Re: over 1700 passing ccie written every month [7:23680]
""Brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Woah, all I was saying was that there are some scum out there that will pass > the written and claim to be CCIE. Oh, OK. Good, we're on the same page. I have also seen situations where guys are more subtle about it, and say that they "have passed the CCIE exam", implying that they are fully-fledged CCIE's, when what they actually passed was the written exam. So what they said is not technically a lie, but rather a tricky Clinton-esque parsing of words (i.e. "I was not having sexual relations with her, she was having sexual relations with me").And of course, it leaves them with a nice 'exit strategy', because their CCIE claim is implied, but never explicitly stated, so if they are later challenged, they just say that they never said that they were full CCIE's, and they must have been misunderstood. So what I see is that there is just too much opportunity for confusion and fraud. and the best thing to do is just not to make any mention of a CCIE-written. Either you're a CCIE or you're not, and any attempts to try to come up with a "quasi-CCIE" status just opens the door to all kinds of confusion and fraud.Now of course some of you might counter by saying that fraudsters will just find another way, but hey, anything you can do to make fraud harder is good. Some crime will always exist in society, but that doesn't mean you should stop trying to fight it. > Bri > > - Original Message - > From: "nrf" > To: > Sent: Sunday, October 21, 2001 7:35 PM > Subject: Re: over 1700 passing ccie written every month [7:23680] > > > > ""Brian Whalen"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > If I put in the effort to pass the written, I'd have no problem telling > > > people that in an interview. From the employer's perspective, if a > > > candidate says I'm a CCIE, its up to the employer to ask him/her to > prove > > > it. > > > > Well, to me, it's all a matter of misrepresentation and fraud. Saying > that > > you passed the written is one thing. There's nothing wrong with that. > But > > listing such an accomplishment as a cert is something else. The fact is, > > the written is not a cert, and people who try to claim that it is are > > entering into a hazy ethical area. > > > > And, I'm sorry, but I must say that I do not agree with your last > sentence. > > I don't want to start a flame war, and yes, I concur that employers should > > most definitely check out their candidates. But if I read you correctly, > > you are implying that if a candidate claims to be a CCIE (but is actually > > not), then it is completely the employer's responsibilities to check that > > claim out, and the candidate has no culpability in the matter. > > > > Now, I'm not sure that's what you meant, but if it is, then why stop > there? > > To continue that logic, then it should be perfectly acceptable for > > candidates to lie about their college degrees and their work experience > too. > > Why not? In fact, why doesn't every job candidate just hand in a resume > of > > complete fiction? > > > > Now you might respond that any employer that just accepts the claims of a > > candidate without checking them out is basically asking to be screwed > over. > > Yes, of course that is true. But on the other hand, to only blame the > > employer is really a case of blaming the victim. Yes, that employer is > > stupid. But that's not to say that the lying candidate bears no > > responsibility in the matter. > > > > So the way I see it is, it all becomes a slippery slope - a question of > > 'where do you draw the line?'. If you choose to misrepresent yourself in > > one part of your resume to get a job, then why not misrepresent yourself > in > > every area? To me, it's pretty black-and-white. Either your resume is > the > > truth, or it isn't. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23753&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
Woah, all I was saying was that there are some scum out there that will pass the written and claim to be CCIE. Bri - Original Message - From: "nrf" To: Sent: Sunday, October 21, 2001 7:35 PM Subject: Re: over 1700 passing ccie written every month [7:23680] > ""Brian Whalen"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > If I put in the effort to pass the written, I'd have no problem telling > > people that in an interview. From the employer's perspective, if a > > candidate says I'm a CCIE, its up to the employer to ask him/her to prove > > it. > > Well, to me, it's all a matter of misrepresentation and fraud. Saying that > you passed the written is one thing. There's nothing wrong with that. But > listing such an accomplishment as a cert is something else. The fact is, > the written is not a cert, and people who try to claim that it is are > entering into a hazy ethical area. > > And, I'm sorry, but I must say that I do not agree with your last sentence. > I don't want to start a flame war, and yes, I concur that employers should > most definitely check out their candidates. But if I read you correctly, > you are implying that if a candidate claims to be a CCIE (but is actually > not), then it is completely the employer's responsibilities to check that > claim out, and the candidate has no culpability in the matter. > > Now, I'm not sure that's what you meant, but if it is, then why stop there? > To continue that logic, then it should be perfectly acceptable for > candidates to lie about their college degrees and their work experience too. > Why not? In fact, why doesn't every job candidate just hand in a resume of > complete fiction? > > Now you might respond that any employer that just accepts the claims of a > candidate without checking them out is basically asking to be screwed over. > Yes, of course that is true. But on the other hand, to only blame the > employer is really a case of blaming the victim. Yes, that employer is > stupid. But that's not to say that the lying candidate bears no > responsibility in the matter. > > So the way I see it is, it all becomes a slippery slope - a question of > 'where do you draw the line?'. If you choose to misrepresent yourself in > one part of your resume to get a job, then why not misrepresent yourself in > every area? To me, it's pretty black-and-white. Either your resume is the > truth, or it isn't. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23751&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
memory issue on pre rev 1.6 cat5 sup [7:23752]
I remember reading an older post here about a certain memory issue on older supI cards with hardware revision 1.6 or older. Something about needing a special HC or something dram upgrade. I found the article on CCO specifying the problem. Does anyone know where I can get this special memory? Thanks,Marcus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23752&t=23752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Tunnel on different port? [7:23750]
Hi, I'm trying to figure out if it's possible to create some sort of IP tunnel on a port of my choice. My problem is that I'm behind a firewall beyond my administration and I want to create a connection between my homesite and my protected lab environment inside the FW. The firewall is open only for ftp & http so i'd like to create the tunnel using for example TCP 21. Is this possible? Thanks Johan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23750&t=23750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Intervlan Connectivity is not working? [7:23744]
Comments in line. Washington Rico wrote: > Cisco People I need you help... > > I would appreciate any help. I have a 6500Cat running Redundant Supervisor > engines and two MSFC installed one on each supervisor engine. > * > Mod Slot Ports Module-Type Model Sub Status > --- - - --- --- > 1 12 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok > 15 11 Multilayer Switch Feature WS-F6K-MSFC2no ok > 2 22 1000BaseX Supervisor WS-X6K-SUP2-2GE yes standby > 16 21 Multilayer Switch Feature WS-F6K-MSFC2no ok > 3 38 1000BaseX EthernetWS-X6408A-GBIC no ok > 4 48 1000BaseX EthernetWS-X6408A-GBIC no ok > 6 64810/100BaseTX Ethernet WS-X6348-RJ-45 no ok > 7 74810/100BaseTX Ethernet WS-X6348-RJ-45 no ok > 8 84810/100BaseTX Ethernet WS-X6348-RJ-45 no ok > 9 94810/100BaseTX Ethernet WS-X6348-RJ-45 no ok > * > > I created one vlan (Vlan 20) and I want to use HSRP across the MSFC so the > clients can have a steady Gateway. > > Default vlan 1 works fine, I can ping accross to the other MSFC. But > Vlan20 the one I created on the switch does give me connectivity accoss > MFSC. I assume here you really mean "does NOT give me connectivity.." , right? Did it work before you added HSRP commands? Try removing the HSRP config and just work on simple connectivity from router to router (MSFC to MSFC) on Vlan 20. > > MSFC#1 > interface Vlan20 > ip address 10.224.173.3 255.255.255.0 > no ip redirects > ip route-cache flow > standby priority 80 preempt > standby authentication > standby ip 10.224.173.1 > MSFC#2 > interface Vlan20 > mac-address 0012.3456.7891 > ip address 10.224.173.2 255.255.255.0 > no ip redirects > ip route-cache flow > standby priority 90 preempt > standby authentication > standby ip 10.224.173.1 Don't omit the group number, although the documentation says it is optional. I have had the experience where omitting it causes problems in some versions of IOS. Also, if you go to a multi-HSRP config it makes things clearer. standby 1 priority 90 preempt standby 1 ip 10.224.173.1 Remove the authentication until you get HSRP working - it's another unneeded variable at this stage. Take a look at the output of the "show standby" command. Look at your routing table - "show ip route". Look at your ARP cache - "show arp". > > > Test-6500-MSFC2#ping 10.224.173.1 Looks like you are pinging the HSRP virtual IP address from one of the MSFC routers. Well, this ought to work but you really should be doing your pinging from a workstation plugged into Vlan 20, which is what HSRP is meant for Back up a step and find out if the problem is with IP connectivity or with the HSRP config. Can you ping the real IP address from each MSFC? That is, can you ping MSFC2 (10.224.173.2) from MSFC1? > > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 10.224.173.1, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > Test-6500-MSFC2# > -- > ** > On the switch trunks shows this... > > Test-6500> (enable) show trunk > * - indicates vtp domain mismatch > Port Mode Encapsulation StatusNative vlan > --- - --- > 15/1 nonegotiate isltrunking 1 > 16/1 nonegotiate isltrunking 1 > > Port Vlans allowed on trunk > > - > 15/1 1-1005,1025-4094 > 16/1 1-1005,1025-4094 > > Port Vlans allowed and active in management domain > > - > 15/1 1 (enable) > > ** > Show Vlan > VLAN Name StatusIfIndex Mod/Ports, Vlans > - --- > > 1default active199 1/1-2 > 2/1-2 > 20 TEST-VLANactive208 > 30 VLAN30 active207 > 999 Dead-Vlanactive225 3/1-8 > 4/1-8 > 6/1-48 > 7/1-48 > 8/1-48 > 9/1-48 > 1002 fddi-default active200 > 1003 token-ring-default active203 > 1004 fddinet-default active201 > 1005 trnet-defaultactive202 > ***
Re: CAT 2948G (L2) vs. CAT3548-XL [7:23563]
>From the data connectivity, they both are the same (2948 or 3548). You use the Gig uplink to interconnect between the switches. Cluster technology (3548) is only used for the management of the switches (You can define one IP address to the whole cluster (spanning multiple switches) in case of the 3548. In case of 2948 , you will have to define one ip address per switch.) As far as end of life, I have not heard anything on the 2948G. The one that reaches end of life is the 2900XL fixed configuration. This one is totally different from the 2948G. Cheers, TD ""Thomas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes, 3524-PWR support in-line power for IP phone; but it is the only model > with in-line power. > > For 3500XL and 2900XL, they run on IOS, which is similar to that on routers. > They also have QoS features for VoIP, etc... I wonder if I can implement > these QoS features on CATOS of 2948G for VoIP? > > 2948G doesn't support cluster; but with the 2 Giga uplink ports, should I be > able to stack them together just like 3548s? > > Does 2948G become "End of Life" or "End of Support" soon? > > Thanks! > > > ""td"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > I have bought them both and their is fine line between them. The 2948G is > a > > CAT based os where is the 3548XL is an IOS based. > > This is how I use them: > > 1. For the closet: I used the 3548/3524xl and cascading them together > > 2. For small, medium servers I used the 2948G (DMZ ...) > > 3. For server farm I used 6509 > > > > Personnaly, I like the 2948G better. The only reason the I used 3548 > > because it is cascadable and can be managed as a cluster. But it turns out > > it has its own complexity when you need to replace a bad one in the chain. > > Another thing on the 3548G is that eventhough it supports more than 200 > > vlans; this is only in the case of transparent configuration. If you do > > client/server, it support upto 64 VLANs then It will switch to transparent > > if more VLAN is defined. The 35xx however, has a model that support > inline > > power for IP phone if you ever have a need for it. I think the model is > > 35xx-pwr > > > > With the new 2980G, it looks more and more attractive for the CAT based > > system. I 'm seriouly looking at the 2980G currently. Note that the 2948 > > and 2980G use the chipset of the 4000 series switches. > > > > Hope this help. > > Cheers, > > TD > > > > ""Thomas"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi All, > > > > > > I saw an ads with Cisco CAT 2948G Layer 2 switch that has a price almost > > the > > > same as the Cisco CAT 3548-EN-XL. Based on the discription, It seems > that > > > the 2948G running CATOS, while 3548s running IOS. Also, 2948G has a > > better > > > speed of up to 24Gbps whereas the 3548s only up to 10.8Gbps. Assuming > > they > > > both are at the same price, which should I choose? I am also considering > > the > > > QoS on the switch to support VoIP. Does 2948G support the same features > > as > > > 3548XL as well? We are using many of 3548s at the HQ and like to buy > > Cisco > > > CAT for remote offices. Also, Is 2948G in "End of Life" or "End of > > > Support"? Cisco just came out a new 2980G that is same as 2948G but has > > 80 > > > 10/100 ports. > > > > > > Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23748&t=23563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ECP2 class [7:23747]
Hello guys, did anyone has a chance to take the ECP2 mentor tech class? Regards Zape _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23747&t=23747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
Uh, what exactly is the JCIE? ""Wojtek Zlobicki"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Soon we will see > > John Doe > Studying for CCNA,CCNP,CCIE,JCIE,MSCE(ALL),NET+,CNE > > > Of course "CCIE Written" isn't a certification, no matter how many people > > put it after their name. > > > > > > ""Hello Hello"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > ccie r catching up with ...mcse now > > > > > > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] > > xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23746&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
Soon we will see John Doe Studying for CCNA,CCNP,CCIE,JCIE,MSCE(ALL),NET+,CNE > Of course "CCIE Written" isn't a certification, no matter how many people > put it after their name. > > > ""Hello Hello"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > ccie r catching up with ...mcse now > > > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] > xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23745&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Intervlan Connectivity is not working? [7:23744]
Cisco People I need you help... I would appreciate any help. I have a 6500Cat running Redundant Supervisor engines and two MSFC installed one on each supervisor engine. * Mod Slot Ports Module-Type Model Sub Status --- - - --- --- 1 12 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok 15 11 Multilayer Switch Feature WS-F6K-MSFC2no ok 2 22 1000BaseX Supervisor WS-X6K-SUP2-2GE yes standby 16 21 Multilayer Switch Feature WS-F6K-MSFC2no ok 3 38 1000BaseX EthernetWS-X6408A-GBIC no ok 4 48 1000BaseX EthernetWS-X6408A-GBIC no ok 6 64810/100BaseTX Ethernet WS-X6348-RJ-45 no ok 7 74810/100BaseTX Ethernet WS-X6348-RJ-45 no ok 8 84810/100BaseTX Ethernet WS-X6348-RJ-45 no ok 9 94810/100BaseTX Ethernet WS-X6348-RJ-45 no ok * I created one vlan (Vlan 20) and I want to use HSRP across the MSFC so the clients can have a steady Gateway. Default vlan 1 works fine, I can ping accross to the other MSFC. But Vlan20 the one I created on the switch does give me connectivity accoss MFSC. MSFC#1 interface Vlan20 ip address 10.224.173.3 255.255.255.0 no ip redirects ip route-cache flow standby priority 80 preempt standby authentication standby ip 10.224.173.1 MSFC#2 interface Vlan20 mac-address 0012.3456.7891 ip address 10.224.173.2 255.255.255.0 no ip redirects ip route-cache flow standby priority 90 preempt standby authentication standby ip 10.224.173.1 Test-6500-MSFC2#ping 10.224.173.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.224.173.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Test-6500-MSFC2# -- ** On the switch trunks shows this... Test-6500> (enable) show trunk * - indicates vtp domain mismatch Port Mode Encapsulation StatusNative vlan --- - --- 15/1 nonegotiate isltrunking 1 16/1 nonegotiate isltrunking 1 Port Vlans allowed on trunk - 15/1 1-1005,1025-4094 16/1 1-1005,1025-4094 Port Vlans allowed and active in management domain - 15/1 1 (enable) ** Show Vlan VLAN Name StatusIfIndex Mod/Ports, Vlans - --- 1default active199 1/1-2 2/1-2 20 TEST-VLANactive208 30 VLAN30 active207 999 Dead-Vlanactive225 3/1-8 4/1-8 6/1-48 7/1-48 8/1-48 9/1-48 1002 fddi-default active200 1003 token-ring-default active203 1004 fddinet-default active201 1005 trnet-defaultactive202 *** Question 1.- Why isn't vlan 20 and 30 and 999 in the Management domain? (Above Show trunk command) Question 2.- Becuase Vlan 20 and 30 aren't in the Management domain, Is this the reason why I am getting no Msfc connectivity for those Vlans.. Sorry for the long letter, appreciate any info you have.. Regards, Eric _ かわ & 使えるブラウザで、インターネット生活もっと楽しくなる! http://explorer.msn.co.jp/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23744&t=23744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23860]
> It's fine to have a healthy opinion of Cisco vs Microsoft accreditations but > I do think you are severely underestimating the new Microsoft exams. The new Microsoft exams are a joke. They do NOT test your knowledge on Microsoft products. They're absolutely terrible tests IMO. Certainly they don't test your ability to do anything constructive, and certainly don't compare to Cisco exams much less the IE lab for how much they actually test useful knowledge. Kind Regards, Tim Booth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23743&t=23860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
Of course "CCIE Written" isn't a certification, no matter how many people put it after their name. ""Hello Hello"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ccie r catching up with ...mcse now > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23741&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Study Materials for Sale [7:23597]
I would like to purchase the ECP-1 and 2 materials. WHat's your price? ""zommytamer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have the following Cisco Certification courses, vlabs, and books for sale. > Please respond to [EMAIL PROTECTED] to negotiate price and make purchase > arrangements. 1st come first served. > > > > Courses through Mentor Technologies: > > ECP-1 and ECP-2 > > > > VLabs through Mentor Labs > > http://www.mentorlabs.com/vlab/access > > 2100. Implementing MD5 Authentication in OSPF > 3040. Inside of IS-IS IP Routing > 3410. Build your own voice lab with three Cisco MC3810 multiservice routers > (concentrators). > 3070. RIP to EIGRP Migration > 3080. ISDN with EIGRP Configuration > 4030. BGP Transit AS with OSPF, IGRP, and RIP Redistribution > 4040. BGP Policy Routing: Internet Connection with Two ISPs Lab > 4060. ECP 1 : Interconnecting IGP Environments Across Frame Relay Networks > 3140. Troubleshooting OSPF and RIP Across a Frame Relay Network > 4090. IRB with OSPF and LAT Translation over Frame-Relay > 2225. X.25 to TCP Translation with ISDN access. > 3606. Configuring a Dedicated VPN Using a Tunnel and Data Encryption. > 3619. Advanced BGP Configuration. > 4141. CCIE Preparation Lab - Advanced Multiprotocol Routing > 3643. BSCN: Multihome BGP (lab 9) > > > > Cisco Press Books: > > Internetworking Technologies Handbook -2nd edition > > Designing Campus Networks > > Internet Routing Architectures -1st edition > > Cisco IOS 12.0 Network Security > > Routing TCPIP -vol1 > > Routing TCPIP -vol2 > > Interconnecting Cisco Network Devices > > Cisco CCIE Fundamentals Network Design and Case Studies > > Integrating Voice and Data Networks > > Cisco Internetwork Troubleshooting > > Building Scaleable Cisco Networks > > Advanced Cisco Router Configuration > > Cisco LAN Switching > > Enhanced IP Services for Cisco Networks > > Top Down Network Design > > Cisco Internetwork Design > > Introduction to Cisco Router Configuration > > Internetworking Troubleshooting Handbook > > Cisco BGP-4 Command and Configuration Handbook > > > > MCGRAW HILL BOOKS: > > Cisco CCIE Lab Study Guide-2nd edition > > All in One CCIE Lab Practice Kit > > Cisco Certification (Bridges, Routers, and Switches for Cisco) > > Advanced IP Routing in Cisco Networks > > Cisco TCPIP Routing Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23742&t=23597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
Old news (10 Oct) and I'll still give that fiver if you make MCSE in 6 weeks. And I'm not pleased with that decision because I did the 7 W2K exams including 2 design exams and I got my Gold card because as a contractor I thought it important to keep current. (even though I'm running XP right now waiting for the .NET stuff) But 5 exams at 2 weeks an exam is still 10 weeks. Now you have not mentioned how many Microsoft exams you have sat so I don't know where you're coming from. But just one W2K design exam (you need at least one) will sober you up. My point is - until you've done them you're pretty cocky to downplay them. It's always easy to make statements about how easy something is ( or allude to it with 6 weeks to complete the entire track ) but quite another to show the initials. Show me the initials. Kevin Wigle CCDP CCNP CSE MCSE (2000, 4.0, 3.51) CBE CBI see . I put the Cisco ones first! I am a Cisco bigot but I respect other certs out there too - Original Message - From: "nrf" To: Sent: Sunday, 21 October, 2001 22:36 Subject: Re: over 1700 passing ccie written every month [7:23680] > ""Kevin Wigle"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > and two penneth won't get you a MCSE 2000 in 6 weeks. I'll raise that to > a > > fiver if you can. > > > > I recently undertook and completed MCSE 2000, this after having MCSE 4.0 > and > > 3.51 which is to say that I've been "aware" of Microsoft products for some > > time. > > > > I took 7 exams because I didn't want to try and sit the 4 hour make up > exam > > even though I qualified to take it. > > > I see that Microsoft has (again) changed its W2k mcse policies. Now the old > NT4 electives now count as w2k electives. Which means that you could have > gotten by with only 5 exams (and carried 2 of your older electives from > NT4). You can see it here, and see how W2k is now accepting things like > IIS4 and TCP/IP: > http://www.microsoft.com/trainingandservices/default.asp?PageID=mcp&PageCall > =requirements&SubSite=cert/mcse&AnnMenu=mcse > > It's nice that Microsoft has made the W2k exams, especially the design > exams, harder. But that doesn't do a whole lot of good if people don't have > to go through a lot of those w2k exams. Consider this. Somebody who is > already NT4 certified could get the 2k MCSE with only two more exams - that > accelerated make-up exam, and one design exam. That's really not that many. > > > > > > > One week studying from books, one week to do Transcender for each exam > > translates into 14 weeks. > > > > However, everyone thinks I was nuts and I didn't have a life in those 14 > > weeks, every night and weekend was studying. > > > > I have enough Cisco initials to be "aware" of the Cisco curriculum and I > > would be among those who would say that there is no comparing MCSE to CCNP > > (or CCDP). > > > > But, the new W2K exams are not like the old NT exams. The "Design" exams > > though not really testing putting circuits together are still long hard > > tests that challenge your ability to see the issues and determine an > > appropriate solution based on the given requirements and conditions. > > > > All this to say - if you pass MCSE 2000 in 6 weeks (with odd breaks in > > between) with no previous Microsoft exams behind you - you will > accomplish > > something that few if any others have that's why out of 400,000 plus MCSEs > > worldwide, only 47,000 have re-qualified to date. I suggest you visit > > http://www.examcram.com and read the exam reviews by Orin. (especially > 216) > > > > It's fine to have a healthy opinion of Cisco vs Microsoft accreditations > but > > I do think you are severely underestimating the new Microsoft exams. > > > > Kevin Wigle > > > > - Original Message - > > From: "Gareth Hinton" > > To: > > Sent: Sunday, 21 October, 2001 12:42 > > Subject: Re: over 1700 passing ccie written every month [7:23680] > > > > > > > "ccie r catching up with ...mcse now" > > > > > > > > > That's a bit of a wild inaccurate statement. > > > > > > I reckon after doing my CCNP it wouldn't take too long to get past the > > CCIE > > > written with 4 to 6 weeks good study. > > > I reckon the CCIE Lab could take me a year or more of hard work to get > > > anywhere near it, if ever. > > > I am looking at the doing the MCSE to broaden the knowledge a little. > > > Looking through the syllabus I am looking at around 6 weeks of study > with > > > odd breaks in between. > > > > > > MCSE and CCIE will never be comparable. > > > It amuses me when people do compare them. > > > I think "CCIE written" is a little misleading - As far as I'm concerned > > its > > > a fairly testing written exam to stop time wasters taking what is the > real > > > CCIE exam - The LAB. > > > > > > > > > My two penneth... > > > > > > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23740&t=23680 -- FAQ, l
Re: over 1700 passing ccie written every month [7:23680]
""Kevin Wigle"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > and two penneth won't get you a MCSE 2000 in 6 weeks. I'll raise that to a > fiver if you can. > > I recently undertook and completed MCSE 2000, this after having MCSE 4.0 and > 3.51 which is to say that I've been "aware" of Microsoft products for some > time. > > I took 7 exams because I didn't want to try and sit the 4 hour make up exam > even though I qualified to take it. I see that Microsoft has (again) changed its W2k mcse policies. Now the old NT4 electives now count as w2k electives. Which means that you could have gotten by with only 5 exams (and carried 2 of your older electives from NT4). You can see it here, and see how W2k is now accepting things like IIS4 and TCP/IP: http://www.microsoft.com/trainingandservices/default.asp?PageID=mcp&PageCall =requirements&SubSite=cert/mcse&AnnMenu=mcse It's nice that Microsoft has made the W2k exams, especially the design exams, harder. But that doesn't do a whole lot of good if people don't have to go through a lot of those w2k exams. Consider this. Somebody who is already NT4 certified could get the 2k MCSE with only two more exams - that accelerated make-up exam, and one design exam. That's really not that many. > > One week studying from books, one week to do Transcender for each exam > translates into 14 weeks. > > However, everyone thinks I was nuts and I didn't have a life in those 14 > weeks, every night and weekend was studying. > > I have enough Cisco initials to be "aware" of the Cisco curriculum and I > would be among those who would say that there is no comparing MCSE to CCNP > (or CCDP). > > But, the new W2K exams are not like the old NT exams. The "Design" exams > though not really testing putting circuits together are still long hard > tests that challenge your ability to see the issues and determine an > appropriate solution based on the given requirements and conditions. > > All this to say - if you pass MCSE 2000 in 6 weeks (with odd breaks in > between) with no previous Microsoft exams behind you - you will accomplish > something that few if any others have that's why out of 400,000 plus MCSEs > worldwide, only 47,000 have re-qualified to date. I suggest you visit > http://www.examcram.com and read the exam reviews by Orin. (especially 216) > > It's fine to have a healthy opinion of Cisco vs Microsoft accreditations but > I do think you are severely underestimating the new Microsoft exams. > > Kevin Wigle > > - Original Message - > From: "Gareth Hinton" > To: > Sent: Sunday, 21 October, 2001 12:42 > Subject: Re: over 1700 passing ccie written every month [7:23680] > > > > "ccie r catching up with ...mcse now" > > > > > > That's a bit of a wild inaccurate statement. > > > > I reckon after doing my CCNP it wouldn't take too long to get past the > CCIE > > written with 4 to 6 weeks good study. > > I reckon the CCIE Lab could take me a year or more of hard work to get > > anywhere near it, if ever. > > I am looking at the doing the MCSE to broaden the knowledge a little. > > Looking through the syllabus I am looking at around 6 weeks of study with > > odd breaks in between. > > > > MCSE and CCIE will never be comparable. > > It amuses me when people do compare them. > > I think "CCIE written" is a little misleading - As far as I'm concerned > its > > a fairly testing written exam to stop time wasters taking what is the real > > CCIE exam - The LAB. > > > > > > My two penneth... > > > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23737&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
""Brian Whalen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If I put in the effort to pass the written, I'd have no problem telling > people that in an interview. From the employer's perspective, if a > candidate says I'm a CCIE, its up to the employer to ask him/her to prove > it. Well, to me, it's all a matter of misrepresentation and fraud. Saying that you passed the written is one thing. There's nothing wrong with that. But listing such an accomplishment as a cert is something else. The fact is, the written is not a cert, and people who try to claim that it is are entering into a hazy ethical area. And, I'm sorry, but I must say that I do not agree with your last sentence. I don't want to start a flame war, and yes, I concur that employers should most definitely check out their candidates. But if I read you correctly, you are implying that if a candidate claims to be a CCIE (but is actually not), then it is completely the employer's responsibilities to check that claim out, and the candidate has no culpability in the matter. Now, I'm not sure that's what you meant, but if it is, then why stop there? To continue that logic, then it should be perfectly acceptable for candidates to lie about their college degrees and their work experience too. Why not? In fact, why doesn't every job candidate just hand in a resume of complete fiction? Now you might respond that any employer that just accepts the claims of a candidate without checking them out is basically asking to be screwed over. Yes, of course that is true. But on the other hand, to only blame the employer is really a case of blaming the victim. Yes, that employer is stupid. But that's not to say that the lying candidate bears no responsibility in the matter. So the way I see it is, it all becomes a slippery slope - a question of 'where do you draw the line?'. If you choose to misrepresent yourself in one part of your resume to get a job, then why not misrepresent yourself in every area? To me, it's pretty black-and-white. Either your resume is the truth, or it isn't. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23736&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Big Project & we need CCIE's to do it. [7:23735]
Hi. My name is Ulysses and I work for Transparent Technology. We have a large project that will be taking place in the northeast, and we need CCIE's with Cisco telephony certification. Please contact us with your contact info if you are interested. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23735&t=23735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
If I put in the effort to pass the written, I'd have no problem telling people that in an interview. From the employer's perspective, if a candidate says I'm a CCIE, its up to the employer to ask him/her to prove it. Brian "Sonic" Whalen Success = Preparation + Opportunity On Sun, 21 Oct 2001, nrf wrote: > I've never understood why Cisco can't just make the written harder, much > harder. For example, they could just put the pass percentage at 95% or 98% > or something, and/or they could stipulate that if you could only attempt the > written a certain number of times per year. Not only would that get rid of > this glut of "CCIE-written-certified" guys (OK, I know, such a cert doesn't > exist, but everybody here knows people who call themselves CCIE-written > certified), but it would also have the nice side benefit of seriously > cutting down on the lab wait time. > > > > > > ""Ken Diliberto"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I am participating in a study group at Cisco here in the Dallas area. > Even > > the Cisco Engineers in the group are there for their own edification to > help > > them pass. I know if I had access to the lab equipment all the time like > > they > > do, I would be feeling fairly confident. I haven't even attempted the > > written > > yet but I have years worth of router time in a production environment. > The > > number of CCIEs get depressing if you look at them for too long. Just > keep > > looking at dice.com, hotjobs.com and such for jobs requiring a CCIE. > Keeps > > me > > interested. :-) > > > > Ken > > > > >>> "Thomas Larus" 10/21/01 10:52AM >>> > > I wouldn't worry too much about the raw numbers. A lot of these supposed > > 1700 a month are VERY good at memorization, and have not touched routers > and > > switches for more than 10 or 12 hours altogether. I have trouble > believing > > the number is quite that high, because the lab dates do not seem to be > > getting booked up anywhere near that fast. People haven't a prayer of > > passing the CCIE Lab until they get many hundreds or perhaps a thousand or > > two thousand hours of work configuring routers and switches. > > > > It is a long road, and I am still a long way from getting to the CCIE Lab > > milestone myself, but the journey itself is very satisfying. > > > > Thomas Larus > > > > ""Hello Hello"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > ccie r catching up with ...mcse now > > > > > > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] > > xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23734&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
and two penneth won't get you a MCSE 2000 in 6 weeks. I'll raise that to a fiver if you can. I recently undertook and completed MCSE 2000, this after having MCSE 4.0 and 3.51 which is to say that I've been "aware" of Microsoft products for some time. I took 7 exams because I didn't want to try and sit the 4 hour make up exam even though I qualified to take it. One week studying from books, one week to do Transcender for each exam translates into 14 weeks. However, everyone thinks I was nuts and I didn't have a life in those 14 weeks, every night and weekend was studying. I have enough Cisco initials to be "aware" of the Cisco curriculum and I would be among those who would say that there is no comparing MCSE to CCNP (or CCDP). But, the new W2K exams are not like the old NT exams. The "Design" exams though not really testing putting circuits together are still long hard tests that challenge your ability to see the issues and determine an appropriate solution based on the given requirements and conditions. All this to say - if you pass MCSE 2000 in 6 weeks (with odd breaks in between) with no previous Microsoft exams behind you - you will accomplish something that few if any others have that's why out of 400,000 plus MCSEs worldwide, only 47,000 have re-qualified to date. I suggest you visit http://www.examcram.com and read the exam reviews by Orin. (especially 216) It's fine to have a healthy opinion of Cisco vs Microsoft accreditations but I do think you are severely underestimating the new Microsoft exams. Kevin Wigle - Original Message - From: "Gareth Hinton" To: Sent: Sunday, 21 October, 2001 12:42 Subject: Re: over 1700 passing ccie written every month [7:23680] > "ccie r catching up with ...mcse now" > > > That's a bit of a wild inaccurate statement. > > I reckon after doing my CCNP it wouldn't take too long to get past the CCIE > written with 4 to 6 weeks good study. > I reckon the CCIE Lab could take me a year or more of hard work to get > anywhere near it, if ever. > I am looking at the doing the MCSE to broaden the knowledge a little. > Looking through the syllabus I am looking at around 6 weeks of study with > odd breaks in between. > > MCSE and CCIE will never be comparable. > It amuses me when people do compare them. > I think "CCIE written" is a little misleading - As far as I'm concerned its > a fairly testing written exam to stop time wasters taking what is the real > CCIE exam - The LAB. > > > My two penneth... > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23733&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCN Route Redistribution [7:23732]
When configuring route redistribution you are able to set a default metric that will apply to all routes redistributed into a particular protocol. In the case of EIGRP there are parameters that must be set, these are bandwidth, delay, reliability, load, mtu. Although I understand these parameters and what they are where do you get these real world values? I understand that bandwidth is the minimum bandwidth of the route, but values like delay. Where are those values derived? In the Cisco Press BSCN book and also various others to include Sybex, they discuss these parameters but never mention where and how they are derived. I don't mean what is delay I know what that is, but how would an engineer determine what delay of a route or link is in a working environment. Or are these numbers in the book plucked from thin air. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23732&t=23732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DLSW circuit and 3920 Mystery? [7:23731]
This may be one of those where I've overlooked something small (hope so anyway) but can any one out there explain this issue: router configued as in the below example... http://www.cisco.com/warp/public/701/45.html#3 I have a workstation on each end, one on the token-ring and one on the ethernet. The kicker, on the TR end I have the workstation and TR interface into a 3920 switch. When I set up the switch with a TrBrf and TrCrf of my own (where TrBrf=DLSW source Bridge # and TrCrf=ring#) I could not get the dlsw circuits up. All MACs and NetBIOS names showed up under show DLSW reachability but circuits wouldn't establish. That is...until I placed both the router TR interface AND the workstation into switch ports assigned to the default bridge and concentrator functions. Then all worked as expected. ??? So, if you know the why/why not's of this problem please post your response soonest. I'd greatly appreciate your assistance. Thanks in advance and aloha, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23731&t=23731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco equipment available at good prices [7:23574]
Michael - please send me the list of prices... Michael Paulson wrote: > > I am a network consultant working with a large financial firm. They > just foreclosed on a Web hosting facility. The facility had quite a bit > of Cisco gear. Most of the gear is between 6 and 12 months old. It is > available at really good prices. I thought some people in this group > may be interested. > > I have Summarized the Gear below. > If anyone is interested just email me and I will send details and > pricing. > > Mike Paulson > Network Engineer > Infrastructure Design Systems LLP > [EMAIL PROTECTED] > > Quantity > 32620 routers, > 1 3640 routers > 3 7206 VXR routers > 12924 switch > 223548 switches > 1 2948G switch > 106509 switches with many cards > 400 Short haul GBICs > a few long haul GBICs > > Content Switch servers. > CSS-11154-AC > CSS-11801-AC > > [GroupStudy.com removed an attachment of type text/x-vcard which had a name > of michael.paulson.vcf] -- James D. Wilson, CCDA, MCP Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23730&t=23574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Queston about Aironet !!! [7:23691]
Steven, 1) Distance/weather/LOS affect your transmission rate. Find out the exact rate in distance against the losses at http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/obrc_in.xls 2) Typically 90m @ open environment @ 11Mbps or 400m/open/1Mbps 3) Yes if multicast is turned on 4) That is system integration, question is what to integrate? 5) Good quality signal doesn't give good distance nor vice-versa. I bet all the answer is on the URL. Why can't you just do a keyword search? Ryan -Original Message- From: Steiven Poh-(Jaring MailBox) [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 12:52 AM To: [EMAIL PROTECTED] Subject: Queston about Aironet !!! [7:23691] Hi Folks, Question : 1. What is the transmision rate in Mbs againts distance, meaning that if you are the only user on the AP will the data transfer rate degrade when you are getting far away from the AP. 2. What is the max distance from AP to workstation. 3. If your server is runing DHCP, AP set to be static, will the cleint be able to get dynamic IP. 4. Is there any integration between the Aironet systems with the barcode wireless systems which is also Aironet(2Mbps). 5. How to explain on the Beacon receive show on the Aironet program when we perform signal strength monitoring. Which the signal strength degrade againts distance and the beacon tend to be on 100%. Looking forward for your reply Thanks Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23729&t=23691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
I've never understood why Cisco can't just make the written harder, much harder. For example, they could just put the pass percentage at 95% or 98% or something, and/or they could stipulate that if you could only attempt the written a certain number of times per year. Not only would that get rid of this glut of "CCIE-written-certified" guys (OK, I know, such a cert doesn't exist, but everybody here knows people who call themselves CCIE-written certified), but it would also have the nice side benefit of seriously cutting down on the lab wait time. ""Ken Diliberto"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am participating in a study group at Cisco here in the Dallas area. Even > the Cisco Engineers in the group are there for their own edification to help > them pass. I know if I had access to the lab equipment all the time like > they > do, I would be feeling fairly confident. I haven't even attempted the > written > yet but I have years worth of router time in a production environment. The > number of CCIEs get depressing if you look at them for too long. Just keep > looking at dice.com, hotjobs.com and such for jobs requiring a CCIE. Keeps > me > interested. :-) > > Ken > > >>> "Thomas Larus" 10/21/01 10:52AM >>> > I wouldn't worry too much about the raw numbers. A lot of these supposed > 1700 a month are VERY good at memorization, and have not touched routers and > switches for more than 10 or 12 hours altogether. I have trouble believing > the number is quite that high, because the lab dates do not seem to be > getting booked up anywhere near that fast. People haven't a prayer of > passing the CCIE Lab until they get many hundreds or perhaps a thousand or > two thousand hours of work configuring routers and switches. > > It is a long road, and I am still a long way from getting to the CCIE Lab > milestone myself, but the journey itself is very satisfying. > > Thomas Larus > > ""Hello Hello"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > ccie r catching up with ...mcse now > > > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] > xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23727&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: aironet 340 question [7:23548]
Look at the link speed in your bridge (was it BR340 or WGB340?). Main difference on 19xx and 29xx was the density, force your bridge to match the speed of the link rather than use auto. Make sense to me all the time. :) Ryan -Original Message- From: Sites, Bob [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 20, 2001 2:12 AM To: [EMAIL PROTECTED] Subject: aironet 340 question [7:23548] I've used these bridges quite a bit, and connected the ether ports of them into our Cat switches, nothing lower than a 2900. For the first time today I tried to connect one to a Cat1924. I believe the configuration is right on? The vlan, IP and Mask are correct but the switch will not see the bridge. Never had this problem before. Is there something about the 1900's that the Aironet doesn't like? Anyone have an idea as to what is causing this? Bob Sites System Engineer Valley Health System, IS Dept. [EMAIL PROTECTED] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23726&t=23548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Reflectors and Peer Groups [7:23725]
Below is an excerpt from a Cisco case study on multiple route reflectors withing a cluster: An important thing to note, is that peer-groups were not used in the above configuration. If the clients inside a cluster do not have direct IBGP peers among one another and they exchange updates through the RR, peer-goups should not be used. If peer groups were to be configured, then a potential withdrawal to the source of a route on the RR would be sent to all clients inside the cluster and could cause problems. The router sub-command bgp client-to-client reflection is enabled by default on the RR. If BGP client-to-client reflection were turned off on the RR and redundant BGP peering was made between the clients, then using peer groups would be alright. Does anyone know what they mean? I know in IOS versions 12.0 and lower there were issues with route reflection using peer groups, but I am trying to figure out what they are trying to say here. What do they mean by a potential withdrawal to the source of a route on the RR? Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23725&t=23725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing Via BGP [7:23478]
BGP does not care. It all depends on routing policies you set up. This is called Asymmetrical routing. It is extremely common all over the internet. About the Satellite link. I would think long and hard about using a satellite link in the scenario mentioned below. Especially if there is interactive traffic. The delay would really cause havoc. It would be my bet that the network would be slower after you introduced the new link. One way to use the satellite link would be to use it with policy based routing. I would probably make it a bi-directional like for specific host that do not care about speed or delay. Lets say for hosts doing non time sensitive batch file transfers. Personally I would look for another option. Mike Paulson Network engineer Wojtek Zlobicki wrote: > I was under the impression that BGP did not work on unidirectional links. > Can someone correct me if I'm wrong ? > > > hi , > > > > I am currently running on 2 fibre links to two > > different providers . The utilisation of these two > > links are getting very high and they are getting > > congested . I am thinking of purchasing a satellite > > Receive-only link from another provider . > > > > My question is , how am I going to do load-balancing > > using BGP on this Receive-only link ? [GroupStudy.com removed an attachment of type text/x-vcard which had a name of michael.paulson.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23724&t=23478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: two routing protocols in one router? [7:23298]
Admin Distance comes into play when both routing protocols have exactly the same route. For example route 10.1.1.0 mask 255.255.255.0 If both RIP2 and OSPF know about this exact route then the route from OSPF would be used. This is because OSPF has an admin distance of 110 versus RIP of 120. Lets take another example. Lets say OSPF knows about the route as part of a larger aggregate such as 10.1.0.0 mask 255.255.254.0 or a /23 mask. Lets also say the RIP2 still knows about the route as 10.1.1.0 mask 255.255.255.0 or /24bit. In this second case the RIP route would be chosen because it has a more exact match. In this case Administrative distance never came into play at all. Mike Paulson Network engineer. tuffgong wrote: > That is not the case. Routes learned from different protocols are evaluated > on preference (administrative distance) before checking the prefix's cost. > > -Bill > ""Jeff Smith"" wrote in message > news:[EMAIL PROTECTED]... > > I would say you could run both on a given interface. If routes come in > that > > match, the one with the lowest cost will be placed into the routing table. > > > > Jeff > > > > > > >From: "Tan Chee Leong" > > >Reply-To: "Tan Chee Leong" > > >To: [EMAIL PROTECTED] > > >Subject: two routing protocols in one router? [7:23298] > > >Date: Wed, 17 Oct 2001 21:42:27 -0400 > > > > > >Hi, > > > > > >Just a quick one: can a router run two protocols simultaneously? e.g. > RIP2 > > >and OSPF? Perhaps each interface still take care of only one protocol > but > > >the router itself manages two. > > > > > >Thanks. > > > > > >Cheers, > > >Chee Leong > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [GroupStudy.com removed an attachment of type text/x-vcard which had a name of michael.paulson.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23723&t=23298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LANE between CAT 3k and CAT 5k [7:23722]
I was able to dig up 2 switches with ATM modules in them and wanted to practice setting up an ATM network between them; however, I can't find any documentation on directly connecting the two switches. I can only fine docu on connecting two switches together with a lightstream between them. Is it possible to configure LANE between the two. If it is possible could someone please provide some example configs for the CAT 5k; the CAT3k only has a legacy menu interface that isn't real hard to figure out. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23722&t=23722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrading IOS image on 2500 series routers. [7:23713]
Yep- I've got one of my 2600's working as the hub for IOS images. The command is : #tftp-server tftp-server flash c4000-is-mz.112-21.bin tftp-server flash xx-in-mz.111-24a.bin tftp-server flash c2500-io-l.120-15 I suspect anyone who worked Y2K knows this command by heart :o) All the best !!! Phil - Original Message - From: "Brad Ellis" To: Sent: Sunday, October 21, 2001 5:43 PM Subject: Re: Upgrading IOS image on 2500 series routers. [7:23713] > You sure can, you just need to configure one of them as a TFTP server. > > thanks, > -Brad Ellis > CCIE#5796 > Network Learning Inc > [EMAIL PROTECTED] > used Cisco: www.optsys.net > ""William Lijewski"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > I am looking for a good guide/tutitorial on how to upgrade the IOS image > > from one 2500 series router to another. I thought I read somewhere that > you > > could do this with just the two routers hooked together but I don't know > if > > that is true or not. > > > > Any good links or help is greatly appreciated. > > > > Thanks, > > > > Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23721&t=23713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Follow Up - Thumbnail Review of Cisco's BGP-4 Command and [7:23720]
Been reading and working with this over the weekend now. Found a couple of minor technical errors, and shame on those bad boys with decades of high level experience not noticing that some of the IP addresses in at least one diagram have only THREE octets! ;-> Wow this book is good! Three appendices, one distilling RFC 1771, one on regular expressions, and a good treatment of route-map logic that I have not seen explained elsewhere I am also plodding my way through a couple of the sections, most noticeably, the "neighbor" chapter. Very detailed. Very complex. As I said in my previous review, not an easy read, but a great set of Lab exercises - both for configuration and troubleshooting. Most definitely a CCIE level book. Most definitely a good source for anyone, ISP or otherwise, to have handy when setting up BGP for any reason. Highly recommended. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23720&t=23720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
free cisco 806 broadband access kit [7:23656]
i just got a postcard from cisco about this through the post in britain. free cisco 806 broadband solutions kit for download: www.cisco.com/offer/806/d1203 ian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23656&t=23656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Design Question - Spanning-tree Protocol. [7:23614]
No... To STP, the entire bundle of links in an etherchannel count towards STP calculations... STP will not consider it a topology change until the last link in an etherchannel fails... - Original Message - From: "Urooj's Hi-speed Internet" To: Sent: Saturday, October 20, 2001 11:08 AM Subject: Design Question - Spanning-tree Protocol. [7:23614] > Hi Folks, > I have a design in which Cisco 3548 XL's are GBIC-stacked on various floors > of a campus and are uplinked to a core Cat 6509 switch. The uplink from > every floor stack is ether-channeled to the core via two parallel equal-cost > paths. One uplink path starts "forwarding" and the other goes into > "blocking" mode from each floor stack. > > Here is my confusion... If only one link of a 400 MBps full-duplex > ether-channel fails from the forwarding path , will it invoke spanning-tree > recalculation ??? Or will the 'now' sub-optimal path still remain in > forwarding mode and the now more-bandwidth path remain in blocking mode ??? > > Since spanning-tree recalculation causes a lot of ripples throughout the > switched network, I would assume that the latter were true. However, I would > like to hear views from people who would think that the former scenario is > more probable. > > Thanks very much. > > Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23639&t=23614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switching exam question [7:23497]
That makes sense. A hierarchical network design is already a tree! Thanks. Priscilla At 10:55 PM 10/19/01, Leigh Anne Chisholm wrote: >Actually, Cisco teaches that in certain circumstances in the Core, you want >to disable Spanning Tree Protocol (STP). I don't have the courseware with >me at the moment, but I guess the thinking is that with Core layer devices, >you don't run anything extraneous that takes away from the primary role of >high-speed packet switching. STP is considered extraneous when it's not >required. > >Instead of me posting from Cisco's course material once I'm at home, why not >search Cisco for this information... if you're interested in knowing more. > > > -- Leigh Anne > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Jonathan Hays > > Sent: Friday, October 19, 2001 2:20 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Switching exam question [7:23497] > > > > > > Yes. For the server to have a fully redundant connection it must have a > > second NIC to > > another switch and failover software in place. > > > > However, you are mistaken that anyone would normally disable STP on any > > trunk port, > > regardless of whether the switch is in the Core, Distribution, or Access > > layer. > > > > Piatnitchi Cristian wrote: > > > > > Please see this link > > > > > > http://www.geocities.com/cristi_piatnitchi/ > > > This is picture from the Cisco site. > > > > > > Could you explain me how the redundacy is achieved for the > > server present > > on > > > this scheme ? > > > In my opinion if there is no STP in the L2 core and nor a > > second connection > > > from the server to the other switch "cb" > > > there is no protection against of a failure of switch "ca". So > > I consider > > is > > > useless to have redundancy in the access and > > > distribution layers. Am I wrong ? If yes why ? > > > > > > Thanks in advance > > > Cristian Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23701&t=23497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed ccie security lab! [7:23718]
Hi Keyur, Congrats... and thanks for your tips... Regards., Vasu On Thu, 18 Oct 2001 Keyur Shah wrote : > hi, > > I passed ccie security lab yesterday. I was told that i > did really well in > the lab and scored nearly perfect. > > My advice to the folks preparing for this lab is the > following, > > - ccie security is very modern test. in my opinion, > much more real life than > routing and switching test today > - it is certainly doable if you put your dedicated time > and equipment to it > - i studied and crammed labs for about 150 hours total > between CSS1(cisco > security specialist 1) and ccie security and took me > little less than three > months to accomplish both. > - if you are ccie routing and switching, you are half > way there > - if you are ccnp (practical, not book one), then you > are 30% there > - if you are css1 (practical, not book one), then you > are 30% there > - routing and switching is core of all three ccie > tracks (r/s, security and > CNS). you must know it very well > - read MCNS book three times before you start on CCIE > security labs > - bookmark cisco's security tac site, > > http://www.cisco.com/warp/public/707/ make it your > homepage while preparing > for ccie security lab > - work on speed. go back to the lab and test it as a > one piece > - scan through the whole lab start to finish two times. > be careful not to > spend more than 10-15 minutes though. > - hardest part is to wait for results email. make sure > you plan something > hectic the next day of your test. i was on email every > second and it was not > fun to wait. > > -Keyur Shah- > CCIE# 4799 (Routing/Switching and Security) > CSS1,SCSA,SCNA,MCSE,MCP,MCP+I,CNE,MCNE,CCNA,CCDA,MCT,CNI > Hello Computers > "Say Hello To Your Future!" > > http://www.hellocomputers.com > E-mail: > mailto:[EMAIL PROTECTED] > Toll-Free 6) > Europe: 442079003011 > International: 510.795.6815 > Fax: 510.291.2250 > - > __ > Trouble posting? Read: http://www.groupstudy.com/list/po- > sting.html > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23718&t=23718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP auth PAP? Does it work?? [7:23601]
My guess, which could be totally wrong: You have service password-encryption on, so the text after the 7 in your password string should be encrypted. It is in your username statements, which decrypts to cisco, but according to the configs "cisco" is the encrypted password in the ppp pap sent-username which doesn't decrypt (has to be hex values). If you put in ppp pap sent-username 7 cisco it takes cisco as the encrypted password and tries to decrypt it. You need to put in "ppp pap sent-username 7 045802150C2E" or "ppp pap sent-username 7 02050D480809" (or any one of many possibilities) or "ppp pap sent username cisco" I think!!! Enough for someone else to knock me down in flames anyway Good luck, Gaz ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Group, > I have 2 routers connected via S1 using ppp. I have configured the following > on both the routers: > RTD > service password-encryption > username RTA password 7 045802150C2E > ppp authentication pap > ppp pap sent-username RTD password 7 cisco > > > RTA > service password-encryption > username RTD password 7 02050D480809 > ppp authentication pap > ppp pap sent-username RTA password 7 cisco > > The serial 1 shows up as UP/Down. Is this config right to begin with? > Chap auth. works fine but pap..!!! > Any clues. > Thanks!! > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23665&t=23601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ospf point-to-multipoint [7:23655]
The book did not make it clear but both are right. 1. If your use "point-to-multipoint" command on interface, the routing packets will be send using multicast packet. 2. If you use "point-to-multipoint non-broadcast" command on interface, you need "neighbor" under "router ospf" and the routing packets will be sent using unicast. You can turn on debug mode to watch ospf packets, like hello packets, which is easy to observe. CCIE Study Professional Checklist http://www.geocities.com/berdde/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Sunday, October 21, 2001 1:52 PM To: [EMAIL PROTECTED] Subject: ospf point-to-multipoint [7:23655] Hello, On Jeff Doyle's TCP/IP volume I, P417 it says point-to-multipoint is multicast; P433 it says it's unicast. Which one is correct? Thanks in advance. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23666&t=23655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Word of Caution [7:23363]
I looked at their web site. What are they doing? Asking retail for refurbished equipment? They say "all unreasonable offers will be refused". Give me a break. I think better deals can be found on eBay, and we all know you usually don't get any deals there. Now if only I had something useful to post... Ken >>> "Anh Lam" 10/21/01 10:43AM >>> Rick hit it right on the head. I take an apology from a "sale" guy with a grain of salt. Robert, why don't you do the honorable thing and sell to debbie what she bidded for when she placed the order? I teach networking a a community college and I have a lot of students asking me where they can purchase networking gears. One thing I will tell them for sure is to "stay away" from www.itparade.com. As Rick has mentioned before, we don't judge people by their mistakes, we judge people on how they correct them. If memory serves me right, I remembered a few months back United Airlines mistakenly posted on their web sites flying coast to coast for $1.00. Guess what happened, United Airlines has to honor it because it is the "right thing to do". In this case, we have a sale guy try to come up with a lame excuse that their system was not functioning properly at the time the customer placed orders. Believe me, in this age of instant messaging, www.itparade.com will be the place that networking folks stay away when it comes to purchasing equipments. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23686&t=23363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help with troubleshooting Cisco VPN connection in [7:23695]
Can someone in this group help me with this problem? I am trying to setup VPN connections for remote users (people who use laptops on the road or when people to who are on their own corporate network) to connect to my home network using IPSec. I am using a PIX515-UR Firewall at my home network. The external IP address (outside) of the PIX is 66.61.46.240 while the internal IP address (inside) of the PIX is 172.16.1.254. On the PIX, I also setup an IP pool so that the PIX will assign IP address to remote clients when they connect to my home network. This ip pool has ip range of 172.16.2.1-172.16.2.254. On the clients side, everyone is running Cisco VPN client software version 3.0.6.rel2-k9 which I download from Cisco website. The clients are running either WinNT 4.0 workstation, or Win2k Professional or RedHat Linux 7.1 with kernel 2.4.10. When a client attempts to make a VPN connection to the PIX (66.61.46.240), the connection is successfully and the client is also assigned an IP address of 172.16.2.1. So what is the problem you ask? Well, even though the client is successfully authenticated to my home network, he/she can NOT ping any of the devices in the 172.16.1.0/24 network. From the client, I can see the packet gets encrypted before sending out but nothing coming back (the counter on the packet decrypted on the client is zero). Rebooting the PIX several times didnot resolve the situation either. At this point, I decided to replace the PIX515 with a PIX520 with the exact configuration. With the PIX520, everything WORKS. Client can access devices on the 172.16.1.0/24 network. I am running the same PIX IOS code on both the 515 and 520. Am I missing something in the PIX515? I thought since I am running the Un-Restricted(UR) license, VPN is supported. Below is the configuration of the PIX515. Please help. Thanks. Anh ciscopix#sh ver Cisco PIX Firewall Version 6.1(1) Cisco PIX Device Manager Version 1.0(2) Compiled on Tue 11-Sep-01 07:45 by morlee ciscopix up 9 hours 37 mins Hardware: PIX-515, 96 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB 0: ethernet0: address is 0050.54ff.7a24, irq 10 1: ethernet1: address is 0050.54ff.7a25, irq 7 2: ethernet2: address is 00aa.00bc.ba87, irq 11 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Disabled Maximum Interfaces: 6 Cut-through Proxy: Enabled Guards: Enabled Websense: Enabled Inside Hosts: Unlimited Throughput: Unlimited ISAKMP peers: Unlimited ciscopix# wr t Building configuration... : Saved : PIX Version 6.1(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security99 enable password xxx encrypted passwd x encrypted hostname ciscopix domain-name micronet.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no names access-list 101 permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0 access-list 101 permit ip host 66.61.46.240 172.16.2.0 255.255.255.0 access-list 80 permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0 pager lines 24 interface ethernet0 auto interface ethernet1 auto interface ethernet2 100full shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside 66.61.46.240 255.255.248.0 ip address inside 172.16.1.254 255.255.255.0 ip address dmz 127.0.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool ippool 172.16.2.1-172.16.2.254 no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 pdm location 164.109.0.0 255.255.0.0 outside pdm location 172.16.1.0 255.255.255.0 inside pdm history enable arp timeout 14400 nat (inside) 0 access-list 101 conduit permit ip any any route outside 0.0.0.0 0.0.0.0 66.61.40.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http 172.16.1.0 255.255.255.0 inside http 172.16.1.0 255.255.255.0 dmz no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat auth-prompt prompt prompt crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-shar
Re: AW: OT: Enable secret hacking [7:23670]
It has to do brute force strength. Against an MD5, it does pretty poorly, benching about 440 Cracks per second on a K6-200 with 160 megs of ram. (ram is irrelevant to be honest). I am guessing that say a gigahertz processor might do a linear increase to about ~2000 Cracks per second. This is pretty slow and has almost no chance to stop a good 8 character password. With about 92 or so character choices for a password, 8^92 == 121.416E81. Or, a heck of a lot for a simple 8 character password. Yes, with this number, it is impossible for one machine to do this in a life time. Note, few people put up good, strong passwords. If there is any level of efficiency, we can cut this number down a lot. On the side, Microsoft's Mighty NT Lan Man DES gets hit by an astounding 90K cracks per second on a K6-200. Forget that, I believe L0phtcrack lets you do 300-400K cracks per second on your slightly below average processor of today and can do them in parallel. Maybe that is why Microsoft is quickly dropping their Lanman Hash as they introduce Win2k as the "champion server OS?" However, I wonder if one can use programs like "john the ripper" in parallel with other machines. With a "cracking" Athlon box running for maybe $400 bucks, you can probably setup one nasty cluster to cut this down to size. Although this may seem like a lot of trouble a hacker has to go through, it is and it is not. If you give ANYONE an encrypted hash guarding something really important, you can assume it will be cracked within a life time and be used against you. (Another good reason why you should rotate your passwords over a certain amount of time, but that of course has other possible problems). Heck, it seems fairly reasonable for a hacker to have a small cluster of Athlon boxes. I have quite a few PCs at home. As for practicality, one could argue most "script kiddies" are unable to fathom even what I just wrote. However, a mere amateur or professional hacker could easily wreck do this. Be careful if you have sensitive information or enemies! At 02:59 PM 10/21/01 -0400, Maissen Sacha wrote: >Anh, >Sorry for my question about your test below. This program "john the >ripper", is >it working with dictionaries or not? Because my question is, if I use >passwords >like "12eldkvi", which are not in any dics, how long you need then to >crack a >MD5-password? > >Regards >Sacha > >-Urspr|ngliche Nachricht- >Von: Anh Lam [mailto:[EMAIL PROTECTED]] >Gesendet: Sonntag, 21. Oktober 2001 20:46 >An: [EMAIL PROTECTED] >Betreff: Re: OT: Enable secret hacking [7:23670] > > >Gareth, >I create an "enable secret" password on a Cisco router 2610 with the >password as you mentioned "kittens". Remember this is an MD5 encrypted >string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this >string >and use the program called "john the ripper" running on my linux box to >crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes >exactly 5 minutes to crack this password. I would imagine for longer >"enable secret" password, it takes longer but not as difficult as it >sounds. > >Regards, -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23716&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle Chap:14 Config Q.1 [7:23648]
Hey there GUY: 172.16.1.0 with a wildcard mask of 0.0.0.127 means the same as 172.16.1.0/25. In other words, only various combinations of the last seven bits may have been manipulated to form the host addresses that belong to the subnetwork that this acl will affect. This makes the range 172.16.1.0 to 172.16.1.127 (not 128, as you wrote) Similarly, 172.16.1.128 0.0.0.127 will affect the range from 172.16.1.128 to 172.16.1.255. What you've written: "172.16.1.0/28 to 172.16.1.128/28" isn't really a range, but rather two different subnets available with /28 masks. There are sixteen: 172.16.1.0/28 172.16.1.16/28 172.16.1.32/28 ...etc until you get to 172.16.1.240/28 The 'first' eight of these (.o/28 through .112/28) all share the same bit structure through the first 25 bits, so that is why the first example acl you cited (172.16.1.0 with a wildcard mask of 0.0.0.127) would work for that. Similarly, the 172.16.1.128 0.0.0.127 will block out the rest because the bit structure for all of those is the same for the first 25 bits. Remember , the wildcard mask just tells the router to ignore anything that's masked out with a "1" bit in the mask. HTH :-{)] Mark A. Morenz, MS Ed, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23674&t=23648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: weird termsrv problem [7:23719]
I had a problem like this before on checking ,the memory and cpu utilization was very high .what i did was just to run a smaller size ios.This actually happen when i try configuring DLSW on the system.Try change your ios Regards >try another IOS in order to eliminate a possible SW issue (yes, even though >it might of been working before without problem!) > >jaz > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >routerjocky >Sent: 21 October 2001 08:05 >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] >Subject: weird termsrv problem > > >I'm having a strange problem with my homelab 2511. Telnet sessions to the >terminal server just drop unexpectedly. No rhyme or reason to it. A 'clear >arp' command (from the console) allows me to access the terminal server >again. >No errors on the e0 interface are being generated. I've tried changing the >transceiver, cable, and moving to a different hub port, but none of those >changes seem to solve the problem. One of the weirdest 'flaky' problems >that >I've ever seen, and terribly frustrating because I can't diagnose the >problem >from the router. (next step: sniff the network) > >Has anyone seen this kind of behavior before? > >If so, what was the solution? > >If not, what's your best guess at what the problem could be? > >thanks in advance >-e- >May the route be with you >Switch if you must, route if you can ;-) >http://members.home.net/airwrck Ohanusi Anthony CCNA,CCNP,CCIE Written. WAN Engineer Network Solution, A Schlumberger Company Email : Phone : 234-1-2610446 EXT 3230 Fax : 234-1-2621034 Learn to qualify your statement Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23719&t=23719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
You are correct, assuming fully random values. Let us not assume that "4 hours" is a long time. If they have the hash, they have all the time in the world and you will never know they are cracking away at it. The hash MUST be and SHOULD be guarded at all costs. This definitely stops the neophytes, but you really do not want the pros getting their hands on it. Each attempt varies, for MD5, john in particular runs 440 Cracks per second on a k6-200. This is very slow. As for "kittens/1", no, it would not help much. If you have ANY string that is within a dictionary, you just gave up that entire subsection. There are lot of clever combinations that can be used and done. If you do not believe me, just take a look at some regular expressions that perl programmers use. You can catch a LOT of combinations and do lots of tricks. 1) Do not use ANYTHING remotely related to you personally or in a dictionary for a password. 2) Do not use clever combinations like KiTtEnS/134, it is just as easy to crack. 3) Do not use password generators. Why? Write a program that does password generation. You did it? Great. You did an algorithm based on some "random" seed. Does not matter, you now have a pattern which you can write your hacking program to work with. Now it will know your pattern if it can reverse engineer the algorithm (should not be too hard), and you can kiss every single password that you used with that good bye, like in 5 seconds each. ;) (if you use open source software to generate, they got the algorithm, if you used closed source, you can delude yourself in that security through obscurity works. well, it does not). At 03:19 PM 10/21/01 -0400, Gareth Hinton wrote: >I would imagine that if using a-z and 0 to 9, with 8 characters there would >be 8 to the power 36 combinations (I think). >Trouble is those numbers are getting too large for me to have any concept of >how long it would take to hack. We'd need to get an idea of how long each >attempt takes. > >Looking back at the original password it was very similar to yours. His unix >box had been going for 4 hours when we stopped it to do those tests, so much >harder to crack. I'm going to set one off later to see how long it takes. > >This is not scare mongering by the way. >To accomplish this you already need to have the MD5 hash. I think it's just >better to avoid complacency - make the passwords longer and use special >characters if possible. I didn't realise the amount of difference between >dictionary passwords and the alternative. I suppose something as simple as >"kittens/1" would cut out the dictionary searches. > >Gareth > > > >""Maissen Sacha"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Anh, > > Sorry for my question about your test below. This program "john the > > ripper", is > > it working with dictionaries or not? Because my question is, if I use > > passwords > > like "12eldkvi", which are not in any dics, how long you need then to > > crack a > > MD5-password? > > > > Regards > > Sacha > > > > -Urspr|ngliche Nachricht- > > Von: Anh Lam [mailto:[EMAIL PROTECTED]] > > Gesendet: Sonntag, 21. Oktober 2001 20:46 > > An: [EMAIL PROTECTED] > > Betreff: Re: OT: Enable secret hacking [7:23670] > > > > > > Gareth, > > I create an "enable secret" password on a Cisco router 2610 with the > > password as you mentioned "kittens". Remember this is an MD5 encrypted > > string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this > > string > > and use the program called "john the ripper" running on my linux box to > > crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes > > exactly 5 minutes to crack this password. I would imagine for longer > > "enable secret" password, it takes longer but not as difficult as it > > sounds. > > > > Regards, -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23717&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Etherchannel [7:23692]
You can set a channel with desirable on both sides of a link... you can't with auto/auto or anything with one side set to off, for obvious reasons... What VLANs are the trunks set to carry? The VLAN settings must be identical, as well as duplex and negotiation... - Original Message - From: "Carroll Kong" To: Sent: Sunday, October 21, 2001 1:14 PM Subject: Re: Problem with Etherchannel [7:23692] > You cannot do both as desirable. One must be desirable and the > other auto. Or you can try forcing the modes to "on" and "on". That might > fix it! > > At 12:57 PM 10/21/01 -0400, Brad Moss wrote: > >I am trying to connect two cat5500s and am unable to get port channel to > >come online. I have configured both sides below is the config of the ports. > >Any help would be greatly appreciated. These are production switches the > >only thing I have to done is reboot them. For some reason they are not > >recognizing that they are connect to the same switch on the other end of > >either link. I am unaware on any "special" things that must happen for port > >channeling both blades support it. > > > > > >Set po channel 8/3-4 mode desirable > >Set trunk 8/3 isl on > >Set trunk 8/4 isl on > > > >Set po channel 1/1-2 desirable > >Set trunk 1/1 isl on > >Set trunk 1/2 isl on > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 8/3 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Admin Ch > > Mode Group Id > >- -- - - > > 8/3 connected desirable non-silent 157 0 > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 8/4 connected trunk normal full 100 > 100BaseFX > >MM > >Port Status Channel Admin Ch > > Mode Group Id > >- -- - - > > 8/4 connected desirable non-silent 157 0 > > > >SJMDFSW01> (enable) sho po channel > >No ports channeling > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Channel Neighbor Neighbor > > mode status device > port > >- -- - --- - -- > > 1/1 connected desirable not channel > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Channel Neighbor Neighbor > > mode status device > >port > >- -- - --- - -- > > 1/2 connected desirable not channel > > > >SJDCSW02> (enable) sho po channel > >No ports channelling > > > > > >Brad Moss, CCNA > >Network Administrator > >CHRISTUS St. Joseph's Medical Center - South > >www.christushealth.org > >(903) 737-3160 > >[EMAIL PROTECTED] > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23715&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrading IOS image on 2500 series routers. [7:23713]
You sure can, you just need to configure one of them as a TFTP server. thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net ""William Lijewski"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > I am looking for a good guide/tutitorial on how to upgrade the IOS image > from one 2500 series router to another. I thought I read somewhere that you > could do this with just the two routers hooked together but I don't know if > that is true or not. > > Any good links or help is greatly appreciated. > > Thanks, > > Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23714&t=23713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Upgrading IOS image on 2500 series routers. [7:23713]
Hello, I am looking for a good guide/tutitorial on how to upgrade the IOS image from one 2500 series router to another. I thought I read somewhere that you could do this with just the two routers hooked together but I don't know if that is true or not. Any good links or help is greatly appreciated. Thanks, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23713&t=23713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: weird termsrv problem [7:23712]
hey man, try another IOS in order to eliminate a possible SW issue (yes, even though it might of been working before without problem!) jaz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of routerjocky Sent: 21 October 2001 08:05 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: weird termsrv problem I'm having a strange problem with my homelab 2511. Telnet sessions to the terminal server just drop unexpectedly. No rhyme or reason to it. A 'clear arp' command (from the console) allows me to access the terminal server again. No errors on the e0 interface are being generated. I've tried changing the transceiver, cable, and moving to a different hub port, but none of those changes seem to solve the problem. One of the weirdest 'flaky' problems that I've ever seen, and terribly frustrating because I can't diagnose the problem from the router. (next step: sniff the network) Has anyone seen this kind of behavior before? If so, what was the solution? If not, what's your best guess at what the problem could be? thanks in advance -e- May the route be with you Switch if you must, route if you can ;-) http://members.home.net/airwrck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23712&t=23712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
If routers and switches are configured to use TACACS then both the EXEC (level7) and enable secret password are pretty much useless. For some hackers to get onto a router or a switch with EXEC and enable secret, the TACACS server must not be reachable by the router and switch. Only at that point, one would have to log onto Cisco devices with local account and go into privilege mode with enable secret password. Authentication and Authorization and Accounting will be taking place at the TACACS server under normal condition. Frankly, I wouldn't be too worry about it anyway. >From: "Brian Whalen" >Reply-To: "Brian Whalen" >To: [EMAIL PROTECTED] >Subject: Re: OT: Enable secret hacking [7:23670] >Date: Sun, 21 Oct 2001 15:38:37 -0400 > >perhaps this is why sho run and sho conf are not level 1 commands?? > >Brian "Sonic" Whalen >Success = Preparation + Opportunity > > >On Sun, 21 Oct 2001, Gareth Hinton wrote: > > > The reason I asked was to see if other peoples impression was the same >as > > mine. I've got the tools for the level 7 passwords, but was under the > > impression that the enable secret was almost impossible. > > I do some work for a fairly large company that had some penetration >testing > > done this week by a government agency. > > One of the "hackers" told me that depending on the length and complexity >of > > the password he could crack the enable password from the MD5 hash pretty > > quickly. > > The passwords we normally use for enable secrets are over 8 character >random > > alphanumeric strings, so it was taking some time. > > Not believing him entirely, I suggested that I simplify the password a > > little to a dictionary word of 7 characters. I changed it to "kittens" >and > > it took his unix box around 5 seconds to go through the dictionary > > performing MD5 hash on every word, then comparing the result with the >real > > hash. > > > > I was quite surprised at how quick it was. Admittedly they need to see >the > > MD5 hash somehow, but I've never gone over the top to cover these up >before > > now. > > > > We also (a little carelessly) got caught out with a few switches with >"IP > > HTTP SERVER" on as default, so the weakness with http allowed level 15 > > access to the switches. Oops. > > > > Just thought I'd bring it up anyway. I think "no ip http server" and >more > > complex passwords are in order. > > > > > > Regards, > > > > Gareth > > > > ""John Neiberger"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > The enable secret would not be an easy thing to crack. The enable > > password, > > > however, can be cracked easily with a number of utilities available >for > > free > > > on the internet. > > > > > > If you have hackers attacking your network who have the capability to > > crack > > > the enable secret then you have much bigger problems. > > > > > > As I recall, the enable secret displayed when you do a show run is a > > one-way > > > hash, so the original cannot be determined from the encrypted version. > > I'll > > > have to check into that. > > > > > > A good hacker would spend his time elsewhere. Sitting at the login >prompt > > > trying to guess passwords for a few years probably isn't a wise way to > > spend > > > one's time. Hackers tend to go for the low-hanging fruit. > > > > > > Regards, > > > John > > > > > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > > > > > | Hi all, > > > | > > > | I'm asking this as a matter of interest after something I saw this > > week: > > > | Given the following line of config: > > > | > > > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > > > | > > > | What are the chances of cracking the enable secret? (Without >raising > > > | suspicicion by having 40 million attempts on the box itself.) > > > | Lets say the password is an 8 character string of letters only, not > > > | necessarily a dictionary word. > > > | > > > | What's everybody's view, could it be easily hacked or not? > > > | > > > | > > > | Thanks, > > > | > > > | Gaz > > > | > > > | > > > | > > > | > > > ___ > > > http://inbox.excite.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23711&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Etherchannel [7:23692]
No problem, I was looking up on CCO, the Etherchannel configuration for ios 5.4 and it confirmed my thoughts and yours. I was able to the get line up as a channel once I turned off trunking, set the right vlan to the ports, assigned po channel 8/2-3 desirable and 1/1-2 auto, and turned trunking back on. Thanks to all Brad Moss CCNA -Original Message- From: Carroll Kong [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 21, 2001 2:25 PM To: Brad Moss Cc: [EMAIL PROTECTED] Subject: Re: Problem with Etherchannel [7:23692] Yeah, sorry for the misinformation before. Here is the a good way to remember the modes. The most part, PaGP is either auto or desirable. Or you can just turn the pesky thing on or off. (non-PaGp). Of course it will only work if you are both on if you choose the non-PaGp mode. As for knowing the right compatibility, remember that desirable people are also aggressive. :) Two aggressive people can communicate. Auto is passive. Two passive people cannot communicate. One aggressive and one passive can communicate as well. Just think of an aggressive desirable as those players. (male or female). Those nice guys and girls who are passive just never get with anyone. :) Sorry, I just immediately jumped the gun and assumed you chose the two passive case without really reading carefully and remembering my own rules. :( Very bad form, I do not blame anyone for not believing me after such a blunder. You cannot do both as desirable. One must be desirable and the other auto. Or you can try forcing the modes to "on" and "on". That might fix it! At 12:57 PM 10/21/01 -0400, Brad Moss wrote: >I am trying to connect two cat5500s and am unable to get port channel to >come online. I have configured both sides below is the config of the ports. >Any help would be greatly appreciated. These are production switches the >only thing I have to done is reboot them. For some reason they are not >recognizing that they are connect to the same switch on the other end of >either link. I am unaware on any "special" things that must happen for port >channeling both blades support it. > > >Set po channel 8/3-4 mode desirable >Set trunk 8/3 isl on >Set trunk 8/4 isl on > >Set po channel 1/1-2 desirable >Set trunk 1/1 isl on >Set trunk 1/2 isl on > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/3 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/3 connected desirable non-silent 157 0 > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/4 connected trunk normal full 100 100BaseFX >MM >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/4 connected desirable non-silent 157 0 > >SJMDFSW01> (enable) sho po channel >No ports channeling > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device port >- -- - --- - -- > 1/1 connected desirable not channel > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device >port >- -- - --- - -- > 1/2 connected desirable not channel > >SJDCSW02> (enable) sho po channel >No ports channelling > > >Brad Moss, CCNA >Network Administrator >CHRISTUS St. Joseph's Medical Center - South >www.christushealth.org >(903) 737-3160 >[EMAIL PROTECTED] -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23710&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
perhaps this is why sho run and sho conf are not level 1 commands?? Brian "Sonic" Whalen Success = Preparation + Opportunity On Sun, 21 Oct 2001, Gareth Hinton wrote: > The reason I asked was to see if other peoples impression was the same as > mine. I've got the tools for the level 7 passwords, but was under the > impression that the enable secret was almost impossible. > I do some work for a fairly large company that had some penetration testing > done this week by a government agency. > One of the "hackers" told me that depending on the length and complexity of > the password he could crack the enable password from the MD5 hash pretty > quickly. > The passwords we normally use for enable secrets are over 8 character random > alphanumeric strings, so it was taking some time. > Not believing him entirely, I suggested that I simplify the password a > little to a dictionary word of 7 characters. I changed it to "kittens" and > it took his unix box around 5 seconds to go through the dictionary > performing MD5 hash on every word, then comparing the result with the real > hash. > > I was quite surprised at how quick it was. Admittedly they need to see the > MD5 hash somehow, but I've never gone over the top to cover these up before > now. > > We also (a little carelessly) got caught out with a few switches with "IP > HTTP SERVER" on as default, so the weakness with http allowed level 15 > access to the switches. Oops. > > Just thought I'd bring it up anyway. I think "no ip http server" and more > complex passwords are in order. > > > Regards, > > Gareth > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The enable secret would not be an easy thing to crack. The enable > password, > > however, can be cracked easily with a number of utilities available for > free > > on the internet. > > > > If you have hackers attacking your network who have the capability to > crack > > the enable secret then you have much bigger problems. > > > > As I recall, the enable secret displayed when you do a show run is a > one-way > > hash, so the original cannot be determined from the encrypted version. > I'll > > have to check into that. > > > > A good hacker would spend his time elsewhere. Sitting at the login prompt > > trying to guess passwords for a few years probably isn't a wise way to > spend > > one's time. Hackers tend to go for the low-hanging fruit. > > > > Regards, > > John > > > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > > > | Hi all, > > | > > | I'm asking this as a matter of interest after something I saw this > week: > > | Given the following line of config: > > | > > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > > | > > | What are the chances of cracking the enable secret? (Without raising > > | suspicicion by having 40 million attempts on the box itself.) > > | Lets say the password is an 8 character string of letters only, not > > | necessarily a dictionary word. > > | > > | What's everybody's view, could it be easily hacked or not? > > | > > | > > | Thanks, > > | > > | Gaz > > | > > | > > | > > | > > ___ > > http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23708&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AW: OT: Enable secret hacking [7:23670]
If the password is NOT in the dictionary, then it would take considerable amount of time to crack it. I've not tried it yet so I can't tell you; however, given the power of PC's these days, I wouldn't be suprised that it will not take very long. Furthermore, if someone really want to crack the password, he/she would use this application on clustering technology to increase the CPU and memory. >From: "Maissen Sacha" >Reply-To: "Maissen Sacha" >To: [EMAIL PROTECTED] >Subject: AW: OT: Enable secret hacking [7:23670] >Date: Sun, 21 Oct 2001 14:59:51 -0400 > >Anh, >Sorry for my question about your test below. This program "john the >ripper", is >it working with dictionaries or not? Because my question is, if I use >passwords >like "12eldkvi", which are not in any dics, how long you need then to >crack a >MD5-password? > >Regards >Sacha > >-Urspr|ngliche Nachricht- >Von: Anh Lam [mailto:[EMAIL PROTECTED]] >Gesendet: Sonntag, 21. Oktober 2001 20:46 >An: [EMAIL PROTECTED] >Betreff: Re: OT: Enable secret hacking [7:23670] > > >Gareth, >I create an "enable secret" password on a Cisco router 2610 with the >password as you mentioned "kittens". Remember this is an MD5 encrypted >string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this >string >and use the program called "john the ripper" running on my linux box to >crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes >exactly 5 minutes to crack this password. I would imagine for longer >"enable secret" password, it takes longer but not as difficult as it >sounds. > >Regards, _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23709&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
I would imagine that if using a-z and 0 to 9, with 8 characters there would be 8 to the power 36 combinations (I think). Trouble is those numbers are getting too large for me to have any concept of how long it would take to hack. We'd need to get an idea of how long each attempt takes. Looking back at the original password it was very similar to yours. His unix box had been going for 4 hours when we stopped it to do those tests, so much harder to crack. I'm going to set one off later to see how long it takes. This is not scare mongering by the way. To accomplish this you already need to have the MD5 hash. I think it's just better to avoid complacency - make the passwords longer and use special characters if possible. I didn't realise the amount of difference between dictionary passwords and the alternative. I suppose something as simple as "kittens/1" would cut out the dictionary searches. Gareth ""Maissen Sacha"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anh, > Sorry for my question about your test below. This program "john the > ripper", is > it working with dictionaries or not? Because my question is, if I use > passwords > like "12eldkvi", which are not in any dics, how long you need then to > crack a > MD5-password? > > Regards > Sacha > > -Urspr|ngliche Nachricht- > Von: Anh Lam [mailto:[EMAIL PROTECTED]] > Gesendet: Sonntag, 21. Oktober 2001 20:46 > An: [EMAIL PROTECTED] > Betreff: Re: OT: Enable secret hacking [7:23670] > > > Gareth, > I create an "enable secret" password on a Cisco router 2610 with the > password as you mentioned "kittens". Remember this is an MD5 encrypted > string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this > string > and use the program called "john the ripper" running on my linux box to > crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes > exactly 5 minutes to crack this password. I would imagine for longer > "enable secret" password, it takes longer but not as difficult as it > sounds. > > Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23707&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP load balancing - variance command [7:23623]
In order for the second-best path to be used for unequal-cost load balancing using variance, it MUST meet the feasibility condition. IOW, it has to qualify to be the feasible successor route. If it doesn't, it won't matter how great you make the variance value. Francis, look at the output of "show ip eigrp topology all" on R1. Check to see whether the "advertised distance" (after the slash) for the alternate route via R3 is LESS THAN the "feasible distance" (total metric) for this route via R2 (this one should be your successor route, the one that's best). I haven't worked out your numbers, but I have a feeling it won't meet the feasibility condition, and that's why you're not getting the unequal-cost load balancing you seek. Pamela At 12:02 AM 10/21/01 -0400, you wrote: >In this scenario, I don't know why you use 128 for variance value. In >short, you choose a value of variance such that this value multiplies by the >best path should be GREATER than the alternate path you like to load >balancing. > >For this scenario, the bandwidth on R1-R2-R4 path is 3000K, bandwidth on >R1-R3-R4 path is 1544K. Using a variance of 2 should load balance between >the 2 paths. > >1544k x 2 > 3000k > >Thomas N. > > >""kwock99"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have tried some basic testing on the EIGRP load balancing. For >simplicity, > > I only set up 4 router in order to get equal cost load balancing. > > > > > > LANA**R1 --R2 --R4 LANB > >|| > > --R3 > > > > ***: Ethernet > > : Wan > > > > If I use the default setting for the bandwidth and delay, I can get two > > route from LAN A to LANB. > > > > R1--R2--R4 > > R1--R3--R4 > > > > After I changed all the bandwidth of serial interface of R1, R2, R4 to > > 3000Kbit (default is 1544kbit), I cannot get two route to LAN B, only the > > best route appears (R1--R2--R4). It is normal. > > > > I key in the "variance 128" command in R1 in order to get two route, but >it > > failed. The parameter 128 is make sure that the R1 will take any alternate > > route to LAN B because the metric of R1--R3--R4 must be less than 128 * > > (metric of R1--R2--R4). > > > > Anyone have the idea? Thanks. > > > > Francis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23706&t=23623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AW: OT: Enable secret hacking [7:23670]
Anh, Sorry for my question about your test below. This program "john the ripper", is it working with dictionaries or not? Because my question is, if I use passwords like "12eldkvi", which are not in any dics, how long you need then to crack a MD5-password? Regards Sacha -Urspr|ngliche Nachricht- Von: Anh Lam [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 21. Oktober 2001 20:46 An: [EMAIL PROTECTED] Betreff: Re: OT: Enable secret hacking [7:23670] Gareth, I create an "enable secret" password on a Cisco router 2610 with the password as you mentioned "kittens". Remember this is an MD5 encrypted string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this string and use the program called "john the ripper" running on my linux box to crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes exactly 5 minutes to crack this password. I would imagine for longer "enable secret" password, it takes longer but not as difficult as it sounds. Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23705&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
Gareth, I create an "enable secret" password on a Cisco router 2610 with the password as you mentioned "kittens". Remember this is an MD5 encrypted string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this string and use the program called "john the ripper" running on my linux box to crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes exactly 5 minutes to crack this password. I would imagine for longer "enable secret" password, it takes longer but not as difficult as it sounds. Regards, >From: "Gareth Hinton" >Reply-To: "Gareth Hinton" >To: [EMAIL PROTECTED] >Subject: Re: OT: Enable secret hacking [7:23670] >Date: Sun, 21 Oct 2001 13:34:19 -0400 > >The reason I asked was to see if other peoples impression was the same as >mine. I've got the tools for the level 7 passwords, but was under the >impression that the enable secret was almost impossible. >I do some work for a fairly large company that had some penetration testing >done this week by a government agency. >One of the "hackers" told me that depending on the length and complexity of >the password he could crack the enable password from the MD5 hash pretty >quickly. >The passwords we normally use for enable secrets are over 8 character >random >alphanumeric strings, so it was taking some time. >Not believing him entirely, I suggested that I simplify the password a >little to a dictionary word of 7 characters. I changed it to "kittens" and >it took his unix box around 5 seconds to go through the dictionary >performing MD5 hash on every word, then comparing the result with the real >hash. > >I was quite surprised at how quick it was. Admittedly they need to see the >MD5 hash somehow, but I've never gone over the top to cover these up before >now. > >We also (a little carelessly) got caught out with a few switches with "IP >HTTP SERVER" on as default, so the weakness with http allowed level 15 >access to the switches. Oops. > >Just thought I'd bring it up anyway. I think "no ip http server" and more >complex passwords are in order. > > >Regards, > >Gareth > >""John Neiberger"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The enable secret would not be an easy thing to crack. The enable >password, > > however, can be cracked easily with a number of utilities available for >free > > on the internet. > > > > If you have hackers attacking your network who have the capability to >crack > > the enable secret then you have much bigger problems. > > > > As I recall, the enable secret displayed when you do a show run is a >one-way > > hash, so the original cannot be determined from the encrypted version. >I'll > > have to check into that. > > > > A good hacker would spend his time elsewhere. Sitting at the login >prompt > > trying to guess passwords for a few years probably isn't a wise way to >spend > > one's time. Hackers tend to go for the low-hanging fruit. > > > > Regards, > > John > > > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > > > | Hi all, > > | > > | I'm asking this as a matter of interest after something I saw this >week: > > | Given the following line of config: > > | > > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > > | > > | What are the chances of cracking the enable secret? (Without raising > > | suspicicion by having 40 million attempts on the box itself.) > > | Lets say the password is an 8 character string of letters only, not > > | necessarily a dictionary word. > > | > > | What's everybody's view, could it be easily hacked or not? > > | > > | > > | Thanks, > > | > > | Gaz > > | > > | > > | > > | > > ___ > > http://inbox.excite.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23704&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf point-to-multipoint [7:23655]
Jim, point-to-multipoint can be both broadcast and non-broadcast. In case it is configured as broadcast (default when you configure 'ip ospf network point-to-multipoint), it will treat interface as collection of point-to-point links and will use multicast, just as on point-to-point link. If it is configured as non-broadcast, with: ip ospf network point-to-multipoint non-broadcast it will use unicast, and you have to configure neighbors. See page 566 for example. Sasa Jim Bond wrote: > > On Jeff Doyle's TCP/IP volume I, P417 it says > point-to-multipoint is multicast; P433 it says it's > unicast. Which one is correct? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23703&t=23655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Etherchannel [7:23692]
Yeah, sorry for the misinformation before. Here is the a good way to remember the modes. The most part, PaGP is either auto or desirable. Or you can just turn the pesky thing on or off. (non-PaGp). Of course it will only work if you are both on if you choose the non-PaGp mode. As for knowing the right compatibility, remember that desirable people are also aggressive. :) Two aggressive people can communicate. Auto is passive. Two passive people cannot communicate. One aggressive and one passive can communicate as well. Just think of an aggressive desirable as those players. (male or female). Those nice guys and girls who are passive just never get with anyone. :) Sorry, I just immediately jumped the gun and assumed you chose the two passive case without really reading carefully and remembering my own rules. :( Very bad form, I do not blame anyone for not believing me after such a blunder. You cannot do both as desirable. One must be desirable and the other auto. Or you can try forcing the modes to "on" and "on". That might fix it! At 12:57 PM 10/21/01 -0400, Brad Moss wrote: >I am trying to connect two cat5500s and am unable to get port channel to >come online. I have configured both sides below is the config of the ports. >Any help would be greatly appreciated. These are production switches the >only thing I have to done is reboot them. For some reason they are not >recognizing that they are connect to the same switch on the other end of >either link. I am unaware on any "special" things that must happen for port >channeling both blades support it. > > >Set po channel 8/3-4 mode desirable >Set trunk 8/3 isl on >Set trunk 8/4 isl on > >Set po channel 1/1-2 desirable >Set trunk 1/1 isl on >Set trunk 1/2 isl on > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/3 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/3 connected desirable non-silent 157 0 > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/4 connected trunk normal full 100 100BaseFX >MM >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/4 connected desirable non-silent 157 0 > >SJMDFSW01> (enable) sho po channel >No ports channeling > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device port >- -- - --- - -- > 1/1 connected desirable not channel > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device >port >- -- - --- - -- > 1/2 connected desirable not channel > >SJDCSW02> (enable) sho po channel >No ports channelling > > >Brad Moss, CCNA >Network Administrator >CHRISTUS St. Joseph's Medical Center - South >www.christushealth.org >(903) 737-3160 >[EMAIL PROTECTED] -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23702&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Etherchannel [7:23692]
Ports can form an EtherChannel when they are in different channel modes as long as the modes are compatible. For example: a.. A port in desirable mode can form an EtherChannel successfully with another port that is in desirable or auto mode. b.. A port in auto mode can form an EtherChannel with another port in desirable mode. c.. A port in auto mode cannot form an EtherChannel with another port that is also in auto mode, since neither port will initiate negotiation. d.. A port in on mode can form a channel only with a port in on mode, because ports in on mode do not exchange PAgP packets. e.. A port in off mode will not form a channel with any port. Copied from http://www.cisco.com/warp/public/793/lan_switching/6.html The first one suggests your desirable - desirable would be good. Gaz ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You cannot do both as desirable. One must be desirable and the > other auto. Or you can try forcing the modes to "on" and "on". That might > fix it! > > At 12:57 PM 10/21/01 -0400, Brad Moss wrote: > >I am trying to connect two cat5500s and am unable to get port channel to > >come online. I have configured both sides below is the config of the ports. > >Any help would be greatly appreciated. These are production switches the > >only thing I have to done is reboot them. For some reason they are not > >recognizing that they are connect to the same switch on the other end of > >either link. I am unaware on any "special" things that must happen for port > >channeling both blades support it. > > > > > >Set po channel 8/3-4 mode desirable > >Set trunk 8/3 isl on > >Set trunk 8/4 isl on > > > >Set po channel 1/1-2 desirable > >Set trunk 1/1 isl on > >Set trunk 1/2 isl on > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 8/3 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Admin Ch > > Mode Group Id > >- -- - - > > 8/3 connected desirable non-silent 157 0 > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 8/4 connected trunk normal full 100 > 100BaseFX > >MM > >Port Status Channel Admin Ch > > Mode Group Id > >- -- - - > > 8/4 connected desirable non-silent 157 0 > > > >SJMDFSW01> (enable) sho po channel > >No ports channeling > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Channel Neighbor Neighbor > > mode status device > port > >- -- - --- - -- > > 1/1 connected desirable not channel > > > >Port Name Status Vlan Level Duplex Speed Type > >- -- -- -- -- -- - - > >--- > > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 > 100BaseFX > >MM > > > >Port Status Channel Channel Neighbor Neighbor > > mode status device > >port > >- -- - --- - -- > > 1/2 connected desirable not channel > > > >SJDCSW02> (enable) sho po channel > >No ports channelling > > > > > >Brad Moss, CCNA > >Network Administrator > >CHRISTUS St. Joseph's Medical Center - South > >www.christushealth.org > >(903) 737-3160 > >[EMAIL PROTECTED] > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23700&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Etherchannel [7:23692]
What does "show port capabilities" show you Brad? ""Brad Moss"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am trying to connect two cat5500s and am unable to get port channel to > come online. I have configured both sides below is the config of the ports. > Any help would be greatly appreciated. These are production switches the > only thing I have to done is reboot them. For some reason they are not > recognizing that they are connect to the same switch on the other end of > either link. I am unaware on any "special" things that must happen for port > channeling both blades support it. > > > Set po channel 8/3-4 mode desirable > Set trunk 8/3 isl on > Set trunk 8/4 isl on > > Set po channel 1/1-2 desirable > Set trunk 1/1 isl on > Set trunk 1/2 isl on > > Port Name Status Vlan Level Duplex Speed Type > - -- -- -- -- -- - --- -- > --- > 8/3 connected trunk normal full 100 100BaseFX > MM > > Port Status Channel Admin Ch > Mode Group Id > - -- - - > 8/3 connected desirable non-silent 157 0 > > Port Name Status Vlan Level Duplex Speed Type > - -- -- -- -- -- - --- -- > --- > 8/4 connected trunk normal full 100 100BaseFX > MM > Port Status Channel Admin Ch > Mode Group Id > - -- - - > 8/4 connected desirable non-silent 157 0 > > SJMDFSW01> (enable) sho po channel > No ports channeling > > Port Name Status Vlan Level Duplex Speed Type > - -- -- -- -- -- - --- -- > --- > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX > MM > > Port Status Channel Channel Neighbor Neighbor > mode status device port > - -- - --- - - - > 1/1 connected desirable not channel > > Port Name Status Vlan Level Duplex Speed Type > - -- -- -- -- -- - --- -- > --- > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX > MM > > Port Status Channel Channel Neighbor Neighbor > mode status device > port > - -- - --- - - - > 1/2 connected desirable not channel > > SJDCSW02> (enable) sho po channel > No ports channelling > > > Brad Moss, CCNA > Network Administrator > CHRISTUS St. Joseph's Medical Center - South > www.christushealth.org > (903) 737-3160 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23699&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Reading the show int token ring command [7:23640]
Right. One thing that is a little out is BW 4000MB and ring speed 16 Mbps. Fred Dennis Laganiere wrote: > > I just wanted to double-check myself. The line #9 from the following "show > interface token-ring 0" output says... > > 1.) TokenRing 0 is up, line protocol is up > 2.) Hardware is Dual Token Ring, address is .3080.5fca (bia > .3080.5fca) > 3.) Internet address is 1.0.0.7, subnet mask is 255.0.0.0 > 4.) MTU 8136 bytes, BW 4000 Kbit, DLY 630 usec, rely 255/255, load 1/255 > 5.) Encapsulation SNAP, loopback not set, keepalive set (10 sec) > 6.) ARP type: SNAP, ARP Timeout 4:00:00 > 7.) Ring speed: 16 Mbps > 8.) Single ring node, Source Route Transparent Bridge capable > 9.) Source bridging enable, srn 1 bn 2 trn 1000 (ring group) > 10.) Proxy explorers disable, spanning explorer enabled, NetBIOS cache > disable > 11.) Group Address: 0x, Functional Address: 0x011A > > local ring number - 1 > bridge number - 2 > ring group - 1000 > > Right? > > --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23698&t=23640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Etherchannel [7:23692]
Thanks.. I also found another problem in the sho config all The vlans on 1/1 and 1/2 are different. I did not realize it until I tried to force the channel on and it told me so. I assumed they were the same looking at the sho po when it said trunk. Thanks again. Brad Moss CCNA -Original Message- From: Carroll Kong [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 21, 2001 1:14 PM To: Brad Moss Cc: [EMAIL PROTECTED] Subject: Re: Problem with Etherchannel [7:23692] You cannot do both as desirable. One must be desirable and the other auto. Or you can try forcing the modes to "on" and "on". That might fix it! At 12:57 PM 10/21/01 -0400, Brad Moss wrote: >I am trying to connect two cat5500s and am unable to get port channel to >come online. I have configured both sides below is the config of the ports. >Any help would be greatly appreciated. These are production switches the >only thing I have to done is reboot them. For some reason they are not >recognizing that they are connect to the same switch on the other end of >either link. I am unaware on any "special" things that must happen for port >channeling both blades support it. > > >Set po channel 8/3-4 mode desirable >Set trunk 8/3 isl on >Set trunk 8/4 isl on > >Set po channel 1/1-2 desirable >Set trunk 1/1 isl on >Set trunk 1/2 isl on > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/3 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/3 connected desirable non-silent 157 0 > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/4 connected trunk normal full 100 100BaseFX >MM >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/4 connected desirable non-silent 157 0 > >SJMDFSW01> (enable) sho po channel >No ports channeling > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device port >- -- - --- - -- > 1/1 connected desirable not channel > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device >port >- -- - --- - -- > 1/2 connected desirable not channel > >SJDCSW02> (enable) sho po channel >No ports channelling > > >Brad Moss, CCNA >Network Administrator >CHRISTUS St. Joseph's Medical Center - South >www.christushealth.org >(903) 737-3160 >[EMAIL PROTECTED] -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23697&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
The reason I asked was to see if other peoples impression was the same as mine. I've got the tools for the level 7 passwords, but was under the impression that the enable secret was almost impossible. I do some work for a fairly large company that had some penetration testing done this week by a government agency. One of the "hackers" told me that depending on the length and complexity of the password he could crack the enable password from the MD5 hash pretty quickly. The passwords we normally use for enable secrets are over 8 character random alphanumeric strings, so it was taking some time. Not believing him entirely, I suggested that I simplify the password a little to a dictionary word of 7 characters. I changed it to "kittens" and it took his unix box around 5 seconds to go through the dictionary performing MD5 hash on every word, then comparing the result with the real hash. I was quite surprised at how quick it was. Admittedly they need to see the MD5 hash somehow, but I've never gone over the top to cover these up before now. We also (a little carelessly) got caught out with a few switches with "IP HTTP SERVER" on as default, so the weakness with http allowed level 15 access to the switches. Oops. Just thought I'd bring it up anyway. I think "no ip http server" and more complex passwords are in order. Regards, Gareth ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The enable secret would not be an easy thing to crack. The enable password, > however, can be cracked easily with a number of utilities available for free > on the internet. > > If you have hackers attacking your network who have the capability to crack > the enable secret then you have much bigger problems. > > As I recall, the enable secret displayed when you do a show run is a one-way > hash, so the original cannot be determined from the encrypted version. I'll > have to check into that. > > A good hacker would spend his time elsewhere. Sitting at the login prompt > trying to guess passwords for a few years probably isn't a wise way to spend > one's time. Hackers tend to go for the low-hanging fruit. > > Regards, > John > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > | Hi all, > | > | I'm asking this as a matter of interest after something I saw this week: > | Given the following line of config: > | > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > | > | What are the chances of cracking the enable secret? (Without raising > | suspicicion by having 40 million attempts on the box itself.) > | Lets say the password is an 8 character string of letters only, not > | necessarily a dictionary word. > | > | What's everybody's view, could it be easily hacked or not? > | > | > | Thanks, > | > | Gaz > | > | > | > | > ___ > http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23696&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
>From what I understand, the enable secret is MD5 encrypted. If my memory serves me right, the password file on Linux system (/etc/shadow)is also md5 encrypted. If that is the case, there are utilities on the Internet that can be used to crack this baby. Granted that it is going to require memory and CPU power but it is not as difficult as it sounds. That's the reason why the /etc/shadow file on unix system is read/writable only by root. >From: "John Neiberger" >Reply-To: "John Neiberger" >To: [EMAIL PROTECTED] >Subject: Re: OT: Enable secret hacking [7:23670] >Date: Sun, 21 Oct 2001 12:45:19 -0400 > >The enable secret would not be an easy thing to crack. The enable >password, >however, can be cracked easily with a number of utilities available for >free >on the internet. > >If you have hackers attacking your network who have the capability to crack >the enable secret then you have much bigger problems. > >As I recall, the enable secret displayed when you do a show run is a >one-way >hash, so the original cannot be determined from the encrypted version. >I'll >have to check into that. > >A good hacker would spend his time elsewhere. Sitting at the login prompt >trying to guess passwords for a few years probably isn't a wise way to >spend >one's time. Hackers tend to go for the low-hanging fruit. > >Regards, >John > >On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > >| Hi all, >| >| I'm asking this as a matter of interest after something I saw this week: >| Given the following line of config: >| >| enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 >| >| What are the chances of cracking the enable secret? (Without raising >| suspicicion by having 40 million attempts on the box itself.) >| Lets say the password is an 8 character string of letters only, not >| necessarily a dictionary word. >| >| What's everybody's view, could it be easily hacked or not? >| >| >| Thanks, >| >| Gaz >| >| >| >| >___ >http://inbox.excite.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23694&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Etherchannel [7:23692]
You cannot do both as desirable. One must be desirable and the other auto. Or you can try forcing the modes to "on" and "on". That might fix it! At 12:57 PM 10/21/01 -0400, Brad Moss wrote: >I am trying to connect two cat5500s and am unable to get port channel to >come online. I have configured both sides below is the config of the ports. >Any help would be greatly appreciated. These are production switches the >only thing I have to done is reboot them. For some reason they are not >recognizing that they are connect to the same switch on the other end of >either link. I am unaware on any "special" things that must happen for port >channeling both blades support it. > > >Set po channel 8/3-4 mode desirable >Set trunk 8/3 isl on >Set trunk 8/4 isl on > >Set po channel 1/1-2 desirable >Set trunk 1/1 isl on >Set trunk 1/2 isl on > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/3 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/3 connected desirable non-silent 157 0 > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 8/4 connected trunk normal full 100 100BaseFX >MM >Port Status Channel Admin Ch > Mode Group Id >- -- - - > 8/4 connected desirable non-silent 157 0 > >SJMDFSW01> (enable) sho po channel >No ports channeling > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device port >- -- - --- - -- > 1/1 connected desirable not channel > >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - - >--- > 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX >MM > >Port Status Channel Channel Neighbor Neighbor > mode status device >port >- -- - --- - -- > 1/2 connected desirable not channel > >SJDCSW02> (enable) sho po channel >No ports channelling > > >Brad Moss, CCNA >Network Administrator >CHRISTUS St. Joseph's Medical Center - South >www.christushealth.org >(903) 737-3160 >[EMAIL PROTECTED] -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23693&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem with Etherchannel [7:23692]
I am trying to connect two cat5500s and am unable to get port channel to come online. I have configured both sides below is the config of the ports. Any help would be greatly appreciated. These are production switches the only thing I have to done is reboot them. For some reason they are not recognizing that they are connect to the same switch on the other end of either link. I am unaware on any "special" things that must happen for port channeling both blades support it. Set po channel 8/3-4 mode desirable Set trunk 8/3 isl on Set trunk 8/4 isl on Set po channel 1/1-2 desirable Set trunk 1/1 isl on Set trunk 1/2 isl on Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - - --- 8/3 connected trunk normal full 100 100BaseFX MM Port Status Channel Admin Ch Mode Group Id - -- - - 8/3 connected desirable non-silent 157 0 Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - - --- 8/4 connected trunk normal full 100 100BaseFX MM Port Status Channel Admin Ch Mode Group Id - -- - - 8/4 connected desirable non-silent 157 0 SJMDFSW01> (enable) sho po channel No ports channeling Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - - --- 1/1 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX MM Port Status Channel Channel Neighbor Neighbor mode status deviceport - -- - --- - -- 1/1 connected desirable not channel Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - - --- 1/2 Uplink SJMDFSW01 connected trunk normal full 100 100BaseFX MM Port Status Channel Channel Neighbor Neighbor mode status device port - -- - --- - -- 1/2 connected desirable not channel SJDCSW02> (enable) sho po channel No ports channelling Brad Moss, CCNA Network Administrator CHRISTUS St. Joseph's Medical Center - South www.christushealth.org (903) 737-3160 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23692&t=23692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Queston about Aironet !!! [7:23691]
Hi Folks, Question : 1. What is the transmision rate in Mbs againts distance, meaning that if you are the only user on the AP will the data transfer rate degrade when you are getting far away from the AP. 2. What is the max distance from AP to workstation. 3. If your server is runing DHCP, AP set to be static, will the cleint be able to get dynamic IP. 4. Is there any integration between the Aironet systems with the barcode wireless systems which is also Aironet(2Mbps). 5. How to explain on the Beacon receive show on the Aironet program when we perform signal strength monitoring. Which the signal strength degrade againts distance and the beacon tend to be on 100%. Looking forward for your reply Thanks Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23691&t=23691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: test [7:23675]
Are you posting by mail ? There was a problem with some mail a few days back due to a system upgrade I believe. ""Tim Booth"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > My most recent post (an anwer to ITGuy's acl query) didn't appear. this is > a test. > > I've had problems with missing posts as well > > Tim Booth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23690&t=23675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
I am participating in a study group at Cisco here in the Dallas area. Even the Cisco Engineers in the group are there for their own edification to help them pass. I know if I had access to the lab equipment all the time like they do, I would be feeling fairly confident. I haven't even attempted the written yet but I have years worth of router time in a production environment. The number of CCIEs get depressing if you look at them for too long. Just keep looking at dice.com, hotjobs.com and such for jobs requiring a CCIE. Keeps me interested. :-) Ken >>> "Thomas Larus" 10/21/01 10:52AM >>> I wouldn't worry too much about the raw numbers. A lot of these supposed 1700 a month are VERY good at memorization, and have not touched routers and switches for more than 10 or 12 hours altogether. I have trouble believing the number is quite that high, because the lab dates do not seem to be getting booked up anywhere near that fast. People haven't a prayer of passing the CCIE Lab until they get many hundreds or perhaps a thousand or two thousand hours of work configuring routers and switches. It is a long road, and I am still a long way from getting to the CCIE Lab milestone myself, but the journey itself is very satisfying. Thomas Larus ""Hello Hello"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ccie r catching up with ...mcse now > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23688&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
"ccie r catching up with ...mcse now" That's a bit of a wild inaccurate statement. I reckon after doing my CCNP it wouldn't take too long to get past the CCIE written with 4 to 6 weeks good study. I reckon the CCIE Lab could take me a year or more of hard work to get anywhere near it, if ever. I am looking at the doing the MCSE to broaden the knowledge a little. Looking through the syllabus I am looking at around 6 weeks of study with odd breaks in between. MCSE and CCIE will never be comparable. It amuses me when people do compare them. I think "CCIE written" is a little misleading - As far as I'm concerned its a fairly testing written exam to stop time wasters taking what is the real CCIE exam - The LAB. My two penneth... Gaz ""Hello Hello"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ccie r catching up with ...mcse now > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23687&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
The enable secret would not be an easy thing to crack. The enable password, however, can be cracked easily with a number of utilities available for free on the internet. If you have hackers attacking your network who have the capability to crack the enable secret then you have much bigger problems. As I recall, the enable secret displayed when you do a show run is a one-way hash, so the original cannot be determined from the encrypted version. I'll have to check into that. A good hacker would spend his time elsewhere. Sitting at the login prompt trying to guess passwords for a few years probably isn't a wise way to spend one's time. Hackers tend to go for the low-hanging fruit. Regards, John On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: | Hi all, | | I'm asking this as a matter of interest after something I saw this week: | Given the following line of config: | | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 | | What are the chances of cracking the enable secret? (Without raising | suspicicion by having 40 million attempts on the box itself.) | Lets say the password is an 8 character string of letters only, not | necessarily a dictionary word. | | What's everybody's view, could it be easily hacked or not? | | | Thanks, | | Gaz | | | | ___ http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23689&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
I wholeheartedly agree. I'm just starting out in the industry and having seen some CCIE practice questions, I wonder why this is such an accomplishment for some. The written is not that much harder than the CCNP tests (someone with a few weeks and good books on their hands can pass the written). Lets remember that there are less than 7000 CCIEs worldwide. 1700 people may pass the written , but its unlikely that more than 2-3 % take or pass the written within one year. ""Thomas Larus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I wouldn't worry too much about the raw numbers. A lot of these supposed > 1700 a month are VERY good at memorization, and have not touched routers and > switches for more than 10 or 12 hours altogether. I have trouble believing > the number is quite that high, because the lab dates do not seem to be > getting booked up anywhere near that fast. People haven't a prayer of > passing the CCIE Lab until they get many hundreds or perhaps a thousand or > two thousand hours of work configuring routers and switches. > > It is a long road, and I am still a long way from getting to the CCIE Lab > milestone myself, but the journey itself is very satisfying. > > Thomas Larus > > ""Hello Hello"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > ccie r catching up with ...mcse now > > > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] > xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23685&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: test [7:23675]
> My most recent post (an anwer to ITGuy's acl query) didn't appear. this is a test. I've had problems with missing posts as well Tim Booth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23684&t=23675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23680]
I wouldn't worry too much about the raw numbers. A lot of these supposed 1700 a month are VERY good at memorization, and have not touched routers and switches for more than 10 or 12 hours altogether. I have trouble believing the number is quite that high, because the lab dates do not seem to be getting booked up anywhere near that fast. People haven't a prayer of passing the CCIE Lab until they get many hundreds or perhaps a thousand or two thousand hours of work configuring routers and switches. It is a long road, and I am still a long way from getting to the CCIE Lab milestone myself, but the journey itself is very satisfying. Thomas Larus ""Hello Hello"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ccie r catching up with ...mcse now > http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED] xa4O3aKi^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23683&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Word of Caution [7:23363]
Rick hit it right on the head. I take an apology from a "sale" guy with a grain of salt. Robert, why don't you do the honorable thing and sell to debbie what she bidded for when she placed the order? I teach networking a a community college and I have a lot of students asking me where they can purchase networking gears. One thing I will tell them for sure is to "stay away" from www.itparade.com. As Rick has mentioned before, we don't judge people by their mistakes, we judge people on how they correct them. If memory serves me right, I remembered a few months back United Airlines mistakenly posted on their web sites flying coast to coast for $1.00. Guess what happened, United Airlines has to honor it because it is the "right thing to do". In this case, we have a sale guy try to come up with a lame excuse that their system was not functioning properly at the time the customer placed orders. Believe me, in this age of instant messaging, www.itparade.com will be the place that networking folks stay away when it comes to purchasing equipments. >From: "Rik Guyler" >Reply-To: "Rik Guyler" >To: [EMAIL PROTECTED] >Subject: RE: Word of Caution [7:23363] >Date: Sun, 21 Oct 2001 10:20:56 -0400 > >While I don't judge people by their mistakes, I do tend to judge them by >how >they correct them. Was it Debbie's fault your systems went down? No. I >don't pretend to live in a world where malfunctions don't happen, but when >your "systems" take a crap you should be ready to deal with the fallout. > >Seems to me that just eating the $500 would have been cheaper than having >to >now clean up the mess and deal with the lost revenue of many, such as >myself, that will never buy anything from you. Besides, it would appear >that Debbie's bad experience was hardly the first according to other >members >of our group and we just don't need crap like that to deal with, especially >since we have quality vendors like Brad Ellis (Big Brad!) to work with >instead. Before you ask, I don't work with Brad in any way...I am a >customer only. > >Rik "Buy Only From Brad" Guyler > >-Original Message- >From: Robert Davie [mailto:[EMAIL PROTECTED]] >Sent: Thursday, October 18, 2001 10:43 AM >To: [EMAIL PROTECTED] >Subject: Re: Word of Caution [7:23363] > > >I would like to respond to a message (below) that went out over a >GroupStudy >mailing list regarding our company. > >When our system is functioning properly (99%) we have two mechanisms that >work that were not working when Debbie placed her order: > 1.. A guard against low-ball offers for items that have sale prices. >This >guard prevents offers of less than 80% of the sale price. (Debbie's offer >was $100 for a $600 item.) > 2.. Order Acceptance. This was malfunctioning and accepting orders that >were being declined. After explaining this to Debbie, who appears to be a >very knowledgeable and market savvy person, we felt that the system >malfunction would garner her understanding. > >She threatened to send out an email to the GroupStudy mailing list if we >did >not fulfill the order, and we indicated that we would respond to her email >message. > >Having been in sales all my life and career and with happy customers >ranging >from AT&T to Sun Microsystems, I feel this is a very unfortunate >occurrence. > >Robert Davie >EVP >Ph: 919-388-9993 x3102 >Fax: 919-388-9992 >ITParade.com, Inc. > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Debbie Westall >Sent: Wednesday, October 17, 2001 9:08 AM >To: [EMAIL PROTECTED] >Subject: OT: A Word of Caution about Vendor [7:23244] > >Greetings, > >I wanted to give everyone a heads-up on the list about >a vendor I recently dealt with over the Internet. > >The web site is www.itparade.com. > >They are a site that acts as a "middleman" for sellers >of equipment. > >Last week I put an offer on a router (2501). I admit >the offer was very low, but I had never used this site >so I figured "why not". A couple of hours later I >received an email from them saying that my offer was >accepted by the seller and I was to log on to another >site to make payment arrangements. I logged into >PitNeyPay.com to add my credit card info as requested. >The next day I received a phone call from a person at >itparade, saying they have pulled my offer, that the >seller actually rejected my offer but itparade's web >site was "broken" so the email went out incorrectly. >The person at itparade, also mentioned that the seller >would be more than happy to sell me that piece of >equipment for 600.00 rather than my offer. Which would >have been more than double my initial offer. Needless >to say, I rejected that. > >I spoke to the Executive VP and the CEO of the company >to no avail. They will not stand behind the email that >came to me that my offer was accepted. > >Just wanted to give everyone a heads-up to STAY AWAY >from this site. If it sounds to good to be true, it >probably is
2611 [7:23681]
I just got DSL. I have a 2611 and want to use this as a firewall since this is a 24X7X365 connection. I found out my DSL router changes the IP every 24hours. I have found a command that allows me to receive an IP address on E0 or E1, which ever I choose as the outside interface, and want to know if I am on the right track. I know it is probably not recommended, but this is all I have and would like to work with it. If this is cool, can I also utilize NAT/PAT and just specify ethernetX instead of a static IP? Any help and constructive comments would be appreciated. Julius __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23681&t=23681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Netsys Baseliner [7:23611]
AFAIK, this product is now WANDL IPAT at http://www.wandl.com Not sure if there are any eval CDs for it. Geoff Zinderdine ""Hans Stout"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello colleagues, > > I am trying to find information about the Netsys Baseliner, as far as I know > it is an EoL product and not available anymore. I know that there once was > an evaluation CD; does anybody know if that CD is still available, or can I > get it from somebody ? Or is somebody willing to sell his or her version > (NT) to me ? > > Regards, > > Hans > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23679&t=23611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
over 1700 passing ccie written every month [7:23680]
ccie r catching up with ...mcse now http://searchnetworking.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^1@.ee8464a/114!viewtype=threadDate&skip=&expand= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23680&t=23680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Enable secret hacking [7:23670]
There are several tools available to reverse the standard cisco password encryption. However, the output that you show for enable secret isn't the standard encrypted password; rather, it's the output of a one-way hash on the password (the whole point of enable secret). So, I'd say that the chances of cracking the enable secret without some serious horsepower are rather slim. Craig At 09:13 AM 10/21/2001 -0400, you wrote: >Hi all, > >I'm asking this as a matter of interest after something I saw this week: >Given the following line of config: > >enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > >What are the chances of cracking the enable secret? (Without raising >suspicicion by having 40 million attempts on the box itself.) >Lets say the password is an 8 character string of letters only, not >necessarily a dictionary word. > >What's everybody's view, could it be easily hacked or not? > > >Thanks, > >Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23678&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Word of Caution [7:23363]
While I don't judge people by their mistakes, I do tend to judge them by how they correct them. Was it Debbie's fault your systems went down? No. I don't pretend to live in a world where malfunctions don't happen, but when your "systems" take a crap you should be ready to deal with the fallout. Seems to me that just eating the $500 would have been cheaper than having to now clean up the mess and deal with the lost revenue of many, such as myself, that will never buy anything from you. Besides, it would appear that Debbie's bad experience was hardly the first according to other members of our group and we just don't need crap like that to deal with, especially since we have quality vendors like Brad Ellis (Big Brad!) to work with instead. Before you ask, I don't work with Brad in any way...I am a customer only. Rik "Buy Only From Brad" Guyler -Original Message- From: Robert Davie [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 18, 2001 10:43 AM To: [EMAIL PROTECTED] Subject: Re: Word of Caution [7:23363] I would like to respond to a message (below) that went out over a GroupStudy mailing list regarding our company. When our system is functioning properly (99%) we have two mechanisms that work that were not working when Debbie placed her order: 1.. A guard against low-ball offers for items that have sale prices. This guard prevents offers of less than 80% of the sale price. (Debbie's offer was $100 for a $600 item.) 2.. Order Acceptance. This was malfunctioning and accepting orders that were being declined. After explaining this to Debbie, who appears to be a very knowledgeable and market savvy person, we felt that the system malfunction would garner her understanding. She threatened to send out an email to the GroupStudy mailing list if we did not fulfill the order, and we indicated that we would respond to her email message. Having been in sales all my life and career and with happy customers ranging from AT&T to Sun Microsystems, I feel this is a very unfortunate occurrence. Robert Davie EVP Ph: 919-388-9993 x3102 Fax: 919-388-9992 ITParade.com, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Debbie Westall Sent: Wednesday, October 17, 2001 9:08 AM To: [EMAIL PROTECTED] Subject: OT: A Word of Caution about Vendor [7:23244] Greetings, I wanted to give everyone a heads-up on the list about a vendor I recently dealt with over the Internet. The web site is www.itparade.com. They are a site that acts as a "middleman" for sellers of equipment. Last week I put an offer on a router (2501). I admit the offer was very low, but I had never used this site so I figured "why not". A couple of hours later I received an email from them saying that my offer was accepted by the seller and I was to log on to another site to make payment arrangements. I logged into PitNeyPay.com to add my credit card info as requested. The next day I received a phone call from a person at itparade, saying they have pulled my offer, that the seller actually rejected my offer but itparade's web site was "broken" so the email went out incorrectly. The person at itparade, also mentioned that the seller would be more than happy to sell me that piece of equipment for 600.00 rather than my offer. Which would have been more than double my initial offer. Needless to say, I rejected that. I spoke to the Executive VP and the CEO of the company to no avail. They will not stand behind the email that came to me that my offer was accepted. Just wanted to give everyone a heads-up to STAY AWAY from this site. If it sounds to good to be true, it probably is.. Has anyone used them before or heard of them. Thanks Debbie __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23677&t=23363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle Chap:14 Config Q.1 [7:23648]
Trying this post again... Basically, the wildcard mask's 1 bits are the bits that will be ignored in the ip address. 172.16.1.0 0.0.0.127 and 172.16.1.128 0.0.0.127 both refer to all addresses that share the same bit-structure for the first 25 bits...in the first case the 25th bit is a 1, in the second the 25th bit is a zero. Between the two acl's that use these two ip/mask combinations, you would be screening out the entire 172.16.1/24 anyway, so I would recommend that you use an acl with: "172.16.1.0 0.0.0.255". HTH :-{)] Mark A. Morenz, MS Ed, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23676&t=23648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:23675]
My most recent post (an anwer to ITGuy's acl query) didn't appear. this is a test. :-{)] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23675&t=23675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS upgrade problem - 2621 [7:23526]
I haven't lost code in a 2600 or 3600 lately, but if I recall correctly I had to use Xmodem. Follow the instructions to change the HyperTerminal speed to 115200 @ ROMMON & pull the file through your console connection. If it's a large image, pull some smaller IP version that will allow you to use the interfaces for you final upload. All the best !!! Phil - Original Message - From: "kwock99" To: Sent: Saturday, October 20, 2001 11:50 AM Subject: Re: IOS upgrade problem - 2621 [7:23526] > I have tried to use the tftpdnld at the rommon> prompt and get the following > error massage: > > "Please reset before executing this command" > > I key in all the parameter (IP address, tftp server address, etc). After > reset, I issue the command tftpdnld, and get the same error message again. > > Any idea to solve this problem? Thanks. > > Francis > > - Original Message - > From: "John Neiberger" > To: > Sent: Saturday, October 20, 2001 12:23 AM > Subject: Re: IOS upgrade problem - 2621 [7:23526] > > > > If the router will not boot then you must do this from rommon mode. > > When the router is attempting to boot, issue a break using whichever > > keys your terminal software expects. When you get to a prompt, type > > tftpdnld in lowercase. This will show you a list of variables that need > > to be set for a tftp transfer to work properly. Connect the ethernet > > port on the router to your network (or laptop, or whatever has a valid > > image), set the necessary variables, and then type tftpdnld again. > > > > If all variables are set correctly the router will now begin a tftp > > transfer. When it is finished, type "i" or "reset" to reboot the > > router. > > > > HTH, > > John > > > > >>> "kwock99" 10/19/01 9:57:44 AM >>> > > I have upgraded the Router with the other IOS. After I download it to > > the > > router and it saved the new IOS to the flash successfully. > > > > After I power up the router, I get the error that the router does not > > have > > enought memory to run IOS. Anyone knows how to erase the new IOS and > > tftp > > back > > the "old" IOS to the router (2621). > > > > Thanks. > > > > Francis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23673&t=23526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and IKE [7:23599]
Lee- I'm not sure if you realize that you're asking about a feature of IPSec. IKE stands for Internet Key Exchange and is a part of the Cisco IPSec process. I have a Cisco PDF from a class I took a year or so ago. Let me know if you are interested... All the best !!! Phil - Original Message - From: "Keyur Shah" To: Sent: Saturday, October 20, 2001 4:51 PM Subject: RE: IPSec and IKE [7:23599] > In a nutshell, > > IPSEC is encryption methodology open standard. IPSEC SAs can be configured > using IKE or manual keying. IKE saves time and manual work in hub and spoke > configurations. It is an algorithm that uses policy to determine matching > parameters with the other side. In absence of IKE, you would have to > configure each parameter manually on all participating routers and clients. > > IKE is called phase I negotiation, which ensures that peer is who it says it > is. > > -Keyur Shah- > CCIE# 4799 (Security; Routing and Switching) > CSS1,CCNA,CCDA,SCSA,SCNA,MCT,MCSE,MCP+I,MCP,CNI,MCNE,CNE,CNA > Hello Computers > "Say Hello to Your Future!" > http://www.hellocomputers.com > Toll-Free: 1.877.794.3556 > International: 1.510.795.6815 > Eurpoe: +(44)20 7900 3011 > Fax: 1.510.291.2250 > > > > > -Original Message- > From: Hunt Lee [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 19, 2001 6:16 PM > To: [EMAIL PROTECTED] > Subject: IPSec and IKE [7:23599] > > > Can anyone please explain to me what is the difference between IPSec and > IKE? I understand that IP Sec is just IP Security, which provides IP network > layer encryption and authentication to end-to-end security on an > infrastructure, but what's IKE? I read the Cisco MCNS book from Chapter 15 > to 17 many times, yet I'm still very confused. > > Any help will be greatly appreciated. > > Best Regards, > Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23672&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Power Adapter Recall [7:23645]
Wow- great research Brad !!! I just checked my 506 power supply # it's OK... Phil - Original Message - From: "Brad Ellis" To: Sent: Saturday, October 20, 2001 11:10 PM Subject: OT: Cisco Power Adapter Recall [7:23645] > See below: > > http://www.safetyalerts.com/recall/p/014/01270.htm > > "The power adapters were shipped with the following ADSL routers: > > Cisco 827 > Cisco 827-4V > Cisco 826 > > Cisco SOHO77 > Cisco SOHO77-50 > Cisco 827-EUR" > > FYI > > -Brad Ellis > CCIE#5796 > Network Learning Inc > [EMAIL PROTECTED] > used Cisco: www.optsys.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23671&t=23645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Enable secret hacking [7:23670]
Hi all, I'm asking this as a matter of interest after something I saw this week: Given the following line of config: enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 What are the chances of cracking the enable secret? (Without raising suspicicion by having 40 million attempts on the box itself.) Lets say the password is an 8 character string of letters only, not necessarily a dictionary word. What's everybody's view, could it be easily hacked or not? Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23670&t=23670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: weird termsrv problem [7:23660]
Check the placement of your terminal server. Line noise will cause this problem. Sho Line should give you some indication, under the noise column. I actually had Cisco warranty out a 2511 for this problem, only to find moving it away from my 4000's & grounding the rack was the fix. All the best !!! Phil - Original Message - From: "Duy Nguyen" To: Sent: Sunday, October 21, 2001 3:43 AM Subject: Re: weird termsrv problem [7:23660] > My guess is the port could be bad. > > Absolutely Positively Continuously Sincerely, > > > Duy NguyenCCNP/CCIE written > [EMAIL PROTECTED] > Cell (817) 707-7451 > > > > >From: "routerjocky" > >Reply-To: "routerjocky" > >To: > >CC: > >Subject: weird termsrv problem > >Date: Sun, 21 Oct 2001 00:05:16 -0700 > > > >I'm having a strange problem with my homelab 2511. Telnet sessions to the > >terminal server just drop unexpectedly. No rhyme or reason to it. A > >'clear > >arp' command (from the console) allows me to access the terminal server > >again. > >No errors on the e0 interface are being generated. I've tried changing the > >transceiver, cable, and moving to a different hub port, but none of those > >changes seem to solve the problem. One of the weirdest 'flaky' problems > >that > >I've ever seen, and terribly frustrating because I can't diagnose the > >problem > >from the router. (next step: sniff the network) > > > >Has anyone seen this kind of behavior before? > > > >If so, what was the solution? > > > >If not, what's your best guess at what the problem could be? > > > >thanks in advance > >-e- > >May the route be with you > >Switch if you must, route if you can ;-) > >http://members.home.net/airwrck > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23669&t=23660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GBIC: WS-G5484 / WS-G5486 [7:22675]
Ole, I apologize for getting back so late! I went out of town after originally responding and just returned back. Actually the 3500 switches support the copper GBIC as well, just make sure you put a newer IOS on the switch or it won't recognize it. That's the beauty of the GBIC design - all are supported in any GBIC slot, which makes everything so modular. Going the way you described would be expensive and I'm not sure even possible. I have not seen a Gb media converter but that doesn't mean they don't exist. In any case, I would stay with the coppper stuff and save your money. Rik -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 11, 2001 9:14 AM To: 'Rik Guyler'; [EMAIL PROTECTED] Subject: RE: GBIC: WS-G5484 / WS-G5486 [7:22675] Rik, I appologize if this question is terribly stupid, but I have zero experience with fiber communication (yet). As far as I can see, the available Gigabit modules for the 3500 series are all fiber, so I assume that I will have to go with fiber, and then get some kind of a fiber to copper converter too if I wish to use CAT5 (or better) for the media. How does your installation look regarding this? Thanks in advance, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Rik Guyler [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 10, 2001 7:29 PM To: [EMAIL PROTECTED] Subject: RE: GBIC: WS-G5484 / WS-G5486 [7:22675] Ole, I have installed several Gb Intel cards (no other however) and have had no real issues. If you do use these cards, don't use the shipping drivers (at least for NT) - they are bad news. Download the latest from their site and all will be good. CCO has several papers descibing the issue if you feel the need. If you compare the prices of the copper versus the fiber Gb cards, the price difference is huge - $500-$600 for the fiber cards and less than $200 for the copper version. I have installed a few of the fiber variety but typically the client wants the cheaper alternative. I have had nothing but success using existing Cat5 cable. Cat5e might the "preferred" variety but the plain ol' Cat5, provided it's terminated, installed, etc. well, should work fine. Rik -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 10, 2001 3:11 PM To: [EMAIL PROTECTED] Subject: GBIC: WS-G5484 / WS-G5486 [7:22675] Any success stories about a Catalyst with either of these two GBIC's and an NT 4.0 server equipped with a Gigabit NIC (brand/model). Most of the NIC's are around $500.- to $600.-, but there are some around $100.- to $200.- Are they okay, or just cheap crap with a lot of lost frames and incompatible drivers? Also, any happy experiences with Gigabit running over existing CAT5 cables? I thought that since it has been almost two years since I got my last speeding ticket, I might as well accelerate a bit (or actually all the bit's). Thanks, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23668&t=22675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network and Broadcast address [7:23632]
Everybody's showing you the intelligent way, so I thought I'd try showing you my "Subnetting for dummies" method - Works for me- If you can follow the explanation, the calculation is childs play (Please excuse all incorrect network terms used for explanation (broken octets, chunks etc)): "Say I have a network: 100.10.0.0 255.255.255.192" The fourth octet is what I call the broken one (the one which isn't 255 or 0) Take the value of that octet away from 256: 256-192 = 64 This is the size of the network "chunks". So (using multiples of 64 in the broken 4th octet) we have subnets as follows: 100.10.0.0 255.255.255.192 100.10.0.64 255.255.255.192 100.10.0.128 255.255.255.192 100.10.0.192 255.255.255.192 100.10.1.0 255.255.255.192 100.10.1.64 255.255.255.192 etc, etc These are all the network addresses for the ranges above. The broadcast addresses are obviously the last address in each network range (one less than the next network address). So they would be: 100.10.0.63 100.10.0.127 100.10.0.191 100.10.1.63 100.10.1.127 respectively. Hope the explanation helps. If it confuses, forget about it for now, but I'm sure it is the quickest way to work it out. Regards, Gaz ""Hunt Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It would be great if someone can give me a hand on this: I know how to > calculate the number of subents and number of hosts per subent, but I'm > very confused about the Network address and the Broadcast address: > > Say I have a network: 100.10.0.0 255.255.255.192: > > 1) To work out the subnet: > > 100.10.0.0 is a Class A, so = /8 > > 255.255.255.192 = /26 > > Therefore, /26 - /8 = /14, > > The number of subnets = 2^14-2= 16382 > > 2) To work out the number of host: > > /32 - /26 = /6 > > The number of hosts = 2^6-2 = 62 hosts per subnets > > > Thanks so much for your help in advance. > > Best Regards, > Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23667&t=23632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW: Console into a 1924-EN Swtich [7:23029]
The older 1900's are the only ones I've had problems getting into before. There'll be a post in the archives where I listed the pin-outs. After messing about with a breakout box, I found that there was a loop needed between two of the pins on the older 1900's. I got hold of a genuine 1900 console cable some time after which confirmed this. The standard cisco console cable didn't work. If the loop wasn't there it didn't let me in. Sorry, can't find more info at the moment. Gaz ""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED]... > Who said you can't use a standard console cable? Infact that is the cable > you need to use to console in...just like consoling it to any router. Also, > the black aux cable will work :-) > > > >From: "David Toalson" > >Reply-To: "David Toalson" > >To: [EMAIL PROTECTED] > >Subject: FW: Console into a 1924-EN Swtich [7:23029] > >Date: Mon, 15 Oct 2001 11:52:23 -0400 > > > >Check the archives. A lot of activity on the 1924 console connectivity in > >the last year. You will want to use a 9 pin "NULL" modem cable to connect > >to the console. You can purchase them at most electronics places for under > >$10.00. > > > >David Toalson > >816-701-4142 > > > > > -- > > > From: Craig Crosby[SMTP:[EMAIL PROTECTED]] > > > Reply To: Craig Crosby > > > Sent: Monday, October 15, 2001 9:46 AM > > > To: [EMAIL PROTECTED] > > > Subject: Console into a 1924-EN Swtich [7:23029] > > > > > > I am having trouble logging into my 1924 switch. It is running > >Enterprise > > > firmware code. I know that you can't use a standard console kit to get > > > into > > > it. But what are you supposed to use? Any advice would be much > > > appreciated. > > > > > > > > > Thanks, > > > Craig > > > > > > > > > Check out our specials at http://www.netjam.net/specials.html > > > - > > > I am buying and selling used CISCO gear. > > > email me for a quote > > > > > > > > > Craig Crosby [EMAIL PROTECTED] > > > Netjam, LLC p: 1-866-2NETJAM > > > 333 Texas Street f:318-212-0246 > > > Suite 1401 30 day warranty > > > Shreveport, La. 71101 VISA/MC/AMEX/COD > > > Cisco Channel Partner > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23663&t=23029 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trade ccie material [7:23662]
email me [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23662&t=23662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RTP BUG ? 12.1(5)YB4 [7:23661]
Dear All, I am using 12.1(5)YB4 realease of Cisco IOS on 1700 platform. I am running VoIP over the Internet using 64K PPP leased line from my internet service provider. interface FastEthernet0/0 ip address xx.xx.xx.xx 255.255.255.240 no ip route-cache no ip mroute-cache speed auto full-duplex ! interface Serial1/0 bandwidth 64 ip address xx.xx.xx.xx 255.255.255.252 no ip route-cache no ip mroute-cache ip rtp header-compression ip rtp priority 16384 16383 40 ! Above is extract from my config. Now I want to enable the rtp header compression but the problem is that when I enable the it I do not hear anything. Calls get placed but voice packets are not being sent. Is this a BUG with the IOS. Since RTP is layer 4 protocol if I am not wrong so I think my ISP do not need to do anything . My both end to end routers have similar config and have rtp compression enabled. Can you please advice me over this. Someone adviced me that the similar bug was there in the IOS 12.1.5(T). So might be IOS what I am using is having the same bug. Thanks and best regards, Mukul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23661&t=23661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: weird termsrv problem [7:23660]
My guess is the port could be bad. Absolutely Positively Continuously Sincerely, Duy NguyenCCNP/CCIE written [EMAIL PROTECTED] Cell (817) 707-7451 >From: "routerjocky" >Reply-To: "routerjocky" >To: >CC: >Subject: weird termsrv problem >Date: Sun, 21 Oct 2001 00:05:16 -0700 > >I'm having a strange problem with my homelab 2511. Telnet sessions to the >terminal server just drop unexpectedly. No rhyme or reason to it. A >'clear >arp' command (from the console) allows me to access the terminal server >again. >No errors on the e0 interface are being generated. I've tried changing the >transceiver, cable, and moving to a different hub port, but none of those >changes seem to solve the problem. One of the weirdest 'flaky' problems >that >I've ever seen, and terribly frustrating because I can't diagnose the >problem >from the router. (next step: sniff the network) > >Has anyone seen this kind of behavior before? > >If so, what was the solution? > >If not, what's your best guess at what the problem could be? > >thanks in advance >-e- >May the route be with you >Switch if you must, route if you can ;-) >http://members.home.net/airwrck _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23660&t=23660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to upgrade the IOS of C2521?! [7:23498]
Good to have support from all of you. The problem is fixed. It is the config-register that was set to 0x2142 instead of 0x2102. I have never set this to 0x2142. Somehow the config-register was set to wrong value. Maybe the config-register was changed to that value when the upgrade failed the first time. Anyway really fun...I can start my home lab. Thanks a ton. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23659&t=23498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ospf point-to-multipoint [7:23655]
It looks like on page 433, he's describing a situation where the network does not have any broadcast capabilities. Broadcast networks are able to utilize the multicast feature(224.0.0.5) to send hello packets while NBMA and point to multipoint will utilize unicast hello packets because they have had to learn each other by manual configuration(neighbor) or by inverse arp. I hope I stated it correctly. You can search for RFC 2178 for further info or clarification. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Saturday, October 20, 2001 10:52 PM To: [EMAIL PROTECTED] Subject: ospf point-to-multipoint [7:23655] Hello, On Jeff Doyle's TCP/IP volume I, P417 it says point-to-multipoint is multicast; P433 it says it's unicast. Which one is correct? Thanks in advance. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23658&t=23655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]