RE: CCDP Requirement [7:20874]
Both CID and CCDA. Hi All, Can anybody pls. state the requirement to become a CCDP after CCNP ? My confusion is whether one needs to pass only CID or both and CID and CCDA. Any assistance will be greately apppreciated. Zahid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20874t=20874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: apple machine and cisco switch problem [7:20825]
Moe, this is just an idea but after a situation at our campus I will share it. Try preventing the mac from auto negotiating to 100 full. Set the NIC and switch port to 100 half manual and check the results. king kaung wrote: Hi All, I have big problem with our apple machines. Last week, I replaced my old 3Com switches to cisco 3524 switches. Then most of my apple machine can not see each other(cannot access appleshare)but it can see and can access PC Servers. I try to configure the speed and duplex according apple's NIC specification on individual ports. But some of the apple machine still cannot see. I put those Mac machines back to 3Com switch and it works again. We don't have zone setting on apple machines.The protocols are all default.Our network is flat network and no subnet, no VLAN. Anything I miss out to configure on my Cisco switches? Or any special setting for apple machines I need to set? Many thanks, Moe. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20875t=20825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie [7:20876]
__ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20876t=20876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certifications for Sale ? [7:20747]
ya it is very dependant on the person i suppose... i wont get into my prometric-phone trouble... but att one of the testing sites, i told the secretary i was there. So she went to setup the test. 45 minutes later she still isnt back i suspect something is wrong :P so she comes back finaly oh sorry, i set up the exam and went off, i forgot you were here not to mention she didnt ask for id... chimps are getting smart these days i hear? not to mention a chimp on rollerblades saying goodbye will give you something to laugh about if you fail the exam :) Hi, It would seem the ID bit is largely dependent on the person running the test site. I have always had to provide evidence of who I am. I have even been known to the person in the test site but still had to provide the evidence so it could be ticked off as sighted. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20877t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trace results [7:20878]
Dear all Can anyone tell me what is the meaning of !A as listed below also what does !H means as well Thanks Regards bird Tracing the route to krwww.yahoo.co.kr (211.32.119.135) 1 202.161.130.18 0 msec 0 msec 0 msec 2 12.126.195.45 [AS 7018] 52 msec 52 msec 52 msec 3 gbr1-p70.sffca.ip.att.net (12.123.13.58) [AS 7018] 52 msec 52 msec 52 msec 4 12.122.11.65 [AS 7018] 52 msec 56 msec 52 msec 5 12.122.11.218 [AS 7018] 52 msec 52 msec 52 msec 6 above-att-2.sjc2.above.net (208.184.232.153) [AS 6461] 56 msec 56 msec 56 ms ec 7 pao1-sjc2-oc48-2.pao1.above.net (208.185.175.162) [AS 6461] 56 msec 56 msec 56 msec 8 abovenet.paix.bora.net (209.133.31.36) [AS 6461] 60 msec 56 msec 60 msec 9 p4.bora.net (203.255.234.54) [AS 3786] 56 msec 60 msec p4.bora.net (203.255.234.44) [AS 3786] 56 msec 10 203.255.234.201 [AS 3786] 180 msec 203.255.234.133 [AS 3786] 180 msec 203.255.234.193 [AS 3786] 176 msec 11 203.233.35.110 [AS 3786] 180 msec 180 msec 203.233.35.106 [AS 3786] 180 msec 12 * 211.233.55.51 [AS 3786] 184 msec 184 msec 13 k1c9-4231.sw.kidc.net (211.233.55.238) [AS 3786] 184 msec * 180 msec 14 211.233.26.254 [AS 3786] 180 msec 180 msec 176 msec 15 * * !A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20878t=20878 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trace results [7:20878]
In Cisco routers, the codes for a traceroute command reply are the following: ! -- success * -- time out N -- network unreachable H -- host unreachable P -- protocol unreachable A -- admin denied Q -- source quench received (congestion) ? -- unknown (any other ICMP message) -Nag. birdy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all Can anyone tell me what is the meaning of !A as listed below also what does !H means as well Thanks Regards bird Tracing the route to krwww.yahoo.co.kr (211.32.119.135) 1 202.161.130.18 0 msec 0 msec 0 msec 2 12.126.195.45 [AS 7018] 52 msec 52 msec 52 msec 3 gbr1-p70.sffca.ip.att.net (12.123.13.58) [AS 7018] 52 msec 52 msec 52 msec 4 12.122.11.65 [AS 7018] 52 msec 56 msec 52 msec 5 12.122.11.218 [AS 7018] 52 msec 52 msec 52 msec 6 above-att-2.sjc2.above.net (208.184.232.153) [AS 6461] 56 msec 56 msec 56 ms ec 7 pao1-sjc2-oc48-2.pao1.above.net (208.185.175.162) [AS 6461] 56 msec 56 msec 56 msec 8 abovenet.paix.bora.net (209.133.31.36) [AS 6461] 60 msec 56 msec 60 msec 9 p4.bora.net (203.255.234.54) [AS 3786] 56 msec 60 msec p4.bora.net (203.255.234.44) [AS 3786] 56 msec 10 203.255.234.201 [AS 3786] 180 msec 203.255.234.133 [AS 3786] 180 msec 203.255.234.193 [AS 3786] 176 msec 11 203.233.35.110 [AS 3786] 180 msec 180 msec 203.233.35.106 [AS 3786] 180 msec 12 * 211.233.55.51 [AS 3786] 184 msec 184 msec 13 k1c9-4231.sw.kidc.net (211.233.55.238) [AS 3786] 184 msec * 180 msec 14 211.233.26.254 [AS 3786] 180 msec 180 msec 176 msec 15 * * !A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20879t=20878 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help on NAT [7:20880]
Hey gurus, I am using NAT in my setup and I find only these entires related to NAT...what is really happening here? interface Ethernet0/0 ip address 10.1.1.1 255.255.255.255 ip nat inside interface serial0 ip address xxx...(Connected to Internet) Anyone can help? Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20880t=20880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help on NAT [7:20880]
Probably not a lot. You need to have inside and outside interfaces so the router knows when to translate packets. Check the NAT section here... http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt2/1cipadr.htm Follow those instructions there and you can't go wrong ;) Cheers Charlie --- Ramesh c wrote: Hey gurus, I am using NAT in my setup and I find only these entires related to NAT...what is really happening here? interface Ethernet0/0 ip address 10.1.1.1 255.255.255.255 ip nat inside interface serial0 ip address xxx...(Connected to Internet) Anyone can help? Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20881t=20880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Suggestion Required [7:20882]
Hi all, I just wanted to share this with you all. I am going to implement a test circuit for VoIP and I am about to place the order for following hardware. 1. Cisco 1751 - V Router 2. WIC 1 T Card (For my 64K leased line) 3. FXS card 4. FXO card 5. One extra 4 channel DSP module since 1751 has got one only. I am taking 2 sets of above. 1751 is new model with more DRAM and flash and a better pps. I have 2 64 Leased line to test the above system and i will be integrating the same with my Toshiba EPABX. Do anyone have any good recommendation to make ? Since this is going to my first hands on VoIP I would appreciate expert comments from all you guys. Thanks and best regards, Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20882t=20882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cute IPX addresses compiled [7:20864]
In a message dated 9/23/01 10:11:27 PM Central Daylight Time, [EMAIL PROTECTED] writes: Subj: Cute IPX addresses compiled [7:20864] Date: 9/23/01 10:11:27 PM Central Daylight Time From: [EMAIL PROTECTED] (Dennis Laganiere) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Dennis Laganiere) To:[EMAIL PROTECTED] Dennis, How about the obvious one:CC1E Rob H. NP, DP, blah,blah,blah... I compiled all the cute IPX network names people sent me and am providing them here for future reference. I know we don't see much IPX anymore, but it's still fun to reminisce about our youth... 1DEA (idea), 82FA57 (ate too fast), ACE5, AD, AD0 , AD0BE, B00B00, B0D1CE (bodice), B0D1ED (bodied), BA5EBA11, BABEFACE, BAD, BAD1DEA (bad idea), BADBABE, BADBEEF, BADC0FEE, BADDAD, BE, BEAD, BEAD0FF, BEBAD, BED, BEE, BEEFFEED, C0DEDEAD, CAB, CAD, DEAD, DEADBEEF, DEAF, DEAF0AF, F005BABE , F00D, FA11, FACE, FAD0, FADE, FEED and of course, the scourge of the technology world DECAF. Hope this is as much fun for you guys as it is for me... Thanks all... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20883t=20864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed switching [7:20868]
Hi Alex, Congradulations on passing the switching exam. I am just starting to prepare for that one. I just did the Remote Access exam today. I used the cisco press BCRAN course book, an old ACRC book, and cisco product descriptions to prepare for the exam. Anyway, thanks for the recommendation on the books, I will look them up. thanks amanda Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20884t=20868 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Legacy DDR won't keep quiet [7:20854]
I'm taking a stab in the dark, but I think CDP sends traffic about every 90 seconds... Do a SHOW CDP Interface and see how often it is sending packets. If that is the case turn CDP off. If nothing else activate the improbability drive. Robert -Original Message- From: Sean Wolfe [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 7:48 PM To: [EMAIL PROTECTED] Subject: Legacy DDR won't keep quiet [7:20854] Howdy there folks, question for you. Studying for the BCRAN, I have a lab with two 1602R's with BRI modules. I am simulating a FR connection with BRI configured for backup in legacy dialer-string mode. The backup works fine; ie. I pull the FR cable and the backup comes up, I send interesting traffic and the BRI dials and routes the packet. Problem is, even when there is no interesting traffic (even when I put an access list on it with 'deny any') the BRI still dials periodically. As far as I can tell it's about 90 seconds between. At first I thought it was RIP. But I disabled RIP and it's still doing it! Here's the config on the spoke router (note Hitchhiker's Guide reference =) : --- Marvin#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Marvin ! ! username marvin password 0 linka ip subnet-zero no ip domain-lookup ip host zaphod 172.30.1.1 isdn switch-type basic-ni ! ! ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast ! interface Serial0 backup interface BRI0 ip address 172.30.1.2 255.255.255.0 no ip directed-broadcast service-module 56k clock source line service-module 56k network-type dds ! interface BRI0 ip unnumbered Ethernet0 no ip directed-broadcast dialer idle-timeout 15 dialer string 6024384633 dialer-group 1 isdn switch-type basic-ni isdn spid1 6024384404 isdn spid2 6024384544 ! ip classless ip route 172.20.2.0 255.255.255.0 BRI0 121 ! access-list 1 deny any dialer-list 1 protocol ip list 1 ! line con 0 password cisco login transport input none line vty 0 4 no login ! end Marvin# - Why would this thing dial for no reason??? Let me know your thoughts. BTW congrats to the recent CCIE Written folks (there were a couple recently, no?) Thx, -Sean. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20885t=20854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Land Locked Networking Projects [7:19653]
I would think that you need to post your requirements. This might not be the place but I would start here if you are in desperate need. I just got back from Florida myself. The security is tight. My company handels networking projects in the New York City area (including Long Island). If you have any needs in the NYC area give me a call. PS I lost a lot of friends on the 11th. I was in and out of the WTC for a number of years. I worked in tower 2, Amex and 1 Liberty Plaza. I cannot express in words what I feel. Dominick Marino Quality Networking Inc. www.qualitynetworkinginc-ny.net Cell 516-480-2973 Michael Snyder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Due to the airlines being shutdown, I just had a mental image of networking companies faced with choice of very long road trips or not finishing important projects. Anyone know how to link up local companies and the now long distance networking projects? Wish all the Cisco partners had a single mailing list or forum. I don't mean to disregard the last two days, just that we need to start moving the ball foward. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20886t=19653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UrlScan: Save from Code Red or Nimda [7:20887]
I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20887t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCDP Requirement [7:20874]
You need to have a CCDA to get your CCDP. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20888t=20874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I want to stop console messages [7:20889]
i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20889t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20890t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
Even we start blocking IP's still the packets will come till our router and result in congestion in the network from ISP to our premises. Mukul Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20891t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Some questions about Cheetsheets 504 [7:20768]
Trib, coincidently, Bush will be having many all expenses paid flights to the middle east shortly, maybe you can get few certs on the side..your an unethical a! Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20892t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certifications for Sale ? [7:20747]
I always was asked for two ID's, one with a photo. Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20893t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Advise on CCIE Needed [7:20816]
Try using the CCIE written bootcamp or the written workbook from ccbootcamp.com. Boson 1,2, and 3 are good resources too. -Original Message- From: Shahid Muhammad Shafi [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 1:44 AM To: [EMAIL PROTECTED] Subject:Advise on CCIE Needed [7:20816] Hi Guys I am preparing for my CCIE written and will give it next month. I am using clark for Swithching, Doyle for Routing and Halabi for BGP. My question is that Caslow is enough for all WAN,Bridging and Voice stuff or I have to consult more resources? Any input highly appreciated. Thanks, Shahid CCDP,CCNP, Wanna be CCIE and JNCIE within one year:) = Shahid Muhammad Shafi Network Engineer Level(3) Communications MCSE+I/MCSE(Win2K),CNA,CCNP,CCDP Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20894t=20816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
True but it would reduce the load on the servers and firewalls. MJ 09/24 9:23 AM Even we start blocking IP's still the packets will come till our router and result in congestion in the network from ISP to our premises. Mukul Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20895t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want to stop console messages [7:20889]
no logging console (global config command) - Original Message - From: Farooq Ahmed To: Sent: Monday, September 24, 2001 2:11 PM Subject: I want to stop console messages [7:20889] i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20896t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want to stop console messages [7:20889]
conf t no logging console At 15:11 24.09.2001, you wrote: i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20897t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I want to stop console messages [7:20889]
Here's a hint. From the router(config)# prompt enter logging ? and learn step by step from there. -Original Message- From: Farooq Ahmed [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:12 AM To: [EMAIL PROTECTED] Subject: I want to stop console messages [7:20889] i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20898t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
questions on apple machines with cisco switches [7:20899]
Hi all, I have the problem between apple machines and cisco catalyst switches. Last week, I replace my old 3Com switches to Cisco 3524 switches. Then most of my apple machines cannot access each other(cannot access appleshare). After I setup port speed and duplex mode on individual ports according to the apple machines NIC spec:, apple machines can access to PC server(MAC volume and e-mail). But some are still cannot see each others. I put back those apple machines to old 3Com switches and it works fine. All the apple machines have no zone settings. My network is flat network and no subnet. Do I need other special setting on my cisco switches for apple environment? Thanks for your advice, Moe. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20899t=20899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: set port host [7:20591]
You need to run at least 5.5 cat OS. Dave Stephen Skinner wrote: guys, a quick quiery i am running several 6509`s ..about 50 in different sites..and i can `t see this set port host command WS-C6509 Software, Version NmpSW: 5.3(2)CSX 6509_3 (enable) set port host Unknown command set port host. Use 'set port help' for more info. 6509_3 (enable) set spantree portfast ? Usage: set spantree portfast what Gives...or have i just got a crappy Catos cheers steve From: Nigel Taylor Reply-To: Nigel Taylor To: [EMAIL PROTECTED] Subject: Re: set port host [7:20591] Date: Thu, 20 Sep 2001 18:25:02 -0400 MADMAN, Well it looks from this search on CCO that you were right in that this command does turn off PAgP. Also, by using the CatOS PortFast mechanism, you can configure the phone access port to move into a forwarding state immediately, thereby decreasing IP phone boot time. To perform this configuration, use the set port host command on the Catalyst 4000 and 6000 or the spanning-tree portfast command on the 2900 XL and 3500 XL, which turns off Dynamic Trunking Protocol (DTP) and Port Aggregation Protocol (PAgP) and enables PortFast. However, in doing so it does seems like although PagP is turned off it is the mechnism used to provide informational status of FEC capable links. Here's a link that provides some info that might help. Perform a find on page using the %PAGP-5-PORTFROMSTP. http://www.cisco.com/warp/public/473/34.shtml If you want to suppress these syslog messages, you can modify the logging level for the PAGP facility to 4 or lower using the command set logging level pagp 4 default (the default logging level for PAGP is 5). HTH Nigel From: MADMAN Reply-To: MADMAN To: [EMAIL PROTECTED] Subject: set port host [7:20591] Date: Thu, 20 Sep 2001 15:31:49 -0400 I got a question today from a customer who had seen a %PAGP-5-PORTFROMSTP: error message on his 6509. I explained it was mostly informational, the device connected to that port was either disconnected or shutdown. I then thought I had a good idea, do a set port host on our lab switch on a port connected to a router. My reasoning was that this, among other things, disables PAGP, auto port channeling, so if I disconnect a device on a port with port host enabled I should not see PAGP error messages. Wrong, I still get them Thought I would throw that out to see if I'm smokin crack with my logic. Thanks Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20901t=20591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DCE to DTE Back to Back Cable Part number [7:20690]
Cisco doesn't sell this type of cable per se but you can simply buy a DCE and a DTE cable and connect them together. Dave Chris Theiss wrote: I found some serial dte-to-dce cables at Pacific Custom Cables. I bought the 60-pin variety, but it looks like they have smart serial versions too. http://www.pacificcable.com/CiscoCables.htm Robert Fowler wrote: After searching my Cisco Part list, my products reference guide and the cco, I cannot find the part number for a DCE to DTE back to back cable, I am needing one for my lab at work, but we have to have the Cisco part number to order. Any help would be appreciated! Thank You, Robert Fowler -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20900t=20690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want to stop console messages [7:20889]
Pick your poison: C7507MIX(config)#no logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered logging parameters console Set console logging level exceptionLimit size of exception flush output facility Facility parameter for syslog messages history Configure syslog history table monitor Set terminal line (monitor) logging level on Enable logging to all supported destinations rate-limit Set messages per second limit source-interface Specify interface for source address in logging transactions trap Set syslog server logging level Farooq Ahmed wrote: i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20902t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which testing site is better? Halifax or RTP [7:20904]
Hi everyone, this is my fist post. I just signed up for Halifax for May 27th, 2002. Which testing site do you preffer, Halifax or RTP? Thanks, Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20904t=20904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: POP3 SMTP through Pix to Static NAT Address [7:19931]
Thanks Pat worked like a charm! pat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, This is common problem in PIX. when internal client gets Public IP from DNS, it tries to reach that IP. Since it is external IP PIX routes it outside hence packets are lost. There is workaround provided by PIX for this kind of problem. YOu need to use alia command on PIX. Please ref to http://www.cisco.com/warp/public/110/alias.html or This document explains the use of the alias command on the Cisco Secure PIX Firewall. The alias command has two possible functions: It can be used to do DNS Doctoring of DNS replies from an external DNS server. In DNS Doctoring, the PIX changes the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name. This process is used when we want the actual application call from the internal client to connect to an internal server by its internal IP address. It can be used to do Destination NAT (dnat) of one destination IP address to another IP address. In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address. This process is used when we want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not doctor the DNS replies. For example, if a host sends a packet to 99.99.99.99, you can use the alias command to redirect traffic to another address, such as 10.10.10.10. You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. For more information, consult the PIX Hope this will help you pat --- atram wrote: I have a situation which someone may be able to shed some light on. The configuration that is in place is a PIX 515 6.01 with a public IP on the 'outside' interface and private IP on the 'inside' interface as you would normally see in a straight-forward config. We are using PAT to another external IP for all internal users. Also there are static NAT statements on this same external IP (one used for PAT) that translate to the appropriate internal IPs for the respective services. Ex. static (inside,outside) tcp x.x.x.x pop3 10.x.x.x pop3 netmask x.x.x.x (translating all pop3 queried traffic on x.x.x.x to be forwarded to 10.x.x.x) One inbound access list is applied to the 'outside' interface filtering for the protocols we need allowed in and for the static nats. So this works fine for all external users and querying the various protocols. All locations are connected via private frame WAN to the central location, where the internet connection out is and also this PIX. Here is the problem. There are travelling users which bounce from site to site and are configured to access email via POP3. Unfortunately this will not work from inside the PIX. What it looks like is that basically the client is querying a pop3 server which resolves to the public IP address which is in turn the same address assigned for the static nat translation to the actual internal pop3 box. I would change the client to resolve pop3 to the actual internal IP address but then they would be unable to reach the box from home or hotel etc. ie. client queries pop3 to 'popserver.domain.com' dns resolves this to x.x.x.x from above static NAT. Query fails. Does anyone have any suggestions on what may be happening and could shed some light on whether this can be done first of all, and what steps may need to be taken on the PIX so that interal queries for pop3 and smtp will be able to go out through the PAT and come back in as the static nat translates them and still work. Thanks VERY much for anyones input. [EMAIL PROTECTED] __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20903t=19931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
So you're saying you're going to try to stop over 25000 ips at the firewall or router? Don't you think there might be a better approach? Maybe a map-class to stop requests to certain urls perhaps? Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20905t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE Written [7:20796]
Congrats as well! I don't know that I'd call passing the written 50% there though... maybe 25% wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In a message dated 9/22/01 8:50:09 PM Central Daylight Time, [EMAIL PROTECTED] writes: Date: 9/22/01 8:50:09 PM Central Daylight Time From: [EMAIL PROTECTED] (Sundar Palaniappan) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Sundar Palaniappan) To:[EMAIL PROTECTED] I passed CCIE written on 9/17 with a score of 74. Thanks to all the members of this technical newsgroup and groupstudy.com for all the help. I used the following to prepare: Bruce Calsow CCIE Exam Lou Rossi's TR White Paper Boson Exams. In addition, my experience as a CSE 2 in a TAC helped me. The questions were from all around and there wasn't too much emphasis on any one topic. Now on to the real test, Lab. I would appreciate input from fellow members as to where to start for the Lab. I am going to read the Jeff Doyle Halabi book. I am also thinking of setting up a Home Lab. Can fellow members advise what equipment would I need for an ideal Lab. Good Luck to all out there! Cheers, Sundar Palaniappan Sundar, CONGRATS!!You are 50% there! I have, as my home lab, the following setup: 3 2501's 1 2514 (2 ETH interfaces) 4 4500's with the following modules; ISDN, 2) 4-port Serial, 2-port 1-port Ethernet, 2) 1-port Token Ring, and I am budgeting for an ATM module for 2 of my 4500's. Emutel ISDN Emulator. **It i my understanding that the following should be mandatory for the lab: *OSPF *Frame Relay *BGP Redistribution *Access Lists *ISDN / Dial **These other subjects are secondary *ATM *IPSec *VOIP *DLSw+ *IPX *IGRP *EIGRP *RIP *Route maps *Distribute Lists *Filter Lists *SRB/Transparent bidging GOOD LUCK! and I hope this gives you a good study guideline! Rob H. NP, DP IE Written, blah, blah, blah. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20906t=20796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help you to pass exam [7:20780]
I thought this list was moderated from losers like this! cisco nan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... i have many questions come from the real exam. and it will help you to pass the ccna,ccnp,ccda,ccdp,and ccie . i am sure you will get a lot from it, and i have many second hand router and switch,it will help you to pass the ccie lab if you are interested in it,feel free to contact me. my mail:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20907t=20780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE advice [7:20755]
I would recommend going for CCNP before CCIE, especially if your experience is limited... David Wampler wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello everyone, I'm about to take my CCIE written, although I have no practical working experience with Cisco routers. I am currently a hardware deployment engineer at a large corporation. I'm just wondering if anybody thinks that after passing the CCIE written exam, I can become a junior network engineer. Currently I have the CCNA, along with a Bachelor's in CIS. It seems so hard to really work with Cisco products, so I'm wondering if this exam will open those doors for me. Thanks, Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20910t=20755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: questions on apple machines with cisco switches [7:20899]
Didn't like Priscilla's answer? I did. She's right on the money I'd say. Here it is again: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Sunday, September 23, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Re: apple machine and cisco switch problem [7:20825] Turn on portfast, which causes a switch port to go into forwarding mode more quickly. I bet the Macintoshes didn't receive AppleTalk parameters correctly because the switch port didn't start forwarding while they were booting and starting up AppleTalk. Priscilla -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of king kaung Sent: Monday, September 24, 2001 9:03 AM To: [EMAIL PROTECTED] Subject: questions on apple machines with cisco switches [7:20899] Hi all, I have the problem between apple machines and cisco catalyst switches. Last week, I replace my old 3Com switches to Cisco 3524 switches. Then most of my apple machines cannot access each other(cannot access appleshare). After I setup port speed and duplex mode on individual ports according to the apple machines NIC spec:, apple machines can access to PC server(MAC volume and e-mail). But some are still cannot see each others. I put back those apple machines to old 3Com switches and it works fine. All the apple machines have no zone settings. My network is flat network and no subnet. Do I need other special setting on my cisco switches for apple environment? Thanks for your advice, Moe. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20908t=20899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE advice [7:20755]
Don't let yourself be ripped off by this loser. Study hard and learn the real way and you'll be doing yourself a favor... cisco nan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... don't worry,i think i can help you , i am on the way to ccie lab,i think the process to ccie is the time to get your working experience. if you need some materials , i can share with you. glad to communicate with you my mail:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20909t=20755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Legacy DDR won't keep quiet [7:20854]
I thought CDP at first too, but by default CDP sends packets every 60 seconds. Holdtime is 180 seconds. Since it's just a lab environment, running a debug showing what triggers the line to come up would be an excellent starting place to find the culprit. In a production environment, using an extended access list would likely fix the problem (as someone suggested previously). -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Fowler Sent: Monday, September 24, 2001 6:09 AM To: [EMAIL PROTECTED] Subject: RE: Legacy DDR won't keep quiet [7:20854] I'm taking a stab in the dark, but I think CDP sends traffic about every 90 seconds... Do a SHOW CDP Interface and see how often it is sending packets. If that is the case turn CDP off. If nothing else activate the improbability drive. Robert -Original Message- From: Sean Wolfe [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 7:48 PM To: [EMAIL PROTECTED] Subject: Legacy DDR won't keep quiet [7:20854] Howdy there folks, question for you. Studying for the BCRAN, I have a lab with two 1602R's with BRI modules. I am simulating a FR connection with BRI configured for backup in legacy dialer-string mode. The backup works fine; ie. I pull the FR cable and the backup comes up, I send interesting traffic and the BRI dials and routes the packet. Problem is, even when there is no interesting traffic (even when I put an access list on it with 'deny any') the BRI still dials periodically. As far as I can tell it's about 90 seconds between. At first I thought it was RIP. But I disabled RIP and it's still doing it! Here's the config on the spoke router (note Hitchhiker's Guide reference =) : --- Marvin#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Marvin ! ! username marvin password 0 linka ip subnet-zero no ip domain-lookup ip host zaphod 172.30.1.1 isdn switch-type basic-ni ! ! ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast ! interface Serial0 backup interface BRI0 ip address 172.30.1.2 255.255.255.0 no ip directed-broadcast service-module 56k clock source line service-module 56k network-type dds ! interface BRI0 ip unnumbered Ethernet0 no ip directed-broadcast dialer idle-timeout 15 dialer string 6024384633 dialer-group 1 isdn switch-type basic-ni isdn spid1 6024384404 isdn spid2 6024384544 ! ip classless ip route 172.20.2.0 255.255.255.0 BRI0 121 ! access-list 1 deny any dialer-list 1 protocol ip list 1 ! line con 0 password cisco login transport input none line vty 0 4 no login ! end Marvin# - Why would this thing dial for no reason??? Let me know your thoughts. BTW congrats to the recent CCIE Written folks (there were a couple recently, no?) Thx, -Sean. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20911t=20854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Certifications for Sale ? [7:20747]
People cheat in Pakistan. People cheat in Canada. People cheat in the United States. Should Cisco deny testing these countries too? No. Will Cisco be able to stop people from cheating? Not likely. Certifications are a way to get your foot in the door. If an employer isn't smart enough to ask technical questions during an interview to weed out the people that haven't learned what they need to get the job done, then they deserve what they hire. What if a manager doesn't have the technical skills to assess someone's ability? Hire a short-term consultant from a reputable consulting company to develop questions and answers, or have that individual sit in during the interview process. The ball is in the hiring company's court. -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MJ Sent: Sunday, September 23, 2001 11:59 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] Hello Everyone, Well I have recently came to know such a case from Pakistan. I know a person who is from there and hold a degree of CCNP. Well I completed my CCNA in January and this is really amazing that the guy knows nothing as when it came to implementation. Everytime he goes back to refer his books and come with hazzy and undetermined solution. I was wondering that how has he got his certifications and when I asked him personally he admitted that in Pakistan they can pay money and can sit with someone and take help of books and clear the exams. Can you imagine this person score in CCNA was 980. If this is the case then I think Cisco and other companies should take off their testing centres in Pakistan so atleast this should be in favour to us who put their days and time in getting such certifications. Mukul Bruce Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... There is a thread being discussed on Cisco Network Professional Discussion page about Cisco Certifications such as CCNA, CCDA, CCNP, CCDP and CCIE being sold in India and Pakistan for the cost of the exam. Several people in the Forum have confirmed it and have even said it is common knowledge. Please tell me it is not true. I have worked very hard to achieve the CCNA, CCDA, CCNP and CCDP and now I am working even harder to prepare for the CCIE Lab. I would be highly upset to discover that Cisco is tolerating this. I really dont see what value the certification holds if it can be bought this easily. If you want to see the comments yourself, check out this link http://forums.cisco.com/eforum/servlet/NetProf?page=main and then click on career certifications The first comment was posted on September 17th. Bruce Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20912t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
i said 25000 attempts, about 50 ips Dennis H 09/24 11:36 AM So you're saying you're going to try to stop over 25000 ips at the firewall or router? Don't you think there might be a better approach? Maybe a map-class to stop requests to certain urls perhaps? Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20913t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Which testing site is better? Halifax or RTP [7:20904]
I thought Halifax was a great place to test. The town is beautiful and relaxing. Great seafood and our Canadian friends know how to make a good Beer. When there go to the waterfront area have a nice C$12.00 Lobster dinner and visit the Titanic museum. Oh ya, no complaints about the testing facility. Can't stress enough the importance of the laid back atmosphere in Halifax. You don't want to be stressed out before you arrive at the Testing center. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:30 AM To: [EMAIL PROTECTED] Subject: Which testing site is better? Halifax or RTP [7:20904] Hi everyone, this is my fist post. I just signed up for Halifax for May 27th, 2002. Which testing site do you preffer, Halifax or RTP? Thanks, Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20916t=20904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can some PIX expert please respond.... [7:20858]
I believe this is a bug. I have the same issue with 6.0(1) Not sure if 6.1(1) fixed it. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Urooj's Hi-speed Internet Sent: Sunday, September 23, 2001 8:06 PM To: [EMAIL PROTECTED] Subject: OT: Can some PIX expert please respond [7:20858] Hi Folks, I am trying to get timestamps alongwith my 'syslog' output by using the PIX command logging timestamps. However, even with this command, whenever I do a show syslog, I fail to see any timestamps logged. Am I missing something ??? How can I append timestamps with the syslog messages. Or timestamps cannot be appended in show syslog when I use the command logging buffered debugging logging timestamps, i.e. when I use the internal buffer of PIX to log syslog messages ? Can someone please advise me. Thanks. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20914t=20858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cute IPX addresses compiled [7:20864]
D00BE ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 24, 2001 6:36 AM To: [EMAIL PROTECTED] Subject: Re: Cute IPX addresses compiled [7:20864] In a message dated 9/23/01 10:11:27 PM Central Daylight Time, [EMAIL PROTECTED] writes: Subj: Cute IPX addresses compiled [7:20864] Date: 9/23/01 10:11:27 PM Central Daylight Time From: [EMAIL PROTECTED] (Dennis Laganiere) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Dennis Laganiere) To:[EMAIL PROTECTED] Dennis, How about the obvious one:CC1E Rob H. NP, DP, blah,blah,blah... I compiled all the cute IPX network names people sent me and am providing them here for future reference. I know we don't see much IPX anymore, but it's still fun to reminisce about our youth... 1DEA (idea), 82FA57 (ate too fast), ACE5, AD, AD0 , AD0BE, B00B00, B0D1CE (bodice), B0D1ED (bodied), BA5EBA11, BABEFACE, BAD, BAD1DEA (bad idea), BADBABE, BADBEEF, BADC0FEE, BADDAD, BE, BEAD, BEAD0FF, BEBAD, BED, BEE, BEEFFEED, C0DEDEAD, CAB, CAD, DEAD, DEADBEEF, DEAF, DEAF0AF, F005BABE , F00D, FA11, FACE, FAD0, FADE, FEED and of course, the scourge of the technology world DECAF. Hope this is as much fun for you guys as it is for me... Thanks all... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20915t=20864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE Written [7:20796]
Dennis, I have to agree with that. A good example is my own experience: I work for a large telco and see many variations of network platforms every day. I recently went to the Networkers and was blown away by all the miniscule concepts that I just DON'T SEE and DON'T HAVE A CLUE ABOUT! A very humbling experience, I must admit. As a matter of fact, one of the proctors gave this piece of advice: Even the config aspects that one would consider easy (access lists, IPX, interface setups, etc.) will really grab you when you are dealing with all the volume and time constraints of the lab itself. Personally, I try to drill on these at least 15-30 minutes a day just to stay fresh. My .02c, Rob H. NP, DP, blah,blah,blah... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20917t=20796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:20918]
Hello, Do anyone out there know of any link one can use to study for the security section on the CCIE written _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20918t=20918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Some questions about Cheetsheets 504 [7:20768]
There's no need to take anything back, but please do not post questions from the actual test in the futre. That's what got us all upset. We also hate cheat sheets which have the actual test questions on them. (Cheat sheet doesn't seem to be filtered. I think it is the test d*mp word that is filtered. We are glad that you can join our group. Sorry it was such a rocky start! ;-) Priscilla -Original Message- From: ou henry [mailto:[EMAIL PROTECTED]] Sent: Sunday, 23 September 2001 6:20 p.m. To: [EMAIL PROTECTED] Subject: Re: Some questions about Cheetsheets 504 [7:20768] Sorry, to all disturbed. I realized that I am doing this in a wrong way. I am new to the forum, how to take this back? Can i delete it? Or the administrator delete it. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20919t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certifications for Sale ? [7:20747]
WIll cisco really think about this atleast now... Anybody from cisco inc on this board.. or every body got laid off :)) --- MJ wrote: Hello Everyone, Well I have recently came to know such a case from Pakistan. I know a person who is from there and hold a degree of CCNP. Well I completed my CCNA in January and this is really amazing that the guy knows nothing as when it came to implementation. Everytime he goes back to refer his books and come with hazzy and undetermined solution. I was wondering that how has he got his certifications and when I asked him personally he admitted that in Pakistan they can pay money and can sit with someone and take help of books and clear the exams. Can you imagine this person score in CCNA was 980. If this is the case then I think Cisco and other companies should take off their testing centres in Pakistan so atleast this should be in favour to us who put their days and time in getting such certifications. Mukul Bruce Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... There is a thread being discussed on Cisco Network Professional Discussion page about Cisco Certifications such as CCNA, CCDA, CCNP, CCDP and CCIE being sold in India and Pakistan for the cost of the exam. Several people in the Forum have confirmed it and have even said it is common knowledge. Please tell me it is not true. I have worked very hard to achieve the CCNA, CCDA, CCNP and CCDP and now I am working even harder to prepare for the CCIE Lab. I would be highly upset to discover that Cisco is tolerating this. I really dont see what value the certification holds if it can be bought this easily. If you want to see the comments yourself, check out this link http://forums.cisco.com/eforum/servlet/NetProf?page=main and then click on career certifications The first comment was posted on September 17th. Bruce [EMAIL PROTECTED] http://travel.yahoo.com.au - Yahoo! Travel - Got Itchy feet? Get inspired! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20920t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fragmentation [7:20757]
t/121t5/dtfrfwhc.htm Thomas N. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Can anyone show me some good URL regarding the Fragmentation for Frame Relay network? Thanks! Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20922t=20757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fragmentation [7:20757]
http://www.cisco.com/warp/public/788/vofr/fr_frag.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos _c/fqcprt6/qcflfifr.htm watch wrap on last link Thomas N. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Can anyone show me some good URL regarding the Fragmentation for Frame Relay network? Thanks! Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20921t=20757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fragmentation [7:20757]
t/121t5/dtfrfwhc.htm atram wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... t/121t5/dtfrfwhc.htm Thomas N. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Can anyone show me some good URL regarding the Fragmentation for Frame Relay network? Thanks! Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20923t=20757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: questions on apple machines with cisco switches [7:20899]
I can verify that as I just ran into it this morning, Macs not working correctly on a 35xx. Enabled portfast and wallah they work!! Dave Leigh Anne Chisholm wrote: Didn't like Priscilla's answer? I did. She's right on the money I'd say. Here it is again: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Sunday, September 23, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Re: apple machine and cisco switch problem [7:20825] Turn on portfast, which causes a switch port to go into forwarding mode more quickly. I bet the Macintoshes didn't receive AppleTalk parameters correctly because the switch port didn't start forwarding while they were booting and starting up AppleTalk. Priscilla -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of king kaung Sent: Monday, September 24, 2001 9:03 AM To: [EMAIL PROTECTED] Subject: questions on apple machines with cisco switches [7:20899] Hi all, I have the problem between apple machines and cisco catalyst switches. Last week, I replace my old 3Com switches to Cisco 3524 switches. Then most of my apple machines cannot access each other(cannot access appleshare). After I setup port speed and duplex mode on individual ports according to the apple machines NIC spec:, apple machines can access to PC server(MAC volume and e-mail). But some are still cannot see each others. I put back those apple machines to old 3Com switches and it works fine. All the apple machines have no zone settings. My network is flat network and no subnet. Do I need other special setting on my cisco switches for apple environment? Thanks for your advice, Moe. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20924t=20899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE SECURITY Written [7:20918]
John, Hi! I just passed my CCIE Security written (today). I used John Kaberna's study guide. We (Network Learning aka ccbootcamp.com) will be publishing it in a week or so. Feel free to email me for more information. thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net John Nenye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Do anyone out there know of any link one can use to study for the security section on the CCIE written _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20925t=20918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
delay and delay [7:20926]
Group, what is the relation (if any) between the total delay I see in sh ip eigrp topology and the total delay I see in a simple ping? From show eigrp topology I see total delay associated to a point-to-point atm pvc lower than total delay showed for a E1 hdlc (between the same routers, 1 hop). If a make an extended ping I experience a lower delay with E1 than pvc atm (and, to be honest, this is what I'd like to see) Thanks in advace, Teresa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20926t=20926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIT, about to take test, any suggestions. KARMA to you. [7:20927]
Wow! I can hardly believe it myself. I am almost a CCNP. I want this status so bad that I even brought my book to Disneyland this weekend and studied while my family was enjoying themselves. Am I a nut? Any help or suggestions, thanks a bunch. I am about to face off with my last exam. I've been concentration on commands, however, I feel this may be a mistake. I would appreciate any help. Hope I or some one else can return the favor next time. Ariel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20927t=20927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UrlScan: Save from Code Red or Nimda [7:20887]
You need to ask your provider for assistance. The level of assistance will vary from provider to provider. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MJ Sent: Monday, September 24, 2001 5:44 AM To: [EMAIL PROTECTED] Subject: UrlScan: Save from Code Red or Nimda [7:20887] I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20928t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
Come on Kent... there's much one could do without asking ones provider anything... I have my network totally locked down and I didn't ask my provider squat... Kent Hundley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You need to ask your provider for assistance. The level of assistance will vary from provider to provider. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MJ Sent: Monday, September 24, 2001 5:44 AM To: [EMAIL PROTECTED] Subject: UrlScan: Save from Code Red or Nimda [7:20887] I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20930t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: who have configured the netscreen firewall? [7:20862]
As this is a Cisco newsgroup, when did Cisco buy Netscreen? Leo Shen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... could you give me a default configuration(an example config)? I will config a netscreen5 firewal next week thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20931t=20862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
From what I've seen each ip attempts 15 know vulnerabilities in IIS. Normally they scan an address once so trying to block it after the fact will do you little good and could cause trouble with legitimate traffic. I'd suggest you create a map class and policy map to block based on url. Here's a link with the info. It's geared towards code but with a little modification it'll stop nimda... http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... i said 25000 attempts, about 50 ips Dennis H 09/24 11:36 AM So you're saying you're going to try to stop over 25000 ips at the firewall or router? Don't you think there might be a better approach? Maybe a map-class to stop requests to certain urls perhaps? Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20929t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX ver 6 Security [7:20842]
Sounds like it's good for your billable hours though! :) Gareth Hinton wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've seen one of the risks already. I did an install just over a week ago, and unfortunately let the customer know about the PDM GUI. I've had three maintenance calls so far, all of them turned out to be config changes made by PDM. One of the configs was hardly recognisable. I think there may be a button which reads Install a random config. The GUI seems good and at least it is https and (hopefully) only accessible from the inside interface. The problem seems to be the ease of access it gives to people who would normally be scared off by a Pix CLI config. I've not seen any security bulletins yet, but I would be surprised if they don't start arriving within the coming months. :-) Gareth Brian Wilkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was wondering if anyone has formed any opinions yet as to the security of the new ver 6 of the PIX IOS using the HTTP interface. As I'm sure most folks know, there were some exploits with the HTML interface on Cisco's routers and switches, so I choose not to run those. But, since PIX configuration is such a different animal, is it worth enabling the GUI ?? Anybody seen any risks?? All help is always appreciated. Brian Wilkins Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20932t=20842 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Certifications for Sale ? [7:20747]
Even if IDs are checked, how reliable are the ids in pakistan and india? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Sent: Monday, September 24, 2001 12:03 AM To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] ya it is very dependant on the person i suppose... i wont get into my prometric-phone trouble... but att one of the testing sites, i told the secretary i was there. So she went to setup the test. 45 minutes later she still isnt back i suspect something is wrong :P so she comes back finaly oh sorry, i set up the exam and went off, i forgot you were here not to mention she didnt ask for id... chimps are getting smart these days i hear? not to mention a chimp on rollerblades saying goodbye will give you something to laugh about if you fail the exam :) Hi, It would seem the ID bit is largely dependent on the person running the test site. I have always had to provide evidence of who I am. I have even been known to the person in the test site but still had to provide the evidence so it could be ticked off as sighted. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20933t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
thanks for the info. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] Dennis H 09/24 2:42 PM From what I've seen each ip attempts 15 know vulnerabilities in IIS. Normally they scan an address once so trying to block it after the fact will do you little good and could cause trouble with legitimate traffic. I'd suggest you create a map class and policy map to block based on url. Here's a link with the info. It's geared towards code but with a little modification it'll stop nimda... http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... i said 25000 attempts, about 50 ips Dennis H 09/24 11:36 AM So you're saying you're going to try to stop over 25000 ips at the firewall or router? Don't you think there might be a better approach? Maybe a map-class to stop requests to certain urls perhaps? Richard Tufaro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we have the same problem. I have over 25000 attempts to compromise servers. Guess ill start blocking IP's at the firewall, or router. Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MJ 09/24 8:43 AM I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20935t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: spanning tree,priority, and elections [7:17449]
I would agree about setting the root priority. The last place I worked had a prescribed order for turning the switches on, so that they STP would suposedly converge faster. Bob Johnson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Not in my experience... You need to manually tune the bridge ID priority to elect the root bridge where you want it. It also pays to think about a secondary root should the the primary should fail. -Original Message- From: sam sneed [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:17 PM To: [EMAIL PROTECTED] Subject: spanning tree,priority, and elections [7:17449] According to cisco doc's, the spanning tree tree algortihm specifies a priority field which defaults to 32,768. When switches power up they assume they are the bridge root and advertise this value in BPDU's across the network to elect a root bridge. Since they all have same priority by default, the election is then decided by lowest MAC address of the tied switches. As a matter of fact, cisco uses the lowest MAC address tie-breaker in other algorithms as well. This seems simple enough to understand. I'd like to know is when they manufatcure switches do they burn in a lower MAC addresses in their core and distribution switched than in their access layer switches. Otherwise, access layer switches might be elected as root bridges during the election which would not be optimal. Can anyone give some insight on this? p.s. Excuse me for any grammar or punctuation errors, as I am a product of N.J. Public Schools. Sam Sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20934t=17449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: delay and delay [7:20926]
With ping, delay is actually measured. The router reports how long it takes to get replies. EIGRP delay is not dynamically measured. Delay of each interface is inversely proportional to the configured interface bandwidth. Total delay for an EIGRP route is a sum of each interface delay, as reported in EIGRP Updates. If you want EIGRP's delay to be somewhat more realistic, you can tweak the interface bandwidth. Priscilla At 02:06 PM 9/24/01, TP wrote: Group, what is the relation (if any) between the total delay I see in sh ip eigrp topology and the total delay I see in a simple ping? From show eigrp topology I see total delay associated to a point-to-point atm pvc lower than total delay showed for a E1 hdlc (between the same routers, 1 hop). If a make an extended ping I experience a lower delay with E1 than pvc atm (and, to be honest, this is what I'd like to see) Thanks in advace, Teresa Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20936t=20926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UrlScan: Save from Code Red or Nimda [7:20887]
You can lock your network down all you want but without getting help from your provider you cannot keep packets from the Internet from entering your WAN connection and eating your bandwidth. I can assure you that no matter how locked down your network, anyone anywhere in the world can flood your link, even if every packet that reaches your router/firewall is blocked. The only way to block the traffic from reaching your WAN line is to block it at the provider level. This is what the poster asked in the original question, how to keep traffic which he is already blocking from choking his leased line. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dennis H Sent: Monday, September 24, 2001 11:44 AM To: [EMAIL PROTECTED] Subject: Re: UrlScan: Save from Code Red or Nimda [7:20887] Come on Kent... there's much one could do without asking ones provider anything... I have my network totally locked down and I didn't ask my provider squat... Kent Hundley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You need to ask your provider for assistance. The level of assistance will vary from provider to provider. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MJ Sent: Monday, September 24, 2001 5:44 AM To: [EMAIL PROTECTED] Subject: UrlScan: Save from Code Red or Nimda [7:20887] I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20937t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: seraching for tacacs server [7:20872]
Cisco ACS is a nice product, and probably the best commercial implementation of tacacs+. If you want a freeware product, you can download a tacacs+ implementation for Unix from the Cisco site. It's free, but comes with no support. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of michael Sent: Sunday, September 23, 2001 11:14 PM To: [EMAIL PROTECTED] Subject: seraching for tacacs server [7:20872] Dear all, i would kindly ask you to help me with my following question: i would like to use tacacs+ for user and password authentication, changes of passwords every month, accounting, etc.. on each router we currently using about 300 routers at the moment and growing Could somebody recommend a product such delivers the above requests ? i testing CiscoSecure (ACS) at the moment, but is ACS the only available product regards Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20939t=20872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want to stop console messages [7:20889]
I see all these previous suggestions stop console messages. Needless to say, it is worthwhile to have these somewhere. Have you considered logging to an external host? Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 24 Sep 2001, MADMAN wrote: Pick your poison: C7507MIX(config)#no logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered logging parameters console Set console logging level exceptionLimit size of exception flush output facility Facility parameter for syslog messages history Configure syslog history table monitor Set terminal line (monitor) logging level on Enable logging to all supported destinations rate-limit Set messages per second limit source-interface Specify interface for source address in logging transactions trap Set syslog server logging level Farooq Ahmed wrote: i m connected to console port of 2600 router. I want to stop console messages. Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20941t=20889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
Dennis, Tell us your network address, we will start scanning it. Since you do not want to talk to your ISP, let's see how you can prevent us from turning your full T1/T3 to a fractional circuit. :-) Kent Yu Dennis H wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Come on Kent... there's much one could do without asking ones provider anything... I have my network totally locked down and I didn't ask my provider squat... Kent Hundley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You need to ask your provider for assistance. The level of assistance will vary from provider to provider. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MJ Sent: Monday, September 24, 2001 5:44 AM To: [EMAIL PROTECTED] Subject: UrlScan: Save from Code Red or Nimda [7:20887] I recently seen this tool from microsoft called urlscan. This seems to be good tool to save the IIS from the virus attack of Nimda and code red. But one problem is still there that lot of hackers are trying to get in to the server and thus creating lot of traffic and choking up my leased lines. Well how to combat this ? Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20940t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netflow switching. [7:20943]
If anyone has some netflow switching capable equipment in a non-production environment, please contact me off-list. I would like to get some packet captures of the netflow statistic packets. (between the router and the mgmt station) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20943t=20943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RTP dates? [7:20942]
[demime could not interpret encoding binary - treating as plain text] San Jose and Halifax have made some dates available recently as a result of the 2 day to 1 day conversion. Does anyone have any idea when/if RTP might follow suit? This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click 'Contact Us.' Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20942t=20942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about CATe and rj45 connectors [7:20944]
I was wondering if it would be okay to use CAT5 rj45 connectors on a CATe5 TP cable? if not...why is that? Also can you recommend a place that sells CATe5 rj45 connectors that are simple to insert the wires through. thanks guys! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20944t=20944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Some questions about Cheetsheets 504 [7:20768]
dear KY, at least be polite in this forum where we are talkin of knowledge and not passin unnecessary abusive comments. hope u understand and refrain from usin this type of lang.. in this forum. tribavan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 September 2001 5:12 a.m. To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Some questions about Cheetsheets 504 [7:20768] Trib, coincidently, Bush will be having many all expenses paid flights to the middle east shortly, maybe you can get few certs on the side..your an unethical a! Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20945t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: seraching for tacacs server [7:20872]
michael, why don't you contact me privately and I will show you how it can be done. I am NOT an expert with TACACS with I have done enough in the last 12 months that I think I am quite good with it. I work for an ISP and basically we have to manage about 400 routers and switches. Since there are about 80 people who actually have to get their hands on the routers everyday, there has to be a way to keep track of who is doing what to the routers and switches. We develop TACACS in house from the freeware source code at cisco. This TACACs server is running on Linux platform and it performs beatifully. This TACACS server has the capability to give each and every individual users both his/her EXEC password as well as the Privilege level-15 password. This TACACS server is also capable of AAA accounting of every users and every commands that users perform to the routers. In other words, everything is logged. I also develop a script that monitors the TACACS server process in case the process dies unexpectely. In that case, the process will attempt to restart itself. If it can not restart, it will send me an email telling me why it can not restart. If it successfully restarts itself, it also sends me an email. Before, I arrive, my company was thinking of implementing Cisco ACS running on NT platforms (Yikes). We are talking about spending about quite a bit of money (for both NT os and Cisco ACS software). I don't have experiences with Cisco ACS; however, I was able to save the company a lot of money with TACACS server running on linux platforms (Intel pentium 200 MHz will do the trick). Again, it is not very difficult to implement. Contact me off-line if you are interested. However, if you are not unix literate, you will have difficulty implement TACACS on unix platforms. You don't have to be unix gurus, just enough to get by. Sean, (p.s. please include your phone number if you want me to get in touch with you. I am in the East Coast) Here is sample AAA accounting from my tacacs accounting file: Sun Sep 9 12:58:03 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=86 start_time=154682 timezone=EDT service=shell priv-lvl=1 cmd=show interfaces Ethernet 0 0 Sun Sep 9 12:58:14 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=87 start_time=154693 timezone=EDT service=shell priv-lvl=15 cmd=write memory Sun Sep 9 13:04:09 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=88 start_time=155048 timezone=EDT service=shell priv-lvl=0 cmd=exit Sun Sep 9 13:04:10 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=64 start_time=154411 timezone=EDT service=shell disc-cause=1 disc-cause-ext=1020 elapsed_time=638 nas-rx-speed=0 nas-tx-speed=0 Wed Sep 12 18:23:30 2001 172.16.1.1 mojo tty66 206.173.58.175 start task_id=89 start_time=1000333410 timezone=EDT service=shell Wed Sep 12 18:29:56 2001 172.16.1.1 mojo tty66 206.173.58.175 stop task_id=90 start_time=1000333796 1000649926 timezone=EDT service=shell priv-lvl=0 cmd=enable Sun Sep 16 10:18:53 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=93 start_time=1000649932 timezone=EDT service=shell priv-lvl=15 cmd=configure terminal Sun Sep 16 10:18:55 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=94 start_time=1000649934 timezone=EDT service=shell priv-lvl=0 cmd=exit Sun Sep 16 10:18:57 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=95 start_time=1000649937 timezone=EDT service=shell priv-lvl=15 cmd=show running-config Sun Sep 16 10:19:06 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=96 start_time=1000649945 timezone=EDT service=shell priv-lvl=15 cmd=configure terminal Sun Sep 16 10:19:11 2001 172.16.1.1 learn_cisco tty66 172.16.1.70 stop task_id=97 start_time=1000649950 timezone=EDT service=shell priv-lvl=15 cmd=no aaa group server tacacs+ primary From: michael Reply-To: michael To: [EMAIL PROTECTED] Subject: seraching for tacacs server [7:20872] Date: Mon, 24 Sep 2001 02:14:10 -0400 Dear all, i would kindly ask you to help me with my following question: i would like to use tacacs+ for user and password authentication, changes of passwords every month, accounting, etc.. on each router we currently using about 300 routers at the moment and growing Could somebody recommend a product such delivers the above requests ? i testing CiscoSecure (ACS) at the moment, but is ACS the misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20946t=20872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UrlScan: Save from Code Red or Nimda [7:20887]
this has helped us alot. we turned the attack back at the infected servers. 1. Create a asp page with the following: 0 then 'turn offending server back on itself Response.redirect http://127.0.0.1; end if next % Page Not Found Sorry, but that page was not found on our server. Here is a link back to our Home Page. 2. Name this page custom404.asp and then goto IIS and choose this file instead of the default as the 404 error. This immediately got back about 40% of our bandwidth and the attacks were reduced by about 60%. Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20948t=20887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Certifications for Sale ? [7:20747]
I have heard .. like if u pay Rs.500.00 ($12.00) to an agent.. u can walk away with a Driver's license in India and Pak. --- sam adams wrote: Even if IDs are checked, how reliable are the ids in pakistan and india? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Sent: Monday, September 24, 2001 12:03 AM To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] ya it is very dependant on the person i suppose... i wont get into my prometric-phone trouble... but att one of the testing sites, i told the secretary i was there. So she went to setup the test. 45 minutes later she still isnt back i suspect something is wrong :P so she comes back finaly oh sorry, i set up the exam and went off, i forgot you were here not to mention she didnt ask for id... chimps are getting smart these days i hear? not to mention a chimp on rollerblades saying goodbye will give you something to laugh about if you fail the exam :) Hi, It would seem the ID bit is largely dependent on the person running the test site. I have always had to provide evidence of who I am. I have even been known to the person in the test site but still had to provide the evidence so it could be ticked off as sighted. [EMAIL PROTECTED] http://travel.yahoo.com.au - Yahoo! Travel - Got Itchy feet? Get inspired! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20947t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback interface [7:20949]
Hi all, What is the default speed of a loopback interface on a Cisco router? Thanks, Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20949t=20949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Wireless Network [7:20950]
Hi Folks, Anybody know where I can get a comparison chart for wireless network? Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20950t=20950 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback interface [7:20949]
In a message dated 9/24/01 7:15:36 PM Central Daylight Time, [EMAIL PROTECTED] writes: Subj: Loopback interface [7:20949] Date: 9/24/01 7:15:36 PM Central Daylight Time From: [EMAIL PROTECTED] (Albert Y. Pak) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Albert Y. Pak) To:[EMAIL PROTECTED] 8000 MB Hi all, What is the default speed of a loopback interface on a Cisco router? Thanks, Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20951t=20949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
which layer do the ospf bgp rip work on [7:20953]
which layer do the routing protocol such as ospf rip bgp eigrp work on? sb said that they are on application, others on network what is the right answer?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20953t=20953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback interface [7:20949]
Ah, cool, thanks! Actually, I just found out the answer myself as well. Loopback0 is up, line protocol is up Hardware is Loopback Internet address is 10.1.11.6/32 MTU 1514 bytes, BW 800 Kbit, DLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Thanks again. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 24, 2001 9:46 PM To: [EMAIL PROTECTED] Subject: Re: Loopback interface [7:20949] In a message dated 9/24/01 7:15:36 PM Central Daylight Time, [EMAIL PROTECTED] writes: Subj: Loopback interface [7:20949] Date: 9/24/01 7:15:36 PM Central Daylight Time From: [EMAIL PROTECTED] (Albert Y. Pak) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Albert Y. Pak) To:[EMAIL PROTECTED] 8000 MB Hi all, What is the default speed of a loopback interface on a Cisco router? Thanks, Albert [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20952t=20949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Aironet vs Lucent ORiNOCO [7:20954]
Hello Folks, Any one got idea about above comparison? Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20954t=20954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certifications for Sale ? [7:20747]
In India I think the same is now really tken care since the company who are employing people are very professional, Somehow Pakistan is coming as major problem everywhere ! Whether it's politics or technology, they are beating in cheatings. bproud proud wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have heard .. like if u pay Rs.500.00 ($12.00) to an agent.. u can walk away with a Driver's license in India and Pak. --- sam adams wrote: Even if IDs are checked, how reliable are the ids in pakistan and india? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Sent: Monday, September 24, 2001 12:03 AM To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] ya it is very dependant on the person i suppose... i wont get into my prometric-phone trouble... but att one of the testing sites, i told the secretary i was there. So she went to setup the test. 45 minutes later she still isnt back i suspect something is wrong :P so she comes back finaly oh sorry, i set up the exam and went off, i forgot you were here not to mention she didnt ask for id... chimps are getting smart these days i hear? not to mention a chimp on rollerblades saying goodbye will give you something to laugh about if you fail the exam :) Hi, It would seem the ID bit is largely dependent on the person running the test site. I have always had to provide evidence of who I am. I have even been known to the person in the test site but still had to provide the evidence so it could be ticked off as sighted. [EMAIL PROTECTED] http://travel.yahoo.com.au - Yahoo! Travel - Got Itchy feet? Get inspired! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20955t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Aironet vs Lucent ORiNOCO [7:20954]
Steiven, I've been looking at the Avaya/Lucent product vs. Cisco too. There was a review done in Mobile Computing August 2001 issue. For what it's worth they liked the Cisco. I know for a fact that the Avaya product is what one of the local vendors is rolling out. I've spoken with the local Avaya reps and they are pretty confident about thier product. Avaya will tell you that they are better on the battery life then Others but looking at the review in mobile computing that's seems to stem from a lower send/receive power and I would think that that also lends to a shorter range than Cisco. In short both appear to be good enterprise products. You can also get third party billing packages that work with the Avaya line. This is a big selling point on the Cisco web site that makes you think that no one else has it. Regards, Glenn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20956t=20954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Certifications for Sale ? [7:20747]
Please stop this topic and start discussin cisco technology which is what we are here for and not how india and pakistan have test centres -Original Message- From: MJ [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 September 2001 6:43 p.m. To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] In India I think the same is now really tken care since the company who are employing people are very professional, Somehow Pakistan is coming as major problem everywhere ! Whether it's politics or technology, they are beating in cheatings. bproud proud wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have heard .. like if u pay Rs.500.00 ($12.00) to an agent.. u can walk away with a Driver's license in India and Pak. --- sam adams wrote: Even if IDs are checked, how reliable are the ids in pakistan and india? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Sent: Monday, September 24, 2001 12:03 AM To: [EMAIL PROTECTED] Subject: Re: Cisco Certifications for Sale ? [7:20747] ya it is very dependant on the person i suppose... i wont get into my prometric-phone trouble... but att one of the testing sites, i told the secretary i was there. So she went to setup the test. 45 minutes later she still isnt back i suspect something is wrong :P so she comes back finaly oh sorry, i set up the exam and went off, i forgot you were here not to mention she didnt ask for id... chimps are getting smart these days i hear? not to mention a chimp on rollerblades saying goodbye will give you something to laugh about if you fail the exam :) Hi, It would seem the ID bit is largely dependent on the person running the test site. I have always had to provide evidence of who I am. I have even been known to the person in the test site but still had to provide the evidence so it could be ticked off as sighted. [EMAIL PROTECTED] http://travel.yahoo.com.au - Yahoo! Travel - Got Itchy feet? Get inspired! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20957t=20747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which layer do the ospf bgp rip work on [7:20953]
Network layer. Routing is a fundamental component of the network layer. At 10:14 PM 9/24/01, lhill peng wrote: which layer do the routing protocol such as ospf rip bgp eigrp work on? sb said that they are on application, others on network what is the right answer?? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20958t=20953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: seraching for tacacs server [7:20872]
Alex, In order to be a successful Network Engineer, one can NOT avoid Unix/Linux because sooner and later you will have to confront it at some point. I am NOT against windows; however, I think windows platforms are much more suited for small/medium size corporation. When it comes to the big boys (i.e. ISP, carriers, etc...), I think that everyone will agree with me that Solaris (not too much experience in this area even though I have a Sparc 2 with 300Mhz CPU and 1GB of RAM to play with), FreeBSD, OpenBSD, NetBSD and Linux will rule. The other problem I have with windows (primarily WinNT and Win2K) platform has to do with stability. My linux server (running both Caldera and Redhat with kernel 2.4.9) is rock solid. I've never had to reboot once (with the exception that I just upgrade the kernel recently). All these Linux boxes are running on Intel platforms (Intel 200 MHZ processor with 64MB of RAM). At my ISP, with 8 different sites, we deploy 16 of these boxes. Because they are running Linux and TACACS freeware, the cost is essentially zero (excluding the one time setup cost). All these boxes are connected in a daisy chain. We make configuration changes at the master boxes and then propagrate those changes to other Linux boxes via scp (secure copy). Routers and switches at each location will have the primary TACACS server at its local site and the secondary TACACS point to another location for redundancy. I've had limited experiences with Cisco ACS and it may be a good product but I would like to point out some of Cisco ACS (windows version) short commings: 1) The ACS administration is managed via http (bad idea, everything is clear-text), 2) For ISP and big carriers, the software is not scalable, 3) The password database can be cracked. Now if you tied it into WinNT domain, that is another matter; however, it is not as strong as MD5 readily available on most Unix platforms, In addition to those short comings listed above, if you are going to install on WinNT platform, the cost will be in term of hardware (at least 300MHZ CPU, 128MB RAM), software (Windows NT Server or Win2K Server which Microsoft charges an arm and leg for) and last but not least, the Cisco ACS itself which I think goes for 6K each. Add everything, it will cost around 10K for each box. We are talking about 160K here (in my situation). The cost will go even higher if you start adding all the utilities that comes with to protect your windows platforms servers. On the other hand, Linux, NetBSD, OpenBSD and FreeBSD platforms are essentially free and require minimum hardware to run on. Furthermore, all the utilities that come with the Nixes are free (ie. OpenSSH, Webmin, OpenSSL, you name it). Files transfer between these boxes are secure with scp. I guess the point I am trying to say here is that it is NOT difficult to learn Unix/Linux. Furthermore, installing TACACS on unix platforms is not difficult either. You either learn it now or you are going to miss out on a lot of opportunities in your career. One more thing, when you install an application on Unix platforms, most of the time, due to CLI, you can see what the software is doing to the system. Since the TACACS server is an important device on the network, you don't want it to get compromise by hackers, do you? I wish I can say the same thing about point-and-click windows. From: Alex Lee To: \Sean Young\ Subject: Re: seraching for tacacs server [7:20872] Date: Mon, 24 Sep 2001 21:42:16 -0400 Hi Sean, This is Alex Lee. I have been trying to learn how to run TACACS on Linux. I have successfully installed Mandrake on a PC and learnt some Linux commands. Had to put it on back-burner because learning by oneself took too much time. If one day you decide to organize a class for those of us 'Windows click-and-drag' type. Please do let me know :) - Original Message - From: Sean Young Newsgroups: groupstudy.cisco Sent: Monday, September 24, 2001 5:36 PM Subject: Re: seraching for tacacs server [7:20872] michael, why don't you contact me privately and I will show you how it can be done. I am NOT an expert with TACACS with I have done enough in the last 12 months that I think I am quite good with it. I work for an ISP and basically we have to manage about 400 routers and switches. Since there are about 80 people who actually have to get their hands on the routers everyday, there has to be a way to keep track of who is doing what to the routers and switches. We develop TACACS in house from the freeware source code at cisco. This TACACs server is running on Linux platform and it performs beatifully. This TACACS server has the capability to give each and every individual users both his/her EXEC password as well as the Privilege level-15 password. This TACACS server is also capable of AAA accounting of every users and every commands that users perform to the routers. In other words, everything is logged. I also develop a
RE: which layer do the ospf bgp rip work on [7:20953]
I dont agree cos BGP uses TCP for sending route updates and TCP is at transport layer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 September 2001 7:27 p.m. To: [EMAIL PROTECTED] Subject: Re: which layer do the ospf bgp rip work on [7:20953] Network layer. Routing is a fundamental component of the network layer. At 10:14 PM 9/24/01, lhill peng wrote: which layer do the routing protocol such as ospf rip bgp eigrp work on? sb said that they are on application, others on network what is the right answer?? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20960t=20953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tftp server crashes when uploading new image [7:20961]
I am trying to upgrade my 3640 router from 11.1 to 12.5 when I try yo TFTP I get a app error the instruction at 0x006e6900 referenced memory at 0x006e6900 the memory could not be read click ok to terminate the program. I have used the same file and TFTP server to upgrade our other 3640 router the only difference is that this router is running BGP anyone know how to get around this ? current version is 11.1 Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20961t=20961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redistribution with IGRP/EIGRP and RIP - unexplained (longish) [7:20962]
All, I was looking into a test scenario with a co-worker and we stumbled upon something very interested as it applies to the routing theory and redistribution of IGRP/EIGRP and RIP. This is the basic setup (hopefully the ASCII art makes it..) 172.16.10.32/27 172.16.10.64/27 172.16.10.1/27|R1(e0)---(e0)R2(e1)--- (e0)R3| 172.16.10.96/27 The R1-- R2 link has IGRP(300) and R2--R3 link has EIGRP(300). On R2 I add 2 loopbacks on the following networks 10.0.0.0/8, 170.10.0.0/16, and 192.168.10.0/24. These 3 loopbacks are then added to a RIP process on R2. The RIP process is then redistributed to into the EIGRP process on R2 as follows; router eigrp 300 redistribute rip network 172.16.0.0 no eigrp log-neighbor-changes ! router rip network 10.0.0.0 network 170.10.0.0 network 192.168.10.0 ! router igrp 300 redistribute rip network 172.16.0.0 Now notice on redistribution of RIP into the EIGRP I did not use any metrics nor did I make use of the default-metric command. As expected none of the RIP networks show up on R3. However when I added the redistribute rip to the IGRP process the routes showed up on R1. So now my question is How come?. I looked at the default-metric command and everything says that metrics/or the default-metric command to inform IGRP/EIGRP on how to handle the routes received from protocols like RIP, OSPF and ISIS. I've only tested this with RIP and will conduct further testing to see if the other protocols I mentioned behaves the same. The only thing I could find that could possibly explain what I'm seeing is referenced by this link... (watch the wrap) http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/ iprprt2/1rdeigrp.htm#xtocid189574 The interesting text is as follows.. Defaults: Only connected routes and interface static routes can be redistributed without a default metric Usage Guidelines A default metric is required to redistribute a protocol into IGRP or Enhanced IGRP, unless you use the redistribute command. Automatic metric translations occur between IGRP and Enhanced IGRP. You do not need default metrics to redistributed IGRP or Enhanced IGRP into itself. The question I have is why does it work for IGRP and not EIGRP? Ok.. here's a debug on R2.. 3d09h: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.10.34) 3d09h: subnet 172.16.10.96, metric=1600 3d09h: subnet 172.16.10.64, metric=1100 3d09h: network 170.10.0.0, metric=501 3d09h: network 192.168.10.0, metric=501 3d09h: network 10.0.0.0, metric=501 3d09h: IGRP: Update contains 2 interior, 3 system, and 0 exterior routes. 3d09h: IGRP: Total routes in update: 5 Ok, so as we know RIP and IGRP both use broadcast to update neighboring routers of route information whereas EIGRP and OSPF use multicast. I can see that it is possible for IGRP to hear this route information. This still doesn't answer my first question... How does IGRP know what metrics to apply to the RIP routes without being told. Anyone care to shed some light on my otherwise dark mind. Is this expected behavior? Nigel. P.S Debbie you found anything... ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20962t=20962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which layer do the ospf bgp rip work on [7:20953]
Raina, Priscilla is right. This would be one of those questions that are answered based on how the question is interpreted. Yes, you are right because BGP does use TCP(179), OSPF IP(89) and so on.. However, the question says which layer does ospf, bgp, and rip work on? The answer is layer 3, Network layer(routing). The protocol implementation in which they use TCP(179), IP(89), and UDP(520) would apply to the various mechanisms used to build, share, and gather the route/network information required to perform the one task they all have in common. Routing. HTH Nigel.. - Original Message - From: Tribavan Raina To: Sent: Tuesday, September 25, 2001 12:11 AM Subject: RE: which layer do the ospf bgp rip work on [7:20953] I dont agree cos BGP uses TCP for sending route updates and TCP is at transport layer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 September 2001 7:27 p.m. To: [EMAIL PROTECTED] Subject: Re: which layer do the ospf bgp rip work on [7:20953] Network layer. Routing is a fundamental component of the network layer. At 10:14 PM 9/24/01, lhill peng wrote: which layer do the routing protocol such as ospf rip bgp eigrp work on? sb said that they are on application, others on network what is the right answer?? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20963t=20953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]