Re: One Journalist's Opinion of CCIE (Warning !!! longish ) [7:19098]
I have to agree with many, if not all the points raised by everybody. My humble take is that there are 4 types of knowledge a great, capable of hands on, design, etc. network engineer should have in the perfect world. CCIE or not. Bear in mind that I am talking about a network engineer that basically works with the equipment and maintains and designs networks. Other types of network engineers that design hardware, software, and protocols will come under a way different set of rules I would think. 1. Basic network and protocol knowledge: This should be how all layer 2, 3, 4 and many layer 7 protocols work including the management plane protocols, routing protocols, STP, etc. Not necessarily what all the frame/packet/segment structures look like and where and what each field in the PDU is and does. But enough PDU structure to know what the engineer is looking at and understand how they work. Although this is all excellent knowledge to have, I think it's improbable (at least for me) to know all the PDU structures in detail. The main thing is to know the behaviors (especially TCP) and how things can go right or wrong. Some layer 1 stuff is good to know too!! Like what does it mean when I have slips on my T1 interface or how a DS-3 works. Other things are cabling issues, what box does what, where do I use a certain box (bridge vs.router, etc.), design best practices, security issues and techniques. Also host behavior and configuration knowledge is invaluable. I'm sure I left out a bunch of stuff, but that is what I see as important(in my limited experience) to know Most, if not all of number 1 can be learned by reading books, RFC's white papers, etc. Hands on experience will certainly help. 2. Platform specific configuration: It's great to know all the above stuff, but If I can't make it happen on whatever I am configuring be it Cisco, Foundry, Extreme, or whatever. I am of little use as a hands on engineer. It's nice to know how EIGRP installs a feasible successor, But if I can't get my routes to propagate correctly because I left out "no auto summary", that knowledge doesn't serve me like it should. OT. Why Cisco doesn't remove ALL classfull behavior from that damn protocol is beyond me!! Again, I believe it's improbable to know how to configure everything on even one vender or platform. But, the engineer should know when to punt and ask for help. Or know how to access and find the information he/she requires. And I don't just mean calling TAC :) Even though the wonderful people at TAC have gotten my ass out of a ringer many times. The Items in Number 2 comes from some book knowledge. But hands on experience is key. The experience of producing a complex config and fighting to make it work is the best teacher I know of. Be it in a lab or live network. I never forgot the first time I got a DS-3 of ATM with about 15 pvcs to work. Or even the first time I brought up a simple frame link and pinged across and watched my routing table to grow !!! It was almost better than sex !!(don't tell my wife please !!) I know, I'm sick. :>/ 3. Experience, PERIOD !! Many a time it has been when I fought to get something to work and couldn't. I checked the config against CCO, changed IOS's, changed modules, changed my underwear, etc. Ending calling up a more knowledgeable peer to have her tell me: "Oh, it's BLA, BA BLA". Type in the undocumented "BLA BA BLA and it will work." That is why having peers and is essential to survival in this business. Everybody of Group study is my peer whom I glean information and support. I am a firm believer in "no man/women is an island' !! And NOBODY knows everything. 4. The ability, motivation, and tenacity to solve problems, learn, and do a good job. (self explanatory) I believe no attribute in itself is the most important, we need all of them. Sorry everybody for the long post. I'll refrain from posting for a while. Tony M. #6172 - Original Message - From: "Leigh Anne Chisholm" To: Sent: Friday, September 07, 2001 9:59 PM Subject: RE: One Journalist's Opinion of CCIE [7:18843] > Actually, it's likely the lawyer fresh out of lawschool will do a better job > than the cratchety old lawyer that's had a few years to become jaded by the > system or to get an over-inflated view of themselves. The new kid on the > block has something to prove so he'll go that extra mile to do a superb job. > Did I mention I used to head up an IT division at a major Canadian law firm? > (-: > > My point is... experience doesn't always matter. Brilliance and the > willingness to do a good job can compensate quite well for experience. > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Chuck Larrieu > > Sent: Friday, September 07, 2001 10:48 PM > > To: [EMAIL PROTECTED] > > Subject: RE: One Journalist's Opinion of CCIE [7:18843] > > > > > > hey, Brad, aren't you the guy who was complaining on the other lis
Re: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19099]
You can limit bandwidth on DLCI's all day long if you want to on P to P subinterfaces. "Frame-relay traffic shaping" Tony M - Original Message - From: "EA Louie" To: Sent: Friday, September 07, 2001 11:45 PM Subject: Re: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19095] > - Original Message - > From: "Rik Guyler" > To: > Sent: Friday, September 07, 2001 11:14 PM > Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 > [7:19091] > > > > However, it appears that Ole wants to (correct me if I'm wrong) limit the > > bandwidth per DLCI. Is this true? If that's the case, unfortunately > there > > is no way to do this on the router. > > nah, that's not what he wants, nor asked for. His provider has given him a > 768k access rate, and he thought he has to set up his T-1 WIC channelized > for each DLCI. Chuck set him straight on that one, although I understand > the confusion. And I'll do some research, but with newer versions of IOS > one *might* now be able to limit bandwidth per DLCI. > > > > > When you order a FR circuit, you are typically ordering a T1 for layer 1 > so > > you really are just getting 1 "pipe" capable of flowing 768k. The DLCIs > > converge into this pipe in a logical fashion, not a physical one, hence > the > > layer 2 stuff (FR encapsulation) needed at this point. > > Same point Chuck made > > > > > --- > > Rik Guyler > > > > -Original Message- > > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > > Sent: Friday, September 07, 2001 11:21 PM > > To: [EMAIL PROTECTED] > > Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 > > [7:19081] > > > > > > Ole, my man, you are trying to outsmart yourself, and you're a pretty > smart > > guy ;-> > > > > Your T1 module is for the telco interface only. You purchased 768K, it > > appears. Your DLCI's / PVC's will share that 768K with no further layer 1 > > actions on your part > > > > once you have properly configured the layer one stuff - the timeslots and > > B8ZS and ESF and yellow alarm and loopback and clock source, you are done > > with the service module. > > > > All that remains is assigning the DLCI's to the appropriate subinterface, > > and IP addressing for the PVC's, and you are on your way. > > > > Chuck > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Ole Drews Jensen > > Sent: Friday, September 07, 2001 3:11 PM > > To: [EMAIL PROTECTED] > > Subject: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 > > [7:19057] > > > > > > I am now on unknown territory, where no man in my shoes has walked before. > > > > I have a Frame Relay scenario being setup, and my host router has just > > received the green light from the provider. > > > > The Frame Relay host uses 12 channels, and connects on three PVC's to > three > > branch offices, each with 4 channels. > > > > I searched and found the answer on how to setup the channels on cisco's > > site: > > > > router(config-if)#service-module t1 timeslots 1-12 > > > > but will I have to do that for my three sub interfaces also? > > > > Example: > > > > router(config)#int s0/0 > > router(config-if)#service-module t1 timeslots 1-12 > > > > router(config-if)#int s0/0.101 point-to-point > > router(config-subif)#frame-relay interface-dlci 101 > > router(config-subif)#service-module t1 timeslots 1-4 > > router(config-subif)#int s0/0.102 point-to-point > > router(config-subif)#frame-relay interface-dlci 102 > > router(config-subif)#service-module t1 timeslots 5-8 > > router(config-subif)#int s0/0.103 point-to-point > > router(config-subif)#frame-relay interface-dlci 103 > > router(config-subif)#service-module t1 timeslots 9-12 > > > > Thanks and have a great weekend, > > > > Ole > > > > ~~~ > > Ole Drews Jensen > > Systems Network Manager > > CCNA, MCSE, MCP+I > > RWR Enterprises, Inc. > > [EMAIL PROTECTED] > > ~~~ > > http://www.RouterChief.com > > ~~~ > > NEED A JOB ??? > > http://www.oledrews.com/job > > ~~~ > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19099&t=19099 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Security [7:18203]
On Jan 22, 5:54pm, "Circusnuts" wrote: } } I don't believe your talking that much of a savings (between the 2900 & } 3500). The 3500 wills scale to Gig uplink , plus the 2900's EOL's in } October. The 3500's will also enforce QOS, although this in not a concern } in my application of the switch. Well, let's see (these are approx. CDN retail prices): WS-C2912-XL-EN - $1896.00 WS-C2950-12- $1971.60 WS-C2950T-24 - $3158.40 WS-C3512-XL-EN - $3164.40 So, there isn't much difference between the 2912, and 2950-12, which replaces it. There is a big difference between the 2912 and 2950T, which has Gig uplink ports. There is also a big difference between the 2912 and the 3512, but not much difference between the 2950T and the 3512. It all depends on what the person needs. If they don't need the QOS features of the 3500 series, then they might as well go with a 2950-12 (better to get a current product, then one that is about to EOS). }-- End of excerpt from "Circusnuts" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19101&t=18203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connect 6509 with CONSOLE [7:17983]
On Jan 20, 10:28pm, "rkruczkowski" wrote: } } The little hole let you change from the Catalyst console (normal patch } cable) to the Cisco router console cable (rollover) I just wish all } Cisco devises came with this, then we would not have to carry around the } black or blue rollover cable. Hmm... My CiscoPro 2509 came with a black console cable, which appears to be a normal cable. The ROM is copyrighted 1986-1994, so I guess some older routers had the black cable (or, was it just the CiscoPros)? }-- End of excerpt from "rkruczkowski" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19102&t=17983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connect 6509 with CONSOLE [7:17983]
On Jan 21, 3:33am, "Jeff Gercken" wrote: } } I carry a 2" rollover cable and a coupler as well as the std 3' rollover. } This way if you can always create the cable that works. I always carry an ethernet cable, which could probably be used in place of the black cable. I'll try it later... }-- End of excerpt from "Jeff Gercken" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19103&t=17983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: "CIE" Test Question [7:18272]
On Jan 23, 5:49pm, "Leigh Anne Chisholm" wrote: } } This is "one of those"? Oh come on! } } Do you use a router to move packets or to cut grooves in wood? } } That's allegedly a yes or no question, because it's qualified by the } statement, "If you answered yes to these questions, YOU may have the makings } of CERTIFIED INTERNET ENGINEER!" According to basic logic, it is a yes or no question. If you use a router to route packets, or you use a router to cue grooves in wood, then the answer to the question is yes; otherwise, it is no. One of my more annoying habits (especially when I really feel like being annoying), is when people ask me a question with the word "or" in it is to simply answer "yes". Even, if they don't know basic logic, you'd think they would learn better after awhile. }-- End of excerpt from "Leigh Anne Chisholm" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19104&t=18272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Journalist's Opinion of CCIE (Warning !!! longish ) [7:19105]
Tony All good points in your post. As you wrote NOBODY knows anything and if you continue to believe that after geting your CCIE there is great future for you because you will never cease to learn and to develop both personally and profesionally. I am currently studying for CIT and IMHO it is really importand to understand OSI layers because you can learn to troubleshoot bottom up (from physical to data link to network and so on) and I believe that Cisco certs are much more vendor-neutral compared to other certs. If you dont just cram for tests and try to study in a broader perspective there is a lot to learn. A lot of people talk about paper certs but the least likely to be paper certs are CCIE and Red Hat because they have a lab section and that cannot be passed by cramming only without having hands-on experience (maybe lab not real world but this is certainly better than none at all). I am glad that at least something good came out of this long thread. I dont mean to insult anyone but please ignore stupid journalists that dont know what it takes to become a CCIE. Tony and other CCIE's in this list and the ones I had the priviledge to work with demonstrate that being an expert while remaining humble is the true sign of a wise person. George Yiannibas MCSE CCNA ""Tony Medeiros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have to agree with many, if not all the points raised by everybody. > My humble take is that there are 4 types of knowledge a great, capable of > hands on, design, etc. network engineer should have in the perfect world. > CCIE or not. Bear in mind that I am talking about a network engineer that > basically works with the equipment and maintains and designs networks. > Other types of network engineers that design hardware, software, and > protocols will come under a way different set of rules I would think. > > 1. Basic network and protocol knowledge: > This should be how all layer 2, 3, 4 and many layer 7 protocols work > including the management plane protocols, routing protocols, STP, etc. Not > necessarily what all the frame/packet/segment structures look like and where > and what each field in the PDU is and does. But enough PDU structure to know > what the engineer is looking at and understand how they work. Although this > is all excellent knowledge to have, I think it's improbable (at least for > me) to know all the PDU structures in detail. The main thing is to know the > behaviors (especially TCP) and how things can go right or wrong. Some layer > 1 stuff is good to know too!! Like what does it mean when I have slips on my > T1 interface or how a DS-3 works. Other things are cabling issues, what box > does what, where do I use a certain box (bridge vs.router, etc.), design > best practices, security issues and techniques. Also host behavior and > configuration knowledge is invaluable. I'm sure I left out a bunch of > stuff, but that is what I see as important(in my limited experience) to know > > Most, if not all of number 1 can be learned by reading books, RFC's white > papers, etc. Hands on experience will certainly help. > > 2. Platform specific configuration: > It's great to know all the above stuff, but If I can't make it happen on > whatever I am configuring be it Cisco, Foundry, Extreme, or whatever. I am > of little use as a hands on engineer. It's nice to know how EIGRP installs > a feasible successor, But if I can't get my routes to propagate correctly > because I left out "no auto summary", that knowledge doesn't serve me like > it should. OT. Why Cisco doesn't remove ALL classfull behavior from that > damn protocol is beyond me!! Again, I believe it's improbable to know how > to configure everything on even one vender or platform. But, the engineer > should know when to punt and ask for help. Or know how to access and find > the information he/she requires. And I don't just mean calling TAC :) Even > though the wonderful people at TAC have gotten my ass out of a ringer many > times. > > The Items in Number 2 comes from some book knowledge. But hands on > experience is key. The experience of producing a complex config and > fighting to make it work is the best teacher I know of. Be it in a lab or > live network. I never forgot the first time I got a DS-3 of ATM with about > 15 pvcs to work. Or even the first time I brought up a simple frame link > and pinged across and watched my routing table to grow !!! It was almost > better than sex !!(don't tell my wife please !!) I know, I'm sick. :>/ > > 3. Experience, PERIOD !! > Many a time it has been when I fought to get something to work and couldn't. > I checked the config against CCO, changed IOS's, changed modules, changed > my underwear, etc. Ending calling up a more knowledgeable peer to have her > tell me: "Oh, it's BLA, BA BLA". Type in the undocumented "BLA BA BLA and > it will work." That is why having peers and is essential to survival in > this business. E
Cable Modem, DHCP & NAT [7:19106]
Hi, I have a 2600 router and the latest software so I can get a DHCP number from my service provider. I'm trying to configure the router so that I can put my static network on the inside. It accepts the DHCP number but I can't get it to do the translation to the inside seeing that the outside number is not a static number. Anyone have experience with this? Any help would be appreciated. -- Bob Lepine MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19106&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19107]
How about map classes? defining CIR, MinCIR, BE, BC, etc... And then apply those map classes to the sub-interfaces. -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 2:45 AM To: [EMAIL PROTECTED] Subject: Re: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19095] - Original Message - From: "Rik Guyler" To: Sent: Friday, September 07, 2001 11:14 PM Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19091] > However, it appears that Ole wants to (correct me if I'm wrong) limit the > bandwidth per DLCI. Is this true? If that's the case, unfortunately there > is no way to do this on the router. nah, that's not what he wants, nor asked for. His provider has given him a 768k access rate, and he thought he has to set up his T-1 WIC channelized for each DLCI. Chuck set him straight on that one, although I understand the confusion. And I'll do some research, but with newer versions of IOS one *might* now be able to limit bandwidth per DLCI. > > When you order a FR circuit, you are typically ordering a T1 for layer 1 so > you really are just getting 1 "pipe" capable of flowing 768k. The DLCIs > converge into this pipe in a logical fashion, not a physical one, hence the > layer 2 stuff (FR encapsulation) needed at this point. Same point Chuck made > > --- > Rik Guyler > > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 07, 2001 11:21 PM > To: [EMAIL PROTECTED] > Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 > [7:19081] > > > Ole, my man, you are trying to outsmart yourself, and you're a pretty smart > guy ;-> > > Your T1 module is for the telco interface only. You purchased 768K, it > appears. Your DLCI's / PVC's will share that 768K with no further layer 1 > actions on your part > > once you have properly configured the layer one stuff - the timeslots and > B8ZS and ESF and yellow alarm and loopback and clock source, you are done > with the service module. > > All that remains is assigning the DLCI's to the appropriate subinterface, > and IP addressing for the PVC's, and you are on your way. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Ole Drews Jensen > Sent: Friday, September 07, 2001 3:11 PM > To: [EMAIL PROTECTED] > Subject: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 > [7:19057] > > > I am now on unknown territory, where no man in my shoes has walked before. > > I have a Frame Relay scenario being setup, and my host router has just > received the green light from the provider. > > The Frame Relay host uses 12 channels, and connects on three PVC's to three > branch offices, each with 4 channels. > > I searched and found the answer on how to setup the channels on cisco's > site: > > router(config-if)#service-module t1 timeslots 1-12 > > but will I have to do that for my three sub interfaces also? > > Example: > > router(config)#int s0/0 > router(config-if)#service-module t1 timeslots 1-12 > > router(config-if)#int s0/0.101 point-to-point > router(config-subif)#frame-relay interface-dlci 101 > router(config-subif)#service-module t1 timeslots 1-4 > router(config-subif)#int s0/0.102 point-to-point > router(config-subif)#frame-relay interface-dlci 102 > router(config-subif)#service-module t1 timeslots 5-8 > router(config-subif)#int s0/0.103 point-to-point > router(config-subif)#frame-relay interface-dlci 103 > router(config-subif)#service-module t1 timeslots 9-12 > > Thanks and have a great weekend, > > Ole > > ~~~ > Ole Drews Jensen > Systems Network Manager > CCNA, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > ~~~ > http://www.RouterChief.com > ~~~ > NEED A JOB ??? > http://www.oledrews.com/job > ~~~ _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19107&t=19107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One Journalist's Opinion of CCIE [7:18843]
On Jan 28, 10:39am, "Buri, Heather L." wrote: } } Just some food for thought...I wonder how many people on this list would be } getting this upset if the journalist had used the MCSE certification as an } example and not the CCIE? :-) Being an MCP (Workstation 4.0, Server 4.0, Server 4.0 in the Enterprise; which are the core OS exams for NT 4.0), I would not get upset at all. The stuff on these exams barely qualifies one for an entry level position. The Enterprise exam was a complete joke. I studied for it in two weeks at Christmas time. The stuff tested on that exam was real basic and wasn't anywhere near the level of knowledge that would be needed in an enterprise. For example, somebody that only knows the stuff taught at the MCSE level would think that the only way to add an account is to use "User Manager for Domains", which is a gui app. Somebody that has gone beyond the MCSE level would know that you can type "net /useradd ..." at the command line; which, of course, is something that can be scripted. The MCSE stuff barely gives lip service to the command line; the only commands taught are ipconfig, ping, tracert, and nslookup. To be a real admin, you need to be able to automate repititious or complex stuff, as well as understand how things work so that you can troubleshoot when things go wrong. }-- End of excerpt from "Buri, Heather L." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19108&t=18843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on routing [7:19083]
Thomas, This question has a lot of strange inaccuracies in it, but here we go... 1. The routing path chosen will always use the "longest match rule", in other words between 10.50.0.0/16 and 10.32.0.0/12 the route chosen will be the 10.50.0.0/16. 2. Your mask is bad for the static route... if you want routes 10.32.0.0 to 10.63.0.0 to be included, the static route would read: ip route 10.32.0.0 255.224.0.0 serial 1 3. Enabling eigrp requires the command ROUTER EIGRP 200, not just EIGRP 200 4. When you add the network statements network 172.16.1.0 network 172.16.2.0 to your EIGRP process, it will come out simply as network 172.16.0.0 and enable the EIGRP process on both Serial 0 and Serial 1 of both routers. So although you may think that you didn't put in the network statement on router A for 172.16.2.0, it will still enable EIGRP on Serial 1. So when Serial 0 goes down, routing will still continue over Serial 1. Try testing your configs out in a lab and you'll see pretty quickly what I mean. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19109&t=19083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about Cisco's Hierarchical Model [7:19069] Pt 1 [7:19110]
>I've been going through the BCMSN course and I'm a bit baffled on how to do >something. There's the statement that: > >Because VLANs terminate at the distribution device, core links are not trunk >links and traffic is routed across the core. > >What I'm puzzled by is how to terminate a VLAN at the distribution layer. >What am I missing here? Well, like OSI, it's a model without absolute rules, and, like OSI, it's evolved to use sublayers. I often have multiple sublayers in distribution, which very well may physically have both VLANs and VLAN trunks. Don't know if it will help, but here's some partially relevant discussion from a draft chapter of my upcoming book "Building Service Provider Networks": One useful and popular model to describe enterprise network architecture was introduced by Cisco Systems. Any model, of course, is a guideline, and, as shown in Figure 2, this model has been used with both WAN and LAN cores. Figure 2: 3 layer model This model divides the network into three tiers: o Access: contains end users and local servers. It is possible to put centralized servers in an access tier, but, when doing so, it is usually best to put the individual servers of a local cluster into the access tiers. Load distribution to these servers is at the next tier. o Distribution: contains devices that transition between environments (e.g., LAN to WAN, building to campus, or different transmission technology). Often, the distribution tier is the place that requires the greatest intelligence for protocol conversion, buffering, etc. Another term entering usage for this function is "Edge." o Core: efficiently links sites of the infrastructure. May be a collapsed LAN backbone primarily of layer 2 and inter-VLAN devices, or may be a set of routers. One enterprise guideline is that layer 2 relays tend to have all their interfaces inside tiers, while layer 3 (i.e., routers) and higher layer (e.g., firewalls and proxies) tend to have interfaces between different tiers. This guideline is not terribly rigorous, as a speed-shifting switch between a workgroup and a building (or campus) core often logically straddles the top of the access tier and the bottom of the distribution tier. Large distribution networks will include multiple levels of concentration. When demand access is involved (e.g., dialup), it can be convenient to put end hosts and access routers in the access tier, dial-in servers at the bottom of the distribution tier, and concentrating routers inside the distribution tier. Large routers link regions to a core router or complex of routers. Another function that fits nicely in the distribution tier is that of firewalls or border routers providing connectivity outside the enterprise. See Figure 3. Figure 3: Three-Level Model Details In this figure, note that the central servers themselves are at the distribution tier, but that user connectivity to them comes through the core, and they have their own inter-server links at the access tier. Having isolated links and possibly specialized hosts, such as backup machines, for large servers can keep a great deal of traffic localized and avoid negative performance impact. This model works well for networks of medium size. Small networks may collapse certain of the tiers together, and very large networks become more like carrier networks. In the optimal use of this model, the customer access router is closest to the end hosts, customer core routers link campuses or sites, and distribution routers perform concentration and translation functions between access and core. External connectivity is generally a function of the distribution tier, although, if all otherwise unknown traffic defaults to a central external router, that router might be in the customer core. The model had limitations in large enterprise networks, where there may be multiple operational levels of local, regional, and national/international corporate backbones. One approach, shown in Figure 4, is to apply the model recursively, where the top level of one organizational level becomes the bottom level of another organizational level. Figure 4: Recursive 3 Layer The recursive approach really didn't work well, because each tier, and the devices that commonly straddle them, really have distinctive characteristics. An access device really does not share characteristics with a core device in a larger network. Another method was to create additional core layers for major geographic levels, such as national and intercontinental. Figure 5 shows the logical design I did for an international manufacturing company, which had relatively little communications among their regions, but all regions had significant communications with headquarters. It was reasonable to have all inter-region communication go through headquarters. Figure 5: Multilevel Enterprise Core--Centralized Organization In this figure,
Re: Question about Cisco's Hierarchical Model [7:1 [7:19111]
(continued) Figure 6: Multilevel Enterprise Core--Distributed Organization This model worked acceptably for centrally controlled enterprises, but did not scale well for inter-enterprise networks such as credit card authorization. Large banks, for example, needed to optimize their own cores for internal use, but needed to connect to the credit authorization network. The logical characteristics of such networks fit best into the distribution tier, which becomes the place of interconnection. Interconnecting at the distribution tier allowed the core to return to its original simple-and-fast role of interconnecting sites inside one organization. The requirement for a distribution layer function between access and core, however, did not disappear. Increasingly, network architects defined two distinct sets of function at the distribution tier: the traditional one between core and access, and a border function concerned with inter-organizational connectivity (Figure 7). Border functions could deal both with controlled cooperative relationships (e.g., a bank to the Visa or MasterCard service networks, or to the Federal Reserve), and to the Internet via firewalls. Figure 7: Distribution Tier Evolution This model has its limitations in dealing with provider environments. Figure 8 shows some of the ambiguity with which many providers approached the model. The provider called their own POP entry point access. There are a variety of names for interprovider connection devices, but border router is gaining popularity. Figure 8: Data Carrier Interconnection Evolution Matters become especially confusing when referring to "the thing at the customer site that connects to the provider." This "thing" is sometimes called a subscriber access device, but certainly that makes the term "access" rather ambiguous. To complicate matters even further, the "subscriber access device," with respect to the enterprise network, is probably a device in the (enterprise network's) distribution tier. Entangling the terminology to yet another level, there is usually a device at the customer location that establishes the demarcation of responsibility between subscriber and provider. It may be either a simple interface converter and diagnostic box, or a full-functioned router or switch. The general terms customer premises equipment (CPE) and customer location equipment (CLE) have emerged, but still may have some ambiguity. The basic assumption is that the customer owns the CPE and the provider owns the CLE, but operational responsibility may vary from that. For example, I own my DSL access router, but I don't have the configuration password to it; my ISP does. CPE, not CPE A telephony tradition resulted in a good deal of confusion, due to acronym collision. Traditionally, "CPE" meant customer premises equipment. In the traditional telco environment, CPE was, of course, owned and operated by the carrier. As more and more deregulation affected the industry, customer premises equipment variously could be owned and operated by the customer, leased to the customer by the provider, owned by the customer but operated by the provider, or owned and operated by the subscriber. Redefining the former CPE into CPE and CLE at least identified operational responsibilities. The customer, of course, may have a complex enterprise network. What we think of as CLE or CPE, however, is an increasingly intelligent interface between customer and provider. The interface may contain a firewall functionality, which can be either at the customer site or at the POP. As seen in Figure 9, the customer edge function may contain equipment to multiplex outgoing Internet traffic, VPNs, and VoIP onto a broadband access facility. Figure 9: Intelligent Edge--Subscriber Side Any of the edge devices may be managed by the provider; at least one device normally will. If the provider allows the subscriber to manage their own device, the provider will have ironclad configuration settings, which are not negotiable. Service Provider Models The hierarchical enterprise model was useful, but did not quite fit modern service provider networks, independently of whether the provider was data or voice oriented. Particular problems came from increased competition, with competition both in the internetwork core and in the local access system. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19111&t=19111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is there any good books recommanded for lower [7:19092]
question 1 - at what level of detail do you wish to learn? For X.25, there is the CCITT specification (watch URL wrap) http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X .25 for ATM, there is the ATM Forum Specification (http://www.atmforum.com) for Frame Relay, there is the Frame Relay Forum Specification (http://www.frforum.com/) question 2 - have you done a search on the web for any of those topics? Here are some sample hits from google: X.25 http://www.cis.ohio-state.edu/~jain/cis777-99/g_4x25.htm asynchronous transfer mode http://cne.gmu.edu/modules/atm/Texttut.html Frame Relay http://www.alliancedatacom.com/frame-relay-tutorials.asp Don't forget about digital subscriber line (DSL), too http://www.iec.org/online/tutorials/adsl/ - Original Message - From: "thinkworker" To: Sent: Friday, September 07, 2001 9:13 PM Subject: Is there any good books recommanded for lower 2 layers? [7:19087] > I am trying to learn more about the lower 2 layer tech like > X.25, ATM, Frame Relay in more detail. Is there any good books > recommanded? I am reading a book named "emerging communications > technologies 2nd editon" of Uyless Black, and I think it is only an > overview of the topics. > > Thanks! _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19092&t=19092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about Cisco's Hierarchical Model [7:19069]
>I've been going through the BCMSN course and I'm a bit baffled on how to do >something. There's the statement that: > >Because VLANs terminate at the distribution device, core links are not trunk >links and traffic is routed across the core. > >What I'm puzzled by is how to terminate a VLAN at the distribution layer. >What am I missing here? Well, like OSI, it's a model without absolute rules, and, like OSI, it's evolved to use sublayers. I often have multiple sublayers in distribution, which very well may physically have both VLANs and VLAN trunks. Don't know if it will help, but here's some partially relevant discussion from a draft chapter of my upcoming book "Building Service Provider Networks": One useful and popular model to describe enterprise network architecture was introduced by Cisco Systems. Any model, of course, is a guideline, and, as shown in Figure 2, this model has been used with both WAN and LAN cores. Figure 2: 3 layer model This model divides the network into three tiers: o Access: contains end users and local servers. It is possible to put centralized servers in an access tier, but, when doing so, it is usually best to put the individual servers of a local cluster into the access tiers. Load distribution to these servers is at the next tier. o Distribution: contains devices that transition between environments (e.g., LAN to WAN, building to campus, or different transmission technology). Often, the distribution tier is the place that requires the greatest intelligence for protocol conversion, buffering, etc. Another term entering usage for this function is "Edge." o Core: efficiently links sites of the infrastructure. May be a collapsed LAN backbone primarily of layer 2 and inter-VLAN devices, or may be a set of routers. One enterprise guideline is that layer 2 relays tend to have all their interfaces inside tiers, while layer 3 (i.e., routers) and higher layer (e.g., firewalls and proxies) tend to have interfaces between different tiers. This guideline is not terribly rigorous, as a speed-shifting switch between a workgroup and a building (or campus) core often logically straddles the top of the access tier and the bottom of the distribution tier. Large distribution networks will include multiple levels of concentration. When demand access is involved (e.g., dialup), it can be convenient to put end hosts and access routers in the access tier, dial-in servers at the bottom of the distribution tier, and concentrating routers inside the distribution tier. Large routers link regions to a core router or complex of routers. Another function that fits nicely in the distribution tier is that of firewalls or border routers providing connectivity outside the enterprise. See Figure 3. Figure 3: Three-Level Model Details In this figure, note that the central servers themselves are at the distribution tier, but that user connectivity to them comes through the core, and they have their own inter-server links at the access tier. Having isolated links and possibly specialized hosts, such as backup machines, for large servers can keep a great deal of traffic localized and avoid negative performance impact. This model works well for networks of medium size. Small networks may collapse certain of the tiers together, and very large networks become more like carrier networks. In the optimal use of this model, the customer access router is closest to the end hosts, customer core routers link campuses or sites, and distribution routers perform concentration and translation functions between access and core. External connectivity is generally a function of the distribution tier, although, if all otherwise unknown traffic defaults to a central external router, that router might be in the customer core. The model had limitations in large enterprise networks, where there may be multiple operational levels of local, regional, and national/international corporate backbones. One approach, shown in Figure 4, is to apply the model recursively, where the top level of one organizational level becomes the bottom level of another organizational level. Figure 4: Recursive 3 Layer The recursive approach really didn't work well, because each tier, and the devices that commonly straddle them, really have distinctive characteristics. An access device really does not share characteristics with a core device in a larger network. Another method was to create additional core layers for major geographic levels, such as national and intercontinental. Figure 5 shows the logical design I did for an international manufacturing company, which had relatively little communications among their regions, but all regions had significant communications with headquarters. It was reasonable to have all inter-region communication go through headquarters. Figure 5: Multilevel Enterprise Core--Centralized Organization In this figure,
how to test the GBIC is 1000BASE-ZX. in GSR [7:19114]
Dear all : I 've are problem about testing cisco GBIC ZX in GSR. I just 've 50 M single mode fiber. Would you mind give me some information for test the GBIC. Story : Our client 've order 3 GBIC for Three-port Gigabit Ethernet Card . But, some problem in 2 GBIC can't pass connection test. Test 1 ) I use the SC fiber cross at both GI port at e.g ( Gi2/0 to Gi 3/0). The both 3GE-GBIC-SC status can not active & the all LED is off. I 've try to sweep the TX & RX position and sweep to next Gigabit Ethernet module..etc. Still no response . Test 2 ) Next test, it test is use the one fiber cable only (single side). Make the GBIC TX & RX in loop at single fiber. Just one GBIC can enable & up. Other GBIC still is no response ! Remark : In this section the fiber have tested at both tx & rx is up. Our GBIC is 1000BASE-ZX. Following massage back from TAC: ZX can reach about 70km, it is the most powerful one GBIC. Be sure to use attenuator, otherwise GBIC may be damaged by overpower level laser!!! In order to explain different performance from your 3 GBIC, I think we can look at the tx level of max 6db to min 0db. If the one tx 0db, certainly rx will below 0db. If the other tx 6db, 50m fiber is not enough to cause 6db loss, so interface is still down and GBIC may be damaged. 9/125um SM 1000Base-ZX SC 6 tx max 0 tx min 0 rx max -23 rx min 70 km 42 mile 1000Base-ZX can reach up to 100km (60mi) by using dispersion shifted SM or low attenuation SM Regards, Eric, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19114&t=19114 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIP -- suppressing null update [7:15469]
RIP v1 and v2 send updates periodically, whether there is anything new to report or not. ( So does IGRP, for that matter ) It is the update that serves as a functional "hello" Lack of receipt of an update is cause for concern, and lack of several can start the various timers ticking. Note that link state protocols, as well as BGP, send "hellos" periodically, but not full information. With these protocols, only changes are advertised. for purposes of this comment, EIGRP is considered "link state" Note also that the frequency of the hellos increases with these. The designers determined that more very small packets was an acceptable price for faster reporting of failures in networks. All routing protocols contain some mechanism for detecting and dealing with failure. Some tell all they know. others do not. HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Aki Anttila Sent: Thursday, August 09, 2001 9:52 PM To: [EMAIL PROTECTED] Subject: Re: RIP -- suppressing null update [7:15469] Hi! My experience says that if the router does not have anything to send (f.ex. due to SH), then the update is suppressed. Aki At 13:41 9.8.2001 -0400, you wrote: >At 11:09 AM 8/9/01, kwock99 wrote: > >Hi All, > > > >One of my router does not recieve the routing update on RIP. Here is the > >"show > >ip protocol". > >Is this the "show ip protocol" on the router that is not receiving routing >updates or on the router that is supposedly sending them? > >Here are some things to check: > >Are both routers using RIPv2? >Is there a split horizon issue that is suppressing the update? >Have you done anything tricky with subnet masks and VLSM? >Is there a summarization issue? > >On the router that is sending but then suppressing updates, (serial >interface 70.0.0.2), what is its subnet mask? What is the address and >subnet mask of the router at the other end? > >Can you send us your configs? > >Priscilla > > > >R4#sh ip prot > >Routing Protocol is "rip" > > Sending updates every 30 seconds, next due in 3 seconds > > Invalid after 180 seconds, hold down 180, flushed after 240 > > Outgoing update filter list for all interfaces is not set > > Incoming update filter list for all interfaces is not set > > Redistributing: rip > > Default version control: send version 2, receive version 2 > > InterfaceSend Recv Key-chain > > Serial0 2 2 > > Routing for Networks: > > 70.0.0.0 > > 130.0.0.0 > > Routing Information Sources: > > Gateway Distance Last Update > > Distance: (default is 120) > > > > > >After I turn on the debug ip rip events, Here is the message: > > > > > >RIP: sending v2 update to 224.0.0.9 via Serial0 (70.0.0.2) - suppressing >null > >update > >RIP: sending v2 update to 224.0.0.9 via Serial0 (70.0.0.2) - suppressing >null > >update > >RIP: sending v2 update to 224.0.0.9 via Serial0 (70.0.0.2) - suppressing >null > >update > > > > > >Anyone knows what is wrong and how to configure the router to get the >update. > > > >Thanks in advance. > > > >Best regards > >Francis Tsui > > >Priscilla Oppenheimer >http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19113&t=15469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One Journalist's Opinion of CCIE (Warning !!! longish ) [7:19115]
gotta get this guy to talk more. there is much of interest and worth in this post. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Medeiros Sent: Saturday, September 08, 2001 12:36 AM To: [EMAIL PROTECTED] Subject: Re: One Journalist's Opinion of CCIE (Warning !!! longish ) [7:19098] I have to agree with many, if not all the points raised by everybody. My humble take is that there are 4 types of knowledge a great, capable of hands on, design, etc. network engineer should have in the perfect world. CCIE or not. Bear in mind that I am talking about a network engineer that basically works with the equipment and maintains and designs networks. Other types of network engineers that design hardware, software, and protocols will come under a way different set of rules I would think. 1. Basic network and protocol knowledge: This should be how all layer 2, 3, 4 and many layer 7 protocols work including the management plane protocols, routing protocols, STP, etc. Not necessarily what all the frame/packet/segment structures look like and where and what each field in the PDU is and does. But enough PDU structure to know what the engineer is looking at and understand how they work. Although this is all excellent knowledge to have, I think it's improbable (at least for me) to know all the PDU structures in detail. The main thing is to know the behaviors (especially TCP) and how things can go right or wrong. Some layer 1 stuff is good to know too!! Like what does it mean when I have slips on my T1 interface or how a DS-3 works. Other things are cabling issues, what box does what, where do I use a certain box (bridge vs.router, etc.), design best practices, security issues and techniques. Also host behavior and configuration knowledge is invaluable. I'm sure I left out a bunch of stuff, but that is what I see as important(in my limited experience) to know Most, if not all of number 1 can be learned by reading books, RFC's white papers, etc. Hands on experience will certainly help. 2. Platform specific configuration: It's great to know all the above stuff, but If I can't make it happen on whatever I am configuring be it Cisco, Foundry, Extreme, or whatever. I am of little use as a hands on engineer. It's nice to know how EIGRP installs a feasible successor, But if I can't get my routes to propagate correctly because I left out "no auto summary", that knowledge doesn't serve me like it should. OT. Why Cisco doesn't remove ALL classfull behavior from that damn protocol is beyond me!! Again, I believe it's improbable to know how to configure everything on even one vender or platform. But, the engineer should know when to punt and ask for help. Or know how to access and find the information he/she requires. And I don't just mean calling TAC :) Even though the wonderful people at TAC have gotten my ass out of a ringer many times. The Items in Number 2 comes from some book knowledge. But hands on experience is key. The experience of producing a complex config and fighting to make it work is the best teacher I know of. Be it in a lab or live network. I never forgot the first time I got a DS-3 of ATM with about 15 pvcs to work. Or even the first time I brought up a simple frame link and pinged across and watched my routing table to grow !!! It was almost better than sex !!(don't tell my wife please !!) I know, I'm sick. :>/ 3. Experience, PERIOD !! Many a time it has been when I fought to get something to work and couldn't. I checked the config against CCO, changed IOS's, changed modules, changed my underwear, etc. Ending calling up a more knowledgeable peer to have her tell me: "Oh, it's BLA, BA BLA". Type in the undocumented "BLA BA BLA and it will work." That is why having peers and is essential to survival in this business. Everybody of Group study is my peer whom I glean information and support. I am a firm believer in "no man/women is an island' !! And NOBODY knows everything. 4. The ability, motivation, and tenacity to solve problems, learn, and do a good job. (self explanatory) I believe no attribute in itself is the most important, we need all of them. Sorry everybody for the long post. I'll refrain from posting for a while. Tony M. #6172 - Original Message - From: "Leigh Anne Chisholm" To: Sent: Friday, September 07, 2001 9:59 PM Subject: RE: One Journalist's Opinion of CCIE [7:18843] > Actually, it's likely the lawyer fresh out of lawschool will do a better job > than the cratchety old lawyer that's had a few years to become jaded by the > system or to get an over-inflated view of themselves. The new kid on the > block has something to prove so he'll go that extra mile to do a superb job. > Did I mention I used to head up an IT division at a major Canadian law firm? > (-: > > My point is... experience doesn't always matter. Brilliance and the > willingness to do a good job can compensate quite well for experience.
Re: Cable Modem, DHCP & NAT [7:19106]
Here you go. It's called "easy IP". It's just NAT over a negotiated interface. http://www.cisco.com/warp/customer/793/access_dial/easyip.html Tony M #6172 - Original Message - From: "Bob Lepine" To: Sent: Saturday, September 08, 2001 5:44 AM Subject: Cable Modem, DHCP & NAT [7:19106] > Hi, I have a 2600 router and the latest software so I can get a DHCP number > from my service provider. I'm trying to configure the router so that I can > put my static network on the inside. It accepts the DHCP number but I can't > get it to do the translation to the inside seeing that the outside number is > not a static number. Anyone have experience with this? > Any help would be appreciated. > > > -- > Bob Lepine > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19117&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about Cisco's Hierarchical Model [7:19069] Pt 1 [7:19118]
On Jan 29, 4:38am, "Howard C. Berkowitz" wrote: } } Don't know if it will help, but here's some partially relevant } discussion from a draft chapter of my upcoming book "Building Service } Provider Networks": Is there a timeframe for this book? }-- End of excerpt from "Howard C. Berkowitz" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19118&t=19118 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19119]
Thanks to all of you who replied to this one. And yes, the host has 768 kbps bandwidth, and each of the three branch offices has 256 kbps. All I needed to know was if I needed any timeslot config on the subs, but I now know that I don't. Thanks again, and have a great weekend, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 1:42 AM To: [EMAIL PROTECTED] Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19093] I had read the message as each of the branch offices having a 256K link. in any case, Rik, you are probably correct in your interpretation as well. Only Ole can clarify what he meant. My point ( and yours ) is that there is no way or need to do further configuration on the host site with regards to the frame connection. The timeslots are not "reserved" in terms of which DLCI uses which timeslots or group of timeslots. all data will go out the physical interface as fast as the wire permits. the layer three to layer two mapping will determine which PVC gets which of those frames. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rik Guyler Sent: Friday, September 07, 2001 11:14 PM To: [EMAIL PROTECTED] Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19091] However, it appears that Ole wants to (correct me if I'm wrong) limit the bandwidth per DLCI. Is this true? If that's the case, unfortunately there is no way to do this on the router. When you order a FR circuit, you are typically ordering a T1 for layer 1 so you really are just getting 1 "pipe" capable of flowing 768k. The DLCIs converge into this pipe in a logical fashion, not a physical one, hence the layer 2 stuff (FR encapsulation) needed at this point. --- Rik Guyler -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 11:21 PM To: [EMAIL PROTECTED] Subject: RE: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19081] Ole, my man, you are trying to outsmart yourself, and you're a pretty smart guy ;-> Your T1 module is for the telco interface only. You purchased 768K, it appears. Your DLCI's / PVC's will share that 768K with no further layer 1 actions on your part once you have properly configured the layer one stuff - the timeslots and B8ZS and ESF and yellow alarm and loopback and clock source, you are done with the service module. All that remains is assigning the DLCI's to the appropriate subinterface, and IP addressing for the PVC's, and you are on your way. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Friday, September 07, 2001 3:11 PM To: [EMAIL PROTECTED] Subject: FR question - Configuring Fractional T1 on the WIC-1DSU-T1 [7:19057] I am now on unknown territory, where no man in my shoes has walked before. I have a Frame Relay scenario being setup, and my host router has just received the green light from the provider. The Frame Relay host uses 12 channels, and connects on three PVC's to three branch offices, each with 4 channels. I searched and found the answer on how to setup the channels on cisco's site: router(config-if)#service-module t1 timeslots 1-12 but will I have to do that for my three sub interfaces also? Example: router(config)#int s0/0 router(config-if)#service-module t1 timeslots 1-12 router(config-if)#int s0/0.101 point-to-point router(config-subif)#frame-relay interface-dlci 101 router(config-subif)#service-module t1 timeslots 1-4 router(config-subif)#int s0/0.102 point-to-point router(config-subif)#frame-relay interface-dlci 102 router(config-subif)#service-module t1 timeslots 5-8 router(config-subif)#int s0/0.103 point-to-point router(config-subif)#frame-relay interface-dlci 103 router(config-subif)#service-module t1 timeslots 9-12 Thanks and have a great weekend, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19119&t=19119 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what does "dark fiber" mean? [7:18718]
we pay $30,000/month for ours... But it spans aprox. 20+ miles... shorter runs would be less. -Patrick >>> "Mark Odette II" 09/06/01 21:50 PM >>> So- Just out of curiousity- Anybody have a rough amt. that "Dark Fiber" runs for?? Is it dependent upon the mileage, or is it rated out at a flat monthly fee. You'ld think that if it was only a couple hundred bucks a month, that all kinds of ISP startups would be using it to put their infrastructure together, and just have a specific site as their gateway to an upstream provider. Tell me if I'm coockoo about this theory. Mark Odette II - Original Message - From: "Patrick Ramsey" To: Sent: Thursday, September 06, 2001 7:03 PM Subject: Re: what does "dark fiber" mean? [7:18718] > Close... > > Actually it's dark when nothing is attached, but it remain's "dark" even when > CPE is attached. > > Dark fiber, the term is used by providers meaning that they lease you fiber > that does not traverse their network. So technically, you can run anything > across it as you wish. > > Take this example... I have a sonet ring from a local carrier and it is > attached to their ATM infrastructure at 155mb. they (the carrier) are not > really lighting the fiber but since it is a sonet node it is limited to ATM. > (Or packet over sonet) but you still only get the bandwidth you pay for. > > However, if I purchase "dark" fiber meaning that it is not lit by the > carrier, > then I can run ATM across it at oc3, oc12, oc48, oc192, etc OR I can run > 100fx or gig across it... However much money I feel like spending on the > equipment is what will run across it. > > -Patrick > > > >>> "Tony van Ree" 09/06/0106:24PM >>> > Hi, > > Dark fibre is when you have, buy or rent a fibre cable that is terminated > but has no equipment connected. Devices using fibre have either infra red > or laser light thus making the cale non "dark". > > Hope this helps. > > Teunis, > Hobart, Tasmania > Australia > > > On Wednesday, September 05, 2001 at 10:16:07 PM, david wrote: > > > Thanks, > > > > > > david > -- > www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19120&t=18718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about Cisco's Hierarchical Model [7:19069] Pt 1 [7:19121]
>On Jan 29, 4:38am, "Howard C. Berkowitz" wrote: >} >} Don't know if it will help, but here's some partially relevant >} discussion from a draft chapter of my upcoming book "Building Service >} Provider Networks": > > Is there a timeframe for this book? My contract calls for having it ready for copy edit November 12, so that would put it in print early in the new year. It's going pretty well, so I might get it done a little early. > >}-- End of excerpt from "Howard C. Berkowitz" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19121&t=19121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what does "dark fiber" mean? [7:18718]
We pay $900/mile/month for ours.. ""Patrick Ramsey"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > we pay $30,000/month for ours... But it spans aprox. 20+ miles... shorter > runs would be less. > > -Patrick > > >>> "Mark Odette II" 09/06/01 21:50 PM >>> > So- Just out of curiousity- Anybody have a rough amt. that "Dark Fiber" runs > for?? Is it dependent upon the mileage, or is it rated out at a flat > monthly fee. > > You'ld think that if it was only a couple hundred bucks a month, that all > kinds of ISP startups would be using it to put their infrastructure > together, and just have a specific site as their gateway to an upstream > provider. > Tell me if I'm coockoo about this theory. > > Mark Odette II > - Original Message - > From: "Patrick Ramsey" > To: > Sent: Thursday, September 06, 2001 7:03 PM > Subject: Re: what does "dark fiber" mean? [7:18718] > > > > Close... > > > > Actually it's dark when nothing is attached, but it remain's "dark" even > when > > CPE is attached. > > > > Dark fiber, the term is used by providers meaning that they lease you > fiber > > that does not traverse their network. So technically, you can run > anything > > across it as you wish. > > > > Take this example... I have a sonet ring from a local carrier and it is > > attached to their ATM infrastructure at 155mb. they (the carrier) are not > > really lighting the fiber but since it is a sonet node it is limited to > ATM. > > (Or packet over sonet) but you still only get the bandwidth you pay for. > > > > However, if I purchase "dark" fiber meaning that it is not lit by the > > carrier, > > then I can run ATM across it at oc3, oc12, oc48, oc192, etc OR I can > run > > 100fx or gig across it... However much money I feel like spending on the > > equipment is what will run across it. > > > > -Patrick > > > > > > >>> "Tony van Ree" 09/06/0106:24PM >>> > > Hi, > > > > Dark fibre is when you have, buy or rent a fibre cable that is terminated > > but has no equipment connected. Devices using fibre have either infra red > > or laser light thus making the cale non "dark". > > > > Hope this helps. > > > > Teunis, > > Hobart, Tasmania > > Australia > > > > > > On Wednesday, September 05, 2001 at 10:16:07 PM, david wrote: > > > > > Thanks, > > > > > > > > > david > > -- > > www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19122&t=18718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-list and Port Scanner [7:19123]
Hi Guys I'm currently looking at how secure are access-lists to act as a firewall. Guy I'm having no luck at all finding a windows port scanner which is similar to port scanners on Linux/Unix platform, for instance let say NMAP. Come on windows guys, however we wont get in to a conversation about platforms "windows/Linux" here, just after a good port scanner. cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19123&t=19123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Journalist's Opinion of CCIE [7:18843]
""Leigh Anne Chisholm"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Actually, it's likely the lawyer fresh out of lawschool will do a better job > than the cratchety old lawyer that's had a few years to become jaded by the > system or to get an over-inflated view of themselves. The new kid on the > block has something to prove so he'll go that extra mile to do a superb job. Reference the movie, "Rainmaker". > My point is... experience doesn't always matter. Brilliance and the > willingness to do a good job can compensate quite well for experience. Another example: When I was in the Air National Guard flying in the backseat of the F-4D Jet Fighter, a similar phenomenon would happen. The rookie air crews took some risk due to inexperience and stupidity, but generally follow procedures better than the experienced air crews who had long since realized that the world would not end if a we rules were bent or broken. "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19124&t=18843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ip precedence of GRE packets [7:19125]
Is it possible to cause the IP precedence of a GRE packet to be the same as the IP precedence of the packet which it encapsulates? I have a client who is passing real-time as well as normal data over a 3DES encrypted tunnel. I have had to resort to using separate tunnels for the two data streams, but I consider this to be a sub-optimal solution. For reference, I am using a 2621 at one end and a 3640 at the other with 12.1.5 images. This is a real world problem for me. Would this kind of thing possibly come up on the CCIE R/S exams? Chris Read Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19125&t=19125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
easyip 2600 [7:19127]
Hi, I've just been informed that easyip should work on my 2600 to get me to resolve the inside to outside network with a dhcp number.(I'm using a cable modem and am assigned a dynamic number) I'm trying to go from my inside network to the outside. The following is my configuration. I'm still new at this so something is obviously wrong. Building configuration... Current configuration : 784 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BobRouter ! logging rate-limit console 10 except errors ! ip subnet-zero ! ! no ip finger ! ! ! ! interface Ethernet0/0 ip address dhcp ip nat outside half-duplex ! interface Serial0/0 no ip address shutdown ! interface BRI0/0 no ip address shutdown ! interface Ethernet0/1 ip address 192.168.0.6 255.255.255.0 ip nat inside half-duplex ! ip nat inside source list 100 interface Ethernet0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent no ip http server ! access-list 100 permit ip 192.0.0.0 0.0.0.255 any ! line con 0 transport input none line aux 0 line vty 0 4 ! no scheduler allocate end - Any help would be appreciated -- Bob Lepine MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19127&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cable Modem, DHCP & NAT [7:19106]
Tony, Is it still possible to do port forwarding with this config ? ""Tony Medeiros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here you go. It's called "easy IP". It's just NAT over a negotiated > interface. > http://www.cisco.com/warp/customer/793/access_dial/easyip.html > > Tony M > #6172 > > - Original Message - > From: "Bob Lepine" > To: > Sent: Saturday, September 08, 2001 5:44 AM > Subject: Cable Modem, DHCP & NAT [7:19106] > > > > Hi, I have a 2600 router and the latest software so I can get a DHCP > number > > from my service provider. I'm trying to configure the router so that I can > > put my static network on the inside. It accepts the DHCP number but I > can't > > get it to do the translation to the inside seeing that the outside number > is > > not a static number. Anyone have experience with this? > > Any help would be appreciated. > > > > > > -- > > Bob Lepine > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19128&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: easyip 2600 [7:19127]
You may want to take a look at your access list access-list 100 permit ip 192.0.0.0 0.0.0.255 any change to access-list 100 permit ip 192.168.0.0 0.0.0.255 any ""Bob Lepine"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, I've just been informed that easyip should work on my 2600 to get me to > resolve the inside to outside network with a dhcp number.(I'm using a cable > modem and am assigned a dynamic number) I'm trying to go from my inside > network to the outside. The following is my configuration. I'm still new at > this so something is obviously wrong. > Building configuration... > > Current configuration : 784 bytes > ! > version 12.1 > no service single-slot-reload-enable > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname BobRouter > ! > logging rate-limit console 10 except errors > ! > ip subnet-zero > ! > ! > no ip finger > ! > ! > ! > ! > interface Ethernet0/0 > ip address dhcp > ip nat outside > half-duplex > ! > interface Serial0/0 > no ip address > shutdown > ! > interface BRI0/0 > no ip address > shutdown > ! > interface Ethernet0/1 > ip address 192.168.0.6 255.255.255.0 > ip nat inside > half-duplex > ! > ip nat inside source list 100 interface Ethernet0/0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent > no ip http server > ! > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > ! > no scheduler allocate > end > - > Any help would be appreciated > > -- > Bob Lepine > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19129&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list and Port Scanner [7:19123]
nmap has "unfortunately" been ported to window$ by an excellent team, link? ; http://www.eeye.com/html/Research/Tools/index.html have fun =_= - Original Message - From: "Will Francis" To: Sent: Saturday, September 08, 2001 6:50 PM Subject: Access-list and Port Scanner [7:19123] > Hi Guys > > I'm currently looking at how secure are access-lists to act as a firewall. > Guy I'm having no luck at all finding a windows port scanner which is > similar to port scanners on Linux/Unix platform, for instance let say NMAP. > > Come on windows guys, however we wont get in to a conversation about > platforms "windows/Linux" here, just after a good port scanner. > > cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19130&t=19123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip precedence of GRE packets [7:19125]
>Is it possible to cause the IP precedence of a GRE packet to be the same as >the IP precedence of the packet which it encapsulates? A very interesting problem. Without researching it, I'd be inclined to say no on a Cisco router, unless you terminate the tunnel at each router hop, and then set precedence with a route map as you re-encapsulate it. In formal terms, you have to define the desired per-hop behavior (PHB) at each hop rather than end-to-end. There might be a really kludgy way to do it with BGP QoS Policy Propagation, if the destination addresses were different. You MIGHT be able to do it on a Bay/Nortel RS router, because it does allow the equivalent of access lists on pure byte strings. I _think_ the string match is long enough to reach the second IP header. Even if I could, I don't think I would. > >I have a client who is passing real-time as well as normal data over a 3DES >encrypted tunnel. I have had to resort to using separate >tunnels for the two data streams, but I consider this to be a sub-optimal >solution. But here's where I start to question. Why do you consider two tunnels to be suboptimal? I'd say the general consensus among MPLS traffic engineering people is to associate a priority with a tunnel, merge different flows of the same priority onto what is now called a "traffic trunk", then put the multipriority traffic back together at the egress. It's MUCH easier to do traffic engineering when the tunnel/trunk has a single priority. Remember that traffic engineering implies the reservation of bandwidth. > >For reference, I am using a 2621 at one end and a 3640 at the other with >12.1.5 images. > >This is a real world problem for me. Would this kind of thing possibly come >up on the CCIE R/S exams? > >Chris Read Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19131&t=19125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip precedence of GRE packets [7:19125]
Chris, I've tested that 4-5 months ago, on 2621 with 12.1T. TOS field is propagated from encapsulated packets into TOS of GRE packets. The same happens with IPSec tunnels; TOS from encrypted packets is copied into IPSec headers. Regards, Sasa Chris Read wrote: > > Is it possible to cause the IP precedence of a GRE packet to be the same as > the IP precedence of the packet which it encapsulates? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19132&t=19125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: easyip 2600 [7:19127]
Thanks for your help. You're right. I didn't watch that access list. I have a new configuration. I seem to be able to get out my router and ping the dhcp server as well as the name servers. But I have a connection to my e0/1 from my laptop which is 192.168.0.6. I can ping from my laptop to e0/1, but I can't ping from my laptop to e0/0. I'm not getting through the router. Any more suggestions? Here's my updated config 03:05:07: %SYS-5-CONFIG_I: Configured from console by consolen Building configuration... Current configuration : 810 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BobRouter ! logging rate-limit console 10 except errors ! ip subnet-zero ! ! no ip finger ! ! ! ! interface Ethernet0/0 ip address dhcp ip nat outside half-duplex ! interface Serial0/0 no ip address shutdown ! interface BRI0/0 no ip address shutdown ! interface Ethernet0/1 ip address 192.168.0.6 255.255.255.0 ip nat inside half-duplex ! router rip network 24.0.0.0 network 192.168.0.0 ! ip nat inside source list 100 interface Ethernet0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 no ip http server ! access-list 100 permit ip any any ! line con 0 transport input none line aux 0 line vty 0 4 ! no scheduler allocate end BobRouter# -- ""Wojtek Zlobicki"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You may want to take a look at your access list > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > change to > > access-list 100 permit ip 192.168.0.0 0.0.0.255 any > > ""Bob Lepine"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, I've just been informed that easyip should work on my 2600 to get me > to > > resolve the inside to outside network with a dhcp number.(I'm using a > cable > > modem and am assigned a dynamic number) I'm trying to go from my inside > > network to the outside. The following is my configuration. I'm still new > at > > this so something is obviously wrong. > > Building configuration... > > > > Current configuration : 784 bytes > > ! > > version 12.1 > > no service single-slot-reload-enable > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname BobRouter > > ! > > logging rate-limit console 10 except errors > > ! > > ip subnet-zero > > ! > > ! > > no ip finger > > ! > > ! > > ! > > ! > > interface Ethernet0/0 > > ip address dhcp > > ip nat outside > > half-duplex > > ! > > interface Serial0/0 > > no ip address > > shutdown > > ! > > interface BRI0/0 > > no ip address > > shutdown > > ! > > interface Ethernet0/1 > > ip address 192.168.0.6 255.255.255.0 > > ip nat inside > > half-duplex > > ! > > ip nat inside source list 100 interface Ethernet0/0 overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent > > no ip http server > > ! > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > ! > > line con 0 > > transport input none > > line aux 0 > > line vty 0 4 > > ! > > no scheduler allocate > > end > > - > > Any help would be appreciated > > > > -- > > Bob Lepine > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19133&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Boson Test 1 & 2 For CID Exam - - - How Good?????????? [7:19134]
Hi group, Just wondering how good the boson test would be in preparation for my CID exam? Any one with valuable clue and other exam last minute advice please you 2 cent is welcome. Regards. Oletu __ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19134&t=19134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One Journalist's Opinion of CCIE [7:18843]
Sorry, I haven't seen the movie Rainmaker. As for your experience in the Air National Guard--you know that experience doesn't mean that you never make bad judgements. I can think of several extremely seasoned pilots I know that have made really dumb judgement calls just because they've pushed the envelope before and not had any consequences. And sometimes, it's not even having pushed the envelope before that leads to stupid mistakes. One pilot I knew began flying during I believe it was the Korean war. He moved onto airlines and racked up several thousands of hours flying the friendly skies. He was also a seasoned aerobatic pilot having won several U.S. aerobatic championships and helped lead the US team to win a World Aerobatic Championship title. He and his wife wanted to sell their land in southern California. They hired a photographer to take pictures of their property. When the photographer didn't show up, this pilot grabbed his wife's biplane and in a tempermental state took pictures of his own property. Needless to say, distances looking through the lens of a camera are different than standard vision. He flew into a hill on his own property. I can't say that I as a young pilot compared to this veteran haven't made stupid mistakes, but I would take far fewer risks than he would. To every rule there is an exception--because people are individuals. Some are able to compensate. The best person you'll ever know is the person who says, "I don't know, but I'll find out." And then they do. THAT's what I mean when I say "My point is... experience doesn't always matter. Brilliance and the willingness to do a good job can compensate quite well for experience." -- Leigh Anne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > David L. Blair > Sent: Saturday, September 08, 2001 11:53 AM > To: [EMAIL PROTECTED] > Subject: Re: One Journalist's Opinion of CCIE [7:18843] > > > ""Leigh Anne Chisholm"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Actually, it's likely the lawyer fresh out of lawschool will do a better > job > > than the cratchety old lawyer that's had a few years to become jaded by > the > > system or to get an over-inflated view of themselves. The new > kid on the > > block has something to prove so he'll go that extra mile to do a superb > job. > > Reference the movie, "Rainmaker". > > > My point is... experience doesn't always matter. Brilliance and the > > willingness to do a good job can compensate quite well for experience. > > > Another example: > When I was in the Air National Guard flying in the backseat of > the F-4D Jet > Fighter, a similar phenomenon would happen. The rookie air > crews took some > risk due to inexperience and stupidity, but generally follow procedures > better than the experienced air crews who had long since realized that the > world would not end if a we rules were bent or broken. > > > "Through Complexity there is Simplicity, >Through Simplicity there is Complexity" > > David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19135&t=18843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cable Modem, DHCP & NAT [7:19106]
configuration using a single Ethernet interface, Easy IP is just for BRI ISDN. I'm not quite sure that Easy IP was what Bob was looking for. The sample NAT config included in that example though would apply if you applied the NAT config of the BRI to the Ethernet interface Bob's using to negotiate the IP address. BOB: Are you trying to do this using a single Ethernet interface, or two Ethernet interfaces? -- Leigh Anne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tony Medeiros > Sent: Saturday, September 08, 2001 10:41 AM > To: [EMAIL PROTECTED] > Subject: Re: Cable Modem, DHCP & NAT [7:19106] > > > Here you go. It's called "easy IP". It's just NAT over a negotiated > interface. > http://www.cisco.com/warp/customer/793/access_dial/easyip.html > > Tony M > #6172 > > - Original Message - > From: "Bob Lepine" > To: > Sent: Saturday, September 08, 2001 5:44 AM > Subject: Cable Modem, DHCP & NAT [7:19106] > > > > Hi, I have a 2600 router and the latest software so I can get a DHCP > number > > from my service provider. I'm trying to configure the router so > that I can > > put my static network on the inside. It accepts the DHCP number but I > can't > > get it to do the translation to the inside seeing that the > outside number > is > > not a static number. Anyone have experience with this? > > Any help would be appreciated. > > > > > > -- > > Bob Lepine > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19136&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list and Port Scanner [7:19123]
Thanks ""dlci_16"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > nmap has "unfortunately" been ported to window$ by an excellent team, > link? ; http://www.eeye.com/html/Research/Tools/index.html > have fun =_= > > > > - Original Message - > From: "Will Francis" > To: > Sent: Saturday, September 08, 2001 6:50 PM > Subject: Access-list and Port Scanner [7:19123] > > > > Hi Guys > > > > I'm currently looking at how secure are access-lists to act as a firewall. > > Guy I'm having no luck at all finding a windows port scanner which is > > similar to port scanners on Linux/Unix platform, for instance let say > NMAP. > > > > Come on windows guys, however we wont get in to a conversation about > > platforms "windows/Linux" here, just after a good port scanner. > > > > cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19137&t=19123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: UK DSL [7:19138]
hey, anyone found a decent UK BT DSL solution? what I am looking for is some kind of hardware firewall solution for the (aaauugh!!) USB connection you get (unless you have less sense than money - ie business enet presentation) I have looked at the linix solution, which doesn't really do if for me (no-one *dare* suugest m$), and am evaluating the BSD solution, which seems to work so far anyone who has done ths with h/w - cisco or other, I would be *very* interested in knowing - on/off list as you feel appropriate regards -andy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19138&t=19138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
anyone going to RIPE-40? [7:19139]
seems like a good time to meet up, for those who would like, will be there, etc. maybe see whether we can snag a meeting roomn for an hour or so .. ? - maybe we can grab HCB and/or other players... any comments, ideas, etc. welcome be nice, and maybe I can organize... ;-) let me know -a Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19139&t=19139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: anyone going to RIPE-40? [7:19139]
>seems like a good time to meet up, for those who would like, will be there, >etc. > >maybe see whether we can snag a meeting roomn for an hour or so .. ? - maybe >we can grab HCB and/or other players... > >any comments, ideas, etc. welcome > >be nice, and maybe I can organize... ;-) > >let me know > >-a > Normally, I would be there, but personal commitments keep me from traveling until after October 15. I should be at NANOG and IETF, and then the next RIPE. Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19140&t=19139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cable Modem, DHCP & NAT [7:19106]
Easy IP is just nat over a negoiated address. You make it work by calling out the interface, instead of a nat pool in your nat statment. Simple. It works on ISDN via PPP address asignment or ethernet via DHCP or BOOTP or even PPPoE. The example that I showed him is for ISDN. Tony - Original Message - From: "Leigh Anne Chisholm" To: "Tony Medeiros" ; ; "Bob Lepine" Sent: Saturday, September 08, 2001 2:45 PM Subject: RE: Cable Modem, DHCP & NAT [7:19106] > TONY: If I remember correctly, when I was trying to research this > configuration using a single Ethernet interface, Easy IP is just for BRI > ISDN. I'm not quite sure that Easy IP was what Bob was looking for. The > sample NAT config included in that example though would apply if you applied > the NAT config of the BRI to the Ethernet interface Bob's using to negotiate > the IP address. > > > BOB: Are you trying to do this using a single Ethernet interface, or two > Ethernet interfaces? > > > -- Leigh Anne > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Tony Medeiros > > Sent: Saturday, September 08, 2001 10:41 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Cable Modem, DHCP & NAT [7:19106] > > > > > > Here you go. It's called "easy IP". It's just NAT over a negotiated > > interface. > > http://www.cisco.com/warp/customer/793/access_dial/easyip.html > > > > Tony M > > #6172 > > > > - Original Message - > > From: "Bob Lepine" > > To: > > Sent: Saturday, September 08, 2001 5:44 AM > > Subject: Cable Modem, DHCP & NAT [7:19106] > > > > > > > Hi, I have a 2600 router and the latest software so I can get a DHCP > > number > > > from my service provider. I'm trying to configure the router so > > that I can > > > put my static network on the inside. It accepts the DHCP number but I > > can't > > > get it to do the translation to the inside seeing that the > > outside number > > is > > > not a static number. Anyone have experience with this? > > > Any help would be appreciated. > > > > > > > > > -- > > > Bob Lepine > > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19141&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: easyip 2600 [7:19127]
Bob, You really have to watch those configs :P The IP for Interface Eth 0/1 is 192.168.0.6 (a conflict with your laptop). I assume that you want it to be 192.168.0.1 (or whatever you want the gateway to be, make sure that you also set this gateway on your laptop_ ""Bob Lepine"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks for your help. You're right. I didn't watch that access list. I have > a new configuration. I seem to be able to get out my router and ping the > dhcp server as well as the name servers. But I have a connection to my e0/1 > from my laptop which is 192.168.0.6. I can ping from my laptop to e0/1, but > I can't ping from my laptop to e0/0. I'm not getting through the router. Any > more suggestions? > > Here's my updated config > 03:05:07: %SYS-5-CONFIG_I: Configured from console by consolen > Building configuration... > > Current configuration : 810 bytes > ! > version 12.1 > no service single-slot-reload-enable > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname BobRouter > ! > logging rate-limit console 10 except errors > ! > ip subnet-zero > ! > ! > no ip finger > ! > ! > ! > ! > interface Ethernet0/0 > ip address dhcp > ip nat outside > half-duplex > ! > interface Serial0/0 > no ip address > shutdown > ! > interface BRI0/0 > no ip address > shutdown > ! > interface Ethernet0/1 > ip address 192.168.0.6 255.255.255.0 > ip nat inside > half-duplex > ! > router rip > network 24.0.0.0 > network 192.168.0.0 > ! > ip nat inside source list 100 interface Ethernet0/0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 > no ip http server > ! > access-list 100 permit ip any any > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > ! > no scheduler allocate > end > > BobRouter# > > -- > ""Wojtek Zlobicki"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > You may want to take a look at your access list > > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > > change to > > > > access-list 100 permit ip 192.168.0.0 0.0.0.255 any > > > > ""Bob Lepine"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi, I've just been informed that easyip should work on my 2600 to get me > > to > > > resolve the inside to outside network with a dhcp number.(I'm using a > > cable > > > modem and am assigned a dynamic number) I'm trying to go from my inside > > > network to the outside. The following is my configuration. I'm still new > > at > > > this so something is obviously wrong. > > > Building configuration... > > > > > > Current configuration : 784 bytes > > > ! > > > version 12.1 > > > no service single-slot-reload-enable > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname BobRouter > > > ! > > > logging rate-limit console 10 except errors > > > ! > > > ip subnet-zero > > > ! > > > ! > > > no ip finger > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0/0 > > > ip address dhcp > > > ip nat outside > > > half-duplex > > > ! > > > interface Serial0/0 > > > no ip address > > > shutdown > > > ! > > > interface BRI0/0 > > > no ip address > > > shutdown > > > ! > > > interface Ethernet0/1 > > > ip address 192.168.0.6 255.255.255.0 > > > ip nat inside > > > half-duplex > > > ! > > > ip nat inside source list 100 interface Ethernet0/0 overload > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent > > > no ip http server > > > ! > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > ! > > > line con 0 > > > transport input none > > > line aux 0 > > > line vty 0 4 > > > ! > > > no scheduler allocate > > > end > > > - > > > Any help would be appreciated > > > > > > -- > > > Bob Lepine > > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19142&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: easyip 2600 [7:19127]
Furthermore ... I really would suggest against running rip on the external interface, you may bugger things up for other users running routers. ""Bob Lepine"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks for your help. You're right. I didn't watch that access list. I have > a new configuration. I seem to be able to get out my router and ping the > dhcp server as well as the name servers. But I have a connection to my e0/1 > from my laptop which is 192.168.0.6. I can ping from my laptop to e0/1, but > I can't ping from my laptop to e0/0. I'm not getting through the router. Any > more suggestions? > > Here's my updated config > 03:05:07: %SYS-5-CONFIG_I: Configured from console by consolen > Building configuration... > > Current configuration : 810 bytes > ! > version 12.1 > no service single-slot-reload-enable > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname BobRouter > ! > logging rate-limit console 10 except errors > ! > ip subnet-zero > ! > ! > no ip finger > ! > ! > ! > ! > interface Ethernet0/0 > ip address dhcp > ip nat outside > half-duplex > ! > interface Serial0/0 > no ip address > shutdown > ! > interface BRI0/0 > no ip address > shutdown > ! > interface Ethernet0/1 > ip address 192.168.0.6 255.255.255.0 > ip nat inside > half-duplex > ! > router rip > network 24.0.0.0 > network 192.168.0.0 > ! > ip nat inside source list 100 interface Ethernet0/0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 > no ip http server > ! > access-list 100 permit ip any any > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > ! > no scheduler allocate > end > > BobRouter# > > -- > ""Wojtek Zlobicki"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > You may want to take a look at your access list > > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > > change to > > > > access-list 100 permit ip 192.168.0.0 0.0.0.255 any > > > > ""Bob Lepine"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi, I've just been informed that easyip should work on my 2600 to get me > > to > > > resolve the inside to outside network with a dhcp number.(I'm using a > > cable > > > modem and am assigned a dynamic number) I'm trying to go from my inside > > > network to the outside. The following is my configuration. I'm still new > > at > > > this so something is obviously wrong. > > > Building configuration... > > > > > > Current configuration : 784 bytes > > > ! > > > version 12.1 > > > no service single-slot-reload-enable > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname BobRouter > > > ! > > > logging rate-limit console 10 except errors > > > ! > > > ip subnet-zero > > > ! > > > ! > > > no ip finger > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0/0 > > > ip address dhcp > > > ip nat outside > > > half-duplex > > > ! > > > interface Serial0/0 > > > no ip address > > > shutdown > > > ! > > > interface BRI0/0 > > > no ip address > > > shutdown > > > ! > > > interface Ethernet0/1 > > > ip address 192.168.0.6 255.255.255.0 > > > ip nat inside > > > half-duplex > > > ! > > > ip nat inside source list 100 interface Ethernet0/0 overload > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent > > > no ip http server > > > ! > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > ! > > > line con 0 > > > transport input none > > > line aux 0 > > > line vty 0 4 > > > ! > > > no scheduler allocate > > > end > > > - > > > Any help would be appreciated > > > > > > -- > > > Bob Lepine > > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19143&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cable Modem, DHCP & NAT [7:19106]
So if I understand this, I can make this work on any model router. Basically, what I am trying to do is to use the ip address that I get via DHCP from my cable modem provider to get to my inside network at home. So if I use a 2514 router that has 2 ethernets, can I configure one to get the ip from the service provider and use the other one to get to my inside network? Is this possible. Has anyone ever actually got a router to work this way? Thank you for your help. Kind regards >From: "Tony Medeiros" >Reply-To: "Tony Medeiros" >To: [EMAIL PROTECTED] >Subject: Re: Cable Modem, DHCP & NAT [7:19106] >Date: Sat, 8 Sep 2001 20:25:36 -0400 > >Easy IP is just nat over a negoiated address. You make it work by calling >out the interface, instead of a nat pool in your nat statment. Simple. It >works on ISDN via PPP address asignment or ethernet via DHCP or BOOTP or >even PPPoE. The example that I showed him is for ISDN. > >Tony > >- Original Message - >From: "Leigh Anne Chisholm" >To: "Tony Medeiros" ; ; "Bob >Lepine" >Sent: Saturday, September 08, 2001 2:45 PM >Subject: RE: Cable Modem, DHCP & NAT [7:19106] > > > > TONY: If I remember correctly, when I was trying to research this > > configuration using a single Ethernet interface, Easy IP is just for BRI > > ISDN. I'm not quite sure that Easy IP was what Bob was looking for. The > > sample NAT config included in that example though would apply if you >applied > > the NAT config of the BRI to the Ethernet interface Bob's using to >negotiate > > the IP address. > > > > > > BOB: Are you trying to do this using a single Ethernet interface, or two > > Ethernet interfaces? > > > > > > -- Leigh Anne > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Tony Medeiros > > > Sent: Saturday, September 08, 2001 10:41 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Cable Modem, DHCP & NAT [7:19106] > > > > > > > > > Here you go. It's called "easy IP". It's just NAT over a negotiated > > > interface. > > > http://www.cisco.com/warp/customer/793/access_dial/easyip.html > > > > > > Tony M > > > #6172 > > > > > > - Original Message - > > > From: "Bob Lepine" > > > To: > > > Sent: Saturday, September 08, 2001 5:44 AM > > > Subject: Cable Modem, DHCP & NAT [7:19106] > > > > > > > > > > Hi, I have a 2600 router and the latest software so I can get a DHCP > > > number > > > > from my service provider. I'm trying to configure the router so > > > that I can > > > > put my static network on the inside. It accepts the DHCP number but I > > > can't > > > > get it to do the translation to the inside seeing that the > > > outside number > > > is > > > > not a static number. Anyone have experience with this? > > > > Any help would be appreciated. > > > > > > > > > > > > -- > > > > Bob Lepine misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19144&t=19106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router as name server?? [7:19146]
Hi List! Is there any way of making a router act as a name server for the host names that are configured on it by the "ip host" command?? I would like to enter the hostnames of all routers of a network only on the central router and have it resolve the names for the other routers, instead of having to enter the "ip host" commands in every router or using a real dns server. Is that possible?? Regards, ER Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19146&t=19146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: easyip 2600 [7:19127]
Thanks for the help Wojtek, Oops, It was the typing that was wrong. I can ping from my laptop to the e0/1 interface. I'm having a hard time reaching the e0/0 interface. I enable rip to see if it would take my packets through the router. You are suggesting I take it off? Just do the routes static? I appreciate your help. Thanks Bob ""Wojtek Zlobicki"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Bob, > > You really have to watch those configs :P > > The IP for Interface Eth 0/1 is 192.168.0.6 (a conflict with your laptop). I > assume that you want it to be 192.168.0.1 (or whatever you want the gateway > to be, make sure that you also set this gateway on your laptop_ > > > ""Bob Lepine"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks for your help. You're right. I didn't watch that access list. I > have > > a new configuration. I seem to be able to get out my router and ping the > > dhcp server as well as the name servers. But I have a connection to my > e0/1 > > from my laptop which is 192.168.0.6. I can ping from my laptop to e0/1, > but > > I can't ping from my laptop to e0/0. I'm not getting through the router. > Any > > more suggestions? > > > > Here's my updated config > > 03:05:07: %SYS-5-CONFIG_I: Configured from console by consolen > > Building configuration... > > > > Current configuration : 810 bytes > > ! > > version 12.1 > > no service single-slot-reload-enable > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname BobRouter > > ! > > logging rate-limit console 10 except errors > > ! > > ip subnet-zero > > ! > > ! > > no ip finger > > ! > > ! > > ! > > ! > > interface Ethernet0/0 > > ip address dhcp > > ip nat outside > > half-duplex > > ! > > interface Serial0/0 > > no ip address > > shutdown > > ! > > interface BRI0/0 > > no ip address > > shutdown > > ! > > interface Ethernet0/1 > > ip address 192.168.0.6 255.255.255.0 > > ip nat inside > > half-duplex > > ! > > router rip > > network 24.0.0.0 > > network 192.168.0.0 > > ! > > ip nat inside source list 100 interface Ethernet0/0 overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 > > no ip http server > > ! > > access-list 100 permit ip any any > > ! > > line con 0 > > transport input none > > line aux 0 > > line vty 0 4 > > ! > > no scheduler allocate > > end > > > > BobRouter# > > > > -- > > ""Wojtek Zlobicki"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > You may want to take a look at your access list > > > > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > > > > change to > > > > > > access-list 100 permit ip 192.168.0.0 0.0.0.255 any > > > > > > ""Bob Lepine"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi, I've just been informed that easyip should work on my 2600 to get > me > > > to > > > > resolve the inside to outside network with a dhcp number.(I'm using a > > > cable > > > > modem and am assigned a dynamic number) I'm trying to go from my > inside > > > > network to the outside. The following is my configuration. I'm still > new > > > at > > > > this so something is obviously wrong. > > > > Building configuration... > > > > > > > > Current configuration : 784 bytes > > > > ! > > > > version 12.1 > > > > no service single-slot-reload-enable > > > > service timestamps debug uptime > > > > service timestamps log uptime > > > > no service password-encryption > > > > ! > > > > hostname BobRouter > > > > ! > > > > logging rate-limit console 10 except errors > > > > ! > > > > ip subnet-zero > > > > ! > > > > ! > > > > no ip finger > > > > ! > > > > ! > > > > ! > > > > ! > > > > interface Ethernet0/0 > > > > ip address dhcp > > > > ip nat outside > > > > half-duplex > > > > ! > > > > interface Serial0/0 > > > > no ip address > > > > shutdown > > > > ! > > > > interface BRI0/0 > > > > no ip address > > > > shutdown > > > > ! > > > > interface Ethernet0/1 > > > > ip address 192.168.0.6 255.255.255.0 > > > > ip nat inside > > > > half-duplex > > > > ! > > > > ip nat inside source list 100 interface Ethernet0/0 overload > > > > ip classless > > > > ip route 0.0.0.0 0.0.0.0 Ethernet0/0 permanent > > > > no ip http server > > > > ! > > > > access-list 100 permit ip 192.0.0.0 0.0.0.255 any > > > > ! > > > > line con 0 > > > > transport input none > > > > line aux 0 > > > > line vty 0 4 > > > > ! > > > > no scheduler allocate > > > > end > > > > - > > > > Any help would be appreciated > > > > > > > > -- > > > > Bob Lepine > > > > MCSE,MCDBA,CNA,CCNA,MCT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19145&t=19127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations
RE: One Journalist's Opinion of CCIE [7:18843]
Sorry to be adding to the thread given the large amount of verbiage, but... Guys (gals inferred). Seriously, the certifications are only a validation of one's abilities to pass a test on the specific materials on that certification's exams. Yes, this chap may have gone too far on the CCIE per se, but the reality is that one does not need to know everything to get through the lab. His point, I hope, is that hiring on certifications is about as valuable as hiring on degrees based on the school. Is Yale better than Harvard or Stanford? Maybe, but each has dismissed their share of idiots and geniuses. As such, it would be wrong to make a jump of logic that all CCIEs are valuable to all organizations, just as someone saying an uncertified person is worthless. My only request is that we take the position to heart with a grain of salt, and remember that the certification(s) only represent a part of the person. I, for one, do not introduce myself based on the letters representing my certifications - I introduce me and my abilities, and I would hope that the rest of this group would too. Thanks. --- adam lee wrote: > I think the author was either being sarcastic or is > just uninformed of what > technology really is. I feel bad that I even wasted > this much bandwidth > discussing it. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Don Claybrook > Sent: Thursday, September 06, 2001 11:32 AM > To: [EMAIL PROTECTED] > Subject: One Journalist's Opinion of CCIE [7:18843] > > > I just ran across this one in Fortune Small > Business. Below is an excerpt. > The journalist (Larry Seltzer) is attempting to give > tips on how to hire > technical consultants to do work for your small > business. He's talking > about > how certifications aren't as important as one might > think: > > "When looking for qualified help, don't read too > much into a consultant's > alphabet soup of certifications. They don't signify > ability, just as my > political science degree doesn't make me your next > President. Terms like > CCIE > (Cisco Certified Internetwork Expert) indicate only > successful completion of > the program and minimal competence in the product." > > I wish I knew this guy's email address. Anyway, I > thought the group might > get > a kick out of it. Here's the link in case you want > to read the whole thing: > http://netbusiness.netscape.com/fsb/features/sp_f_090601_1.psp > > Don Claybrook > CCNP, CCDP (but not yet up to the minimal competence > level of CCIE) [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19147&t=18843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is there any good books recommanded for lower 2 layers [7:19148]
Thank u for ur reference. But I think there should also be some wireless telecom tech and I think it is very important, while Cisco's document someone recommanded is quite old. By the way, any one had idea of Cisco's C&S CCIE track? Is it a replacement of the old WAN or something? How about Juniper's JNCIE? Thank u all again By the way, I'd check the book list of both Cisco and Juniper. Some of them are the same. The unfortune is I can't find all of them in China bookstores. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19148&t=19148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FATPIPE XTREME [7:19149]
I would like to load balance 3 DSL circuits. Has anybody use this software ? Is it any good ? I would appreicate any help Thanks, Steven V. Snead, MCSE, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19149&t=19149 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip precedence of GRE packets [7:19125]
I think it is possible to have the GRE tunnel packets have the same IP precedence (or DSCP) as the encapsulated packets. I happened to run into a document that talked about this for VPNs that are built on GRE tunnels. Check this out: http://www.cisco.com/warp/public/cc/pd/iosw/iore/iomjre12/prodlit/816_pb.htm Search for GRE Precedence in that document. It might do what you're talking about. I think there are some other documents that discuss this also if you search at Cisco's site for IP Precedence or DSCP. Priscilla At 01:54 PM 9/8/01, Chris Read wrote: >Is it possible to cause the IP precedence of a GRE packet to be the same as >the IP precedence of the packet which it encapsulates? > >I have a client who is passing real-time as well as normal data over a 3DES >encrypted tunnel. I have had to resort to using separate >tunnels for the two data streams, but I consider this to be a sub-optimal >solution. > >For reference, I am using a 2621 at one end and a 3640 at the other with >12.1.5 images. > >This is a real world problem for me. Would this kind of thing possibly come >up on the CCIE R/S exams? > >Chris Read Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19150&t=19125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Regarding hubs in labs... [7:19151]
I currently own 6 routers and two switches...however I was told I would need regular hubs to create seperate networks...now can I use a regular switch like netgear 10/100 or do I really need a hub?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19151&t=19151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix, nat, and OWA [7:19152]
our pix is running nat, and i want to put an outlook web access server on a dmz interface. however, all the netbios communication to the domain controllers and exchange servers seems like it is going to require a whole lot of static/conduits and a serious lmhosts file. bottom line: is there a way to enable nat just for inside addresses going outside? it seems that nat is an all or nothing set up. i'd like to run nat just on the internet interface. thanks, gordon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19152&t=19152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New to CCNP [7:18933]
I would do the one you have the most familiarity with already, confidence building is a good thing.. Brian "Sonic" Whalen Success = Preparation + Opportunity On Fri, 7 Sep 2001, Tel Khan wrote: > Hi guys i passed my CCNA 2.0, i would like to know which topic i should > cover 1st? i think i should cover the Routing topic 1st. > > Can someone please come back to me on this. > > Kind reagrds > Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19153&t=18933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is there any good books recommanded for lower 2 layers [7:19155]
If you can't find them in China bookstores, can you order them online and have them shipped to your home? - Original Message - From: "thinkworker" To: Sent: Saturday, September 08, 2001 6:53 PM Subject: Re: Is there any good books recommanded for lower 2 layers [7:19148] > Thank u for ur reference. But I think there should also be some > wireless telecom tech and I think it is very important, while Cisco's > document someone recommanded is quite old. > > By the way, any one had idea of Cisco's C&S CCIE track? Is it > a replacement of the old WAN or something? How about Juniper's JNCIE? > > Thank u all again > By the way, I'd check the book list of both Cisco and Juniper. > Some of them are the same. The unfortune is I can't find all of them in > China bookstores. > > > [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19155&t=19155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list question [7:19005]
Given that there is an implied deny at the end, and there are 2 deny statements in the list, my opinion about the result would be a basically useless interface, at least in whichever direction you choose to apply this :) Brian "Sonic" Whalen Success = Preparation + Opportunity On Fri, 7 Sep 2001, [EMAIL PROTECTED] wrote: > any one know what will be the result of it > its an inbound acl > > access-list 100 deny ip 224.0.0.0 31.255.255.255 any > access-list 100 deny ip host 0.0.0.0 any Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19156&t=19005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: yes,vtp can span router,cont [7:18892]
I think you are mistaken, VTP didn't go over a router, it went over a bridge !! :-) If I replace the 8510 with another switch, it has the same effect ""Guest"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > yestoday,i setup a lab environment:using 8510,2924xl,3548xl and a pc as > sniffer. > 2924xl(0/24)hub--(0/0/1)8510(0/0/0)3548xl >| >| > pc(sniffer) > > the first , i am using isl encapsulation in 2924 and 3548,vtp > domain:test, > 3548 is vtp server and 2924 is vtp client,disable the cdp > ** > 2924 > interface FastEthernet0/24 > description link to 8510 > switchport trunk encapsulation dot1q > switchport mode trunk > no cdp enable > > 3548 > interface FastEthernet0/48 > switchport trunk encapsulation dot1q > switchport mode trunk > > no cdp run > > in 8510,i just set up a simple bridge,nothing else: > interface FastEthernet0/0/0 > no ip address > no ip directed-broadcast > bridge-group 1 > ! > interface FastEthernet0/0/1 > no ip address > no ip directed-broadcast > bridge-group 1 > > bridge 1 protocol ieee > > > then a add a vlan in the 3548,ok,in 2924,i find the vlan i created in > 3548,the vtp is span to the 2924 > > the second ,I change 2924 and 3548's trunk encapsulation to dot1q,and > change both native to vlan 2 > the result is same. > > at last ,for 8510 does not support support bridging between supinterface > encap dot1q,i change the encap to isl ,and > i roll the sequence of bridging. > > > interface FastEthernet0/0/0.1 > encapsulation isl 1 > no ip redirects > no ip directed-broadcast > bridge-group 1 > ! > interface FastEthernet0/0/0.2 > encapsulation isl 2 > no ip redirects > no ip directed-broadcast > bridge-group 2 > > nterface FastEthernet0/0/1.1 > encapsulation isl 1 > no ip redirects > no ip directed-broadcast > bridge-group 2 > ! > interface FastEthernet0/0/1.2 > encapsulation isl 2 > no ip redirects > no ip directed-broadcast > bridge-group 1 > > out of my thought,the vtp can still span from the 3548 to 2924, > i check the packet captured by the sniffer,and find the reason, > the vtp is always send out from the vlan 1,is independ from the native > vlan, > and in the third lab,the 2924 received the vtp messages from vlan 2,it > also > can identify the vtp info. > > i don't know how to output the sniffer captured packet to txt > format,anyone who interest about > it can send you the packet ,or someone who knows the way can tell me > howto output txt format. > > thanks for everyone here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19157&t=18892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Privilege Level command driving me nuts!! [7:19158]
Hi,I am trying to configure privilege exec level commands on my router but am going nuts at the output of these commands:Basically, here is what I have configured:#enable secret level 3 cisco! #privilege exec level 3 ping#privilege exec level 3 traceroute#privilege exec level 3 show ip route#privilege exec level 3 show startup-configuration#privilege exex level 3 show running-configuration!# When I do a log in using enable secret level 3, I can get the output of the #sh star command but not of the #sh ru command?Also, when I do a sh ru on the router using regular privilege level(15), I see 2 additional commands automatically configured for me:#privilege exec level 1 show#privilege exec level 1 show ip It will NOT let me remove these 2 commands nor will it let me change this to privilege level 3.Nor will it let me remove any individual commands!!What's going on? Any ideas? Thank you for your help.Kind regards.Nuts!! Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19158&t=19158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Privilege Level command driving me nuts!! [7:19158]
You can reset a command to its normal priv level using the format privilege exec reset put_the_entire_command_here Configuring privilege levels for commands on a router can be very frustrating. It also doesn't scale well in a medium to large network. The best production method I have found is to use TACACS. You can assign all users privilege level 15 and allow or deny commands at the user or group level. In my testing (it has been 9 months or so, this may have changed), the user must be at privilege level 15 in order to receive valid output from the show running-configuration command. It will return a blank configuration if the user is not at privilege level 15. Jeff. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Nuts Sent: Sunday, September 09, 2001 12:59 AM To: [EMAIL PROTECTED] Subject: Privilege Level command driving me nuts!! [7:19158] Hi,I am trying to configure privilege exec level commands on my router but am going nuts at the output of these commands:Basically, here is what I have configured:#enable secret level 3 cisco! #privilege exec level 3 ping#privilege exec level 3 traceroute#privilege exec level 3 show ip route#privilege exec level 3 show startup-configuration#privilege exex level 3 show running-configuration!# When I do a log in using enable secret level 3, I can get the output of the #sh star command but not of the #sh ru command?Also, when I do a sh ru on the router using regular privilege level(15), I see 2 additional commands automatically configured for me:#privilege exec level 1 show#privilege exec level 1 show ip It will NOT let me remove these 2 commands nor will it let me change this to privilege level 3.Nor will it let me remove any individual commands!!What's going on? Any ideas? Thank you for your help.Kind regards.Nuts!! Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19160&t=19158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trouble with ISAKMP using hostnames rather than addresses [7:19161]
Hello all: I am having problems configuring Ipsec with ISAKMP with preshared keys, when I am using hostnames, when the keys are linked to hostnames, rather than addresses. Here is what I have observed * When I link the Isakmp key to an address of the peer router, everything works cool - the ISAKMP SA is built, the Ipsec SA is built, and traffic goes through fine. * The routers can discover each other through hostnames just fine, because I have set up the ip host lists to do so. For example, router A can ping router B using its hostname (b.office.com) because I have set up ip host lists linked to the addresses of all routers. So, when I'm sitting at router A, I can type the command "ping b.office.com" and it works fine. * Then I try to use ISAKMP, where the preshared keys are linked to hostnames, not addresses. For example, I got the commands "crypto isakmp key myisakmpkey hostname a.office.com" and "crypto isakmp identity hostname", just like what the documentation says to do. But now, Ipsec doesn't work. Every time I invoke traffic that matches the ipsec access-list, the Isakmp SA is never built. I do "debug crypto isakmp", and I see the following error: 1w3d: ISAKMP: received ke message (1/1) 1w3d: ISAKMP: local port 500, remote port 500 1w3d: ISAKMP (0:1): No Cert or pre-shared address key. 1w3d: ISAKMP (0:1): Can not start Main mode 1w3d: ISAKMP: 10.1.1.253 not in host cache 1w3d: ISAKMP (0:1): Can not start aggressive mode. 1w3d: ISAKMP (0:1): purging SA. 1w3d: ISAKMP (0:1): purging node 1802417347 Then, when I change the ISAKMP key to link it back to an address, not a hostname, everything's cool again. So basically I conclude that the key is not properly linking to the hostname (even though the hostname is linked to the proper address via an ip host statement). Has anybody else ever encountered this problem? I have tried this on 12.2(T) and 12.1(T) with the same results. Anybody find some kind of workaround? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19161&t=19161 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP seq changed when cross Cisco PIX 525 [7:18764]
Thank you a lot ! toly -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 4:44 PM To: [EMAIL PROTECTED] Subject: RE: TCP seq changed when cross Cisco PIX 525 [7:18764] The PIX automatically randomizes TCP sequence numbers to prevent TCP session hijacking. You can turn this feature off if you want, but its a useful feature if you have servers that do not perform their own sequence randomization. (see the cisco PIX docs 'static' command for more info) HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anatoly Shein Sent: Wednesday, September 05, 2001 11:49 PM To: [EMAIL PROTECTED] Subject: TCP seq changed when cross Cisco PIX 525 [7:18764] Hi I was encountered with strange situation. Probably one of your can help/heard about something alike. Problem description: There is sun machine connected to pair of Cisco PIX 525 On sun there is software sent TCP SYN probe packets with sequence number starts from 1 and increments for each packet. packets sent 1 for 50 mili seconds When packet cross router the sequence number is changed. This change is consistent for one set of packets but is not for subsequent set of packets for example : before ciscoafter cisco 1. TCP syn seq = 1 seq = 1 + x 2. TCP syn seq = 2 seq = 2 + x 3. TCP syn seq = 3 seq = 3 + x FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19163&t=18764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP seq changed when cross Cisco PIX 525 [7:18764]
Hi I'm not worried about hackers, the sending probe machine is not configured to receive any packet of this port. Actually probe is not sent via TCP stack, but using raw socket Therefore any hackers attempt to sent me packet will be answered with RST frame. Also I don't see any disadvantages of seq=1, it is easy to guess what is the next seq number also if you start from 342353122, for example. seq can be easy computed as seq next = seq + len + ( ( SYN | FIN ) & flags ) ? 1 : 0; Am I wrong ? toly -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 6:49 AM To: [EMAIL PROTECTED] Subject: Re: TCP seq changed when cross Cisco PIX 525 [7:18764] Always starting with TCP sequence number 1 is a bad thing. It makes it easy for a hacker to guess what the sequence number is and insert himself into a connection establishment. So PIX and other firewalls let you randomize the starting sequence number for TCP implementations that don't already do this. Priscilla At 02:48 AM 9/6/01, Anatoly Shein wrote: >Hi >I was encountered with strange situation. >Probably one of your can help/heard about something alike. > >Problem description: >There is sun machine connected to pair of Cisco PIX 525 >On sun there is software sent TCP SYN probe packets >with sequence number starts from 1 and increments for each packet. >packets sent 1 for 50 mili seconds >When packet cross router the sequence number is changed. >This change is consistent for one set of packets but is not >for subsequent set of packets > >for example : >before ciscoafter cisco >1. TCP syn seq = 1 seq = 1 + x >2. TCP syn seq = 2 seq = 2 + x >3. TCP syn seq = 3 seq = 3 + x >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19162&t=18764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: incorrect TCP checksum [7:16776]
Hi I found article regarding this topic. It is not very useful to know how to solve the problem but "puts a led on" -- the problem exists and is not easy to be solved and even to be investigated. Any way, it was very interesting reading. http://www.acm.org/sigcomm/sigcomm2000/conf/abstract/9-1.htm toly -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: RE: incorrect TCP checksum [7:16776] What is reporting the TCP checksum error? I'm just wondering. Is it an OS error report? It is probably either the sender or the receiver causing the problem as far as I can tell. Routers shouldn't have any effect. They don't change or check the TCP checksum, under normal circumstances. There is one other thing to consider, which is NAT. The TCP checksum is based on the TCP header and data as well as the "pseudo header." The pseudo header grabs data from the IP layer, including the source and destination addresses. If these fields are getting changed by NAT and the TCP checksum isn't recalculated or is recalculated incorrectly, you could have a problem. Regarding whether a protocol analyzer captures bad packets, it depends on the driver. Most drivers trash frames with a bad data-link-layer CRC. You need a special driver to capture these with an analyzer. I don't the answer for your particular situation. Good luck. This is a difficult problem. Please let us know what you find out! Thanks. Priscilla At 03:55 PM 8/22/01, Anatoly Shein wrote: >Hi >Thank you for full answer. >Actually it is not academic question. >I found this in many sites and it looks to be similar problem. >My interest is this specific problem, because despite of the other kind of >retransmissions >I can't be sure in the reason of wrong TCP checksum. Also the problem is >that if frame was damaged, >as you said, CRC will found it and will not pass the frame to the next hop. >the problem with TCP is that I'm not sure that even routers checks TCP check >sum >It heard reasonable that they just fix the TCP check sum according to >incremental recalculation. >probably you know is it true and for what kind of devices. >Actually my goal is find a couple of questions that could point to the fault >machine, >i.e. bound the range of the suspect devices by simple analyzing. >Something like it couldn't be my firewall because I have Cisco switch >between that checks TCP checksum and not >just recalculate it. > >Also I have additional question according to your answer. >Is damaged frame with inappropriate CRC heard by sniffer implemented on >Solaris DLPI or device driver throw it ? >In the other words should I see damaged frames using regular snoop ? > >Just before several minutes I found bug in Win 2000 ( it is not sounds >strange :-) ) >"Host May Send Packet with an Incorrect TCP Checksum" >http://support.microsoft.com/support/kb/articles/Q271/7/08.ASP >according to their problem description it happens in TIME_WAIT TCP state. >Actually it is not a problem because if TCP in TIME_WATE all data was >successfully sent >But a most of "my TCP wrong packets" are in the middle of the link. >In HTTP traffic there is several in the frame contains request line >but there is a part in the middle of the data transfer - a simple ACK from >client > >Thank you in advance > >toly > >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 22, 2001 7:45 PM >To: [EMAIL PROTECTED] >Subject: Re: incorrect TCP checksum [7:16776] > > >Is this an academic question or are you actually seeing TCP checksum >errors? I have never seen a TCP checksum error, so I wondered. Well, I have >seen them when people change the data in Sniffer traces without >recalculating the checksum, but that's not "real world." > >In answer to your question, TCP checksum errors would have to be a software >bug, or possibly firmware bug if TCP were implemented in firmware. > >If the frame gets damaged in transit, it gets trashed by the recipient >because the data-link-layer CRC isn't right. If the routing process or IP >implementation trashes the frame, then the IP checksum won't be right and >TCP trashes the frame. > >If the frame gets all the way to TCP and ends up with a checksum error, >then software at the TCP layer damaged it. > >I think your real question might be what is causing TCP retransmissions? >TCP transmissions can result from errors at any layer that caused a frame >or an acknowledgement to not reach the intended recipient. TCP >retransmissions are much more likely to result from the following potential >errors than from a TCP checksum error: > >Frames getting damaged in transit and getting trashed > Issue a show int and check reliability and CRC error rates > If Ethernet, check for excessive collisions, duplex mismatch >problems > >Routers or switches dropping frames due to buffer overflows > Issue a sh
94%? that's possible! ;) [7:19165]
Hello, colleges! The last week was so hard, but this doesn't matter because I passed CCIE Written exam with 94%. ;) Well, last minutes of test I had known my success, but I was impressed of this percentage when I press last button. ;) This test was not so hard for me, especially I should notice accuracy of questions and fair of choices. A lot of questions was too tricky, but all what you need is only attention. Personally, I haven't problem with that. I have 6 years cisco hardware experience, I took my CCNA 3 years ago, and completed my CCNP/CCDP last year. I do my networking job every day, and I love that (isn't this reason for success? ;). But of course some useful things, books, webs help me a lot. Jeff Doyle, Caslow, Halabi - you shouldn't miss this. Boson preparation tests are useful too. Sybex CCIE guide is a nice blueprint for methodical study (but there's a lot of errors and lacks in some topics). In my opinion, for ccie written you must understand basic routing and bridging technologies inside and out, that's a big deal. That's not very cisco specific or hardware oriented exam (well, some questions are specific, but few of). You should memorize some hex values, but don't worry about that, because of lot of cramnotes on the web consist all you need. ;) Actually, all tips and url's are in this mail list already, but I want put this one: http://www.heinzulm.com/test.html There's bunch of questions. No answers. Good questions for feel yourself ccie prepared. ;) Try it. Okay, now it's time for lab. Let's look how I'm _really_ good. ;) >From Russia but with love. Vladivostok city, Russia. - Alexey Yashin, CCNP, CCDP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19165&t=19165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One Journalist's Opinion of CCIE [7:18843]
The reality is no one knows everything. Why single out the CCIE in an article unless he doesn't know what he's talking about? Especially, since the CCIE is one of the hardest certs to obtain. Ask anyone who has taken the lab. His advice to go online to research a problem is pure stupidity. How can you go online to find out what's wrong if you don't know how to identify what's wrong? Identify a specific vendor to research? If a businessman doesn't have a service contract with the venfor for the product he's probably not a very smart businessman. There's a pretty good chance that if someone is from a recognized program from Harvard, Yale, or Stanford is going to be hired over someone from the University of BFE if that gpas are the same. Whether that job can be kept is another story. You are right, certs are only a part of the equation. I wasted way too much time and bandwidth on this e-mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Padjen Sent: Saturday, September 08, 2001 6:44 PM To: [EMAIL PROTECTED] Subject: RE: One Journalist's Opinion of CCIE [7:18843] Sorry to be adding to the thread given the large amount of verbiage, but... Guys (gals inferred). Seriously, the certifications are only a validation of one's abilities to pass a test on the specific materials on that certification's exams. Yes, this chap may have gone too far on the CCIE per se, but the reality is that one does not need to know everything to get through the lab. His point, I hope, is that hiring on certifications is about as valuable as hiring on degrees based on the school. Is Yale better than Harvard or Stanford? Maybe, but each has dismissed their share of idiots and geniuses. As such, it would be wrong to make a jump of logic that all CCIEs are valuable to all organizations, just as someone saying an uncertified person is worthless. My only request is that we take the position to heart with a grain of salt, and remember that the certification(s) only represent a part of the person. I, for one, do not introduce myself based on the letters representing my certifications - I introduce me and my abilities, and I would hope that the rest of this group would too. Thanks. --- adam lee wrote: > I think the author was either being sarcastic or is > just uninformed of what > technology really is. I feel bad that I even wasted > this much bandwidth > discussing it. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Don Claybrook > Sent: Thursday, September 06, 2001 11:32 AM > To: [EMAIL PROTECTED] > Subject: One Journalist's Opinion of CCIE [7:18843] > > > I just ran across this one in Fortune Small > Business. Below is an excerpt. > The journalist (Larry Seltzer) is attempting to give > tips on how to hire > technical consultants to do work for your small > business. He's talking > about > how certifications aren't as important as one might > think: > > "When looking for qualified help, don't read too > much into a consultant's > alphabet soup of certifications. They don't signify > ability, just as my > political science degree doesn't make me your next > President. Terms like > CCIE > (Cisco Certified Internetwork Expert) indicate only > successful completion of > the program and minimal competence in the product." > > I wish I knew this guy's email address. Anyway, I > thought the group might > get > a kick out of it. Here's the link in case you want > to read the whole thing: > http://netbusiness.netscape.com/fsb/features/sp_f_090601_1.psp > > Don Claybrook > CCNP, CCDP (but not yet up to the minimal competence > level of CCIE) [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19166&t=18843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CDP updates from a Catalyst 6500 router card [7:19167]
We're running Cisco Works 2000 and on one of our VTP domains we route only one of it's VLANs back to the management subnet. Thing is that this is VLAN100 and the Router module in our 6500 Catalyst always uses the lowest VLAN in it's CDP updates and so a non reachable IP address is picked up by CW2000 (from VLAN 2). Disabling CDP all VLANs bar VLAN100 doesn't change this. Any ideas apart from the obvious VLAN surgery ?. Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19167&t=19167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
