RE: I changed my config reg to 0x2C02 yikes !!! [7:34679]

[Andrew Larkins]

Secure CRT has this - very good!!

See www.vandyke.com

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: 07 February 2002 04:08 AM
To: [EMAIL PROTECTED]
Subject: RE: I changed my config reg to 0x2C02 yikes !!! [7:34679]


Time to look for another terminal program. Check out the archives for
teraterm.

> -Original Message-
> From: Phil Barker [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 06, 2002 7:30 PM
> To: [EMAIL PROTECTED]
> Subject: RE: I changed my config reg to 0x2C02 yikes !!! [7:34679]
> 
> 
> Oh Gawd !!!
> 
> I don't like the look of this.
> 
> HyperT is a drop down menu and 4800 isn't on the list.
> Can I get this bit rate into hyperT somehow ?
> 
> Phil. 
> 
> --- Daniel Cotts  wrote: >
> bit 12 = 0, bit 11 = 1 so 4800
> > Watch the wrap. See:
> >
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix
> /cis2000/c2000
> > qs/22812.htm
> > 
> > > -Original Message-
> > > From: Phil Barker
> > [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, February 06, 2002 3:31 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: I changed my config reg to 0x2C02 yikes
> > !!! [7:34679]
> > > 
> > > 
> > > Hi group,
> > > I've changed my config register to 0x2C02 from
> > the
> > > default 0x2102.
> > > 
> > > I was only meaning to change the console speed but
> > > inadvertantly change the broadcast to all 0's (I'm
> > not
> > > worried about the latter).
> > > 
> > > So I have a bit setting for the speed of 01
> > whereas it
> > > used to be 00 or 9600 bps. What speed does 01
> > > represent. Is it 19200 bps ?
> > > 
> > > I was trying higher values earlier in hyperT but I
> > > don't have access to the router until tomorrow.
> > > 
> > > Regs,
> > > 
> > > Phil.
> > > 
> > > __
> > > Do You Yahoo!?
> > > Everything you'll ever need on one web page
> > > from News and Sport to Email and Music Charts
> > > http://uk.my.yahoo.com
> > [EMAIL PROTECTED]
> > >  
> 
> __
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34737&t=34679
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Stud areas [7:34375]

[Chee Kin]

Cisco Press, Building Scalable Cisco Networks, page 182,

- Totally stubby area - This is an area ..  Totally stubby areas are
Cisco propriety.

cheekin

- Original Message -
From: "nrf" 
To: 
Sent: Thursday, February 07, 2002 3:35 PM
Subject: Re: OSPF Stud areas [7:34375]


> I don't know where the hell this myth got started that only Cisco can do
> totally-stubby areas.  Must be one of those stupid study guides out there.
> In actual fact, most vendors now offer totally-stubby areas.
>
>
>
> ""s vermill""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > All routers must agree on stub status.  But a standard stub area only
> > filters external routes.  All other inter-area routes still make it in.
I
> > believe that totally stubby areas are a Cisco proprietary
implementation.
> > However, only the ABR attaching to area 0 needs the 'area stub
no-summary'
> > command.  All others just need the 'area stub' command.  So you might
get
> > away with a totally stubby area even though you aren't purely Cisco.
> > Incidentally, I have no idea who is implementing those "stud areas" but
it
> > sure sounds interesting.
> >
> > Debbie Westall wrote:
> > >
> > > Greetings,
> > >
> > > I have the following scenario:
> > >
> > > area 0 (backbone)
> > >   |
> > >   |
> > >   |
> > > area 20 (stub network) (these are RiverStone MLSs)
> > >   |
> > >   |
> > >   uBR routers (static routing)
> > >
> > > I would like to set up OSPF between the Riverstones and the
> > > Cisco uBRs. We thought to set up the uBRs as stub networks
> > > also, but we are seeing the full OSPF routing table on the uBRs
> > > (which are already running high utilization). We would only
> > > like to see the default route on the uBRs. So would we need to
> > > set these up as NSSA or Totally stubby? Or should we create a
> > > "new" area and make that a stub of the existing area 20? We
> > > have experimented with filtering and we are able to filter out
> > > everything but the default, but I don't think we should have to
> > > do that either.
> > >
> > > Right now our lab equipment is in the process of being moved to
> > > our new building so I can't program this up right now to test.
> > >
> > > Thanks for the assist!!!
> > >
> > > Debbie Westall




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34738&t=34375
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why can't copy flash from TFTP? [7:34603]

[Sharon Kantan]

Hi..Gaz and dear all.. I had read the document but I was confused by a 
statement shown as below. The file that I download is the binary. *.bin and 
the TFTP server is NT.  tftp://IP/ seems like a UNIX format.  What should 
the format of the command for the winNT. Mine is not a tar file.


Step 15 Use the tar command to copy the combined .tar file to the switch. DO 
NOT copy the HTML .tar file in this procedure as the  .tar file combines 
both the image and the HTML files into a single compressed file.

Switch#tar /x tftp://server_ip_address//path/filename.tar flash:
Loading /path/filename.tar from server_ip_address (via VLAN1):!)
extracting info (111 bytes)
extracting filename.bin (1557286 bytes)
html/ (directory)
extracting html/Detective.html.gz (1139 bytes)!
extracting html/ieGraph.html.gz (553 bytes)
extracting html/DrawGraph.html.gz (787 bytes)!
. . .(output Suppressed)




Besides,  I found when I type sh flash on my switch there is no output.  
Why?  What is the difference between sh flash and dir flash:

Cat29-L8-7#sh flash
   ^
% Invalid input detected at '^' marker.

Cat29-L8-7#dir flash:
Directory of flash:

  2  -rwx 1077215   Mar 01 1993 00:02:14  c2900XL-hs-mz-112.8-SA5.bin
  3  -rwx   81898   Nov 24 1998 05:03:59  c2900XL-diag-mz-112.8-SA4
  4  drwx   11072   Mar 01 1993 00:11:10  html
178  -rwx1859   May 23 1993 03:00:22  config.text
177  -rwx 270   Jan 01 1970 00:03:16  env_vars

3612672 bytes total (2010624 bytes free)



>From: "Gaz" 
>Reply-To: "Gaz" 
>To: [EMAIL PROTECTED]
>Subject: Re: why can't copy flash from TFTP? [7:34603]
>Date: Wed, 6 Feb 2002 07:54:01 -0500
>
>Sharon,
>
>Have a look at the following URL:
>
>http://www.cisco.com/warp/public/473/36.shtml#CommonTftp
>
>Cheers,
>
>Gaz
>
>
>""Sharon Kantan""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi..  I tried to upgrade my switch IOS?  But it seems fail. Please tell 
>me
> > why?  Config attached.
> >
> > Cat29-L8-2#copy tftp flash
> > copy to or from flash not implemented
> >
> > Cat29-L8-2#sh run
> > Building configuration...
> >
> > Current configuration:
> > !
> > version 11.2
> > no service pad
> > no service udp-small-servers
> > no service tcp-small-servers
> > !
> > hostname Cat29-L8-2
> > !
> > enable secret XX
> > !
> > !
> > !
> > interface VLAN1
> > ip address 50.100.165.241 255.255.254.0
> > no ip route-cache
> > !
> > interface FastEthernet0/1
> > duplex full
> > !
> > interface FastEthernet0/2
> > duplex full
> > spanning-tree vlan 1 cost 50
> > !
> > interface FastEthernet0/3
> > spanning-tree portfast
> > !
> > interface FastEthernet0/4
> > spanning-tree portfast
> > !
> > interface FastEthernet0/5
> > spanning-tree portfast
> > !
> > interface FastEthernet0/6
> > spanning-tree portfast
> > !
> > interface FastEthernet0/7
> > spanning-tree portfast
> > !
> > interface FastEthernet0/8
> > spanning-tree portfast
> > !
> > interface FastEthernet0/9
> > spanning-tree portfast
> > !
> > interface FastEthernet0/10
> > speed 100
> > duplex full
> > spanning-tree portfast
> > !
> > interface FastEthernet0/11
> > spanning-tree portfast
> > !
> > interface FastEthernet0/12
> > spanning-tree portfast
> > !
> > interface FastEthernet0/13
> > spanning-tree portfast
> > !
> > interface FastEthernet0/14
> > spanning-tree portfast
> > !
> > interface FastEthernet0/15
> > description Boss's port
> > speed 100
> > duplex full
> > spanning-tree portfast
> > !
> > interface FastEthernet0/16
> > spanning-tree portfast
> > !
> > interface FastEthernet0/17
> > spanning-tree portfast
> > !
> > interface FastEthernet0/18
> > speed 100
> > duplex full
> > spanning-tree portfast
> > !
> > interface FastEthernet0/19
> > duplex full
> > spanning-tree portfast
> > !
> > interface FastEthernet0/20
> > spanning-tree portfast
> > !
> > interface FastEthernet0/21
> > spanning-tree portfast
> > !
> > interface FastEthernet0/22
> > spanning-tree portfast
> > !
> > interface FastEthernet0/23
> > spanning-tree portfast
> > !
> > interface FastEthernet0/24
> > spanning-tree portfast
> > !
> > logging trap debugging
> > logging facility local1
> > logging 50.100.167.22
> > snmp-server community public RO
> > snmp-server chassis-id 0x10
> > !
> > line con 0
> > stopbits 1
> > line vty 0 4
> > password tommy77
> > login
> > !
> > end
> >
> > Cat29-L8-2#
> >
> > _
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34739&t=34603
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosur

RE: I changed my config reg to 0x2C02 yikes !!! [7:34679]

[Phil Barker]

Thanks for saving my blushes folks.

Phil. 

--- Andrew Larkins 
wrote: > Secure CRT has this - very good!!
> 
> See www.vandyke.com
> 
> -Original Message-
> From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
> Sent: 07 February 2002 04:08 AM
> To: [EMAIL PROTECTED]
> Subject: RE: I changed my config reg to 0x2C02 yikes
> !!! [7:34679]
> 
> 
> Time to look for another terminal program. Check out
> the archives for
> teraterm.
> 
> > -Original Message-
> > From: Phil Barker
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 06, 2002 7:30 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: I changed my config reg to 0x2C02
> yikes !!! [7:34679]
> > 
> > 
> > Oh Gawd !!!
> > 
> > I don't like the look of this.
> > 
> > HyperT is a drop down menu and 4800 isn't on the
> list.
> > Can I get this bit rate into hyperT somehow ?
> > 
> > Phil. 
> > 
> > --- Daniel Cotts  wrote: >
> > bit 12 = 0, bit 11 = 1 so 4800
> > > Watch the wrap. See:
> > >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix
> > /cis2000/c2000
> > > qs/22812.htm
> > > 
> > > > -Original Message-
> > > > From: Phil Barker
> > > [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 06, 2002 3:31 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: I changed my config reg to 0x2C02
> yikes
> > > !!! [7:34679]
> > > > 
> > > > 
> > > > Hi group,
> > > > I've changed my config register to 0x2C02
> from
> > > the
> > > > default 0x2102.
> > > > 
> > > > I was only meaning to change the console speed
> but
> > > > inadvertantly change the broadcast to all 0's
> (I'm
> > > not
> > > > worried about the latter).
> > > > 
> > > > So I have a bit setting for the speed of 01
> > > whereas it
> > > > used to be 00 or 9600 bps. What speed does 01
> > > > represent. Is it 19200 bps ?
> > > > 
> > > > I was trying higher values earlier in hyperT
> but I
> > > > don't have access to the router until
> tomorrow.
> > > > 
> > > > Regs,
> > > > 
> > > > Phil.
> > > > 
> > > >
> __
> > > > Do You Yahoo!?
> > > > Everything you'll ever need on one web page
> > > > from News and Sport to Email and Music Charts
> > > > http://uk.my.yahoo.com
> > > [EMAIL PROTECTED]
> > > >  
> > 
> > __
> > Do You Yahoo!?
> > Everything you'll ever need on one web page
> > from News and Sport to Email and Music Charts
> > http://uk.my.yahoo.com
[EMAIL PROTECTED] 

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34740&t=34679
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

p-t-p serial w/ diff subnet address al points [7:34741]

[Constantin Tivig]

Here are 2 routers linked by a point to point hdlc serial line.

We have 10.1.1.1/8 at routerA and 192.168.1.1/24 at routerB. 

Seems it works. Why ?

The same story w/ different subnet address assigned to the edges of a tunnel
(by specifying ip unnumbered from Fa )

Constantin Tivig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34741&t=34741
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPSec tunnels [7:34742]

[Patrick Donlon]

Hi All

I'm looking for some information on how to verify the configuration of a PIX
with an IPsec tunnel to a VPN concentrator. I have a tunnel that keeps
bouncing, I think that instabilities across the internet could be causing
some of the problems as I see the path changing quite a lot from the
Netherlands to Dubai. I can't find the command(s), or understand the ones
I've used, which tells me whether the tunnel is up on the PIX, I can see
from the concentrator that it's down but I want to know about the PIX too.
Any other advise is appreciated

Cheers

Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34742&t=34742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Online Payment [7:34743]

[Hussnain Ali Akbar]

Hi group,

Need some help to find some open forum research material about the 
E-Commerce and Online Payment and transactions.How to make this happen 
securly and what are the certain securities measures to be considered and 
deployed.
I tried to find something in this regard but in vain.All the information I 
found is solution specific from certain vendors like Verisign etc but not 
some particular standards to which the IT merchandizers and solution 
providers agreed upon.

Any help..

Sincerely,

Da' Mo' Man'






_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34743&t=34743
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: p-t-p serial w/ diff subnet address al points [7:34741]

[Gaz]

I'll have a stab.

If you're using routes to the interface (which I guess you must be) rather
than the next hop

(IP ROUTE 10.0.0.0 255.0.0.0 Serial 0)

then I would imagine that the router is not too bothered about the next hop
address, it just shoves the data on the line and the other end will pick it
up. Same both ways, because it's just a point to point link.

Can you get it to actually ping the opposite serial interface? Can't decide
in my head if that should work. I take it if you can, there must be routes
as above?

Haven't got any routers with me to play with.


Gaz

""Constantin Tivig""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Here are 2 routers linked by a point to point hdlc serial line.
>
> We have 10.1.1.1/8 at routerA and 192.168.1.1/24 at routerB.
>
> Seems it works. Why ?
>
> The same story w/ different subnet address assigned to the edges of a
tunnel
> (by specifying ip unnumbered from Fa )
>
> Constantin Tivig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34744&t=34741
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Difference in Distribute-list and Route-map in BGP. [7:34745]

[Rajesh Kumar]

Hi all,

When I  was going thru the topics in BGP - distribute-list and
route-map, I was trying to find out the differences between the two and
where each of these commands would really be useful.

The following is the only difference that I could think of.

=
Distribute-lists can be used to filter incoming/outgoing route updates.

Route-maps can be used to filter incoming/outgoing route updates and
also modify BGP attributes.

==


 I would like to hear your suggestions, if I am missing anything beyond
that.



Thanks
Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34745&t=34745
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Layer 3 configuration from CAT4000 CWI [7:34736]

[Georg Pauwen]

Hi,

I am not sure if it works through the Catalyst CWI, but if you configure the
layer 3 module/SUPIII with the IP HTTP SERVER command, you should be able to
connect to it through a web interface.

Regards,

Georg


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34746&t=34736
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Wierdest ever!! [7:34747]

[Charles Lomotey]

Hi,
I have a 3620 which keeps inicating an IP address conflict. When I add a
secondary interface, the same MAC address attaches itself to that IP also
and says a conflict!

Any ideas??, the errors are pasted below

Duplicate address 172.16.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347602
entry number 15 : IP-4-DUPADDR
Duplicate address 172.16.1.254 on FastEthernet0/1, sourced by
0008.0050.8db2

timestamp: 347605
entry number 16 : IP-4-DUPADDR
Duplicate address 172.22.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347609
entry number 17 : IP-4-DUPADDR
Duplicate address 172.23.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347611

Charles






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34747&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wierdest ever!! [7:34747]

[Steve Smith]

I've seen this with some Cat switches before, it was an IOS bug.

-Original Message-
From: Charles Lomotey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 8:32 AM
To: [EMAIL PROTECTED]
Subject: Wierdest ever!! [7:34747]


Hi,
I have a 3620 which keeps inicating an IP address conflict. When I add a
secondary interface, the same MAC address attaches itself to that IP
also
and says a conflict!

Any ideas??, the errors are pasted below

Duplicate address 172.16.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347602
entry number 15 : IP-4-DUPADDR
Duplicate address 172.16.1.254 on FastEthernet0/1, sourced by
0008.0050.8db2

timestamp: 347605
entry number 16 : IP-4-DUPADDR
Duplicate address 172.22.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347609
entry number 17 : IP-4-DUPADDR
Duplicate address 172.23.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347611

Charles






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34748&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec tunnels [7:34742]

[Roberts, Larry]

On the concentrator I would go into Monitoring-Filterable Event Log and
change the address to be the remote IP address. See if it gathers any
errors.

On the PIX, there are several commands.
1) Show Crypto Engine. This command will show you if it thinks a tunnel is
up.
2) Show crypto ipsec sa. Show the SA that has been negotiated with the VPN
concentrator
3) Show crypto isakmp policy. Make sure that both devices agree on the
isakmp policy completely. 
4) Debug Crypto isakmp. Make sure you have logging debug enabled! Also, if
this is a very active PIX, you will need to redirect this to a syslog server
and then parse that file.
5) debug crypto ipsec sa ( verify on your PIX ). Same as above on logging.

I found a very good book that will go over what it is your doing and some
common mistakes.
Its brand new ( 2002 ). Cisco Secure Virtual Private Networks.
I am in no way affiliated with the author or Cisco Press, I just found it an
excellent book for those wanting to really understand IPSec.


Thanks

Larry Roberts CCNP
Expanets
5758 W. 74th St.
Indianapolis IN 46278
317.870.2550 Office
317.402.9730 Cell
317.876-6518 Fax 

 

-Original Message-
From: Patrick Donlon [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 7:50 AM
To: [EMAIL PROTECTED]
Subject: IPSec tunnels [7:34742]


Hi All

I'm looking for some information on how to verify the configuration of a PIX
with an IPsec tunnel to a VPN concentrator. I have a tunnel that keeps
bouncing, I think that instabilities across the internet could be causing
some of the problems as I see the path changing quite a lot from the
Netherlands to Dubai. I can't find the command(s), or understand the ones
I've used, which tells me whether the tunnel is up on the PIX, I can see
from the concentrator that it's down but I want to know about the PIX too.
Any other advise is appreciated

Cheers

Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34749&t=34742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT vs ACL [7:34728]

[Kent Hundley]

It's not a question of either/or, NAT and ACL's will work perfectly fine
together.  Strictly speaking, NAT is not a security feature, although it
does have some security related properties depending on how its implemented.
For example, many NAT implementations will not allow inbound initiated
connections to NATed IP addresses. (don't know if Cisco NAT has this
property or not)  Also, if you use PAT (also called NAT overload and
Masquerading), inbound connections to the PAT address to non-mapped ports
will be dropped, offering some level of protection to internal hosts.

However, NAT is not a replacement for ACL's and some applications don't play
well with NAT.  If you have a registered address space, you don't _need_ NAT
but your certainly need ACL's to protect yourself.  If you properly use
ACL's, it's likely that NAT isn't going to buy you much, if any, additional
security.  If you don't have registered address space, you will need to use
NAT, and you definitely should use ACL's as well.

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 8:43 PM
To: [EMAIL PROTECTED]
Subject: NAT vs ACL [7:34728]


If my Cisco router needs to connect to the internet, what should I
enable/use by default? NAT or Access List?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34750&t=34728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Average afterwork time Tech learning commitment? [7:34634]

[steve skinner]

i have a 2 hr commute (each way)

i get in at 10 and leave at 6i study on the train with my headphones 
on.

i Make sure i dont do to much .i have found that you can easily overkill 
on whatever you do

and i ALWAYS feel i never know enough...

5 nites a week i study martial arts.(seems to be the standard with it 
people) i work to live i dont live to work.

but each to there own hey




>From: "rtc9" 
>Reply-To: "rtc9" 
>To: [EMAIL PROTECTED]
>Subject: Average afterwork time Tech learning commitment? [7:34634]
>Date: Wed, 6 Feb 2002 11:10:22 -0500
>
>I have a three hour commute, a full+ part time job, and I'm wondering, what
>is the average hours people put in to thier job after hours? Some I think 
>do
>nothing. Others eat drink sleep and live the stuff. I know work is
>important.but
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34751&t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exam 640-900 and the CID exam [7:34752]

[Mears, Rob]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
bitch!. If any one has any qiestion, I will take them off line, just email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34752&t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Exam 640-900 and the CID exam [7:34753]

[Mears, Rob]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
bitch!. If any one has any question, I will take them off line, just email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34753&t=34753
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3DES [7:34754]

[Brian Zeitz]

I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34754&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT vs ACL [7:34728]

[Evans, TJ]

The NSA put together a "60 minute guide to securing your network"; which has
an excellent breakdown of what ports you will want to block inbound and
outbound,  It also breaks them up into "should never be open", "may be open
if needed", etc. type of categories.

The question I have is - What is going behind this router?  Do you have /
will you have a firewall as well ?  If not, please consider the security
implications of
this - you would want to pay special attention to *every* machine to harden
it and ensure that you also perform rudimentary patch=management .


For thoroughness - the short answer to the original question is "both". :)



Thanks!
TJ

 -Original Message-
From:   Kent Hundley [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, February 07, 2002 10:18 AM
To: [EMAIL PROTECTED]
Subject:RE: NAT vs ACL [7:34728]

It's not a question of either/or, NAT and ACL's will work perfectly fine
together.  Strictly speaking, NAT is not a security feature, although it
does have some security related properties depending on how its implemented.
For example, many NAT implementations will not allow inbound initiated
connections to NATed IP addresses. (don't know if Cisco NAT has this
property or not)  Also, if you use PAT (also called NAT overload and
Masquerading), inbound connections to the PAT address to non-mapped ports
will be dropped, offering some level of protection to internal hosts.

However, NAT is not a replacement for ACL's and some applications don't play
well with NAT.  If you have a registered address space, you don't _need_ NAT
but your certainly need ACL's to protect yourself.  If you properly use
ACL's, it's likely that NAT isn't going to buy you much, if any, additional
security.  If you don't have registered address space, you will need to use
NAT, and you definitely should use ACL's as well.

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 8:43 PM
To: [EMAIL PROTECTED]
Subject: NAT vs ACL [7:34728]


If my Cisco router needs to connect to the internet, what should I
enable/use by default? NAT or Access List?
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34755&t=34728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3DES [7:34756]

[Brian Zeitz]

I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34756&t=34756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3DES [7:34754]

[Patrick Ramsey]

ya know... I'm not trying to shoot pix down...but for the small office..I
would not even go that routeGo netscreen they can do NAT,
transparent bridging, and normal firewalling and they are not expensive. 
(and a snap to set up)  Not to mention that they support site to site or
site to user vpns out of the box practically...(extremely easy to set up!)

$.02

-Patrick

for what it's worth we use border manager, severeal netscreens and two pix
535's in failover..  ;)

>>> "Brian Zeitz"  02/07/02 10:38AM >>>
I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34757&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question [7:34630]

[brian]

kevin,

my bad.  I got that all messed up!  I didn't know if 6.2 came out yet, but I
am
interested in it only using the 100tx is that what the ldss is?

thanks for clearing up my mess,

ipguru

BASSOLE Rock wrote:

> Hi group,
>
> I want to know what is Long Distance State Sharing (LDSS) and for what
> reason it's supported by the stateful failover?
> Also why the PIX does not transfer HTTP (port 80) session in stateful
> failover?
>
> Thank you.
>
> Rock .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34758&t=34630
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3DES [7:34754]

[Brian Zeitz]

Netscreen wont help me with the Pix exam, or the cisco VPN exam or the
CCNP exams :) I like using Cisco stuff cause it's a standard, you can
find information on there site (and groups like this, thanks) when
things go bad. I am not big on any 3rd party stuff, because when you go
to an interview, its more likely they will have Cisco then any other
product for real networking :) Anyway, thanks for the suggestion, but I
don't think that will fly by the CTO.

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 11:03 AM
To: [EMAIL PROTECTED]; Brian Zeitz
Subject: Re: 3DES [7:34754]

ya know... I'm not trying to shoot pix down...but for the small
office..I would not even go that routeGo netscreen they can do
NAT, transparent bridging, and normal firewalling and they are not
expensive.  (and a snap to set up)  Not to mention that they support
site to site or site to user vpns out of the box
practically...(extremely easy to set up!)

$.02

-Patrick

for what it's worth we use border manager, severeal netscreens and two
pix 535's in failover..  ;)

>>> "Brian Zeitz"  02/07/02 10:38AM >>>
I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential
and /or proprietary information in the possession of WellStar Health
System, Inc. ("WellStar") and is intended only for the individual or
entity to whom addressed.  This email may contain information that is
held to be privileged, confidential and exempt from disclosure under
applicable law. If the reader of this message is not the intended
recipient, you are hereby notified that any unauthorized access,
dissemination, distribution or copying of any information from this
email is strictly prohibited, and may subject you to criminal and/or
civil liability. If you have received this email in error, please notify
the sender by reply email and then delete this email and its attachments
from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34760&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3DES [7:34754]

[Kevin Douglas]

Hi,

Cisco offering includes two additionnal models that are smaller than the 
515.  The 506 and 501.  One big difference between you 2611 running 3DES 
versus a PIX is speed.  With the PIX will get better performance with 3DES.

The 501 is $595 for 10 users and $1195 for 50 users.  It can do 10Mbps 
in cleartext (limited by 10BaseT HDX card) and 3Mbps with 3DES.  And can 
support up to 5 VPN peers.  Also, it comes with 4 port Ethernet switch.

The 506 is at $1950.  20Mbps cleartext (limited by 10BaseT FDX card) and 
  10Mbps w/ 3DES.  25 VPN peers.

Kevin

Brian Zeitz wrote:

> I have been looking at routers/firewalls. I am thinking of going with
> the 2611 with a ADSL card, I also want to get a 515. Our office is not
> that big yet, but I want to plan for the future. I see that the Pix 515R
> only does DES, but doesn't do 3DES. But when I buy the router, I can get
> it with 3DES. I am just kinda confused, where is the best place to use
> 3DES, on the firewall, or on the router? Or it doesn't matter. The way I
> see it, if I wanted to do 3DES on the firewall with the 515, I would
> have to buy the 515UR, which is about 10K. I don't really need the
> thoughput for 100,000 users just yet though. Any suggestions on this?
> 
> 
> 
> Thanks in advance...
> 
> 
> 
> Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34761&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Steven A. Ridder]

Just so I make sure I'm not lost, a bit-sync. protocol is one that has
predefined fields that signify SOF/delimiters/protocol type (like Ethernet)
and a bi-sync. protocol does not?  It just sends characters, and after a
predetermined number of bytes have been sent receives an ack of some sort
(L2).  Do bi-synch protocols have fields?

If a L2 protocols sends acks, does that make it a bi-synch protocol?

So, wouldn't PPP still be a bit-sync. protocol because of the fields it does
have fields (address, control, etc,.)?  Or am I confused.

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 06:53 PM 2/6/02, s vermill wrote:
>
> >I wonder if you, and others, would comment on ppp as a character-oriented
> >protocol.  I did a search on the internet and found some university
teaching
> >papers that characterize synchronous ppp as character-oriented while at
the
> >same time acknowleging the fact that it is based on the bit-synchronous
HDLC
> >frame format.  I guess the LCP is the culprit?
>
> PPP has many components, including framing (encapsulation), LCP, and NCP.
> It's best to consider the components separately. The short answer to your
> question, though, is that all the components are character-oriented
> (byte-oriented). In other words, they identify their operations with
entire
> bytes, rather than using bits within bytes. And here's the long answer:
>
> PPP encapsulation is based on HDLC framing, except that PPP adds two bytes
> for a Protocol field. The Protocol field is not a bit-oriented field. The
> two bytes are taken together to mean IP, AppleTalk, DECnet, etc.
>
> Also, the other fields in the PPP header, even though based on HDLC, are
> also not really bit-oriented because PPP doesn't do much compared to other
> HDLC derivatives. (sort of like Cisco's HDLC which also doesn't do much)
>
> Take the Control field, for example. In PPP, it's always a single byte
that
> contains the binary sequence 0011, which calls for transmission of
user
> data in an unsequenced frame.
>
> Other HDLC-based protocols allow for a few different binary values for
this
> field and, in fact, the field can be two bytes. These protocols can send
> Supervisory, Information (with sequence numbers), and Unnumbered Frames.
> They offer reliability and are bit-oriented. LLC2 is an example. Other
> examples are LAPB and LAPD.
>
> PPP acts like LLC1 and doesn't really do much and doesn't really need to
be
> bit-oriented, (with the exception that PPP devices have to know the one
> valid binary value of the Control field.)
>
> Now, as far as LCP is concerned It's in the control plane. It's pretty
> complex, but you could learn more about it by turning on debug ppp or
> reading RFC 1548.
>
> Per RFC 1548, "The LCP is used to automatically agree upon the
> encapsulation format options, handle varying limits on sizes of packets,
> authenticate the identity of its peer on the link, determine when a link
is
> functioning properly and when it is defunct, detect a looped-back link and
> other common misconfiguration errors, and terminate the link."
>
> Despite the complexity, the frame format for LCP appears to be simple and
> character-oriented. Here's probably way more than you ever wanted to know:
>
> The Code field is one octet and identifies the kind of LCP packet. This
> specification concerns the following values:
>
>  1   Configure-Request
>  2   Configure-Ack
>  3   Configure-Nak
>  4   Configure-Reject
>  5   Terminate-Request
>  6   Terminate-Ack
>  7   Code-Reject
>  8   Protocol-Reject
>  9   Echo-Request
>  10  Echo-Reply
>  11  Discard-Request
>
> Identifier
>
> The Identifier field is one octet and aids in matching requests and
> replies. When a packet is received with an invalid Identifier field, the
> packet is silently discarded.
>
> Length
>
> The Length field is two octets and indicates the length of the LCP packet
> including the Code, Identifier, Length and Data fields. Octets outside the
> range of the Length field are treated as padding and are ignored on
> reception. When a packet is received with an invalid Length field, the
> packet is silently discarded.
>
> Data
>
> The Data field is zero or more octets as indicated by the Length field.
The
> format of the Data field is determined by the Code field.
>
>
>
> And we haven't even gotten to the other major component of PPP, the NCP
> part. ;-)
>
> Priscilla
>
>
>
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34762&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3DES [7:34756]

[Daniel Cotts]

My opinion is that nobody is going to try to intercept and decrypt your
traffic unless you deal in very large amounts of money. DES will keep the
curious at bay. It is less processor intensive.

> -Original Message-
> From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 07, 2002 9:46 AM
> To: [EMAIL PROTECTED]
> Subject: 3DES [7:34756]
> 
> 
> I have been looking at routers/firewalls. I am thinking of going with
> the 2611 with a ADSL card, I also want to get a 515. Our office is not
> that big yet, but I want to plan for the future. I see that 
> the Pix 515R
> only does DES, but doesn't do 3DES. But when I buy the 
> router, I can get
> it with 3DES. I am just kinda confused, where is the best place to use
> 3DES, on the firewall, or on the router? Or it doesn't 
> matter. The way I
> see it, if I wanted to do 3DES on the firewall with the 515, I would
> have to buy the 515UR, which is about 10K. I don't really need the
> thoughput for 100,000 users just yet though. Any suggestions on this?
> 
> 
> 
> Thanks in advance...
> 
> 
> 
> Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34763&t=34756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3DES [7:34756]

[Joel Satterley]

Here, here, as long as you re-key every so often, who's going to bother ??


""Daniel Cotts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> My opinion is that nobody is going to try to intercept and decrypt your
> traffic unless you deal in very large amounts of money. DES will keep the
> curious at bay. It is less processor intensive.
>
> > -Original Message-
> > From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 07, 2002 9:46 AM
> > To: [EMAIL PROTECTED]
> > Subject: 3DES [7:34756]
> >
> >
> > I have been looking at routers/firewalls. I am thinking of going with
> > the 2611 with a ADSL card, I also want to get a 515. Our office is not
> > that big yet, but I want to plan for the future. I see that
> > the Pix 515R
> > only does DES, but doesn't do 3DES. But when I buy the
> > router, I can get
> > it with 3DES. I am just kinda confused, where is the best place to use
> > 3DES, on the firewall, or on the router? Or it doesn't
> > matter. The way I
> > see it, if I wanted to do 3DES on the firewall with the 515, I would
> > have to buy the 515UR, which is about 10K. I don't really need the
> > thoughput for 100,000 users just yet though. Any suggestions on this?
> >
> >
> >
> > Thanks in advance...
> >
> >
> >
> > Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34765&t=34756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wierdest ever!! [7:34747]

[Gaz]

That MAC address seems to be for MULTITECH SYSTEMS as far as I can see.
I'm guessing totally at what could be causing it:

Something doing proxy ARP replies because it thinks it can get to the
address.

Dunno to be honest.  Interesting one.


Gaz


""Charles Lomotey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I have a 3620 which keeps inicating an IP address conflict. When I add a
> secondary interface, the same MAC address attaches itself to that IP also
> and says a conflict!
>
> Any ideas??, the errors are pasted below
>
> Duplicate address 172.16.1.1 on FastEthernet0/1, sourced by
> 0008.0050.8db2
> timestamp: 347602
> entry number 15 : IP-4-DUPADDR
> Duplicate address 172.16.1.254 on FastEthernet0/1, sourced by
> 0008.0050.8db2
>
> timestamp: 347605
> entry number 16 : IP-4-DUPADDR
> Duplicate address 172.22.1.1 on FastEthernet0/1, sourced by
> 0008.0050.8db2
> timestamp: 347609
> entry number 17 : IP-4-DUPADDR
> Duplicate address 172.23.1.1 on FastEthernet0/1, sourced by
> 0008.0050.8db2
> timestamp: 347611
>
> Charles
>
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34766&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPSec tunnels [7:34742]

[Joel Satterley]

Make sure you're running keepalive'sdead-peer-detection should keep  it
in order.


""Patrick Donlon""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
>
> I'm looking for some information on how to verify the configuration of a
PIX
> with an IPsec tunnel to a VPN concentrator. I have a tunnel that keeps
> bouncing, I think that instabilities across the internet could be causing
> some of the problems as I see the path changing quite a lot from the
> Netherlands to Dubai. I can't find the command(s), or understand the ones
> I've used, which tells me whether the tunnel is up on the PIX, I can see
> from the concentrator that it's down but I want to know about the PIX too.
> Any other advise is appreciated
>
> Cheers
>
> Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34767&t=34742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VOIP & Vic-2fx cards [7:34768]

[Richard Botham]

Hi All,

I have 2 x Cisco 2621 routers and each have a 2port fxs voice card -
vic-2fxs installed.

When I plug my phone into port 1/0/0 of a vic-2fxs card installed in a 2621
I get dial tone.

When I use port 1/0/1 I do not get dial tone.

Is there any reason for this and what am I doing wrong.

Regards
Richard



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34768&t=34768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VOIP & Vic-2fx cards [7:34768]

[Steven A. Ridder]

bad port or does the phone have 2 lines on it?
""Richard Botham""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> I have 2 x Cisco 2621 routers and each have a 2port fxs voice card -
> vic-2fxs installed.
>
> When I plug my phone into port 1/0/0 of a vic-2fxs card installed in a
2621
> I get dial tone.
>
> When I use port 1/0/1 I do not get dial tone.
>
> Is there any reason for this and what am I doing wrong.
>
> Regards
> Richard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34769&t=34768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Online Payment [7:34743]

[Brad Ellis]

My site uses quikstore.  It's a pretty good program, it just takes a little
bit of program knowledge to get it going.  The reason I like/use it:  it's
very "programmer" friendly and written in perl.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
""Hussnain Ali Akbar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group,
>
> Need some help to find some open forum research material about the
> E-Commerce and Online Payment and transactions.How to make this happen
> securly and what are the certain securities measures to be considered and
> deployed.
> I tried to find something in this regard but in vain.All the information I
> found is solution specific from certain vendors like Verisign etc but not
> some particular standards to which the IT merchandizers and solution
> providers agreed upon.
>
> Any help..
>
> Sincerely,
>
> Da' Mo' Man'
>
>
>
>
>
>
> _
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34759&t=34743
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[s vermill]

Steven A. Ridder wrote:
> 
> Just so I make sure I'm not lost, a bit-sync. protocol is one
> that has
> predefined fields that signify SOF/delimiters/protocol type
> (like Ethernet)
> and a bi-sync. protocol does not?  It just sends characters,
> and after a
> predetermined number of bytes have been sent receives an ack of
> some sort
> (L2).  Do bi-synch protocols have fields?

My personal opinion is that it is easier to contrast character-oriented
protocols to bit-synchronous protocols rather than vice versa.  Predefined
characters in c-o protocols convey meaningful information (again the ACK is
a good example that is intuitive for most people.  Priscilla also provided a
thorough list of others relative to PPP).  They are historically
half-duplex.  One device sends a block of information and then specific,
pre-defined characters are exchanged regarding the status of that block
transfer.  Just FYI:  I think bi-synch was actually an IBM proprietary
term/protocol that became synonomous with c-o.

B-s protocol devices are "bit-aware" and require no character-level
synchronization.  They are first of all bit-synchronized amongst themselves
and then secondly frame syncronized.  This frame synchronization is achieved
on bit boundaries.  I used the DS-1 frame as an example earlier.  That is a
fixed length frame.  I think it might be helpful to consider that there are
variable lenght frame technologies out there as well.  Bit patterns
(embedded or in-band to the data flow) help devices keep track of where
things start and where things end.  Contrast this to some End of Text (EOT)
or End of Frame (EOF) character being sent out of band from the data flow
itself (start-stop if you will).

Frankly, Priscilla opened my mind to the possibilty that I understand most
of the fundamental concepts but that I had never given enough careful
consideration to each individuals protocols status as b-s or c-o.  So I'll
leave it to her to address specific protocols.

> 
> If a L2 protocols sends acks, does that make it a bi-synch
> protocol?
> 
> So, wouldn't PPP still be a bit-sync. protocol because of the
> fields it does
> have fields (address, control, etc,.)?  Or am I confused.

You have to read Priscilla's earlier post carefully to see the nuances that
allow ppp to fall under the c-o category.

Regards,

Scott



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34770&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wierdest ever!! [7:34747]

[Hire, Ejay]

Do you have another roter on the attached network segment?  If so, go into
that router and turn off proxy arp.  I've seen this issue before when a
person had multiple ip schemes on the same ethernet segment.

-Original Message-
From: Charles Lomotey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 9:32 AM
To: [EMAIL PROTECTED]
Subject: Wierdest ever!! [7:34747]


Hi,
I have a 3620 which keeps inicating an IP address conflict. When I add a
secondary interface, the same MAC address attaches itself to that IP also
and says a conflict!

Any ideas??, the errors are pasted below

Duplicate address 172.16.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347602
entry number 15 : IP-4-DUPADDR
Duplicate address 172.16.1.254 on FastEthernet0/1, sourced by
0008.0050.8db2

timestamp: 347605
entry number 16 : IP-4-DUPADDR
Duplicate address 172.22.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347609
entry number 17 : IP-4-DUPADDR
Duplicate address 172.23.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347611

Charles






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34771&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3DES [7:34754]

[Patrick Ramsey]

I hope you are not being serious about '3rd party' firewalls I'm not
saying you shouldn't study pix if you want the certbut resume's are much
more impressive the more firewalls you have under you belt.  Especially
firewalls that are more capable than pix.

Of course if your company does not plan on using DCOM or any other
proprietery protocols, then pix will be fine.. (although it's still expensive)
be careful with your planning though...pix's security strategy is based on
NATstatic in from a lower level interface and dynamic out from a higher
security interface... (and variances thereof)  It does not truly route
traffic like other firewalls... A way around this is the use of NAT 0, but
then even Cisco tac does not reccomend this configuration for highly
utilized interfaces.

-Patrick

>>> "Brian Zeitz"  02/07/02 11:21AM >>>
Netscreen wont help me with the Pix exam, or the cisco VPN exam or the
CCNP exams :) I like using Cisco stuff cause it's a standard, you can
find information on there site (and groups like this, thanks) when
things go bad. I am not big on any 3rd party stuff, because when you go
to an interview, its more likely they will have Cisco then any other
product for real networking :) Anyway, thanks for the suggestion, but I
don't think that will fly by the CTO.

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 11:03 AM
To: [EMAIL PROTECTED]; Brian Zeitz
Subject: Re: 3DES [7:34754]

ya know... I'm not trying to shoot pix down...but for the small
office..I would not even go that routeGo netscreen they can do
NAT, transparent bridging, and normal firewalling and they are not
expensive.  (and a snap to set up)  Not to mention that they support
site to site or site to user vpns out of the box
practically...(extremely easy to set up!)

$.02

-Patrick

for what it's worth we use border manager, severeal netscreens and two
pix 535's in failover..  ;)

>>> "Brian Zeitz"  02/07/02 10:38AM >>>
I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+
>  Confidentiality Disclaimer     Confidentiality
Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34764&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Error message on Com port [7:34772]

[McHugh Randy]

When trying to establish a console connection through my PC's console port
to the router I get the error "unable to set port state" for com1 and com2.
Everything is set right at  Baud rate = 9600
Data bits = 8Parity =  none  Stop bits = 1 and the Flow Control box has
RTS/CTS checked.  First the serial com 1 did this and I switched to serial
com 2 and it started doing the same thing. Has anyone seen this error before
" Unable to set port state" and does some one know how to fix it?   Neither
Secure CRT nor hyperterminal work for my conection to the router.
Thanks
Randy


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34772&t=34772
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wierdest ever!! [7:34747]

[Charles Lomotey]

Hi,

The subnet mask is 255.255.255.0 for all of them

charles






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34773&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3DES [7:34754]

[Evans, TJ]

IMHO the best place to do VPN termination is on a VPN Concentrator, but
there is obviously a not-too-insignificant cost involved there.  In fact, to
then do that right you would need another FW ... or atleast a FW with
multiple interfaces to route the VPN traffic through .

When possible, according to Layer 8 , I always try to make each
box do what it is really good at - i.e., routers route and firewalls block.

Given that this is not always an option, a router based 3DES VPN works fine
... but requires a couple of upgrades to support .  Barring any of those,
there is always the option
of stepping outside of Cisco products - but we don't like to talk about that



Thanks!
TJ




>>> "Brian Zeitz"  02/07/02 10:38AM >>>
I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+

*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34774&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3DES [7:34754]

[Brian Zeitz]

Not to start anything, but that is not always the case. I remember a few
interviews where they already knew I was Microsoft certified, but asked,
do you know Novell? And I would say No, even though I knew that
technology (but I didn't like it). Surprisingly after I said no, the
employer was like "GREAT!, cause we absolutely hate Novell networks and
then go off on a long rant. I suspect this employer threw away a few
resumes because they simply mentioned something they didn't approve of.
I found this to be the case over an over. Just from my experience, I
don't put extra things on the resume, because I don't know what the
employer's reactions will be. I found it easier, and more profitable to
stay in the mainstream. As insane as this sounds, sometimes it's better
to stay with the "known good" then using 3rd party products that are not
mainstream yet. Also Cisco products i.e. Pix, has courseware and
training that corresponds to their products, this takes a lot of the
guesswork out of things. Just my 2 cent, and yes I know I am stubborn :)

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 11:46 AM
To: [EMAIL PROTECTED]
Subject: RE: 3DES [7:34754]

I hope you are not being serious about '3rd party' firewalls I'm not
saying you shouldn't study pix if you want the certbut resume's are
much
more impressive the more firewalls you have under you belt.  Especially
firewalls that are more capable than pix.

Of course if your company does not plan on using DCOM or any other
proprietery protocols, then pix will be fine.. (although it's still
expensive)
be careful with your planning though...pix's security strategy is based
on
NATstatic in from a lower level interface and dynamic out from a
higher
security interface... (and variances thereof)  It does not truly route
traffic like other firewalls... A way around this is the use of NAT 0,
but
then even Cisco tac does not reccomend this configuration for highly
utilized interfaces.

-Patrick

>>> "Brian Zeitz"  02/07/02 11:21AM >>>
Netscreen wont help me with the Pix exam, or the cisco VPN exam or the
CCNP exams :) I like using Cisco stuff cause it's a standard, you can
find information on there site (and groups like this, thanks) when
things go bad. I am not big on any 3rd party stuff, because when you go
to an interview, its more likely they will have Cisco then any other
product for real networking :) Anyway, thanks for the suggestion, but I
don't think that will fly by the CTO.

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 11:03 AM
To: [EMAIL PROTECTED]; Brian Zeitz
Subject: Re: 3DES [7:34754]

ya know... I'm not trying to shoot pix down...but for the small
office..I would not even go that routeGo netscreen they can do
NAT, transparent bridging, and normal firewalling and they are not
expensive.  (and a snap to set up)  Not to mention that they support
site to site or site to user vpns out of the box
practically...(extremely easy to set up!)

$.02

-Patrick

for what it's worth we use border manager, severeal netscreens and two
pix 535's in failover..  ;)

>>> "Brian Zeitz"  02/07/02 10:38AM >>>
I have been looking at routers/firewalls. I am thinking of going with
the 2611 with a ADSL card, I also want to get a 515. Our office is not
that big yet, but I want to plan for the future. I see that the Pix 515R
only does DES, but doesn't do 3DES. But when I buy the router, I can get
it with 3DES. I am just kinda confused, where is the best place to use
3DES, on the firewall, or on the router? Or it doesn't matter. The way I
see it, if I wanted to do 3DES on the firewall with the 515, I would
have to buy the 515UR, which is about 10K. I don't really need the
thoughput for 100,000 users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+
>  Confidentiality Disclaimer   
Confidentiality
Disclaimer   
This email and any files transmitted with it may contain confidential
and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to
whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable
law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and
may
subject you to criminal and/or civil liability. If you have received
this
email in error, please notify the sender by reply email and then delete
this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34775&t=34754
--

Re: VOIP & Vic-2fx cards [7:34768]

[James Haynes]

Is it possible that the configuration for the voice port is using
ground-start instead of loop-start mode? For analog phones it needs to be in
loop-start.

--
James Haynes
Network Architect
Cendant IT
A+,MCSE,CCNA,CCDA,CCNP,CCDP,
CQS-SNA/IPSS

""Richard Botham""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> I have 2 x Cisco 2621 routers and each have a 2port fxs voice card -
> vic-2fxs installed.
>
> When I plug my phone into port 1/0/0 of a vic-2fxs card installed in a
2621
> I get dial tone.
>
> When I use port 1/0/1 I do not get dial tone.
>
> Is there any reason for this and what am I doing wrong.
>
> Regards
> Richard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34776&t=34768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RIP Problem [7:34777]

[[EMAIL PROTECTED]]

Hi all,

I had the following problem while configuring two rip routers.

There is a FR cloud between them

R1 sends all his known subnets correct two the other (R3) router. 
On R 3 there is a redistribution from ospf in RIP. On R3 I see ALL routes
learnde via ospf.

When I debug ip rip (events) I see on R3 the following output:
--
!R3:
RIP: sending v1 update to 255.255.255.255 via Serial0 (134.8.31.3)
01:45:21:  host134.8.235.4, metric 1
01:45:21:  host134.8.235.6, metric 1
01:45:21:  subnet  134.8.235.0, metric 1
01:45:21:  subnet  134.8.3.0, metric 1
01:45:21:  host134.8.2.2, metric 1
01:45:21:  host134.8.6.6, metric 1
01:45:21:  host134.8.4.4, metric 1
01:45:21:  subnet  134.8.35.0, metric 1
---

but on R1 I don't see this routes

any comments ?

On both routers is version 12.0

CU

Udo


Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! 
Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34777&t=34777
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boson CCIE Skill Labs?? [7:34779]

[Cisco Nuts]

Hello,
Has anyone had the chance to try out the new Boson CCIE Skill Labs book? The 
topics covered seem to be pretty good but not sure about the actual content. 
Boson has always provided excellent learning aids for the other Cisco 
exams(IMHO) and am sure that this one is also good. Just not sure if I want 
to shell out the $400.00 bucks right away!!
Regards,

The URL is :   http://www.bosontraining.com


_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34779&t=34779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A Review of Hello Computers workbook for CCIE [7:34778]

[[EMAIL PROTECTED]]

I agreed in 100%. Hello computer (www.hellocomputers.com) definite is the
number 1 in the market. Priscilla very respected and honest.

They very quickly have more products. Everybody else no good!

K

我同意100%
年。你好计算机确定地是第号1
 
在市场上。居于传递第一次使用你好计算机。
 他们很快有更多产品。


- Original Message - 
From: "Priscilla Oppenheimer" 
To: 
Sent: Tuesday, February 05, 2002 4:54 PM
Subject: A Review of Hello Computers workbook for CCIE secu [7:34507]


> Hello Computers recently published their "Lab Workbook for Cisco CCIE 
> Security Lab Exam Preparation." Keyur Shah from Hello Computers, Inc.
asked
> me for feedback on the workbook. I decided to share my feedback with Group 
> Study. The workbook is a great learning tool and a lot cheaper than buying 
> equipment yourself. The lab rental service seems well run with good 
> customer service.
> 
> The workbook is available from Hello Computers or from CertificationZone.
I
> did not receive compensation for this review. I have done work for 
> CertificationZone in the past, but they did not know about this review.
> 
> The workbook consists of sixteen labs that cover all the topics in the
CCIE
> security lab test. The workbook costs $645 and includes 24 hours of remote 
> lab rack access. It's worth the money. The labs are well-written and easy 
> to follow, but challenging. The rack implements a complex network of 10 
> routers connected via Frame Relay, ISDN, Ethernet, and ATM; a Catalyst
5500
> switch; and various security devices, such as PIX boxes, two Sun 
> workstations with Solaris 8, and some NT servers that handle TACACS, TFTP, 
> syslog, and so on.
> 
> Hello Computers has been in the IT training business since 1996. They seem 
> to be a robust and innovative company. Because they have had a few years
in
> this business, they have had a chance to implement some new training 
> technologies, such as distance learning and virtual labs. (With a WebEx 
> player, you can actually attend an audio class remotely and see the 
> configurations input by the instructor.)
> 
> One of the best features of their service is the Live Person chat that you 
> can open with tech support while doing a lab. I managed to gum up the 
> Terminal Server (due to my ignorance not any fault of theirs! ;-) I
started
> the chat and was immediately connected to someone who helped me.
> 
> The CCIE Security workbook consists of four full-scale 100-point labs and 
> twelve labs of 50 points each. The 100-point labs have instructions on all 
> topics, whereas the shorter labs concentrate on a subset of topics. Each 
> lab is divided into 5 sections:
> 
> 1. Routing with EIGRP, RIP, OSPF, and BGP; switching with VLANs; and PIX 
> fundamentals
> 
> 2. Tasks aligned with the Managing Cisco Network Security (MCNS) class, 
> such as avoiding DOS attacks, etc.
> 
> 3. Advanced PIX
> 
> 4. VPNs and IPSec
> 
> 5. Intrusion Detection System
> 
> Every lab has tips (hints) at the end. The workbook also comes with a CD 
> that has initial configs such as IP addresses and other basic 
> configurations that you might not want to waste your time on. The CD also 
> includes solutions for each lab. The solutions have some minor mistakes, 
> but Hello Computers plans to publish updates on their Web site.
> 
> The lab network diagrams are in color and are laminated. Since I used them 
> a lot, I was grateful for their sturdiness. Also the lamination means that 
> you can write note on the diagrams with a dry erase marker.
> 
> The first step in every lab tells you to redraw the network diagram. This 
> is good advice. The network design is quite complex and more convoluted 
> than typical real-world networks. Group Study readers have heard about my 
> concerns regarding the OSPF virtual link and discontiguous Area 1. ;-) But 
> I guess those are things you need to know for CCIE.
> 
> I was confused at first that all "sites" in the internetwork are connected 
> to the same Catalyst switch. Obviously this wouldn't be the case in the 
> real world and perhaps that should be pointed out to people new to CCIE 
> labs. Also, perhaps the labs would be more real-world if they specified
why
> the customer wants all these complex features enabled. But this sort of 
> additional information wouldn't help one prepare for CCIE, so I don't 
> consider the lack of it a major fault. It's just my design bias showing.
> 
> In summary, this is a classy product and service. I recommend it.
> 
> 
> 
> Priscilla Oppenheimer
> http://www.priscilla.com
 Ew*o(O%NHongKong.com6l%s(t2N
 Thank you for using hongkong.com Email system




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34778&t=34778
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Average afterwork time Tech learning commitmen [7:34634]

[Mears, Rob]

Here is one for you.

I get up @ 0430, thats in the AM and study until i go to work, study @ lunch
and then study @ night.  I need a life

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 3:37 PM
To: [EMAIL PROTECTED]
Subject: RE: Average afterwork time Tech learning commitmen [7:34634]


> For me, my optimal study time was during my lunch break at
> work.  I'd scarf a sandwich and spend 45 minutes completely
> distraction free sitting in my car in the parking lot.  That
> 45 minutes 5 days a week is more effective than 2 hours a
> day trying to work on the lab with the kid, wife,
> honey-do's, tv and dog all vying for my attention.  Note, do
> not become so engrossed in what you are reading that you sit
> in the car with the windows rolled up and cook yourself like
> a thanksgiving turkey.

I think you're potentially describing an infinite loop, which, 
admittedly, might be a good troubleshooting scenario. If the 
sandwich you are scarfing is leftover Thanksgiving turkey, but the 
weather conditions exist to roast you like a turkey...

Maybe it isn't a loop. It might be an infinite recursion or just the 
formation of a black hole.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34780&t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Exam 640-900 and the CID exam [7:34752]

[Mears, Rob]

I used the stuff for the Routing exam and then the RFC for IS IS. Good luck
finding info on Cisco site. The two test are the same except for the ISIS,
compare on Cisco web page.



Advice?  Study your Ars off!

They take no prisoners

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary

-Original Message-
From: Tim Medley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 10:33 AM
To: 'Mears, Rob'
Subject: RE: Exam 640-900 and the CID exam [7:34752]


I'm getting ready to take the 640-900 exam. What did you use to
study/prepare with. What kind of advice do you have for taking the test.

tim

Tim Medley - CCNP+Voice, CCDP
Sr. Network Architect
VoIP Group
iReadyWorld
 
p 704.943.3615
f 704.525.9119

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mears, Rob
Sent: Thursday, February 07, 2002 10:31 AM
To: [EMAIL PROTECTED]
Subject: Exam 640-900 and the CID exam [7:34752]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is
a
bitch!. If any one has any qiestion, I will take them off line, just
email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34781&t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CID exam [7:34783]

[ko haag]

Is there any new books or old books out there for the CID exam?

Ko




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34783&t=34783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Priscilla Oppenheimer]

Oh dear, but I have completely confused you.

To be honest, the term "bit-synchronous" isn't very common. I couldn't find 
anything about it when searching with Google. I took it to mean 
"bit-oriented" which is a common term to refer to a protocol where control 
information is encoded using individual bits. If you search for that term 
in Google, you can learn a lot.

Contrast it with a byte-oriented protocol (also known as a 
character-oriented protocol). With byte-oriented protocols, all control 
information and data are encoded using entire bytes.

Bisync is a specific character-oriented protocol developed by IBM. It's 
also known as BSC. I used to know it quite well, but it's been years since 
I used it. But the gist of it is that it sends characters to get the link 
up and keep it up. For example, it sends PAD and SYN characters. The other 
side sends ACKs (hopefully), or maybe NAKs or WACKs. Before sending, a side 
has to send an ENQ, if I recall. It's half-duplex. Each of these 
"characters" is one byte with a particular pattern of ones and zeroes.

Now for bit-oriented protocols such as SDLC, HDLC, etc. They start by 
sending one or more instances of the flag field, which is 010, then 
send an address, then the 8-bit or 16-bit Control field, as I mentioned 
before. Individual bits within the Control field have meaning. The info 
field follows, then FCS, then the ending flag. It's usually full duplex. A 
transmitter can send continuously, serially, one bit at a time. The other 
side takes in bits and figures out what's going on. It doesn't wait to 
receive an entire control character which it then needs to acknowledge.

PPP's heritage is this bit-oriented world. So, it is sort of debatable, as 
Scott mentioned near the beginning of this discussion. But if you read my 
previous message, you'll see why I don't think it's quite right to say that 
it's bit-oriented. All its fields are one byte long. Although it has a 
Control field due to its HDLC heritage, there's only one valid value for 
it. On the other hand, the recipient probably does synch up to the 0110 
flag in some implementations, so that sort of makes it bit-oriented.

At 11:26 AM 2/7/02, Steven A. Ridder wrote:
>Just so I make sure I'm not lost, a bit-sync. protocol is one that has
>predefined fields that signify SOF/delimiters/protocol type (like Ethernet)
>and a bi-sync. protocol does not?

You are totally lost. ;-) All protocols have fields. Are they processed in 
byte chunks (like Ethernet and BSC) or as a serial stream of bits like in
HDLC?

>  It just sends characters, and after a
>predetermined number of bytes have been sent receives an ack of some sort
>(L2).  Do bi-synch protocols have fields?

IBM BSC has fields.

>If a L2 protocols sends acks, does that make it a bi-synch protocol?

No.

>So, wouldn't PPP still be a bit-sync. protocol because of the fields it does
>have fields (address, control, etc,.)?  Or am I confused.

All protocols have fields. PPP is debatable due to its HDLC heritage but 
the design goal of its developers to make it simple, modern, easy to 
process, interoperable (it can even run on Ethernet these days) causes it 
to behave more like a byte-oriented protocol, although not like BSC.

Sorry that I completely confused you. Here's some more tidbits to chew on! 
This will really get your brain creating new synapses in a mangled flurry.

What is TCP? How is a SYN represented in TCP?

What is HDLC? How is a GET represented in HDLC?

What is FTP? How is a RETR represented in FTP?

And how about Token Ring with its starting delimiter and ending delimiters? 
And how should one interpret the Ethernet preamble?

Also, aren't all protocols at some level processed a bit at a time?

This is bad as the 7-layer discussions! ;-)

Priscilla


>""Priscilla Oppenheimer""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 06:53 PM 2/6/02, s vermill wrote:
> >
> > >I wonder if you, and others, would comment on ppp as a
character-oriented
> > >protocol.  I did a search on the internet and found some university
>teaching
> > >papers that characterize synchronous ppp as character-oriented while at
>the
> > >same time acknowleging the fact that it is based on the bit-synchronous
>HDLC
> > >frame format.  I guess the LCP is the culprit?
> >
> > PPP has many components, including framing (encapsulation), LCP, and NCP.
> > It's best to consider the components separately. The short answer to your
> > question, though, is that all the components are character-oriented
> > (byte-oriented). In other words, they identify their operations with
>entire
> > bytes, rather than using bits within bytes. And here's the long answer:
> >
> > PPP encapsulation is based on HDLC framing, except that PPP adds two
bytes
> > for a Protocol field. The Protocol field is not a bit-oriented field. The
> > two bytes are taken together to mean IP, AppleTalk, DECnet, etc.
> >
> > Also, the other fields in the PPP header, even though

Re: bit-serial mode [7:34629]

[Priscilla Oppenheimer]

At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:

>What is TCP? How is a SYN represented in TCP?
>
>What is HDLC? How is a GET represented in HDLC?

That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably others, 
have yet another way of encoding control information. It's byte-oriented 
but a little different.

And how about routing protocols? For example, how does EIGRP encode an 
Update opcode? Is it different from how HTTP, FTP, etc. send control info? 
And different from TCP?


>What is FTP? How is a RETR represented in FTP?
>
>And how about Token Ring with its starting delimiter and ending delimiters?
>And how should one interpret the Ethernet preamble?
>
>Also, aren't all protocols at some level processed a bit at a time?
>
>This is bad as the 7-layer discussions! ;-)
>
>Priscilla




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34785&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Steven A. Ridder]

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:
>
> >What is TCP? How is a SYN represented in TCP?
> >
> >What is HDLC? How is a GET represented in HDLC?
>
> That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably others,
> have yet another way of encoding control information.

Isn't it all just data within the packets and not flags in a packet, like in
TCP?

It's byte-oriented
> but a little different.
>
> And how about routing protocols? For example, how does EIGRP encode an
> Update opcode? Is it different from how HTTP, FTP, etc. send control info?
> And different from TCP?
>
>
> >What is FTP? How is a RETR represented in FTP?
> >
> >And how about Token Ring with its starting delimiter and ending
delimiters?
> >And how should one interpret the Ethernet preamble?
> >
> >Also, aren't all protocols at some level processed a bit at a time?
> >
> >This is bad as the 7-layer discussions! ;-)
> >
> >Priscilla
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34786&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

%AAL5-3-NOBUFFER: error on Catalyst 8510 [7:34787]

[Sean Knox]

Anyone familiar with this error? A search on CCO and the error decoder tool
didn't reveal anything.

%AAL5-3-NOBUFFER:  No reassembly buffers to receive pkt , vpi 0, vci 35  

I was under the impression this error was related to ATM. However, we don't
have any ATM interfaces on this 8510, just a GigE port and some fast
ethernet. The error appears when I connect a fast ethernet port to an older
Extreme Summit 48 switch; CPU usage rockets to 99%. As soon as I shut the
interface down, the error stops. Any ideas?


 - Sean




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34787&t=34787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 5000 not being routed [7:34566]

[Sean Knox]

Well, strangely the Cat5k is being routed now... Due to another situation, I
was forced to move the interface the Cat5 connected to on the default
gateway... Originally the Cat5k connected to FastEthernet 1/0/7 on a
Cat8510, but now its connected to Fa1/0/4 on the Cat8510. I configured the
new connection with the same IP as the other, and it works fine. For the
record, I don't have any VLAN encapsulation set on the new port. I think I
have a bad port, because I'm having problems connecting another device to
the original port. I'm seeing a lot of "%AAL5-3-NOBUFFER:  No reassembly
buffers to receive pkt , vpi 0, vci 35" errors when I connect the port in
question to another device (an older Extreme Summit48 switch).

- Sean





-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 3:15 PM
To: Sean Knox
Cc: [EMAIL PROTECTED]
Subject: Re: Catalyst 5000 not being routed [7:34566]



  Send the router config.  You say the laptop works but that's obviously
not doing ISL so I suspect your ethernet config as the cat looks fine.

  Dave

Sean Knox wrote:
> 
> I'll post [what I think are] relevant parts of my config:
> 
> #ip
> set interface sc0 1 10.2.16.2 255.255.255.248 10.2.16.7
> 
> set interface sc0 up
> set interface sl0 192.168.0.1 255.255.255.255
> set interface sl0 down
> set arp agingtime 1200
> set ip redirect   enable
> set ip unreachable   enable
> set ip fragmentation enable
> set ip route 0.0.0.0 10.2.16.1   1
> set ip alias default 0.0.0.0
> 
> Aside from this, I am running a stock configuration (I erased the previous
> startup-config.). I'm running CatOS 4.5(12).
> 
> 1. I can ping the default gateway and the default gateway can ping the sc0
> interface back.
> 2. I can ping other interfaces on the default gateway (default gateway is
> 10.2.16.1, and I can ping 10.1.1.1, which is another int on the router)
> 3. Can't reach external subnets from the Cat5k sc0 interface, and vice
> versa.
> 4. Routing is ok-- I swapped out the catalyst with a laptop, mirroring the
> IP config. Laptop was able to reach external subnets.
> 5. The sc0 interface is part of vlan 1 by default, I can't change this
with
> the CatOS version I have. I configured the default gateway's port to be
part
> of vlan 1 as using ISL. Results the same as before (can ping the gateway,
> but nothing else)
> 
> One of Catalyst gurus must know what I'm doing wrong! :)
> 
> - Sean
> 
> -Original Message-
> From: Fraasch James [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 06, 2002 8:22 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Catalyst 5000 not being routed [7:34566]
> 
> Any chance you could submit the configs? Might make it easier to
> troubleshoot for people over here.
> 
> It sounds as if you are not using the RSM on the 5000 at all which means
> that all you really need to have is the default route set on the switch
and
> that the port on the router needs to be configured correctly.
> 
> You may want to double check your OSPF settings as well.  If the Cat5000
is
> on a different network altogether than the rest of your routers, of course
> it will not route to that network (IE, your network is 172.25.0.0 but this
> 5000 is on 172.26.0.0 and your OSPF statement reads network 172.25.0.0
> 0.0.255.255 then of course the Cat5000 would not be in the tables). I have
> done that before.
> 
> Like I said, configs would be great if possible.
> 
> James
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34788&t=34566
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Average afterwork time Tech learning commitmen [7:34634]

[James Robinson]

i live in northern MD, work in DC.  my train pulls out at 5:05 AM, i get to
union station around 7:00 AM.  at night my train leaves at 6:00, i get home
around 8:00.  with the extra sleep time i need in order to function, i am
still able to squeeze off at least 90 min of uninterrupted reading time on
the train and then go home, deal with wife/kids/bills/life stuff and still
have a good hour or so to research stuff in my lab before bedtime happens
and it all starts again.at this rate, i am trying to set a schedule of
finishing CCNP by early summer.


jim


""Brad Ellis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It's all about focus, drive, and motiviation. It's very difficult to work
> 7-8hrs/day, then come home and study for 5 more.  Then on the weekends,
> study an additional 8-12hrs/day.  (I did that schedule for 1 month prior
to
> my lab exam, and a similar schedule 2-3 months out from my exam)  It was
> very taxing, and hard to spend time with my significant other (who I
> acutally bought a dog to keep her occupied).  How some people can spend
the
> amount of time that they do with a family, and other "disctractions" is
> amazing.
>
> Try and set expectations in your household.  Let people know that this is
> your "quiet" time.  Start off spending 2 hours a night, and see if that
does
> the trick for you. If it's too much, cut back to an hour, if you can
handle
> more, do 3 hours.  Remeber, an hour a night, every night, really adds up.
>
> After all is said and done, it's focus, motivation, concentration, drive,
> and buying someone a dog!  :)
>
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)
> Network Learning Inc
> [EMAIL PROTECTED]
> used Cisco gear:  www.optsys.net
> CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html
>
> ""rtc9""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a three hour commute, a full+ part time job, and I'm wondering,
> what
> > is the average hours people put in to thier job after hours? Some I
think
> do
> > nothing. Others eat drink sleep and live the stuff. I know work is
> > important.but




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34782&t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Priscilla Oppenheimer]

That would be like if I asked you how TCP works and you said, isn't TCP 
just data within an IP packet? Now I'm asking you to consider how 
application-layer protocols work. They have operations also. In the case of 
HTTP, there are many commands. The question is how are the commands 
encoded? It's yet another variety (beyond bit-oriented and byte-oriented) 
that is worth considering.

The data is HTML-encoded text, GIFs, etc, which isn't too interesting (from 
our perspective). HTTP is rather interesting, however. So is FTP, 
especially since it has a tendency to break in many environments.

And you didn't answer me how TCP operations, such as SYNs are encoded.

Well, we've gotten off topic. I think it should be "on topic," but Cisco 
test developers don't tend to consider these issues. ;-)

Priscilla


At 03:51 PM 2/7/02, Steven A. Ridder wrote:
>""Priscilla Oppenheimer""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:
> >
> > >What is TCP? How is a SYN represented in TCP?
> > >
> > >What is HDLC? How is a GET represented in HDLC?
> >
> > That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably others,
> > have yet another way of encoding control information.
>
>Isn't it all just data within the packets and not flags in a packet, like in
>TCP?
>
>It's byte-oriented
> > but a little different.
> >
> > And how about routing protocols? For example, how does EIGRP encode an
> > Update opcode? Is it different from how HTTP, FTP, etc. send control
info?
> > And different from TCP?
> >
> >
> > >What is FTP? How is a RETR represented in FTP?
> > >
> > >And how about Token Ring with its starting delimiter and ending
>delimiters?
> > >And how should one interpret the Ethernet preamble?
> > >
> > >Also, aren't all protocols at some level processed a bit at a time?
> > >
> > >This is bad as the 7-layer discussions! ;-)
> > >
> > >Priscilla
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34789&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Average afterwork time Tech learning commitment? [7:34634]

[Priscilla Oppenheimer]

At 03:28 PM 2/6/02, Cebuano wrote:
>As Joe jackson said...
>We don't know what happens when we die
>We only know we die too soon
>But then we have to try
>Or else the world becomes
>a waiting room.

I like it! I had to look up who Joe Jackson is, but still I like it. ;-) 
Here's another similar one, from my hero:

Cowards die many times before their deaths;
The valiant never taste of death but once.
Of all the wonders that I yet have heard,
It seems to me most strange that men should fear;
Seeing that death, a necessary end,
Will come when it will come.

ATTRIBUTION: Julius Cfsar. Act ii. Sc. 2.
AUTHOR: William Shakespeare (15641616)

Priscilla


>Now on to Doyle, Parkhurst, Solie, Caslow, Berkowitz...
>
>- Original Message -
>From: "Mike Sweeney"
>To:
>Sent: Wednesday, February 06, 2002 1:17 PM
>Subject: RE: Average afterwork time Tech learning commitment? [7:34634]
>
>
> > You get out it what you put into it. Its that simple.
> >
> > I know far too many people who would do well but refuse to admit that
they
> > need to spend some time studying. "why wont they pay for it" is the
>biggest
> > whine.. you are entitled to NOTHING in this world except to die at some
> > point so it's really up to you where to go and how to get there.
> >
> > In my years, I have had the commute from hell and I used audio tapes and
> > studied during lunchtime instead of going out with the guys. I squeezed
in
> > some class time at the college. I've spent time carpooling with the
>express
> > idea of reading.. I have a laptop so I can at the least run sims on the
>run.
> > I take it to family functions and it's understood that after a few hours
>of
> > togetherness, I will disappear for a few hours of study time. I've
>explained
> > to my daughter that even daddy has homework to do and so we each do our
> > *homework* at the same time. She normally is done first :)
> >
> > And yes, a long suffering wife helps out alot. And I do make a point of
>some
> > days, blowing off Cisco/networks/PCs to spend time with family and
>friends..
> > it's a tough balancing act to do.
> >
> > If there is a will, there is a way.
> >
> > MikeS


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34790&t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3DES [7:34754]

[Rik Guyler]

Unless this is a brand new change, the 515R certainly does support 3DES as I
have installed it many times on this firewall.  The DES license is the only
FREE license but you can pay for the 3DES.  The difference between the "R"
and "U" versions has to do primarily with interfaces (R=3, U=6) and failover
(R=no, U=yes).

Rik

-Original Message-
From: Brian Zeitz [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 10:39 AM
To: [EMAIL PROTECTED]
Subject: 3DES [7:34754]


I have been looking at routers/firewalls. I am thinking of going with the
2611 with a ADSL card, I also want to get a 515. Our office is not that big
yet, but I want to plan for the future. I see that the Pix 515R only does
DES, but doesn't do 3DES. But when I buy the router, I can get it with 3DES.
I am just kinda confused, where is the best place to use 3DES, on the
firewall, or on the router? Or it doesn't matter. The way I see it, if I
wanted to do 3DES on the firewall with the 515, I would have to buy the
515UR, which is about 10K. I don't really need the thoughput for 100,000
users just yet though. Any suggestions on this?



Thanks in advance...



Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34791&t=34754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS and VPN Architectures book [7:34792]

[Sean Knox]

This book gets very good reviews on Amazon. I trust the opinions here far
more however... what do you think of this book? Better ones out there?

MPLS and VPN Architectures: A Practical Guide to Understanding, Designing
and Deploying MPLS and MPLS-Enabled VPNs
by Jim Guichard, Ivan Pepelnjak
ISBN: 1587050021




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34792&t=34792
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TAP Port [7:34793]

[Ali, Abbas]

Does anyone know what TAP port is on a catalyst Switch?  All I know it is
something to do with Diagnostic.  

Regards,

Ali




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34793&t=34793
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Howard C. Berkowitz]

>That would be like if I asked you how TCP works and you said, isn't TCP
>just data within an IP packet? Now I'm asking you to consider how
>application-layer protocols work. They have operations also. In the case of
>HTTP, there are many commands. The question is how are the commands
>encoded? It's yet another variety (beyond bit-oriented and byte-oriented)
>that is worth considering.

To say nothing about self-defining data provided to the application 
layer by presentation layer protocols such as ASN.1, XDR, etc. 
These are not particularly bit-at-a-time, but variable length 
type-length-value strings.

>
>The data is HTML-encoded text, GIFs, etc, which isn't too interesting (from
>our perspective). HTTP is rather interesting, however. So is FTP,
>especially since it has a tendency to break in many environments.
>
>And you didn't answer me how TCP operations, such as SYNs are encoded.
>
>Well, we've gotten off topic. I think it should be "on topic," but Cisco
>test developers don't tend to consider these issues. ;-)
>
>Priscilla
>
>
>At 03:51 PM 2/7/02, Steven A. Ridder wrote:
>>""Priscilla Oppenheimer""  wrote in message
>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  > At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:
>>  >
>>  > >What is TCP? How is a SYN represented in TCP?
>>  > >
>>  > >What is HDLC? How is a GET represented in HDLC?
>>  >
>>  > That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably
others,
>>  > have yet another way of encoding control information.
>>
>>Isn't it all just data within the packets and not flags in a packet, like
in
>>TCP?
>>
>>It's byte-oriented
>>  > but a little different.
>>  >
>>  > And how about routing protocols? For example, how does EIGRP encode an
>>  > Update opcode? Is it different from how HTTP, FTP, etc. send control
>info?
>>  > And different from TCP?
>>  >
>>  >
>>  > >What is FTP? How is a RETR represented in FTP?
>>  > >
>>  > >And how about Token Ring with its starting delimiter and ending
>>delimiters?
>>  > >And how should one interpret the Ethernet preamble?
>>  > >
>>  > >Also, aren't all protocols at some level processed a bit at a time?
>>  > >
>>  > >This is bad as the 7-layer discussions! ;-)
>>  > >
>>  > >Priscilla
>>  >
>>  >
>>  > 
>>  >
>>  > Priscilla Oppenheimer
>>  > http://www.priscilla.com
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34796&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Howard C. Berkowitz]

>Oh dear, but I have completely confused you.

Perhaps not. There is a danger in assuming that some feature in a 
protocol design is there because of something incredibly subtle and 
nuanced, when it really had to do with some technical or political 
compromise.

>
>To be honest, the term "bit-synchronous" isn't very common. I couldn't find
>anything about it when searching with Google. I took it to mean
>"bit-oriented" which is a common term to refer to a protocol where control
>information is encoded using individual bits. If you search for that term
>in Google, you can learn a lot.
>
>Contrast it with a byte-oriented protocol (also known as a
>character-oriented protocol). With byte-oriented protocols, all control
information and data are encoded using entire bytes.

>
>Bisync is a specific character-oriented protocol developed by IBM. It's
>also known as BSC. I used to know it quite well, but it's been years since
>I used it. But the gist of it is that it sends characters to get the link
>up and keep it up. For example, it sends PAD and SYN characters. The other
>side sends ACKs (hopefully), or maybe NAKs or WACKs. Before sending, a side
>has to send an ENQ, if I recall. It's half-duplex. Each of these
>"characters" is one byte with a particular pattern of ones and zeroes.

BSC was probably the most common byte-oriented protocol. Others 
include Burroughs Poll-Select, the synchronous version of Uniscope, 
etc.  I wouldn't rule out still seeing these in a legacy financial 
network, because the end terminals are old, stupid, and fully 
amortized.

>
>Now for bit-oriented protocols such as SDLC, HDLC, etc. They start by
>sending one or more instances of the flag field, which is 010, then
>send an address, then the 8-bit or 16-bit Control field, as I mentioned
>before. Individual bits within the Control field have meaning. The info
>field follows, then FCS, then the ending flag. It's usually full duplex. A
>transmitter can send continuously, serially, one bit at a time. The other
>side takes in bits and figures out what's going on. It doesn't wait to
>receive an entire control character which it then needs to acknowledge.
>
>PPP's heritage is this bit-oriented world. So, it is sort of debatable, as
>Scott mentioned near the beginning of this discussion. But if you read my
>previous message, you'll see why I don't think it's quite right to say that
>it's bit-oriented. All its fields are one byte long. Although it has a
>Control field due to its HDLC heritage, there's only one valid value for
>it. On the other hand, the recipient probably does synch up to the 0110
>flag in some implementations, so that sort of makes it bit-oriented.

Now, we get into compromises.  At the time PPP was developed, there 
were commercial chipsets for byte-oriented protocols. By 
byte-aligning everything, these chipsets could be reused. I can't 
remember what mailing list this was on, but this is straight from 
Bill Simpson, the primary designer of PPP.

So PPP is conceptually a bit-oriented protocol implemented to work in 
a byte-oriented environment.  There is some interest in having 
non-bit-aligned protocols as alternatives to PPP over SONET, but I'm 
not sure the few bits of saving are significant at 10 or 40 Gbps, or 
compared with the ATM cell tax.

>
>At 11:26 AM 2/7/02, Steven A. Ridder wrote:
>>Just so I make sure I'm not lost, a bit-sync. protocol is one that has
>>predefined fields that signify SOF/delimiters/protocol type (like Ethernet)
>>and a bi-sync. protocol does not?
>
>You are totally lost. ;-) All protocols have fields. Are they processed in
>byte chunks (like Ethernet and BSC) or as a serial stream of bits like in
>HDLC?
>
>>   It just sends characters, and after a
>>predetermined number of bytes have been sent receives an ack of some sort
>>(L2).  Do bi-synch protocols have fields?
>
>IBM BSC has fields.
>
>>If a L2 protocols sends acks, does that make it a bi-synch protocol?
>
>No.
>
>>So, wouldn't PPP still be a bit-sync. protocol because of the fields it
does
>  >have fields (address, control, etc,.)?  Or am I confused.
>
>All protocols have fields. PPP is debatable due to its HDLC heritage but
>the design goal of its developers to make it simple, modern, easy to
>process, interoperable (it can even run on Ethernet these days) causes it
>to behave more like a byte-oriented protocol, although not like BSC.
>
>Sorry that I completely confused you. Here's some more tidbits to chew on!
>This will really get your brain creating new synapses in a mangled flurry.
>
>What is TCP? How is a SYN represented in TCP?
>
>What is HDLC? How is a GET represented in HDLC?
>
>What is FTP? How is a RETR represented in FTP?
>
>And how about Token Ring with its starting delimiter and ending delimiters?
>And how should one interpret the Ethernet preamble?
>
>Also, aren't all protocols at some level processed a bit at a time?
>
>This is bad as the 7-layer discussions! ;-)
>
>Priscilla
>
>
>>""Priscilla Oppenheimer""  w

Free CCIE Rack Rental [7:34794]

[A SBC]

I received a free day with my rack rental. They would accormodate  next day
for free if there are no subscribers. Good CCIE lab..

www.practicelabs.net


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34794&t=34794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Steven A. Ridder]

What I meant was that SYN in tcp is just a bit that's flipped to 1 to one.
The bit is always there, but when it's turned "on" it means something.  I've
never considered it data.  The get in http or open in ftp is data in the
packet that has to be added to the packet.  There is no "get flag" or "open
flag" that needs to be turned on.  It's a command, and when sent to an http
server, the server responds.

Am I right?

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> That would be like if I asked you how TCP works and you said, isn't TCP
> just data within an IP packet? Now I'm asking you to consider how
> application-layer protocols work. They have operations also. In the case
of
> HTTP, there are many commands. The question is how are the commands
> encoded? It's yet another variety (beyond bit-oriented and byte-oriented)
> that is worth considering.
>
> The data is HTML-encoded text, GIFs, etc, which isn't too interesting
(from
> our perspective). HTTP is rather interesting, however. So is FTP,
> especially since it has a tendency to break in many environments.
>
> And you didn't answer me how TCP operations, such as SYNs are encoded.
>
> Well, we've gotten off topic. I think it should be "on topic," but Cisco
> test developers don't tend to consider these issues. ;-)
>
> Priscilla
>
>
> At 03:51 PM 2/7/02, Steven A. Ridder wrote:
> >""Priscilla Oppenheimer""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:
> > >
> > > >What is TCP? How is a SYN represented in TCP?
> > > >
> > > >What is HDLC? How is a GET represented in HDLC?
> > >
> > > That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably
others,
> > > have yet another way of encoding control information.
> >
> >Isn't it all just data within the packets and not flags in a packet, like
in
> >TCP?
> >
> >It's byte-oriented
> > > but a little different.
> > >
> > > And how about routing protocols? For example, how does EIGRP encode an
> > > Update opcode? Is it different from how HTTP, FTP, etc. send control
> info?
> > > And different from TCP?
> > >
> > >
> > > >What is FTP? How is a RETR represented in FTP?
> > > >
> > > >And how about Token Ring with its starting delimiter and ending
> >delimiters?
> > > >And how should one interpret the Ethernet preamble?
> > > >
> > > >Also, aren't all protocols at some level processed a bit at a time?
> > > >
> > > >This is bad as the 7-layer discussions! ;-)
> > > >
> > > >Priscilla
> > >
> > >
> > > 
> > >
> > > Priscilla Oppenheimer
> > > http://www.priscilla.com
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34797&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: %AAL5-3-NOBUFFER: error on Catalyst 8510 [7:34787]

[Sean Knox]

I moved the Extreme Switch to a different port. Everything seems "ok" and I
don't see any extraneous CPU usage, however the error message is still
appearing, albeit with a slightly different message:

%AAL5-3-NOBUFFER:  No reassembly buffers to receive pkt , vpi 0, vci 36

Note the "vci 36" instead of 35 from my previous post. I found a little
information about this error on some Cat6000 release notes:

CSCdp22285

The "no reassembly buffers to receive pkt, vpi 0, vci 36" message is
displayed.
Symptom: On a system with over 10,000 IP multicast routes, multiple "No
reassembly buffers to receive pkt, vpi 0, vci 36" messages are displayed. 

Well 1) I'm not running any multicast routing, 2) I'm using a Cat8510 not a
6000 and 3) this bug is reported "resolved" in 12.0(5)W5(13a), furthermore,
I'm running 12.1(7a)EY, which lists no mention of this bug in the release
notes. Wonder what this is? 



-Original Message-
From: Sean Knox [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 1:25 PM
To: [EMAIL PROTECTED]
Subject: %AAL5-3-NOBUFFER: error on Catalyst 8510 [7:34787]


Anyone familiar with this error? A search on CCO and the error decoder tool
didn't reveal anything.

%AAL5-3-NOBUFFER:  No reassembly buffers to receive pkt , vpi 0, vci 35  

I was under the impression this error was related to ATM. However, we don't
have any ATM interfaces on this 8510, just a GigE port and some fast
ethernet. The error appears when I connect a fast ethernet port to an older
Extreme Summit 48 switch; CPU usage rockets to 99%. As soon as I shut the
interface down, the error stops. Any ideas?


 - Sean




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34798&t=34787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson CCIE Skill Labs?? [7:34779]

[Jeff D]

I was wondering the same. Let me know if you hear anything.

Jeff

""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
> Has anyone had the chance to try out the new Boson CCIE Skill Labs book?
The
> topics covered seem to be pretty good but not sure about the actual
content.
> Boson has always provided excellent learning aids for the other Cisco
> exams(IMHO) and am sure that this one is also good. Just not sure if I
want
> to shell out the $400.00 bucks right away!!
> Regards,
>
> The URL is :   http://www.bosontraining.com
>
>
> _
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34799&t=34779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE Catalyst 5000 not being routed RESOLVED [7:34800]

[Sean Knox]

I promise this is the last time I respond to myself :) Hopefully it will
provide some insight.

I believe I found the reason the Cat5k was not being routed when connected
to a certain port on the default gateway-- I noticed the encapsulation for
the interface was set to 802.1q...which I definitely DIDN'T do-- in fact I
had created a subif with ISL encapsulation. It turns out there were some
subif's created quite a while ago. The encapsulation of these subifs were
all set to 802.1q. Despite the fact that all these 802.1q subinterfaces were
administratively shut down, the physical interface still reflected this and
listed its encapsulation as 802.1q as well. To resolve, I went to each subif
on the problem interface and took off any and all encapsulation via "no
encap". I shut down each interface (again) just for good measure. After
doing this, the physical interface displayed ARPA encapsulation and
everything works fine-- connected the Cat5k to the to the problem port, and
everything was routed fine. Whew! What a pain to track down. Even when
entering "no interface ", the subinterfaces remained persistent.
Weird. I'll close this thread and open a new one regarding this persistent
subif behavior. :) Thanks to Dave and everyone helped/offered help.

- Sean

-Original Message-
From: Sean Knox [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 1:34 PM
To: [EMAIL PROTECTED]
Subject: RE: Catalyst 5000 not being routed [7:34566]


Well, strangely the Cat5k is being routed now... Due to another situation, I
was forced to move the interface the Cat5 connected to on the default
gateway... Originally the Cat5k connected to FastEthernet 1/0/7 on a
Cat8510, but now its connected to Fa1/0/4 on the Cat8510. I configured the
new connection with the same IP as the other, and it works fine. For the
record, I don't have any VLAN encapsulation set on the new port. I think I
have a bad port, because I'm having problems connecting another device to
the original port. I'm seeing a lot of "%AAL5-3-NOBUFFER:  No reassembly
buffers to receive pkt , vpi 0, vci 35" errors when I connect the port in
question to another device (an older Extreme Summit48 switch).

- Sean




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34800&t=34800
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[Priscilla Oppenheimer]

At 05:48 PM 2/7/02, Steven A. Ridder wrote:
>What I meant was that SYN in tcp is just a bit that's flipped to 1 to one.
>The bit is always there, but when it's turned "on" it means something.

Yes. (So is it bit-oriented? I would say yes, even though the term usually 
refers to WAN protocols)

>I've
>never considered it data.

IP considers it data.

>  The get in http or open in ftp is data in the
>packet that has to be added to the packet.  There is no "get flag" or "open
>flag" that needs to be turned on.  It's a command, and when sent to an http
>server, the server responds.
>
>Am I right?

Yes, it's a command. (Of course a TCP SYN is a command too that a server 
responds to.)

I would add that HTTP and FTP commands and replies are in an HTTP or FTP 
header. (They aren't part of the actual "user" data, and, in fact, FTP 
opens a different channel to send the data.)

FTP sends commands as strings (using the Telnet protocol). There's no OPEN 
but there is, for example, a RETR. The client software sends those actual 
characters in ASCII, followed by a space or CR/LF and maybe an argument, 
depending on the command.

HTTP requests have a request line, with a method, optionally a message 
header, and the message body. The method is the command, like a GET. It is 
sent as a string, like the FTP commands. SMTP and POP send string commands
too.

I asked about routing protocols too. They usually have a header that 
includes a fixed-length "opcode" or "type" or "command" field that 
identifies the purpose of the packet. The protocol specifies the valid hex 
values for this field and what command they represent. They aren't strings, 
though.

And then Howard had yet more examples! I guess programmers can be as 
creative as they want (despite numerous technical, political, and 
historical constraints!)

Priscilla


>""Priscilla Oppenheimer""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > That would be like if I asked you how TCP works and you said, isn't TCP
> > just data within an IP packet? Now I'm asking you to consider how
> > application-layer protocols work. They have operations also. In the case
>of
> > HTTP, there are many commands. The question is how are the commands
> > encoded? It's yet another variety (beyond bit-oriented and byte-oriented)
> > that is worth considering.
> >
> > The data is HTML-encoded text, GIFs, etc, which isn't too interesting
>(from
> > our perspective). HTTP is rather interesting, however. So is FTP,
> > especially since it has a tendency to break in many environments.
> >
> > And you didn't answer me how TCP operations, such as SYNs are encoded.
> >
> > Well, we've gotten off topic. I think it should be "on topic," but Cisco
> > test developers don't tend to consider these issues. ;-)
> >
> > Priscilla
> >
> >
> > At 03:51 PM 2/7/02, Steven A. Ridder wrote:
> > >""Priscilla Oppenheimer""  wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > At 03:26 PM 2/7/02, Priscilla Oppenheimer wrote:
> > > >
> > > > >What is TCP? How is a SYN represented in TCP?
> > > > >
> > > > >What is HDLC? How is a GET represented in HDLC?
> > > >
> > > > That was supposed to say HTTP! HTTP, FTP, SMTP, POP and probably
>others,
> > > > have yet another way of encoding control information.
> > >
> > >Isn't it all just data within the packets and not flags in a packet,
like
>in
> > >TCP?
> > >
> > >It's byte-oriented
> > > > but a little different.
> > > >
> > > > And how about routing protocols? For example, how does EIGRP encode
an
> > > > Update opcode? Is it different from how HTTP, FTP, etc. send control
> > info?
> > > > And different from TCP?
> > > >
> > > >
> > > > >What is FTP? How is a RETR represented in FTP?
> > > > >
> > > > >And how about Token Ring with its starting delimiter and ending
> > >delimiters?
> > > > >And how should one interpret the Ethernet preamble?
> > > > >
> > > > >Also, aren't all protocols at some level processed a bit at a time?
> > > > >
> > > > >This is bad as the 7-layer discussions! ;-)
> > > > >
> > > > >Priscilla
> > > >
> > > >
> > > > 
> > > >
> > > > Priscilla Oppenheimer
> > > > http://www.priscilla.com
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34801&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Deleting Subinterfaces. [7:34802]

[Sean Knox]

I'm having trouble deleting subinterfaces on a 8510CSR. I'm getting the
following "error":

core8500(config)#no int fa1/0/7.203
% Not all config may be removed and may reappear after reactivating the
sub-interface

None of the subifs I attempt to delete actually go away. Furthermore,
certain interface properties like VLAN tagging directly affect the main
physical interface, even when I shut down the subifs, which as you can
imagine causes all sorts of problems. I'm running 12.1(7a)EY on a 8510CSR.
Any ideas? Should I blame the early deployment code?

- Sean




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34802&t=34802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: need 2500 IOS: c2500-js56i-l.120.9.bin [7:34731]

[Fraasch James]

Register at the above site- all you need is your contract number.

Then go to:

http://www.cisco.com/kobayashi/sw-center/ and click around until you find
the version you are looking for.

Good luck.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34803&t=34731
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Loop Up [7:34804]

[somera cecilia]

what does it mean if csu/dsu sends a "loop up" ? how does it affect the
remote csu/dsu ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34804&t=34804
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Loop Up [7:34804]

[Lupi, Guy]

A CSU has the ability to loop up a far end CSU or smartjack.  When the CSU
sends a loop up, the remote CSU or smartjack will go into loop, and you can
run testing patterns to that loop.  It is used to test the end to end
connectivity of a circuit.  For instance, lets say you have the following:

CPE--CSU(A)-Smartjack(A)---CO--CO---Smartjack(B)
CSU(B)--CPE

If there is no connectivity, you could go to CSU(A) and send a loop code to
Smartjack(B) or CSU(B).  You would then run a test pattern, say 3:24, to the
loop.  If the test pattern runs clean, with no errors, then you know that
you have a good circuit from one end to the other, and the problem may be
with the CPE.  On the other hand, if you try to loop the CSU and you can't,
then you would try to loop the Smartjack and run to that loop.  If you can
run clean you know the problem lies somewhere after the Smartjack, if you
can't then you would call the carrier and ask them to find out what is wrong
with the circuit.  Hope that helps.

~-Original Message-
~From: somera cecilia [mailto:[EMAIL PROTECTED]]
~Sent: Thursday, February 07, 2002 7:00 PM
~To: [EMAIL PROTECTED]
~Subject: Loop Up [7:34804]
~
~
~what does it mean if csu/dsu sends a "loop up" ? how does it affect the
~remote csu/dsu ?
~
~
~Report misconduct 
~and Nondisclosure violations to [EMAIL PROTECTED]
~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34805&t=34804
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cramsession CCIE Written [7:34806]

[Christi McClellan]

anybody having a problem getting the study notes off of cramsession.com for
the CCIE written?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34806&t=34806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cramsession CCIE Written [7:34807]

[Christi McClellan]

anybody having a problem getting the study notes off of cramsession.com for
the CCIE written?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34807&t=34807
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bit-serial mode [7:34629]

[[EMAIL PROTECTED]]

> At 05:48 PM 2/7/02, Steven A. Ridder wrote:
>>What I meant was that SYN in tcp is just a bit that's
>>flipped to 1 to one. The bit is always there, but when it's
>>turned "on" it means something.
> 
> Yes. (So is it bit-oriented? I would say yes, even though
> the term usually  refers to WAN protocols)
> 
>>I've
>>never considered it data.
> 
> IP considers it data.

There's lots of babbling about what belongs in what layer, but the 
underlying concept of layering is a sound one.  A protocol at layer N 
considers everything it carries from the (N+1) layer above it as 
data. The protocol may have its own control messages, which do 
not carry _user_ data.
> 
>>  The get in http or open in ftp is data in the
>>packet that has to be added to the packet.  There is no "get
>>flag" or "open flag" that needs to be turned on.  It's a
>>command, and when sent to an http server, the server
>>responds.
>>
>>Am I right?
> 
> Yes, it's a command. (Of course a TCP SYN is a command too
> that a server  responds to.)
> 
> I would add that HTTP and FTP commands and replies are in an
> HTTP or FTP  header. (They aren't part of the actual "user"
> data, and, in fact, FTP  opens a different channel to send
> the data.)
> 
> FTP sends commands as strings (using the Telnet protocol).
> There's no OPEN  but there is, for example, a RETR. The
> client software sends those actual  characters in ASCII,
> followed by a space or CR/LF and maybe an argument, 
> depending on the command.
> 
> HTTP requests have a request line, with a method, optionally
> a message  header, and the message body. The method is the
> command, like a GET. It is  sent as a string, like the FTP
> commands. SMTP and POP send string commands too.
> 
> I asked about routing protocols too. They usually have a
> header that  includes a fixed-length "opcode" or "type" or
> "command" field that  identifies the purpose of the packet.
> The protocol specifies the valid hex  values for this field
> and what command they represent. They aren't strings, 
> though.

Actually, there is a substantial difference in the design assumptions 
for packet design in OSPF and ISIS.  OSPF uses lots of bit strings 
and tries to 32-bit align as many fields as possible.  The principal 
goal of this was processing efficiency.

ISIS, however, had a different principal goal, extensibility.  It's 
relatively easy to add type-length-value objects to ISIS.  So there's 
more time in processing the packets, but you don't run into the 
problems of OSPF now that various bit fields are all used and there's 
no obvious place to extend them. OSPF extension tends to rely on 
creating whole new LSAs.
> 
> And then Howard had yet more examples! I guess programmers
> can be as  creative as they want (despite numerous
> technical, political, and  historical constraints!)
> 
> Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34808&t=34629
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cramsession CCIE Written [7:34806]

[Dennis Laganiere]

I wasn't able to resolve cramsession, but if you go to brainbuzz.com and
follow the links, it seems to work.  By the way, I wrote that cramsession,
so if you can't get it any other way, let me know and I'll send you a copy
from home later tonight...

--- Dennis

-Original Message-
From: Christi McClellan
To: [EMAIL PROTECTED]
Sent: 2/7/2002 4:50 PM
Subject: Cramsession CCIE Written [7:34806]

anybody having a problem getting the study notes off of cramsession.com
for
the CCIE written?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34809&t=34806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: need 2500 IOS: c2500-js56i-l.120.9.bin [7:34731]

[Bill K.]

Hi
I have a CCO account but have no rights to download this image, can you tell
me a ftp site to obtain it?



""Fraasch James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Register at the above site- all you need is your contract number.
>
> Then go to:
>
> http://www.cisco.com/kobayashi/sw-center/ and click around until you find
> the version you are looking for.
>
> Good luck.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34810&t=34731
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Cramsession CCIE Written [7:34806]

[Dennis Laganiere]

Here's a (pirated) mirror link:

http://www.isadrug.freeserve.co.uk/docs/others/bb-ccie-w.pdf

You'll find a list of the more significant errors in the groupstudy
archives.

In answer to your question, I wrote it along time ago by just doing a
quick rewrite of my own study notes.  It's worth a quick read, and it
might help somewhat.  

By the way, I didn't mean to respond to the entire group; I must have
hit "reply-all" by mistake.  Sorry about that...

--- Dennis



-Original Message-
From: Jeff D
To: "Dennis Laganiere"
Sent: 2/7/2002 5:36 PM
Subject: Re: Cramsession CCIE Written [7:34806]

Dennis, I haven't seen it yet... but would you recommend it as a
last-minute
before the test review? I know in the past, some of the Cramsessions
(CCNP
stuff) have not been that well for the tests.

Cheers,
Jeff

- Original Message -
From: ""Dennis Laganiere"" 
Newsgroups: groupstudy.cisco
Sent: Thursday, February 07, 2002 8:28 PM
Subject: RE: Cramsession CCIE Written [7:34806]


> I wasn't able to resolve cramsession, but if you go to brainbuzz.com
and
> follow the links, it seems to work.  By the way, I wrote that
cramsession,
> so if you can't get it any other way, let me know and I'll send you a
copy
> from home later tonight...
>
> --- Dennis
>
> -Original Message-
> From: Christi McClellan
> To: [EMAIL PROTECTED]
> Sent: 2/7/2002 4:50 PM
> Subject: Cramsession CCIE Written [7:34806]
>
> anybody having a problem getting the study notes off of
cramsession.com
> for
> the CCIE written?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34811&t=34806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Exam 640-900 and the CID exam [7:34752]

[Ranma]

640-900 should be a easy task


""Mears, Rob""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all
>
> I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
> bitch!. If any one has any qiestion, I will take them off line, just email
> me.
>
> I am getting ready to take my CID exam, any advice?
>
> Thanks
> Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34812&t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Cisco Security Advisory: Cisco Secure Access Control Server [7:34813]

[Daniel Cotts]

For those not on the security mailing list.

-Original Message-
From: Cisco Systems Product Security Incident Response Team
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 10:30 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Cisco Security Advisory: Cisco Secure Access Control Server
Novell Directory Service Expired/Disabled User Authentication
Vulnerability


-BEGIN PGP SIGNED MESSAGE-

Cisco Security Advisory:  Cisco Secure Access Control Server Novell
Directory Service Expired/Disabled User Authentication Vulnerability
==

Revision 1.0

For Public Release 2002 February 07 08:00 (UTC -0800)

  

Summary
===

Specific versions of Cisco Secure Authentication Control Server (ACS)
allows authentication of users that have been explicitly disabled or
expired in the Novell Directory Services (NDS).  There is a software patch
that may be applied, and software upgrades will also address this problem.

The complete notice will be available at
http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln
-pub
.shtml
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

search friends! [7:34814]

[litty alx]

I am perparing for ccie written now, I want to look for study partners. I
have a lot of date about cisco,if you want to make friend s of me,please
email to me.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34814&t=34814
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

nm-hdv & vwic-1mft-e1 [7:34815]

[flight]

dear all:
can you tell me which ios feature must have suppport the
NM-HDV&VWIC-1MFT-E1 on router cisco2610.


thanks


--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34815&t=34815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

collissions on serial line? [7:34816]

[somera cecilia]

Folks, I've been searching CCO but cannot find answers to this. Is it
possible to get collissions in serial lines? If there are, what could cause
this?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34816&t=34816
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MOBILE IP [7:34817]

[Richard Dukes]

I NEED HELP IN SETUP MOBILE IP CONFIG ON TWO 2651 ROUTER IN MY TEST LAB,
BEFORE I ADD THE CONFIG TO MY CORE ROUTER 7507. SO FAR I FOLLOW THE CFG
EXAMPLE I FOUND ON THE CISCO WEB SITE BUT UNABLE TO VERIFY THAT I HAVE IT
SETUP CORRECTLY. DO ANYONE HAVE A BASIC EXAMPLE CONFIG THAT WILL ALLOW
MOBILE IP TAKE OVER TO ACTIVE ON THE ROUTER. I APPRICATE ANY ASSISTANCE
ANYONE CAN PROVIDE.


Join 18 million Eudora users by signing up for a free Eudora Web-Mail
account at http://www.eudoramail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34817&t=34817
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Syslog Server [7:34818]

[NKP]

Hi ,
I wanted to ask if there is any Syslog server available for WIN NT or 2K
platform  ,  is there any freeware available .
  Let me know.
thanks in advance

--

Navin Parwal

Director
Technosys
tel: 91-141-372400
[EMAIL PROTECTED]





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34818&t=34818
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: nm-hdv & vwic-1mft-e1 [7:34815]

[Tim Medley]

You need at least IP Plus for the NM-HDV. We ran into an issue, can't
remember what offhand, I'll check my notes and see if I can pin point
specifics, but we ended up running Enterprise Plus H323 MCM on all our
2621'a with NM-HDV's.

tim

Tim Medley - CCNP+Voice, CCDP
Sr. Network Architect
VoIP Group
iReadyWorld
 
p 704.943.3615
f 704.525.9119

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
flight
Sent: Thursday, February 07, 2002 10:19 PM
To: [EMAIL PROTECTED]
Subject: nm-hdv & vwic-1mft-e1 [7:34815]

dear all:
can you tell me which ios feature must have suppport the
NM-HDV&VWIC-1MFT-E1 on router cisco2610.


thanks


--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34819&t=34815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help: Modem taking too long to connect [7:34820]

[Kwame]

I'm using this old MultiTech modem bank to set a reverse telnet session via
a 2511. The modem setup commands are:
modem inout
modem autoconfigure discovery
transport input all

This works but when dialing in from my laptop's modem to the multitech to
gain access to the 2511, it takes forever for the 2511 to respond. It does
eventually, after like some 90 seconds, but it shouldn't take that long or
should it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34820&t=34820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Syslog Server [7:34818]

[somera cecilia]

I use a w2k syslog server from Kiwi, http://www.kiwisyslog.com/


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34821&t=34818
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: collissions on serial line? [7:34816]

[Michael Williams]

AFAIK, it's not possible to get collisions on a serial line.  I remember
someone saying something about this being an example of Cisco reusing code
in their IOS, i.e. using the same ouput routine for both serial and ethernet
lines therefore it shows collisions even though it's not possible to get
them on a serial line.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34822&t=34816
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Deleting Subinterfaces. [7:34802]

[Michael Williams]

In general, I believe that when you delete a subinterface (at least on
serial lines) the subinterface won't go away until you reboot the router.

HTH,
Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34823&t=34802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: collissions on serial line? [7:34816]

[Sean Knox]

A serial line is a point-to-point link. Collisions are only possible on a
shared medium, such as ethernet.

-Original Message-
From: somera cecilia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 7:46 PM
To: [EMAIL PROTECTED]
Subject: collissions on serial line? [7:34816]


Folks, I've been searching CCO but cannot find answers to this. Is it
possible to get collissions in serial lines? If there are, what could cause
this?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34824&t=34816
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Deleting Subinterfaces. [7:34802]

[Sean Knox]

The router has been rebooted multiple, but the subif's persist.

- Sean

-Original Message-
From: Michael Williams [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 8:51 PM
To: [EMAIL PROTECTED]
Subject: RE: Deleting Subinterfaces. [7:34802]


In general, I believe that when you delete a subinterface (at least on
serial lines) the subinterface won't go away until you reboot the router.

HTH,
Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34825&t=34802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Deleting Subinterfaces. [7:34802]

[Andy Hoang]

After you remove the subif and do a "write mem" does the startup-config
still shows the subif?  If it does, I would tftp the config to a file, edit
the file and tftp it back to the router and reload.

Just a guess.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sean Knox
Sent: Thursday, February 07, 2002 9:26 PM
To: [EMAIL PROTECTED]
Subject: RE: Deleting Subinterfaces. [7:34802]


The router has been rebooted multiple, but the subif's persist.

- Sean

-Original Message-
From: Michael Williams [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 8:51 PM
To: [EMAIL PROTECTED]
Subject: RE: Deleting Subinterfaces. [7:34802]


In general, I believe that when you delete a subinterface (at least on
serial lines) the subinterface won't go away until you reboot the router.

HTH,
Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34826&t=34802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 configuration from CAT4000 CWI [7:34736]

[Cisco Breaker]

]f you havent donloaded the catalyst CWI to the switch it doesnt work even
if you apply IP HTTP SERVER command. Not an answer to my question but
thanks.


""Georg Pauwen""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I am not sure if it works through the Catalyst CWI, but if you configure
the
> layer 3 module/SUPIII with the IP HTTP SERVER command, you should be able
to
> connect to it through a web interface.
>
> Regards,
>
> Georg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34827&t=34736
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]