interface for OSPF [7:4802]


> Hi;
>
>  >
> TIA
> Vincent Chong
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4825&t=4802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hi [7:4536]

[Dom Stocqueler]

Here, here,

this thread brightened up my day.

Thanks to all who contributed.




|+->
||  Tom Lisa   |
||   |
|| |
||  16/05/2001 19:01   |
||  Please respond to  |
||  Tom Lisa   |
|| |
|+->
 
>|
 
||
  |   To:
[EMAIL PROTECTED] |
  |   cc: (bcc: Dom
Stocqueler/LON/GB/Reuters) |
  |   Subject: Re: hi
[7:4536] |
  |   Header:  Internal Use
Only   |
 
>|






David,

Lighten up!  We spend a lot of time & bandwidth on serious discussion.  Many
threads are
on highly technical issues.  However, like everyone else, sometimes we need
a break.  A
little humor now and then is good for the soul and helps the mental
processes.

However, so you won't be bothered anymore by this frivolity, go here and
unsubscribe:
www.groupstudy.com .  Scroll down right side to list manager and remove
yourself from
the list.

HTH,
Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy


David Wong wrote:

> I didn't sign up for this discussion group. Someone used my email client
> when I was away. But you guys talked about a lot of CRAPS over this thread.
> Is that what you guys signed up for ? At least someone should think this is
> way off your topics & wasting all other people's time to read these
> nonsense...
>
> - Original Message -
> From: "Natasha"
> To:
> Sent: Tuesday, May 15, 2001 11:40 PM
> Subject: Re: hi [7:4536]
>
> > Now that this thread ran it's course I wonder if we'll ever hear from
> > Mr. Wong again?
> >
> > >
> > > David Wong wrote:
> > > >
> > > > Hello gang,
> > > >
> > > > I am new.
> > > >
> > > > jc2
> >
> >
> > --
> > Natasha Flazynski
> > CCNA, MCSE
> > http://www.ciscobot.com
> > My Cisco information site.
> > http://www.botbuilders.com
> > Artificial Intelligence and Linux development
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



-
Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4826&t=4536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can I have 2 multilink-PPP bundles? [7:4827]

[NRF]

Hi all:

Consider this situation.  Let's say I have a router (call it router A) with
4 serial interfaces, each connected to a T1 line.  This router is connected
to 2 other routers by these serial interfaces, such that S0 and S1 are
connected to router B, and S2 and S3 are connected to router C.  So on
router A I want to be able to create 2 multilink PPP bundles of 2 serial
interfaces each.  Can I do this?

Note, I do not want all interfaces in 1 bundle, I want 2 entirely different
bundles.  Also, there is no dialing going on anywhere, so I do not think you
can use any Dialer interfaces (I tried with both dialer pools and rotary
groups, and got nowhere, as if I don't add a dialer string, then debug's
complain about no dialer string, and then when I do add a bogus dialer
string, the serial interface still refuses to bind to the dialer interface).

If this is possible, what are the commands?  Yes, I've thought about using
virtual-templates.  But then, I don't see any command (in 12.0) to link a
particular bundle with a particular virtual-template.  And I've already
explored the Dialer commands, to no avail.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4827&t=4827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What is the use of "ip classless" command in classful networks? [7:4828]

[Brijesh]

Hi,

Please tell me what is the use of "ip classless" command in classful
networks?

I have read somewhere that When using classful routing protocols such as RIP
or IGRP, use "ip classless" command if you want it to also match unknown
subnets of known networks. Can anybody throw some light on this statement.

Thanks,
Brijesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4828&t=4828
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Router 2523 [7:4829]

[RamG]

Hello Gang - I am planning to buy 2523.  Before, I do that, I would like to
have your opinions/suggestions.  The purpose of buying 2523 is to practice
FR config from All In One Study Guide Book.  I have 2501/02/03/04/11
routers.  Can I connect serial int of these routers to 2523 - 8 Low speed
serial(sync/async) interfaces.  Any command to be used?

Thanks  /  RamG




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4829&t=4829
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

looking for 2620/2621 Router [7:4830]

[Valeri Marinski]

hi guys/gals
i am located in germany
and would like to get a used 2620/2621 Router for a reasonable price
please send me any offers offlist
regards
Valeri




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4830&t=4830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router 2523 [7:4829]

[Vincent Chong]

why not?

""RamG""   Hello Gang - I am planning to buy 2523.  Before, I do that, I
would like
to
> have your opinions/suggestions.  The purpose of buying 2523 is to practice
> FR config from All In One Study Guide Book.  I have 2501/02/03/04/11
> routers.  Can I connect serial int of these routers to 2523 - 8 Low speed
> serial(sync/async) interfaces.  Any command to be used?
>
> Thanks  /  RamG
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4831&t=4829
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SUP2/PFC2 and MSFC2 6500/7600 OSR [7:4762]

[Marc-Andre Giroux]

Don't bother SUP2 will not support mpls they will release a sup3 around
November wait till that comes out

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
dre
Sent: May 16, 2001 6:23 PM
To: [EMAIL PROTECTED]
Subject: SUP2/PFC2 and MSFC2 6500/7600 OSR [7:4762]


Is SUP2+MSFC2 worth upgrading to from SUP1A+MSFC1?  Anyone had this in place
for awhile or comments on the architecture?

-dre
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4832&t=4762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwith Allocation/Dedication and Routing [7:4798]

[Dyson Kuben]

class-map best-prio 
  match access-group 101 
class-map best-effort 
  match access-group 102 


policy-map mypolicy 
  class best-prio 
 bandwidth 2000... 
  class best-effort 
 bandwidth 2000... 



access-list 101 permit ip x.x.x.x mask y.y.y.y mask 
access-list 102 deny ip x.x.x.x mask y.y.y.y mask 
access-list 102 permit ip any any 




service-policy out mypolicy 



With this config, you assure that in case of congestion half of the
bandwitdh
(this is configurable) is reserved for the high priority traffic and the
other
half is for best-effort. 


Regarding the IOS version, it may be supported in your version. 
If not, go to 12.0(7)T. 





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4833&t=4798
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: any body has transcender for ccnp.??. [7:4821]

[Kevin Wigle]

First - AFAIK, Transcender only has a CCNA exam.  I haven't heard any
comments on how good/bad it is.  It seems that BOSON has just about cornered
the commercial market for practice exams for Cisco certifications.  I own
just about all the Cisco related Boson exams.

Second.  Nobody on this list doesn't think that copyrighted materials are
traded all the time - but we all know that it is illegal.  Most of the
people on this list also support those commercial enterprises that provide
us products that make getting those certifications a bit easier.  Therefore
posts that encourage illegal trade in these materials is pretty much SPAM.

I am somewhat surprised to see your entire signature as normally these kind
of posts come from hotmail or some other "public" email provider.  I would
expect that a commercial enterprise would understand this.

Please re-consider making these kinds of posts to the list.

Kevin Wigle

- Original Message -
From: Ahmed Malkawi 
To: 
Sent: Thursday, May 17, 2001 4:34 AM
Subject: any body has transcender for ccnp.??. [7:4821]


> any body has transcender for ccnp.??.we can trade in or we can buy it and
> share the cost .
>
>
> Regards
>
>
> --
> Ahmed Malkawi MCSE/CCNA
> Business Solutions Dep.
> Tel.+974 447 0 369
> Mobile+974 557 1 275
> ---
> Afkar Information Tech.
> Tel.   +974 447 0 447
> P.O.BOX   20732
> Doha - Qatar
> www.afkaronline.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4834&t=4821
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Using Public addresses as Internally [7:4835]

[Bruce Williams]

My company wants to use public addresses from the Class A range internally.
I realize the danger if these routes got advertised on the Internet, but is
this something that is considered acceptable if it is carefully done to
prevent the risk of these routes being propagated out on the Public
Internet? These networks will be used to address equipment in a multitude of
cellular radio base stations around the country and they will only be
connected to our network. There will central locations where users from the
internet could access a database which will query these systems, but there
will not be a direct internet connection. I would appreciate any advice on
this.

Thanks,


Bruce Williams
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4835&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwitdh Allocation and Routing [7:4797]

[Dyson Kuben]

Upgrade the IOS to 12.0(7)T and use class-based wfq with priority 
at output interface towards destination, and wfq for other traffic: 


access-list 101 permit ip 
access-list 102 permit ip any any 


class sample 
 match access-group 101 


class normal 
 match access-group102 


policy-map peername 
 class sample 
 priority   <-- this is all other bandwidth 
 random-detect <--optional, use for wred 
 fair-queuing <-- optional, use for flow-based wfq 


interface serial 1/0.1 point-to-point 
 service-policy output peername 


This should do it. 





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4837&t=4797
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback interface for OSPF [7:4802]

[Carroll Kong]

At 01:16 AM 5/17/01 -0400, Vincent Chong wrote:
>Hi;
>
>  For OSPF implementation, an area can be configured in the Loopback
>interface.
>But what purpose, when should I do it?
>
>TIA
>Vincent Chong

Well, somewhat off topic, but the router id will lock on to the loopback 
address, which might stabilize the network more.  However, I think you even 
wrote to the list an email about that so that probably is not what you are 
asking.

Now why would you want to advertise a loopback interface using OSPF or any 
IGP?  To teach the IGP how to get their later on for redistribution into 
BGP.  Basically only used if you need to use an AS as a transit AS.  You 
have basically two choices.

IBGP (full mesh) to the ASBRs of the transit AS.  Or, you can redistribute 
the "transit route" through an IGP instead.  They tend to use loopback 
interfaces to help the transit ASs achieve more stability to avoid 
flappage.  I am somewhat new on this, so if I am wrong, I will happily 
defer to someone with more experience, but this is my take on it from what 
I have read.



-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4836&t=4802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: any body has transcender for ccnp.??. [7:4821]

I would reply but I don't want to go to prison with you

-Original Message-
From: Ahmed Malkawi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 3:34 AM
To: [EMAIL PROTECTED]
Subject: any body has transcender for ccnp.??. [7:4821]


any body has transcender for ccnp.??.we can trade in or we can buy it and
share the cost .


Regards


--
Ahmed Malkawi MCSE/CCNA
Business Solutions Dep.
Tel.+974 447 0 369
Mobile+974 557 1 275
---
Afkar Information Tech.
Tel.   +974 447 0 447
P.O.BOX   20732
Doha - Qatar
www.afkaronline.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4840&t=4821
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Any Cisco Study Group Louisville, KY [7:4838]

[ccnawan]

I am looking for a Cisco user group in Louisville, KY
Dan Evensen CCNAWS CNS
- Original Message -
From: 
To: 
Sent: Wednesday, May 16, 2001 6:12 PM
Subject: Re: Cisco Study Group. Meridian, MS [7:4747]


> Here is the Jackson Mississippi Cisco User Group website.
> http://www.jancug.org/  JANCUG
>
> and here is there mailgroup
>
> [EMAIL PROTECTED] ('[EMAIL PROTECTED]')
>
>
> Ken's Web Page(http://www.geocities.com/trexken_2000)
> "There is more to life than increasing its speed."
> - Mahatma Gandhi
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4838&t=4838
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: LOL - bye bye [7:4769]

[ccnawan]

Since people are the same everywhere, individuals, with different behaviors,
depending on nationality, the way they were brought up etc. If you cant get
along, with a small group like this, how are you going to get along with
anyone else.
Dan Evensen CCNAWS CNS
- Original Message -
From> > ""bob bobson""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hear is my payback for the huge waste of time this
> > > list has been, Sorry to the non spammers.
> > >
> > > After joing this list two weeks ago, I now know why
> > > CCIE has a 85% fail rate.
> > >
> > > What a waste of time, 80% crap, and I've never seen so
> > > many dumb@ss .sig whor3s on a list.
> > >
> > > Iam Cool
> > > SR Wannabe
> > > Unemployed corp
> > > MCSE, CCNP, CCNA, ISUCK++, DVDA specialist
> > >
> > > LOL..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4839&t=4769
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Disaster recovery input from pros needed :) [7:4841]

[David Cooper]

Heya,

I'm at a site right now where I we have a central Cat 6509 as core with a
couple fiber blades and 4 more 10/100 rj45 blades (ACK). This switch does
the core routing within the network. It also is the main switch for the
servers at the site. The fiber blades go out to closets with stacks of
3524's. There is also another stack of 3524's right next to the Big kitty
for workstations in the area. They have really good turnaround on the
failure of the cat6509 but I still wonder what the downtime will cost them
if the thing decides it would rather be a coffee maker. I have been talking
to the tie wearing folks about an interim backup solution.

Im thinking in the interim of a disaster I can grab a 2620 or higher and run
the routing on a stick I hear on this group so often. I am not sure where to
place this router though. I can swap all the gig modles to the 3524's next
to the cat. Then from there put a router on it and do the router on a stick.
I just don't know where exactly to put this in and how to design it. ( Im
not versed in network design of this type and quite a few others too :) Some
ideas in this matter from the grand folks on the group would be appreciated
indeed. Im am very interested in learning this one. Also what to do about
those 48 port modules on the Cat while it is sleeping too? Hehe. If I were
here while this was being designed I would have yelled alot more about this
conglomerate core/distro/access thingy.

Anyway if you need drawnings of the mess or any further info I can supply
them quick like :)

Looking forward to your thoughts!
Thanks in advance.
Dave Cooper
 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4841&t=4841
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP ?? [7:4789]

[Edward Gomez]

John,

I took the exam two weeks ago and used the following books and boson tests
to prepare for it:

Cisco Press Building Cisco Multilayer Switched Networks
Sybex CCNP Switching Study Guide
Exam Cram Switching Guide
Boson Switching Test #2

The Cisco Press and Sybex books both cover everything you need to know. The
exam cram is helpful for studying. I would
definately purchase the two switching exams from Boson and test till you
score above 90%. As far as what is on the exam you
definately need to know multicasting, rp's, STP, VTP, MLS, and Vlans. Also
there are several questions on hardware so know the diffence between the
1900, 2900, 5000, 6000, and 8000 series switches. The test is not that hard
I was done in about 30 minutes and scored 835. I'm studying for BSCN
networks right now and I know that is gonna be a tough one..Good luck on
your exam...

Eddie

--
Edward J. Gomez, MCSE, CNE, CCNA
Information Systems Manager
ProxyMed, Inc
2555 Davie Road,
Suite 110
Fort Lauderdale, Florida 33317
(954) 473-1001 x315
http://www.proxymed.com


-Original Message-
From: John Andrews [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 16, 2001 10:37 PM
To: [EMAIL PROTECTED]
Subject: CCNP ?? [7:4789]


I have a question or two.  I am in the near future planning on taking the
CCNP
switching exam.  My question is this?

How through is the test compared to the sybex book?  Will that, plus the
boson
tests prepare me adequately enough to pass the test and in addition to the 
edge tests that are included with the book?  Also, what are the main areas 
covered?  I am NOT asking for specific questionsbut generalities only. 
Something like VLANS were a large portion of the CCNA exam.  I am suspecting

that rp's, switch types, commands, pim sparse and dense modes are the main 
portions.  Or at least this is what I am getting out of the sybex book.  Am
I
seeing this wrong or am I on the right track?

Thanks,
J
(the one who will be glad when this test is done)

Have a great day!
John A
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4842&t=4789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[Patrick Bass]

SOwhy not just use 10.x.x.x ?  NO... it's not acceptable, it's bad
practice.  Why do it?  What's the advantage?

""Bruce Williams""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> My company wants to use public addresses from the Class A range
internally.
> I realize the danger if these routes got advertised on the Internet, but
is
> this something that is considered acceptable if it is carefully done to
> prevent the risk of these routes being propagated out on the Public
> Internet? These networks will be used to address equipment in a multitude
of
> cellular radio base stations around the country and they will only be
> connected to our network. There will central locations where users from
the
> internet could access a database which will query these systems, but there
> will not be a direct internet connection. I would appreciate any advice on
> this.
>
> Thanks,
>
>
> Bruce Williams
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4843&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What is the use of "ip classless" command in classful [7:4844]

[John Neiberger]

This has been covered in depth a few different times.  Check the
archives and you'll find a few different threads that cover the
operation of 'ip classless' and 'no ip classless'.

If you don't know what they do, use 'ip classless' and forget about it.
 

Regards,
John

>>> "Brijesh"  5/17/01 6:26:42 AM >>>
Hi,

Please tell me what is the use of "ip classless" command in classful
networks?

I have read somewhere that When using classful routing protocols such
as RIP
or IGRP, use "ip classless" command if you want it to also match
unknown
subnets of known networks. Can anybody throw some light on this
statement.

Thanks,
Brijesh
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4844&t=4844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[Debbie Westall]

Bruce,

Do you really need that much address space???

If so, you will also need to be concerned about your
choice of routing protocols. Also, you definately
don't want any of those routes leaking out into the
Internet (which sounds like you know).

Debbie

--- Bruce Williams 
wrote:
> I think you misunderstood my question. I am aware of
> the reserved private
> addresses, but we need more address space than that.
> I want to use the regular Class A public address
> space 1.0.0.0 to 126.0.0.0.
> That is risky because those addresses are already
> assigned on the public
> internet. It would work as long as those routes dont
> get our of our internal
> network.
> 
> Bruce
> 
> - Original Message -
> From: "Debbie Westall" 
> To: "Bruce Williams" 
> Sent: Thursday, May 17, 2001 10:16 AM
> Subject: Re: Using Public addresses as Internally
> [7:4835]
> 
> 
> > This is acceptable. Refer to RFC 1918 and 1597 for
> > further info.
> >
> > You may use the following:
> > Class Private Address Range
> > A10.0.0.0 . 10.255.255.255
> > B172.16.0.0 . 172.16.255.255
> > C192.168.0.0 . 192.168.255.255
> >
> > Just be careful when setting up your filters
> (ACLs)
> >
> > Good Luck
> >
> > Debbie
> >
> > --- Bruce Williams 
> > wrote:
> > > My company wants to use public addresses from
> the
> > > Class A range internally.
> > > I realize the danger if these routes got
> advertised
> > > on the Internet, but is
> > > this something that is considered acceptable if
> it
> > > is carefully done to
> > > prevent the risk of these routes being
> propagated
> > > out on the Public
> > > Internet? These networks will be used to address
> > > equipment in a multitude of
> > > cellular radio base stations around the country
> and
> > > they will only be
> > > connected to our network. There will central
> > > locations where users from the
> > > internet could access a database which will
> query
> > > these systems, but there
> > > will not be a direct internet connection. I
> would
> > > appreciate any advice on
> > > this.
> > >
> > > Thanks,
> > >
> > >
> > > Bruce Williams
> > > [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > [EMAIL PROTECTED]
> >
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great
> prices
> > http://auctions.yahoo.com/
> 



__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4845&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP ?? [7:4789]

[Brijesh]

Hi Eddie,

I am also preparing for BSCN. I will be appearing probably first week of
next month.

I have gone through the review of Cisco press book for BSCN. People out
there are saying that this covers everything you need to clear an exam. I
myself found that book very interesting. I am also using Jeff Doyle and
white papers from Cisco website. People are saying that ospf-40%, BGP-30%,
EIGRP--20% and rest is 10%. Please let me know if you have any other inputs
on this.

All the best CCNP aspirants.
Brijesh

- Original Message -
From: "Edward Gomez" 
To: 
Sent: Thursday, May 17, 2001 07:52 PM
Subject: RE: CCNP ?? [7:4789]


> John,
>
> I took the exam two weeks ago and used the following books and boson tests
> to prepare for it:
>
> Cisco Press Building Cisco Multilayer Switched Networks
> Sybex CCNP Switching Study Guide
> Exam Cram Switching Guide
> Boson Switching Test #2
>
> The Cisco Press and Sybex books both cover everything you need to know.
The
> exam cram is helpful for studying. I would
> definately purchase the two switching exams from Boson and test till you
> score above 90%. As far as what is on the exam you
> definately need to know multicasting, rp's, STP, VTP, MLS, and Vlans. Also
> there are several questions on hardware so know the diffence between the
> 1900, 2900, 5000, 6000, and 8000 series switches. The test is not that
hard
> I was done in about 30 minutes and scored 835. I'm studying for BSCN
> networks right now and I know that is gonna be a tough one..Good luck on
> your exam...
>
> Eddie
>
> --
> Edward J. Gomez, MCSE, CNE, CCNA
> Information Systems Manager
> ProxyMed, Inc
> 2555 Davie Road,
> Suite 110
> Fort Lauderdale, Florida 33317
> (954) 473-1001 x315
> http://www.proxymed.com
>
>
> -Original Message-
> From: John Andrews [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 16, 2001 10:37 PM
> To: [EMAIL PROTECTED]
> Subject: CCNP ?? [7:4789]
>
>
> I have a question or two.  I am in the near future planning on taking the
> CCNP
> switching exam.  My question is this?
>
> How through is the test compared to the sybex book?  Will that, plus the
> boson
> tests prepare me adequately enough to pass the test and in addition to the
> edge tests that are included with the book?  Also, what are the main areas
> covered?  I am NOT asking for specific questionsbut generalities only.
> Something like VLANS were a large portion of the CCNA exam.  I am
suspecting
>
> that rp's, switch types, commands, pim sparse and dense modes are the main
> portions.  Or at least this is what I am getting out of the sybex book.
Am
> I
> seeing this wrong or am I on the right track?
>
> Thanks,
> J
> (the one who will be glad when this test is done)
>
> Have a great day!
> John A
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4846&t=4789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MIcrosoft VPN [7:4847]

[Rajeev Karamchand]

Hi All


I need some info how to setup Microsoft VPN behind the
firewall. I would appreciate if someone could explain
in detail.

I know u have to open port GRE and 1723 on pix. What
else is need. 

regards
rajeev


=
Rajeev Karamchand
MCSE,MCSE+I,MCDBA,CCNA

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4847&t=4847
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

New IOS Release [7:4848]

[Kevin Wigle]

The "What's New" on the Softare page on CCO hasn't been updated yet but I did
check the IOS planner and 12.2 is there. And I was able to download a 12.2(1)
image a few minutes ago.

Kevin Wigle


NOW AVAILABLE: CISCO IOS SOFTWARE MAJOR RELEASE 12.2
Cisco IOS Software Major Release 12.2 is a consolidation of
leading-edge technology and features coupled with an ongoing
testing and quality-enhancement program. It contains all the
advanced features, functionality, and new platform support
introduced in Cisco IOS Software 12.1T early deployment
releases.

Major Release 12.2 will continue to incorporate software
quality improvements via several maintenance releases.  These
maintenance releases will contain quality improvements only
and will provide the maintenance for all previous 12.1T early
deployment releases.

Major Release 12.2(1), the first of these maintenance
releases, has benefited from special emphasis and focused
regression testing on voice and ISDN applications. In addition
to further defect elimination, subsequent versions of Major
Release 12.2 will also include similar emphasis on other
customer-critical application areas.

Customers who have deployed any of the early deployment
releases (i.e., 12.1T and the short-lived 12.1-based X
releases) may upgrade to Major Release 12.2 to benefit from
this improved software quality. Release 12.2 is not
recommended for customers running previous major releases
unless they require the 12.1T advanced functionality now
delivered in Release 12.2.

http://www.cisco.com/warp/customer/732/releases/release122.shtml




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4848&t=4848
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LOL - bye bye [7:4769]

[John Andrews]

I (eye)think the statement "dumb@ss .sig whor3sz" is actually pretty typical 
coming from someone who includes lots of lol's, z's in their mail.
Obviously,
much of this persons time is spent elsewhere besides on a site geared for 
learning.  Noone here know's (no's) everything or else they wouldn't be here 
(hear).  Sharing thoughts and strategies are what I get out of this site 
(sight).  Not all info learned here (hear) or read (red) applies to me yet, 
but I (eye) look forward to the day when I (eye) can  how can I (eye)put 
thisbe a "dumb@ss .sig whor3"lololol(hahaha).

John Anderews 
CCNA
CCNP wantabe
CCIE wantabe


>= Original Message From "ccnawan"  =
>Since people are the same everywhere, individuals, with different behaviors,
>depending on nationality, the way they were brought up etc. If you cant get
>along, with a small group like this, how are you going to get along with
>anyone else.
>Dan Evensen CCNAWS CNS
>- Original Message -
>From> > ""bob bobson""  wrote in message
>> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> > > Hear is my payback for the huge waste of time this
>> > > list has been, Sorry to the non spammers.
>> > >
>> > > After joing this list two weeks ago, I now know why
>> > > CCIE has a 85% fail rate.
>> > >
>> > > What a waste of time, 80% crap, and I've never seen so
>> > > many dumb@ss .sig whor3s on a list.
>> > >
>> > > Iam Cool
>> > > SR Wannabe
>> > > Unemployed corp
>> > > MCSE, CCNP, CCNA, ISUCK++, DVDA specialist
>> > >
>> > > LOL..
>FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Have a great day!
John A




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4852&t=4769
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MIcrosoft VPN [7:4847]

[Allen May]

static (inside,outside) outside_ip inside_ip netmask subnet
conduit permit tcp host outside_ip eq 1723 any
conduit permit gre host outside_ip any

The rest is all up to the Windows box & is documented on microsoft.com.  If
you have trouble, try putting the box outside the firewall until it's
working to eliminate the firewall settings as the problem.  Make sure the
router is set up not to block the above ports either

Encryption settings on the VPN server can be a gotcha if you don't match
what the client has.  Highest security is hard to get working if you don't
know what to look for on the client and it also puts added strain on the CPU
of the VPN server when it has to decrypt every packet from every client.

Allen May

- Original Message -
From: "Rajeev Karamchand" 
To: 
Sent: Thursday, May 17, 2001 10:15 AM
Subject: MIcrosoft VPN [7:4847]


> Hi All
>
>
> I need some info how to setup Microsoft VPN behind the
> firewall. I would appreciate if someone could explain
> in detail.
>
> I know u have to open port GRE and 1723 on pix. What
> else is need.
>
> regards
> rajeev
>
>
> =
> Rajeev Karamchand
> MCSE,MCSE+I,MCDBA,CCNA
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4849&t=4847
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MIcrosoft VPN [7:4847]

[Allen May]

Oh don't forget to either set up a pool of internal IP addresses or have it
get IPs from the DHCP server.

Allen May

- Original Message -
From: "Rajeev Karamchand" 
To: 
Sent: Thursday, May 17, 2001 10:15 AM
Subject: MIcrosoft VPN [7:4847]


> Hi All
>
>
> I need some info how to setup Microsoft VPN behind the
> firewall. I would appreciate if someone could explain
> in detail.
>
> I know u have to open port GRE and 1723 on pix. What
> else is need.
>
> regards
> rajeev
>
>
> =
> Rajeev Karamchand
> MCSE,MCSE+I,MCDBA,CCNA
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4850&t=4847
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[Allen May]

If you're using someone elses IP range, you'll never be able to access their
network if you need to.  Your router would keep it internal & would never
pass it outside.

- Original Message -
From: "Bruce Williams" 
To: 
Sent: Thursday, May 17, 2001 9:01 AM
Subject: Using Public addresses as Internally [7:4835]


> My company wants to use public addresses from the Class A range
internally.
> I realize the danger if these routes got advertised on the Internet, but
is
> this something that is considered acceptable if it is carefully done to
> prevent the risk of these routes being propagated out on the Public
> Internet? These networks will be used to address equipment in a multitude
of
> cellular radio base stations around the country and they will only be
> connected to our network. There will central locations where users from
the
> internet could access a database which will query these systems, but there
> will not be a direct internet connection. I would appreciate any advice on
> this.
>
> Thanks,
>
>
> Bruce Williams
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4853&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Trading a 2511 for a 2621 [7:4726]

[Edward Hartman]

Sure, the 2511 and about $700 would make a fair trade for a 2621.  Have you 
checked the prices on eBay?  I might make this trade if you are interested.

At 03:37 PM 5/16/01 -0400, Frank Kim wrote:
>Hi folks,
>I got a 2511 with 16megs flash and 16megs dram that I would like to trade
>for a 2621 router or equivalent.  Reply directly to me if interested.
>
>
>-Frank
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4854&t=4726
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2912XL switch [7:4704]

[andyh]

1.  check the interface counters (errors, late collisions, etc.) to see
whether the cable is at fault.  If not then have a look at the routers to
see why they might be dropping packets.

2. from configure prompt:

interface vlan X
 ip address  
 exit
ip default-gateway 
end

if you wish to use a vlan other than vlan 1 as the management interface you
need to add the command "management" under the interface config.  Note that
you *cannot* have more than one management interface live, although you can
have the config there for multiple.

check:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc/sc/index
.htm

hth

Andy
- Original Message -
From: 
To: 
Sent: Wednesday, May 16, 2001 5:41 PM
Subject: 2912XL switch [7:4704]


> thanks brian
>
> can u please look into secon part of my question
>
> >
> > 100m is the max for fe, is there possibly a mismatch for speed or
duplex?
> > Got Fluke??
> >
> > Bri
> >
> > - Original Message -
> > From: "Jim Barksdale"
> > To:
> > Sent: Tuesday, May 15, 2001 1:15 PM
> > Subject: Re: cross cable length [7:4561]
> >
> >
> > > If you made the cable yourself...
> > > Make sure you used the correct pairs (colors) on the correct pins.
> > > Short cables it does not make much difference, longer cables it does.
> > >
> > >
> > > "[EMAIL PROTECTED]" wrote:
> > >
> > > > hi group
> > > >
> > > > my 1st mail to group , joined a month back has helped me alot
> > > > i thank all of you.
> > > >
> > > > i have a doubt please help me to sort it out.
> > > >
> > > > point no. 1
> > > >
> > > > i am working in an ISP, one of our client is conected from our
> > fastethernet
> > > > port to his router over cross cable(total cable length is 60 meter
both
> > > > routers r 3600 series). customer is experincing packet loss, someone
> > said
> > > > that for cross cable length cant me more that 15-20 Meter. But i
have
> > never
> > > > come across such thing in any book. all books say that for 100Base T
> > length
> > > > is 100M.
> > > >
> > > > point no. 2
> > > >
> > > > we have 2912XL switch, to see ip address/subnet mask/default gateway
> > what
> > > is
> > > > command. in case of 1900 series it is
> > > > sh ip. i tried searching on cisco site but could not locate it.
> > > >
> > > > looking for u alls support
> > > >
> > > > thanks
> > > >
> > > > manoj
> > > >
> > > > __
> > > > 123India.com - India's Premier Portal
> > > > Get your Free Email Account at http://www.123india.com
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> __
> 123India.com - India's Premier Portal
> Get your Free Email Account at http://www.123india.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4851&t=4704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WS-X2931-XL?? [7:4855]

[Stuart Pittwood]

Hi,
 
Just a quickie
 
Is the WS-X2931-XL the module that I need to connect two 2642M-XL-EN
switches with gigabit over existing copper cable.
Thanks
Stu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4855&t=4855
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS [7:4597]

[Kevin Schwantz]

I posted a similar thread a week back but got no response from this group. I
suggest you join the mailing list found at this website. These people ONLY
talk MPLS. www.mplsrc.com

Kevin Schwantz

""Marc-Andre Giroux""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone on this list have a indept knowledge of mpls?
> If you have knowledge on MPLS-VPN , VPN-ipv4 , ospf TE, colors, ospf
opaque
> , rsvp te , diffserv , Fastreroute & autobandwith and are seeking to
debate
> and share information on these email me. I am trying to form a MPLS alias.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4856&t=4597
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed BCMSN [7:4546]

[Kevin Schwantz]

I passed BCMS with only a book. Never configured a switch before. You just
have to memorise it all.


Kevin

""Sudarshan Narasimhachari""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Groupies,
>
> Further to my yesterday's posting, I got queries about the set command
> software tester and also about what to prepare. In my opinion, the
> books I mentioned earlier in the mail should be enough, I think. Of
> course other than any practical experience. In my opinion only book
> knowledge is not enough to pass these exams. I did some research on
> where I got the software tester from. Thanks to Mr. Ole Drews Jensen.
> Sorry Mr. Jensen, I forgot your name :-(. Here is the link to his
> homepage with lots of good information (Ole the Hear me link was cool,
> you are playing good man:-)). I should say, keep the good thing going
> once again, to Ole.
>
> http://www.oledrews.com/ccnp/
>
> Whoever needs Ole's set command tester (trainer as Ole calls it) can
> look under the switching link and you will find it.
>
> BRgds
> Sudarshan
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4857&t=4546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Token Ring stuff for sale [7:4858]

[John Chang]

I have a bunch of Token Ring stuff.  Anyone interested?  Thanks.

1 HP 600N (model# j3112A) internal Token-Ring print server card $50
13 IBM Auto 16/4 Token Ring ISA card $4.50
1 Olicom (model# OC-3118) 16/4 Token Ring ISA card $4.50
1 HP JetDirect Ex Plus 3 (model#2594A) print server $50
4 ~16ft IBM-type (brand Black Box) Type-1 to DB-9 Token-Ring cable $9
9 8ft IBM-type (brand Black Box) Type-1 to DB-9 Token-Ring cable $9
6 8ft IBM Type-1 to DB-9 Token-Ring cable  $9




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4858&t=4858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Disaster recovery input from pros needed :) [7:4841]

[Tony Medeiros]

I would put a redundent sup/MSFC in the chassis.  It's never a good idea to
have users plugged into a core device.  The only reason to do this is money
(the major driver these days)

Redundent core chassis is always the best.  Consult the BCMSN book for this
design.

Tony M
#6172

- Original Message -
From: David Cooper 
To: 
Sent: Thursday, May 17, 2001 7:19 AM
Subject: Disaster recovery input from pros needed :) [7:4841]


> Heya,
>
> I'm at a site right now where I we have a central Cat 6509 as core with a
> couple fiber blades and 4 more 10/100 rj45 blades (ACK). This switch does
> the core routing within the network. It also is the main switch for the
> servers at the site. The fiber blades go out to closets with stacks of
> 3524's. There is also another stack of 3524's right next to the Big kitty
> for workstations in the area. They have really good turnaround on the
> failure of the cat6509 but I still wonder what the downtime will cost them
> if the thing decides it would rather be a coffee maker. I have been
talking
> to the tie wearing folks about an interim backup solution.
>
> Im thinking in the interim of a disaster I can grab a 2620 or higher and
run
> the routing on a stick I hear on this group so often. I am not sure where
to
> place this router though. I can swap all the gig modles to the 3524's next
> to the cat. Then from there put a router on it and do the router on a
stick.
> I just don't know where exactly to put this in and how to design it. ( Im
> not versed in network design of this type and quite a few others too :)
Some
> ideas in this matter from the grand folks on the group would be
appreciated
> indeed. Im am very interested in learning this one. Also what to do about
> those 48 port modules on the Cat while it is sleeping too? Hehe. If I were
> here while this was being designed I would have yelled alot more about
this
> conglomerate core/distro/access thingy.
>
> Anyway if you need drawnings of the mess or any further info I can supply
> them quick like :)
>
> Looking forward to your thoughts!
> Thanks in advance.
> Dave Cooper
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4860&t=4841
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCRAN Tomorrow [7:4861]

[Terence Lee]

I am taking the Remote Access tomorrow. I have studied the cramssession
outline, read the cramexam twice, and used the Cisco CIM ISDN. Just
wondering if there are any topic's that I need to focus on? Fill-ins,
etc...?

Thanks in advance

Terence




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4861&t=4861
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Private VLAN on cat 6500 [7:4862]

[Group study]

Got a problem configuring a promiscuous port for  private VLAN.  The primary
Vlan 202 has 4 private vlan in it.  I need to configure a promiscuous
port(connected to a router) to communicate with all the 4 private vlan.



When I tried to mapp a PVLAN to a promiscuous port in a vlan, I always got
this following message:  Any body knows what I did wrong ?  How I accomplish
this?

set pvlan mapping  202  511  4/11
"Can not add a private mapping to a port with another private port in same
ASIC"

Thanks

Ruihai




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4862&t=4862
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback interface for OSPF [7:4802]

[Peter Van Oene]

You're pretty much there.  To clarify, transit AS's use only fully meshed
IBGP (assuming scalability techniques like Route Reflection and
Confederations also in use) and usually peer internally via loopback
addresses for stability and as you correctly point out, use the IGP to
distribute reachability information for those loopbacks.  Using IGP only
routers for transit might have worked at some point years ago, but simply
doesn't cut it anymore due to the sheer volume of paths in the internet.

*** REPLY SEPARATOR  ***

On 5/17/2001 at 10:04 AM Carroll Kong wrote:

>At 01:16 AM 5/17/01 -0400, Vincent Chong wrote:
>>Hi;
>>
>>  For OSPF implementation, an area can be configured in the Loopback
>>interface.
>>But what purpose, when should I do it?
>>
>>TIA
>>Vincent Chong
>
>Well, somewhat off topic, but the router id will lock on to the loopback 
>address, which might stabilize the network more.  However, I think you
>even 
>wrote to the list an email about that so that probably is not what you are 
>asking.
>
>Now why would you want to advertise a loopback interface using OSPF or any 
>IGP?  To teach the IGP how to get their later on for redistribution into 
>BGP.  Basically only used if you need to use an AS as a transit AS.  You 
>have basically two choices.
>
>IBGP (full mesh) to the ASBRs of the transit AS.  Or, you can redistribute 
>the "transit route" through an IGP instead.  They tend to use loopback 
>interfaces to help the transit ASs achieve more stability to avoid 
>flappage.  I am somewhat new on this, so if I am wrong, I will happily 
>defer to someone with more experience, but this is my take on it from what 
>I have read.
>
>
>
>-Carroll Kong
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4863&t=4802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need some help with ping on PIX [7:4859]

[Mike Peterson]

Hi, I am trying to allow ping through my PIX firewall  , from any
workstation on my inside network to any  workstation outside the firewall
.I also cannot ping my internet router.This is just a simulated network.
PC1---|172.31.2.100
209.165.201.3  209.165.201.1
|PIX---RTR-Int.
CloudPC2---| I am missing something for sure, so would please let me
know what I am missing.Thanks, Mike pixfirewall# wr t
Building configuration...
: Saved
:
PIX Version 5.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 pix/intf2 security10
nameif ethernet3 pix/intf3 security15
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 100 permit icmp any any echo
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
mtu outside 1500
mtu inside 1500
mtu pix/intf2 1500
mtu pix/intf3 1500
ip address outside 209.165.201.3 255.255.255.224
ip address inside 172.31.2.100 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
ip address pix/intf3 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address pix/intf2 0.0.0.0
failover ip address pix/intf3 0.0.0.0
arp timeout 14400
nat (inside) 0 172.31.2.0 255.255.255.0 0 0
static (inside,outside) 209.165.201.3 172.31.2.100 netmask
255.255.255.255 0 0
access-group 100 in interface outside
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
telnet timeout 5
terminal width 80
Cryptochecksum:2012a7889adc85895d9db997c1ca0878
: end
[OK]
pixfirewall#



Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4859&t=4859
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Has anybody seen IS-IS used anywhere but ISP's? [7:4784]

[Peter Van Oene]

OSPF has more "enterprise" oriented features including more options for
supporting varied network mediums (NBMA comes to mind) and definitely a
marked advantage in published materials.  Further, without recent
modifications, the ability to scope the flow of LSA's and maintain some
degree of routing optimality was better with OSPF which made it more suited
to large enterprise networks where multi area topologies are the norm. 
Recent modifications to ISIS including the ability to "leak" routing
information into L1 areas from the backbone allows ISIS to offer similar
functionality - (think stub vs totally stubby in OSPF)

I have personally not seen ISIS outside of already mentioned SDH management
networks and ISP backbones and personally would not recommend running ISIS
over OSPF in an enterprise network simply because it's easier and usually
cheaper to find OSPF knowledge than ISIS.

Peter


*** REPLY SEPARATOR  ***

On 5/16/2001 at 11:42 PM nrf wrote:

>Damn, I forgot about that whole Decnet thing.  That's right, that's right,
>Decnet implements Is-Is for PhaseV migration.  I have even worked on a
>network like that, how foolish of me to forget.
>
>So I guess I should have narrowed my question.  What I should have said is,
>has anybody seen Integrated IS-IS (for IP routing only) being used in a
>real
>working network other than an ISP?
>
>
>
>
>
>""Howard C. Berkowitz""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> >Other than in ISP's, has anybody seen IS-IS in use in a real production
>> >network?
>> >
>> A subset is used for SONET managment in telcos. I have also seen it
>> used in some conversions from DECnet Phase IV to Phase V (which is
>> OSI) in order to get dual OSI and IP routing.
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4865&t=4784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need some help with ping on PIX [7:4859]

[John Neiberger]

It appears that you are allowing ICMP echo requests but not allowing
echo replies.  Change your access-list to allow echo-reply instead of
echo and see if that works for you.

HTH,
John

>>> "Mike Peterson"  5/17/01 10:21:29 AM >>>
Hi, I am trying to allow ping through my PIX firewall  , from any
workstation on my inside network to any  workstation outside the
firewall
.I also cannot ping my internet router.This is just a simulated
network.
PC1---|172.31.2.100
209.165.201.3  209.165.201.1
|PIX---RTR-Int.
CloudPC2---| I am missing something for sure, so would please let
me
know what I am missing.Thanks, Mike pixfirewall# wr t
Building configuration...
: Saved
:
PIX Version 5.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 pix/intf2 security10
nameif ethernet3 pix/intf3 security15
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 100 permit icmp any any echo
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
mtu outside 1500
mtu inside 1500
mtu pix/intf2 1500
mtu pix/intf3 1500
ip address outside 209.165.201.3 255.255.255.224
ip address inside 172.31.2.100 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
ip address pix/intf3 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address pix/intf2 0.0.0.0
failover ip address pix/intf3 0.0.0.0
arp timeout 14400
nat (inside) 0 172.31.2.0 255.255.255.0 0 0
static (inside,outside) 209.165.201.3 172.31.2.100 netmask
255.255.255.255 0 0
access-group 100 in interface outside
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
telnet timeout 5
terminal width 80
Cryptochecksum:2012a7889adc85895d9db997c1ca0878
: end
[OK]
pixfirewall#



Get your FREE download of MSN Explorer at http://explorer.msn.com 
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4867&t=4859
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Some equipment for sale [7:4868]

[Craig Crosby]

Wanted to let GroupStudy on some good deals on some
equipment today.  All products are used (unless
stated), in good condition, and are warranted for 30
days.  All routers include console kit, and power
cord.

Cisco 2500 Series:

(2) 2502 - $600 Each
(2) 2503 - $900 Each

Cisco 2600 Series: 

(3) 2610 - $1150 Each

Memory configs can be changed as needed with extra
flash going for $100.00 extra per 8MB.  Standard is
8/8.

Switch Probes:

(3) WS-PROBE-DUAL-ET - $300 Each
(3) WS-PROBE-FE-FD-TX - $500 Each

If interested please email me at [EMAIL PROTECTED]

Don't worry list, I won't do this again, just wanted
to let everyone know about these deals before I tried
the resale community.
--
  I am buying and selling used CISCO gear.
email me for a quote

Craig Crosby   [EMAIL PROTECTED]
Netjam, LLC   Cisco Channel Partner
333 Texas Street
Suite 1401   30 day warranty
Shreveport, La. 71101 VISA/MC/AMEX/COD

 

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4868&t=4868
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Detroit Area Cisco User Group [7:4870]

[CCIE Wanna BE]

Come to the Great Lakes 
   Cisco Users Group -
   18th Monthly Meeting 

All interested individuals are invited. 
Become part of the only Detroit based Cisco Users
Group. 
Topic:  Network Management 
  Application 
Presented by: Visionael
Date:  Wednesday May 30, 2001
Location:Compuware Cafeteria 
Time: 6:30 PM
Attendance: Everyone is welcomed 
 
 


__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4870&t=4870
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

configure promiscuous port for private VLAN [7:4869]

[Group study]

on 6500, one primary private VLAN  111, 4 secondary community private vlan,
I need to configure one promiscuous port(3/18, connected to router) to
communicate all 4 secondary community private vlan.


set pvlan mapping 111 511 3/18
>cannot add aprivate vlan mapping to a port with another private port in
same ASIC

and I can not "set vlan 111 3/18"

What did I do wrong ?  How can I accomplish this ?

Thanks

Ruihai




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4869&t=4869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco IOS VPN with Win2000 L2TP [7:4866]

[Peter Li]

Hi All,

I'm trying to create L2TP vpn between Win2000 pc and Cisco 3640 router
running 12.1(2) T  supports 3DES.
So far, most configuration samples I've seen can only do L2TP with a 2
router setup, LAC (ISP Access router) and LES (Enterprise gateway router).

Is there any way to config, for the Win2000 pc can connect IPSec over L2TP
direct to the gateway router? Is this possible or do I need to also config
the ISP's router too?

Any leads greatly appreciated.

Peter Li




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4866&t=4866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab setup [7:4872]

[Rashid Lohiya]

Hi,

my currently lab setup at home.I need a little advice.

I am thinking of replacing my collection of 25xx routers with modular
routers to practise lab scenarios for CCIE.

Please can you advise whether it would be advisable to get rid of my 2511
and buy a 2-Port Asynch NM to give my my 16 Asych RJ45 feeds.

I am also thinking of buying a 4-Port Serial T1 Card for my 3600, to give me
6 Serial interfaces to practise most FR scenarios, instead of buying a
2521/2522.

coupled with my regular 2600 with FE, 1003, and 2 x 1750's 4v's (2xFXS Cards
& Bri) . I think I should have enough routers to practise even complex
scenarios.

I believe the modular routers will hold their value better than the 2500's.

Any thoughts on the subject would be greatly appreciated

Rashid Lohiya
[EMAIL PROTECTED]
020 8509 2990
07785 362626
www.pioneer-computers.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4872&t=4872
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need some help with ping on PIX [7:4859]

[Allen May]

You need an access-list for the inside interface to allow icmp.  I noticed
you have access list 100 bound to outside so that will allow incoming pings.
You need one like it for inside.

Allen May

- Original Message -
From: "Mike Peterson" 
To: 
Sent: Thursday, May 17, 2001 11:21 AM
Subject: Need some help with ping on PIX [7:4859]


> Hi, I am trying to allow ping through my PIX firewall  , from any
> workstation on my inside network to any  workstation outside the firewall
> .I also cannot ping my internet router.This is just a simulated network.
> PC1---|172.31.2.100
> 209.165.201.3  209.165.201.1
> |PIX---RTR-Int.
> CloudPC2---| I am missing something for sure, so would please let me
> know what I am missing.Thanks, Mike pixfirewall# wr t
> Building configuration...
> : Saved
> :
> PIX Version 5.1(4)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 pix/intf2 security10
> nameif ethernet3 pix/intf3 security15
> enable password 8Ry2YjIyt7RRXU24 encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname pixfirewall
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> names
> access-list 100 permit icmp any any echo
> pager lines 24
> logging on
> no logging timestamp
> no logging standby
> no logging console
> no logging monitor
> logging buffered debugging
> no logging trap
> no logging history
> logging facility 20
> logging queue 512
> interface ethernet0 auto
> interface ethernet1 auto
> interface ethernet2 auto shutdown
> interface ethernet3 auto shutdown
> mtu outside 1500
> mtu inside 1500
> mtu pix/intf2 1500
> mtu pix/intf3 1500
> ip address outside 209.165.201.3 255.255.255.224
> ip address inside 172.31.2.100 255.255.255.0
> ip address pix/intf2 127.0.0.1 255.255.255.255
> ip address pix/intf3 127.0.0.1 255.255.255.255
> no failover
> failover timeout 0:00:00
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
> failover ip address pix/intf2 0.0.0.0
> failover ip address pix/intf3 0.0.0.0
> arp timeout 14400
> nat (inside) 0 172.31.2.0 255.255.255.0 0 0
> static (inside,outside) 209.165.201.3 172.31.2.100 netmask
> 255.255.255.255 0 0
> access-group 100 in interface outside
> rip inside default version 1
> route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
> timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
> timeout rpc 0:10:00 h323 0:05:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> isakmp identity hostname
> telnet timeout 5
> terminal width 80
> Cryptochecksum:2012a7889adc85895d9db997c1ca0878
> : end
> [OK]
> pixfirewall#
>
> 
>
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4871&t=4859
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Network Access Control [7:4873]

[andre]

Hello,

How do I control who accesses a network?  I want to use a Cisco 2611
router, mostly cause we already own one.  I want to use a TACACS+ &
Cisco 2611 to control who has access to the 20 subnet from the 10
subnet.  I can only seem to use it as a DB for users able to log into
the router.   Does anyone know how to set it up for what I want?

   10 Net --- Router & TACACS+
server  20Net

Once again I don't want to use the TACACS+ to control access to who
manages or accesses the router!  I want to control who is able to access
lets say an FTP server on the 20Net from the 10Net.

Thanks,
Andre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4873&t=4873
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Need some help with ping on PIX [7:4859]

[Richie, Nathan]

It looks like you are translating the workstation to the same IP address of
the outside interface of the PIX.  Try using a different IP address for your
static NAT.

Also, you can run "debug icmp trace" on the PIX and "debug IP icmp" on the
router to see what is happening.

Hope this helps


-Original Message-
From: Mike Peterson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 12:21 PM
To: [EMAIL PROTECTED]
Subject: Need some help with ping on PIX [7:4859]


Hi, I am trying to allow ping through my PIX firewall  , from any
workstation on my inside network to any  workstation outside the firewall
.I also cannot ping my internet router.This is just a simulated network.
PC1---|172.31.2.100
209.165.201.3  209.165.201.1
|PIX---RTR-Int.
CloudPC2---| I am missing something for sure, so would please let me
know what I am missing.Thanks, Mike pixfirewall# wr t
Building configuration...
: Saved
:
PIX Version 5.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 pix/intf2 security10
nameif ethernet3 pix/intf3 security15
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 100 permit icmp any any echo
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
mtu outside 1500
mtu inside 1500
mtu pix/intf2 1500
mtu pix/intf3 1500
ip address outside 209.165.201.3 255.255.255.224
ip address inside 172.31.2.100 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
ip address pix/intf3 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address pix/intf2 0.0.0.0
failover ip address pix/intf3 0.0.0.0
arp timeout 14400
nat (inside) 0 172.31.2.0 255.255.255.0 0 0
static (inside,outside) 209.165.201.3 172.31.2.100 netmask
255.255.255.255 0 0
access-group 100 in interface outside
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
telnet timeout 5
terminal width 80
Cryptochecksum:2012a7889adc85895d9db997c1ca0878
: end
[OK]
pixfirewall#



Get your FREE download of MSN Explorer at http://explorer.msn.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4874&t=4859
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Errors on link. [7:4646]

[Brian]

yeah i had a case recently with a pair of bsd servers where if the switch
they were connected was forced to 100/full, the server stayed at half.
But if the switch set to auto, then 100/full was the result.  I was aghast
in horror, but it did happen.

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Wed, 16 May 2001, Priscilla Oppenheimer wrote:

> Thanks for the info. That's a new one. Configuring auto negotiation
> actually fixed the problem! ;-)
>
> Priscilla
>
> At 04:51 PM 5/16/01, Keith Woodworth wrote:
>
>
> >On Wed, 16 May 2001, Priscilla Oppenheimer wrote:
> >
> >|+On the bright side, your reliability is still 255/255, which makes sense
> >|+since only 597 out of 530182 frames have an input error. The ratio of
bad
> >|+frames to good frames is 0.001, which is OK.
> >
> >One way to look at it. :)
> >
> >|+Is it copper cabling? Could there be electrical noise causing the
errors?
> >|+Is this server in a different location than the others? Did swapping the
> >|+NIC reduce the rate? Perhaps the NIC outputs bad frames every so often.
> >|+Please let us know what you find out. It will help us learn, though I
> think
> >|+the "bottom line" answer is that you shouldn't worry about this low
level
> >|+of errors.
> >
> >Yes standard TP. Server is located same rack as the others. One fellow
> >from this group if I may mention him, as the last message was CC'd to the
> >list: Brad McConnell mentioned he had some Linux machines with Intel
> >EtherExpress cards connected to a 6509 switch. When he hard set the port
> >on the card and the switch he saw errors as well. Soon as he Auto'd both
> >the switch and the card in the computer all was well.
> >
> >As these are the same card but running under BSD/OS, I set a port to Auto
> >on the switch, made sure the card was set to auto and moved the computer
> >to that port, took about 15 secs but they autoed to 100/full.
> >
> >That was about a half hour ago and so far no errors:
> >
> >5 minute input rate 127000 bits/sec, 42 packets/sec
> >   5 minute output rate 107000 bits/sec, 40 packets/sec
> >  103937 packets input, 42817903 bytes
> >  Received 1 broadcasts, 0 runts, 0 giants, 0 throttles
> >  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
> >  0 watchdog, 0 multicast
> >  0 input packets with dribble condition detected
> >  99082 packets output, 39561280 bytes, 0 underruns
> >  0 output errors, 0 collisions, 1 interface resets
> >  0 babbles, 0 late collision, 0 deferred
> >  0 lost carrier, 0 no carrier
> >  0 output buffer failures, 0 output buffers swapped out
> >
> >Generally I would start seeing input errors within the first couple of
> >megs of data. Looks like there might be issues with the driver for this
> >card under BSD/OS and having the switch side pegged to 100/full and the
> >card set to auto.
> >
> >Leave it be for now and see how it goes.
> >
> >Thanks for the reply.
> >Keith
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4875&t=4646
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Has anyone taken the Juniper exam lately? [7:4731]

[Sean Young]

Someone else use my email account while I was away from my desk (forgot
to screenlock

on my linux box) to send out this bogus email.  Yes, I do have the
questions and they are

all in my head.  Let me  think for a minute here.  A CCIE makes, on the
average, $130K/year

and there are about 7500 CCIEs out there.  However, there are about 8
JNCIE that I am

aware of, and they all make around $220K/year.  I don't want to dillute
the value of a JNCIE

nor CCIE.  If you want to learn Juniper, study for the exam.  There might
be "paper" MCSE

and CCNP but I don't want JNCIE to have a bad name.  All the materials
you will need

for Juniper are available at www.juniper.net

 

Sean

>From: [EMAIL PROTECTED] >To: "Sean Young" >Subject: Re: Has anyone taken
the Juniper exam lately? [7:4731] >Date: Thu, 17 May 2001 18:08:46 +0100
> > >Hello. > >I have a strong interest in pursuing the Juniper
certification. >Which study material did you use for the exam? Can you
provide me with your >180 questions. > >Thank you. > >Daniel Okpe. > > >
> > "Sean Young" > > tmail.com> cc: > Sent by: Subject: Has anyone taken
the Juniper exam > nobody@groupstu lately? [7:4731] > dy.com > > >
05/16/01 09:06 > PM > Please respond > to "Sean Young" > > > > > > >Has
anyone taken the Juniper exam recently? A friend of mine took the >exam
this morningand failed. It took me 3 tries to pass the Juniper >Network
Certified Internet Specialist (JNCIS). I remembered every >questions each
time I took the exam and wrote them downafter the exam. >Because of this,
I have about 180 questions from Juniper. My friend told >methat the exam
has changed completely from when I took the exam. Can >anyone shed the
lighton this one? Thanks. >
>
> >Get your FREE download of MSN Explorer at http://explorer.msn.com > >
and subscription info: >http://www.groupstudy.com/list/cisco.html >Report
misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > >



Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4876&t=4731
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

[Erick B.]

That is correct. If it is not adjancent/directly
connected or more then 1 hop away then the route-map
policy will be rejected and normal forwarding takes
place (debug policy). 

cisco.com has conflicting docs on this. Some say it
has to be adjancent, others say it doesn't. I remember
one saying "it not need be adjancent". 

--- Bernard  wrote:
> Now that we are at the subject of route-map, my
> experience show that the
> x.x.x.x address in the command 
> 
> set ip next-hop x.x.x.x
> 
> must be a directly connected router's interface, in
> other words, it can not
> be more than one hop away.
> Can anyone confirm, or dispute this?
> 
> Bernard
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Erick B.
> Sent: Wednesday, May 16, 2001 9:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: BGP Route map [7:4730]
> 
> 
> Route-maps work in both directions, but many
> functions
> in IOS can reference a route-map. 
> 
> For more control, use an access-list as well. The
> one
> you posted will set the next hop for any traffic
> going
> across the ethernet interface except locally
> generated
> traffic by the router. Also, the next hop has to be
> adjancent to the router (not more then 1 hop away)
> else policy routing will fail and normal forwarding
> will take place.
> 
> For traffic generated by the router to be policy
> routed using the route-map, you need to do 'ip local
> policy (route-map-name)'. 
> 
> Example:
> 
> route-map redirect perm 10
>   match ip address 101
>   match interface ethernet0
>   set ip next-hop x.x.x.x
> 
> This will set the next-hop for traffic on Ethernet0
> that matches ACL 101. To control which direction,
> you
> could use the source address of internal users in
> the
> ACL. 
> 
> For example:
> 
> access-list 101 perm ip 10.0.0.0 0.255.255.255 any
> 
> That would change the next-hop only for 10.x.x.x
> users
> going anywhere. Everyone else would take routes in
> routing table (normal forwarding). 
> 
> Policy Routing is like a Super Static Route since
> you
> can route traffic on anything a ACL can match on. 
> 
> HTH, Erick
> 
> --- "Davis, Scott [ISE/RAC]"
>  wrote:
> > ok sorry for all the posts, lets try this one more
> > time. 
> > I am working on practice tests for BSCN and do not
> > understand
> > why I got this one wrong. Given the following:
> > 
> > match clauses:
> > interface ethernet0
> > set clauses:
> > next hop x.x.x.x
> > 
> > Does this attempt to match outbound or inbound
> > packets on the 
> > interface and set the next hop?
> > 
> > Last change, I promise
> > 
> > 
> > -Original Message-
> > From: Davis, Scott [ISE/RAC]
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 16, 2001 15:02
> > To: [EMAIL PROTECTED]
> > Subject: BGP Route map [7:4730]
> > 
> > 
> > In a BGP route map, when you use the match
> > statement: 
> > 
> > match 
> > next hop x.x.x.x
> > 
> > Is this set to match inbound, or outbound, packets
> > passing through the
> > specified interface, or am I completely off-base
> and
> > it is neither one?
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4877&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need some help with ping on PIX [7:4859]

[Darren Crawford]

Traffic originating from the inside interface (outbound connections) are
allowed by default so an access-list on the inside interface isn't necessary
in
this case.  Here's an excerp from the 5.1 manual:
Outbound connections or states are allowed, except those specifically denied
by
access control lists. An outbound connection is one where the originator or
client is on a higher security interface than the receiver or server. The
highest security interface is always the inside interface and the lowest is
the
outside interface. Any perimeter interfaces can have security levels between
the inside and outside values.

The URL this was taken from is:  http:
//www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/intro.htm

The access-list in the config. only speaks to PINGs not replies.  Try adding
the following to the list:

access-list 100 permit icmp any any echo-reply

HTH

Darren

At 01:35 PM 05/17/2001 -0400, Allen May wrote:
>You need an access-list for the inside interface to allow icmp.  I noticed
>you have access list 100 bound to outside so that will allow incoming pings.
>You need one like it for inside.
>
>Allen May
>
>- Original Message -
>From: "Mike Peterson" 
>To: 
>Sent: Thursday, May 17, 2001 11:21 AM
>Subject: Need some help with ping on PIX [7:4859]
>
>
>> Hi, I am trying to allow ping through my PIX firewall  , from any
>> workstation on my inside network to any  workstation outside the firewall
>> .I also cannot ping my internet router.This is just a simulated network.
>> PC1---|172.31.2.100
>> 209.165.201.3  209.165.201.1
>> |PIX---RTR-Int.
>> CloudPC2---| I am missing something for sure, so would please let me
>> know what I am missing.Thanks, Mike pixfirewall# wr t
>> Building configuration...
>> : Saved
>> :
>> PIX Version 5.1(4)
>> nameif ethernet0 outside security0
>> nameif ethernet1 inside security100
>> nameif ethernet2 pix/intf2 security10
>> nameif ethernet3 pix/intf3 security15
>> enable password 8Ry2YjIyt7RRXU24 encrypted
>> passwd 2KFQnbNIdI.2KYOU encrypted
>> hostname pixfirewall
>> fixup protocol ftp 21
>> fixup protocol http 80
>> fixup protocol h323 1720
>> fixup protocol rsh 514
>> fixup protocol smtp 25
>> fixup protocol sqlnet 1521
>> names
>> access-list 100 permit icmp any any echo
>> pager lines 24
>> logging on
>> no logging timestamp
>> no logging standby
>> no logging console
>> no logging monitor
>> logging buffered debugging
>> no logging trap
>> no logging history
>> logging facility 20
>> logging queue 512
>> interface ethernet0 auto
>> interface ethernet1 auto
>> interface ethernet2 auto shutdown
>> interface ethernet3 auto shutdown
>> mtu outside 1500
>> mtu inside 1500
>> mtu pix/intf2 1500
>> mtu pix/intf3 1500
>> ip address outside 209.165.201.3 255.255.255.224
>> ip address inside 172.31.2.100 255.255.255.0
>> ip address pix/intf2 127.0.0.1 255.255.255.255
>> ip address pix/intf3 127.0.0.1 255.255.255.255
>> no failover
>> failover timeout 0:00:00
>> failover ip address outside 0.0.0.0
>> failover ip address inside 0.0.0.0
>> failover ip address pix/intf2 0.0.0.0
>> failover ip address pix/intf3 0.0.0.0
>> arp timeout 14400
>> nat (inside) 0 172.31.2.0 255.255.255.0 0 0
>> static (inside,outside) 209.165.201.3 172.31.2.100 netmask
>> 255.255.255.255 0 0
>> access-group 100 in interface outside
>> rip inside default version 1
>> route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
>> timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
>> timeout rpc 0:10:00 h323 0:05:00
>> timeout uauth 0:05:00 absolute
>> aaa-server TACACS+ protocol tacacs+
>> aaa-server RADIUS protocol radius
>> no snmp-server location
>> no snmp-server contact
>> snmp-server community public
>> no snmp-server enable traps
>> floodguard enable
>> isakmp identity hostname
>> telnet timeout 5
>> terminal width 80
>> Cryptochecksum:2012a7889adc85895d9db997c1ca0878
>> : end
>> [OK]
>> pixfirewall#
>>
>> 
>>
>> Get your FREE download of MSN Explorer at http://explorer.msn.com
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



***
Darren S. Crawford
Lucent Technologies Worldwide Services 
2377 Gold Meadow WayPhone: (916) 859-5200 x310 
Suite 230   Fax: (916) 859-5201 
Sacramento, CA 95670Pager: (800) 467-1467 
Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED] 
http://www.lucent.com   Network Systems
Consultant - CCNA, CCIE Written

"Providing the Power Operable Networ

Re: Network Access Control [7:4873]

[Dyk, Dave]

You're probably better off using a real firewall for an application like
that.
 Firewalls can offer better authentication, etc.  The options on your router
are pretty limited for the sort of thing you want to do.

Dave Dyk
Network Operations Unit, Portland Police Bureau
CCNP, CNE, MCSE
503.823.0371
[EMAIL PROTECTED]

>>> andre 05/17/01 10:44AM >>>
Hello,

How do I control who accesses a network?  I want to use a Cisco 2611
router, mostly cause we already own one.  I want to use a TACACS+ &
Cisco 2611 to control who has access to the 20 subnet from the 10
subnet.  I can only seem to use it as a DB for users able to log into
the router.   Does anyone know how to set it up for what I want?

   10 Net --- Router & TACACS+
server  20Net

Once again I don't want to use the TACACS+ to control access to who
manages or accesses the router!  I want to control who is able to access
lets say an FTP server on the 20Net from the 10Net.

Thanks,
Andre
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4881&t=4873
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP ?? [7:4789]

[andylow]

study the book, you will sure passed ;P

- Original Message -
From: Brijesh 
To: 
Sent: Thursday, May 17, 2001 10:57 PM
Subject: Re: CCNP ?? [7:4789]


> Hi Eddie,
>
> I am also preparing for BSCN. I will be appearing probably first week of
> next month.
>
> I have gone through the review of Cisco press book for BSCN. People out
> there are saying that this covers everything you need to clear an exam. I
> myself found that book very interesting. I am also using Jeff Doyle and
> white papers from Cisco website. People are saying that ospf-40%, BGP-30%,
> EIGRP--20% and rest is 10%. Please let me know if you have any other
inputs
> on this.
>
> All the best CCNP aspirants.
> Brijesh
>
> - Original Message -
> From: "Edward Gomez"
> To:
> Sent: Thursday, May 17, 2001 07:52 PM
> Subject: RE: CCNP ?? [7:4789]
>
>
> > John,
> >
> > I took the exam two weeks ago and used the following books and boson
tests
> > to prepare for it:
> >
> > Cisco Press Building Cisco Multilayer Switched Networks
> > Sybex CCNP Switching Study Guide
> > Exam Cram Switching Guide
> > Boson Switching Test #2
> >
> > The Cisco Press and Sybex books both cover everything you need to know.
> The
> > exam cram is helpful for studying. I would
> > definately purchase the two switching exams from Boson and test till you
> > score above 90%. As far as what is on the exam you
> > definately need to know multicasting, rp's, STP, VTP, MLS, and Vlans.
Also
> > there are several questions on hardware so know the diffence between the
> > 1900, 2900, 5000, 6000, and 8000 series switches. The test is not that
> hard
> > I was done in about 30 minutes and scored 835. I'm studying for BSCN
> > networks right now and I know that is gonna be a tough one..Good luck on
> > your exam...
> >
> > Eddie
> >
> > --
> > Edward J. Gomez, MCSE, CNE, CCNA
> > Information Systems Manager
> > ProxyMed, Inc
> > 2555 Davie Road,
> > Suite 110
> > Fort Lauderdale, Florida 33317
> > (954) 473-1001 x315
> > http://www.proxymed.com
> >
> >
> > -Original Message-
> > From: John Andrews [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 16, 2001 10:37 PM
> > To: [EMAIL PROTECTED]
> > Subject: CCNP ?? [7:4789]
> >
> >
> > I have a question or two.  I am in the near future planning on taking
the
> > CCNP
> > switching exam.  My question is this?
> >
> > How through is the test compared to the sybex book?  Will that, plus the
> > boson
> > tests prepare me adequately enough to pass the test and in addition to
the
> > edge tests that are included with the book?  Also, what are the main
areas
> > covered?  I am NOT asking for specific questionsbut generalities
only.
> > Something like VLANS were a large portion of the CCNA exam.  I am
> suspecting
> >
> > that rp's, switch types, commands, pim sparse and dense modes are the
main
> > portions.  Or at least this is what I am getting out of the sybex book.
> Am
> > I
> > seeing this wrong or am I on the right track?
> >
> > Thanks,
> > J
> > (the one who will be glad when this test is done)
> >
> > Have a great day!
> > John A
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4879&t=4789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco IOS VPN with Win2000 L2TP [7:4866]

[andylow]

Hi,

> Is there any way to config, for the Win2000 pc can connect IPSec over L2TP
> direct to the gateway router? Is this possible or do I need to also config
> the ISP's router too?

IPSec and L2TP both are VPN protocols used for tunneling, I don't think you
can use one over the other, you can only choose to use either one for
tunneling over the 2 peers.

cheers,

Andy


- Original Message -
From: Peter Li 
To: 
Sent: Friday, May 18, 2001 1:22 AM
Subject: Cisco IOS VPN with Win2000 L2TP [7:4866]


> Hi All,
>
> I'm trying to create L2TP vpn between Win2000 pc and Cisco 3640 router
> running 12.1(2) T  supports 3DES.
> So far, most configuration samples I've seen can only do L2TP with a 2
> router setup, LAC (ISP Access router) and LES (Enterprise gateway router).
>
> Is there any way to config, for the Win2000 pc can connect IPSec over L2TP
> direct to the gateway router? Is this possible or do I need to also config
> the ISP's router too?
>
> Any leads greatly appreciated.
>
> Peter Li
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4882&t=4866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Access Control [7:4873]

[Daniel Cotts]

Look at extended access lists
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/n
p1_c/1cip.htm#2588
Go to the section "Filter IP Packets".

> -Original Message-
> From: andre [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 12:44 PM
> To: [EMAIL PROTECTED]
> Subject: Network Access Control [7:4873]
> 
> 
> Hello,
> 
> How do I control who accesses a network?  I want to use a Cisco 2611
> router, mostly cause we already own one.  I want to use a TACACS+ &
> Cisco 2611 to control who has access to the 20 subnet from the 10
> subnet.  I can only seem to use it as a DB for users able to log into
> the router.   Does anyone know how to set it up for what I want?
> 
>10 Net --- Router & TACACS+
> server  20Net
> 
> Once again I don't want to use the TACACS+ to control access to who
> manages or accesses the router!  I want to control who is 
> able to access
> lets say an FTP server on the 20Net from the 10Net.
> 
> Thanks,
> Andre
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4883&t=4873
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Errors on link. [7:4646]

[andylow]

Well, it did happen on 2600 series router and my CAt 5500 switch. Auto
sensing will give both interfaces 100Mbps, but when I force the port on my
switch to 100Mbps/full duplex, the router interface in auto sensing mode
stay at half ;P, I need to force it to 100Mbps as well.

** Don't ask me why since it's already autosensing 100Mbps ;P **


- Original Message -
From: Brian 
To: 
Sent: Friday, May 18, 2001 1:55 AM
Subject: Re: Errors on link. [7:4646]


> yeah i had a case recently with a pair of bsd servers where if the switch
> they were connected was forced to 100/full, the server stayed at half.
> But if the switch set to auto, then 100/full was the result.  I was aghast
> in horror, but it did happen.
>
> Brian "Sonic" Whalen
> Success = Preparation + Opportunity
>
>
> On Wed, 16 May 2001, Priscilla Oppenheimer wrote:
>
> > Thanks for the info. That's a new one. Configuring auto negotiation
> > actually fixed the problem! ;-)
> >
> > Priscilla
> >
> > At 04:51 PM 5/16/01, Keith Woodworth wrote:
> >
> >
> > >On Wed, 16 May 2001, Priscilla Oppenheimer wrote:
> > >
> > >|+On the bright side, your reliability is still 255/255, which makes
sense
> > >|+since only 597 out of 530182 frames have an input error. The ratio of
> bad
> > >|+frames to good frames is 0.001, which is OK.
> > >
> > >One way to look at it. :)
> > >
> > >|+Is it copper cabling? Could there be electrical noise causing the
> errors?
> > >|+Is this server in a different location than the others? Did swapping
the
> > >|+NIC reduce the rate? Perhaps the NIC outputs bad frames every so
often.
> > >|+Please let us know what you find out. It will help us learn, though I
> > think
> > >|+the "bottom line" answer is that you shouldn't worry about this low
> level
> > >|+of errors.
> > >
> > >Yes standard TP. Server is located same rack as the others. One fellow
> > >from this group if I may mention him, as the last message was CC'd to
the
> > >list: Brad McConnell mentioned he had some Linux machines with Intel
> > >EtherExpress cards connected to a 6509 switch. When he hard set the
port
> > >on the card and the switch he saw errors as well. Soon as he Auto'd
both
> > >the switch and the card in the computer all was well.
> > >
> > >As these are the same card but running under BSD/OS, I set a port to
Auto
> > >on the switch, made sure the card was set to auto and moved the
computer
> > >to that port, took about 15 secs but they autoed to 100/full.
> > >
> > >That was about a half hour ago and so far no errors:
> > >
> > >5 minute input rate 127000 bits/sec, 42 packets/sec
> > >   5 minute output rate 107000 bits/sec, 40 packets/sec
> > >  103937 packets input, 42817903 bytes
> > >  Received 1 broadcasts, 0 runts, 0 giants, 0 throttles
> > >  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
> > >  0 watchdog, 0 multicast
> > >  0 input packets with dribble condition detected
> > >  99082 packets output, 39561280 bytes, 0 underruns
> > >  0 output errors, 0 collisions, 1 interface resets
> > >  0 babbles, 0 late collision, 0 deferred
> > >  0 lost carrier, 0 no carrier
> > >  0 output buffer failures, 0 output buffers swapped out
> > >
> > >Generally I would start seeing input errors within the first couple of
> > >megs of data. Looks like there might be issues with the driver for this
> > >card under BSD/OS and having the switch side pegged to 100/full and the
> > >card set to auto.
> > >
> > >Leave it be for now and see how it goes.
> > >
> > >Thanks for the reply.
> > >Keith
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4885&t=4646
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hi [7:4536]

[Patrick Bass]

well, I guess your just on the wong newsgroup.

""David Wong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I didn't sign up for this discussion group. Someone used my email client
> when I was away. But you guys talked about a lot of CRAPS over this
thread.
> Is that what you guys signed up for ? At least someone should think this
is
> way off your topics & wasting all other people's time to read these
> nonsense...
>
> - Original Message -
> From: "Natasha"
> To:
> Sent: Tuesday, May 15, 2001 11:40 PM
> Subject: Re: hi [7:4536]
>
>
> > Now that this thread ran it's course I wonder if we'll ever hear from
> > Mr. Wong again?
> >
> > >
> > > David Wong wrote:
> > > >
> > > > Hello gang,
> > > >
> > > > I am new.
> > > >
> > > > jc2
> >
> >
> > --
> > Natasha Flazynski
> > CCNA, MCSE
> > http://www.ciscobot.com
> > My Cisco information site.
> > http://www.botbuilders.com
> > Artificial Intelligence and Linux development




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4886&t=4536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unsubscribe [7:4884]

[scott mann]

unsubscribe cisco
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4884&t=4884
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need some help with ping on PIX [7:4859]

[Allen May]

yeah yeahrealized I needed more coffee now ;)  hehe

  - Original Message -
  From: Darren Crawford
  To: Allen May ; [EMAIL PROTECTED]
  Sent: Thursday, May 17, 2001 1:11 PM
  Subject: Re: Need some help with ping on PIX [7:4859]


  Traffic originating from the inside interface (outbound connections) are
allowed by default so an access-list on the inside interface isn't necessary
in this case.  Here's an excerp from the 5.1 manual:

Outbound connections or states are allowed, except those specifically
denied by access control lists. An outbound connection is one where the
originator or client is on a higher security interface than the receiver or
server. The highest security interface is always the inside interface and the
lowest is the outside interface. Any perimeter interfaces can have security
levels between the inside and outside values.


  The URL this was taken from is:  http:
//www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/intro.htm

  The access-list in the config. only speaks to PINGs not replies.  Try
adding
the following to the list:

  access-list 100 permit icmp any any echo-reply

  HTH

  Darren

  At 01:35 PM 05/17/2001 -0400, Allen May wrote:
  >You need an access-list for the inside interface to allow icmp.  I noticed
  >you have access list 100 bound to outside so that will allow incoming
pings.
  >You need one like it for inside.
  >
  >Allen May
  >
  >- Original Message -
  >From: "Mike Peterson"
  >To:
  >Sent: Thursday, May 17, 2001 11:21 AM
  >Subject: Need some help with ping on PIX [7:4859]
  >
  >
  >> Hi, I am trying to allow ping through my PIX firewall  , from any
  >> workstation on my inside network to any  workstation outside the
firewall
  >> .I also cannot ping my internet router.This is just a simulated network.
  >> PC1---|172.31.2.100
  >> 209.165.201.3  209.165.201.1
  >> |PIX---RTR-Int.
  >> CloudPC2---| I am missing something for sure, so would please let me
  >> know what I am missing.Thanks, Mike pixfirewall# wr t
  >> Building configuration...
  >> : Saved
  >> :
  >> PIX Version 5.1(4)
  >> nameif ethernet0 outside security0
  >> nameif ethernet1 inside security100
  >> nameif ethernet2 pix/intf2 security10
  >> nameif ethernet3 pix/intf3 security15
  >> enable password 8Ry2YjIyt7RRXU24 encrypted
  >> passwd 2KFQnbNIdI.2KYOU encrypted
  >> hostname pixfirewall
  >> fixup protocol ftp 21
  >> fixup protocol http 80
  >> fixup protocol h323 1720
  >> fixup protocol rsh 514
  >> fixup protocol smtp 25
  >> fixup protocol sqlnet 1521
  >> names
  >> access-list 100 permit icmp any any echo
  >> pager lines 24
  >> logging on
  >> no logging timestamp
  >> no logging standby
  >> no logging console
  >> no logging monitor
  >> logging buffered debugging
  >> no logging trap
  >> no logging history
  >> logging facility 20
  >> logging queue 512
  >> interface ethernet0 auto
  >> interface ethernet1 auto
  >> interface ethernet2 auto shutdown
  >> interface ethernet3 auto shutdown
  >> mtu outside 1500
  >> mtu inside 1500
  >> mtu pix/intf2 1500
  >> mtu pix/intf3 1500
  >> ip address outside 209.165.201.3 255.255.255.224
  >> ip address inside 172.31.2.100 255.255.255.0
  >> ip address pix/intf2 127.0.0.1 255.255.255.255
  >> ip address pix/intf3 127.0.0.1 255.255.255.255
  >> no failover
  >> failover timeout 0:00:00
  >> failover ip address outside 0.0.0.0
  >> failover ip address inside 0.0.0.0
  >> failover ip address pix/intf2 0.0.0.0
  >> failover ip address pix/intf3 0.0.0.0
  >> arp timeout 14400
  >> nat (inside) 0 172.31.2.0 255.255.255.0 0 0
  >> static (inside,outside) 209.165.201.3 172.31.2.100 netmask
  >> 255.255.255.255 0 0
  >> access-group 100 in interface outside
  >> rip inside default version 1
  >> route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
  >> timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
  >> timeout rpc 0:10:00 h323 0:05:00
  >> timeout uauth 0:05:00 absolute
  >> aaa-server TACACS+ protocol tacacs+
  >> aaa-server RADIUS protocol radius
  >> no snmp-server location
  >> no snmp-server contact
  >> snmp-server community public
  >> no snmp-server enable traps
  >> floodguard enable
  >> isakmp identity hostname
  >> telnet timeout 5
  >> terminal width 80
  >> Cryptochecksum:2012a7889adc85895d9db997c1ca0878
  >> : end
  >> [OK]
  >> pixfirewall#
  >>
  >> 
  >>
  >> Get your FREE download of MSN Explorer at http://explorer.msn.com
  >> FAQ, list archives, and subscription info:
  >http://www.groupstudy.com/list/cisco.html
  >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  >FAQ, list archives, and subscription info:
  >http://www.groupstudy.com/list/cisco.html
  >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


  ***

Re: Cisco IOS VPN with Win2000 L2TP [7:4866]

[Brian M. Green]

You can do L2TP over IPSEC tunneling.  In fact, this is the method
recommended by microsoft.  IPSEC tunneling alone does not have strong
user authentication methods or adequate ways of doing remote address
assignment.  This is allright for server to server VPNs but not when you
have remote VPN clients connecting to the VPN server.  By running
L2TP/IPSEC tunneling you get the benefit of IPSEC encryption with L2TP
user authentication and addressing.

andylow wrote:
> 
> Hi,
> 
> > Is there any way to config, for the Win2000 pc can connect IPSec over
L2TP
> > direct to the gateway router? Is this possible or do I need to also
config
> > the ISP's router too?
> 
> IPSec and L2TP both are VPN protocols used for tunneling, I don't think you
> can use one over the other, you can only choose to use either one for
> tunneling over the 2 peers.
> 
> cheers,
> 
> Andy
> 
> - Original Message -
> From: Peter Li
> To:
> Sent: Friday, May 18, 2001 1:22 AM
> Subject: Cisco IOS VPN with Win2000 L2TP [7:4866]
> 
> > Hi All,
> >
> > I'm trying to create L2TP vpn between Win2000 pc and Cisco 3640 router
> > running 12.1(2) T  supports 3DES.
> > So far, most configuration samples I've seen can only do L2TP with a 2
> > router setup, LAC (ISP Access router) and LES (Enterprise gateway
router).
> >
> > Is there any way to config, for the Win2000 pc can connect IPSec over
L2TP
> > direct to the gateway router? Is this possible or do I need to also
config
> > the ISP's router too?
> >
> > Any leads greatly appreciated.
> >
> > Peter Li
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4890&t=4866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WIC-1ENET on a 1720 (IOS release question) [7:4889]

[No Data]

I have a 1720 that I need to put a WIC-1ENET card
into.  On Cisco's website it said that 'IOS Release
12.1(3)XT1 or later' is required.  Does 12.1.1(*)
count as a later release?

Ben

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4889&t=4889
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Intense training? [7:4892]

[Marshal Schoener]

Quick question :)

Does anybody have any experience (or heard anything about) "Intense School"?
They are a bootcamp located in Florida...
It's a 16 day CCNP boot camp.  They seem excellent on paper, but I would
like to hear from somebody
about it before I commit.  It think it is part of the "NT School" system.
Their website if anyone is interested is
www.ntschool.com.

  Thanks in advance if anybody can help me out,
  Marshal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4892&t=4892
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[Allen May]

No what I'm saying is that if your network is using something with
216.115.105.2 (www.yahoo.com ping), and that IP exists on your network, how
are you going to access www.yahoo.com if it's a local IP?  He said using a
publically routable IP and didn't say it was his own


- Original Message -
From: "andylow" 
To: "Allen May" ; 
Sent: Thursday, May 17, 2001 1:12 PM
Subject: Re: Using Public addresses as Internally [7:4835]


> Routers that did not filtered outgoing private IPs will still forward the
> packets out based on default router.
>
> - Original Message -
> From: Allen May 
> To: 
> Sent: Thursday, May 17, 2001 11:57 PM
> Subject: Re: Using Public addresses as Internally [7:4835]
>
>
> > If you're using someone elses IP range, you'll never be able to access
> their
> > network if you need to.  Your router would keep it internal & would
never
> > pass it outside.
> >
> > - Original Message -
> > From: "Bruce Williams"
> > To:
> > Sent: Thursday, May 17, 2001 9:01 AM
> > Subject: Using Public addresses as Internally [7:4835]
> >
> >
> > > My company wants to use public addresses from the Class A range
> > internally.
> > > I realize the danger if these routes got advertised on the Internet,
but
> > is
> > > this something that is considered acceptable if it is carefully done
to
> > > prevent the risk of these routes being propagated out on the Public
> > > Internet? These networks will be used to address equipment in a
> multitude
> > of
> > > cellular radio base stations around the country and they will only be
> > > connected to our network. There will central locations where users
from
> > the
> > > internet could access a database which will query these systems, but
> there
> > > will not be a direct internet connection. I would appreciate any
advice
> on
> > > this.
> > >
> > > Thanks,
> > >
> > >
> > > Bruce Williams
> > > [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4891&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco IOS VPN with Win2000 L2TP [7:4866]

[jbullock]

Andy, Peter

that part about the ipsec and l2tp competing is correct, check out the ire
client for win 2000 for ipsec capabilities into a router.  you can get cisco
support when vpning with the ire client into a cisco ios platform.

jason

www.ire.com  now called,
 http://www.safenet-inc.com/index.asp




-Original Message-
From: andylow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 2:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco IOS VPN with Win2000 L2TP [7:4866]


Hi,

> Is there any way to config, for the Win2000 pc can connect IPSec over L2TP
> direct to the gateway router? Is this possible or do I need to also config
> the ISP's router too?

IPSec and L2TP both are VPN protocols used for tunneling, I don't think you
can use one over the other, you can only choose to use either one for
tunneling over the 2 peers.

cheers,

Andy


- Original Message -
From: Peter Li
To:
Sent: Friday, May 18, 2001 1:22 AM
Subject: Cisco IOS VPN with Win2000 L2TP [7:4866]


> Hi All,
>
> I'm trying to create L2TP vpn between Win2000 pc and Cisco 3640 router
> running 12.1(2) T  supports 3DES.
> So far, most configuration samples I've seen can only do L2TP with a 2
> router setup, LAC (ISP Access router) and LES (Enterprise gateway router).
>
> Is there any way to config, for the Win2000 pc can connect IPSec over L2TP
> direct to the gateway router? Is this possible or do I need to also config
> the ISP's router too?
>
> Any leads greatly appreciated.
>
> Peter Li
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4893&t=4866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[Priscilla Oppenheimer]

Why not use something from the private ranges?

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Also, Class A would let you address 16 million of these devices. Do you 
really have that many?

Also, quite a few large companies, universities, and service providers have 
hung onto their Class A address. What would happen if the users from the 
Internet that you mentioned below happened to be on the same Class A as you 
are using? IP spoofing protection (if you are using it) might not let these 
users in. Even if they got in, the responses to their packets might get 
routed internally not back to them. You could avoid these problems, of 
course, but why even risk having them?

I'm sure you have your reasons and you're just trolling for a sanity check. 
Without more details, we have to give you the sort of canned response that 
it's a bad idea. ;-)

Priscilla

At 10:01 AM 5/17/01, Bruce Williams wrote:
>My company wants to use public addresses from the Class A range internally.
>I realize the danger if these routes got advertised on the Internet, but is
>this something that is considered acceptable if it is carefully done to
>prevent the risk of these routes being propagated out on the Public
>Internet? These networks will be used to address equipment in a multitude of
>cellular radio base stations around the country and they will only be
>connected to our network. There will central locations where users from the
>internet could access a database which will query these systems, but there
>will not be a direct internet connection. I would appreciate any advice on
>this.
>
>Thanks,
>
>
>Bruce Williams
>[EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4894&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How to unsubscribe (was Re: unsubscribe [7:4884]) [7:4895]

[EA Louie]

either go to http://www.groupstudy.com and unsubscribe there, or

send a message from your subscribed email address to
[EMAIL PROTECTED] and in the text of message type

unsubscribe cisco

- Original Message -
From: "scott mann" 
To: 
Sent: Thursday, May 17, 2001 11:42 AM
Subject: unsubscribe [7:4884]


> unsubscribe cisco
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4895&t=4895
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Access Control [7:4873]

[Rizzo Damian]

Access-Lists are your friend.



-Original Message-
From: andre [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 17, 2001 1:44 PM
To: [EMAIL PROTECTED]
Subject: Network Access Control [7:4873]

Hello,

How do I control who accesses a network?  I want to use a Cisco 2611
router, mostly cause we already own one.  I want to use a TACACS+ &
Cisco 2611 to control who has access to the 20 subnet from the 10
subnet.  I can only seem to use it as a DB for users able to log into
the router.   Does anyone know how to set it up for what I want?

   10 Net --- Router & TACACS+
server  20Net

Once again I don't want to use the TACACS+ to control access to who
manages or accesses the router!  I want to control who is able to access
lets say an FTP server on the 20Net from the 10Net.

Thanks,
Andre
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4887&t=4873
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

100mb Ethernet over Type 1 ... [7:4897]

[Hornbeck, Timothy]

Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
some of the issues in doing so?  Looking to cut some costs on a project.

Timothy J. Hornbeck
Technical Analyst III
Infrastructure Implementation - LAN/WAN
"6EQUJ5" - By Unknown (recorded at OSU "Big Ear")




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4897&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to unsubscribe (was Re: unsubscribe [7:4884]) [7:4884]

[Brian]

How about if the list looked for messages with the phrase unsubscribe
cisco, then bounced them to majordomo?  I hate to reward people's
inability to read, but we see several of these every day.

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Thu, 17 May 2001, EA Louie wrote:

> either go to http://www.groupstudy.com and unsubscribe there, or
>
> send a message from your subscribed email address to
> [EMAIL PROTECTED] and in the text of message type
>
> unsubscribe cisco
>
> - Original Message -
> From: "scott mann"
> To:
> Sent: Thursday, May 17, 2001 11:42 AM
> Subject: unsubscribe [7:4884]
>
>
> > unsubscribe cisco
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4896&t=4884
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100mb Ethernet over Type 1 ... [7:4897]

[Brian]

doing a token ring conversion?  This appears to work to 16 meg token ring
speeds?

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Thu, 17 May 2001, Hornbeck, Timothy wrote:

> Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
> some of the issues in doing so?  Looking to cut some costs on a project.
>
> Timothy J. Hornbeck
> Technical Analyst III
> Infrastructure Implementation - LAN/WAN
> "6EQUJ5" - By Unknown (recorded at OSU "Big Ear")
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4898&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

[Erick B.]

That is correct. If it is not adjancent/directly
connected or more then 1 hop away then the route-map
policy will be rejected and normal forwarding takes
place (debug policy). 

cisco.com has conflicting docs on this. Some say it
has to be adjancent, others say it doesn't. I remember
one saying "it not need be adjancent". 

--- Bernard  wrote:
> Now that we are at the subject of route-map, my
> experience show that the
> x.x.x.x address in the command 
> 
> set ip next-hop x.x.x.x
> 
> must be a directly connected router's interface, in
> other words, it can not
> be more than one hop away.
> Can anyone confirm, or dispute this?
> 
> Bernard
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Erick B.
> Sent: Wednesday, May 16, 2001 9:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: BGP Route map [7:4730]
> 
> 
> Route-maps work in both directions, but many
> functions
> in IOS can reference a route-map. 
> 
> For more control, use an access-list as well. The
> one
> you posted will set the next hop for any traffic
> going
> across the ethernet interface except locally
> generated
> traffic by the router. Also, the next hop has to be
> adjancent to the router (not more then 1 hop away)
> else policy routing will fail and normal forwarding
> will take place.
> 
> For traffic generated by the router to be policy
> routed using the route-map, you need to do 'ip local
> policy (route-map-name)'. 
> 
> Example:
> 
> route-map redirect perm 10
>   match ip address 101
>   match interface ethernet0
>   set ip next-hop x.x.x.x
> 
> This will set the next-hop for traffic on Ethernet0
> that matches ACL 101. To control which direction,
> you
> could use the source address of internal users in
> the
> ACL. 
> 
> For example:
> 
> access-list 101 perm ip 10.0.0.0 0.255.255.255 any
> 
> That would change the next-hop only for 10.x.x.x
> users
> going anywhere. Everyone else would take routes in
> routing table (normal forwarding). 
> 
> Policy Routing is like a Super Static Route since
> you
> can route traffic on anything a ACL can match on. 
> 
> HTH, Erick
> 
> --- "Davis, Scott [ISE/RAC]"
>  wrote:
> > ok sorry for all the posts, lets try this one more
> > time. 
> > I am working on practice tests for BSCN and do not
> > understand
> > why I got this one wrong. Given the following:
> > 
> > match clauses:
> > interface ethernet0
> > set clauses:
> > next hop x.x.x.x
> > 
> > Does this attempt to match outbound or inbound
> > packets on the 
> > interface and set the next hop?
> > 
> > Last change, I promise
> > 
> > 
> > -Original Message-
> > From: Davis, Scott [ISE/RAC]
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 16, 2001 15:02
> > To: [EMAIL PROTECTED]
> > Subject: BGP Route map [7:4730]
> > 
> > 
> > In a BGP route map, when you use the match
> > statement: 
> > 
> > match 
> > next hop x.x.x.x
> > 
> > Is this set to match inbound, or outbound, packets
> > passing through the
> > specified interface, or am I completely off-base
> and
> > it is neither one?
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Erick Bergquist
http://erick.bergquist.org
CCNP+Security, NNCSE

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4878&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Password recovery [7:4899]

[Robert Perez]

Anyone know how to reset the enable password on a 5000 series switch when
you have forgotten it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4899&t=4899
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100mb Ethernet over Type 1 ... [7:4897]

[Brijesh]

What is type 1 cabling? Please let me know. What I have implemented is
Category 3,4, and 5 UTP cabling.

Brijesh
- Original Message -
From: "Hornbeck, Timothy" 
To: 
Sent: Friday, May 18, 2001 12:54 AM
Subject: 100mb Ethernet over Type 1 ... [7:4897]


> Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
> some of the issues in doing so?  Looking to cut some costs on a project.
>
> Timothy J. Hornbeck
> Technical Analyst III
> Infrastructure Implementation - LAN/WAN
> "6EQUJ5" - By Unknown (recorded at OSU "Big Ear")
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4900&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unsubscribe cisco [7:4901]

[Ali Fayazi, SAMW, New York]

unsubscribe cisco


Thank you
Ali Fayazi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4901&t=4901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

telnetting router [7:4902]

[Gene Park]

I have seven routers to provide Internet connection
by telnetting. Unfortunately, I am not familiar with
this kind of thing.

Anyone have experience of connecting routers with
Terminal server to the Internet?
What system is necessary for the host? Unix, NT, or
95 or 98? Or do I need ISDN router for this connection?
Please let's share your knowledge on this.
Thank you.

Gunyang

=
Gene Park
[EMAIL PROTECTED]

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4902&t=4902
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100mb Ethernet over Type 1 ... [7:4897]

[David McGlumphy]

Yes, we've been doing it for a couple years.  The only issues we have run 
into are with using 2924XL switches. When you are running token ring, the 
connectors automatically loopback when they are disconnected so that the 
ring is not broken.  The 2924XL switches have a bug that causes the port 
to freak out when the connector loops back. The only way to fix this is 
to reset the switch.  You have 2 options - 1.  Make sure everyone knows 
not to disconnect the IBM connector end of the cable until it has been 
disconnected form the switch, or 2.  remove/cut the think wire inside of 
the connector that causes the loopback.  Just make sure you never need to 
use the connector in a token ring network again or you will have 
problems.  Other than that, we've had surprisingly few problems...
Dave




>> Original Message  wrote regarding 100mb Ethernet over 
Type 1 ... [7:4897]:


> Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
> some of the issues in doing so?  Looking to cut some costs on a project.

> Timothy J. Hornbeck
> Technical Analyst III
> Infrastructure Implementation - LAN/WAN
> "6EQUJ5" - By Unknown (recorded at OSU "Big Ear")
> FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4903&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100mb Ethernet over Type 1 ... [7:4897]

[Paul Pavlicko]

Yes,
 We did it at my last place of employment to buy us some time when upgrading
our Token-Ring network to 100mb Ethernet, Blackbox makes an adapter that you
plug into the type 1 wall connecter that converts it to RJ45. I'll try and
find out the part number for ya. We didn't have any problems with them, ran
about 30 systems (100mb Ethernet) on the old token-ring cables for about a
month before we could get the cat 5 installed. They may still have the
adapters laying around that they may give to you...I'll find out.

Paul

-Original Message-
From: Hornbeck, Timothy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 3:25 PM
To: [EMAIL PROTECTED]
Subject: 100mb Ethernet over Type 1 ... [7:4897]


Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
some of the issues in doing so?  Looking to cut some costs on a project.

Timothy J. Hornbeck
Technical Analyst III
Infrastructure Implementation - LAN/WAN
"6EQUJ5" - By Unknown (recorded at OSU "Big Ear")
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4904&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Password recovery [7:4899]

[Daniel Cotts]

See this:
http://www.cisco.com/warp/public/474/pswdrec_6000.html
When it prompts you for the new password just press "enter". Blow away the
old passwords - you only have about 30 seconds after a reboot. It may take
two reboots to clear both the console and enable passwords. Once you have no
passwords - you can create new ones at your leisure.

> -Original Message-
> From: Robert Perez [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Password recovery [7:4899]
> 
> 
> Anyone know how to reset the enable password on a 5000 series 
> switch when
> you have forgotten it?
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4906&t=4899
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Password recovery [7:4899]

[Jim Dixon]

Here is a link to the cisco site that has
password recovery procedures.
http://www.cisco.com/warp/public/474/index.shtml

-Original Message-
From: Robert Perez [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 2:55 PM
To: [EMAIL PROTECTED]
Subject: Password recovery [7:4899]


Anyone know how to reset the enable password on a 5000 series switch when
you have forgotten it?
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4905&t=4899
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using Public addresses as Internally [7:4835]

[andylow]

Routers that did not filtered outgoing private IPs will still forward the
packets out based on default router.

- Original Message -
From: Allen May 
To: 
Sent: Thursday, May 17, 2001 11:57 PM
Subject: Re: Using Public addresses as Internally [7:4835]


> If you're using someone elses IP range, you'll never be able to access
their
> network if you need to.  Your router would keep it internal & would never
> pass it outside.
>
> - Original Message -
> From: "Bruce Williams"
> To:
> Sent: Thursday, May 17, 2001 9:01 AM
> Subject: Using Public addresses as Internally [7:4835]
>
>
> > My company wants to use public addresses from the Class A range
> internally.
> > I realize the danger if these routes got advertised on the Internet, but
> is
> > this something that is considered acceptable if it is carefully done to
> > prevent the risk of these routes being propagated out on the Public
> > Internet? These networks will be used to address equipment in a
multitude
> of
> > cellular radio base stations around the country and they will only be
> > connected to our network. There will central locations where users from
> the
> > internet could access a database which will query these systems, but
there
> > will not be a direct internet connection. I would appreciate any advice
on
> > this.
> >
> > Thanks,
> >
> >
> > Bruce Williams
> > [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4907&t=4835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Password recovery [7:4899]

[Martin-Guy Richard]

Yes Robert, go check:

http://www.cisco.com/warp/public/474/pswdrec_6000.html

The general page is at:

http://www.cisco.com/warp/public/474/index.shtml

Have fun!

MGR

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Robert Perez
Sent: May 17, 2001 3:55 PM
To: [EMAIL PROTECTED]
Subject: Password recovery [7:4899]


Anyone know how to reset the enable password on a 5000 series switch when
you have forgotten it?
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4908&t=4899
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TACACS+ Accounting log file parser? [7:4909]

[Tim Lovelace]

I was wondering if anyone knew of a program or script that could easily
parse the accounting log for TACACS+? I am trying to get a close
approximation of dialup time for billing records.

Thanks
Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4909&t=4909
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Questions! [7:4910]

[What's up!]

Hi;

This group is suppose to target for intermediate to expert level
cisco user.
I do not know why there is so many stupid question appear in the group
lately.

For example, does cisco 2523 perform frame relay switch?
I do not know why they can't find information in the cisco web site.

I do not mean to offend anyone.  But just want to raise an issue.

rgds;
abc




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4910&t=4910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100mb Ethernet over Type 1 ... [7:4897]

[W. Alan Robertson]

Type-1 cabling is more commonly known as "Shielded Twisted Pair."  It's a
heavy
gauge 2 pair cabling that was used in legacy Token Ring environments, before
UTP
caught on.  It's excellent cable, due to it's braided shielding.  It's flaws
were it's cost, and it's size (very thick, and somewhat difficult to work
with).

It's clear to me where Timothy is coming from...  He's got a client with an
existing Token Ring network looking to migrate to Fast Ethernet, and they'd
like
to leverage what must have been a tremendously expensive cabling
infrastructure
since they've already paid for it.

>From http://www.ece.ac.ae/techstuff/networking/fetech.html :

---[Pasted Text]---
100BASE-TX Physical Layer

This physical layer defines the specification for 100BASE-T Ethernet over two
pairs of Category 5 UTP (unshielded) or Type 1 STP (shielded) twisted-pair
wire.
With one pair for transmit and the other for receive, the wiring scheme is
identical to that used for 10BASE-T Ethernet. The UTP connector, an RJ-45, is
also identical to the one used for 10BASE-T Ethernet, wired in exactly the
same
fashion. However, the punch-down blocks in the wiring closet must be
Category 5
certified. Where these blocks do not meet the standard, an upgrade is
necessary.
The STP connector is the same DB-9 used for Token Ring networks.
---[End Paste]---

It would appear that there is nothing to prevent the use of Fast Ethernet
over
Type-1, but I've never seen it done.  You can be sure that someone has done
it
though...  Keep looking...

Alan

- Original Message -
From: "Brijesh" 
To: 
Sent: Thursday, May 17, 2001 3:55 PM
Subject: Re: 100mb Ethernet over Type 1 ... [7:4897]


> What is type 1 cabling? Please let me know. What I have implemented is
> Category 3,4, and 5 UTP cabling.
>
> Brijesh
> - Original Message -
> From: "Hornbeck, Timothy"
> To:
> Sent: Friday, May 18, 2001 12:54 AM
> Subject: 100mb Ethernet over Type 1 ... [7:4897]
>
>
> > Is it possible to run 100mb Ethernet over Type1 cabling?  If so what are
> > some of the issues in doing so?  Looking to cut some costs on a project.
> >
> > Timothy J. Hornbeck
> > Technical Analyst III
> > Infrastructure Implementation - LAN/WAN
> > "6EQUJ5" - By Unknown (recorded at OSU "Big Ear")
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4911&t=4897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed BCMSN [7:4546]

[Sudarshan Narasimhachari]

Kevin et all Brain dump people out there,

I have no comments on your ability to memorise a whole book. What we
are talking here about is real achievements. I hope people in this
group will agree with me in the difference between real experience and
knowledge and just brain dumps.

I know there are going to be fumes on this now. Let them come:-)

- Sudarshan

-Original Message-
From: Kevin Schwantz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 11:06 AM
To: [EMAIL PROTECTED]
Subject: Re: Passed BCMSN [7:4546]


I passed BCMS with only a book. Never configured a switch before. You
just
have to memorise it all.


Kevin


__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4864&t=4546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what is a good intrusion detection software? [7:4610]

[EA Louie]

Know first why you're protecting yourself and who and what you're protecting
yourself from.

http://www.cert.org/security-improvement/   see "Detecting signs of
intrusion"

for different software solutions, do a search using your favorite search
engine on "intrusion detection software"

I use BlackIce on my personal computer(s), which alerts me every time
someone tries to probe my computer.  You'll want to use a phased firewall
approach, where your first line of defense is your access router to the
Internet.  CERT makes some suggestions about which ports to block (at least
it gets rid of the 'amateur' hackers, which account for a good percentage of
the malevolent and malicious attacks)

-e-

- Original Message -
From: "Jerry Deer" 
To: 
Sent: Tuesday, May 15, 2001 3:40 PM
Subject: what is a good intrusion detection software? [7:4610]


> Hello Group,
>  I am a little concerned about security these days and was wondering if
> anyone had links that address this issue. I dont want anyone attacking my
> killing my network and cant just rely on firewall.. right?
> Thanks for any replies!
> JD
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4616&t=4610
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Reverse Telnet [7:4723]

[Mark Rose]

Sorry I should have thought of that.

2511#sh run
Building configuration...

Current configuration:
!
version 11.0
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 2511
!
enable secret 5 $1$KRXt$MfpQSqUGp0NOiHRhiRwPs1
!
no ip domain-lookup
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0
 ip address 192.168.1.69 255.255.255.0
!
interface Serial0
 no ip address
 shutdown
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
ip host east 2001 10.1.1.1
ip host south 2004 10.1.1.1
ip host north 2003 10.1.1.1
ip host west 2002 10.1.1.1
ip classless
banner exec ^C
01 - west console
02 - east console
03 - north console
04 - south console ^C
!
line con 0
line 1 16
 no exec
 transport input all
line aux 0
 transport input all
line vty 0
 exec-timeout 0 0
 password 7 06030328464F01
 login
line vty 1
 exec-timeout 0 0
 password 7 050E0A062B4D46
 login
line vty 2
 exec-timeout 0 0
 password 7 14121E02060522
 login
line vty 3
 exec-timeout 0 0
 password 7 045E070F052044
 login
line vty 4
 exec-timeout 0 0
 password 7 14121E02060522
 login
!
end


Second router

est#sh run
Building configuration...

Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname west
!
enable secret 5 $1$57px$PD.qgpO/R2whcXLTrvlYA.
!
!
interface Ethernet0
 no ip address
 shutdown
!
interface Ethernet1
 no ip address
 shutdown
!
interface Serial0
 no ip address
 shutdown
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
no ip classless
!
!
line con 0
line aux 0
line vty 0 4
 password 7 06030328464F01
 login
 transport input telnet
!
end




-Original Message-
From: Marco P Rodrigues [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 16, 2001 2:15 PM
To: Mark Rose
Cc: [EMAIL PROTECTED]
Subject: Re: Reverse Telnet [7:4723]


You could paste a copy of your current configuration and we could take a
quick glance at it.

--
"Virtually All Internet Porno flows through the systems of one
company. Cisco Systems. Emporning the Internet Generation."


On Wed, 16 May 2001, Mark Rose wrote:

> I am trying to set up a 2511 as an access server. I believe I have that
end
> set properly. When I telnet to  jump to another router I get the message
> that "is not an open connection". I am not sure what I missed in vty of
> router going to. Is there documentation I can get to help me set this up.
>
> As always TIA
>
> Mark
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4772&t=4723
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]