RE: PIX and Trace Route [7:29854]

[Nick S.]

is it returning the same addresses, or its looping at a point ?

Nick


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29866&t=29854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE SECURITY WORK BOOK [7:29429]

[Khanh Nguyen]

I purchased hello computers workbook. see groupstudy frontpage banner for
their exact link. their web site is www.hellocomputers.com


-Original Message-
From: Brian Whalen [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 17, 2001 5:08 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE SECURITY WORK BOOK [7:29429]


try a search site like www.mysimon.com..



Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Mon, 17 Dec 2001, CRG wrote:

> I am planning on purchasing the "CCIE SECURITY WORK BOOK" for a 
> Christmas gift.  Any one have any feedback on this book or know of a 
> cheaper price than $200?
>
>
>

> **
> *
>
>
> Employment Consultant
> CRG Executive Search & Rescue Placement
> Office: 954-677-9912
> Fax: 888-624-8659
>
>
>

> ***
>
> [GroupStudy.com removed an attachment of type image/gif which had a 
> name of Chess.gif]
-- 

___
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


1 cent a minute calls anywhere in the U.S.!

http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853KJ&url=http://www.getpennytalk.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29865&t=29429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE SECURITY .... [7:29498]

[bob hardwick]

These folks have the best ccie security labs,
http://www.hellocomputers.com/cisco/ccie_security/ccie_security.htm

comes with rack access too. real good labs. i highly recommend them.

bob

-Original Message-
From: CRG [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 9:39 AM
To: [EMAIL PROTECTED]
Subject: CCIE SECURITY  [7:29498]


Pertaining to the CCIE Security Work Book - Can any one tell me :

  a.. Is it helpful for the CCIE written exam?
  b.. Are you allowed to edit and add to the existing notes?
  c.. Is it a must to have for the 351-018 exam?

***


Sr. Employment Consultant
CRG Executive Search & Rescue Placement


***

[GroupStudy.com removed an attachment of type image/gif which had a name of
Chess.gif]
-- 

___
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


1 cent a minute calls anywhere in the U.S.!

http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853KJ&url=http://www.getpennytalk.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29864&t=29498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Latest Hackers Target: Routers [7:29844]

[Andras Bellak]

Ah, but if you are really worried about that extra 60 to 90 seconds to
form the bgp relationship, you probably have other problems - flapping
comes to mind, link stability could be an issue (let's face it, if
you're running bgp, you should be on fairly stable links). Setting aside
bandwidth for bgp relationships to avoid drops on a busy link is a good
idea as well.

I'm more than willing to make small sacrifices to ensure that my link is
stable and my bgp relationships are secure, rather than let every scipt
kiddie out there take a shot at downing my networks.

Granted, I'm not a major ISP, but I think that they could handle setting
up md5 for the few AS to AS connections that they probably have. I have
14 individual AS's on my corporate network, however I'm connecting into
an MPLS backbone that sorta makes the issue of md5 a non-starter -
though I have pushed for it and hope to see it available to me soon.

Anarchy rules! Right?

Andras

-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:49 PM
To: Andras Bellak; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Latest Hackers Target: Routers [7:29844]


I know from my studies that there is BGP neighbor md5 authentication.

Somewhere in my reading I seem to recall that employing authentication
can
add 50-100% to the time it takes a neighbor relationship to form. Fine
for
lab work. maybe not so fine in the world of the production ISP.

phrak, this is all we need. ISP's start preventing BGP packets from any
but
known and trusted sources to cross their networks and there go the
internet
BGP practice labs.

damn anarchists.

Chuck

---
neighbor password
To enable Message Digest 5 (MD5) authentication on a TCP connection
between
two Border Gateway Protocol (BGP) peers, use the neighbor password
router
configuration command. To disable this function, use the no form of this
command.

neighbor {ip-address | peer-group-name} password string
---





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Andras Bellak
Sent: Thursday, December 20, 2001 9:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Latest Hackers Target: Routers [7:29844]


Nigel-

If you dig back through the NANOG archives, there was a rather in depth
and discouraging discussion of encrypting / authorizing BGP session
neighbors. The general result was that almost nobody supported it, and
many in the ISP groups that offer BGP connectivity didn't even know what
it was.

While it might or might not be on the CCIE exams, having some form of
authentication between routing partners is a good thing to practice in
your test labs, and put into production in your networks.

Andras

-Original Message-
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 8:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Latest Hackers Target: Routers [7:29844]


Chuck,
 Yes, I got the thread on this today and forwarded a copy to
some of my co-workers.  I hope folks are making use of the various IOS
implementations to limit the damage done by a prospective attacker.
Things
like CBAC, rate-limit could go a long way in simply providing the needed
time to identify a serious attack and implement more specific filtering
techniques to identify or completely block the attacker.

As it applies to the sniffing of BGP packets to gain route information,
I
was wondering where do things stand now on the implementation of
encrypted
authentication within BGP.  If I'm not mistaken, isn't this suppose to
happen along with support for IPv6.This document references
authentication which sounds like the existing support for MD5 based
authentication.

http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt  (pg
9(a) )


Now this document does seem to address current issues with respects to
the
flaws/vulnerabilities inherent to all TCP based protocols. The important
thing to note is this can be done without the presence of a MPLS aware
backbone based on the model identified by RFC2547bis (MPLS/VPN).

http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.t
xt


Thoughts anyone..

Nigel .

- Original Message -
From: "Chuck Larrieu"
To:
Sent: Thursday, December 20, 2001 10:14 PM
Subject: RE: Latest Hackers Target: Routers [7:29810]


> anyone see a thread about this on NANOG today? The archives are not up
to
> date with today's topics.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Eric Rogers
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: OT: Latest Hackers Target: Routers [7:29810]
>
>
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29863&t=29844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/

RE: Latest Hackers Target: Routers [7:29844]

[Chuck Larrieu]

I know from my studies that there is BGP neighbor md5 authentication.

Somewhere in my reading I seem to recall that employing authentication can
add 50-100% to the time it takes a neighbor relationship to form. Fine for
lab work. maybe not so fine in the world of the production ISP.

phrak, this is all we need. ISP's start preventing BGP packets from any but
known and trusted sources to cross their networks and there go the internet
BGP practice labs.

damn anarchists.

Chuck

---
neighbor password
To enable Message Digest 5 (MD5) authentication on a TCP connection between
two Border Gateway Protocol (BGP) peers, use the neighbor password router
configuration command. To disable this function, use the no form of this
command.

neighbor {ip-address | peer-group-name} password string
---





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Andras Bellak
Sent: Thursday, December 20, 2001 9:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Latest Hackers Target: Routers [7:29844]


Nigel-

If you dig back through the NANOG archives, there was a rather in depth
and discouraging discussion of encrypting / authorizing BGP session
neighbors. The general result was that almost nobody supported it, and
many in the ISP groups that offer BGP connectivity didn't even know what
it was.

While it might or might not be on the CCIE exams, having some form of
authentication between routing partners is a good thing to practice in
your test labs, and put into production in your networks.

Andras

-Original Message-
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 8:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Latest Hackers Target: Routers [7:29844]


Chuck,
 Yes, I got the thread on this today and forwarded a copy to
some of my co-workers.  I hope folks are making use of the various IOS
implementations to limit the damage done by a prospective attacker.
Things
like CBAC, rate-limit could go a long way in simply providing the needed
time to identify a serious attack and implement more specific filtering
techniques to identify or completely block the attacker.

As it applies to the sniffing of BGP packets to gain route information,
I
was wondering where do things stand now on the implementation of
encrypted
authentication within BGP.  If I'm not mistaken, isn't this suppose to
happen along with support for IPv6.This document references
authentication which sounds like the existing support for MD5 based
authentication.

http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt  (pg
9(a) )


Now this document does seem to address current issues with respects to
the
flaws/vulnerabilities inherent to all TCP based protocols. The important
thing to note is this can be done without the presence of a MPLS aware
backbone based on the model identified by RFC2547bis (MPLS/VPN).

http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.t
xt


Thoughts anyone..

Nigel .

- Original Message -
From: "Chuck Larrieu"
To:
Sent: Thursday, December 20, 2001 10:14 PM
Subject: RE: Latest Hackers Target: Routers [7:29810]


> anyone see a thread about this on NANOG today? The archives are not up
to
> date with today's topics.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Eric Rogers
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: OT: Latest Hackers Target: Routers [7:29810]
>
>
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29862&t=29844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco academy's routing skills final ,tough!!! [7:29212]

[Tom Lisa]

All right Jon, your check will be in the mail tomorrow. :)

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy

jon kintner wrote:

> in reply to Mr Macaulay's post:
>
> I've had the same instructor throughout the 5 sems of cisco acad I've
> taken.  He's been here and pushed us as hard as we could go and been a
> damned good instructor.  Even with that, over half of our class failed our
> practical final in sem 5.  I think More responsibility needs to be put on
> the students for their own failures.  I had a hell of a school schedule,
and
> an even worse work schedule during the sem 5 class, and it showed.  You get
> out of it, what you put into it.  and for those students failing the
> practical, it was lack of preparation... I'd take the blame for that before
> I'd pin it on my instructor.
>
> -jon kintner




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29861&t=29212
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCDP too !!! [7:29857]

[[EMAIL PROTECTED]]

Congrats and please advise what are the books you used? In particular, did
you use the latest CID book by Mike Crane? Thanks!



   

   
"Michalis
Palis"   To:
[EMAIL PROTECTED]
   Subject: CCDP too !!!
[7:29857]
Sent
by:
   
nobody@groups
   
tudy.com
   

   

   
12/21/2001
03:37
PM
   
Please
respond
to
   
"Michalis
   
Palis"
   

   





Hello all

I just passed my last exam for the CCDP the CIDv3
I must say that it was the most difficult exam of all.

Thanks to all of you who help me passing the exam
espesially.

Thanks

__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29860&t=29857
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco academy's routing skills final ,tough!!! [7:29212]

[Tom Lisa]

Greg,

You may not be aware, but many, if not all, academies allow the student a
retake if they fail the Skills Based Assessment (practical exam in plain
english -- just put that in since you're a lawyer) the first time.  Every
area
tasked in the practical is covered at least once in a lab experiment
during the semester.

The 60% failure rate I had indicated was for the first try.  Final pass rate
was 90%.  I don't think this is an unacceptable failure rate for CCNP
level students.  BTW, I am reminded, from my days as a consultant for
law office management systems, that there isn't anything brief about a
legal brief.

Happy Holidays All,

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy
(Still Pres., Groupstudy Old Geezers Club)

Greg Macaulay wrote:

> I'd like to inject my own .02 here -- for what it's worth.  I am a retired
> law professor -- having taught law students, lawyers and even judges over
> the years!  One of my pet peeves during my career was the inability of
> students (on whatever level) to effectively communicate both orally and
with
> the written word.
>
> For a number of years I taught in Ireland, England and Australia where
there
> was only one examination per year in each subject.  This meant that a
> student's entire grade for an entire year rested on their performance in a
> single written examination.  Since I had come from an American academic
> background, where there are finals each semester (rather than annually) and
> mid-terms, term papers, class performance, etc. I was a bit shocked at this
> different academic system.
>
> So, in an effort to both deal with my "pet peeve," and ensure that my
> students would be able to effectively communicate their knowledge on a
final
> examination, I instituted a process whereby I gave students, short papers
to
> write every two weeks and reviewed them individually with each student.
> Also, I gave continuous mock examinations to teach students to communicate
> under pressure.
>
> None of this admittedly was for "credit."  Everything still depended on a
> student's performance on their final examination.  However, by aggressively
> pushing students to master written communications during the academic year,
> I hopefully ensured that they maximized their chances of passing -- and
with
> a good grade.
>
> In fact, though I never -- never mentioned it to any student -- I never
> failed any student who showed up for my final examination.  I knew that
> their efforts in dealing with the persistent intense pressure to write
> during the year, and answer my searching cross-examinations of their
> substantive knowledge far surpassed anything they might produce during a 3
> or 4 hour written examination in June.  However, this only became an issue
> with border-line examination scores, as most students passed with
> sufficiently high-grades.
>
> In those instances where a few students who had undergone the year-long
> writing process performed badly or inadequately on the final examination, I
> was always able to give them the benefit of the doubt -- as I knew their
> true abilities from observing their efforts during the academic year.
> Oftentimes, too many external factors, such as a suddent loss of memory,
> physical ailments, fear, stress or other similar factors negatively effect
a
> student's performance on a final examination. My process was a stopgap to
> ensure that those factors were either minimized or negated entirely.
>
> Only those few who failed to attend class, either at all or sporadically
> during the year were not given the benefit of the doubt in borderline
cases.
> Everyone else was given this benefit.
>
> I mention this -- long-windedly (as I am an attorney) -- because it seems
> that there may have been a breakdown in the testing process here.  A
> teacher's responsibility -- especially in a hands-on environment as here --
> is to drum this information into students' heads -- during the acadmeic
> year -- to the point that student's know and understand  the information
> without any effort.  The lab hands-on should not be a means of eliminating
> students, but to ratify that the teacher has effectively communicated the
> information to students during the academic year.  If ALL or MOST students
> fail such an examination, it is a strong sign that the teacher has failed
> his/her responsbilities to the students.
>
> I guess I could go on, but I'll wait and see what flames this message
> brings!
>
> To all, Have a Happy and Joyous Holiday!
>
> Greg Macaulay
> (Almost) Oldest CCNP/CCDP on Earth
> Lifetime AARP member
> Retired Attorney/Law Professor
> - Original Message -
> From: "Tom Lisa" 
> To: 
> Sent: Monday, December 17, 2001 5:59 PM
> Subject: Re: cisco academy's routing skills final ,tough!!! [7:29212]
>
> > Although I would prefer that all my students passed on the first try, you
> > are correct in your assessment.  Unfortunately, having passed the CCNA
> > exam does n

Cisco to CheckPoint VPN problem, help!! [7:29858]

[Jim Bond]

Hello,

I followed this link to configure a 1605 router to
CheckPoint 4.1: 
http://www.cisco.com/warp/public/707/cp-r.shtml
My network is:
192.168.2.1-(1605)-16.191.40.9916.191.40.39-(checkpoint)-192.168.1.1

VPN tunnel could not established, here is the debug
output from 1605 router:

00:01:29: ISAKMP: reserved not zero on payload 5!
00:01:29: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from
16.191.40.39   failed it
s sanity check or is malformed
00:01:29: ISAKMP (1): sending packet to 16.191.40.39
(I) QM_IDLE
00:01:29: ISAKMP (1): received packet from
16.191.40.39 (I) QM_IDLE
00:01:29: ISAKMP: reserved not zero on payload 5!
00:01:29: ISAKMP (1): sending packet to 16.191.40.39
(I) QM_IDLE
00:01:29: generate hmac context for conn id 1
00:01:29: ISAKMP (1): deleting SA

Looks like there is something wrong on the CheckPoint.
Log was turned on at CheckPoint but didn't capture any
info.

Is there anything wrong with Cisco sample
configuration? Or anything I missed?

Thanks in advance.

Jim

__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29858&t=29858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCDP too !!! [7:29857]

[Michalis Palis]

Hello all

I just passed my last exam for the CCDP the CIDv3
I must say that it was the most difficult exam of all.

Thanks to all of you who help me passing the exam
espesially.

Thanks 

__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29857&t=29857
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco RIP Off [7:29612]

[Engelhard M. Labiro]

Would you share us the sources for QoS exam ?

Appreciate for any pointers.

- Original Message -
From: "Steven A Ridder" 
To: 
Sent: Thursday, December 20, 2001 1:18 AM
Subject: Re: Cisco RIP Off [7:29612]


> I took it.  It took us 4 guys with books, internet and 8 hours to get two
> people passed.
>
> I'm stuck on the QoS test right now.  There's a time limit on it.  I know
> the guys who wrote the test, spoke to him about it, got the source where
all
> the questions came from, and I still can't get above a 75%.  Those on-line
> tests suck.
>
>
> ""Dave Shine""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Has anyone taken the PBX Fundamentals course. What a
> > RIP off I cant find the ansewers to many of the
> > question in the E-Learning anywhere. You gotta love
> > it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29855&t=29612
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX and Trace Route [7:29854]

[Tom Richs]

When I do a trace from a server from one side to another side of the 
firewall, if there's a total of 5 hops, all 5 hops that return are displayed 
with the address of the destination address.  Does anyone know why it is 
doing this.

Thanks.

Tom



_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29854&t=29854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who said women don't dig routers? [7:29781]

[George Murphy CCNP, CCDP]

:-), you guys are setting yourself up for a nailing from the women on 
this list. LOL

Patrick Bass wrote:

>Did you guys here about the totally female produced Linux distribution?
>
>CERVIX
>
>I heard it is a little unstable, and stops working for about a week every
>month.
>
>(let the flames begin!)
>
>""Kaminski, Shawn G""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>>A friend of mine sent this to me. I've never seen it so I thought I would
>>pass it along! If it's already been seen on this list, I apologize for the
>>waste of bandwidth!
>>
>>http://unixsex.com/netadmin/noclust/routergirl.jpg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29853&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MOTOROLAVANGUARD WITH CISCO PPP ( PROBLEMS) [7:29852]

[RAJESH AGNIHOTRI]

Greeting to all ,


We have a typical problem out here . Motorola Vanguard with ppp is not 
working with cisco  if any body has a working config of motorola and ver 
of ios of cisco on which it worked .. please send it to mee 



Regards

Rajesh Agnihotri

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29852&t=29852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subject: OT: Call Manager and Military DSN [7:29805]

[Paul Werner]

DSN is not exactly what I would refer to as tapping into the 
local telco.  DSN (Defense Switched Network) replaced AUTOVON 
(Automatic Voice network in the mid to late 1980s and through 
the early 90s).  AUTOVON was set up to principally be a voice 
only network, and in many case over analog switch facilities.  
DSN converted it over to all diigital, and included voice, 
video, and data over the same trunks. 

The key difference between DSN and a regular commercial call is 
they go over different trunks and they terminate at DSN 
compliant switches.  There are several things different about 
DSN compliant switches, but the key difference is the use of 
precedence, and precedence codes.  They have no real 
counterpart in a commercial trunk, other than an operator 
interrupt for an emergency.  With DSN, the end user can preempt 
a trunk and knock another user off the line with the proper 
precedence level.  Some folks out there who know their RFCs and 
remember the early 760 series standards may recognize those 
precedence levels.  They are:

FLASH OVERRIDE (FO) -FO takes precedence over and preempts all 
calls on the DSN and is not preemptible. FO is reserved for the 
President of the United States, Secretary of Defense, Chairman 
of the Joint Chiefs of Staff, chiefs of military services, and 
others as specified by the President. 

FLASH (F) -FLASH calls override lower precedence calls and can 
be preempted by FLASH OVERRIDE only. Some of the uses for FLASH 
are initial enemy contact, major strategic decisions of great 
urgency, and presidential action notices essential to national 
survival during attack or preattack conditions. 

IMMEDIATE (1) -IMMEDIATE precedence preempts PRIORITY and 
ROUTINE calls and is reserved for calls pertaining to 
situations that gravely affect the security of the United 
States. Examples of IMMEDIATE calls are enemy contact, 
intelligence essential to national security, widespread civil 
disturbance, and vital information concerning aircraft, 
spacecraft, or missile operations. 

PRIORITY (P) -PRIORITY precedence is for calls requiring 
expeditious action or furnishing essential information for the 
conduct of government operations. Examples of PRIORITY calls 
are intelligence; movement of naval, air, and ground forces; 
and important information concerning administrative military 
support functions. 

ROUTINE (R) -ROUTINE precedence is for official government 
communications that require rapid transmission by telephone. 
These calls do not require preferential handling. 


When I was involved in DSN communications in Europe, my unit 
had a Flash precedence phone line, mainly because we had a 
special mission (which is about all I can say).  We had the 
capability of bumping everybody off the DSN network save for 
the CINC US Army Europe and a few other folks.  You will most 
likely have to deal with the issue of precedence.  Also, access 
to a commercial line is normally done with dialing a 9 first 
(typical for trunk access); DSN usually uses an 8 - Your 
mileage may vary; check your local listings.

Finally, DSN uses a slightly different dial plan than the rest 
of the universe (go figure:-)  While you may be able to access 
the US with a country code of 001, or Germany with a country 
code of 49, that's not how it's done with DSN.  Access is 
determined by regions, and each region has its own "country 
code".  The regions are:

Canadian Section
Caribbean Section 
CONUS Section
European Section
Pacific/Alaska Section
Southwest Asia Section

All of the above information is public knowledge and freely 
available.  Anything more is likely classified, and not subject 
to posting on this list.  In case it isn't already clear at 
this point, DSN is totally separate from the PSTN.

HTH,

Paul Werner


> I am working on an IP telephony solution and I need to hook 
in to the
> DSN.
> From my current understanding DSN is sent out to the local 
telco via the
> PSTN and is routed from there. This would make for a fairly 
simple dial
> plan
> in Call Manager.  Has anybody heard anything different about 
how DSN is
> setup to work?


Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29851&t=29805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Latest Hackers Target: Routers [7:29844]

[Andras Bellak]

Nigel-

If you dig back through the NANOG archives, there was a rather in depth
and discouraging discussion of encrypting / authorizing BGP session
neighbors. The general result was that almost nobody supported it, and
many in the ISP groups that offer BGP connectivity didn't even know what
it was.

While it might or might not be on the CCIE exams, having some form of
authentication between routing partners is a good thing to practice in
your test labs, and put into production in your networks.

Andras

-Original Message-
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 8:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Latest Hackers Target: Routers [7:29844]


Chuck,
 Yes, I got the thread on this today and forwarded a copy to
some of my co-workers.  I hope folks are making use of the various IOS
implementations to limit the damage done by a prospective attacker.
Things
like CBAC, rate-limit could go a long way in simply providing the needed
time to identify a serious attack and implement more specific filtering
techniques to identify or completely block the attacker.

As it applies to the sniffing of BGP packets to gain route information,
I
was wondering where do things stand now on the implementation of
encrypted
authentication within BGP.  If I'm not mistaken, isn't this suppose to
happen along with support for IPv6.This document references
authentication which sounds like the existing support for MD5 based
authentication.

http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt  (pg
9(a) )


Now this document does seem to address current issues with respects to
the
flaws/vulnerabilities inherent to all TCP based protocols. The important
thing to note is this can be done without the presence of a MPLS aware
backbone based on the model identified by RFC2547bis (MPLS/VPN).

http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.t
xt


Thoughts anyone..

Nigel .

- Original Message -
From: "Chuck Larrieu" 
To: 
Sent: Thursday, December 20, 2001 10:14 PM
Subject: RE: Latest Hackers Target: Routers [7:29810]


> anyone see a thread about this on NANOG today? The archives are not up
to
> date with today's topics.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Eric Rogers
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: OT: Latest Hackers Target: Routers [7:29810]
>
>
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29850&t=29844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Help with remote access [7:29826]

[Nick S.]

I have myself been hesitant to use VNC, but what with the "localized" nature
of MSWINXXX, it seems to interpret the instruction on the local machine,
rather than transferring "requests" between "source" and "target" machines.

In fact, I had been trapped in a similar issue, similar platform (and Exceed
as well) and given the time & OS constraints VNC seemed to do the dirty job.

Nick


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29849&t=29826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Call Manager and Military DSN [7:29805]

[Nigel Taylor]

John,
We implemented this solution a little more than a year ago and if my
memory serves me
right the dial pan on the call manager should be all that is needed.I
also think we made use of a dialer peer on the router that connected to the
lucent G3 switch(PBX)

Nigel

- Original Message -
From: "John Kaberna" 
To: 
Sent: Thursday, December 20, 2001 8:59 PM
Subject: Re: Call Manager and Military DSN [7:29805]


> Have you done this already Nigel?  Any problems with calling routing for
the
> DSN?
>
> John Kaberna
> CCIE #7146
> NETCG Inc.
> www.netcginc.com
> (415) 750-3800
>
> Instructor for CCBootcamp 5-day class www.ccbootcamp.com
> __
> CCIE Security Training
> www.netcginc.com/training.htm
>
>
> ""Nigel Taylor""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > That's pretty much it.. John
> >
> > Nigel
> >
> > - Original Message -
> > From: "John Kaberna"
> > To:
> > Sent: Thursday, December 20, 2001 3:42 PM
> > Subject: OT: Call Manager and Military DSN [7:29805]
> >
> >
> > > I am working on an IP telephony solution and I need to hook in to the
> DSN.
> > > From my current understanding DSN is sent out to the local telco via
the
> > > PSTN and is routed from there. This would make for a fairly simple
dial
> > plan
> > > in Call Manager.  Has anybody heard anything different about how DSN
is
> > > setup to work?
> > >
> > > John Kaberna
> > > CCIE #7146
> > > NETCG Inc.
> > > www.netcginc.com
> > > (415) 750-3800
> > >
> > > Instructor for CCBootcamp 5-day class www.ccbootcamp.com
> > > __
> > > CCIE Security Training
> > > www.netcginc.com/training.htm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29848&t=29805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to Route using same subnet [7:29750]

[[EMAIL PROTECTED]]

In a message dated 12/19/2001 11:19:46 PM Central Standard Time, 
[EMAIL PROTECTED] writes:


> Subj:RE:How to Route using same subnet [7:29750]
> Date:12/19/2001 11:19:46 PM Central Standard Time
> From:[EMAIL PROTECTED] (chan)
> Sender:[EMAIL PROTECTED]
> Reply-to: [EMAIL PROTECTED] (chan)
> To:[EMAIL PROTECTED]
> 
> Secondary addesses.

Rob H.
NP, DP, blah,blah,blah.


> 
> Hi All,
> 
> 
> I got a local loop from Office A to Office B, But i would like to use
> the same subnet (192.168.1.1~254). I dun want to further subnet it. Is
> the a way to do it?
> 
>Router A  -Router B
> Range (192.168.1.1~128)Range (192.168.1.254)
> Office A Office B
> 
> 
> Is there a way to do the route using the same range for both office
> without subnet it??
> 
> 
> 
>   Thanks
> Chan
> Return-Path: 
> Received: from  rly-xd01.mx.aol.com (rly-xd01.mail.aol.com 
> [172.20.105.166]) by air-xd01.mail.aol.com (v82.22) with ESMTP id 
> MAILINXD14-1220001953; Thu, 20 Dec 2001 00:19:46 -0500
> Received: from  groupstudy.com (www.groupstudy.com [63.104.50.75]) by 
> rly-xd01.mx.aol.com (v83.18) with ESMTP id MAILRELAYINXD11-1220001934;
Thu,
> 20 Dec 2001 00:19:34 -0500
> Received: from localhost (mail@localhost)
> by groupstudy.com (8.9.3/8.9.3) with SMTP id BAA09210;
> Thu, 20 Dec 2001 01:45:48 -0500
> Received: by groupstudy.com (bulk_mailer v1.13); Thu, 20 Dec 2001 01:26:46 
> -0500
> Received: (from listserver@localhost)
> by groupstudy.com (8.9.3/8.9.3) id BAA04582
> GroupStudy Mailer; Thu, 20 Dec 2001 01:26:45 -0500
> Received: (from mail@localhost)
> by groupstudy.com (8.9.3/8.9.3) id BAA04566
> GroupStudy Mailer; Thu, 20 Dec 2001 01:26:44 -0500
> Date: Thu, 20 Dec 2001 01:26:44 -0500
> Message-Id: 
> From: "chan" 
> X-GroupStudy-Version: 3.1.1a
> X-GroupStudy: Network Technical
> To: [EMAIL PROTECTED]
> Subject: RE:How to Route using same subnet [7:29750]
> Sender: [EMAIL PROTECTED]
> Reply-To: "chan" 
> Precedence: bulk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29845&t=29750
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Steven A. Ridder]

Try removing the access lists next.  I can't see how POP get's in and smtp
dosen't, especially with CBAC off now.


""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Ray Brehm wrote:
> >
> > MADMAN wrote:
> >
> > >Yes I have run into problems defining http also.  The bottom line is I
> > >now only "inspect" TCP, UDP and FTP.  These cover all the others
without
> > >breaking them!!!
> > >
> > thanks for the heads up
> > I just updated IOS to v12.2.6a (I know I'm crazy but I might want
> > cisco's support)
> > what version of IOS have these problems?
>
>   I know it wasn't in 12.2!!  As i said before, I don't think it's doing
> anything cept eating up NVRAM when you add, for example, inspect http
> when tcp covers http.
>
>   Dave
> >
> > >
> > >  Dave
> > >
> > >"Steven A. Ridder" wrote:
> > >
> > >>The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp
on
> > >>CBAC.  I ran into that problem before.
> > >>
> > >>""Ray Brehm""  wrote in message
> > >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > >>
> > >>>I have a 2621 with IOS IP/FW that I'm unable to connect through to
the
> > >>>inside SMTP server. I can connect to that same server using POP3 with
no
> > >>>errors. The inside device is a static NAT. The port appears open when
I
> > >>>port scan the IP address but I get TCP errors when trying to send
mail.
> > >>>
> > >>>Any ideas? Did I miss something stupid?
> > >>>Is the fact that I have multiple "nat inside" interfaces relevant is
> > >>>this situation? (I've never known it to make a difference)
> > >>>
> > >>>Relevant config:
> > >>>
> > >>>ip inspect name firewall http
> > >>>ip inspect name firewall ftp
> > >>>ip inspect name firewall netshow
> > >>>ip inspect name firewall realaudio
> > >>>ip inspect name firewall rtsp
> > >>>ip inspect name firewall smtp
> > >>>ip inspect name firewall tcp
> > >>>ip inspect name firewall udp
> > >>>
> > >>>interface FastEthernet0/0
> > >>> ip address 10.1.0.1 255.255.255.0
> > >>> ip nat inside
> > >>> speed 10
> > >>> full-duplex
> > >>> ntp broadcast
> > >>> bridge-group 1
> > >>>!
> > >>>interface Serial0/0
> > >>> ip address 10.1.12.1 255.255.255.0
> > >>> ip nat inside
> > >>> bridge-group 1
> > >>>!
> > >>>interface FastEthernet0/1
> > >>> ip address 12.42.189.2 255.255.255.240
> > >>> ip access-group 103 in
> > >>> ip nat outside
> > >>> ip inspect firewall out
> > >>> duplex auto
> > >>> speed auto
> > >>>!
> > >>>interface Serial0/1
> > >>> ip address 10.1.13.1 255.255.255.0
> > >>> ip nat inside
> > >>> bridge-group 1
> > >>>!
> > >>>router eigrp 100
> > >>> redistribute static metric 384 255 255 1 1500
> > >>> network 10.0.0.0
> > >>> auto-summary
> > >>> no eigrp log-neighbor-changes
> > >>>!
> > >>>ip nat inside source list 18 interface FastEthernet0/1 overload
> > >>>ip nat inside source static 10.1.0.4 12.42.189.4
> > >>>ip classless
> > >>>ip route 0.0.0.0 0.0.0.0 12.42.189.1
> > >>>!
> > >>>logging history debugging
> > >>>logging 10.1.0.3
> > >>>access-list 18 permit 10.1.0.0 0.0.255.255
> > >>>access-list 101 permit tcp any any ack
> > >>>access-list 101 permit udp any any
> > >>>access-list 101 permit icmp any any
> > >>>access-list 103 permit tcp any host 12.42.189.4 eq smtp
> > >>>access-list 103 permit tcp any host 12.42.189.4 eq pop3
> > >>>bridge 1 protocol ieee
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29847&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who said women don't dig routers? [7:29781]

[Patrick Bass]

Did you guys here about the totally female produced Linux distribution?

CERVIX

I heard it is a little unstable, and stops working for about a week every
month.

(let the flames begin!)

""Kaminski, Shawn G""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A friend of mine sent this to me. I've never seen it so I thought I would
> pass it along! If it's already been seen on this list, I apologize for the
> waste of bandwidth!
>
> http://unixsex.com/netadmin/noclust/routergirl.jpg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29846&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Latest Hackers Target: Routers [7:29844]

[Nigel Taylor]

Chuck,
 Yes, I got the thread on this today and forwarded a copy to
some of my co-workers.  I hope folks are making use of the various IOS
implementations to limit the damage done by a prospective attacker.  Things
like CBAC, rate-limit could go a long way in simply providing the needed
time to identify a serious attack and implement more specific filtering
techniques to identify or completely block the attacker.

As it applies to the sniffing of BGP packets to gain route information, I
was wondering where do things stand now on the implementation of encrypted
authentication within BGP.  If I'm not mistaken, isn't this suppose to
happen along with support for IPv6.This document references
authentication which sounds like the existing support for MD5 based
authentication.

http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt  (pg
9(a) )


Now this document does seem to address current issues with respects to the
flaws/vulnerabilities inherent to all TCP based protocols. The important
thing to note is this can be done without the presence of a MPLS aware
backbone based on the model identified by RFC2547bis (MPLS/VPN).

http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.txt


Thoughts anyone..

Nigel .

- Original Message -
From: "Chuck Larrieu" 
To: 
Sent: Thursday, December 20, 2001 10:14 PM
Subject: RE: Latest Hackers Target: Routers [7:29810]


> anyone see a thread about this on NANOG today? The archives are not up to
> date with today's topics.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Eric Rogers
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: OT: Latest Hackers Target: Routers [7:29810]
>
>
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29844&t=29844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Stimulators [7:29787]

[[EMAIL PROTECTED]]

Adtran Atlas, if you can afford one.
My .02c,
Rob H.   NP, DP, blah,blah,blah..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29843&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Simple static route Q [7:29842]

[Howard C. Berkowitz]

Depends on several factors, including nuances I've skipped over in 
the response below.

If the physical layer or data link layer protocol indicates the link 
is down, the route will be disabled. If there is no keepalive 
mechanism, yes, ARP will come into play.  That's one of the minor but 
important roles for routing protocols when you don't think you need 
one -- failure detection on media types without a layer 3 hello 
mechanism.  There is a good deal of research going on involving 
lightweight signaling protocols to detect such failures without the 
overhead of a full routing protocol, especially with respect to MPLS.

Next, what happens will depend on the switching and load balancing 
mode in use. If the two interfaces are per-packet load balanced, 
traffic will move quickly to the remaining route. If they are CEF 
source-destination balanced, the FIB entry for the down route will be 
flushed and the traffic diverted, again quickly.

If they are per-destination load balanced, it depends further. Either 
R2 or R3 will have been cached as the path to 10.1.1.0/24.  If R2 was 
the selected path, R3 is idle and vice versa. If R3 had been 
selected, there would be no impact on traffic.  If it was R2, 
however, once the IOS detected the router was down, the interface 
cache would be invalidated, and a new interface selected with the 
next packet to that destination.



>it will still send traffic to both until the ARP cache times out, then it
will
>drop half. i don't know the Cisco ARP timeout.
>
>
>vr4drvr . wrote:
>
>>  Here's a static routing question that I need answered.  I do have
theories,
>>  but I need a proof positive answer.  Simple scenario.
>>
>>R2---10.1.1.0/24
>>  R1|
>>R3---10.1.1.0/24
>>
>>  3 routers are connected to an ethernet segment.  R1 has 2 static routes
to
>>  the 10.1.1.0/24 network pointing to the IP address of the next hop
ethernets
>>  on R2 and R3, thereby providing load balancing and fault tolerance.  My
>>  question is... if an ethernet interface on R2 was to go down, how does
that
>>  affect the routing from R1 to the 10.1.1.0 network?  For instance, will
R1
>>  drop half the traffic?  How does the ARP cache on R1 impact routing, or
>>  rather, how is routing impacted by the ARP cache?  Will the static route
>>  through R2 get dropped so to speak?
>>
>>  TIA.
>>
>>  _
>>  Join the worlds largest e-mail service with MSN Hotmail.
>>  http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29842&t=29842
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Help with remote access [7:29826]

[Gregg Malcolm]

Thanks Nick.  I used VNC quite a bit in my previous job, but I was hoping
not to have to use it again.  Seems a shame to use it for a character based
app like telnet.  Oh well, it does work and you're right, not a bad little
app.  Did a port scan and found that it uses 5800 and 5900 ports in case
anyone needs to allow it thru a firewall.

Gregg

""Nick S.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> obvious solution would be setting up *nix, or else try the VNC
> (client/server), simple to set up, very compact, has basic security
> features,works like a charm from as lite as dialups (obviously very little
> overhead). I use it to access lab setup in my office (from home) to save
the
> costs of installing a dedicated term serv. box.
>
>
> Nick S.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29841&t=29826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Latest Hackers Target: Routers [7:29810]

[Chuck Larrieu]

anyone see a thread about this on NANOG today? The archives are not up to
date with today's topics.

Chuck

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Eric Rogers
Sent: Thursday, December 20, 2001 1:29 PM
To: [EMAIL PROTECTED]
Subject: OT: Latest Hackers Target: Routers [7:29810]


Paste into your browser:

dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29840&t=29810
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[sougata maitra]

Being an ex-ex-ex Novell CNI ...u dint hear wrong.
they made you do dramatics a-la-extreme...teaching
mundane and silly topics (yes it did seem mundane even
then!)
if u tried to improvise and dint follow Novell
guidelines u were in trouble.
regards


--- Chuck Larrieu  wrote:
> be sure to wear a trenchcoat, and walk in muttering
> "there can be only one!"
> 
> oops - wrong scene.
> 
> Chuck
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 18, 2001 2:00 PM
> To: [EMAIL PROTECTED]
> Subject: Proper dress for CCIE lab? [7:29524]
> 
> 
> Is it true that you have to be dressed in a suit for
> the CCIE lab?  Do them
> mark mannerisms, speech and dress?  I have some old
> Novell guys telling me
> horror stories of the Novel Instructor Program.
> 
> Steve
[EMAIL PROTECTED]


__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29839&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Help with remote access [7:29826]

[Nick S.]

obvious solution would be setting up *nix, or else try the VNC
(client/server), simple to set up, very compact, has basic security
features,works like a charm from as lite as dialups (obviously very little
overhead). I use it to access lab setup in my office (from home) to save the
costs of installing a dedicated term serv. box.


Nick S.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29838&t=29826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Voice question Prefix [7:29681]

[Emile Harding]

Ok,Problem- The plus symbol (+) is not a valid character in the string.Take
the + out.I am also assuming your ports are correct It normally looks like
port 1/0 and port 1/1.

I have made some changes to your config.Let me know how it goes,any
questions,just ask.


 dial-peer voice 1 pots
 destination-pattern 9...
 port 1/0/0  
 prefix ,
 
dial-peer voice 2 pots
 destination-pattern 8...
 port 1/0/1 
 prefix ,

[EMAIL PROTECTED]
CCNA,CCNP



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29837&t=29681
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco academy's routing skills final ,tough!!! [7:29212]

[jon kintner]

in reply to Mr Macaulay's post:   


I've had the same instructor throughout the 5 sems of cisco acad I've
taken.  He's been here and pushed us as hard as we could go and been a
damned good instructor.  Even with that, over half of our class failed our
practical final in sem 5.  I think More responsibility needs to be put on
the students for their own failures.  I had a hell of a school schedule, and
an even worse work schedule during the sem 5 class, and it showed.  You get
out of it, what you put into it.  and for those students failing the
practical, it was lack of preparation... I'd take the blame for that before
I'd pin it on my instructor.

-jon kintner


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29836&t=29212
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Call Manager and Military DSN [7:29805]

[John Kaberna]

Have you done this already Nigel?  Any problems with calling routing for the
DSN?

John Kaberna
CCIE #7146
NETCG Inc.
www.netcginc.com
(415) 750-3800

Instructor for CCBootcamp 5-day class www.ccbootcamp.com
__
CCIE Security Training
www.netcginc.com/training.htm


""Nigel Taylor""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> That's pretty much it.. John
>
> Nigel
>
> - Original Message -
> From: "John Kaberna"
> To:
> Sent: Thursday, December 20, 2001 3:42 PM
> Subject: OT: Call Manager and Military DSN [7:29805]
>
>
> > I am working on an IP telephony solution and I need to hook in to the
DSN.
> > From my current understanding DSN is sent out to the local telco via the
> > PSTN and is routed from there. This would make for a fairly simple dial
> plan
> > in Call Manager.  Has anybody heard anything different about how DSN is
> > setup to work?
> >
> > John Kaberna
> > CCIE #7146
> > NETCG Inc.
> > www.netcginc.com
> > (415) 750-3800
> >
> > Instructor for CCBootcamp 5-day class www.ccbootcamp.com
> > __
> > CCIE Security Training
> > www.netcginc.com/training.htm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29835&t=29805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ccbootcamp part 2 [7:29682]

[Priscilla Oppenheimer]

Good answer, Howard.

I've been thinking about the statement that someone made that "the 
knowledge isn't proprietary," referring to the knowledge one needs to pass 
CCIE. The information isn't proprietary. The word "knowledge" implies 
something more, however. It implies that the recipient actually received 
and internalized the information and could retransmit it (like on a test) 
if necessary. The word knowledge has the same root as acknowledge!

Developing effective methods for knowledge transfer requires creativity, 
skill, time, money, awareness of the audience and their learning styles, 
and other resources. The results may be proprietary and there's nothing 
wrong with charging for them. I can't comment on the pricing. (Setting a 
good price has always seemed like a black art to me, having only taken one 
business/marketing type class in my life.) It does seem like different 
prices for different countries makes sense, as others have said.

I encourage the folks who want to develop labs for free. I remain a bit 
skeptical that the results will be as good as the results from the 
professionals, such as Howard and the folks at ccbootcamp. But I could be 
surprised! I have done some of my best work when people told me I couldn't 
do it. ;-)

Cheers,

Priscilla

At 01:42 PM 12/20/01, Howard C. Berkowitz wrote:
>Let me comment on several aspects of this thread, with the disclaimer
>I am involved with a virtual rack business that will be announced
>Real Soon Now, and involves the cooperative efforts of several
>recognized groups.
>
>First, let's talk about scenarios.  Not long ago, I posted my
>taxonomy of lab scenarios, which range from "mini classes" to let the
>user get deeper understanding of a particular technology, to
>multistage scenarios more like the test but with mentoring features,
>to pressure-cooker lab practice.  It's not super-hard to create a
>scenario that gives some practice. Speaking from experience, it's
>much harder to create scenarios that have specific instructional
>objectives. When I'm writing a scenario for gaining specific protocol
>knowledge, I will usually explore several ways to do it. When I'm
>writing one to be more like my understanding of the actual test, I
>will put in artificial constraints so there is basically only one
>solution.   Should a practice scenario have supporting references, at
>least links? I think so.
>
>Second, the lab or virtual rack itself. There is a wide difference in
>features, stability, and operational support among commercial labs.
>While it may be practical and appropriate to have cheaper written
>products for countries where S prices are simply out of the question
>(incidentally, rather to my surprise, I just received Chinese
>translations of my Routing & Switching Architecture book), that isn't
>necessarily practical for labs. There are fixed capital costs for
>equipment, plus operational costs to support the lab. Let's put it
>this way...for this upcoming project in which I'm involved, we are
>now pouring the concrete for the backup diesel and UPS, but are still
>working on having redundant local loops. Not everyone has that kind
>of availability as a goal.
>
>It may be practical to clone shared labs into countries where
>operational cost is lower, and save on the transoceanic bandwidth
>costs.  The equipment cost, however, is what it is.
>
>Incidentally, I am a strong believer in virtual racks rather than
>personal labs, because you certainly will have to deal with remote
>routers in real jobs, and it's my understanding that the 1-day CCIE
>lab also is hands-off the physical equipment. Even if you build a
>personal lab, rely on a terminal server and reverse telnet -- it will
>be better practice.
>
>I wish people well in rolling their own scenarios, and we will also
>have some scenarios for free download, as well as others that are
>associated with rack rental. But it's harder than it looks to write
>GOOD scenarios. Indeed, I treat them like any other formal software
>engineering project, with code version control, formal acceptance
>testing, etc.




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29834&t=29682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mask in L3 Packet [7:29182]

[[EMAIL PROTECTED]]

One way to think of it is as follows:

Subnet Masks are for getting packets out of networks, not into them.





"Symon Thurlow" @groupstudy.com on 12/20/2001
07:56:06 PM

Please respond to "Symon Thurlow" 

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  Re: Mask in L3 Packet [7:29182]


If you think about this logically, every IP address in your networkor
the Internet is unique, regardless of mask, so why send the mask? The
mask only becomes relevant locally.

Symon
---
> In the local configuration of every device.
>
> Priscilla
>
> At 08:07 AM 12/20/01, steve skinner wrote:
> >go on then pris..
> >
> >you have wetted my appetite where is the the subnet mask kept
if it isnt
> >in the ip packet ?
> >
> >
> > >From: "Priscilla Oppenheimer"
> > >Reply-To: "Priscilla Oppenheimer"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Mask in L3 Packet [7:29182]
> > >Date: Fri, 14 Dec 2001 13:42:36 -0500
> > >
> > >From its own local config. The mask isn't in the IP packet, which
does
> > >come as a surpise to some people! If this isn't what you're
getting at,
> > >just let us know...
> > >
> > >Priscilla
> > >
> > >At 08:20 AM 12/14/01, you wrote:
> > > >This may sound like a dumb quesion, but if I send a packet to a
> different
> > > >host, where is the subnet mask?  Where does a host get the
subnet mask
> > >info
> > > >to do an AND operation?
> > >
> > >
> > >Priscilla Oppenheimer
> > >http://www.priscilla.com
> >_
> >Join the worlds largest e-mail service with MSN Hotmail.
> >http://www.hotmail.com
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
[EMAIL PROTECTED]
>
Cheers,

Symon

This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29833&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mask in L3 Packet [7:29182]

[Symon Thurlow]

If you think about this logically, every IP address in your networkor
the Internet is unique, regardless of mask, so why send the mask? The
mask only becomes relevant locally.

Symon
---
> In the local configuration of every device.
> 
> Priscilla
> 
> At 08:07 AM 12/20/01, steve skinner wrote:
> >go on then pris..
> >
> >you have wetted my appetite where is the the subnet mask kept
if it isnt
> >in the ip packet ?
> >
> >
> > >From: "Priscilla Oppenheimer"
> > >Reply-To: "Priscilla Oppenheimer"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Mask in L3 Packet [7:29182]
> > >Date: Fri, 14 Dec 2001 13:42:36 -0500
> > >
> > >From its own local config. The mask isn't in the IP packet, which
does
> > >come as a surpise to some people! If this isn't what you're
getting at,
> > >just let us know...
> > >
> > >Priscilla
> > >
> > >At 08:20 AM 12/14/01, you wrote:
> > > >This may sound like a dumb quesion, but if I send a packet to a
> different
> > > >host, where is the subnet mask?  Where does a host get the
subnet mask
> > >info
> > > >to do an AND operation?
> > >
> > >
> > >Priscilla Oppenheimer
> > >http://www.priscilla.com
> >_
> >Join the worlds largest e-mail service with MSN Hotmail.
> >http://www.hotmail.com
> 
> 
> Priscilla Oppenheimer
> http://www.priscilla.com
[EMAIL PROTECTED]
> 
Cheers,

Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29832&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NetworkForce.com CCIE Lab Scenario [7:29676]

[John Kaberna]

I bought Solution Labs and CCBootcamp labs when I was studying.  I also did
the Fatkid labs since they are free.  I liked dealing with Marc and Brad at
CCBootcamp so much that I now do some work with them.  I paid for their labs
and countless hours on their racks (with my own personal savings) and it was
well worth it.  If it wasn't worth it I certainly wouldn't still be working
with them.

All this hype about the new 1-day format is nonsense.  The preparation
difference is minimal.  If you use any online rack it will already be
cabled.  The terminal server will probably already be configured too.  So
that only leaves IP addressing which should be a non-issue.  If you need
labs that already have IP addresses on them you're in trouble.  The topics
have not changed.  Instead of taking an hour or so to do a drawing, terminal
server, cabling, and IP addressing they immediately have the lab start with
more complex configuration topics.  The biggest change in my opinion is
removing troubleshooting.  None of the practice labs that I've seen
incorporate a troubleshooting lab so I don't see much difference.

What you should be asking is have they updated the labs to remove the old
topics (appletalk, DECNET, ATM LANE, etc).  I wasn't too happy seeing those
topics in the labs when I started them last year.  But, they are currently
removing all those topics and updating the labs to the 1-day format since
people seem to think that having their IP addresses ahead of time is
important.  I believe they aren't quite done with updating all the labs but
they are coming along.  Marc and Brad should comment on that.  As far as the
real exam I think some of the labs are comparable in difficulty.  Since they
try and write labs that cover as many tricks as they can think of there is
bound to be some topics that are the same.

John Kaberna
CCIE #7146
NETCG Inc.
www.netcginc.com
(415) 750-3800

Instructor for CCBootcamp 5-day class www.ccbootcamp.com
__
CCIE Security Training
www.netcginc.com/training.htm


""Pham, James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi John,
>
> Thanks for your advice. Although I don't plan to fail the first time, but
if
> I fail, I would not feel so bad, right? I'm trying to work out a deal for
> 200-hour rack rental. I'm not quite sure if CCBootcamp labs scenarios are
> updated enough to reflect the recent change of the 1-day lab and flexible
> enough to use on a non-CCBootcamp lab. I would appreciate if anyone who
has
> used CCBootcamp lab scenarios and sit on the real 1-day CCIE lab can give
> some insight on this. How good and close are they compare to the real lab?
I
> don't think this is violating the NDA, right? Does it worth the money?
>
> Thanks,
>
> James
>
>
>
> -Original Message-
> From: John Kaberna [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: NetworkForce.com CCIE Lab Scenario [7:29676]
>
>
> Never even heard of them.  Why not just do the CCBootcamp labs?  It's only
> $650.  I didn't want to spend 5k on a class either so I can't say that I
> blame you.  Although I've felt like if I went to one of those classes I
> probably would have passed the first or second time instead of the third
> time.
>
> John Kaberna
> CCIE #7146
> www.netcginc.com
> (415) 750-3800
>
> __
> CCIE Security Training
> www.netcginc.com/training.htm
>
>
> ""Pham, James""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > It's time to put the theory into practice and pay my dues on the journey
> to
> > CCIE!  I'm shopping around for the good guys that offer good CCIE Lab
> > scenarios and lab rental at a reasonable rate. I think it would work
> better
> > if I buy the CCIE lab scenarios that were designed for their rack. Had
> > anyone ever used the NetworkForce CCIE Lab scenarios and their lab.  How
> > good are they?  Any advices, comments on how to prepare for the real
CCIE
> > Lab. I don't have the luxury to pay $5,000 for the CCbootcamp class!
> >
> > Thanks,
> >
> > James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29825&t=29676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Call Manager and Military DSN [7:29805]

[Nigel Taylor]

That's pretty much it.. John

Nigel

- Original Message -
From: "John Kaberna" 
To: 
Sent: Thursday, December 20, 2001 3:42 PM
Subject: OT: Call Manager and Military DSN [7:29805]


> I am working on an IP telephony solution and I need to hook in to the DSN.
> From my current understanding DSN is sent out to the local telco via the
> PSTN and is routed from there. This would make for a fairly simple dial
plan
> in Call Manager.  Has anybody heard anything different about how DSN is
> setup to work?
>
> John Kaberna
> CCIE #7146
> NETCG Inc.
> www.netcginc.com
> (415) 750-3800
>
> Instructor for CCBootcamp 5-day class www.ccbootcamp.com
> __
> CCIE Security Training
> www.netcginc.com/training.htm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29831&t=29805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[MADMAN]

Ray Brehm wrote:
> 
> MADMAN wrote:
> 
> >Yes I have run into problems defining http also.  The bottom line is I
> >now only "inspect" TCP, UDP and FTP.  These cover all the others without
> >breaking them!!!
> >
> thanks for the heads up
> I just updated IOS to v12.2.6a (I know I'm crazy but I might want
> cisco's support)
> what version of IOS have these problems?

  I know it wasn't in 12.2!!  As i said before, I don't think it's doing
anything cept eating up NVRAM when you add, for example, inspect http
when tcp covers http.

  Dave
> 
> >
> >  Dave
> >
> >"Steven A. Ridder" wrote:
> >
> >>The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
> >>CBAC.  I ran into that problem before.
> >>
> >>""Ray Brehm""  wrote in message
> >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >>
> >>>I have a 2621 with IOS IP/FW that I'm unable to connect through to the
> >>>inside SMTP server. I can connect to that same server using POP3 with no
> >>>errors. The inside device is a static NAT. The port appears open when I
> >>>port scan the IP address but I get TCP errors when trying to send mail.
> >>>
> >>>Any ideas? Did I miss something stupid?
> >>>Is the fact that I have multiple "nat inside" interfaces relevant is
> >>>this situation? (I've never known it to make a difference)
> >>>
> >>>Relevant config:
> >>>
> >>>ip inspect name firewall http
> >>>ip inspect name firewall ftp
> >>>ip inspect name firewall netshow
> >>>ip inspect name firewall realaudio
> >>>ip inspect name firewall rtsp
> >>>ip inspect name firewall smtp
> >>>ip inspect name firewall tcp
> >>>ip inspect name firewall udp
> >>>
> >>>interface FastEthernet0/0
> >>> ip address 10.1.0.1 255.255.255.0
> >>> ip nat inside
> >>> speed 10
> >>> full-duplex
> >>> ntp broadcast
> >>> bridge-group 1
> >>>!
> >>>interface Serial0/0
> >>> ip address 10.1.12.1 255.255.255.0
> >>> ip nat inside
> >>> bridge-group 1
> >>>!
> >>>interface FastEthernet0/1
> >>> ip address 12.42.189.2 255.255.255.240
> >>> ip access-group 103 in
> >>> ip nat outside
> >>> ip inspect firewall out
> >>> duplex auto
> >>> speed auto
> >>>!
> >>>interface Serial0/1
> >>> ip address 10.1.13.1 255.255.255.0
> >>> ip nat inside
> >>> bridge-group 1
> >>>!
> >>>router eigrp 100
> >>> redistribute static metric 384 255 255 1 1500
> >>> network 10.0.0.0
> >>> auto-summary
> >>> no eigrp log-neighbor-changes
> >>>!
> >>>ip nat inside source list 18 interface FastEthernet0/1 overload
> >>>ip nat inside source static 10.1.0.4 12.42.189.4
> >>>ip classless
> >>>ip route 0.0.0.0 0.0.0.0 12.42.189.1
> >>>!
> >>>logging history debugging
> >>>logging 10.1.0.3
> >>>access-list 18 permit 10.1.0.0 0.0.255.255
> >>>access-list 101 permit tcp any any ack
> >>>access-list 101 permit udp any any
> >>>access-list 101 permit icmp any any
> >>>access-list 103 permit tcp any host 12.42.189.4 eq smtp
> >>>access-list 103 permit tcp any host 12.42.189.4 eq pop3
> >>>bridge 1 protocol ieee
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29830&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New CCIE #8545 [7:29619]

[afro]

Great job!!

I hope one day I will be a CCIE...my goal...


""Jacques Allison""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> HI Group,
>
>
>
> Completed my CCIE lab yesterday and now proud owner of CCIE number 8545.
Now
> for the Security lab. Thanks to the group and people that help me achieve
my
> goal.
>
> I'm still a tad skeptic about the new automated marking they do on the
labs;
> I would have thought that I had scored more than I received on the score
> report. I think they check most solutions, but not all! Also, they need to
> give more feedback about the lab result, because you always learn from
your
> mistakes.
>
> The lab was not too bad and I finished +- 1 hour early. I was the last one
> to do the lab in South Africa this year, so I just squeezed in my
> certification before 2002.
>
>
>
> Good luck to the people pursuing their CCIE certification, you'll need it!
>
>
>
> Regards,
>
>
>
> Jacques Allison
>
> Senior Network Engineer
>
> CS IT Solutions
>
> Tel: +27 (0) 11 257 4000
>
> Fax: +27 (0) 11 807 8992
>
> Mobile: +27 (0) 83 327 4941
>
> E-mail: [EMAIL PROTECTED]
>
> #8545
>
>
>
> Adding Value to IT
>
>
>
> [demime removed a uuencoded section named clip_image001.gif which was 55
> lines]
> [demime removed a uuencoded section named clip_image003.jpg which was 25
> lines]
> [demime removed a uuencoded section named clip_image004.gif which was 57
> lines]
> [demime removed a uuencoded section named clip_image005.gif which was 28
> lines]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29829&t=29619
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Ray Brehm]

Steven A. Ridder wrote:

>For furture reference, once you enable CBAC on an interface, it MONITORS
>traffic in both directions.
>
did not know it worked that way, I'll have to go back to the books again

>
>As for the SMTP thing, you remove ip inspect from the interface, and you can
>telnet into the server at port 25?  Do I have that right?  You SURE you
>removed it?  Cause if you can get in via 25 via telnet, you're in.  Only
>CBAC would block it if you tried to login into the server, or some other
>ESMTP command, and that's only if it was on.  You sure the server isn't bad?
>
I removed the ip inspect from the interface and restarted the router 
with the new config. Even at that point, I could not telnet to port 25 
on the server from outside the router. I can telnet to port 25 on the 
server when I'm on the local network so the server doesn't have a 
problem (other than the fact it's exchange, but that's another story)

>
>
>""Ray Brehm""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>>Steven A. Ridder wrote:
>>
>>>The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
>>>CBAC.  I ran into that problem before.
>>>
>>I'm not actually doing CBAC on the inbound traffic, I'm just letting it
>>through with the access list. At any rate, I removed the IP inspect
>>command from the interface and I still have the same problem. TCP to the
>>POP port works fine, TCP to the SMTP port doesn't respond. I can telnet
>>to port 25 locally, get the server response and type a command, I get no
>>response telnetting to port 25 through the firewall.
>>
>>>
>>>""Ray Brehm""  wrote in message
>>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>>
I have a 2621 with IOS IP/FW that I'm unable to connect through to the
inside SMTP server. I can connect to that same server using POP3 with no
errors. The inside device is a static NAT. The port appears open when I
port scan the IP address but I get TCP errors when trying to send mail.

Any ideas? Did I miss something stupid?
Is the fact that I have multiple "nat inside" interfaces relevant is
this situation? (I've never known it to make a difference)

Relevant config:

ip inspect name firewall http
ip inspect name firewall ftp
ip inspect name firewall netshow
ip inspect name firewall realaudio
ip inspect name firewall rtsp
ip inspect name firewall smtp
ip inspect name firewall tcp
ip inspect name firewall udp

interface FastEthernet0/0
ip address 10.1.0.1 255.255.255.0
ip nat inside
speed 10
full-duplex
ntp broadcast
bridge-group 1
!
interface Serial0/0
ip address 10.1.12.1 255.255.255.0
ip nat inside
bridge-group 1
!
interface FastEthernet0/1
ip address 12.42.189.2 255.255.255.240
ip access-group 103 in
ip nat outside
ip inspect firewall out
duplex auto
speed auto
!
interface Serial0/1
ip address 10.1.13.1 255.255.255.0
ip nat inside
bridge-group 1
!
router eigrp 100
redistribute static metric 384 255 255 1 1500
network 10.0.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip nat inside source list 18 interface FastEthernet0/1 overload
ip nat inside source static 10.1.0.4 12.42.189.4
ip classless
ip route 0.0.0.0 0.0.0.0 12.42.189.1
!
logging history debugging
logging 10.1.0.3
access-list 18 permit 10.1.0.0 0.0.255.255
access-list 101 permit tcp any any ack
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 103 permit tcp any host 12.42.189.4 eq smtp
access-list 103 permit tcp any host 12.42.189.4 eq pop3
bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29828&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Proper dress for CCIE lab? [7:29524]

[Priscilla Oppenheimer]

Fabio is very well endowed! But you're not supposed to be looking at him! ;-)

I'm not in the pictures at all really. I had nothing to do with this weird 
site, but I think it's kind of cool.

OK, enough!! I promise no more messages on this topic,

Priscilla

At 06:12 PM 12/20/01, John Neiberger wrote:
>She's the one posing with the real Fabio, not the one on the book cover!
>  :-)Unless, that is, she herself decides to take credit for that
>cover.  heh heh
>
>This thread is getting spooky
>
> >>> "Curtis Phillips"  12/20/01 3:46:29 PM
> >>>
>Actually, you are better endowed than I had thought..:-)
>
>- Original Message -
>From: "Priscilla Oppenheimer"
>To:
>Sent: Thursday, December 20, 2001 4:51 PM
>Subject: RE: Proper dress for CCIE lab? [7:29524]
>
>
> > Yes, but how do you know that's really me? Check the pictures at
>this
>site:
> >
> > http://routergod.com/fabio/
> >
> > Priscilla
> >
> > At 08:45 AM 12/20/01, [EMAIL PROTECTED] (John Nemeth) wrote:
> > >On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
> > >}
> > >} (Note to all the guys on this list:  The ladies here are all
>petite,
>very
> > >} physically fit, and are always dressed to kill!)
> > >}
> > >} (Note to all the ladies on this list:  We know the above isn't
>true,
>but
> > >} since
> > >} most on the list don't know what we look like, why not give their
> > >} imaginations
> > >} something to work with.  Hmm... I wonder what the "virtual" me
>looks
>like
> > >to
> > >} most of them.).
> > >
> > >  There is a picture of Priscilla sitting in front of an iBook
>(aka
> > >"toilet seat" -- I *just* had to throw that in there, the devil made
>me
> > >do it :->), so it is easy to get a general idea of what she looks
>like.
> > >
> > >  As for you, given your comments about being perfectly happy
> > >swinging from the rafters in mountain climbing gear in order to
>install
> > >cabling, I suspect that you are in fairly good shape which usually
> > >translates into keeping fit, looking after yourself, not being
> > >overweight etc., which usually means that you would be fairly good
> > >looking (good thing my girlfriend doesn't read this list).  Beyond
> > >that, I have no idea how tall you are, how much you weigh, what
>colour
> > >your hair is, how long your hair is, what colour your eyes are,
>etc.
> > >Given the above, I don't have any problem believing "petite, very
> > >physically fit, and always dressed to kill".
> > >
> > >} PS.  Oh a way off topic we will go!  A way off topic we will go!
> > >
> > >  Yeah, but this one sure beats the flame wars.
> > >
> > >}-- End of excerpt from "Leigh Anne Chisholm"
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29827&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Help with remote access [7:29826]

[Gregg Malcolm]

Have a really, really dumb question.  I'm trying to help out a former
co-worker who's studying to be a CCIE but doesn't have access to an ISDN
sim.  I'm working on granting him access to my home lab.  I have DSL with a
lame Home Portal combo F/W, USB and Enet hub, can opener and toaster.  I
have permitted telnet thru this cheapo box.  I'm using Exceed on my laptop.
Problem is, when I telnet into my laptop, then try to open a telnet from
there into my lab, the telnet window only opens up locally on the laptop
(I.E - from his host all he will see is DOS prompt - my laptop will have
telnet window opened).  Tried messing with comspec in Exceed to run
telnet.exe instead of command.com (found it to be a reliable way to lock up
my laptop).

I know I could set up X and export my display, but it's a lot of work and
I'm a little leery of security (xhost +  :(  )  Anybody have any ideas ?
Other than loading Linux on my laptop (which of course makes way too much
sense).

Thanks in advance,  Gregg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29826&t=29826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Proper dress for CCIE lab? [7:29524]

[John Neiberger]

She's the one posing with the real Fabio, not the one on the book cover!
 :-)Unless, that is, she herself decides to take credit for that
cover.  heh heh

This thread is getting spooky  

>>> "Curtis Phillips"  12/20/01 3:46:29 PM
>>>
Actually, you are better endowed than I had thought..:-)

- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Thursday, December 20, 2001 4:51 PM
Subject: RE: Proper dress for CCIE lab? [7:29524]


> Yes, but how do you know that's really me? Check the pictures at
this
site:
>
> http://routergod.com/fabio/ 
>
> Priscilla
>
> At 08:45 AM 12/20/01, [EMAIL PROTECTED] (John Nemeth) wrote:
> >On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
> >}
> >} (Note to all the guys on this list:  The ladies here are all
petite,
very
> >} physically fit, and are always dressed to kill!)
> >}
> >} (Note to all the ladies on this list:  We know the above isn't
true,
but
> >} since
> >} most on the list don't know what we look like, why not give their
> >} imaginations
> >} something to work with.  Hmm... I wonder what the "virtual" me
looks
like
> >to
> >} most of them.).
> >
> >  There is a picture of Priscilla sitting in front of an iBook
(aka
> >"toilet seat" -- I *just* had to throw that in there, the devil made
me
> >do it :->), so it is easy to get a general idea of what she looks
like.
> >
> >  As for you, given your comments about being perfectly happy
> >swinging from the rafters in mountain climbing gear in order to
install
> >cabling, I suspect that you are in fairly good shape which usually
> >translates into keeping fit, looking after yourself, not being
> >overweight etc., which usually means that you would be fairly good
> >looking (good thing my girlfriend doesn't read this list).  Beyond
> >that, I have no idea how tall you are, how much you weigh, what
colour
> >your hair is, how long your hair is, what colour your eyes are,
etc.
> >Given the above, I don't have any problem believing "petite, very
> >physically fit, and always dressed to kill".
> >
> >} PS.  Oh a way off topic we will go!  A way off topic we will go!
> >
> >  Yeah, but this one sure beats the flame wars.
> >
> >}-- End of excerpt from "Leigh Anne Chisholm"
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29823&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Who said women don't dig routers? [7:29781]

[Daniel Cotts]

A Google search on Sandy Lerner turned up more hits than one would wish. The
following two URLs have pictures of Ms Lerner that clearly show her face.
One picture not included showed her donating two huge draft horses to the Mt
Vernon museum. She was conservatively attired.
Apparently she has been busy. She has engaged in philanthropic endeavors.
Supported women's causes. She raises horses on her farm in Virginia.
Co-founded a cosmetics company, Urban Decay, to meet her desire for funky
colors. 

http://west.poly.edu/~jarbou01/page2.htm
http://members.tripod.com/~Baby_Fox/blancmange.html

I wasted too much time doing this!

> -Original Message-
> From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Who said women don't dig routers? [7:29781]
> 
> 
> Someone should really find a picture of Sandy Lerner in her current 
> Goth regalia.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29822&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lab Equip [7:29763]

[Brad Ellis]

check the archives, www.groupstudy.com, here's what I have recommended in
the past and like to offer to my CCIE students (and our labs work well with
this gear):

2x 2501s
2x 2503s (for ISDN)
1x 2511 (reverse telnet AS)
3x 2513s (TR/Ether)
1x 2522 (frame-switch)
ISDN Simulator
Catalyst 5k
3900 TR Switch
2610 w/ voice
2620 w/ voice
misc. cables, etc

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
used Cisco gear:  www.optsys.net
CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html
""Jonathan Kephart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>I have an equipment question - I would like to confirm my logic with
> those of you who are more experienced with the whole CCIE path.  I am
> thinking that the actual HW platform doesn't matter nearly as much as just
> the technology (BGP, VoIP, TR ect).  So, as long as you can load the
> appropriate code like 12.1X it doesn't matter really if you are using a
> 2500, 3600, or a 4000.  The exception to this is obviously the modules
that
> are supported and port density.  You need a 26XX or 36XX for the VoIP
stuff,
> and something larger than a 25XX (like an old 4000) for the port density
(4+
> serial ports).  Or am I mistaken - is there something I am missing?
>
> What I was thinking of for my lab is:
>
> Three 2501's plus some other 25XX's
> Two 2610's with NM-2V & WIC-2T  cards
> Three 4000's with various TR, Eth, and Serial cards
>
> Some to be determined Switch equipment.
>
> Curious for your opinion,
>  -Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29821&t=29763
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Steven A. Ridder]

For furture reference, once you enable CBAC on an interface, it MONITORS
traffic in both directions.

As for the SMTP thing, you remove ip inspect from the interface, and you can
telnet into the server at port 25?  Do I have that right?  You SURE you
removed it?  Cause if you can get in via 25 via telnet, you're in.  Only
CBAC would block it if you tried to login into the server, or some other
ESMTP command, and that's only if it was on.  You sure the server isn't bad?


""Ray Brehm""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Steven A. Ridder wrote:
>
> >The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
> >CBAC.  I ran into that problem before.
> >
> I'm not actually doing CBAC on the inbound traffic, I'm just letting it
> through with the access list. At any rate, I removed the IP inspect
> command from the interface and I still have the same problem. TCP to the
> POP port works fine, TCP to the SMTP port doesn't respond. I can telnet
> to port 25 locally, get the server response and type a command, I get no
> response telnetting to port 25 through the firewall.
>
> >
> >
> >""Ray Brehm""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >
> >>I have a 2621 with IOS IP/FW that I'm unable to connect through to the
> >>inside SMTP server. I can connect to that same server using POP3 with no
> >>errors. The inside device is a static NAT. The port appears open when I
> >>port scan the IP address but I get TCP errors when trying to send mail.
> >>
> >>Any ideas? Did I miss something stupid?
> >>Is the fact that I have multiple "nat inside" interfaces relevant is
> >>this situation? (I've never known it to make a difference)
> >>
> >>Relevant config:
> >>
> >>ip inspect name firewall http
> >>ip inspect name firewall ftp
> >>ip inspect name firewall netshow
> >>ip inspect name firewall realaudio
> >>ip inspect name firewall rtsp
> >>ip inspect name firewall smtp
> >>ip inspect name firewall tcp
> >>ip inspect name firewall udp
> >>
> >>interface FastEthernet0/0
> >> ip address 10.1.0.1 255.255.255.0
> >> ip nat inside
> >> speed 10
> >> full-duplex
> >> ntp broadcast
> >> bridge-group 1
> >>!
> >>interface Serial0/0
> >> ip address 10.1.12.1 255.255.255.0
> >> ip nat inside
> >> bridge-group 1
> >>!
> >>interface FastEthernet0/1
> >> ip address 12.42.189.2 255.255.255.240
> >> ip access-group 103 in
> >> ip nat outside
> >> ip inspect firewall out
> >> duplex auto
> >> speed auto
> >>!
> >>interface Serial0/1
> >> ip address 10.1.13.1 255.255.255.0
> >> ip nat inside
> >> bridge-group 1
> >>!
> >>router eigrp 100
> >> redistribute static metric 384 255 255 1 1500
> >> network 10.0.0.0
> >> auto-summary
> >> no eigrp log-neighbor-changes
> >>!
> >>ip nat inside source list 18 interface FastEthernet0/1 overload
> >>ip nat inside source static 10.1.0.4 12.42.189.4
> >>ip classless
> >>ip route 0.0.0.0 0.0.0.0 12.42.189.1
> >>!
> >>logging history debugging
> >>logging 10.1.0.3
> >>access-list 18 permit 10.1.0.0 0.0.255.255
> >>access-list 101 permit tcp any any ack
> >>access-list 101 permit udp any any
> >>access-list 101 permit icmp any any
> >>access-list 103 permit tcp any host 12.42.189.4 eq smtp
> >>access-list 103 permit tcp any host 12.42.189.4 eq pop3
> >>bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29820&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Proper dress for CCIE lab? [7:29524]

[Curtis Phillips]

Actually, you are better endowed than I had thought..:-)

- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Thursday, December 20, 2001 4:51 PM
Subject: RE: Proper dress for CCIE lab? [7:29524]


> Yes, but how do you know that's really me? Check the pictures at this
site:
>
> http://routergod.com/fabio/
>
> Priscilla
>
> At 08:45 AM 12/20/01, [EMAIL PROTECTED] (John Nemeth) wrote:
> >On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
> >}
> >} (Note to all the guys on this list:  The ladies here are all petite,
very
> >} physically fit, and are always dressed to kill!)
> >}
> >} (Note to all the ladies on this list:  We know the above isn't true,
but
> >} since
> >} most on the list don't know what we look like, why not give their
> >} imaginations
> >} something to work with.  Hmm... I wonder what the "virtual" me looks
like
> >to
> >} most of them.).
> >
> >  There is a picture of Priscilla sitting in front of an iBook (aka
> >"toilet seat" -- I *just* had to throw that in there, the devil made me
> >do it :->), so it is easy to get a general idea of what she looks like.
> >
> >  As for you, given your comments about being perfectly happy
> >swinging from the rafters in mountain climbing gear in order to install
> >cabling, I suspect that you are in fairly good shape which usually
> >translates into keeping fit, looking after yourself, not being
> >overweight etc., which usually means that you would be fairly good
> >looking (good thing my girlfriend doesn't read this list).  Beyond
> >that, I have no idea how tall you are, how much you weigh, what colour
> >your hair is, how long your hair is, what colour your eyes are, etc.
> >Given the above, I don't have any problem believing "petite, very
> >physically fit, and always dressed to kill".
> >
> >} PS.  Oh a way off topic we will go!  A way off topic we will go!
> >
> >  Yeah, but this one sure beats the flame wars.
> >
> >}-- End of excerpt from "Leigh Anne Chisholm"
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29819&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Ray Brehm]

MADMAN wrote:

>Yes I have run into problems defining http also.  The bottom line is I
>now only "inspect" TCP, UDP and FTP.  These cover all the others without
>breaking them!!!
>
thanks for the heads up
I just updated IOS to v12.2.6a (I know I'm crazy but I might want 
cisco's support)
what version of IOS have these problems?

>
>  Dave
>
>"Steven A. Ridder" wrote:
>
>>The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
>>CBAC.  I ran into that problem before.
>>
>>""Ray Brehm""  wrote in message
>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>
>>>I have a 2621 with IOS IP/FW that I'm unable to connect through to the
>>>inside SMTP server. I can connect to that same server using POP3 with no
>>>errors. The inside device is a static NAT. The port appears open when I
>>>port scan the IP address but I get TCP errors when trying to send mail.
>>>
>>>Any ideas? Did I miss something stupid?
>>>Is the fact that I have multiple "nat inside" interfaces relevant is
>>>this situation? (I've never known it to make a difference)
>>>
>>>Relevant config:
>>>
>>>ip inspect name firewall http
>>>ip inspect name firewall ftp
>>>ip inspect name firewall netshow
>>>ip inspect name firewall realaudio
>>>ip inspect name firewall rtsp
>>>ip inspect name firewall smtp
>>>ip inspect name firewall tcp
>>>ip inspect name firewall udp
>>>
>>>interface FastEthernet0/0
>>> ip address 10.1.0.1 255.255.255.0
>>> ip nat inside
>>> speed 10
>>> full-duplex
>>> ntp broadcast
>>> bridge-group 1
>>>!
>>>interface Serial0/0
>>> ip address 10.1.12.1 255.255.255.0
>>> ip nat inside
>>> bridge-group 1
>>>!
>>>interface FastEthernet0/1
>>> ip address 12.42.189.2 255.255.255.240
>>> ip access-group 103 in
>>> ip nat outside
>>> ip inspect firewall out
>>> duplex auto
>>> speed auto
>>>!
>>>interface Serial0/1
>>> ip address 10.1.13.1 255.255.255.0
>>> ip nat inside
>>> bridge-group 1
>>>!
>>>router eigrp 100
>>> redistribute static metric 384 255 255 1 1500
>>> network 10.0.0.0
>>> auto-summary
>>> no eigrp log-neighbor-changes
>>>!
>>>ip nat inside source list 18 interface FastEthernet0/1 overload
>>>ip nat inside source static 10.1.0.4 12.42.189.4
>>>ip classless
>>>ip route 0.0.0.0 0.0.0.0 12.42.189.1
>>>!
>>>logging history debugging
>>>logging 10.1.0.3
>>>access-list 18 permit 10.1.0.0 0.0.255.255
>>>access-list 101 permit tcp any any ack
>>>access-list 101 permit udp any any
>>>access-list 101 permit icmp any any
>>>access-list 103 permit tcp any host 12.42.189.4 eq smtp
>>>access-list 103 permit tcp any host 12.42.189.4 eq pop3
>>>bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29818&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Ray Brehm]

Steven A. Ridder wrote:

>The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
>CBAC.  I ran into that problem before.
>
I'm not actually doing CBAC on the inbound traffic, I'm just letting it 
through with the access list. At any rate, I removed the IP inspect 
command from the interface and I still have the same problem. TCP to the 
POP port works fine, TCP to the SMTP port doesn't respond. I can telnet 
to port 25 locally, get the server response and type a command, I get no 
response telnetting to port 25 through the firewall.

>
>
>""Ray Brehm""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>>I have a 2621 with IOS IP/FW that I'm unable to connect through to the
>>inside SMTP server. I can connect to that same server using POP3 with no
>>errors. The inside device is a static NAT. The port appears open when I
>>port scan the IP address but I get TCP errors when trying to send mail.
>>
>>Any ideas? Did I miss something stupid?
>>Is the fact that I have multiple "nat inside" interfaces relevant is
>>this situation? (I've never known it to make a difference)
>>
>>Relevant config:
>>
>>ip inspect name firewall http
>>ip inspect name firewall ftp
>>ip inspect name firewall netshow
>>ip inspect name firewall realaudio
>>ip inspect name firewall rtsp
>>ip inspect name firewall smtp
>>ip inspect name firewall tcp
>>ip inspect name firewall udp
>>
>>interface FastEthernet0/0
>> ip address 10.1.0.1 255.255.255.0
>> ip nat inside
>> speed 10
>> full-duplex
>> ntp broadcast
>> bridge-group 1
>>!
>>interface Serial0/0
>> ip address 10.1.12.1 255.255.255.0
>> ip nat inside
>> bridge-group 1
>>!
>>interface FastEthernet0/1
>> ip address 12.42.189.2 255.255.255.240
>> ip access-group 103 in
>> ip nat outside
>> ip inspect firewall out
>> duplex auto
>> speed auto
>>!
>>interface Serial0/1
>> ip address 10.1.13.1 255.255.255.0
>> ip nat inside
>> bridge-group 1
>>!
>>router eigrp 100
>> redistribute static metric 384 255 255 1 1500
>> network 10.0.0.0
>> auto-summary
>> no eigrp log-neighbor-changes
>>!
>>ip nat inside source list 18 interface FastEthernet0/1 overload
>>ip nat inside source static 10.1.0.4 12.42.189.4
>>ip classless
>>ip route 0.0.0.0 0.0.0.0 12.42.189.1
>>!
>>logging history debugging
>>logging 10.1.0.3
>>access-list 18 permit 10.1.0.0 0.0.255.255
>>access-list 101 permit tcp any any ack
>>access-list 101 permit udp any any
>>access-list 101 permit icmp any any
>>access-list 103 permit tcp any host 12.42.189.4 eq smtp
>>access-list 103 permit tcp any host 12.42.189.4 eq pop3
>>bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29817&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NetworkForce.com CCIE Lab Scenario [7:29676]

[Pham, James]

Hi John,

Thanks for your advice. Although I don't plan to fail the first time, but if
I fail, I would not feel so bad, right? I'm trying to work out a deal for
200-hour rack rental. I'm not quite sure if CCBootcamp labs scenarios are
updated enough to reflect the recent change of the 1-day lab and flexible
enough to use on a non-CCBootcamp lab. I would appreciate if anyone who has
used CCBootcamp lab scenarios and sit on the real 1-day CCIE lab can give
some insight on this. How good and close are they compare to the real lab? I
don't think this is violating the NDA, right? Does it worth the money?

Thanks,

James



-Original Message-
From: John Kaberna [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: NetworkForce.com CCIE Lab Scenario [7:29676]


Never even heard of them.  Why not just do the CCBootcamp labs?  It's only
$650.  I didn't want to spend 5k on a class either so I can't say that I
blame you.  Although I've felt like if I went to one of those classes I
probably would have passed the first or second time instead of the third
time.

John Kaberna
CCIE #7146
www.netcginc.com
(415) 750-3800

__
CCIE Security Training
www.netcginc.com/training.htm


""Pham, James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> It's time to put the theory into practice and pay my dues on the journey
to
> CCIE!  I'm shopping around for the good guys that offer good CCIE Lab
> scenarios and lab rental at a reasonable rate. I think it would work
better
> if I buy the CCIE lab scenarios that were designed for their rack. Had
> anyone ever used the NetworkForce CCIE Lab scenarios and their lab.  How
> good are they?  Any advices, comments on how to prepare for the real CCIE
> Lab. I don't have the luxury to pay $5,000 for the CCbootcamp class!
>
> Thanks,
>
> James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29804&t=29676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Stimulators [7:29787]

[Brad Ellis]

Please check the archives (www.groupstudy.com), I have posted several times
on this already.  If you cant find it in the archives, you can shoot me an
email (look at my signature).

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
used Cisco gear:  www.optsys.net
CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html

""AlefTec PvtLtd""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
>
> Can some one pls suggest me good ISDN Stimulators which i can use in my
labs
> for BCRAN.
> I am looking for following features:
> ISDN BRI and
> ISDN PRI
>
> Thanking u in advance.
>
> Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29816&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[Priscilla Oppenheimer]

Yes, but how do you know that's really me? Check the pictures at this site:

http://routergod.com/fabio/

Priscilla

At 08:45 AM 12/20/01, [EMAIL PROTECTED] (John Nemeth) wrote:
>On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
>}
>} (Note to all the guys on this list:  The ladies here are all petite, very
>} physically fit, and are always dressed to kill!)
>}
>} (Note to all the ladies on this list:  We know the above isn't true, but
>} since
>} most on the list don't know what we look like, why not give their
>} imaginations
>} something to work with.  Hmm... I wonder what the "virtual" me looks like
>to
>} most of them.).
>
>  There is a picture of Priscilla sitting in front of an iBook (aka
>"toilet seat" -- I *just* had to throw that in there, the devil made me
>do it :->), so it is easy to get a general idea of what she looks like.
>
>  As for you, given your comments about being perfectly happy
>swinging from the rafters in mountain climbing gear in order to install
>cabling, I suspect that you are in fairly good shape which usually
>translates into keeping fit, looking after yourself, not being
>overweight etc., which usually means that you would be fairly good
>looking (good thing my girlfriend doesn't read this list).  Beyond
>that, I have no idea how tall you are, how much you weigh, what colour
>your hair is, how long your hair is, what colour your eyes are, etc.
>Given the above, I don't have any problem believing "petite, very
>physically fit, and always dressed to kill".
>
>} PS.  Oh a way off topic we will go!  A way off topic we will go!
>
>  Yeah, but this one sure beats the flame wars.
>
>}-- End of excerpt from "Leigh Anne Chisholm"


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29815&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mask in L3 Packet [7:29182]

[Priscilla Oppenheimer]

In the local configuration of every device.

Priscilla

At 08:07 AM 12/20/01, steve skinner wrote:
>go on then pris..
>
>you have wetted my appetite where is the the subnet mask kept if it isnt
>in the ip packet ?
>
>
> >From: "Priscilla Oppenheimer"
> >Reply-To: "Priscilla Oppenheimer"
> >To: [EMAIL PROTECTED]
> >Subject: Re: Mask in L3 Packet [7:29182]
> >Date: Fri, 14 Dec 2001 13:42:36 -0500
> >
> >From its own local config. The mask isn't in the IP packet, which does
> >come as a surpise to some people! If this isn't what you're getting at,
> >just let us know...
> >
> >Priscilla
> >
> >At 08:20 AM 12/14/01, you wrote:
> > >This may sound like a dumb quesion, but if I send a packet to a
different
> > >host, where is the subnet mask?  Where does a host get the subnet mask
> >info
> > >to do an AND operation?
> >
> >
> >Priscilla Oppenheimer
> >http://www.priscilla.com
>_
>Join the worlds largest e-mail service with MSN Hotmail.
>http://www.hotmail.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29814&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Latest Hackers Target: Routers [7:29810]

[Steven A. Ridder]

The routing protocol info should be passed over a separate network like ss7
is.  It would aslo prevent bgp flapping also when links are so flooded even
hello's can't get through.


""Eric Rogers""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29813&t=29810
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Frame-relay [7:29747]

[Priscilla Oppenheimer]

It's not a stupid question at all. Frame Relay is connection-oriented, but 
not reliable. Before any data can be sent, a connection must be 
established. The connection is maintained with LMI. If the connection 
maintenance determines the circuit is down, then no data can be sent. Data 
is sent without sequence numbers and is not acknowledged. There's no 
reliability.

In the LAN world, the term "connection-oriented" is often used synonymously 
with the term "reliable" when referring to protocols. When we say that TCP 
is a connection-oriented protocol, the assumption is that TCP is also a 
reliable protocol. LAN engineers don't tend to differentiate the two 
descriptive terms.

In the WAN world, we must differentiate the terms. A Frame Relay or ATM 
circuit is established in advance of its use through the use of a signaling 
protocol.

The reliability, or lack thereof, associated with data being passed through 
the circuit is dependent on the characteristics of the upper-layer protocol 
being used by the communicators. Reliability is not a feature or function 
associated with the WAN circuit itself. The protocol is not reliable. 
However, it is connection-oriented.

The GDC page that you are using to study looks really good at a quick 
glance. But I think they drew the wrong conclusion about connectionless VS 
connection-oriented. But it does sort of depend on how you look at it. The 
"Cisco answer" is that FR is connection-oriented.

Sorry for the length of this message!

Priscilla

At 12:51 AM 12/20/01, Caio Misticone wrote:
>Hello Group!
>I'm still studying to get my CCNA certification, and i have some doubts
>related to frame-relay protocol.
>Is it connection-oriented or connectionless?
>I know it's is a stupid question, however, i found two answers on the net.
>
>"CONNECTIONLESS, Packet-Based Protocol"
>http://www.gdc.com/corporate_news/connects04/techfocus/framebasics.html
>
>and
>
>"Frame Relay provides CONNECTION-ORIENTED data link layer communication"
>http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/frame.htm
>
>So... what is the right one?
>
>Thanks,
>
>Caio Misticone


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29812&t=29747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Stimulators [7:29787]

[Paul Lalonde]

Hi,

Try the following links (variety of ISDN network emulation for PRI and BRI)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t3/dt_q931.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t2/dt_qsig.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
limit/121x/121xi/121xi_3/dt_brint.htm

Hope this helps!
Paul

""Robert""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Do you have any info on setting up a router as a simulated ISDN switch?
>
> ""Paul Lalonde""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi there,
> >
> > I had an ISDN stimulator, once.  When my ISDN performance wasn't as good
> and
> > satisfying as I thought it should be, I'd give it a little stimulation.
> >
> > Kidding aside, if you're looking for an ISDN SIMULATOR, your best bet
> would
> > be to look into companies like Teltone, Emutel, etc.  Even Cisco
2600/3600
> > routers with ISDN interfaces can simulate the ISDN network, now. Fun
> stuff!
> >
> > Paul
> >
> > ""AlefTec PvtLtd""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi
> > >
> > > Can some one pls suggest me good ISDN Stimulators which i can use in
my
> > labs
> > > for BCRAN.
> > > I am looking for following features:
> > > ISDN BRI and
> > > ISDN PRI
> > >
> > > Thanking u in advance.
> > >
> > > Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29811&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Latest Hackers Target: Routers [7:29810]

[Eric Rogers]

Paste into your browser:

dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29810&t=29810
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[Logan, Harold]

I believe this shirt should be considered appropriate:

http://www.thinkgeek.com/stuff/apparel/340c.shtml

Maybe St. Nick will hook me up with one... ;)

Hal Logan
Network Specialist / Adjunct Faculty
Computing and Engineering Technology
Manatee Community College


> -Original Message-
> From: Darren Crawford [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 18, 2001 9:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Proper dress for CCIE lab? [7:29524]
> 
> 
> Wear a Cisco shirt and kiss up to the proctor.
> 
> D.
> 
> At 05:00 PM 12/18/2001 -0500, Steven A. Ridder wrote:
> >Is it true that you have to be dressed in a suit for the 
> CCIE lab?  Do them
> >mark mannerisms, speech and dress?  I have some old Novell 
> guys telling me
> >horror stories of the Novel Instructor Program.
> >
> >Steve
> x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$
> :0`0:$xx 
> 
> Lucent Technologies
> NetworkCare Professional Services
> http//www.lucent.com/netcare/
> Darren S. Crawford - CCNP, CCDP, CCIE TBA
> 
> Northwest Region - Sacramento Office
> Voicemail (916) 859-5200 x310
> Pager (800) 467-1467
> mailto:[EMAIL PROTECTED]
> 
> x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$
> :0`0:$xx 
> 
> "You always have time for things you put first" - Tucker Resources




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29809&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco academy's routing skills final ,tough!!! [7:29212]

[Logan, Harold]

That's par for the course. When they first deployed the CCNA curriculum
it was ugly, inaccurate, and ambiguous, and it read like stereo
instructions... not to mention the first version of the textbooks for
the class, which weren't even useful as doorstops (I checked; they were
too thin to wedge under the door, and they didn't have enough weight to
hold the door open on their own)

No curriculum is going to be 100% error-free and self-explanatory.
That's why we instructors still have jobs.

Hal Logan
Network Specialist / Adjunct Faculty
Computing and Engineering Technology
Manatee Community College


> -Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 18, 2001 5:33 PM
> To: [EMAIL PROTECTED]
> Subject: Re: cisco academy's routing skills final ,tough!!! [7:29212]
> 
> 
> I saw the Solaris cert project when netacad had just posted 
> the beta for
> academys to review, and I took a recheck again recently. I honestly
> believe they could have done a much better job with it. I 
> noticed alot of
> the info was either incorrect, half right, or ass-backwards.
> It's sort of like the web design cert.
> Someone here please tell me why a Cisco network engineer needs a
> certification of good practices with Adobe GoLive?
> 
> I can understand trying to broaden your horizons, but the 
> solaris cert and
> the adobe cert just were not at all up to the academys normal 
> standards.
> 
> -jeff
> 
> 
> 
> On Tue, 18 Dec 2001, Patricia Leeb-Hart wrote:
> 
> > Thanks, Brian, for the sound advice.  I've just finished 
> Semester 4 (though
> > I got my CCNA a couple of months ago) and look forward to 
> Sem. 5.  As I've
> > stated before, I'm going the Academy route for cost 
> reasons, hands-on with
> > an extensive lab but also to benefit from the interaction 
> between other
> > students.  They range in experience from an experienced 
> network consultant
> > through guys and gals just a couple of years out of high 
> school to people
> > making a mid-life career switch.  One thing I will add to 
> your post is to
> > stick with it, practice, practice, practice, do as much 
> labwork as you can.
> > If possible, work with xNIX -- the Academy program is 
> expanding to include
> a
> > Solaris cert which I'm very excited about.  This will get 
> you comfortable
> > with CLI, scripting, and networking concepts like DNS 
> zones, DHCP, routing
> > daemons, mail daemons, processes, debugging and generally 
> finding your way
> > around a network..  Remember that a router is basically a dedicated
> > computer.  The broader the networking-related knowledge, 
> the better.  From
> > my experience, employers don't necessarily want someone 
> whose skills are
> too
> > tightly focussed on one platform, not to mention that you 
> won't be as
> > effective in troubleshooting if all you know is the Cisco 
> Way.  And one
> last
> > thing -- this is exciting stuff.  It can be fun.  Love the 
> technology,
> > people. (it won't love you back, but it makes your job a lot more
> enjoyable )
> >
> > >>> "brian hall"  12/17/2001 7:48:19 PM >>>
> > --minor snip--
> >  I wanted it to be more of a heads up to all who are about 
> to take on sem5
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29808&t=29212
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[MADMAN]

Yes I have run into problems defining http also.  The bottom line is I
now only "inspect" TCP, UDP and FTP.  These cover all the others without
breaking them!!!

  Dave

"Steven A. Ridder" wrote:
> 
> The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
> CBAC.  I ran into that problem before.
> 
> ""Ray Brehm""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a 2621 with IOS IP/FW that I'm unable to connect through to the
> > inside SMTP server. I can connect to that same server using POP3 with no
> > errors. The inside device is a static NAT. The port appears open when I
> > port scan the IP address but I get TCP errors when trying to send mail.
> >
> > Any ideas? Did I miss something stupid?
> > Is the fact that I have multiple "nat inside" interfaces relevant is
> > this situation? (I've never known it to make a difference)
> >
> > Relevant config:
> >
> > ip inspect name firewall http
> > ip inspect name firewall ftp
> > ip inspect name firewall netshow
> > ip inspect name firewall realaudio
> > ip inspect name firewall rtsp
> > ip inspect name firewall smtp
> > ip inspect name firewall tcp
> > ip inspect name firewall udp
> >
> > interface FastEthernet0/0
> >  ip address 10.1.0.1 255.255.255.0
> >  ip nat inside
> >  speed 10
> >  full-duplex
> >  ntp broadcast
> >  bridge-group 1
> > !
> > interface Serial0/0
> >  ip address 10.1.12.1 255.255.255.0
> >  ip nat inside
> >  bridge-group 1
> > !
> > interface FastEthernet0/1
> >  ip address 12.42.189.2 255.255.255.240
> >  ip access-group 103 in
> >  ip nat outside
> >  ip inspect firewall out
> >  duplex auto
> >  speed auto
> > !
> > interface Serial0/1
> >  ip address 10.1.13.1 255.255.255.0
> >  ip nat inside
> >  bridge-group 1
> > !
> > router eigrp 100
> >  redistribute static metric 384 255 255 1 1500
> >  network 10.0.0.0
> >  auto-summary
> >  no eigrp log-neighbor-changes
> > !
> > ip nat inside source list 18 interface FastEthernet0/1 overload
> > ip nat inside source static 10.1.0.4 12.42.189.4
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 12.42.189.1
> > !
> > logging history debugging
> > logging 10.1.0.3
> > access-list 18 permit 10.1.0.0 0.0.255.255
> > access-list 101 permit tcp any any ack
> > access-list 101 permit udp any any
> > access-list 101 permit icmp any any
> > access-list 103 permit tcp any host 12.42.189.4 eq smtp
> > access-list 103 permit tcp any host 12.42.189.4 eq pop3
> > bridge 1 protocol ieee
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29807&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subject: Re: Subject: Re: PIM kills OSPF [7:29336]

[Paul Werner]

Comments within and below. [Verbosity bit is set]


> Hi there!
> 
> Just a quick answer. First of all thanx for all your replies, 
it's very
> valuable. In regards to the article about HSRP/PIM problems, 
I have also
> found that one, but it didn't fit into the problem (sadly..).

I figured that was probably the case.  ALthough you did mention 
that HSRP was affected with the addition of PIM to your 
configurations, it was no guarantee that there were other 
forces at play.

> I'm at home today with no access to the equipment, but I'll 
continue
> with it
> tomorrow together with a collegue of mine. The router CPU-
load is very
> low,
> there is now traffic since this is only done in our lab-
enviroment for
> the
> moment.


Well, I would not necessarily rule out a bug either (as was 
originally suggested by another poster).  The trick is 
identifying the router CPU utilization/load during the 
introduction of PIM commands.  If no spike is seen during the 
entire process, my hunch would be that other problems are at 
stake.  Still, I did find a few bugs that indicated loss of 
connectivity in OSPF routes and HSRP problems with the addition 
of PIM.


CSCdm68862

Hot Standby Router Protocol (HSRP) does not work when IP 
Protocol Independent Multicast (PIM) is configured on a Fast 
Ethernet interface that uses the DEC211140 chipset. The active 
router does not reply to an Internet Control Message Protocol 
(ICMP) ping of the virtual IP address. 

Workaround: Use the burned-in address by entering the standby 
use-bia command. 

or this:

CSCdr11784

If you configure Protocol Independent Multicast (PIM) or Hot 
Standby Router Protocol (HSRP) on an ATM-LANE interface, the 
CPU of the Route Switch Processor (RSP) may reach 99 percent. 
This situation only occurs when Open Shortest Path First (OSPF) 
is enabled on more than 12 interfaces in combination with ATM-
LANE. This situation does not occur on an RSP that is running 
Cisco IOS Release 12.0 S or Release 11.2 GS. There is no 
workaround. 


> In regards to RP or not RP, it doesn't matter, for the moment 
it's
> configured with BSR's where wg3r2 is the Candidate-RP for a 
couple of
> groups. 

See, the lines listed above are another good example of what I 
made reference to earlier.  It is nearly impossible to make any 
degree of accurate diagnosis of these type of problems without 
all of the complete information.  Partial configs are analogous 
to the patient that goes to see the doctor and complains that 
his head is always hurting.  The doctor runs a battery of tests 
and cannot come up with anything conclusive.  When the patient 
is ready to get discharged, the doctor turns to write on the 
charts and finds the patient banging his head on the wall.  The 
doctor asks why he is doing this?  The patient responds, "Well 
doc, it feels really good when I stop"  Obviously, a complete 
medical history on the patient would have rendered a more 
accurate and timely diagnosis - admission to the psyche ward.

You need to post full sanitized configs of your routers to show 
what is really going on.  You just mentioned two salients facts 
that were not previously mentioned.  First is the fact that you 
are using BSRs.  In Cisco design for multicast networks, the 
presence of a bootstrap router implies a non-homogeneous 
network, i.e. you are using non-Cisco routers to do multicast.  
You did not mention this previously.  Also, since you are using 
a BSR, this implies you are working with PIM version 2.  The 
real question to be asked is are all your routers also using 
PIM version 2?


The adjacency is the same even if we run Auto-RP. In regards to
> PIM
> only sparse or only dense...haven't tried that yet :-)

Another thought here on running Auto-RP in an environment with 
a configured BSR; you may want to read this section (watch 
wrap):

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/
121cgcr/ip_c/ipcprt3/1cdmulti.htm#xtocid994543

Specifically, make note of the following:

"Either the BSR or Auto-RP should be chosen for a given range 
of multicast groups. If there are PIM Version 1 routers in the 
network, do not use the BSR."

 
> I visited Networks in Copenhagen for about a month ago, and 
the lecture
> on
> multicast from Beau Williamson was very interesting, and yes 
it's very
> true
> Paul Werner that he recommend you to only run sparse-
mode...but for
> Auto-RP
> you need sparse-dense...

This is not true.  Auto RP can be run in sparse mode only, or 
sparse-dense mode.  I am not sure where you heard this.  Maybe 
what you might have heard is it is recommended that Auto-RP 
should be run in sparse-dense mode?  That is entirely 
possible.  For a link on this, you may want to read here(watch 
wrap:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/
121cgcr/ip_c/ipcprt3/1cdmulti.htm#xtocid994514

Specifically, I am referencing the following passages:

"Note   If you configure PIM in sparse mode or sparse-dense 
mode and do not 

OT: Call Manager and Military DSN [7:29805]

[John Kaberna]

I am working on an IP telephony solution and I need to hook in to the DSN.
>From my current understanding DSN is sent out to the local telco via the
PSTN and is routed from there. This would make for a fairly simple dial plan
in Call Manager.  Has anybody heard anything different about how DSN is
setup to work?

John Kaberna
CCIE #7146
NETCG Inc.
www.netcginc.com
(415) 750-3800

Instructor for CCBootcamp 5-day class www.ccbootcamp.com
__
CCIE Security Training
www.netcginc.com/training.htm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29805&t=29805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT CCNP questions [7:29477]

[[EMAIL PROTECTED]]

Thanks for the heads-up. I'm glad to see that they're finally attempting to
address the lack of rigor.

An important, more on-topic point about test taking.

I get very jealous of speed readers because I am most emphatically not one
of them and my life would be a lot easier if I could count myself amongst
their ranks.

Spending 10 or fewer seconds on a computer certification question and
correctly answering it is possible by NOT reading the whole question and
keeping in mind the following:

1. in an overwhelming majority of cases, the answer will allude to concepts
covered in the official vendor courseware or educational press materials
and not stray outside those confines. many answers on the multiple choice
questions fall outside of these topics.

2. in many cases, the vendor is looking to empasize situations where
practices surrounding the successful implementation of their products
deviate from open standards or accepted industry best practices

3. many of the choices are blatantly wrong & stand out as a result..

There are (or "were" if your account is correct) other heuristics you can
invoke to take shortcuts, but it's been too long since I sat for a computer
cert for me to recall them all.

anyway, this is most definitely a case where your mileage may vary, so I
most DEFINITELY do NOT reccomend this approach, especially as money is
generally involved.

Based on the tests I was provided with, the six or so vendors I mentioned
are guilty of sponsoring certification programs that make use of test
questions which fail to establish a candidate's to a much greater extent
than Cisco (even if they did dumb-down the cc[n/d][p/a] routing & switching
tests with the advent of version 2).






"Mark Odette II" @groupstudy.com on 12/20/2001
01:19:51 PM

Please respond to "Mark Odette II" 

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  RE: CIT CCNP questions [7:29477]


Just a forewarning- Don't even think about using that logic if you decide
to
take the new MS Design exams.
They are Case-Study based, and you will use every bit of 3.5 of the 4 hours
these tests are set for.
... and it doesn't matter if you are a speed reader.  This tests are much
more comprehensive, and therefore more difficult to pass.
For those test takers that like to get up and go take a smoke break during
the long tests... I'd advise the acquisition of the Patch.  A colleague of
mine, that is a smoker, took the smoke break, and it cost him - he failed
because he simply ran out of time to complete enough questions to pass. --
No that has to suck.  Talk about a 100.00 cigarette... hope he enjoyed it!

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, December 20, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: CIT CCNP questions [7:29477]


Regarding the number of questions on a given exam:

For lesser certifications (lotus, microsoft, NAI, checkpoint, nortel,
novell) i can sometimes get away with spending 10 seconds or less on each
question, allowing me to squeeze a certification exam into an otherwise
implausibly short timeslot. This comes in handy (& saves a potential
complete waste of an exam fee) when your boss refuses to allow you more
than 20 minutes away from the office because of a major frame relay outage.

So, sometimes advance knowledge of the number of questions a given exam
uses (or even the knowledge that it is adaptive and not fixed) can, in
limited circumstances, come in handy.





"Priscilla Oppenheimer" @groupstudy.com on 12/19/2001
05:03:30 PM

Please respond to "Priscilla Oppenheimer"

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  RE: CIT CCNP questions [7:29477]


At 10:17 AM 12/19/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
>Hello Priscilla,
>
>On my own experience, the information given on that link is not correct at
>least in number of question.

I was just commenting on the categorization of topics. Saying that there
are just four topics (HDLC, connectionless models, IOS backups, and
troubleshooting) is obviously screwed up. Cisco used to say that in all
their documentation about CIT. They are slowly fixing it in some places.

I don't care how many questions are on the test and can't understand why
anyone else cares either.

Priscilla

>Cisco wrote 55-65 question, but I received 30%
>more question - 79 to be exact.
>
>I did all of the CCNP rounting stack exams within 15 days, last of them
>(CIT) six days ago and what I am sure, Cisco never give me less than 72
>question.
>
>Something changed, who know?
>Zdenek
>
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 18, 2001 9:24 PM
>To: [EMAIL PROTECTED]
>Subject: RE: CIT CCNP questions [7:29477]
>
>
>At 11:57 AM 12/18/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
> >I passed CIT only few days ago. Number of question varies from 65 to 79
in
>

Re: ISDN Stimulators [7:29787]

[Robert]

Do you have any info on setting up a router as a simulated ISDN switch?

""Paul Lalonde""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi there,
>
> I had an ISDN stimulator, once.  When my ISDN performance wasn't as good
and
> satisfying as I thought it should be, I'd give it a little stimulation.
>
> Kidding aside, if you're looking for an ISDN SIMULATOR, your best bet
would
> be to look into companies like Teltone, Emutel, etc.  Even Cisco 2600/3600
> routers with ISDN interfaces can simulate the ISDN network, now. Fun
stuff!
>
> Paul
>
> ""AlefTec PvtLtd""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi
> >
> > Can some one pls suggest me good ISDN Stimulators which i can use in my
> labs
> > for BCRAN.
> > I am looking for following features:
> > ISDN BRI and
> > ISDN PRI
> >
> > Thanking u in advance.
> >
> > Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29802&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Issue [7:29337]

[Peter Whittle]

John,

Two points: in the past some Telcos required you to dial a different
international dial code if you wanted to ensure that the path was 64Kb
data capable end to end. Some international circuits go over compressed
circuits, normally over satellite and some heavily used long distance
submarine cables. However, I thought that most of the high-tech world
had moved over to sense on bearer capability. If the call comes in as 64
k unrestricted data then the exchanges should provide you with a full 64
data capable path. 

The second point is if you are high level bearer capability V.120 then
the originating end has most likely got a TA and is trying to do v.120
rate adaption your answering end needs to be configured to support it.
If it is not configured to support v.120 rate adaption then it will
reject the call, probably with a normal clearing code of 16.

Peter

 .In article , John Kale
 writes
>Hi all,
>
>i have a router setup to receive isdn calls from windows clients using
TA's.
>All the UK clients can connect but the france clients can't. with the debug 
>isdn q931...i can see RX i also see the v120 and low layer compati message.
CCO says for me to get
>the v120 message means my router can detect v120 encap. i need tips on what 
>could be wrong and how i can solve the problem.
>
>
>also sometimes the UK clients dial, connect, get issued an ip address from 
>my dhcp server(my router) but a windows error message then comes up 'error 
>xxx: cannot open port' .it takes a reboot of my router to resolve this 
>issue.
>
>thank you for ur anticipated response(s).
>
>
>regards,
>
>John
>
>
>_
>Join the worlds largest e-mail service with MSN Hotmail. 
>http://www.hotmail.com
>html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

-- 
Peter Whittle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29801&t=29337
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voice question Prefix [7:29681]

[Steven A. Ridder]

The prefix command is just a command that adds that number to the digits the
router will pass.  When you dial 9 right now, the router has no match for
that number and imediatley gives you that busy signal.  When you dial 8, it
shouldn't give you a busy signal until the interdigit timeout comes into
play, i believe 2 seconds.

I can't understand why you want the router to pause before you dial the rest
of the number.  What are you trying to do exactly?


""David Broughton""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> All, I need a little assistance. Can anyone provide some input on what
> I am doing wrong.
>
> I am trying to do a simple lab where you have to dial "9" or "8"
> then you hear a pause and you then are able to dial the other
> phone hanging off my VIC FXS card.
>
> The problem I am having is that everytime I dial 9 or 8 via my
> analog phone I get a fast busy. When I dial the # programmed on
> the port, the call goes thru fine. I put in my config the prefix 9,
> statement and the call still does not work.Can anyone
> advise what I might be doing wrong. Below is the statement
>
> All I am trying to do is call between phones hanging off the
> same router except dial a prefix before dialing the
> correct #. It is sort of like being a work and you have to
> dial a 9 or 8 to reach a outside line.
>
>
>
> dial-peer voice 1 pots
>  destination-pattern 8516426
>  port 1/0/0
>  prefix 9,
> !
> dial-peer voice 2 pots
>  destination-pattern +6775329
>  port 1/0/1
>  prefix 8,
>
>
> I have a Cisco 2610 router. IOS is 12.2. Ram 48 flash 16.
>
> 2610 with 48 ram 16 meg flash
> NM 1V 1 FXS
>
> Any suggestions ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29800&t=29681
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame-relay [7:29747]

[Lee James]

What it "is" and what it "provides" are two different statements altogether.
So it appears confusing, but i remember studying for it i felt the same way.
And remember going into the exam, they will try to trick you and reword
questions exactly like the one you have.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29799&t=29747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Stimulators [7:29787]

[R. Benjamin Kessler]

>Even Cisco 2600/3600
>routers with ISDN interfaces can simulate the ISDN network, now. Fun stuff!

really?  cool...can you point me to a link with a sample config?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29798&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS firewall, NAT and smtp [7:29794]

[Steven A. Ridder]

The CBAC dosen't understand ESMTP commands I think.  Don't watch smtp on
CBAC.  I ran into that problem before.



""Ray Brehm""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a 2621 with IOS IP/FW that I'm unable to connect through to the
> inside SMTP server. I can connect to that same server using POP3 with no
> errors. The inside device is a static NAT. The port appears open when I
> port scan the IP address but I get TCP errors when trying to send mail.
>
> Any ideas? Did I miss something stupid?
> Is the fact that I have multiple "nat inside" interfaces relevant is
> this situation? (I've never known it to make a difference)
>
> Relevant config:
>
> ip inspect name firewall http
> ip inspect name firewall ftp
> ip inspect name firewall netshow
> ip inspect name firewall realaudio
> ip inspect name firewall rtsp
> ip inspect name firewall smtp
> ip inspect name firewall tcp
> ip inspect name firewall udp
>
> interface FastEthernet0/0
>  ip address 10.1.0.1 255.255.255.0
>  ip nat inside
>  speed 10
>  full-duplex
>  ntp broadcast
>  bridge-group 1
> !
> interface Serial0/0
>  ip address 10.1.12.1 255.255.255.0
>  ip nat inside
>  bridge-group 1
> !
> interface FastEthernet0/1
>  ip address 12.42.189.2 255.255.255.240
>  ip access-group 103 in
>  ip nat outside
>  ip inspect firewall out
>  duplex auto
>  speed auto
> !
> interface Serial0/1
>  ip address 10.1.13.1 255.255.255.0
>  ip nat inside
>  bridge-group 1
> !
> router eigrp 100
>  redistribute static metric 384 255 255 1 1500
>  network 10.0.0.0
>  auto-summary
>  no eigrp log-neighbor-changes
> !
> ip nat inside source list 18 interface FastEthernet0/1 overload
> ip nat inside source static 10.1.0.4 12.42.189.4
> ip classless
> ip route 0.0.0.0 0.0.0.0 12.42.189.1
> !
> logging history debugging
> logging 10.1.0.3
> access-list 18 permit 10.1.0.0 0.0.255.255
> access-list 101 permit tcp any any ack
> access-list 101 permit udp any any
> access-list 101 permit icmp any any
> access-list 103 permit tcp any host 12.42.189.4 eq smtp
> access-list 103 permit tcp any host 12.42.189.4 eq pop3
> bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29797&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who said women don't dig routers? [7:29781]

[Howard C. Berkowitz]

Someone should really find a picture of Sandy Lerner in her current 
Goth regalia.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29796&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Stimulators [7:29787]

[Daniel Cotts]

Adtran Atlas 550. Sit down before reading the price.

> -Original Message-
> From: AlefTec PvtLtd [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 12:41 PM
> To: [EMAIL PROTECTED]
> Subject: ISDN Stimulators [7:29787]
> 
> 
> Hi
> 
> Can some one pls suggest me good ISDN Stimulators which i can 
> use in my labs
> for BCRAN.
> I am looking for following features:
> ISDN BRI and
> ISDN PRI
> 
> Thanking u in advance.
> 
> Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29795&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who said women don't dig routers? [7:29781]

[Scott Hoover]

Throw a route filter on it for proctection and your good to go.

""Kaminski, Shawn G""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A friend of mine sent this to me. I've never seen it so I thought I would
> pass it along! If it's already been seen on this list, I apologize for the
> waste of bandwidth!
>
> http://unixsex.com/netadmin/noclust/routergirl.jpg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29793&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS firewall, NAT and smtp [7:29794]

[Ray Brehm]

I have a 2621 with IOS IP/FW that I'm unable to connect through to the 
inside SMTP server. I can connect to that same server using POP3 with no 
errors. The inside device is a static NAT. The port appears open when I 
port scan the IP address but I get TCP errors when trying to send mail.

Any ideas? Did I miss something stupid?
Is the fact that I have multiple "nat inside" interfaces relevant is 
this situation? (I've never known it to make a difference)

Relevant config:

ip inspect name firewall http
ip inspect name firewall ftp
ip inspect name firewall netshow
ip inspect name firewall realaudio
ip inspect name firewall rtsp
ip inspect name firewall smtp
ip inspect name firewall tcp
ip inspect name firewall udp

interface FastEthernet0/0
 ip address 10.1.0.1 255.255.255.0
 ip nat inside
 speed 10
 full-duplex
 ntp broadcast
 bridge-group 1
!
interface Serial0/0
 ip address 10.1.12.1 255.255.255.0
 ip nat inside
 bridge-group 1
!
interface FastEthernet0/1
 ip address 12.42.189.2 255.255.255.240
 ip access-group 103 in
 ip nat outside
 ip inspect firewall out
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.1.13.1 255.255.255.0
 ip nat inside
 bridge-group 1
!
router eigrp 100
 redistribute static metric 384 255 255 1 1500
 network 10.0.0.0
 auto-summary
 no eigrp log-neighbor-changes
!
ip nat inside source list 18 interface FastEthernet0/1 overload
ip nat inside source static 10.1.0.4 12.42.189.4
ip classless
ip route 0.0.0.0 0.0.0.0 12.42.189.1
!
logging history debugging
logging 10.1.0.3
access-list 18 permit 10.1.0.0 0.0.255.255
access-list 101 permit tcp any any ack
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 103 permit tcp any host 12.42.189.4 eq smtp
access-list 103 permit tcp any host 12.42.189.4 eq pop3
bridge 1 protocol ieee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29794&t=29794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Stimulators [7:29787]

[Scott Hoover]

This actually sounds kinda kinky--I've been spending way too much time in
front of a rack. . .6 weeks to go and counting.


""AlefTec PvtLtd""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
>
> Can some one pls suggest me good ISDN Stimulators which i can use in my
labs
> for BCRAN.
> I am looking for following features:
> ISDN BRI and
> ISDN PRI
>
> Thanking u in advance.
>
> Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29792&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Stimulators [7:29787]

[Paul Lalonde]

Hi there,

I had an ISDN stimulator, once.  When my ISDN performance wasn't as good and
satisfying as I thought it should be, I'd give it a little stimulation.

Kidding aside, if you're looking for an ISDN SIMULATOR, your best bet would
be to look into companies like Teltone, Emutel, etc.  Even Cisco 2600/3600
routers with ISDN interfaces can simulate the ISDN network, now. Fun stuff!

Paul

""AlefTec PvtLtd""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
>
> Can some one pls suggest me good ISDN Stimulators which i can use in my
labs
> for BCRAN.
> I am looking for following features:
> ISDN BRI and
> ISDN PRI
>
> Thanking u in advance.
>
> Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29790&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Buying IOS Software [7:29761]

[Symon Thurlow]

You can buy IOS second hand, it is on a cd in a box.

They come up on ebay occaiosionally

Symon

---
> AFAIK, there is no such thing as buying used IOS software.  I don't
think
> there is any provision for selling or otherwise transferring the
software in
> the license agreement.  Even if you buy a used router with the IOS
on it,
> you are responsible for obtaining the appropriate "new" IOS license.
> 
> The k1d
> 
> 
> 
> ""Jonathan Kephart""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Greetings,
> >I am looking at putting together a lab in order to study for
the CCIE,
> > and I have encountered a problem.   I figure that I need to have a
12.1.X
> > version of code, Enterprise Plus edition.  According to the IOS
Feature
> Tool
> > on CCO that is the feature pack that has BGP, IS-IS and other
various
> things
> > I will need to study for the CCIE.  My problem is, where can I buy
this SW
> > used?  I have checked several places on-line, and they all say
they don't
> > have it and I should buy from Cisco direct - at a cost of $2500 -
4000.
> Can
> > anyone point to some place where I could buy a leagl used copy?
> >
> > I am looking for code to run the 4000, and the 25XX's.
> >
> > Thanks,
> >   -Jonathan
[EMAIL PROTECTED]
> 
Cheers,

Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29768&t=29761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ccbootcamp part 2 [7:29682]

[Kaminski, Shawn G]

Well put, Kevin.

I have dealt with both Brad and Marc at Network Learning, Inc. and Optsys,
Inc. and have been to their place of business to check out their equipment.
They are both really nice guys and you wouldn't believe the racks they have
set up! They both know their sh*t and I've seen their labs, which are very
good. They have created a service which would take the normal CCIE candidate
a long time to do themselves. I believe that $650 is a reasonable price for
the work that they put into these labs.

As Chuck mentioned, there are also free labs that you can use and your own
imagination to create your own labs. What a great way to learn!

Shawn 

-Original Message-
From: Kevin Wigle [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, December 19, 2001 11:40 PM
To: [EMAIL PROTECTED]
Subject: Re: ccbootcamp part 2 [7:29682]


I couldn't subscribe to this project because to me the attitude of my study
partners is important.

The slamming of other people's work, obvious unapologetic mis-understanding
and misrepresentation of the issues and situation without first hand
knowledge doesn't bode well for a good learning environment.

I wish you well in your studies.

Kevin Wigle
CCDP CCNP and other stuff

- Original Message -
From: 
To: 
Sent: Wednesday, 19 December, 2001 21:11
Subject: Re: ccbootcamp part 2 [7:29682]


> !Hola!
>
> I'm very new to the Cisco Certs game, but I'd like this project.
>
> > Well to start of this exchange of labs maybe we should set some 
> > basic
> > foundations:
>
> > 1.  All labs should not exceed more than 6 routers.
> > I think we all know why this should be the case.
>
> Somebody has said that in the real lab there are 6+3 routers.
>
> These 3 core routers are configured by the wannabe ccie or by the 
> Cisco people?
>
> If they are configured by the cisco people and they are supposed to 
> use only bgp we could set up several zebra/mrtd in internet with a 
> system to automatically get bgp sessions configured...
>
> > I think my game plan is, at least for the first few labs, to create 
> > a map in visio with some core requirements.  Then the group can 
> > suggest such things as Local Area Mobility, NAT, etc that can be 
> > incorporated in to the lab.
>
> > Where can we post the labs?
>
> I can setup a web server (not very good connectivity by US standards,
512kbps
> in Argentina...) to post them.
>
> > Can every one read visio?
>
> No. I don't think there is a visio reader for unix.
>
> > Do we have to send it out in a different format?
>
> PDF?
>
> Saludos,
> HoraPe
> ---
> Horacio J. Peqa
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29779&t=29682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NetworkForce.com CCIE Lab Scenario [7:29676]

[John Kaberna]

Never even heard of them.  Why not just do the CCBootcamp labs?  It's only
$650.  I didn't want to spend 5k on a class either so I can't say that I
blame you.  Although I've felt like if I went to one of those classes I
probably would have passed the first or second time instead of the third
time.

John Kaberna
CCIE #7146
www.netcginc.com
(415) 750-3800

__
CCIE Security Training
www.netcginc.com/training.htm


""Pham, James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> It's time to put the theory into practice and pay my dues on the journey
to
> CCIE!  I'm shopping around for the good guys that offer good CCIE Lab
> scenarios and lab rental at a reasonable rate. I think it would work
better
> if I buy the CCIE lab scenarios that were designed for their rack. Had
> anyone ever used the NetworkForce CCIE Lab scenarios and their lab.  How
> good are they?  Any advices, comments on how to prepare for the real CCIE
> Lab. I don't have the luxury to pay $5,000 for the CCbootcamp class!
>
> Thanks,
>
> James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29749&t=29676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lab Equip [7:29763]

[Daniel Cotts]

I'd suggest a 4500M or better if you want something in that series. It
supports some newer modules. Not sure if it supports IOS images that the
4000 cannot. Comments from the list requested.

Consider something in the 2520-23 range for multiple serial ports. The 20
and 22 have one Ethernet port. The 21 and 23 have one Token Ring port. All
have an ISDN BRI S/T port. All have two fast serial ports (up to 2Mbs). The
20 and 21 have two low-speed async/sync serial ports (up to 115 kbs). The 22
and 23 have eight low-speed serial ports. All serial ports are standard 60
pin. You could even configure the low speed ports as async and use them for
a terminal server. (Yes, you have to mate a console cable to an RS-232 to 60
pin serial cable.)

Instead of 2501s spend just a little more to get additional ports. 2503 adds
an ISDN BRI S/T port. 2513 adds a Token Ring port. 2509/11 adds async ports.

For a "set command" based Catalyst switch the lowest price would be a 2901.
It maxes out at OS 4.5(x).

Tell all your friends that you are looking for Cisco gear. Sometimes a
company goes out of business and sells their equipment at a low price. It's
good to be the buyer.

If you find a stack of 3900/3920 Token Ring switches for $100 each - let me
know.

> -Original Message-
> From: Jonathan Kephart [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 7:22 AM
> To: [EMAIL PROTECTED]
> Subject: Lab Equip [7:29763]
> 
> 
> Hello,
>I have an equipment question - I would like to confirm my 
> logic with
> those of you who are more experienced with the whole CCIE path.  I am
> thinking that the actual HW platform doesn't matter nearly as 
> much as just
> the technology (BGP, VoIP, TR ect).  So, as long as you can load the
> appropriate code like 12.1X it doesn't matter really if you 
> are using a
> 2500, 3600, or a 4000.  The exception to this is obviously 
> the modules that
> are supported and port density.  You need a 26XX or 36XX for 
> the VoIP stuff,
> and something larger than a 25XX (like an old 4000) for the 
> port density (4+
> serial ports).  Or am I mistaken - is there something I am missing?
> 
> What I was thinking of for my lab is:
> 
> Three 2501's plus some other 25XX's
> Two 2610's with NM-2V & WIC-2T  cards
> Three 4000's with various TR, Eth, and Serial cards
> 
> Some to be determined Switch equipment.
> 
> Curious for your opinion,
>  -Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29789&t=29763
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ccbootcamp part 2 [7:29682]

[Howard C. Berkowitz]

Let me comment on several aspects of this thread, with the disclaimer 
I am involved with a virtual rack business that will be announced 
Real Soon Now, and involves the cooperative efforts of several 
recognized groups.

First, let's talk about scenarios.  Not long ago, I posted my 
taxonomy of lab scenarios, which range from "mini classes" to let the 
user get deeper understanding of a particular technology, to 
multistage scenarios more like the test but with mentoring features, 
to pressure-cooker lab practice.  It's not super-hard to create a 
scenario that gives some practice. Speaking from experience, it's 
much harder to create scenarios that have specific instructional 
objectives. When I'm writing a scenario for gaining specific protocol 
knowledge, I will usually explore several ways to do it. When I'm 
writing one to be more like my understanding of the actual test, I 
will put in artificial constraints so there is basically only one 
solution.   Should a practice scenario have supporting references, at 
least links? I think so.

Second, the lab or virtual rack itself. There is a wide difference in 
features, stability, and operational support among commercial labs. 
While it may be practical and appropriate to have cheaper written 
products for countries where S prices are simply out of the question 
(incidentally, rather to my surprise, I just received Chinese 
translations of my Routing & Switching Architecture book), that isn't 
necessarily practical for labs. There are fixed capital costs for 
equipment, plus operational costs to support the lab. Let's put it 
this way...for this upcoming project in which I'm involved, we are 
now pouring the concrete for the backup diesel and UPS, but are still 
working on having redundant local loops. Not everyone has that kind 
of availability as a goal.

It may be practical to clone shared labs into countries where 
operational cost is lower, and save on the transoceanic bandwidth 
costs.  The equipment cost, however, is what it is.

Incidentally, I am a strong believer in virtual racks rather than 
personal labs, because you certainly will have to deal with remote 
routers in real jobs, and it's my understanding that the 1-day CCIE 
lab also is hands-off the physical equipment. Even if you build a 
personal lab, rely on a terminal server and reverse telnet -- it will 
be better practice.

I wish people well in rolling their own scenarios, and we will also 
have some scenarios for free download, as well as others that are 
associated with rack rental. But it's harder than it looks to write 
GOOD scenarios. Indeed, I treat them like any other formal software 
engineering project, with code version control, formal acceptance 
testing, etc.



>Well to start of this exchange of labs maybe we should set some basic
>foundations:
> 1.  All labs should not exceed more than 6 routers.
> I think we all know why this should be the case.
> 2.  The frame cloud in every lab should not exceed four connections.
>
> I have spoken to several people who complain about the
>current competition use 5 connections in the frame cloud.  Most of us
>only have the four port
>2500  at home that acts as a frame switch.
> 3.  Keep it up to date.
> How difficult is it to do a practice lab while trying not to
>be distracted by some technology that is not on the test any more.
> 5.   Keep it original.
> Create your own work, don't take a lab out of Halabi's book,
>add an extra router, then slap a 650 dollar price tag on it.
> 4.  Keep it FREE.
> I don't know about the rest if you, but after dropping
>13,000 dollars in a lab at home, and 4,000 dollars in training, spending
>an extra 650 just hurts.
>
>I think my game plan is, at least for the first few labs, to create a
>map in visio with some core requirements.  Then the group can suggest
>such things as Local Area
>Mobility, NAT, etc that can be incorporated in to the lab.
>
>Where can we post the labs? Can every one read visio?  Do we have to
>send it out in a different format?
>
>And yes Marc, the email is bogus.  I did not want to be spammed by you
>or your affiliates.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29788&t=29682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Stimulators [7:29787]

[AlefTec PvtLtd]

Hi

Can some one pls suggest me good ISDN Stimulators which i can use in my labs
for BCRAN.
I am looking for following features:
ISDN BRI and
ISDN PRI

Thanking u in advance.

Merry Christmas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29787&t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT CCNP questions [7:29477]

[Mark Odette II]

Just a forewarning- Don't even think about using that logic if you decide to
take the new MS Design exams.
They are Case-Study based, and you will use every bit of 3.5 of the 4 hours
these tests are set for.
... and it doesn't matter if you are a speed reader.  This tests are much
more comprehensive, and therefore more difficult to pass.
For those test takers that like to get up and go take a smoke break during
the long tests... I'd advise the acquisition of the Patch.  A colleague of
mine, that is a smoker, took the smoke break, and it cost him - he failed
because he simply ran out of time to complete enough questions to pass. --
No that has to suck.  Talk about a 100.00 cigarette... hope he enjoyed it!

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, December 20, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: CIT CCNP questions [7:29477]


Regarding the number of questions on a given exam:

For lesser certifications (lotus, microsoft, NAI, checkpoint, nortel,
novell) i can sometimes get away with spending 10 seconds or less on each
question, allowing me to squeeze a certification exam into an otherwise
implausibly short timeslot. This comes in handy (& saves a potential
complete waste of an exam fee) when your boss refuses to allow you more
than 20 minutes away from the office because of a major frame relay outage.

So, sometimes advance knowledge of the number of questions a given exam
uses (or even the knowledge that it is adaptive and not fixed) can, in
limited circumstances, come in handy.





"Priscilla Oppenheimer" @groupstudy.com on 12/19/2001
05:03:30 PM

Please respond to "Priscilla Oppenheimer"

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  RE: CIT CCNP questions [7:29477]


At 10:17 AM 12/19/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
>Hello Priscilla,
>
>On my own experience, the information given on that link is not correct at
>least in number of question.

I was just commenting on the categorization of topics. Saying that there
are just four topics (HDLC, connectionless models, IOS backups, and
troubleshooting) is obviously screwed up. Cisco used to say that in all
their documentation about CIT. They are slowly fixing it in some places.

I don't care how many questions are on the test and can't understand why
anyone else cares either.

Priscilla

>Cisco wrote 55-65 question, but I received 30%
>more question - 79 to be exact.
>
>I did all of the CCNP rounting stack exams within 15 days, last of them
>(CIT) six days ago and what I am sure, Cisco never give me less than 72
>question.
>
>Something changed, who know?
>Zdenek
>
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 18, 2001 9:24 PM
>To: [EMAIL PROTECTED]
>Subject: RE: CIT CCNP questions [7:29477]
>
>
>At 11:57 AM 12/18/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
> >I passed CIT only few days ago. Number of question varies from 65 to 79
in
> >the CCNP stack  . I do not know why, but the topics are slightly
different
> >from that announced on Cisco web. Strictly speaking, you will be counted
> >only in 4 areas:
> >
> >Connectionless Models
> >HDLC
> >IOS backups
> >Troubleshooting
>
>The categorization of topics for CIT has been broken for a while though
>cisco has made some efforts to fix it. The list here is better than it
used
>to be:
>
>http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exa
m

>s/640-506.html
>
>
> >Yes, there are some question about Appletalk, but nothing special. The
same
> >for IPX. In my opinion, you will be quite prepared, if you go down your
> >notes for previouse CCNP stack exams (I took CIT at the end)
> >
> >Cisco recommended courses and books used
> >
> >wish you luck
> >Zdenek
> >
> >-Original Message-
> >From: Yarie [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, December 18, 2001 4:28 PM
> >To: [EMAIL PROTECTED]
> >Subject: CIT CCNP questions [7:29477]
> >
> >
> >Hello all,
> >
> >I would like to take the  CIT exam (640 - 506) and I have couple of
> >questions:
> >
> >Does any one knows what is the total amount of questions asked?
> >what is the percentage of Novell IPX and AppleTalk out of it?
> >
> >Thanks,
> >
> >Yaron
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com

This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.
===

BGP Help (Solution) [7:29785]

[[EMAIL PROTECTED]]

Greetings all,

I found the solution last night to our problem.  All the routers in the
drawing below are peering with each other,  I failed to mention
yesterday that rtrA and rtr B are not directly connected.  The way these
routers knew about each others routes was via iBGP, which made bgp think
there was a loop somewhere (recursive routes).  By adding static routes
and making sure these routers knew about each other via static routes,
resolved the issue.  Another way of identifying recursive routing was
the bgp table refresh, every 60 seconds.


HTH Nabil


- Forwarded by Nabil Fares/RTP/USEPA/US on 12/20/2001 10:42 AM -
   
 
Nabil
Fares
 To:
[EMAIL PROTECTED]
12/19/2001  
cc:
11:07 AM Subject: BGP
Help
   
 
   
 



Greetings all,

I was wondering if you guys can help out with this problem.  We're
connected to both Sprint and UUnet and receiving full routes.  All
routers are peering with each other.  My problem is with both RTRA and
RTRB, they're flapping constantly, RTRC and RTRD are very stable.  Is
there a knowing cause am missing here?  any suggestions would be great.


Thanks.Nabil





RTR A- - - - - - - - - - - - - - - - - - - - RTRB
 |   |
 |   |
 |   |
 |   |
RTRC RTRD
Sprint  UUNET




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29785&t=29785
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mask in L3 Packet [7:29182]

[Howard C. Berkowitz]

>Steve,
>
>According to RFC-791 (ftp://ftp.isi.edu/in-notes/rfc791.txt), all that is
>contained in the IP header with respect to addresses is the source address
>and the destination address, both 32 bit fields.  The routers have the task
>of figuring out where to send things based on the routing tables.
>
>When you do a 'show ip route' on your routers, you can find the mask.

Or ask the Lone Ranger. "Who was that masked man?"

At a more serious level, masks are transmitted only in classless 
routing protocols (or in special cases such as DHCP). Classful 
routing protocols either assume "natural masks" of /8, /16, or /24, 
or obtain masks from local configuration information.

>
>Quick tip:
>You don't need any drugs for sleeping.  Just read some of the RFCs.  :-)
>
>Ken

If you consider RFCs sedating, try ISO documents if you are in search 
of surgical anesthesia.

Actually, some RFCs, besides the April 1 specials, are quite decently 
written. The RIP document is very much worthwhile for beginners at 
routing.  I usually try to sneak a little humor into mine.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29784&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: That Friday Follies Question... [7:29473]

[[EMAIL PROTECTED]]

I might not be devoting adequate attention to all postings in the thread,
but by "same major network" do you also mean "same classful network?"






"John Neiberger" @groupstudy.com on
12/19/2001 07:26:11 PM

Please respond to "John Neiberger" 

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  RE: RE: That Friday Follies Question... [7:29473]


Excellent!  That perfectly explains the behavior we were experiencing.
I was only able to make this work when the tunnel was in the same major
network.  When I made the tunnel a part of a different major net, things
got a little weird.

You're correct, in the scenario I've been playing with IGRP is the only
protocol involved.  The addition of other protocols wouldn't change the
behavior of IGRP so I've been testing this with two routers only.

Thanks for doing the research, that was great!

John

>>> "R. Benjamin Kessler"  12/19/01
4:46:27 PM >>>
Warning, this is a bit longish...I'd be interested in feedback to see
if
anyone agrees/disagrees, finds this at all helpful, etc.  Part of this
exercise is to make sure I've got this straight in my head.

Here's a CCO link that may help:

http://www.cisco.com/warp/public/103/5.html

The scenario you outlined can be examined as a "straight" IGRP problem
without confusing the issue by redistributing from/to OSPF.

To allow more routes to be advertised in a single update packet, the
designers of IGRP decided to only send the three "significant" bytes of
the
network address.  For Interior links the last three bytes are sent -
the
first byte is assumed to match that of the outgoing interface; for
Exterior
and System links, only the first three bytes are sent and the last byte
is
assumed to be zero.

Regarding the three different portions of update messages (snipped from
the
above link):

/Begin SNIP/
Note that an IGRP update message has three portions: interior, system
(meaning "this autonomous system" but not interior), and exterior. The
interior section is for routes to subnets. Not all subnet information
is
included. Only subnets of one network are included. This is the
network
associated with the address to which the update is being sent.
Normally
updates are broadcast on each interface, so this is simply the network
on
which the broadcast is being sent. (Other cases arise for responses to
an
IGRP request and point to point IGRP.) Major networks (i.e.
non-subnets) are
put into the system portion of the update message unless they are
specifically flagged as exterior.

A network will be flagged as exterior if it was learned from another
gateway
and the information arrived in the exterior portion of the update
message.
Cisco's implementation also allows the system administrator to declare
specific networks as exterior. Exterior routes are also referred to as
"candidate default". They are routes that go to or through gateways
that are
considered to be appropriate as defaults, to be used when there is no
explicit route to a destination.
/End SNIP/

Consider the following topology:

   R1-R2-R3-R4-R5

Where the following interfaces are configured:

R1 - Lo0  - 192.168.10.1/28
 E0   - 192.168.10.17/28

R2 - E0   - 192.168.10.18/28
 Lo0  - 192.168.10.33/28
 S0.1 - 192.168.10.49/28

R3 - S0.1 - 192.168.10.50/28
 Lo0  - 192.168.10.65/28
 Lo1  - 192.168.10.99/27
 E0   - 192.168.10.129/27

R4 - E0   - 192.168.10.130/27
 Lo0  - 192.168.10.161/27
 S0.1 - 192.168.10.193/27

R5 - S0.1 - 192.168.10.194/27
 Lo0  - 192.168.10.225/27

All routers are configured as follows:

router IGRP 1
  network 192.168.10.0

Here's the routing tables from R1, R3, and R5.  Obviously, R3 can see
and
get to everything but R1 and R5 only see the networks with the matching
mask
lengths:

R1#sh ip ro
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * -
candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

 192.168.10.0/28 is subnetted, 5 subnets
I   192.168.10.64 [100/9076] via 192.168.10.18, 00:00:02,
Ethernet0
I   192.168.10.32 [100/1600] via 192.168.10.18, 00:00:02,
Ethernet0
I   192.168.10.48 [100/8576] via 192.168.10.18, 00:00:02,
Ethernet0
C   192.168.10.0 is directly connected, Loopback0
C   192.168.10.16 is directly connected, Ethernet0
R1#

R3#sh ip ro
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * -
candidate
default
 

RE: CIT CCNP questions [7:29477]

[[EMAIL PROTECTED]]

Regarding the number of questions on a given exam:

For lesser certifications (lotus, microsoft, NAI, checkpoint, nortel,
novell) i can sometimes get away with spending 10 seconds or less on each
question, allowing me to squeeze a certification exam into an otherwise
implausibly short timeslot. This comes in handy (& saves a potential
complete waste of an exam fee) when your boss refuses to allow you more
than 20 minutes away from the office because of a major frame relay outage.

So, sometimes advance knowledge of the number of questions a given exam
uses (or even the knowledge that it is adaptive and not fixed) can, in
limited circumstances, come in handy.





"Priscilla Oppenheimer" @groupstudy.com on 12/19/2001
05:03:30 PM

Please respond to "Priscilla Oppenheimer" 

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  RE: CIT CCNP questions [7:29477]


At 10:17 AM 12/19/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
>Hello Priscilla,
>
>On my own experience, the information given on that link is not correct at
>least in number of question.

I was just commenting on the categorization of topics. Saying that there
are just four topics (HDLC, connectionless models, IOS backups, and
troubleshooting) is obviously screwed up. Cisco used to say that in all
their documentation about CIT. They are slowly fixing it in some places.

I don't care how many questions are on the test and can't understand why
anyone else cares either.

Priscilla

>Cisco wrote 55-65 question, but I received 30%
>more question - 79 to be exact.
>
>I did all of the CCNP rounting stack exams within 15 days, last of them
>(CIT) six days ago and what I am sure, Cisco never give me less than 72
>question.
>
>Something changed, who know?
>Zdenek
>
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 18, 2001 9:24 PM
>To: [EMAIL PROTECTED]
>Subject: RE: CIT CCNP questions [7:29477]
>
>
>At 11:57 AM 12/18/01, =?iso-8859-2?Q?Zajac_Zden=ECk?= wrote:
> >I passed CIT only few days ago. Number of question varies from 65 to 79
in
> >the CCNP stack  . I do not know why, but the topics are slightly
different
> >from that announced on Cisco web. Strictly speaking, you will be counted
> >only in 4 areas:
> >
> >Connectionless Models
> >HDLC
> >IOS backups
> >Troubleshooting
>
>The categorization of topics for CIT has been broken for a while though
>cisco has made some efforts to fix it. The list here is better than it
used
>to be:
>
>http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam

>s/640-506.html
>
>
> >Yes, there are some question about Appletalk, but nothing special. The
same
> >for IPX. In my opinion, you will be quite prepared, if you go down your
> >notes for previouse CCNP stack exams (I took CIT at the end)
> >
> >Cisco recommended courses and books used
> >
> >wish you luck
> >Zdenek
> >
> >-Original Message-
> >From: Yarie [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, December 18, 2001 4:28 PM
> >To: [EMAIL PROTECTED]
> >Subject: CIT CCNP questions [7:29477]
> >
> >
> >Hello all,
> >
> >I would like to take the  CIT exam (640 - 506) and I have couple of
> >questions:
> >
> >Does any one knows what is the total amount of questions asked?
> >what is the percentage of Novell IPX and AppleTalk out of it?
> >
> >Thanks,
> >
> >Yaron
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com

This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29782&t=29477
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Who said women don't dig routers? [7:29781]

[Kaminski, Shawn G]

A friend of mine sent this to me. I've never seen it so I thought I would
pass it along! If it's already been seen on this list, I apologize for the
waste of bandwidth!

http://unixsex.com/netadmin/noclust/routergirl.jpg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29781&t=29781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco academy's routing skills final ,tough!!! [7:29212]

[Greg Macaulay]

I'd like to inject my own .02 here -- for what it's worth.  I am a retired
law professor -- having taught law students, lawyers and even judges over
the years!  One of my pet peeves during my career was the inability of
students (on whatever level) to effectively communicate both orally and with
the written word.

For a number of years I taught in Ireland, England and Australia where there
was only one examination per year in each subject.  This meant that a
student's entire grade for an entire year rested on their performance in a
single written examination.  Since I had come from an American academic
background, where there are finals each semester (rather than annually) and
mid-terms, term papers, class performance, etc. I was a bit shocked at this
different academic system.

So, in an effort to both deal with my "pet peeve," and ensure that my
students would be able to effectively communicate their knowledge on a final
examination, I instituted a process whereby I gave students, short papers to
write every two weeks and reviewed them individually with each student.
Also, I gave continuous mock examinations to teach students to communicate
under pressure.

None of this admittedly was for "credit."  Everything still depended on a
student's performance on their final examination.  However, by aggressively
pushing students to master written communications during the academic year,
I hopefully ensured that they maximized their chances of passing -- and with
a good grade.

In fact, though I never -- never mentioned it to any student -- I never
failed any student who showed up for my final examination.  I knew that
their efforts in dealing with the persistent intense pressure to write
during the year, and answer my searching cross-examinations of their
substantive knowledge far surpassed anything they might produce during a 3
or 4 hour written examination in June.  However, this only became an issue
with border-line examination scores, as most students passed with
sufficiently high-grades.

In those instances where a few students who had undergone the year-long
writing process performed badly or inadequately on the final examination, I
was always able to give them the benefit of the doubt -- as I knew their
true abilities from observing their efforts during the academic year.
Oftentimes, too many external factors, such as a suddent loss of memory,
physical ailments, fear, stress or other similar factors negatively effect a
student's performance on a final examination. My process was a stopgap to
ensure that those factors were either minimized or negated entirely.

Only those few who failed to attend class, either at all or sporadically
during the year were not given the benefit of the doubt in borderline cases.
Everyone else was given this benefit.

I mention this -- long-windedly (as I am an attorney) -- because it seems
that there may have been a breakdown in the testing process here.  A
teacher's responsibility -- especially in a hands-on environment as here --
is to drum this information into students' heads -- during the acadmeic
year -- to the point that student's know and understand  the information
without any effort.  The lab hands-on should not be a means of eliminating
students, but to ratify that the teacher has effectively communicated the
information to students during the academic year.  If ALL or MOST students
fail such an examination, it is a strong sign that the teacher has failed
his/her responsbilities to the students.

I guess I could go on, but I'll wait and see what flames this message
brings!

To all, Have a Happy and Joyous Holiday!

Greg Macaulay
(Almost) Oldest CCNP/CCDP on Earth
Lifetime AARP member
Retired Attorney/Law Professor
- Original Message -
From: "Tom Lisa" 
To: 
Sent: Monday, December 17, 2001 5:59 PM
Subject: Re: cisco academy's routing skills final ,tough!!! [7:29212]


> Although I would prefer that all my students passed on the first try, you
> are correct in your assessment.  Unfortunately, having passed the CCNA
> exam does not guarantee success at the CCNP level.  I have stated
> before that I like to compare the Cisco certs to the Crafts skills
> designators.
> I consider the CCNA an apprentice, the CCNP journeyman, and
> CCIE master craftsman level of expertise.  Not all apprentices make it
> to the journeyman level and very few journeymen ascend to the Master
> craftsman level.
>
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco Regional Networking Academy
>
>
> Brian Whalen wrote:
>
> > I really don't agree that everyone should pass, tho perhaps that was a
> > wisecrack I didn't see.  Inevitably in any class some students try and
> > some don't.  If everyone fails then yes perhaps that is a problem, but
> > given the material difficulty, I would expect a substantial failure
rate.
> >
> > Brian "Sonic" Whalen
> > Success = Preparation + Opportunity
> >
> > On Sat, 15 Dec 2001, Tom Lisa wrote:
> >
> > > I resemble that remark!
> > >

Re: NTP Question [7:29778]

[[EMAIL PROTECTED]]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mcfadden, Chuck
Sent: Thursday, December 20, 2001 10:44 AM
To: [EMAIL PROTECTED]
Subject: NTP Question [7:29770]


A friend of mine was doing a PIX installation on the edge of a W2K
environment.  He was trying to allow NTP through the PIX but it would not
go.  He found that, since he was using an inbound ACL, the packet would
eventually reach the explicit deny.  According to his research, he had to
allow port 123 (NTP) in his ACL in able to allow it through the firewall,
even though it was established.  The question that has since been
unanswered:  Does NTP use UDP or TCP or both?  Any ideas?
ccie1ab (chuck)

I think this might work.

This should go on the outside interface.
access-list [number] permit udp any host [outside global address] eq ntp

Then statically map the outside global address to your inside local address
(which would be the ip address of the W2K server doing the NTP).

Using...
static (inside,outside) [ ouside global address] [inside local address]
netmask 255.255.255.255 0 0

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29778&t=29778
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can't ping 'through' router..help? [7:29724]

[Bill Carter]

Your segment with PC's is private addresses.  The ISP is not routing them.
You need to eenable NAT to get to the Internet.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 8:35 PM
To: [EMAIL PROTECTED]
Subject: can't ping 'through' router..help? [7:29724]


hi...i have a question regarding router configuration.  i'm trying to set up
a 2621 router but am running into a problem, i can't ping through the router
(ie, no traffic going through the thing).  i can ping from the 2621 to a dsl
router, and from the 2621 to a pc i've set up on the lan, but i can't get
traffic from the internet (dsl1) to the pc, and vice versa.  i've enabled a
default route out, as well as rip?  i'm kind of new at this so any help
would be...well, helpful.  here's my config:

!
hostname myrouter
!
enable secret X
enable password X
!
ip name-server 207.155.183.72
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0/0
no shutdown
description will be connected to Internet(dsl 2)-not connected
ip address 66.89.59.194 255.255.255.192
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
interface FastEthernet 0/1
no shutdown
description connected to ethernet
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
interface Ethernet 1/0
no shutdown
description connected to Internet (dsl1)
ip address 168.103.127.153 255.255.255.248
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
router rip
version 2
network 66.0.0.0
network 192.168.2.0
passive-interface Ethernet 1/0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Ethernet 1/0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
login
transport input none
!
line vty 0 4
login
!

thanks in advance...
pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29777&t=29724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NTP Question [7:29770]

[Kane, Christopher A.]

According to RFC 1305, NTP uses UDP.

Chris

-Original Message-
From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:44 AM
To: [EMAIL PROTECTED]
Subject: NTP Question [7:29770]


A friend of mine was doing a PIX installation on the edge of a W2K
environment.  He was trying to allow NTP through the PIX but it would not
go.  He found that, since he was using an inbound ACL, the packet would
eventually reach the explicit deny.  According to his research, he had to
allow port 123 (NTP) in his ACL in able to allow it through the firewall,
even though it was established.  The question that has since been
unanswered:  Does NTP use UDP or TCP or both?  Any ideas?
ccie1ab (chuck)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29774&t=29770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mask in L3 Packet [7:29182]

[Ken Diliberto]

Steve,

According to RFC-791 (ftp://ftp.isi.edu/in-notes/rfc791.txt), all that is
contained in the IP header with respect to addresses is the source address
and the destination address, both 32 bit fields.  The routers have the task
of figuring out where to send things based on the routing tables.

When you do a 'show ip route' on your routers, you can find the mask.

Quick tip:
You don't need any drugs for sleeping.  Just read some of the RFCs.  :-)

Ken

>>> "steve skinner"  12/20/01 07:07AM >>>
go on then pris..

you have wetted my appetite where is the the subnet mask kept if it isnt 
in the ip packet ?


>From: "Priscilla Oppenheimer" 
>Reply-To: "Priscilla Oppenheimer" 
>To: [EMAIL PROTECTED] 
>Subject: Re: Mask in L3 Packet [7:29182]
>Date: Fri, 14 Dec 2001 13:42:36 -0500
>
>From its own local config. The mask isn't in the IP packet, which does
>come as a surpise to some people! If this isn't what you're getting at,
>just let us know...
>
>Priscilla
>
>At 08:20 AM 12/14/01, you wrote:
> >This may sound like a dumb quesion, but if I send a packet to a different
> >host, where is the subnet mask?  Where does a host get the subnet mask 
>info
> >to do an AND operation?
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com 
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29776&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NTP Question [7:29770]

[Maccubbin, Duncan]

Can use both:

ntp 123/tcpNetwork Time Protocol
ntp 123/udpNetwork Time Protocol

-Original Message-
From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:44 AM
To: [EMAIL PROTECTED]
Subject: NTP Question [7:29770]


A friend of mine was doing a PIX installation on the edge of a W2K
environment.  He was trying to allow NTP through the PIX but it would not
go.  He found that, since he was using an inbound ACL, the packet would
eventually reach the explicit deny.  According to his research, he had to
allow port 123 (NTP) in his ACL in able to allow it through the firewall,
even though it was established.  The question that has since been
unanswered:  Does NTP use UDP or TCP or both?  Any ideas?
ccie1ab (chuck)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29775&t=29770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco RIP Off [7:29612]

[Keith Townsend]

Yep that test sucks.  I just took it a couple of times.  Researched the
questions I got wrong using resources outside of google (Lucent, general
Google stuff) to pass.  It is a very badly written exam.

Keith Townsend
MCSE, CNE, CCNA


"Dave Shine"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Has anyone taken the PBX Fundamentals course. What a
> RIP off I cant find the ansewers to many of the
> question in the E-Learning anywhere. You gotta love
> it.
>
> - Dave
>
> __
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for all of
> your unique holiday gifts! Buy at http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29773&t=29612
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ccbootcamp part 2 [7:29682]

[c1sc0k1d]

Would you mind sharing your opinion as to which labs were better... and why?

The k1d



 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Not me, I paid alot of $  And I paid for Marc's labs too, I thought
they
> were great.
>
> It ain't cheap, but what in life that's worth anything is?
>
> Mitch
> CCIE #6011
>
> -Original Message-
> From: Eric [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 19, 2001 8:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ccbootcamp part 2 [7:29682]
>
>
> Seems like this list will always have someone, like this  - Jason, where
> every six months or so they will come along and downplay the CCIE cert. or
> those that make $$$ from the CCIE cert. process. Whatever happened to that
> biggest of ranter's - Mr. PKM??? I never heard Derek Small of fatkid.com
> whine or complain about anything or anyone - HE JUST DID IT!
>
> Jason, is it, remember talking s*** and doing it are two different
> things!   JUST DO IT!!! - quietly please : )
>
> Just the other day I sold a PIX to a guy that told me he was going to
> build a CCIE Security lab and put it online for everyone to use for FREE.
> His eye's kind of glazed over when I pointed out the cost of building a
full
> lab, supplying a circuit and the monthly electrical bill for 24x7x365.
That
> was probably the least of his concerns since he claimed to be able to
write
> a 40 page lab in a single weekend and then sell it for a $1000. Although,
I
> thought he was going to cry because I wouldn't take a lousy $100 off the
> price of the PIX!!!
>
> With these type on individuals on the loose I have no worry about an
> endless supply of work for meI believe manager's call it - "Cleaning
up
> the corporate network."  : )
>
> Eric
>
> PS - How many CCIE's on this list got there cert for little or no
> cost$$$
>
> - Original Message -
> From: "Chuck Larrieu"
> To:
> Sent: Wednesday, December 19, 2001 6:30 PM
> Subject: RE: ccbootcamp part 2 [7:29682]
>
>
> > as an FYI, the fatkid labs are FREE
> >
> > www.fatkid.com
> >
> > many require just three or four routers plus frame switch. you can
always
> > use a hub or a mau instead of a switch.
> >
> > the Parkhurst BGP book has a LOT of GOOD practice using just three
> routers.
> >
> > Much of Doyle can be accomplished with just a few routers.
> >
> > Imagination and resourcefulness are also free.
> >
> > Chuck
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > c1sc0k1d
> > Sent: Wednesday, December 19, 2001 3:49 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: ccbootcamp part 2 [7:29682]
> >
> >
> > Good idea... I'll work on one also but I won't be able to get to it till
> > early next year.  I'll let you know...
> >
> > The k1d
> >
> >
> >
> > ""Jason""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Well to start of this exchange of labs maybe we should set some basic
> > > foundations:
> > > 1.  All labs should not exceed more than 6 routers.
> > > I think we all know why this should be the case.
> > > 2.  The frame cloud in every lab should not exceed four
connections.
> > >
> > > I have spoken to several people who complain about the
> > > current competition use 5 connections in the frame cloud.  Most of us
> > > only have the four port
> > >2500  at home that acts as a frame switch.
> > > 3.  Keep it up to date.
> > > How difficult is it to do a practice lab while trying not
to
> > > be distracted by some technology that is not on the test any more.
> > > 5.   Keep it original.
> > > Create your own work, don't take a lab out of Halabi's
book,
> > > add an extra router, then slap a 650 dollar price tag on it.
> > > 4.  Keep it FREE.
> > > I don't know about the rest if you, but after dropping
> > > 13,000 dollars in a lab at home, and 4,000 dollars in training,
spending
> > > an extra 650 just hurts.
> > >
> > > I think my game plan is, at least for the first few labs, to create a
> > > map in visio with some core requirements.  Then the group can suggest
> > > such things as Local Area
> > > Mobility, NAT, etc that can be incorporated in to the lab.
> > >
> > > Where can we post the labs? Can every one read visio?  Do we have to
> > > send it out in a different format?
> > >
> > > And yes Marc, the email is bogus.  I did not want to be spammed by you
> > > or your affiliates.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29772&t=29682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NTP Question [7:29770]

[Andy Leaning]

NTP uses UDP, server resides on port 123, clients on random ports > 1023.

Andy Leaning

""Mcfadden, Chuck""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A friend of mine was doing a PIX installation on the edge of a W2K
> environment.  He was trying to allow NTP through the PIX but it would not
> go.  He found that, since he was using an inbound ACL, the packet would
> eventually reach the explicit deny.  According to his research, he had to
> allow port 123 (NTP) in his ACL in able to allow it through the firewall,
> even though it was established.  The question that has since been
> unanswered:  Does NTP use UDP or TCP or both?  Any ideas?
> ccie1ab (chuck)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29771&t=29770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NTP Question [7:29770]

[Mcfadden, Chuck]

A friend of mine was doing a PIX installation on the edge of a W2K
environment.  He was trying to allow NTP through the PIX but it would not
go.  He found that, since he was using an inbound ACL, the packet would
eventually reach the explicit deny.  According to his research, he had to
allow port 123 (NTP) in his ACL in able to allow it through the firewall,
even though it was established.  The question that has since been
unanswered:  Does NTP use UDP or TCP or both?  Any ideas?
ccie1ab (chuck)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29770&t=29770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[Howard C. Berkowitz]

>On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
>}
>} (Note to all the guys on this list:  The ladies here are all petite, very
>} physically fit, and are always dressed to kill!)
>}
>} (Note to all the ladies on this list:  We know the above isn't true, but
>} since
>} most on the list don't know what we look like, why not give their
>} imaginations
>} something to work with.  Hmm... I wonder what the "virtual" me looks like
>to
>} most of them.).
>
>  There is a picture of Priscilla sitting in front of an iBook (aka
>"toilet seat" -- I *just* had to throw that in there, the devil made me
>do it :->), so it is easy to get a general idea of what she looks like.
>
>  As for you, given your comments about being perfectly happy
>swinging from the rafters in mountain climbing gear in order to install
>cabling, I suspect that you are in fairly good shape which usually
>translates into keeping fit, looking after yourself, not being
>overweight etc., which usually means that you would be fairly good
>looking (good thing my girlfriend doesn't read this list).  Beyond
>that, I have no idea how tall you are, how much you weigh, what colour
>your hair is, how long your hair is, what colour your eyes are, etc.
>Given the above, I don't have any problem believing "petite, very
>physically fit, and always dressed to kill".
>
>} PS.  Oh a way off topic we will go!  A way off topic we will go!

As a different picture, whenever I've seen Priscilla in formal 
presentations where casual wasn't appropriate, her business attire is 
straight from "dress for success."

On a different note, I can think of times that I'm not sure my 
then-female manager dressed to kill, but certainly backstabbed a lot. 
Ninja outfits would have been a clue.

I will say that at Nortel, a general rule was that any female manager 
had significant clue, where it was fairly random among male managers. 
Nortel, however, had a very relaxed dress code.

>  Yeah, but this one sure beats the flame wars.
>
>}-- End of excerpt from "Leigh Anne Chisholm"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29769&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ccbootcamp part 2 [7:29682]

[[EMAIL PROTECTED]]

Not me, I paid alot of $  And I paid for Marc's labs too, I thought they
were great.

It ain't cheap, but what in life that's worth anything is?

Mitch
CCIE #6011

-Original Message-
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 8:39 PM
To: [EMAIL PROTECTED]
Subject: Re: ccbootcamp part 2 [7:29682]


Seems like this list will always have someone, like this  - Jason, where
every six months or so they will come along and downplay the CCIE cert. or
those that make $$$ from the CCIE cert. process. Whatever happened to that
biggest of ranter's - Mr. PKM??? I never heard Derek Small of fatkid.com
whine or complain about anything or anyone - HE JUST DID IT!

Jason, is it, remember talking s*** and doing it are two different
things!   JUST DO IT!!! - quietly please : )

Just the other day I sold a PIX to a guy that told me he was going to
build a CCIE Security lab and put it online for everyone to use for FREE.
His eye's kind of glazed over when I pointed out the cost of building a full
lab, supplying a circuit and the monthly electrical bill for 24x7x365. That
was probably the least of his concerns since he claimed to be able to write
a 40 page lab in a single weekend and then sell it for a $1000. Although, I
thought he was going to cry because I wouldn't take a lousy $100 off the
price of the PIX!!!

With these type on individuals on the loose I have no worry about an
endless supply of work for meI believe manager's call it - "Cleaning up
the corporate network."  : )

Eric

PS - How many CCIE's on this list got there cert for little or no
cost$$$

- Original Message -
From: "Chuck Larrieu" 
To: 
Sent: Wednesday, December 19, 2001 6:30 PM
Subject: RE: ccbootcamp part 2 [7:29682]


> as an FYI, the fatkid labs are FREE
>
> www.fatkid.com
>
> many require just three or four routers plus frame switch. you can always
> use a hub or a mau instead of a switch.
>
> the Parkhurst BGP book has a LOT of GOOD practice using just three
routers.
>
> Much of Doyle can be accomplished with just a few routers.
>
> Imagination and resourcefulness are also free.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> c1sc0k1d
> Sent: Wednesday, December 19, 2001 3:49 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ccbootcamp part 2 [7:29682]
>
>
> Good idea... I'll work on one also but I won't be able to get to it till
> early next year.  I'll let you know...
>
> The k1d
>
>
>
> ""Jason""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Well to start of this exchange of labs maybe we should set some basic
> > foundations:
> > 1.  All labs should not exceed more than 6 routers.
> > I think we all know why this should be the case.
> > 2.  The frame cloud in every lab should not exceed four connections.
> >
> > I have spoken to several people who complain about the
> > current competition use 5 connections in the frame cloud.  Most of us
> > only have the four port
> >2500  at home that acts as a frame switch.
> > 3.  Keep it up to date.
> > How difficult is it to do a practice lab while trying not to
> > be distracted by some technology that is not on the test any more.
> > 5.   Keep it original.
> > Create your own work, don't take a lab out of Halabi's book,
> > add an extra router, then slap a 650 dollar price tag on it.
> > 4.  Keep it FREE.
> > I don't know about the rest if you, but after dropping
> > 13,000 dollars in a lab at home, and 4,000 dollars in training, spending
> > an extra 650 just hurts.
> >
> > I think my game plan is, at least for the first few labs, to create a
> > map in visio with some core requirements.  Then the group can suggest
> > such things as Local Area
> > Mobility, NAT, etc that can be incorporated in to the lab.
> >
> > Where can we post the labs? Can every one read visio?  Do we have to
> > send it out in a different format?
> >
> > And yes Marc, the email is bogus.  I did not want to be spammed by you
> > or your affiliates.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29767&t=29682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Buying IOS Software [7:29761]

[c1sc0k1d]

AFAIK, there is no such thing as buying used IOS software.  I don't think
there is any provision for selling or otherwise transferring the software in
the license agreement.  Even if you buy a used router with the IOS on it,
you are responsible for obtaining the appropriate "new" IOS license.

The k1d



""Jonathan Kephart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Greetings,
>I am looking at putting together a lab in order to study for the CCIE,
> and I have encountered a problem.   I figure that I need to have a 12.1.X
> version of code, Enterprise Plus edition.  According to the IOS Feature
Tool
> on CCO that is the feature pack that has BGP, IS-IS and other various
things
> I will need to study for the CCIE.  My problem is, where can I buy this SW
> used?  I have checked several places on-line, and they all say they don't
> have it and I should buy from Cisco direct - at a cost of $2500 - 4000.
Can
> anyone point to some place where I could buy a leagl used copy?
>
> I am looking for code to run the 4000, and the 25XX's.
>
> Thanks,
>   -Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29765&t=29761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[[EMAIL PROTECTED] (John Nemeth)]

On May 12,  3:21am, "[EMAIL PROTECTED] (John Nemeth)" wrote:
} On May 10,  7:53pm, "Leigh Anne Chisholm" wrote:
} } 
} } (Note to all the guys on this list:  The ladies here are all petite, very
} } physically fit, and are always dressed to kill!)
} } 
} } (Note to all the ladies on this list:  We know the above isn't true, but
} } since
} } most on the list don't know what we look like, why not give their
} } imaginations
} } something to work with.  Hmm... I wonder what the "virtual" me looks like
} to
} } most of them.).
} 
}  There is a picture of Priscilla sitting in front of an iBook (aka
} "toilet seat" -- I *just* had to throw that in there, the devil made me
} do it :->), so it is easy to get a general idea of what she looks like.

 Oops, bad editing...  it should say "on her website, "

}-- End of excerpt from "[EMAIL PROTECTED] (John Nemeth)"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29766&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]