RE: Connect 6509 with CONSOLE [7:17983]
The little hole let you change from the Catalyst console (normal patch cable) to the Cisco router console cable (rollover) I just wish all Cisco devises came with this, then we would not have to carry around the black or blue rollover cable. -Original Message- From: Rik Guyler [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 4:40 AM To: [EMAIL PROTECTED] Subject: RE: Connect 6509 with CONSOLE [7:17983] Hmm...I don't know what the little "hole" is but accessing the console on a 6509 is just like any other device. Set your stop bits to 1 and give that a try. 1 is the default setting for Cisco consoles. Remember: 9600, 8, none, 1 --- Rik Guyler -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 7:27 PM To: [EMAIL PROTECTED] Subject: Connect 6509 with CONSOLE [7:17983] Hi All, I attempted to access to the CAT 6509 with the CONSOLE port today. This 6509 is in production. It appeared that I didn't get any output on my HyperTerminal. My HyperTerminal setting is: 9600 bits per second, Data bits = 8, Parity = none, Stope bit = 2 (as indicated on Cisco.com), Flow control = none. There's also a little hidden hole right next to the CONSOLE port labelled as "Console mode...". I don't know if I have to change something to access the console? Also, if I have to press that hidden hole to access the Console mode, will it affect the production enviroment? Thanks All in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18045&t=17983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP memory requirement formula... HELP!!! [7:17888]
Hi All, Thanks for the help, will 128mb cover us even if we're peering with 4 ISPs? Rgds, Aidan.. ""Aidan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All, > > Can anybody help me?? I've been searching CCO and the web for the last hour > trying to find the formula to calculate the BGP memory requirement. It's > something like ( Number of BGP routes X number of peers X something) > > Any help gratefully appreciated!!! > > Rgds, > Aidan.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18046&t=17888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Earl ASIC unsupported error message on cat5509 [7:18048]
Hello colleagues, I am trying to install a redundant SE III in a Cat5509 switch; the module is booting, but then the system is halted. Here is the output from the boot sequence: System Bootstrap, Version 5.1(2) Copyright (c) 1994-1999 by cisco Systems, Inc. Presto processor with 65536 Kbytes of main memory Autoboot executing command: "boot bootflash:RTSYNC_cat5000-sup3_4-5-3.bin" Loading Network Management Processor image Uncompressing file: ### ## System Power On Diagnostics NVRAM Size ...512 KB ID Prom Test ..Passed DPRAM Size 16KB DPRAM Data 0x55 Test ..Passed DPRAM Data 0xaa Test ..Passed DPRAM Address Test Passed Clearing DPRAM Done System DRAM Memory Size ...64MB DRAM Data 0x55 Test ...Passed DRAM Data 0xaa Test ...Passed DRAM Address Test Passed Clearing DRAM .Done EARLII Present EARLII RAM Test ...Passed EARL Serial Prom Test .Passed Level2 Cache ..Present Level2 Cache test..Passed Boot image: bootflash:RTSYNC_cat5000-sup3_4-5-3.bin Downloading epld sram device please wait ... Programming successful for Altera 10K50 SRAM EPLD SYSTEM_FATAL_ERROR: Banff subsystem failed SYSTEM_FATAL_ERROR: Unsupported Earl ASIC Halting the system. Does this mean that one of the ASICs on the card is malfunctioning ? Thanks for your help in advance. Hans _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18048&t=18048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Earl ASIC unsupported error message on cat5509 [7:18048]
Did you check the catos version you put on ? This message make me think that the OS don't correspond to the hardware architecture (ASIC unsupported). EARL is (Enhanced Address Recognization Logic), this ASIC make the forwarding decision in the supervisor engine. ""Hans Stout"" a icrit dans le message news: [EMAIL PROTECTED] > Hello colleagues, > > I am trying to install a redundant SE III in a Cat5509 switch; the module is > booting, but then the system is halted. Here is the output from the boot > sequence: > > System Bootstrap, Version 5.1(2) > Copyright (c) 1994-1999 by cisco Systems, Inc. > Presto processor with 65536 Kbytes of main memory > > Autoboot executing command: "boot bootflash:RTSYNC_cat5000-sup3_4-5-3.bin" > > Loading Network Management Processor image > > Uncompressing file: > ### > > > > > > > > > > ## > > > System Power On Diagnostics > NVRAM Size ...512 KB > ID Prom Test ..Passed > DPRAM Size 16KB > DPRAM Data 0x55 Test ..Passed > DPRAM Data 0xaa Test ..Passed > DPRAM Address Test Passed > Clearing DPRAM Done > System DRAM Memory Size ...64MB > DRAM Data 0x55 Test ...Passed > DRAM Data 0xaa Test ...Passed > DRAM Address Test Passed > Clearing DRAM .Done > EARLII Present > EARLII RAM Test ...Passed > EARL Serial Prom Test .Passed > Level2 Cache ..Present > Level2 Cache test..Passed > > Boot image: bootflash:RTSYNC_cat5000-sup3_4-5-3.bin > Downloading epld sram device please wait ... > Programming successful for Altera 10K50 SRAM EPLD > SYSTEM_FATAL_ERROR: Banff subsystem failed > SYSTEM_FATAL_ERROR: Unsupported Earl ASIC > Halting the system. > > Does this mean that one of the ASICs on the card is malfunctioning ? > Thanks for your help in advance. > > Hans > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18049&t=18048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PBX Fundamentals [7:17961]
There used to be the training course on cco, the way through to it starts with the following url http://www.cisco.com/warp/public/10/wwtraining/pec/peclogin.html You could also try the following texts from cisco Press Integrating Voice & Data Networks Cisco Voice over Frame Relay, ATM & IP - Chapter 12 Voice over IP Fundamentals If you can find it the course is ok, but the 3 books are sufficient and I have several of my team through the exam just based on the books. Average score for those taking the exam 94% If you have any specific roduct questions send to em direct. Good luck Keith Townsend wrote: > > All right! I've e-mailed my SE at Cisco and was not able to > get the answer > I was looking for. Where in the world do I find the correct > training > material for the PBX Fundamentals Exam. PEC has a course but I > took the > test and it asks questions like "What type or workstation can > you control an > Lucent blah, blah, blah..." This material is diffidently not > in the course > in the PEC. I searched the Archives and someone gave reference > to a set or > PowerPoint's that have all of this obscure information in > them. If someone > could help me locate this stuff I'd appreciate it dearly. > > Keith Townsend > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18051&t=17961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what is mean there is a loop on the interface??? [7:18052]
I was informed that there is a loop in our interface, and it is not up. When I do a sh interface, I found it is up but there is a word (looped) as shown below. What is the meaning??? What happen ?? When I show cdp neighbor, I see the cdp neighbor of the interface is the router itself?? Why??? sin03>sh int s1/0 Serial1/0 is up, line protocol is up (looped) sin03>sh cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal Intrfce HoldtmeCapability Platform Port ID sin03Ser 1/0136 Rc3660 Ser 1/0 TYO02Ser 1/1154 R1750 Ser 0 HKG01Ser 1/2167 R1750 Ser 0 SYD02Ser 2/1157 R1750 Ser 0 == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18052&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is mean there is a loop on the interface??? [7:18052]
It means that the line is OK. ""Sim, CT (Chee Tong)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was informed that there is a loop in our interface, and it is not up. > When I do a sh interface, I found it is up but there is a word (looped) as > shown below. What is the meaning??? What happen ?? When I show cdp > neighbor, I see the cdp neighbor of the interface is the router itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability Platform Port ID > sin03Ser 1/0136 Rc3660 Ser 1/0 > TYO02Ser 1/1154 R1750 Ser 0 > HKG01Ser 1/2167 R1750 Ser 0 > SYD02Ser 2/1157 R1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18053&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is mean there is a loop on the interface??? [7:18052]
It means that any packet arriving at this interfae will be looped back. its just like the ip 127.0.0.1 but this is for ip enviro. this type of loopback is harware that is why u r seeing ur self in CDP try issuing the NO LOOP on the interface or similar i didnt remembered. and becuase of this loopback u cant get connectivity to others. -Mamoor "Sim, CT (Chee Tong)" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was informed that there is a loop in our interface, and it is not up. > When I do a sh interface, I found it is up but there is a word (looped) as > shown below. What is the meaning??? What happen ?? When I show cdp > neighbor, I see the cdp neighbor of the interface is the router itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability Platform Port ID > sin03Ser 1/0136 Rc3660 Ser 1/0 > TYO02Ser 1/1154 R1750 Ser 0 > HKG01Ser 1/2167 R1750 Ser 0 > SYD02Ser 2/1157 R1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18054&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is mean there is a loop on the interface??? [7:18052]
It means that the LEC has a loop in the circuit. This is not a good thing. Call your Service Provider and have them take your loop out. I would also check your own network to make sure you are not providing the loop yourself such as with your CSU or a hard loop. Hope this helps. -Original Message- From: Tonton Rabena [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 5:29 AM To: [EMAIL PROTECTED] Subject: Re: what is mean there is a loop on the interface??? [7:18052] It means that the line is OK. ""Sim, CT (Chee Tong)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was informed that there is a loop in our interface, and it is not up. > When I do a sh interface, I found it is up but there is a word (looped) as > shown below. What is the meaning??? What happen ?? When I show cdp > neighbor, I see the cdp neighbor of the interface is the router itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability Platform Port ID > sin03Ser 1/0136 Rc3660 Ser 1/0 > TYO02Ser 1/1154 R1750 Ser 0 > HKG01Ser 1/2167 R1750 Ser 0 > SYD02Ser 2/1157 R1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18055&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
One Sided Chap????? [7:18056]
Hi Guys... Any Idea how to setup one sided chap???that is only one router is sending challenge?? Thanks for the help.. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18056&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst Q. [7:18036]
We implemented a separate management VLAN and the SUP card is on that while its connection upstream trunks the management VLAN and the VLAN used by the other modules in the CAT. We then use two dual-homed Linux boxes (backup in case one fails) to gain access to the management VLAN. The firewall on the Linux box both protects the management VLAN and limits access to the Linux hosts. Since we have the Linux systems for that, we take advantage of having them and use one of them as a syslog server. Another method would be to put the systems needing telnet access on the management VLAN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Friday, August 31, 2001 1:21 AM To: [EMAIL PROTECTED] Subject: Catalyst Q. [7:18036] Hi Guys, How we can restrict catalyst to allow telnet access to particular hosts?? Thanks for the help. Cisco Lover _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18057&t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [sc] Fwd: PIX Firewall -------- Replacement Strategy [7:18058]
Fawad, Answers inline . We have a PIX failover bundle. Our Primary PIX failed and we powered it off. Now we have another PIX and we have to connect it. What should be the strategy so that no outage occurs. What do u mean by failover bundle ? IS the second PIX capable of working as standby unit.Do u have the license or key to opearate this second box as standalone unit (else it wont work !).As I know the standby would have been connected to Primary and so when primary fails the secondary will take over and the automatically continue as Primary.. "it will show this host Active". -- I think if we put the new PIX >(without >any Config) to the Primary end of Failover cable it would be the >Active and >would sync all its config to the second box (that would be a >disaster) Would this work ? What type of connection do u have. which PIX model and what version of IOS. Can u get the setup info ,how it was connected and so on. If primary is down totally and secndary does not have any config u will have to key in the config ?? is it not. Anyone correct me if i am wrong ? HTH.Let me know. Bye, Venkatesh. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18058&t=18058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
voice (calling id) [7:18059]
hi. when i am calling using my digital voice card caller side sees my phone number. is there a command that changes my number. i mean i dont want remote side will se my number. i just want my number will be shown as fake or invalid. is it possible? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18059&t=18059 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE STUDY PARTNER IN LONDON [7:18060]
Folks, Sorry to clogg the bandwidth with this message, but I'm trying to contact a fellow member who sent a message asking for study partner in london for the CCIE LAB. If you are out there please reply as I am interested, but deleted the mail by mistake. Regards Michael Ibidunni Senior Systems Engineer NTL City & M25 Team The contents of this email and any attachments are sent for the personal attention of the addressee(s) only and may be confidential. If you are not the intended addressee, any use, disclosure or copying of this email and any attachments is unauthorised - please notify the sender by return and delete the message. Any representations or commitments expressed in this email are subject to contract. ntl Group Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18060&t=18060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is mean there is a loop on the interface??? [7:18052]
Serial1/0 is up, line protocol is up (looped) : What the line besides means is that there is a physical loop on this serial circuit . This loop could have been given on the physical circuit from your serail circuit's remote end or it could have been given from your PCM or OFC provider.You will have to contact the agencies mentioned to have the loop made through for your circuit to be up . Vijendra. "Sim, CT (Chee Tong)" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was informed that there is a loop in our interface, and it is not up. > When I do a sh interface, I found it is up but there is a word (looped) as > shown below. What is the meaning??? What happen ?? When I show cdp > neighbor, I see the cdp neighbor of the interface is the router itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability Platform Port ID > sin03Ser 1/0136 Rc3660 Ser 1/0 > TYO02Ser 1/1154 R1750 Ser 0 > HKG01Ser 1/2167 R1750 Ser 0 > SYD02Ser 2/1157 R1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18061&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
ppp chap sent username xxx - Original Message - From: "Cisco Lover" To: Sent: Friday, August 31, 2001 3:12 PM Subject: One Sided Chap? [7:18056] > Hi Guys... > > Any Idea how to setup one sided chap???that is only one router is sending > challenge?? > > > Thanks for the help.. > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18062&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
You want "ppp authentication chap callin" so that the router will only authenticate incoming ppp connections but not outgoing. HTH. Charlie --- Cisco Lover wrote: > Hi Guys... > > Any Idea how to setup one sided chap???that is only one router is > sending > challenge?? > > > Thanks for the help.. > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18063&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TO SUMMARIZE LOOPBACK IN OSPF [7:18064]
Hello all, I configure loopback interface with /24 ip address, buat when I put into the ospf area, I only see the route /32. I tried to use AREA XX RANGE command, but still failed, any idea how to enable this route bcome /24 ..? regards Grad _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18064&t=18064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
Hi Charlie,, Thanks for the help.. So, the rest of the commands will remain the same??I mean we still have to put ppp authentication chap and USERNAME+PASSWORD set on both sides?? Cisco Lover >From: Charlie Hartwell >Reply-To: [EMAIL PROTECTED] >To: Cisco Lover , [EMAIL PROTECTED] >Subject: Re: One Sided Chap? [7:18056] >Date: Fri, 31 Aug 2001 13:01:24 +0100 (BST) > >You want "ppp authentication chap callin" so that the router will >only authenticate incoming ppp connections but not outgoing. > >HTH. > >Charlie > > --- Cisco Lover wrote: > Hi Guys... > > > > Any Idea how to setup one sided chap???that is only one router is > > sending > > challenge?? > > > > > > Thanks for the help.. > > > > _ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp >[EMAIL PROTECTED] > > >Do You Yahoo!? >Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk >or your free @yahoo.ie address at http://mail.yahoo.ie _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18065&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Prep [7:18066]
Hi Phantom, Go through all the material wrt CCIE syllabus from CISCO univercd and try to get into any coaching classes for cram sessions Suggested Reading TCP/IP Routing vol1 - Jeff doyle LAN Switching - Kennedy Clark and Kevin Hamilton IRA - Sam Halabi CCIE Prep Guide - John Schwartz All the Best Raghavendra.B.S Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18066&t=18066 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
Hi , Thanks for the help?? Is the rest of the commands will remain the same??? DO we still have to put ppp authentication chap and username+password set at both ends?? Thanks again. >From: >To: "Cisco Lover" , >Subject: Re: One Sided Chap? [7:18056] >Date: Fri, 31 Aug 2001 15:43:14 +0400 > >ppp chap sent username xxx >- Original Message - >From: "Cisco Lover" >To: >Sent: Friday, August 31, 2001 3:12 PM >Subject: One Sided Chap? [7:18056] > > > > Hi Guys... > > > > Any Idea how to setup one sided chap???that is only one router is >sending > > challenge?? > > > > > > Thanks for the help.. > > > > _ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18067&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is mean there is a loop on the interface??? [7:18052]
I see we have some people with no clue providing answers lately... ""Tonton Rabena"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It means that the line is OK. > > ""Sim, CT (Chee Tong)"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I was informed that there is a loop in our interface, and it is not up. > > When I do a sh interface, I found it is up but there is a word (looped) as > > shown below. What is the meaning??? What happen ?? When I show cdp > > neighbor, I see the cdp neighbor of the interface is the router itself?? > > Why??? > > > > sin03>sh int s1/0 > > Serial1/0 is up, line protocol is up (looped) > > > > sin03>sh cdp nei > > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge > > S - Switch, H - Host, I - IGMP, r - Repeater > > > > Device IDLocal Intrfce HoldtmeCapability Platform Port > ID > > sin03Ser 1/0136 Rc3660 Ser > 1/0 > > TYO02Ser 1/1154 R1750 Ser 0 > > HKG01Ser 1/2167 R1750 Ser 0 > > SYD02Ser 2/1157 R1750 Ser 0 > > > > > > == > > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > > de afzender direct te informeren door het bericht te retourneren. > > == > > The information contained in this message may be confidential > > and is intended to be exclusively for the addressee. Should you > > receive this message unintentionally, please do not use the contents > > herein and notify the sender immediately by return e-mail. > > > > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18068&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: side A 4500 serial port+NT1 PLUS side B 1603 ISDN BRI port [7:18069]
Perhaps you should pay someone who knows a little bit about it to set it up for you... ""Li, Ke Cump (Intern)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > side A 4500 serial port+NT1 PLUS > side B 1603 ISDN BRI port > how can make these 2 routers ISDN connection and ping success > ___ > /\_\ /\_\ /\_\/\ \ > /:/ / \/_/ /:/ / /::\ \ > /:/ / /\_\ /:/ /_ /:/\:\_\ >/:/ / /:/ / /:/___/|/:/ /\/_/ > /:/ / /:/ / /:/| __|/::\ \ > /:/ / /:/ / /:/ |:||/:/\:\_\ > \:\ \ \/_/ \/_/|:|| /:/ /\/_/ > \:\ \ e-mail:|_|/ \:\ \ >\:\ \ [EMAIL PROTECTED] \:\_\ > \/_/ \/_/ > ___ > E-mail: [EMAIL PROTECTED]BP China Digital Business > Icq 16841803 Oicq 334407 http://f9811001.yeah.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18069&t=18069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Working ISL/DOT1Q config [7:18070]
Hi friends.. Can any one send me any working configuration for trunking using cat5 for intervlan routing.. I have followed all the instructions in books and everwhere but still cant get it work..Donot know where I m wrong.(Config atttached) Thanks for the help.. Cisco Lover FE router: interface FastEthernet0/0 no ip address no ip directed-broadcast speed 100 full-duplex ! interface FastEthernet0/0.1 encapsulation dot1Q 1 ip address 190.100.1.10 255.255.255.0 no ip directed-broadcast ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 190.100.2.10 255.255.255.0 no ip directed-broadcast Router1 interface Ethernet0 ip address 190.100.1.1 255.255.255.0 no ip directed-broadcast router2 interface Ethernet0 ip address 190.100.2.1 255.255.255.0 CAtalyst: port32:Vlan1 port33:vlan2 set interface sc0 1 190.100.1.20/255.255.255.0 190.100.1.255 set interface sl0 down set interface me1 down set ip route 0.0.0.0/0.0.0.0 190.100.1.10 ! #syslog set logging level cops 2 default ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat4000.5-5-1.bin set boot system flash bootflash:cat5000-sup3.4-2-1.bin set boot system flash bootflash:cat4000.5-4-2.bin ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 : 34-port 10/100/1000 Ethernet set vlan 22/33 set port speed 2/34 100 set port duplex 2/34 full clear trunk 2/34 3-1005 set trunk 2/34 nonegotiate dot1q 1-2 _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18070&t=18070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Friday Funnies o/t [7:18072]
**WARN AS MANY PEOPLE AS YOU CAN.** If you receive an email entitled "Badtimes," delete it immediately. Do not open it. Apparently this one is pretty nasty. It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer. It demagnetizes the stripes on ALL of your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD's you attempt to play. It will program your phone auto dial to call only 0055 numbers. This virus will mix antifreeze into your fish tank. It will drink ALL your beer. FOR GOD'S SAKE MAN, ARE YOU LISTENING? It will leave dirty socks on the coffee table when you are expecting company. It will replace your shampoo with Nair and your Nair with Rogaine, all the while dating your current boy/girlfriend behind your back and billing their hotel rendezvous to your Visa card. It will cause you to run with scissors and throw things in a way that is only fun until someone loses an eye. It will rewrite your backup files, changing all your active verbs to passive tense and incorporating undetectable misspellings which grossly change the interpretations of key sentences. If the "Badtimes" message is opened in a Windows 95/98 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub. It will not only remove the forbidden tags from your mattresses and pillows,it will also refill your skim milk with whole milk. **WARN AS MANY PEOPLE AS YOU CAN.** And if you don't send this to 5000 people in 20 seconds you'll fart so hard that your right leg will spasm, shoot straight out in front of you,sending sparks, that will ignite onto the person nearest you. In case you are a blonde, this is a joke. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18072&t=18072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TO SUMMARIZE LOOPBACK IN OSPF [7:18064]
type ip ospf network point-to-point on the loopback interface. This will then make ospf send the correct subnet mask -Original Message- From: Grad Alfons Kanon [mailto:[EMAIL PROTECTED]] Sent: 31 August 2001 13:31 To: [EMAIL PROTECTED] Subject: TO SUMMARIZE LOOPBACK IN OSPF [7:18064] Hello all, I configure loopback interface with /24 ip address, buat when I put into the ospf area, I only see the route /32. I tried to use AREA XX RANGE command, but still failed, any idea how to enable this route bcome /24 ..? regards Grad _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18074&t=18064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: An Interesting routing+Sw Question:LAB Q [7:18026]
This is actually very easy to do in the server OS (I admit, I'm an NT guy). Simply put both IP's in the gateway list with the priority opposite on 14. I guess you could also create 2 HSRP routers and split the assignment on the servers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18073&t=18026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
On the end that is establishing the ppp session (dialing up maybe?) you will need "ppp chap hostname xxx" and "ppp chap password xxx" in the interface config. On the receiving end you need "username xxx password xxx" in global config. That should do it. Regards Charlie --- Cisco Lover wrote: > Hi Charlie,, > > Thanks for the help.. > > So, the rest of the commands will remain the same??I mean we still > have to > put ppp authentication chap and USERNAME+PASSWORD set on both > sides?? > > Cisco Lover > > >From: Charlie Hartwell > >Reply-To: [EMAIL PROTECTED] > >To: Cisco Lover , [EMAIL PROTECTED] > >Subject: Re: One Sided Chap? [7:18056] > >Date: Fri, 31 Aug 2001 13:01:24 +0100 (BST) > > > >You want "ppp authentication chap callin" so that the router will > >only authenticate incoming ppp connections but not outgoing. > > > >HTH. > > > >Charlie > > > > --- Cisco Lover wrote: > Hi Guys... > > > > > > Any Idea how to setup one sided chap???that is only one router > is > > > sending > > > challenge?? > > > > > > > > > Thanks for the help.. > > > > > > > _ > > > Get your FREE download of MSN Explorer at > > > http://explorer.msn.com/intl.asp > >[EMAIL PROTECTED] > > > > > >Do You Yahoo!? > >Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > >or your free @yahoo.ie address at http://mail.yahoo.ie > > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18075&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connect 6509 with CONSOLE [7:17983]
I carry a 2" rollover cable and a coupler as well as the std 3' rollover. This way if you can always create the cable that works. PS I hate that little button. I love what it does but I never have anything to poke it with. Need to tape a paper clip to each switch. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18076&t=17983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TO SUMMARIZE LOOPBACK IN OSPF [7:18064]
See the First of FAQs about OSPF in Cisco Site!! I think it will help u > -- > From: Grad Alfons Kanon[SMTP:[EMAIL PROTECTED]] > Reply To: Grad Alfons Kanon > Sent: Friday, August 31, 2001 6:01 PM > To: [EMAIL PROTECTED] > Subject: TO SUMMARIZE LOOPBACK IN OSPF [7:18064] > > Hello all, > > I configure loopback interface with /24 ip address, buat when I put into > the > ospf area, I only see the route /32. I tried to use AREA XX RANGE command, > > but still failed, > > any idea how to enable this route bcome /24 ..? > > > regards > > Grad > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18078&t=18064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is mean there is a loop on the interface??? [7:18052]
If you do a "show conf", you can see if the interface has been placed in loopback on the router. If you can see a loopback command (for example loopback dte) on your interface, simply disable it: router# router#conf t router(config)#int ser 1/0 router(config-if)#no loopback dte router(config-if)#end router#wr mem If you cannot see a loopback in the config, if must have been placed on your CSU/DSU or at the local NIU. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 5:18 AM To: [EMAIL PROTECTED] Subject: what is mean there is a loop on the interface??? [7:18052] I was informed that there is a loop in our interface, and it is not up. When I do a sh interface, I found it is up but there is a word (looped) as shown below. What is the meaning??? What happen ?? When I show cdp neighbor, I see the cdp neighbor of the interface is the router itself?? Why??? sin03>sh int s1/0 Serial1/0 is up, line protocol is up (looped) sin03>sh cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal Intrfce HoldtmeCapability Platform Port ID sin03Ser 1/0136 Rc3660 Ser 1/0 TYO02Ser 1/1154 R1750 Ser 0 HKG01Ser 1/2167 R1750 Ser 0 SYD02Ser 2/1157 R1750 Ser 0 == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18077&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
Hi, my mate Harjot, he say use the ppp authentication chap with the key word callin this will ensure that the router with this command will only challange if called in to and will not issue challenges when it calls out. Dom / Who has not touched Chap/PAP/MS-Chap etc for years! "Cisco Lover" cc: Sent by: Subject: One Sided Chap? [7:18056] nobody@groupst udy.com 31/08/2001 12:12 Please respond to "Cisco Lover" Hi Guys... Any Idea how to setup one sided chap???that is only one router is sending challenge?? Thanks for the help.. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18079&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is mean there is a loop on the interface??? [7:18052]
It means simply that you line provider has been testing the line between your site and their exchange or CO. They send a signal down and it is looped back so they can verify the line is good. In order for the line to work as far as you are concerned you must call them and get them to take the test loop off the line. The (Looped) will then disappear and you should have end to end connectivity. Sim, CT (Chee Tong) wrote: > > I was informed that there is a loop in our interface, and it is > not up. > When I do a sh interface, I found it is up but there is a word > (looped) as > shown below. What is the meaning??? What happen ?? When I > show cdp > neighbor, I see the cdp neighbor of the interface is the router > itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source > Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability > Platform Port ID > sin03Ser 1/0136 R > c3660 Ser 1/0 > TYO02Ser 1/1154 R > 1750 Ser 0 > HKG01Ser 1/2167 R > 1750 Ser 0 > SYD02Ser 2/1157 R > 1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn > en > is uitsluitend bestemd voor de geadresseerde. Indien u dit > bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken > en > de afzender direct te informeren door het bericht te > retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the > contents > herein and notify the sender immediately by return e-mail. > > > == > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18082&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is mean there is a loop on the interface??? [7:18052]
It means simply that you line provider has been testing the line between your site and their exchange or CO. They send a signal down and it is looped back so they can verify the line is good. In order for the line to work as far as you are concerned you must call them and get them to take the test loop off the line. The (Looped) will then disappear and you should have end to end connectivity. Sim, CT (Chee Tong) wrote: > > I was informed that there is a loop in our interface, and it is > not up. > When I do a sh interface, I found it is up but there is a word > (looped) as > shown below. What is the meaning??? What happen ?? When I > show cdp > neighbor, I see the cdp neighbor of the interface is the router > itself?? > Why??? > > sin03>sh int s1/0 > Serial1/0 is up, line protocol is up (looped) > > sin03>sh cdp nei > Capability Codes: R - Router, T - Trans Bridge, B - Source > Route Bridge > S - Switch, H - Host, I - IGMP, r - Repeater > > Device IDLocal Intrfce HoldtmeCapability > Platform Port ID > sin03Ser 1/0136 R > c3660 Ser 1/0 > TYO02Ser 1/1154 R > 1750 Ser 0 > HKG01Ser 1/2167 R > 1750 Ser 0 > SYD02Ser 2/1157 R > 1750 Ser 0 > > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn > en > is uitsluitend bestemd voor de geadresseerde. Indien u dit > bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken > en > de afzender direct te informeren door het bericht te > retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the > contents > herein and notify the sender immediately by return e-mail. > > > == > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18081&t=18052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Weird SNMP message..... [7:18083]
Hello all I've noticed a weird trap in HP OpenView that comes up (seemingly random). It's coming from a 5500 switch. We have two of these switches configured identically (except for stuff on the MSFCs, but that's not where the trap is coming from). We get this message from one of the switches, but not the other: System NVRAM has changed Sometimes it goes hours without this message then sometimes we get this message 5-10 times within a couple of minutes. Any ideas on this? TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18083&t=18083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco ACS [7:18084]
I would like to know how to setup an TACACS+ but use a windows NT user database not the ACS one ? Any ideas Thanx _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18084&t=18084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Working ISL/DOT1Q config [7:18070]
Put the word "Native" after the "encapulation dot1q 1" on interface fast0\0.1 In the dot1q world, the native vlan for the port,(vlan 1) is not tagged or encapsulated in the dot1q frame. Hence the need for the command. Your native vlan for the trunk port (2/34) is vlan 1 accourding to your config cus you didn't assign it to anything else. Doing some big time switch study lately aren't you ? :) Take care Tony M. #6172 - Original Message - From: "Cisco Lover" To: Sent: Friday, August 31, 2001 5:43 AM Subject: Working ISL/DOT1Q config [7:18070] > Hi friends.. > > Can any one send me any working configuration for trunking using cat5 for > intervlan routing.. > > I have followed all the instructions in books and everwhere but still cant > get it work..Donot know where I m wrong.(Config atttached) > > Thanks for the help.. > > Cisco Lover > > > FE router: > > > interface FastEthernet0/0 > no ip address > no ip directed-broadcast > speed 100 > full-duplex > ! > interface FastEthernet0/0.1 > encapsulation dot1Q 1 > ip address 190.100.1.10 255.255.255.0 > no ip directed-broadcast > ! > interface FastEthernet0/0.2 > encapsulation dot1Q 2 > ip address 190.100.2.10 255.255.255.0 > no ip directed-broadcast > > Router1 > > interface Ethernet0 > ip address 190.100.1.1 255.255.255.0 > no ip directed-broadcast > > router2 > interface Ethernet0 > ip address 190.100.2.1 255.255.255.0 > > CAtalyst: > port32:Vlan1 > port33:vlan2 > > set interface sc0 1 190.100.1.20/255.255.255.0 190.100.1.255 > > set interface sl0 down > set interface me1 down > set ip route 0.0.0.0/0.0.0.0 190.100.1.10 > ! > #syslog > set logging level cops 2 default > ! > #set boot command > set boot config-register 0x2 > set boot system flash bootflash:cat4000.5-5-1.bin > set boot system flash bootflash:cat5000-sup3.4-2-1.bin > set boot system flash bootflash:cat4000.5-4-2.bin > ! > #module 1 : 2-port 1000BaseX Supervisor > ! > #module 2 : 34-port 10/100/1000 Ethernet > set vlan 22/33 > set port speed 2/34 100 > set port duplex 2/34 full > clear trunk 2/34 3-1005 > set trunk 2/34 nonegotiate dot1q 1-2 > > > > > > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18085&t=18070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Working ISL/DOT1Q config [7:18070]
check that your cat5 supports dot1q on the ports you are using as trunks dave h 1WE-CAT> sh port capabilities 1 ModelWS-X5006 Port 1/1 Type 100BaseFX MM Speed100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel no Broadcast suppressionno Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no -- ModelWS-X5006 Port 1/2 Type 100BaseFX MM Speed100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel no Broadcast suppressionno Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no -Original Message- From: Cisco Lover [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 8:43 AM To: [EMAIL PROTECTED] Subject: Working ISL/DOT1Q config [7:18070] Hi friends.. Can any one send me any working configuration for trunking using cat5 for intervlan routing.. I have followed all the instructions in books and everwhere but still cant get it work..Donot know where I m wrong.(Config atttached) Thanks for the help.. Cisco Lover FE router: interface FastEthernet0/0 no ip address no ip directed-broadcast speed 100 full-duplex ! interface FastEthernet0/0.1 encapsulation dot1Q 1 ip address 190.100.1.10 255.255.255.0 no ip directed-broadcast ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 190.100.2.10 255.255.255.0 no ip directed-broadcast Router1 interface Ethernet0 ip address 190.100.1.1 255.255.255.0 no ip directed-broadcast router2 interface Ethernet0 ip address 190.100.2.1 255.255.255.0 CAtalyst: port32:Vlan1 port33:vlan2 set interface sc0 1 190.100.1.20/255.255.255.0 190.100.1.255 set interface sl0 down set interface me1 down set ip route 0.0.0.0/0.0.0.0 190.100.1.10 ! #syslog set logging level cops 2 default ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat4000.5-5-1.bin set boot system flash bootflash:cat5000-sup3.4-2-1.bin set boot system flash bootflash:cat4000.5-4-2.bin ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 : 34-port 10/100/1000 Ethernet set vlan 22/33 set port speed 2/34 100 set port duplex 2/34 full clear trunk 2/34 3-1005 set trunk 2/34 nonegotiate dot1q 1-2 _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18087&t=18070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TO SUMMARIZE LOOPBACK IN OSPF [7:18064]
And the other one is for AREA 0, if we use for FR hub and spoke, let says using /29, eventhough I summarize it (AREA 0 RANGE command), i still get /29 on the routing table > > > -- > > From: Grad Alfons Kanon[SMTP:[EMAIL PROTECTED]] > > Reply To: Grad Alfons Kanon > > Sent: Friday, August 31, 2001 6:01 PM > > To: [EMAIL PROTECTED] > > Subject:TO SUMMARIZE LOOPBACK IN OSPF [7:18064] > > > > Hello all, > > > > I configure loopback interface with /24 ip address, buat when I put into > > the > > ospf area, I only see the route /32. I tried to use AREA XX RANGE >command, > > > > but still failed, > > > > any idea how to enable this route bcome /24 ..? > > > > > > regards > > > > Grad > > > > _ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18088&t=18064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird SNMP message..... [7:18083]
Michael, What OID is the Trap coming across as? (.1.3.6.1.4.1.?) Timothy Estes CCNA, CCDA -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 9:52 AM To: [EMAIL PROTECTED] Subject: Weird SNMP message. [7:18083] Hello all I've noticed a weird trap in HP OpenView that comes up (seemingly random). It's coming from a 5500 switch. We have two of these switches configured identically (except for stuff on the MSFCs, but that's not where the trap is coming from). We get this message from one of the switches, but not the other: System NVRAM has changed Sometimes it goes hours without this message then sometimes we get this message 5-10 times within a couple of minutes. Any ideas on this? TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18090&t=18083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Weird SNMP message..... [7:18083]
I think VTP info is saved in NVRAM Symon --- > Hello all > > I've noticed a weird trap in HP OpenView that comes up (seemingly random). > It's coming from a 5500 switch. We have two of these switches configured > identically (except for stuff on the MSFCs, but that's not where the trap is > coming from). We get this message from one of the switches, but not the > other: > > System NVRAM has changed > > Sometimes it goes hours without this message then sometimes we get this > message 5-10 times within a couple of minutes. > > Any ideas on this? > > TIA, > Mike W. [EMAIL PROTECTED] > Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18086&t=18083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have a customer who... food for thought - static routes [7:18089]
Let me throw in some thoughts. Why are static routes not scalable? People start muttering about "lots of configuration." But doesn't your customer use some sort of database, or at least spreadsheet, to keep track of which subnets have been assigned, both to access links and user LANs? Even if DHCP is in wide use, there still should be a log. Given this addressing information, it really isn't hard to write a program that generates static routes from the address assignments, and then sets up a TFTP file to be merged into router configurations. Depending where you are in a routing hierarchy, statics also can be summarized. This is a little harder to do automatically, although there are tools such as CIDRAdvisor from Merit. The summary statics may be sufficiently rare (e.g., POP level) that their manual configuration is fairly trivial. Oh -- another reason people worry about static routes is "they don't respond to failures." How many of your end users have alternate connectivity that dynamic routing could find? In any case, will static routes be flushed if the next hop disappears? >There have been several good replies to my post. In addition to Tony's >insight below, Leigh Anne and Jim both had excellent observations that >covered issues my customer raised. > >The customer expressed concerns were with engineers who for any number of >reasons, whether careless, inconsiderate, malicious, or as part of their >jobs, might bring down various segments. this is something that apparently >happens with some regularity in the customer production network. Arguably, there rarely is a technical solution to a management problem. > >there were concerns with route flapping at the core. we are in California, >after all, and we still live under the threat of rolling blackouts. plus >many folks out here are doing their part by shutting things down at night, >or when not in use. The flapping issue is bogus, as one could always >advertise only the summaries into the core, but again, the customer engineer >would not hear of it. > >the customer deliberately turns off CDP. I did not discuss this with him, >but I suspect there is a bit of concern with revealing information that CDP >transmits. > >my point in bringing up this situation was in part to stimulate thought >about using various forms of routing as one means of enforcing policy. >Static routing is not necessarily a bad thing. On the other hand, there are >other ways to deal with the stated concerns other than massive static >routing. > >enjoyed the comments. thanks, everyone. > >Chuck > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Tony Medeiros >Sent: Thursday, August 30, 2001 12:23 AM >To: [EMAIL PROTECTED] >Subject: Re: I have a customer who... food for thought - static routes >[7:17826] > > >I'll bite: >PROS: > >1) If DSL user decides to change his network for some reason and it overlaps >another on somewhere, dynamic routing will hose the core. (could prevent >with route filtering but that would be an even bigger hassle). > >2) 7206 might fold with that many routing protocol neigbors (depends on >routing protocol) > >3) Job security for the guy managing the network :) > >4) ODR needs CDP and that many neighbors could fold the core too maybe ?? >Don't know about that. > >5) Less overhead in general. > >6) Security, Don't want some guy to announce a boatload of bogus networks. > >7) Unless the routing protocol of choice can only send a default route, >Those little DSL routers would get killed with a big table. OSPF is would >do it but would each little router would need to be in it's own area or the >LS database would kill the little guys . RIP seems like a good choice, but >again, there would be need for a lot of filtering to keep the table small. >You could have a default static on all the little guys and filter ALL >updates coming out of the core. But there is the security thing again. > >8) Stability, The static way will be the most stable for sure, > >CONS: >1) Managment nightmare. > >I think I see their point already Chuck. I don't quite see why CDP wouldn't >be allowed though. >Am I close ? >Tony M. > >- Original Message - >From: "Chuck Larrieu" >To: >Sent: Wednesday, August 29, 2001 11:28 PM >Subject: I have a customer who... food for thought - static routes [7:17819] > > >> I have a customer who... don't you love it when a post begins with those >> words? >> >> In my case, I am hoping this can serve as food for thought, a springboard >> for discussion. So here goes >> >> My customer is a high tech firm whose name you would all recognize, if I >> were to exhibit ill manners by revealing it. >> >> My project ( well, I'm just the junior assistant engineer ) is to develop >> and proof configurations for a private remote access network. DSL at the >> home, ATM at the central site. Not a VPN. This circuit does not touch the >> internet. >> >> In any case, the client
MRTG Horizontal shape? [7:18091]
Anyone know why the MRTG shape become horizontol for several hours suddenly even there was traffic? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18091&t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TO SUMMARIZE LOOPBACK IN OSPF [7:18064]
You need to configure the loopback interface as an ospf point-to point interface. I remember that this is the cure, but am too busy this morning to look up what the problem is and why it cures it. If I had a little more time, it would probably come to me. Anyone with more time who wants to field this can find the info on CCO, I am just too swamped today. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Grad Alfons Kanon Sent: Friday, August 31, 2001 9:28 AM To: [EMAIL PROTECTED] Subject: RE: TO SUMMARIZE LOOPBACK IN OSPF [7:18064] And the other one is for AREA 0, if we use for FR hub and spoke, let says using /29, eventhough I summarize it (AREA 0 RANGE command), i still get /29 on the routing table > > > -- > > From: Grad Alfons Kanon[SMTP:[EMAIL PROTECTED]] > > Reply To: Grad Alfons Kanon > > Sent: Friday, August 31, 2001 6:01 PM > > To: [EMAIL PROTECTED] > > Subject:TO SUMMARIZE LOOPBACK IN OSPF [7:18064] > > > > Hello all, > > > > I configure loopback interface with /24 ip address, buat when I put into > > the > > ospf area, I only see the route /32. I tried to use AREA XX RANGE >command, > > > > but still failed, > > > > any idea how to enable this route bcome /24 ..? > > > > > > regards > > > > Grad > > > > _ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18092&t=18064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Working ISL/DOT1Q config [7:18070]
Hey Tony... Sorry its not workingAny other way to get this work? Router(config-subif)#encapsulation dot1Q 1 Native ^ % Invalid input detected at '^' marker. Router(config-subif)#enca Router(config-subif)#encapsulation dot Router(config-subif)#encapsulation dot1Q 1 ? Router(config-subif)#encapsulation dot1Q 1 >From: "Tony Medeiros" >Reply-To: "Tony Medeiros" >To: [EMAIL PROTECTED] >Subject: Re: Working ISL/DOT1Q config [7:18070] >Date: Fri, 31 Aug 2001 10:12:12 -0400 > >Put the word "Native" after the "encapulation dot1q 1" on interface >fast0\0.1 In the dot1q world, the native vlan for the port,(vlan 1) is >not tagged or encapsulated in the dot1q frame. Hence the need for the >command. Your native vlan for the trunk port (2/34) is vlan 1 accourding >to >your config cus you didn't assign it to anything else. > >Doing some big time switch study lately aren't you ? :) >Take care >Tony M. >#6172 > > >- Original Message - >From: "Cisco Lover" >To: >Sent: Friday, August 31, 2001 5:43 AM >Subject: Working ISL/DOT1Q config [7:18070] > > > > Hi friends.. > > > > Can any one send me any working configuration for trunking using cat5 >for > > intervlan routing.. > > > > I have followed all the instructions in books and everwhere but still >cant > > get it work..Donot know where I m wrong.(Config atttached) > > > > Thanks for the help.. > > > > Cisco Lover > > > > > > FE router: > > > > > > interface FastEthernet0/0 > > no ip address > > no ip directed-broadcast > > speed 100 > > full-duplex > > ! > > interface FastEthernet0/0.1 > > encapsulation dot1Q 1 > > ip address 190.100.1.10 255.255.255.0 > > no ip directed-broadcast > > ! > > interface FastEthernet0/0.2 > > encapsulation dot1Q 2 > > ip address 190.100.2.10 255.255.255.0 > > no ip directed-broadcast > > > > Router1 > > > > interface Ethernet0 > > ip address 190.100.1.1 255.255.255.0 > > no ip directed-broadcast > > > > router2 > > interface Ethernet0 > > ip address 190.100.2.1 255.255.255.0 > > > > CAtalyst: > > port32:Vlan1 > > port33:vlan2 > > > > set interface sc0 1 190.100.1.20/255.255.255.0 190.100.1.255 > > > > set interface sl0 down > > set interface me1 down > > set ip route 0.0.0.0/0.0.0.0 190.100.1.10 > > ! > > #syslog > > set logging level cops 2 default > > ! > > #set boot command > > set boot config-register 0x2 > > set boot system flash bootflash:cat4000.5-5-1.bin > > set boot system flash bootflash:cat5000-sup3.4-2-1.bin > > set boot system flash bootflash:cat4000.5-4-2.bin > > ! > > #module 1 : 2-port 1000BaseX Supervisor > > ! > > #module 2 : 34-port 10/100/1000 Ethernet > > set vlan 22/33 > > set port speed 2/34 100 > > set port duplex 2/34 full > > clear trunk 2/34 3-1005 > > set trunk 2/34 nonegotiate dot1q 1-2 > > > > > > > > > > > > > > > > > > _ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18094&t=18070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG Horizontal shape? [7:18091]
Your MRTG server lost connectivity with the router, or the mrtg service stopped...?? Symon --- > Anyone know why the MRTG shape become horizontol for several hours suddenly > even there was traffic? > > thanks. [EMAIL PROTECTED] > Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18096&t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG Horizontal shape? [7:18091]
Your MRTG server lost connectivity with the router Symon --- > Anyone know why the MRTG shape become horizontol for several hours suddenly > even there was traffic? > > thanks. [EMAIL PROTECTED] > Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18095&t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which IOS's support DSL? [7:18034]
I was under the impression that the DSL WICs would play nicely in 12.2, but as of 12.2(3) that is still not the case. Which is unfortunate since we just purchased three ADSL WICs that are now useless until they get this fixed. Cisco has since retracted any indication that this would be working in early releases of 12.2. Keep your fingers crossed! John >>> "Matthew Wilkinson" 8/30/01 11:14:37 PM >>> I have been looking on Cisco's site and around the web and cannot seem to find out which IOS's support DSL besides 12.1(5)YB. Are there any others? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18097&t=18034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How Can I Update IDS signature ??????????? [7:18098]
Hi, Sorry, My English is not good enough .. Anybody know the ip address of Cisco ftp server for updating signature ? I guess that i have two options for updating signature: 1 - By CSPM (Signature Update on the Wizards) , but I dont have the options for automatic update. 2 - By CLI on IDS (./idsupdate / ), but i dont have the ip address, directory and the password. Anybody have any sugestion ? Thanks, Jorge Luis Ten Sistemas e Redes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18098&t=18098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE One-Day Lab layout (hardware) [7:17813]
Also, Cisco is switching to IOS v12.1. Read this is there What's New section for the CCIE program. "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard ""Brad Ellis"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's the info from the grapevine on the layout for the new ONE-DAY CCIE > Lab: > > 1x Cisco PIX > 1x 2600 > 3x 25xx > 3x 3640 > 1x 4000 (Frame router) > 1x Cat 6509 > > This is the standard layout for all CCIE lab's except for WAN switching. > > Gotta wonder if people will start seeing some Pix stuff on the CCIE R&S > lab!!! > > -Brad Ellis > CCIE#5796 > [EMAIL PROTECTED] > Network Learning Inc > Used Cisco: www.optsys.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18099&t=17813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG Horizontal shape? [7:18091]
Look at the log it creates. If the process hung it probably just didn't get any new readings. If data is in there that looks correct, you may have absmax set too low and it flatlined at the absmax. - Original Message - From: "William" To: Sent: Friday, August 31, 2001 9:50 AM Subject: MRTG Horizontal shape? [7:18091] > Anyone know why the MRTG shape become horizontol for several hours suddenly > even there was traffic? > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18100&t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix outbound vs acl [7:18101]
Is there nay benefit to using ACL over outbound? Both accomplish the same end result for me . |Ken Bourne,CCNA|Network Specialist| |702-657-3432(direct)|702-524 1193(mobile)||[EMAIL PROTECTED]| Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18101&t=18101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Real BSCI Exam Questions! [7:17905]
It is a beta test which means some of the questions you failed or passed will not show up on the production test. I am guessing if you passed a question that did not make into the production test question pool, Cisco gave you credit. On the other hand, if you failed a question that Cisco decided not to use in the production test pool. I am fairly positive that Cisco did not count that against you. Your raw section average is 67.75%. Cisco might be assignment different points to questions. In that case, percentage of right vs. wrong has less meaning. If you passed higher value questions and missed mainly lower value questions, you could have a low percentage and still pass. Basically, it is all guesses until Cisco reveals more beta testing details. -- "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard ""wind"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all; > > Just received the beta exam result from Cisco today, I do not know > why I passed the exam, anyway thank god. > Can anyone please explain to me why I passed the exam, cos I failed in many > sections. My friend passed most section, but he got very poor mark in IS-IS > section. Strange indeed. > > Sec 1100% > Sec 270% > Sec 357% > Sec 462% > Sec 559% > Sec 671% > Sec 766% > Sec 857% > > PS. Please do not ask me what exam covered? > > Rgds; > Junos Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18102&t=17905 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX static command and em_limit - SYN attack [7:17994]
I put 4 for max_conns and 100 for emb_limit. I haven't got any hard evidence that this is the best way for a webserver, but it works ;) emb_limit just limits how many connections are held that have not completed the TCP 3-way handshake, thereby stopping SYN attacks from reaching the server. Once emb_limit is reached, subsequent attempts are dropped until timeout is reached on other held connections. Subsequent connections from that source IP will be dropped to keep it from keeping emb_limit full. Otherwise you'd have a DOS of your own making just from setting this value. If you wanted to truly set this at realistic values you would have to do some testing to see what normal embryonic connection values you have during peak hours under normal circumstances. Just my way of thinking, but I'd add about 50% - 200% to that value just in case you get a sudden influx of legitimate users trying to access the server. Keep an eye on log files for the server (assuming it's a web server and you log this information). In IIS and Apache it will tell you how many users dropped connection, gave up before it loaded, etc if you have a log file analyzer (I use ANALOG - it's free). Obviously setting this too low could make end users fairly angry. ;) Again, IMHO, Max_conns should be set to whatever you believe the max # of simultaneous users your server can handle. The only way to get a true feeling for what this is would be to download some software to test the limits of your server. I know there are some free ones out there but I haven't used any myself. Web development took care of that for me. ;) Sooo...umm...I guess you could say there really isn't an answer that applies to everyone. Obviously someone like yahoo.com would have much higher numbers on both settings compared to Joe Blow's web page on raising hampsters. Did I help? Confuse? Either way I accomplished something on only 1 cup of coffee ;) (by the way, that's a disclaimer for any inadvertant idiotic comments made above). The opinions of my fingers and tired brain are not necessarily my own. Allen - Original Message - From: "Bill Carter" To: Sent: Thursday, August 30, 2001 7:53 PM Subject: PIX static command and em_limit - SYN attack [7:17994] > I am installing a PIX. In the static commands the last switch is for the > limit on embryonic connects. > > static (DMZ,outside) X.X.X.15 192.168.1.13 netmask 255.255.255.255 0 0 > Every sample configuration I have seen leaves this value at 0. I hate to > bring logic into this but, logic tells me that I would want to put a limit > on embryonic sessions to protect against SYN attacks. What is a reasonable > limit to put on this balancing security and availability? 20, 100, 500? > > What value do you use in real world implementations??? > > > >From CCO: watch the wrap. > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com > mands.htm#xtocid1006867 > > The embryonic connection limit. An embryonic connection is one that has > started but not yet completed. Set this limit to prevent attack by a flood > of embryonic connections. The default is 0, which means unlimited > connections > > > ^-^-^-^-^-^-^-^-^-^-^ > Bill Carter > CCIE 5022 > ^-^-^-^-^-^-^-^-^-^-^ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18104&t=17994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FTP Anomaly (Comments wanted) [7:18103]
Get this. I have a 6509 (actually 2, and this happens on both) running Native IOS 12.1(8a)E. (although this problem happens on all versions of Native IOS that I've run) I setup an FTP server with username "cisco and password "cisco" I issue the following commands on the 6509: ip ftp username cisco ip ftp password cisco no ip ftp passive (passive mode doesn't work on my FTP server software) When I give a "copy ftp:/// sup-bootflash:" command, the following happens: 1) It logs into the ftp server, and gives the RETR command and from my FTP server software I see the user logged in and a download starts and goes around 80K/sec. 2) The file "finishes", but the 6509 issues an ABOR (or QUIT), it re-logs into the FTP, and starts the file transfer again (at around 80K/sec like the first time) 3) The file "finishes", but the 6509 again resets the connection and starts the download once more. THIS time the download is working as evidenced by the exclaimation points, but the download is only going at around 20K/sec. Here is the debug from this situation: Router#copy ftp://10.29.68.57/pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin sup-bootflash: Destination filename [c6sup22-jsv-mz.121-8a.E3.bin]? Accessing ftp://10.29.68.57/pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin... 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,170 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I. 2w0d: FTP: 200 PORT command successful. (at this point the FTP server shows a download in progress @ 80K/sec. about 5 minutes later the following happens) 2w0d: FTP: ---> QUIT 2w0d: FTP: 150 Opening BINARY mode data connection for c6sup22-jsv-mz.121-8a.E3.bin (20154428 bytes). 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,174 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I. (Now the FTP servers shows the file transfer start over again, @ around 80K/sec. Then after another 5 minutes the following) 2w0d: FTP: ---> ABOR 2w0d: FTP: 200 PORT command successful. 2w0d: FTP: 150 Opening BINARY mode data connection for c6sup22-jsv-mz.121-8a.E3.bin (20154428 bytes). 2w0d: FTP: ---> QUIT 2w0d: FTP: 426 Error. Transfere aborted. 10054 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,178 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I.!!! [OK - 20154428/1024 bytes] 2w0d: FTP: 200 PORT command successful. 2w0d: FTP: ---> QUIT The third attempt is almost always the successful one, and it transfers around 20K/sec only 25% of the speed the first two times it downloads it.. WOW. comments are welcome (wanted!) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18103&t=18103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix outbound vs acl [7:18101]
Well in the 5.1 PIX users manual it has a note in the section on outbound saying it's been superceded with the access-list command. It's in the command reference section. It says the recommend migrating outbound command statements to access-list command statements to "maintain future compatibility". Sounds like a hint of possibly removing it just like they keep hinting they're going to do with conduit commands. Allen - Original Message - From: "BOURNE, KENNETH" To: Sent: Friday, August 31, 2001 10:47 AM Subject: pix outbound vs acl [7:18101] > Is there nay benefit to using ACL over outbound? Both accomplish the same > end result for me . > > |Ken Bourne,CCNA|Network Specialist| > |702-657-3432(direct)|702-524 1193(mobile)||[EMAIL PROTECTED]| Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18105&t=18101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FTP Anomaly (Comments wanted) [7:18103]
I'm not sure about the 6509, but 3com gear does the same thing with tftp..I guess I could try on our 6509's here and see what I get. 3com gear when it tftp's from the server will fail twice, then resume the third time and finish fine...almost like it's error checking or something? -Patrick >>> "Michael Williams" 08/31/01 12:26PM >>> Get this. I have a 6509 (actually 2, and this happens on both) running Native IOS 12.1(8a)E. (although this problem happens on all versions of Native IOS that I've run) I setup an FTP server with username "cisco and password "cisco" I issue the following commands on the 6509: ip ftp username cisco ip ftp password cisco no ip ftp passive (passive mode doesn't work on my FTP server software) When I give a "copy ftp:/// sup-bootflash:" command, the following happens: 1) It logs into the ftp server, and gives the RETR command and from my FTP server software I see the user logged in and a download starts and goes around 80K/sec. 2) The file "finishes", but the 6509 issues an ABOR (or QUIT), it re-logs into the FTP, and starts the file transfer again (at around 80K/sec like the first time) 3) The file "finishes", but the 6509 again resets the connection and starts the download once more. THIS time the download is working as evidenced by the exclaimation points, but the download is only going at around 20K/sec. Here is the debug from this situation: Router#copy ftp://10.29.68.57/pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin sup-bootflash: Destination filename [c6sup22-jsv-mz.121-8a.E3.bin]? Accessing ftp://10.29.68.57/pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin... 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,170 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I. 2w0d: FTP: 200 PORT command successful. (at this point the FTP server shows a download in progress @ 80K/sec. about 5 minutes later the following happens) 2w0d: FTP: ---> QUIT 2w0d: FTP: 150 Opening BINARY mode data connection for c6sup22-jsv-mz.121-8a.E3.bin (20154428 bytes). 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,174 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I. (Now the FTP servers shows the file transfer start over again, @ around 80K/sec. Then after another 5 minutes the following) 2w0d: FTP: ---> ABOR 2w0d: FTP: 200 PORT command successful. 2w0d: FTP: 150 Opening BINARY mode data connection for c6sup22-jsv-mz.121-8a.E3.bin (20154428 bytes). 2w0d: FTP: ---> QUIT 2w0d: FTP: 426 Error. Transfere aborted. 10054 2w0d: FTP: WarFTPd 1.70.b01.04 (Aug 18 1998) Ready 2w0d: FTP: ---> USER cisco 2w0d: FTP: (C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved. 2w0d: FTP: ---> PASS cisco 2w0d: FTP: 220 Please enter your user name. 2w0d: FTP: ---> TYPE I 2w0d: FTP: 331 User name okay, Need password. 2w0d: FTP: ---> PORT 10,1,0,7,43,178 2w0d: FTP: 230 User logged in. 2w0d: FTP: ---> RETR pub/Cisco/Cat6K/c6sup22-jsv-mz.121-8a.E3.bin 2w0d: FTP: 200 Type set to I.!!! [OK - 20154428/1024 bytes] 2w0d: FTP: 200 PORT command successful. 2w0d: FTP: ---> QUIT The third attempt is almost always the successful one, and it transfers around 20K/sec only 25% of the speed the first two times it downloads it.. WOW. comments are welcome (wanted!) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18106&t=18103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can you pass CCNP w/o having Cisco gears? [7:18107]
Can you pass CCNP w/o having Cisco gears? I'm doing practice test from Boson and doing the Sybex study guide? Is that sufficient? Do I need to be in front of a router? Thanks in advance, Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18107&t=18107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I have a customer who... food for thought - static routes [7:18108]
I just quickly glanced at the 827 docs on cisco.com, so please correct me if I'm wrong about them. According to the docs, you can configure the 827's for bridging or NAT. You could avoid static routes on this edge of the customer's network entirely (except for defaults on the 827's). The 7206 would see all of the home networks as being directly connected. NAT overload would probably be my first choice because the 827 could assign addresses to the home pc's with DHCP, so the users wouldn't have to configure anything, and any number of home pc's would just share the 827's wan interface address. No need for statics at all. Does the customer have any issues about this type of config? -Rob Fielding CCIE #7996 - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, August 30, 2001 10:38 PM Subject: RE: I have a customer who... food for thought - static routes [7:18038] > There have been several good replies to my post. In addition to Tony's > insight below, Leigh Anne and Jim both had excellent observations that > covered issues my customer raised. > > The customer expressed concerns were with engineers who for any number of > reasons, whether careless, inconsiderate, malicious, or as part of their > jobs, might bring down various segments. this is something that apparently > happens with some regularity in the customer production network. > > there were concerns with route flapping at the core. we are in California, > after all, and we still live under the threat of rolling blackouts. plus > many folks out here are doing their part by shutting things down at night, > or when not in use. The flapping issue is bogus, as one could always > advertise only the summaries into the core, but again, the customer engineer > would not hear of it. > > the customer deliberately turns off CDP. I did not discuss this with him, > but I suspect there is a bit of concern with revealing information that CDP > transmits. > > my point in bringing up this situation was in part to stimulate thought > about using various forms of routing as one means of enforcing policy. > Static routing is not necessarily a bad thing. On the other hand, there are > other ways to deal with the stated concerns other than massive static > routing. > > enjoyed the comments. thanks, everyone. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tony Medeiros > Sent: Thursday, August 30, 2001 12:23 AM > To: [EMAIL PROTECTED] > Subject: Re: I have a customer who... food for thought - static routes > [7:17826] > > > I'll bite: > PROS: > > 1) If DSL user decides to change his network for some reason and it overlaps > another on somewhere, dynamic routing will hose the core. (could prevent > with route filtering but that would be an even bigger hassle). > > 2) 7206 might fold with that many routing protocol neigbors (depends on > routing protocol) > > 3) Job security for the guy managing the network :) > > 4) ODR needs CDP and that many neighbors could fold the core too maybe ?? > Don't know about that. > > 5) Less overhead in general. > > 6) Security, Don't want some guy to announce a boatload of bogus networks. > > 7) Unless the routing protocol of choice can only send a default route, > Those little DSL routers would get killed with a big table. OSPF is would > do it but would each little router would need to be in it's own area or the > LS database would kill the little guys . RIP seems like a good choice, but > again, there would be need for a lot of filtering to keep the table small. > You could have a default static on all the little guys and filter ALL > updates coming out of the core. But there is the security thing again. > > 8) Stability, The static way will be the most stable for sure, > > CONS: > 1) Managment nightmare. > > I think I see their point already Chuck. I don't quite see why CDP wouldn't > be allowed though. > Am I close ? > Tony M. > > - Original Message - > From: "Chuck Larrieu" > To: > Sent: Wednesday, August 29, 2001 11:28 PM > Subject: I have a customer who... food for thought - static routes [7:17819] > > > > I have a customer who... don't you love it when a post begins with those > > words? > > > > In my case, I am hoping this can serve as food for thought, a springboard > > for discussion. So here goes > > > > My customer is a high tech firm whose name you would all recognize, if I > > were to exhibit ill manners by revealing it. > > > > My project ( well, I'm just the junior assistant engineer ) is to develop > > and proof configurations for a private remote access network. DSL at the > > home, ATM at the central site. Not a VPN. This circuit does not touch the > > internet. > > > > In any case, the client is expecting 500-1000 home users on this network. > > > > Here's the kicker. the client refuses to allow routing protocols on either > > the home user routers ( Cisco 827's ) or the central site router ( Cisco > > 7206 )
Re: Edit an ACL Entry [7:17854]
if u remove an acl u need to put ip access group whatever in or out again conduit doesnt have any suffering - Original Message - From: "NP-BASS LEON" To: Sent: Thursday, August 30, 2001 5:37 PM Subject: RE: Edit an ACL Entry [7:17854] > DOES THE SAME PROCESS APPLY FOR EDITING STATIC AND CONDUIT STATEMENTS ON A > PIX CONFIGURATION. > > -Original Message- > From: groupstudy, Nobody [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 30, 2001 9:16 AM > To: [EMAIL PROTECTED] > Subject: RE: Edit an ACL Entry [7:17854] > > > copy your access list to say notepad. take out the offending item then copy > the access list to your clipboard. Then go onto the Cisco router say no > access-list blah and then paste the contents of the clipboard in. There is > no other way. > > -Original Message- > From: atram [mailto:[EMAIL PROTECTED]] > Sent: 30 August 2001 13:54 > To: [EMAIL PROTECTED] > Subject: Edit an ACL Entry [7:17854] > > > Simple question that I'm obviously having a brain fart on. > > How to remove an entry from an ACL? > > Is there a specific command or technique for removing an entry. In testing > I have noticed that the "no" command infront of the statement will delete > the entire ACL. > > I'm sure someone can provide the answer pretty quickly. > > Pardon my ingnorance. Kind of blanking out on this for some reason. > > > Thanks in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18109&t=17854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Fridays funnies! [7:18110]
A couple of rednecks are out in the woods hunting when one of them falls to the ground. He doesn't seem to be breathing, his eyes are rolled back in his head.The other guy whips out his cell phone and calls 911. He gasps to the operator, "Bubba is dead! What can I do?" The operator, in a calm soothing voice says, "Just take it easy. I can help. First, let's make sure he's dead." ...There is a silence, then a shot is heard. The guy's voice comes back on the line. He says, "OK, now what?" - If Men Ruled The World - * The victors in any athletic competition would get to kill and eat the losers. * Birth control would come in ale or lager. * Tanks would be far easier to rent. * Instead of beer belly, you'd get "beer biceps." * "Sorry I'm late, but I got hammered last night" would be an acceptable excuse for tardiness. * Any fake phone number a girl gave you would automatically forward your call to her real number. * When your wife really needed to talk to you during the game, she would type into a little box in the corner of the screen. * Each year, your raise would be pegged to the fortunes of the NFL team of your choice. * The funniest guy in the office would get to be CEO. * It'd be considered harmless fun to gather 30 friends, put on horned helmets, and go pillage a nearby town. * Lifeguards could remove citizens from beaches for violating the "public ugliness" ordinance. * Instead of wasting money on an expensive engagement ring, your fiancie would get a giant foam hand that said, "You're #1!" * Valentine's Day would be moved to February 29th so it would only occur in leap years. * St. Patrick's Day would be a national public holiday celebrated every month. * The 'Cops' program would be broadcast live so that you could phone in advice to the pursuing cops -- or to the crooks. * Telephones would automatically cut off after 30 seconds of conversation. * The only show opposite Monday Night Football would be Monday Night Football from a different camera angle. * It would be perfectly legal to steal a sports car, as long as you returned it the following day with a full tank of gas. * Every man would get three 'Get Out of Jail Free' cards per year. * The Statue of Liberty would be nude. -- -- Natasha Flazynski CCNA, MCSE, Linux http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18110&t=18110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL - TCP established [7:17297]
it is highly recommended that u use permit to and permitfrom with the established command - Original Message - From: "Kent Hundley" To: Sent: Friday, August 31, 2001 12:45 AM Subject: RE: ACL - TCP established [7:17297] > First, there are security risks in everything. Nothing is 100% secure and > given enough skill, time and effort any security countermeasure can be > bypassed. What one person builds another person can break, etc., etc. > > Now, as to whether the ACK or RST flag can be manipulated, yes they can. If > one wants to, they can write code to create packets that have whatever bits > you want set, whatever options, whatever addresses, etc. > > If a machine recieves a packet with an ACK bit set that it does not have a > session with, the stack should do something logical with it such as drop the > packet or send a RST. (I don't recall what the RFC says to do) > > However, IP stacks are just software written by humans and humans make > mistakes. There's no guarantee that a stack won't do something illogical > with an illogical packet, so yes, there's some risk involved. There's also > the fact that the 'established' command is only good for TCP streams, so > lots of UDP attacks will not be blocked at all. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > phyrz > Sent: Saturday, August 25, 2001 11:34 PM > To: [EMAIL PROTECTED] > Subject: ACL - TCP established [7:17297] > > > When using the established key word at the end of an ACL statement, are > there any security risks? > > Can the ACK or RST flag in a segment header be set from a source terminal > to trick the ACL, making it look like the segment is responding to a > request? > If so, I would think that anything that received the segment would ignore > it. Any thoughts? > > Phyrz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18111&t=17297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS [7:18084]
I think you can configure ACS to use NT domain authentication. At least if you have the Windows version and install it on a NT PDC/BDC. I'm not positive but I tested it in a lab a year or so ago and I think that's how I did it... Dennis ""Shane Stockman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I would like to know how to setup an TACACS+ but use a windows NT user > database not the ACS one ? > > Any ideas > > Thanx > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18112&t=18084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you pass CCNP w/o having Cisco gears? [7:18107]
During the time from when I took my CCNA, 02/2000, and passed my first CCNP test around 02/28/2001 and finished my CCNP on 06/27/2001. I rarely had to support routers at work. If I had a issue that involved routers, I call the group that oversaw the routers. We worked the problem together put I never was allowed to login to a router or used a console connection to the router. Disclaimer: I have three routers at home, but I mainly used them to verify command usage, like which router mode was required for various commands. I have extremely little Catalyst experience. I have had jobs in the past where I did directly support routers. Also, I test well. Now to answer your question. Yes, with the books, (CiscoPress and Sybex) and study guides, (ExamCram and CramSession from Brainbuzz) that are available and various companies that provide sample tests, (CiscoPress, Boson). A person of reasonable ability and intelligence could pass the CCNA, CCDA, CCNP, and CCDP without ever seeing, touching, or otherwise using ANY Cisco product whatsoever. I also do not recommend this course of action lessens the Cisco certification process. My current job, I am the Network Manager. Where I and my staff directly support all the companies Internetwork equipment (Switches, Routers, Hubs) plus servers and the company Firewall, and unfortunately DESKTOPS. -- "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard ""D Rick"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can you pass CCNP w/o having Cisco gears? I'm doing practice test from > Boson and doing the Sybex study guide? Is that sufficient? Do I need to be > in front of a router? > > Thanks in advance, > Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18113&t=18107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ACL - TCP established [7:17297]
>From the context of the original question, I assumed the poster was talking about using the 'established' keyword with a Cisco router access-list, not the 'established' command on a Cisco PIX. One has nothing to do with the other. However, you are correct about using the permit and permitfrom with the established command on the PIX. It's just not relevant to what the poster was asking. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 9:45 AM To: Kent Hundley; [EMAIL PROTECTED] Subject: Re: ACL - TCP established [7:17297] it is highly recommended that u use permit to and permitfrom with the established command - Original Message - From: "Kent Hundley" To: Sent: Friday, August 31, 2001 12:45 AM Subject: RE: ACL - TCP established [7:17297] > First, there are security risks in everything. Nothing is 100% secure and > given enough skill, time and effort any security countermeasure can be > bypassed. What one person builds another person can break, etc., etc. > > Now, as to whether the ACK or RST flag can be manipulated, yes they can. If > one wants to, they can write code to create packets that have whatever bits > you want set, whatever options, whatever addresses, etc. > > If a machine recieves a packet with an ACK bit set that it does not have a > session with, the stack should do something logical with it such as drop the > packet or send a RST. (I don't recall what the RFC says to do) > > However, IP stacks are just software written by humans and humans make > mistakes. There's no guarantee that a stack won't do something illogical > with an illogical packet, so yes, there's some risk involved. There's also > the fact that the 'established' command is only good for TCP streams, so > lots of UDP attacks will not be blocked at all. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > phyrz > Sent: Saturday, August 25, 2001 11:34 PM > To: [EMAIL PROTECTED] > Subject: ACL - TCP established [7:17297] > > > When using the established key word at the end of an ACL statement, are > there any security risks? > > Can the ACK or RST flag in a segment header be set from a source terminal > to trick the ACL, making it look like the segment is responding to a > request? > If so, I would think that anything that received the segment would ignore > it. Any thoughts? > > Phyrz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18115&t=17297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Real Lab [7:18114]
If you guys need lab time, I have a lab available for your use. The equipment is the following: 1 7204VXR 1 3660 1 3640 1 2511 1 2501 1 2513 1 2504 2 4700 1 cat5000/supIII/NFFC 1 as5200 w/ modems 1 as5300 w/ modems 1 cat3512 all of those routers that are modular are pretty much PACKED. i will try and put together any hardware configs you request, but some of them i might not be able to do. there are end stations running various OSes, MAUs, hubs, and assorted other things available for use with the lab. the price of 50 dollars an hour might change for you depeneding on how much time you want it for. contact me via email if interested -Peter Slow -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 9:15 AM To: [EMAIL PROTECTED] Subject: Re: $10 Vitual CCIE/CCNP LAB NOW AVAILABLE [7:17490] They also say that they have CCIE's on staff to deploy for all your networking needs. If CCIE's were behind those Labs they should be ashamed of themselves. Why don't John Doe send us their names and IE numbers and Chuck and I could check them out on our favorite tool, the CCIE verification tool on CCO. Little advice to the dude that wants to sell rack time, focus on CCNA's first, you do have equipment to satisfy their needs but you don't even come close to NP or IE level with what you are showing. Don't say I didn't try to help. - Original Message - From: "Chuck Larrieu" To: Sent: Monday, August 27, 2001 10:29 PM Subject: RE: $10 Vitual CCIE/CCNP LAB NOW AVAILABLE [7:17490] > I was a bit more interested in fritz on training, rather than hans on, > but... > > with regards to Lab 1, you may want to add some commentary regarding the > issue around the links between R2-R4 and R3-R4. it is an important issue, > and the earlier one learns it, the better. > > with regards to Lab 2, I believe you meant to say issue a "shut" command, > rather than a "no shut" > > a good hard working pre-CCNA level should be able to do the RIP lab in an > hour, with plenty of time for troubleshooting. > > the IGRP lab appears to be a BCRAN level lab, and maybe 90 minutes or so. > > hiding behind the John Doe moniker leaves me wondering. got a real name and > real e-mail? > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 27, 2001 9:13 PM > To: [EMAIL PROTECTED] > Subject: $10 Vitual CCIE/CCNP LAB NOW AVAILABLE [7:17490] > > > www.it3networksonline.com is an up an coming web site that hosts virtual > labs to help individuals gain hans on training for CCIE/CCNP/CCNA status. > > We also provide free over the phone support to help you get started and to > answer network related questions at 917-880-6532. > > The first lab will be FREE! > > Please visit www.it3networksonline.com. > > Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18114&t=18114 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN throughput [7:17943]
Tom, you have to remember that when using an Internet VPN, there are a lot of pieces of equipment between you and your corporate VPN server. Each of those ISP routers and switches add some latency, and on top of the additional latency there is likely to be more jitter. (variable latency due to variable traffic patterns) Given this, depending on how many hops are between your ISP and the ISP of your company, it may very well be that there is more latency on your 50kbps dialup VPN and this latency can translate into slower response. There may also be some packet loss involved that could hurt performance as well. If you truly want to see "best case" performance on your VPN, you'll need to dial directly into the same ISP that connects your VPN box to the Internet. Even then, the performance may not by much better than direct dial, a lot depends on the quality of the ISP. (ie. Tier 1 vs mom and pop) HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Richs Sent: Thursday, August 30, 2001 1:47 PM To: [EMAIL PROTECTED] Subject: VPN throughput [7:17943] I have a T1 coming into my VPN 3000 Concentrator. When I dialup to the Internet and get a connection rate of 50.6 Kbps and then VPN into the corporate LAN via this connection the throughput is slower than if I dialed directly into the corporate LAN via a direct dialup and getting a connection rate of 28.0 Kbps. I know that there's some overhead involve with VPN and it's encryption but this throughput doesn't sound right. Any input/advice would be appreciated. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18116&t=17943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix outbound vs acl [7:18101]
What?!? Are you suggesting there is useful information and maybe even the answer to the question.. in the manual??? ""Allen May"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Well in the 5.1 PIX users manual it has a note in the section on outbound > saying it's been superceded with the access-list command. It's in the > command reference section. It says the recommend migrating outbound command > statements to access-list command statements to "maintain future > compatibility". Sounds like a hint of possibly removing it just like they > keep hinting they're going to do with conduit commands. > > Allen > > - Original Message - > From: "BOURNE, KENNETH" > To: > Sent: Friday, August 31, 2001 10:47 AM > Subject: pix outbound vs acl [7:18101] > > > > Is there nay benefit to using ACL over outbound? Both accomplish the same > > end result for me . > > > > |Ken Bourne,CCNA|Network Specialist| > > |702-657-3432(direct)|702-524 1193(mobile)||[EMAIL PROTECTED]| Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18117&t=18101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG Horizontal shape? [7:18091]
Check the time on the machine running mrtg. If you changed the time on it , MRTG will prduce a horizontal line for the time changed. This happened to me twice before. Especially sensitive if you have the server as an NTP client. sam sneed ""William"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone know why the MRTG shape become horizontol for several hours suddenly > even there was traffic? > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18118&t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How Can I Update IDS signature ??????????? [7:18098]
You can find the Service Pack and Signature Updates at http://www.cisco.com/cgi-bin/tablebuild.pl/ids25-appsens-updt - Original Message - From: "jorge" To: Sent: Friday, August 31, 2001 7:42 PM Subject: How Can I Update IDS signature ??? [7:18098] > Hi, > > Sorry, My English is not good enough .. > > > Anybody know the ip address of Cisco ftp server for updating signature > ? > > I guess that i have two options for updating signature: > > 1 - By CSPM (Signature Update on the Wizards) , but > I dont have the options for automatic update. > > 2 - By CLI on IDS (./idsupdate / > ), but i dont have the ip address, > directory and the password. > > > Anybody have any sugestion ? > > > > Thanks, > Jorge Luis > Ten Sistemas e Redes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18120&t=18098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How Can I Update IDS signature ??????????? [7:18098]
- Original Message - From: "jorge" To: Sent: Friday, August 31, 2001 7:42 PM Subject: How Can I Update IDS signature ??? [7:18098] > Hi, > > Sorry, My English is not good enough .. > > > Anybody know the ip address of Cisco ftp server for updating signature > ? > > I guess that i have two options for updating signature: > > 1 - By CSPM (Signature Update on the Wizards) , but > I dont have the options for automatic update. > > 2 - By CLI on IDS (./idsupdate / > ), but i dont have the ip address, > directory and the password. > > > Anybody have any sugestion ? > > > > Thanks, > Jorge Luis > Ten Sistemas e Redes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18121&t=18098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL - TCP established [7:17297]
have a look http://www.cisco.com/warp/public/707/2.html - Original Message - From: "Kent Hundley" To: ; "'Kent Hundley'" ; Sent: Saturday, September 01, 2001 12:03 AM Subject: RE: ACL - TCP established [7:17297] > From the context of the original question, I assumed the poster was talking > about using the 'established' keyword with a Cisco router access-list, not > the 'established' command on a Cisco PIX. One has nothing to do with the > other. > > However, you are correct about using the permit and permitfrom with the > established command on the PIX. It's just not relevant to what the poster > was asking. > > -Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 31, 2001 9:45 AM > To: Kent Hundley; [EMAIL PROTECTED] > Subject: Re: ACL - TCP established [7:17297] > > > it is highly recommended that u use permit to and permitfrom with the > established command > > - Original Message - > From: "Kent Hundley" > To: > Sent: Friday, August 31, 2001 12:45 AM > Subject: RE: ACL - TCP established [7:17297] > > > > First, there are security risks in everything. Nothing is 100% secure and > > given enough skill, time and effort any security countermeasure can be > > bypassed. What one person builds another person can break, etc., etc. > > > > Now, as to whether the ACK or RST flag can be manipulated, yes they can. > If > > one wants to, they can write code to create packets that have whatever > bits > > you want set, whatever options, whatever addresses, etc. > > > > If a machine recieves a packet with an ACK bit set that it does not have a > > session with, the stack should do something logical with it such as drop > the > > packet or send a RST. (I don't recall what the RFC says to do) > > > > However, IP stacks are just software written by humans and humans make > > mistakes. There's no guarantee that a stack won't do something illogical > > with an illogical packet, so yes, there's some risk involved. There's > also > > the fact that the 'established' command is only good for TCP streams, so > > lots of UDP attacks will not be blocked at all. > > > > HTH, > > Kent > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > phyrz > > Sent: Saturday, August 25, 2001 11:34 PM > > To: [EMAIL PROTECTED] > > Subject: ACL - TCP established [7:17297] > > > > > > When using the established key word at the end of an ACL statement, are > > there any security risks? > > > > Can the ACK or RST flag in a segment header be set from a source terminal > > to trick the ACL, making it look like the segment is responding to a > > request? > > If so, I would think that anything that received the segment would ignore > > it. Any thoughts? > > > > Phyrz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18122&t=17297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you pass CCNP w/o having Cisco gears? [7:18107]
Rick, Yes. You can pass CCNP w/o have Cisco gear. Having gear helps, of course, but you can learn the concepts and commands without gear. Personally, I used the Cisco Press and Exam Cram books for each of the CCNP exams along with Exam #1 and #2 for each exam from Boson. Good luck! Mike W. D Rick wrote: > > Can you pass CCNP w/o having Cisco gears? I'm doing practice > test from Boson and doing the Sybex study guide? Is that > sufficient? Do I need to be in front of a router? > > Thanks in advance, > Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18123&t=18107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you pass CCNP w/o having Cisco gears? [7:18124]
Having recently just passed CCNP this year I will say you must have a Router. The reason is that the prescribed rituals must be performed in front of the Router. Without a Router the powerful spirit of routing, BGPOSPF, wont bless your efforts and even if you do pass all knowledge will be removed from you within 2 months. Some have said scrificing your most valuable possesion before the router helps. I give it my time which seemed to work well. Others have given the Router spirit money, bought it accessories, even food but so far time works best. Hope this helps and smile cause TGIF!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of D Rick Sent: Friday, August 31, 2001 11:57 AM To: [EMAIL PROTECTED] Subject: Can you pass CCNP w/o having Cisco gears? [7:18107] Can you pass CCNP w/o having Cisco gears? I'm doing practice test from Boson and doing the Sybex study guide? Is that sufficient? Do I need to be in front of a router? Thanks in advance, Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18124&t=18124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you pass CCNP w/o having Cisco gears? [7:18124]
Sorry Dan, but you definitely don't have to have a router. The questions come in many cases, word for word from the official course. Going through that (or the Cisco Press version) is good enough I'm afraid. Search the comments for my previous tirade to Cisco on the relative ease of that exam. Use the keywords "Cisco are you listening" to find my previous post. -- Leigh Anne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Dan Faulk > Sent: Friday, August 31, 2001 12:33 PM > To: [EMAIL PROTECTED] > Subject: RE: Can you pass CCNP w/o having Cisco gears? [7:18124] > > > Having recently just passed CCNP this year I will say you must have a > Router. > The reason is that the prescribed rituals must be performed in > front of the > Router. > Without a Router the powerful spirit of routing, BGPOSPF, wont bless your > efforts and even if you do pass all knowledge will be removed from you > within 2 months. Some have said scrificing your most valuable possesion > before the router helps. I give it my time which seemed to work > well. Others > have given the Router spirit money, bought it accessories, even > food but so > far time works best. > Hope this helps and smile cause TGIF!! > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of D > Rick > Sent: Friday, August 31, 2001 11:57 AM > To: [EMAIL PROTECTED] > Subject: Can you pass CCNP w/o having Cisco gears? [7:18107] > > > Can you pass CCNP w/o having Cisco gears? I'm doing practice test from > Boson and doing the Sybex study guide? Is that sufficient? Do I > need to be > in front of a router? > > Thanks in advance, > Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18125&t=18124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you pass CCNP w/o having Cisco gears? [7:18107]
Go to http://www.it-cert.co.ukGood stuff for cisco exams. -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 2:09 PM To: [EMAIL PROTECTED] Subject: RE: Can you pass CCNP w/o having Cisco gears? [7:18107] Rick, Yes. You can pass CCNP w/o have Cisco gear. Having gear helps, of course, but you can learn the concepts and commands without gear. Personally, I used the Cisco Press and Exam Cram books for each of the CCNP exams along with Exam #1 and #2 for each exam from Boson. Good luck! Mike W. D Rick wrote: > > Can you pass CCNP w/o having Cisco gears? I'm doing practice > test from Boson and doing the Sybex study guide? Is that > sufficient? Do I need to be in front of a router? > > Thanks in advance, > Rick D Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18127&t=18107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix outbound vs acl [7:18101]
ROFL...yes...wellI didn't have an answer so I had to admit all else failed. I almost felt I lost my manlihood. I had the sudden urge to ask directions on the way home. Maybe it's all the rain we're getting that's depressing me to the point of RTFMing ;) - Original Message - From: "Dennis H" To: Sent: Friday, August 31, 2001 12:33 PM Subject: Re: pix outbound vs acl [7:18101] > What?!? Are you suggesting there is useful information and maybe even the > answer to the question.. in the > manual??? > > > > ""Allen May"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well in the 5.1 PIX users manual it has a note in the section on outbound > > saying it's been superceded with the access-list command. It's in the > > command reference section. It says the recommend migrating outbound > command > > statements to access-list command statements to "maintain future > > compatibility". Sounds like a hint of possibly removing it just like they > > keep hinting they're going to do with conduit commands. > > > > Allen > > > > - Original Message - > > From: "BOURNE, KENNETH" > > To: > > Sent: Friday, August 31, 2001 10:47 AM > > Subject: pix outbound vs acl [7:18101] > > > > > > > Is there nay benefit to using ACL over outbound? Both accomplish the > same > > > end result for me . > > > > > > |Ken Bourne,CCNA|Network Specialist| > > > |702-657-3432(direct)|702-524 1193(mobile)||[EMAIL PROTECTED]| Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18129&t=18101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 5505 for sale [7:18130]
Hi there, I have a new unused Catalyst 5505 for sale with the following cards Supervisor II Engine Route Switch Module 24 Port Fast Ethernet I am open to any sensible offers for this kit. Cheers JR _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18130&t=18130 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Errors in All-in-one CCIE [7:17985]
> there are lot of errors in this book. Can anybody tell me these errors and > there page numbers. I am using second edition of this book. The book is full of errors... way too many to list... > > Moreover, I will appreciate if somebody can send me CCIE braindumps and > practise exams. If you want braindumps then stick with Microsoft exams loser! You don't have want it takes to be a Cisco engineer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18071&t=17985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Errors in All-in-one CCIE [7:17985]
Khalid, In the nicest possible way - Preparing to be a CCIE does not include reading braindumps - If this is what you want the become an MCSE - thats easy - I know I was an MCSE (Until they invalidated it by changing the exams)years ago and then realised what a complete and utter waste of time it was Preparing to be a CCIE includes the following: 1 - A lot of hands on work and practical experiance - 4 years plus 2 - Being able to spot the errors in the books that are published 3 - Reading the better books around - Doyle/Halabi/Caslow/Kennedy etc 3 - Dedication Remember you cannot braindump a lab exam Best of luck in your efforts - but learn properly - you'll come unstuck in a big way otherwise. Regards Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18047&t=17985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: An Interesting routing+Sw Question:LAB Q [7:18026]
Correct !! HSRP with different standby groups is the solution. One router interface on each router is serving 2 HSRP "virtual IP's". You just stagger the priorities so one router is primary for one group, and the other is primary for the other group. Best way to explain is by router config: Router 1: Interface Vlan 1 ip address 152.1.1.1 255.255.255.0 standby 3 ip 152.1.1.3 standby 3 priority 110 prempt standby 4 ip 152.1.1.4 standby 4 priority 105 prempt Router 2: Interface Vlan 1 ip address 152.1.1.2 255.255.255.0 standby 3 ip 152.1.1.3 standby 3 priority 105 prempt standby 4 ip 152.1.1.4 standby 4 priority 110 prempt I don't know what book this came out of but the Cisco press "LAN switching for CCIE's" goes over this type of setup. This used to be used a lot; (putting two gateway addresses for the same network for load balancing) when routers were slow. i.e. the RSM. With today's fast MSFC routers, you don't really need this kind of setup as much. Hope this helps Tony M. #6172 - Original Message - From: "Cisco Lover" To: Sent: Thursday, August 30, 2001 10:56 PM Subject: An Interesting routing+Sw Question:LAB Q [7:18026] > Hello Guys, > > This Question is from some Book Apendix pass by my friend(Let me knowthe > book name and Author if u know ;)).Please help to clarify. > > Thanks. > > > "Vlan1 Contains 28 servers in server farm.Configure R1&R2 so that in event > of router failure the other router will take over for the subnet.Under > normal conditions the load should be split evenly b/w these 2 routers . > Fourteen of the servers are defined with ip 152.1.1.3 and other fouteen are > defined with 152.1.1.4" > > any thing to do with HSRP???where these addresses need to > configured??152.1.1.3 and .4 ?? > > > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18050&t=18026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Errors in All-in-one CCIE [7:17985]
All the braindumps you need are at www.cisco.com... years and years worth... start reading! ""Khalid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Everybody, > > I am preparing for CCIE exam. I am using All-In-One CCIE book. I heard that > there are lot of errors in this book. Can anybody tell me these errors and > there page numbers. I am using second edition of this book. > > Moreover, I will appreciate if somebody can send me CCIE braindumps and > practise exams. > > Thanks > > Khalid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18119&t=17985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP Authentication CHAP [7:18093]
Hi, Can you help me plz guys been trying to get me 1601 with ISDN WIC to work for yonks. From debug's it looks like CHAP AUTH is failing but I don't know why ?! I have enclosed sh ver, sh run and debug dialer, debug ppp auth chap. Any help would be greatly appreciated. Thanx in advance. Sh ver 1601#sh ver Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 06-Dec-99 18:03 by phanguye Image text-base: 0x0803DCE8, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) ROM: 1600 Software (C1600-BOOT-R), Version 11.1(7)AX, EARLY DEPLOYMENT RELEASE S OFTWARE (fc2) 1601 uptime is 1 hour, 30 minutes System returned to ROM by power-on System image file is "flash:/c1600-1207T.bin" cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of memory. Processor board ID 04909005, with hardware revision Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 1 Ethernet/IEEE 802.3 interface(s) 1 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) System/IO memory with parity disabled 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM System running from FLASH 7K bytes of non-volatile configuration memory. 8192K bytes of processor board PCMCIA flash (Read ONLY) Configuration register is 0x2102 Sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 1601 ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username xx password 0 x ! ! ! ! ip subnet-zero no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 physical-layer async bandwidth 64000 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache keepalive 10 dialer in-band dialer wait-for-carrier-time 120 async mode interactive fair-queue 64 16 0 ppp authentication chap callin ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08451400101 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap ! ip nat inside source list 100 interface BRI0 overload ip classless ip route 0.0.0.0 0.0.0.0 BRI0 no ip http server ! access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line 1 modem InOut transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 exec-timeout 0 0 login local length 25 line vty 1 4 exec-timeout 0 0 login local ! 1601#sh deb Dial on demand: Dial on demand events debugging is on PPP: PPP protocol negotiation debugging is on ISDN: ISDN Q931 packets debugging is on ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-) DSL 0 --> 1 1 - 1601#ping 4.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds: *Mar 1 01:42:51.533: BRI0 DDR: Dialing cause ip (s=10.10.1.1, d=4.1.1.1) *Mar 1 01:42:51.537: BRI0 DDR: Attempting to dial 08451400101 *Mar 1 01:42:51.549: ISDN BR0: TX -> SETUP pd = 8 callref = 0x04 *Mar 1 01:42:51.553: Bearer Capability i = 0x8890 *Mar 1 01:42:51.553: Channel ID i = 0x83 *Mar 1 01:42:51.557: Called Party Number i = 0x80, '08451400101' *Mar 1 01:42:51.747: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x04 01:43:43: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up 01:43:43: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 08451400101 *Mar 1 01:42:53.561: BR0:2 PPP: Treating connection as a callout *Mar 1 01:42:53.565: BR0:2 PPP: Phase is ESTABLISHING, Active Open *Mar 1 01:42:53.569: BR0:2 LCP: O CONFREQ [Closed] id 7 len 15 *Mar 1 01:42:53.573: BR0:2 LCP:AuthProto CHAP (0x0305C22305) *Mar 1 01:42:53.577: BR0:2 LCP:MagicNumber 0x60BBB227 (0x050660BBB227) *Mar 1 01:42:53.616: BR0:2 LCP: I CONFREQ [REQsent] id 178 len 28 *Mar 1 01:42:53.620: BR0:2 LCP:AuthProto PAP (0x0304C023) *Mar 1 01:42:53.624: BR0:2 LCP:MagicNumber 0x284CF490 (0x0506284CF490) *Mar 1 01:42:53.628: BR0:2 LCP:MRRU 1524 (0x110405F4) *Mar 1 01:42:53.632: BR0:2 LCP:EndpointDisc 1 Local (0x130A01706C75736E6574 ) *Mar 1 01:42:53.636: BR0:2 LCP: O CONFREJ [REQ
Re: What's the diameter of your switched network? [7:17489]
Don't let PETA hear about you guys doing all this dissecting! Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy Priscilla Oppenheimer wrote: You won't see any problems with max age if you leave it at the default of 20 seconds. The seven hops comes from conservative estimates of how long it takes a bridge to take in the BPDU and propagate it. With 7 hops each could take about 3 seconds. There's no way that switches these days take that long. In fact, switches don't even bother to figure out how long it takes. They just add 1 second. I am currently dissecting STP! ;-) Priscilla At 07:32 PM 8/29/01, Leigh Anne Chisholm wrote: > From other statements I've read (Cisco published material) and from the >original excerpt I published, I'd imagine that the placement of the root >does matter. > >"Part of this restriction is coming from the age field BPDU carry: >when a BPDU is propagated from the root bridge towards the leaves of the >tree, the age field is incremented each time it goes though a bridge. >Eventually, when the age field of a BPDU goes beyond max age, it is >discarded. Typically, this will occur if the root is too far away from some >bridges of the network. This issue will impact convergence of the spanning >tree." > >I'd think that if a bridge were to be the third bridge away from the root, >and another switch was the third bridge on the far side of the root, I >wouldn't expect to see any problems with MaxAge because I can't see the root >being too far from some of the bridges in the network. Now if a bridge were >to be the seventh, I could see how that would impose a greater delay and >possibly negatively impact the MaxAge parameter. Now my question would >be... does this really apply in today's networks or is this more of a >limitation of yesteryear's "software-based bridges"? > >One day I'll dissect STP inside and out. One day... > > > -- Leigh Anne > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Priscilla Oppenheimer > > Sent: Wednesday, August 29, 2001 3:17 PM > > To: [EMAIL PROTECTED] > > Subject: Re: What's the diameter of your switched network? [7:17489] > > > > > > At 07:27 PM 8/28/01, Gareth Hinton wrote: > > >Always thought that Diameter was a misleading term. > > >If the root bridge is physically in the centre of the bridged > > network, the > > >diameter is actually the radius. > > >Hmmm - more coffee - it's late. > > > > Hmm, it is late, but I don't think the placement of the root > > bridge matters > > in this question. The Cisco text says "This means that two > > distinct bridges > > in the network should not be more than seven hops away the one to the > > other." The English is awkward, but the meaning is clear and notice that > > there's no mention of the root bridge. > > > > IEEE 802.1D says that the recommended value for the maximum > > bridge diameter > > is 7, and its definition is "The maximum bridge diameter of the > > Bridge LAN: > > The maximum number of Bridges between any two points of attachment of end > > stations." > > > > Priscilla > > > > > > > > > > >""Leigh Anne Chisholm"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Here's something funky I've just started researching. Thought many of > > you > > > > might not be aware of this... > > > > > > > > Awkward STP Parameter Tuning and Diameter Issues > > > > > > > > We already saw that an aggressive value for the max-age > > parameter and the > > > > forward-delay could lead to a very unstable STP. The loss of > > some BPDUs > > >can > > > > then cause a loop to appear. Another issue, not very known, > > is related to > > > > the diameter of the bridged network. The conservative default > > values for > > >the > > > > STP impose a maximum network diameter of seven. This means that two > > >distinct > > > > bridges in the network should not be more than seven hops > > away the one to > > > > the other. Part of this restriction is coming from the age field BPDU > > >carry: > > > > when a BPDU is propagated from the root bridge towards the > > leaves of the > > > > tree, the age field is incremented each time it goes though a bridge. > > > > Eventually, when the age field of a BPDU goes beyond max age, it is > > > > discarded. Typically, this will occur if the root is too far away from > > >some > > > > bridges of the network. This issue will impact convergence of the > > spanning > > > > tree. > > > > > > > > > > > > This came from: http://www.cisco.com/warp/public/473/16.html#2f > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Prisc
Fwd: Last Call: Assigned Numbers: RFC 1700 is Obsolete [7:18126]
> > >The IESG has received a request to consider publication of Assigned >Numbers: RFC 1700 is Obsolete as >an RFC. This has been reviewed in the IETF but is not the product of >an IETF Working Group. > >This Last Call is issued to make sure the community is aware of the >change in status for one of the oldest standards documents of the >Internet. > >The IESG has not yet determined the appropriate status of this >RFC-to-be. Advice from the community is sought. > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send any comments to the >[EMAIL PROTECTED] or [EMAIL PROTECTED] mailing lists by September 30, 2001. > >Files can be obtained via >http://www.ietf.org/internet-drafts/draft-rfc-editor-rfc1700bis-00.txt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18126&t=18126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connect 6509 with CONSOLE [7:17983]
Thanks All! I changed the cable and it worked! ""Jeff Gercken"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I carry a 2" rollover cable and a coupler as well as the std 3' rollover. > This way if you can always create the cable that works. > > PS I hate that little button. I love what it does but I never have anything > to poke it with. Need to tape a paper clip to each switch. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18134&t=17983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3 envelopes [7:17666]
Darn, I bought most of mine on the high side of $100. Which may explain
why I'll be working well into my 70's. {:-(
Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy
Dan Faulk wrote:
I bought all I could lay hands on at the low side of $13 a share.
I think they be doing very well indeed. Not many stocks have gone up
almost
20% since April.
All depends on your point of view. Personaly Im selling at $82, I
aint
greedy.
Best
Dan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
Chuck Larrieu
Sent: Friday, August 31, 2001 12:03 AM
To: [EMAIL PROTECTED]
Subject: RE: 3 envelopes [7:17666]
now that Cisco stock has sunk back to 16, I'll bet you wish you
hadn't said
this ;->
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
Charlie Hartwell
Sent: Wednesday, August 29, 2001 9:02 AM
To: [EMAIL PROTECTED]
Subject: Re: 3 envelopes [7:17666]
Well, John Chambers is the CEO of Cisco Systems so I don't think he's
at all bothered about the career of this "Tom Chambers" you mention.
Speaking of John Chambers - I expect he's quite happy at the moment.
Since Cisco announced a restructure program (the details of which
elude me) the share price has risen slightly and the long term
outlook is better. I hope they do manage to turn it around because
Cisco are often seen as the yard arm as far as telecomms prospects go
and that's my business too! I kinda like my job so good luck to them.
Anyway, apart from being out of date and incorrect, it's quite a
funny story. ;)
Regards
Charlie
--- netm thru wrote: > A CEO resigned from a
company and left the new CEO 3
> envelopes. The new one asked the old one what they
> were for. He replied open them one at a time when
> times get tough. A few months later when times were
> tough the new CEO opened an envelope and it said
> "Blame the economy" so he did. A quarter later when
> things were still bad he opened the second envelope.
> It said "Restructure".
> A couple of quarters later he opened the third
> envelope. It said "Leave 3 envelopes".
> How long before Tom Chambers leaves his 3 envelopes?
>
> __
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo!
> Messenger
> http://phonecard.yahoo.com/
[EMAIL PROTECTED]
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18135&t=17666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Edit an ACL Entry [7:17854]
That's not true. I think it depends on the IOS version or the platform. I have two 2501 on my lab that act exactly like you say (they are using old IOS versions). But on some 1720, 3640 and 3660 that I changed recently, I didn't have to group the ACLs to the interfaces again after removing them. Regards, Ednilson Rosa - Original Message - From: To: Sent: Friday, August 31, 2001 1:59 PM Subject: Re: Edit an ACL Entry [7:17854] if u remove an acl u need to put ip access group whatever in or out again conduit doesnt have any suffering - Original Message - From: "NP-BASS LEON" To: Sent: Thursday, August 30, 2001 5:37 PM Subject: RE: Edit an ACL Entry [7:17854] > DOES THE SAME PROCESS APPLY FOR EDITING STATIC AND CONDUIT STATEMENTS ON A > PIX CONFIGURATION. > > -Original Message- > From: groupstudy, Nobody [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 30, 2001 9:16 AM > To: [EMAIL PROTECTED] > Subject: RE: Edit an ACL Entry [7:17854] > > > copy your access list to say notepad. take out the offending item then copy > the access list to your clipboard. Then go onto the Cisco router say no > access-list blah and then paste the contents of the clipboard in. There is > no other way. > > -Original Message- > From: atram [mailto:[EMAIL PROTECTED]] > Sent: 30 August 2001 13:54 > To: [EMAIL PROTECTED] > Subject: Edit an ACL Entry [7:17854] > > > Simple question that I'm obviously having a brain fart on. > > How to remove an entry from an ACL? > > Is there a specific command or technique for removing an entry. In testing > I have noticed that the "no" command infront of the statement will delete > the entire ACL. > > I'm sure someone can provide the answer pretty quickly. > > Pardon my ingnorance. Kind of blanking out on this for some reason. > > > Thanks in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18137&t=17854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reseting Supervisor Engine and/or MSFC [7:18138]
Hi All, My 6509 has dual Supervisor Engines and dual MSFC cards. It runs in Hyrid mode. I plan to upgrade the IOS of the MSFC cards only, NOT the Supervisor Engines. I wonder: 1. Is IOS version of MSFC dependent on the CATOS version of Supervisor Engine? 2. When I reset after the upgrade, do I have to reset the whole module (Supervisor Engine + MSFC) or just the MSFC? If I cannot reset only the MSFC, in what mode should I issue the reset command? CATOS or IOS in this case (IOS is in session 15 or 16)? Will this reset both the Supervisor and the MSFC? 3. Should I not losing the configuration which I assumed they're saved in NVRAM of the MSFC or Sup. Engine? Again, Thanks much to All!!! Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18138&t=18138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2610 Router for sale [7:17984]
Sorry, Leigh Anne... I meant to send this to the group I got one that I made up, but it's one you have to say out loud for it to make sense... How much money do you have if you're running spanning-tree over fiber distributed data interface? Tree FDDI. :) -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 7:57 PM To: [EMAIL PROTECTED] Subject: RE: 2610 Router for sale [7:17984] Hey... if a router has a "D-MZ" image on it, does that mean it's got the firewall feature set? R-R-R! Oh I'm just such a commedienne today! (-: > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Terence > Sent: Thursday, August 30, 2001 5:42 PM > To: [EMAIL PROTECTED] > Subject: 2610 Router for sale [7:17984] > > > Hey Guys/Girls, > I have 3 2610 Cisco routers for sale. They are in great condition. Was > used at a client site that were replaced with 3600 series routers. Here is > the spec's: > > Cisco Internetwork Operating System Software > IOS (tm) C2600 Software (C2600-D-M), Version 12.0(5)T1, RELEASE SOFTWARE > (fc1) > Copyright (c) 1986-1999 by cisco Systems, Inc. > Compiled Tue 17-Aug-99 13:11 by cmong > Image text-base: 0x80008088, data-base: 0x80859E60 > > ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) > > Router uptime is 0 minutes > System returned to ROM by power-on > System image file is "flash:c2600-d-mz.120-5.T1.bin" > > cisco 2610 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of > memory > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18139&t=17984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Just Finished CCNP & CCDP [7:17850]
CCDA by Bruno and Kim, is a good book overall especially for the case studies. I read CCDA by Syngress for its Internetworking technologies content. I find it easier to read. If I were to choose only one book, considering the contents of the exam, I would choose CCDA by Bruno and Kim. > > Congrats man. If you don't mind me asking I am studying for the CCDA right > > now as we speak which of the CCDA books did you find the most helpful? Or > > was it a combination of both? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18140&t=17850 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what is needed for an ISDN LAB ?? [7:18141]
Guys, I am trying to setup an ISDN lab and do not have access to an ISDN switch . What I do have is two BRI lines each with a SPID . Will that be sufficient or so I need anything else ? Thanks Jaspreet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18141&t=18141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Reseting Supervisor Engine and/or MSFC [7:18138]
Thomas, The CAT OS and the IOS on the MSFC's can be upgraded independently in the 6500s. You can reset just the MSFC. I log into the MSFC and enter the 'reset' command while in enable mode. This resets just the MSFC and thus reduces the down time. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thomas N. Sent: Friday, August 31, 2001 5:30 PM To: [EMAIL PROTECTED] Subject: Reseting Supervisor Engine and/or MSFC [7:18138] Hi All, My 6509 has dual Supervisor Engines and dual MSFC cards. It runs in Hyrid mode. I plan to upgrade the IOS of the MSFC cards only, NOT the Supervisor Engines. I wonder: 1. Is IOS version of MSFC dependent on the CATOS version of Supervisor Engine? 2. When I reset after the upgrade, do I have to reset the whole module (Supervisor Engine + MSFC) or just the MSFC? If I cannot reset only the MSFC, in what mode should I issue the reset command? CATOS or IOS in this case (IOS is in session 15 or 16)? Will this reset both the Supervisor and the MSFC? 3. Should I not losing the configuration which I assumed they're saved in NVRAM of the MSFC or Sup. Engine? Again, Thanks much to All!!! Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18142&t=18138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have a customer who... food for thought - static routes [7:18145]
yes - sheer numbers of devices in the shared bridging domain. we are talking 500 to a thousand home users, many of whom are technically savvy folks who may have reasons good or bad to connect multiple devices to the home part of the remote access network. not to mention the fact that bridging would mean direct and unrestricted access from each of these home guys to eachother. I can just see the little rascals Code Redding eachother! ;-> Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rob Fielding Sent: Friday, August 31, 2001 9:58 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] I just quickly glanced at the 827 docs on cisco.com, so please correct me if I'm wrong about them. According to the docs, you can configure the 827's for bridging or NAT. You could avoid static routes on this edge of the customer's network entirely (except for defaults on the 827's). The 7206 would see all of the home networks as being directly connected. NAT overload would probably be my first choice because the 827 could assign addresses to the home pc's with DHCP, so the users wouldn't have to configure anything, and any number of home pc's would just share the 827's wan interface address. No need for statics at all. Does the customer have any issues about this type of config? -Rob Fielding CCIE #7996 - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, August 30, 2001 10:38 PM Subject: RE: I have a customer who... food for thought - static routes [7:18038] > There have been several good replies to my post. In addition to Tony's > insight below, Leigh Anne and Jim both had excellent observations that > covered issues my customer raised. > > The customer expressed concerns were with engineers who for any number of > reasons, whether careless, inconsiderate, malicious, or as part of their > jobs, might bring down various segments. this is something that apparently > happens with some regularity in the customer production network. > > there were concerns with route flapping at the core. we are in California, > after all, and we still live under the threat of rolling blackouts. plus > many folks out here are doing their part by shutting things down at night, > or when not in use. The flapping issue is bogus, as one could always > advertise only the summaries into the core, but again, the customer engineer > would not hear of it. > > the customer deliberately turns off CDP. I did not discuss this with him, > but I suspect there is a bit of concern with revealing information that CDP > transmits. > > my point in bringing up this situation was in part to stimulate thought > about using various forms of routing as one means of enforcing policy. > Static routing is not necessarily a bad thing. On the other hand, there are > other ways to deal with the stated concerns other than massive static > routing. > > enjoyed the comments. thanks, everyone. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tony Medeiros > Sent: Thursday, August 30, 2001 12:23 AM > To: [EMAIL PROTECTED] > Subject: Re: I have a customer who... food for thought - static routes > [7:17826] > > > I'll bite: > PROS: > > 1) If DSL user decides to change his network for some reason and it overlaps > another on somewhere, dynamic routing will hose the core. (could prevent > with route filtering but that would be an even bigger hassle). > > 2) 7206 might fold with that many routing protocol neigbors (depends on > routing protocol) > > 3) Job security for the guy managing the network :) > > 4) ODR needs CDP and that many neighbors could fold the core too maybe ?? > Don't know about that. > > 5) Less overhead in general. > > 6) Security, Don't want some guy to announce a boatload of bogus networks. > > 7) Unless the routing protocol of choice can only send a default route, > Those little DSL routers would get killed with a big table. OSPF is would > do it but would each little router would need to be in it's own area or the > LS database would kill the little guys . RIP seems like a good choice, but > again, there would be need for a lot of filtering to keep the table small. > You could have a default static on all the little guys and filter ALL > updates coming out of the core. But there is the security thing again. > > 8) Stability, The static way will be the most stable for sure, > > CONS: > 1) Managment nightmare. > > I think I see their point already Chuck. I don't quite see why CDP wouldn't > be allowed though. > Am I close ? > Tony M. > > - Original Message - > From: "Chuck Larrieu" > To: > Sent: Wednesday, August 29, 2001 11:28 PM > Subject: I have a customer who... food for thought - static routes [7:17819] > > > > I have a customer who... don't you love it when a post begins with those > > words? > > > > In my case, I am hoping this can serve as food for t
RE: I have a customer who... food for thought - static routes [7:18146]
btw, I have other customers to whom I have recommended the bridging solution using 827's and a 26xx at the host. in those cases we have been looking at no more than 50-100 end stations, most of which are at the host site. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rob Fielding Sent: Friday, August 31, 2001 9:58 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] I just quickly glanced at the 827 docs on cisco.com, so please correct me if I'm wrong about them. According to the docs, you can configure the 827's for bridging or NAT. You could avoid static routes on this edge of the customer's network entirely (except for defaults on the 827's). The 7206 would see all of the home networks as being directly connected. NAT overload would probably be my first choice because the 827 could assign addresses to the home pc's with DHCP, so the users wouldn't have to configure anything, and any number of home pc's would just share the 827's wan interface address. No need for statics at all. Does the customer have any issues about this type of config? -Rob Fielding CCIE #7996 - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, August 30, 2001 10:38 PM Subject: RE: I have a customer who... food for thought - static routes [7:18038] > There have been several good replies to my post. In addition to Tony's > insight below, Leigh Anne and Jim both had excellent observations that > covered issues my customer raised. > > The customer expressed concerns were with engineers who for any number of > reasons, whether careless, inconsiderate, malicious, or as part of their > jobs, might bring down various segments. this is something that apparently > happens with some regularity in the customer production network. > > there were concerns with route flapping at the core. we are in California, > after all, and we still live under the threat of rolling blackouts. plus > many folks out here are doing their part by shutting things down at night, > or when not in use. The flapping issue is bogus, as one could always > advertise only the summaries into the core, but again, the customer engineer > would not hear of it. > > the customer deliberately turns off CDP. I did not discuss this with him, > but I suspect there is a bit of concern with revealing information that CDP > transmits. > > my point in bringing up this situation was in part to stimulate thought > about using various forms of routing as one means of enforcing policy. > Static routing is not necessarily a bad thing. On the other hand, there are > other ways to deal with the stated concerns other than massive static > routing. > > enjoyed the comments. thanks, everyone. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tony Medeiros > Sent: Thursday, August 30, 2001 12:23 AM > To: [EMAIL PROTECTED] > Subject: Re: I have a customer who... food for thought - static routes > [7:17826] > > > I'll bite: > PROS: > > 1) If DSL user decides to change his network for some reason and it overlaps > another on somewhere, dynamic routing will hose the core. (could prevent > with route filtering but that would be an even bigger hassle). > > 2) 7206 might fold with that many routing protocol neigbors (depends on > routing protocol) > > 3) Job security for the guy managing the network :) > > 4) ODR needs CDP and that many neighbors could fold the core too maybe ?? > Don't know about that. > > 5) Less overhead in general. > > 6) Security, Don't want some guy to announce a boatload of bogus networks. > > 7) Unless the routing protocol of choice can only send a default route, > Those little DSL routers would get killed with a big table. OSPF is would > do it but would each little router would need to be in it's own area or the > LS database would kill the little guys . RIP seems like a good choice, but > again, there would be need for a lot of filtering to keep the table small. > You could have a default static on all the little guys and filter ALL > updates coming out of the core. But there is the security thing again. > > 8) Stability, The static way will be the most stable for sure, > > CONS: > 1) Managment nightmare. > > I think I see their point already Chuck. I don't quite see why CDP wouldn't > be allowed though. > Am I close ? > Tony M. > > - Original Message - > From: "Chuck Larrieu" > To: > Sent: Wednesday, August 29, 2001 11:28 PM > Subject: I have a customer who... food for thought - static routes [7:17819] > > > > I have a customer who... don't you love it when a post begins with those > > words? > > > > In my case, I am hoping this can serve as food for thought, a springboard > > for discussion. So here goes > > > > My customer is a high tech firm whose name you would all recognize, if I > > were to exhibit ill manners by revealing it. > > > > My project ( well, I'm
RE: I have a customer who... food for thought - static routes [7:18147]
effective today, I became responsible for creating and maintaining that database, until such time as we hand off to the maintenance and support people. :-0 this is an interesting project for a lot of reasons, not the least of which are the layer 8 and above issues. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Friday, August 31, 2001 7:40 AM To: [EMAIL PROTECTED] Subject: RE: I have a customer who... food for thought - static routes [7:18089] Let me throw in some thoughts. Why are static routes not scalable? People start muttering about "lots of configuration." But doesn't your customer use some sort of database, or at least spreadsheet, to keep track of which subnets have been assigned, both to access links and user LANs? Even if DHCP is in wide use, there still should be a log. Given this addressing information, it really isn't hard to write a program that generates static routes from the address assignments, and then sets up a TFTP file to be merged into router configurations. Depending where you are in a routing hierarchy, statics also can be summarized. This is a little harder to do automatically, although there are tools such as CIDRAdvisor from Merit. The summary statics may be sufficiently rare (e.g., POP level) that their manual configuration is fairly trivial. Oh -- another reason people worry about static routes is "they don't respond to failures." How many of your end users have alternate connectivity that dynamic routing could find? In any case, will static routes be flushed if the next hop disappears? >There have been several good replies to my post. In addition to Tony's >insight below, Leigh Anne and Jim both had excellent observations that >covered issues my customer raised. > >The customer expressed concerns were with engineers who for any number of >reasons, whether careless, inconsiderate, malicious, or as part of their >jobs, might bring down various segments. this is something that apparently >happens with some regularity in the customer production network. Arguably, there rarely is a technical solution to a management problem. > >there were concerns with route flapping at the core. we are in California, >after all, and we still live under the threat of rolling blackouts. plus >many folks out here are doing their part by shutting things down at night, >or when not in use. The flapping issue is bogus, as one could always >advertise only the summaries into the core, but again, the customer engineer >would not hear of it. > >the customer deliberately turns off CDP. I did not discuss this with him, >but I suspect there is a bit of concern with revealing information that CDP >transmits. > >my point in bringing up this situation was in part to stimulate thought >about using various forms of routing as one means of enforcing policy. >Static routing is not necessarily a bad thing. On the other hand, there are >other ways to deal with the stated concerns other than massive static >routing. > >enjoyed the comments. thanks, everyone. > >Chuck > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Tony Medeiros >Sent: Thursday, August 30, 2001 12:23 AM >To: [EMAIL PROTECTED] >Subject: Re: I have a customer who... food for thought - static routes >[7:17826] > > >I'll bite: >PROS: > >1) If DSL user decides to change his network for some reason and it overlaps >another on somewhere, dynamic routing will hose the core. (could prevent >with route filtering but that would be an even bigger hassle). > >2) 7206 might fold with that many routing protocol neigbors (depends on >routing protocol) > >3) Job security for the guy managing the network :) > >4) ODR needs CDP and that many neighbors could fold the core too maybe ?? >Don't know about that. > >5) Less overhead in general. > >6) Security, Don't want some guy to announce a boatload of bogus networks. > >7) Unless the routing protocol of choice can only send a default route, >Those little DSL routers would get killed with a big table. OSPF is would >do it but would each little router would need to be in it's own area or the >LS database would kill the little guys . RIP seems like a good choice, but >again, there would be need for a lot of filtering to keep the table small. >You could have a default static on all the little guys and filter ALL >updates coming out of the core. But there is the security thing again. > >8) Stability, The static way will be the most stable for sure, > >CONS: >1) Managment nightmare. > >I think I see their point already Chuck. I don't quite see why CDP wouldn't >be allowed though. >Am I close ? >Tony M. > >- Original Message - >From: "Chuck Larrieu" >To: >Sent: Wednesday, August 29, 2001 11:28 PM >Subject: I have a customer who... food for thought - static routes [7:17819] > > >> I have a customer who... don't you love it when a post begins with those >> words? >> >> In my
Re: Question about domain control across router? [7:17781]
Use ip helper address. By default, routers do not route Netbios traffic. ""Tony Medeiros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Need a WINS server configured for that webserver so it can find the PDC or > BDC. Or do a "#pre #dom" mapping in the LMHOSTS file. > > Tony M. > MCSE+I (no, really I am too !!) > > - Original Message - > From: "Derric Gu" > To: > Sent: Wednesday, August 29, 2001 6:16 PM > Subject: Question about domain control across router? [7:17781] > > > > My webserver is connected to the e0/0 of the router, and it has a WAN ip > > address; my windows domain controller is connected to the e0/1 of the > router > > through switch, and it has LAN ip address. I find that I can't add it to > the > > domain, is it because I have to do some deployment on the router? > > Thanx. > > > > -- > > --Best Regards > > Yours, Gu De > > Tel: 027-8792-3238(O) > > Network Group > > Wuhan Jinglun Electronic Company Ltd. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18148&t=17781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Errors in All-in-one CCIE [7:17985]
I'm taking my CCIE written next weekI have my CCNP and remember studying all of those stupid MCSE braindumpswhat a waste of time and money that was.I value my knowledge from the CCNP and studying for the CCIE more than anything minus my PS2 -Original Message- From: Richard Botham [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 3:38 PM To: [EMAIL PROTECTED] Subject:RE: Errors in All-in-one CCIE [7:17985] Khalid, In the nicest possible way - Preparing to be a CCIE does not include reading braindumps - If this is what you want the become an MCSE - thats easy - I know I was an MCSE (Until they invalidated it by changing the exams)years ago and then realised what a complete and utter waste of time it was Preparing to be a CCIE includes the following: 1 - A lot of hands on work and practical experiance - 4 years plus 2 - Being able to spot the errors in the books that are published 3 - Reading the better books around - Doyle/Halabi/Caslow/Kennedy etc 3 - Dedication Remember you cannot braindump a lab exam Best of luck in your efforts - but learn properly - you'll come unstuck in a big way otherwise. Regards Richard [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18131&t=17985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP Authentication CHAP [7:18093]
*Mar 1 01:42:53.795: BR0:2 CHAP: Username plusnet not found > -Original Message- > From: Gaz [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 31, 2001 3:38 PM > To: [EMAIL PROTECTED] > Subject: PPP Authentication CHAP [7:18093] > > > Hi, > > Can you help me plz guys been trying to get me 1601 with ISDN > WIC to work > for yonks. From debug's it looks like CHAP AUTH is failing > but I don't know > why ?! > > I have enclosed sh ver, sh run and debug dialer, debug ppp auth chap. > > Any help would be greatly appreciated. > > Thanx in advance. > > Sh ver > > 1601#sh ver > Cisco Internetwork Operating System Software > IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(7)T, > RELEASE SOFTWARE > (fc2) > Copyright (c) 1986-1999 by cisco Systems, Inc. > Compiled Mon 06-Dec-99 18:03 by phanguye > Image text-base: 0x0803DCE8, data-base: 0x02005000 > > ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY > DEPLOYMENT > RELEASE > SOFTWARE (fc2) > ROM: 1600 Software (C1600-BOOT-R), Version 11.1(7)AX, EARLY DEPLOYMENT > RELEASE S > OFTWARE (fc2) > > 1601 uptime is 1 hour, 30 minutes > System returned to ROM by power-on > System image file is "flash:/c1600-1207T.bin" > > cisco 1601 (68360) processor (revision C) with 13824K/4608K > bytes of memory. > Processor board ID 04909005, with hardware revision > Bridging software. > X.25 software, Version 3.0.0. > Basic Rate ISDN software, Version 1.1. > 1 Ethernet/IEEE 802.3 interface(s) > 1 Serial(sync/async) network interface(s) > 1 ISDN Basic Rate interface(s) > System/IO memory with parity disabled > 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM > System running from FLASH > 7K bytes of non-volatile configuration memory. > 8192K bytes of processor board PCMCIA flash (Read ONLY) > > Configuration register is 0x2102 > > > Sh run > > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug datetime msec > service timestamps log uptime > no service password-encryption > service udp-small-servers > service tcp-small-servers > ! > hostname 1601 > ! > enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. > ! > username xx password 0 x > ! > ! > ! > ! > ip subnet-zero > no ip domain-lookup > ! > isdn switch-type basic-net3 > isdn voice-call-failure 0 > ! > ! > ! > interface Ethernet0 > ip address 10.10.1.1 255.255.255.0 > no ip directed-broadcast > ip nat inside > no ip route-cache > no ip mroute-cache > ! > interface Serial0 > physical-layer async > bandwidth 64000 > ip unnumbered Ethernet0 > no ip directed-broadcast > encapsulation ppp > no ip route-cache > no ip mroute-cache > keepalive 10 > dialer in-band > dialer wait-for-carrier-time 120 > async mode interactive > fair-queue 64 16 0 > ppp authentication chap callin > ! > interface BRI0 > bandwidth 64 > ip address negotiated > no ip directed-broadcast > ip nat outside > encapsulation ppp > no ip route-cache > no ip mroute-cache > no keepalive > dialer idle-timeout 150 > dialer string 08451400101 > dialer-group 2 > isdn switch-type basic-net3 > ppp authentication chap > ! > ip nat inside source list 100 interface BRI0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 BRI0 > no ip http server > ! > access-list 100 permit ip 10.10.1.0 0.0.0.255 any > access-list 101 deny udp any any eq snmp > access-list 101 deny udp any any eq ntp > access-list 101 permit ip any any > access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log > dialer-list 1 protocol ip list 110 > dialer-list 2 protocol ip permit > ! > line con 0 > exec-timeout 0 0 > transport input none > line 1 > modem InOut > transport input all > stopbits 1 > speed 115200 > flowcontrol hardware > line vty 0 > exec-timeout 0 0 > login local > length 25 > line vty 1 4 > exec-timeout 0 0 > login local > ! > > > 1601#sh deb > Dial on demand: > Dial on demand events debugging is on > PPP: > PPP protocol negotiation debugging is on > ISDN: > ISDN Q931 packets debugging is on > ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-) > DSL 0 --> 1 > 1 - > > 1601#ping 4.1.1.1 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds: > > *Mar 1 01:42:51.533: BRI0 DDR: Dialing cause ip > (s=10.10.1.1, d=4.1.1.1) > *Mar 1 01:42:51.537: BRI0 DDR: Attempting to dial 08451400101 > *Mar 1 01:42:51.549: ISDN BR0: TX -> SETUP pd = 8 callref = 0x04 > *Mar 1 01:42:51.553: Bearer Capability i = 0x8890 > *Mar 1 01:42:51.553: Channel ID i = 0x83 > *Mar 1 01:42:51.557: Called Party Number i = 0x80, > '08451400101' > *Mar 1 01:42:51.747: ISDN BR0: RX CONNECT_ACK pd = 8 > callref = 0x04 > 01:43:43: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up > 01:43:43: %ISDN-6-CONNECT: Interface BRI0:2 is now connected > to 08451400101 > *Mar 1 01:42:53.561: BR0:2 PPP: Treating connection as a callout > *Mar 1 01:42:53.565: BR0:2 PPP: Phase is EST
Re: Errors in All-in-one CCIE [7:17985]
Try the errata page of the publisher?? Brian "Sonic" Whalen Success = Preparation + Opportunity On Fri, 31 Aug 2001, Dennis H wrote: > > there are lot of errors in this book. Can anybody tell me these errors and > > there page numbers. I am using second edition of this book. > > The book is full of errors... way too many to list... > > > > > Moreover, I will appreciate if somebody can send me CCIE braindumps and > > practise exams. > > If you want braindumps then stick with Microsoft exams loser! You don't > have want it takes to be a Cisco engineer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18143&t=17985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
