RE: quick question - router for regular dial in isp? [7:36006]

[Mark Odette II]

Beth- Yes. You can use the 804 in the fashion you ask.  In fact, that's what
it is designed to do... if you want it to perform as if it were routing
traffic in a nailed-up state, you just set the dialer timer to an
infinitely high value... and then it'll never hang up, unless you kill the
power, or circuit (of which, depending on your locale and provider, the
circuit flap might occur more often than you desire :) ).

When you configure the Dialer idle-timeout paramater, you can set it for say
10 minutes, and then if no defined interesting traffic doesn't traverse the
interface, it'll hang up.  As soon as the 'interesting traffic' comes back
across, it'll dial back out.

If you don't have a lot of experience with it, you can Download the
ConfigMaker 2.6 tool from Cisco (free), and use it to help generate your
config with the required info.

After that, if you want to control your dialer interface even further, such
as to follow a time-table for allowing dial-up (such as to conserve telco
dial costs), and deny certain traffic that would keep the idle-timeout
parameter from ever being reached, you should consider creating some
access-lists to deny ports 135-137 (Windoze NetBios broadcast traffic).

Hope this leads you to your answers.

See CCO for config samples.

Good Luck,
Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
beth
Sent: Wednesday, February 20, 2002 4:30 PM
To: [EMAIL PROTECTED]
Subject: quick question - router for regular dial in isp? [7:36006]


Hello, i have a quick question. Can you use a regular 804 cisco router to
dial
into a regular dial in isdn isp account? not a dedicated account.
Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36045t=36006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Global line config question [7:36046]

[Julian Fletcher]

I have a question regarding the use of the login keyword within global
config-line - in this example with the vty entries.


A default config would read :-

!
line vty 0 4
!
!

Entering global config-line mode, and entering the login command, we get :-

!
line vty 0 4
login
!

However, entering global config-line mode, and entering the 'no login'
command, we get :-

!
line vty 0 4
no login
!

the login command is still referenced - It hasnt been removed Is there
functionally any difference between this state and the default config shown
originally. I am curious whether this is caused by a quirk in IOS that
doesn't
tidy the config wording, or whether the default behaviour has changed.

Best regards,

Julian Fletcher
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36046t=36046
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IDS 4210 help again [7:36047]

[Shane Stockman]

I have setup the ids with the all the relevant in for such as the sensor and 
ids manager details as well as the ip address,netmask,default gateway.
My question is that if 1 interface is the monitoring interface and it is 
connected to the internet router and the other is the command and control 
interface and that is connected to my switch , that interface needs and 
address if I am correct as it will have to have a vlan number.

Which interface uses the ip address that I entered in the configuration and 
how will I get the command and control interface to work ?

Thanks



_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36047t=36047
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: China/Cisco connection [7:35946]

[Dominick Marino]

I agree with Joseph Brunner.

To compare the two is absurd!   The Chinese will use the technology to
suppress the truth from becoming known to the people ( peasants to the
elite).  It is also a good way to find the subversives and eliminate them.

As for the US government monitoring the traffic, I doubt that they plan on
killing anyone for their selection of web sites.

Unless they are terrorists, then, if they want, I will supply the bullets
myself.

Dom Marino







B.J. Wilson  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 An interesting article I came across this morning:


http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.a
 sp

 Comments?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36048t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boson's CCIE LAB Practice [7:36049]

[kaushik khakhar]

Group,

I am going for CCIE RS lab soon. Boson released CCIE Lab practice book,
plus some simulation software. The total price in current introductry
offer is abt 750USD approx. I dont mind investing in it, but before that
as usual I would like to take some vauable inputs from Group. If any one
has bought this or have some experience or heard of it, please provide
your feeback.

Anyone preparing for LAB in Netherlands or Belgium...get in touch

Regards,

Kaushik Khakhar A



Send and receive Hotmail on your mobile device: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36049t=36049
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSPM 2.3i and NT versus 2000 [7:35980]

[Chee Kin]

This is what I have discovered while preparing for the CSIDS exam a while
back.  I was using a CSPM 2.3.2i eval copy.

For CSPM standalone mode, you need to have NT 4.0 SP6a and IE 5.5.  I
installed IE 5.5 SP2 to get it working on the NT box.  You won't be able to
install CSPM (standalone mode) if you are using W2K.

For CSPM client-server mode, you can install the client only on W2K.  Your
W2K must be SP1.  It will not work on W2K (no SP) and W2K SP2.

Regards,
cheekin


- Original Message -
From: Richard Deal 
To: 
Sent: Thursday, February 21, 2002 4:23 AM
Subject: CSPM 2.3i and NT versus 2000 [7:35980]


 I'm about to run a trial of CSPM 2.3i for some IDS sensors that I have. I
 noticed in the release notes that this version of the product only runs on
 Windows NT 4.0; however, I  --REALLY-- would like to run this on Windows
200
 server.

 Has anyone had any success on running this on Windows 2000 server? If so,
 what SP were you using for W2000 server? and what other things did you
have
 to do to get it up and running? Any of the functionality of 2.3i that you
 couldn't get to function?

 Thanks for the info!!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36050t=35980
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: exec-timeout 0 0 ?? [7:36018]

[Scott H.]

You gotta love this one.  Real pain in the *ss to get back in.

Chuck  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 and if you want to have a ton of fun, set it to something like 0 1 ;-


 Thom Castognalia  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Phil - It will make your timeout infinity.  If you want to set your
 timeout
  to absolutely nothing, do the command, no exec




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36052t=36018
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Should I buy IDS ? [7:36053]

[Arni V. Skarphedinsson]

I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,

I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.

I realy need somthing to sell the ides to the managment.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36053t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Steven A. Ridder]

So is it safe for me to conclude that I was wrong in stating that EIGRP
sends the metrics to its neighbors.  It actually sends the raw data such as
bandwidth, and delay, and the neighbor router uses the DUAL FSM process to
calculate the Reported Distance and then it's distance?  I've been sniffing
and debugging all morning and I can't find a metric in a packet, just raw
data.

--
RFC 1149 Compliant.

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The delay part of the EIGRP composite metric is not measured. It's based
on
 the type of interface. Each type of interface has a default value. You can
 change it, although this is risky and not recommended.

 Because EIGRP is a distance-vector protocol, the router sends route
updates
 that list networks. For each network, the router states the different
parts
 of the composite metric:

 1) The delay to get to the network, which is a cumulation of all interface
 delays.

 2) The bandwidth to that network, which is the minimum bandwidth for all
 interfaces.

 3) Reliability which is not used by default, but you can configure the
 router to use it. If used, the reliability is measured and represents how
 much of the bandwidth to the network is in use.

 4) Load which is not used by default, but you can configure the router to
 use it. If used, the load is measured and represents the fraction of
 packets that arrive at the network undamaged.

 The router also sends the following info, which is not part of the metric,
 but useful for other routers to know:

 1) MTU is the maximum packet size that can be sent along the entire path
 without fragmentation. (That is, it is the minimum of the MTUs of all the
 networks involved in the path.)

 2) The hop count is simply the number of routers that a packet will have
to
 go through to get to the destination.

 3) Next hop is the address of the router to use to get to the destination,
 which is usually the router sending the update.

 Priscilla

 At 05:15 PM 2/20/02, Yatou Wu wrote:
 Hi,
 
 In EIGRP, the delay metric is taken as configured in the interface of the
 router by the administrator, by default, or by measurement?
 
 when the router calculates the metric, it needs to know the minimum
 bandwidth along the path, and also the delay along the path. how can the
 router pass the infor around? pass the total delay along the path, or
delay
 of every link?
 
 thanks
 
 yatou
 
 _
 Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36054t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Maccubbin, Duncan]

For that small of a network SNORT would be fine and it costs quite a bit
less.

-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 21, 2002 9:32 AM
To: [EMAIL PROTECTED]
Subject: Should I buy IDS ? [7:36053]

I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,

I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.

I realy need somthing to sell the ides to the managment.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36055t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boot Rom upgrade on SUP I? [7:36056]

[Paul C]

Does anyone know if it is possible to upgrade the NMP and MCP boot roms on a
Supervisor I switch engine?

I have found the procedure for the upgrade on a SUP II and III, but I am
unable to locate the procedure for a SUP I.

Thanks in advance

Paul C.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36056t=36056
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Tel Khan]

Hi,

 Where can i obtain information on SNORT?


Thanks in advance

Tel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36057t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Should I buy IDS ? [7:36053]

[Patrick Ramsey]

Well...it depends on how secure you want your network!

The size is completely irrelevant... if you own a medical practice with
patient data floating around your network and you only have 10 computers,
with 4 of them offering some type of internet service through the
firewal,etc etc... then I would say yes...ids is important... if you own
jokenetwork.com and you have 50,000 machines trading jokes all day, are you
worried about sombody stealing your jokes? probably not...

If you do decide to implement some type of ids, look at http://www.lids.org/

remember signature based ids are signature based ids regardless of company
and price as long as you have a constant way to update signatures, you
should be fine.  To supplement your signature based design, though check out
www.lancope.com ...They have an AWESOME supplement to signature based
systems.  Even though there box will trigger on some signature based
attacks, it is not meant to trigger on them as soon as they happenThis
is why I say it is a supplement and not a complete kit.

Of course...a good security policy would help you decide on what you need! 
:)

http://www.sans.org/newlook/resources/policies/policies.htm#template 

-Patrick

ps. if you run tons of data through your internet connection (45mb plus) or
your ids is from backbone to backbone, I would stay away from LIDS unless
you have a BADA$$ machine to run it on...  :)

 Arni V. Skarphedinsson  02/21/02 09:32AM 
I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,

I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.

I realy need somthing to sell the ides to the managment.
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36058t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Phil Barker]

The 'Bandwidth' and 'Delay' parameters ARE metrics,
which are sent to neighbours in packets in order that
DUAL can be run to calculate its topological database
and routing table.

Phil.


 --- Steven A. Ridder 
wrote:  So is it safe for me to conclude that I was
wrong in
 stating that EIGRP
 sends the metrics to its neighbors.  It actually
 sends the raw data such as
 bandwidth, and delay, and the neighbor router uses
 the DUAL FSM process to
 calculate the Reported Distance and then it's
 distance?  I've been sniffing
 and debugging all morning and I can't find a metric
 in a packet, just raw
 data.
 
 --
 RFC 1149 Compliant.
 
 Priscilla Oppenheimer  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  The delay part of the EIGRP composite metric is
 not measured. It's based
 on
  the type of interface. Each type of interface has
 a default value. You can
  change it, although this is risky and not
 recommended.
 
  Because EIGRP is a distance-vector protocol, the
 router sends route
 updates
  that list networks. For each network, the router
 states the different
 parts
  of the composite metric:
 
  1) The delay to get to the network, which is a
 cumulation of all interface
  delays.
 
  2) The bandwidth to that network, which is the
 minimum bandwidth for all
  interfaces.
 
  3) Reliability which is not used by default, but
 you can configure the
  router to use it. If used, the reliability is
 measured and represents how
  much of the bandwidth to the network is in use.
 
  4) Load which is not used by default, but you can
 configure the router to
  use it. If used, the load is measured and
 represents the fraction of
  packets that arrive at the network undamaged.
 
  The router also sends the following info, which is
 not part of the metric,
  but useful for other routers to know:
 
  1) MTU is the maximum packet size that can be sent
 along the entire path
  without fragmentation. (That is, it is the minimum
 of the MTUs of all the
  networks involved in the path.)
 
  2) The hop count is simply the number of routers
 that a packet will have
 to
  go through to get to the destination.
 
  3) Next hop is the address of the router to use to
 get to the destination,
  which is usually the router sending the update.
 
  Priscilla
 
  At 05:15 PM 2/20/02, Yatou Wu wrote:
  Hi,
  
  In EIGRP, the delay metric is taken as configured
 in the interface of the
  router by the administrator, by default, or by
 measurement?
  
  when the router calculates the metric, it needs
 to know the minimum
  bandwidth along the path, and also the delay
 along the path. how can the
  router pass the infor around? pass the total
 delay along the path, or
 delay
  of every link?
  
  thanks
  
  yatou
  
 

_
  Get your FREE download of MSN Explorer at
 http://explorer.msn.com/intl.asp.
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com
[EMAIL PROTECTED] 

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36059t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MLPS-VPN requirements [7:35972]

[Irwin Lazar]

Hi Stanzin,
See www.mplsrc.com/vendor.shtml for links to Cisco VPN configuration
information.

irwin

-Original Message-
From: Stanzin Takpa [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 2:49 PM
To: [EMAIL PROTECTED]
Subject: MLPS-VPN requirements [7:35972]


Hi !
  Can anybody know, what are the basic MPLS things that should be
configured there on the routers (backbone) before going for MPLS-VPN.
Thanks  

Stanzin Takpa
Astracon,
6560 S Greenwood Plaza Blvd.,
Engelwood, CO-80111
USA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36062t=35972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Patrick Ramsey]

www.snort.org 

and remember

www.lids.org 

:)  Install lids then snort... (unless you are plannign on runnign snort on
a microsoft platform!  :)  (but that kinda defeats the purpose of security...)

 Tel Khan  02/21/02 10:12AM 
Hi,

 Where can i obtain information on SNORT?


Thanks in advance

Tel
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36063t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Tel Khan]

Hi Patrick,


Thanks for the urls

Tel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36064t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DEC server addressing [7:36065]

[Wilson, Gavin (KBPB)]

Hi there

Does anyone know how to change the ip address and default gateway on a dec
server then the correct way of saving it to memory.

Cheers Gavin

Gavin Wilson
Kleinwort Benson Private Bank
Tel: 0207 4751771
Mobile: 07989441850
email: [EMAIL PROTECTED]



--
This email and any files transmitted with it are intended solely for the
addressee(s) and may be legally privileged and/or confidential.  If you have
received this email in error you may not copy, forward or use the contents,
attachments or information in any way.  Please destroy it and contact the
sender via our switchboard on +44(0) 20 7475 6600 or via return email.  Any 
unauthorised use or disclosure may be unlawful.  Kleinwort Benson Private
Bank
give no warranty as to the accuracy or completeness of this email after it is
sent over the Internet and accept no responsibility for change made after it
was sent.  Any opinions expressed in this email may be personal to the author
and may not necessarily reflect the opinions of Dresdner Bank or its
affiliates. They may also be subject to change without notice.
--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36065t=36065
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Irwin Lazar]

Before you go for a solution you need to understand the requirements.  What
is the threat from attack?  What can be lost?  What is the impact on the
business?

If you can demonstrate sufficient requirements for an IDS, selling a
solution to management should be easy.

Irwin

-- 
Irwin Lazar
Senior Consultant and Practice Manager, Burton Group 
www.burtongroup.com   
[EMAIL PROTECTED]  
Office: 703-742-9659  
Cell: 703-402-4119 
DrivingNetworkEvolution


-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 9:32 AM
To: [EMAIL PROTECTED]
Subject: Should I buy IDS ? [7:36053]


I am administrating a network of about 500 computers, 30 servers, and
somthink like 70 WAN locations,

I have been thinking about the Cisco IDS system, anyone have any good
reasons to use one, have you used it, and has it detected much intrusion.

I realy need somthing to sell the ides to the managment.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36066t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Autonomous-system command [7:36067]

[John Neiberger]

In 12.2(3) I just ran across the following global configuration command:


  autonomous-system [AS]

Router(config)#?   
Configure commands:
  aaa Authentication, Authorization and
Accounting.
  access-list Add an access list entry
  alias   Create command alias
  alpsConfigure Airline Protocol Support
  apollo  Apollo global configuration commands
  appletalk   Appletalk global configuration commands
  arapAppletalk Remote Access Protocol
  arp Set a static ARP entry
  async-bootp Modify system bootp parameters
  autonomous-system   Specify local AS number to which we
belong

I can't find this command in the master indexes and I've done a google
search on CCO and wasn't able to find it.  

Any idea what this command might be used for?

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36067t=36067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DEC server addressing [7:36068]

[Wilson, Gavin (KBPB)]

Hi there

Does anyone know how to change the ip address and default gateway on a dec
server then the correct way of saving it to memory.

Cheers Gavin


Gavin Wilson
Kleinwort Benson Private Bank
Tel: 0207 4751771
Mobile: 07989441850
email: [EMAIL PROTECTED]



--
This email and any files transmitted with it are intended solely for the
addressee(s) and may be legally privileged and/or confidential.  If you have
received this email in error you may not copy, forward or use the contents,
attachments or information in any way.  Please destroy it and contact the
sender via our switchboard on +44(0) 20 7475 6600 or via return email.  Any 
unauthorised use or disclosure may be unlawful.  Kleinwort Benson Private
Bank
give no warranty as to the accuracy or completeness of this email after it is
sent over the Internet and accept no responsibility for change made after it
was sent.  Any opinions expressed in this email may be personal to the author
and may not necessarily reflect the opinions of Dresdner Bank or its
affiliates. They may also be subject to change without notice.
--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36068t=36068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAS and NACServer [7:36069]

[John Green]

i need some quick help with this. please post asap.
thanks
--
Network Access Server and Network Access Control
Server are two different boxes ?

eg CiscoSecure Access Control Server (unix) is a
software that is installed on Solaris box, to which a
Network Access Server like a AS5300 can connect to or
vice-versa for user authentication and authorization
purposes ?

but if you would refer to the software specifications
as mentioned in
http://www.cisco.com/univercd/cc/td/doc/pcat/sqasux.htm1
it refers to IOS as well.

Software specifications for CiscoSecure Access Control
Server v2.3 for UNIX (Solaris).

Solaris V2.51 or V2.6, V7, V8
IOS v11.1 (TACACS+)
IOS v11.2 (RADIUS) 

the Solaris OS versions refer to the fact that the
Access Control Server software can be installed onto
these Solaris Operating system versions. fine.
where is this IOS ? where is this IOS installed ?

is the logical diagram ok as below

 NAS---User
  |
  |
 AccessControl
 server

is the logical flow ok ? 

__
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36069t=36069
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson's CCIE LAB Practice [7:36049]

[Kevin St.Amour]

There is also : http://www.ipexpert.net/products/workbook/workbook.asp

Any one knpw about this one as well?  I am interested in feedback on both...

kaushik khakhar wrote:

Group,

I am going for CCIE RS lab soon. Boson released CCIE Lab practice book,
plus some simulation software. The total price in current introductry
offer is abt 750USD approx. I dont mind investing in it, but before that
as usual I would like to take some vauable inputs from Group. If any one
has bought this or have some experience or heard of it, please provide
your feeback.

Anyone preparing for LAB in Netherlands or Belgium...get in touch

Regards,

Kaushik Khakhar A



Send and receive Hotmail on your mobile device: Click Here
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36070t=36049
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DEC server addressing [7:36068]

[Patrick Ramsey]

 def int gateway x.x.x.x 

 Wilson, Gavin (KBPB)  02/21/02 10:46AM 
Hi there

Does anyone know how to change the ip address and default gateway on a dec
server then the correct way of saving it to memory.

Cheers Gavin


Gavin Wilson
Kleinwort Benson Private Bank
Tel: 0207 4751771
Mobile: 07989441850
email: [EMAIL PROTECTED] 



--
This email and any files transmitted with it are intended solely for the
addressee(s) and may be legally privileged and/or confidential.  If you have
received this email in error you may not copy, forward or use the contents,
attachments or information in any way.  Please destroy it and contact the
sender via our switchboard on +44(0) 20 7475 6600 or via return email.  Any 
unauthorised use or disclosure may be unlawful.  Kleinwort Benson Private
Bank
give no warranty as to the accuracy or completeness of this email after it is
sent over the Internet and accept no responsibility for change made after it
was sent.  Any opinions expressed in this email may be personal to the author
and may not necessarily reflect the opinions of Dresdner Bank or its
affiliates. They may also be subject to change without notice.
--
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36071t=36068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Ken Diliberto]

Ken

 Tel Khan  02/21/02 09:12AM 
Hi,

 Where can i obtain information on SNORT?


Thanks in advance

Tel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36072t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DEC server addressing [7:36068]

[Patrick Ramsey]

sorry

def int address x.x.x.x

def int mask x.x.x.x

-Patrick

 Wilson, Gavin (KBPB)  02/21/02 10:46AM 
Hi there

Does anyone know how to change the ip address and default gateway on a dec
server then the correct way of saving it to memory.

Cheers Gavin


Gavin Wilson
Kleinwort Benson Private Bank
Tel: 0207 4751771
Mobile: 07989441850
email: [EMAIL PROTECTED] 



--
This email and any files transmitted with it are intended solely for the
addressee(s) and may be legally privileged and/or confidential.  If you have
received this email in error you may not copy, forward or use the contents,
attachments or information in any way.  Please destroy it and contact the
sender via our switchboard on +44(0) 20 7475 6600 or via return email.  Any 
unauthorised use or disclosure may be unlawful.  Kleinwort Benson Private
Bank
give no warranty as to the accuracy or completeness of this email after it is
sent over the Internet and accept no responsibility for change made after it
was sent.  Any opinions expressed in this email may be personal to the author
and may not necessarily reflect the opinions of Dresdner Bank or its
affiliates. They may also be subject to change without notice.
--
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36073t=36068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: %Error: No System flash chip information available - Help [7:36074]

[MADMAN]

Are you installing two 8M SIMMs?  Scratching my head but I seem to
recall that if you do you will have partitoned flash.  If you want an
unpartitioned 16M you need to install a single 16M SIMM.  I'm sure this
can be verified on CCO if your so inclined.

  good luck

  Dave

Cisco Nuts wrote:
 
 Ok,
 Just tried to unpartition and partition my flash and then this error msg.
 when I do a #sh ver . help!! :-)
 
 %Error: No System flash chip information available
 
 Here is what happened:
 First configed-register to 0x2101...Reloaded...
 Then a erase flash cmd.
 Remote(boot)#erase flash
 Partition   SizeUsed  Free  Bank-Size  State  Copy Mode
   1 8192K   5180K 3011K 8192K  Read/Write Direct
   2 8192K   7918K  273K 8192K  Read/Write Direct
 
 [Type ? for partition directory; ? for full directory; q to abort]
 Which partition? [default = 1] 2
 
 System flash directory, partition 2:
 File  Length   Name/status
   1   8108960  /c2500-js-l_112-17.bin
 [8109024 bytes used, 279584 available, 8388608 total]
 
 Erase flash device, partition 2? [confirm]
 Are you sure? [yes/no]: y
 Erasing device...  ...erased
 
 Next step did a:
 Remote(boot)(config)#partition flash 2 16 to make it one big 16MB
 
 Then did a #sh flash
 Remote(boot)#sh flash
 
 System flash directory, partition 1:
 File  Length   Name/status
   1   5304572  80135005.bin
 [5304636 bytes used, 11472580 available, 16777216 total]
 16384K bytes of processor board System flash (Read/Write)
 
 %Error: No System flash chip information available
 
 Can anyone help?? Thank you.
 
 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36074t=36074
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Works Now!! Was: Re: 16MB Flash (Read) (Read/Write) on a [7:36075]

[MADMAN]

should read all the mail before responding, forget my last message and
I'll go back to scrathing my head;)

  Dave

Cisco Nuts wrote:
 
 OK,
 
 Finally got it to work!! Thank you so much Sasa and the rest of you for
 helping me out.
 
 Here is what I did: (for others who might have a similiar problem)
 
 1. Set the #config-register to 0x2101..Reloaded
 
 2. Did a #erase flashDeleted the 2nd partition
 
 3. Did a #partition flash 1 16
 
 4. Erased the flash #erase flash
 
 5. Set an #ip default-gateway and ip tftp source-interface cmd.
 
 6. Did a #copy tftp flash.Bingo it worked beautifully!!! :-)
 
 Thank you all once again for your help.
 
 From: Sasa Milic To: Cisco Nuts Subject: Re: 16MB Flash (Read) 
 (Read/Write) on a 2524 ?? [7:35989] Date: Wed, 20 Feb 2002 17:47:01
 -0800 Erase and Unpartition flash...Which one?? Not clear on this
   Is this what I do? And would you mind if you clarified step # 3. 
 When you try to erase flash, with erase flash:, it will show you two
 partitions, one with the image, and will ask for a confirmation to
 delete the file. When both partitions are empty, you can go into config
 mode, and type no partition flash, or partition flash 1 16.  Be
 sure to save old image and config !  Hope this helps.  Regards, 
 Sasa
 
 
 
 Join the worlds largest e-mail service with MSN Hotmail. Click Here
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36075t=36075
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX v6.2 [7:35987]

[Brian Zeitz]

I have not used it, but I think there is going to be some issues for
someone trying to use PPPoe on a firewall, especially if the IP is
dynamic. Just to get hands on with a firewall, I was playing with ISA
2000 Server at home (Microsoft Firewall). Their packet filters would not
bind to a dynamic IP. My opinion of using PPPoe with Pix 6.2b is that if
you're using a DSL line with a static IP, it should work, but if the IP
is dynamic I think there is going to be a lot of issues with stability.
Packet filters like to be bound to a static IP, when the IP suddenly
disappears, it doesn't work correctly. 

So what I did was installed a small router that accepted PPPoe, with
client side DCHP, so I set the PPPOE password on the router. Then my
inside interface is 10.x.x.1, which goes do a switch. Though port
forwarding, I can forward packets different servers. So like my first
server is 10.x.x.3, and I make a rule to forward port 21 there. I am
also doing DNS forwarding, for port 81, cause my ISP blocks incoming 80.
I also run dynamic DNS services to keep my domain name mapped to the ip
of the day.

Maybe they will make a router as small at the 501 pix next, if they did,
I would use that with PPPoe instead of a firewall. I think it's a nice
theory, but I am skeptical.

-Original Message-
From: Clayton Dukes [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 20, 2002 3:49 PM
To: [EMAIL PROTECTED]
Subject: PIX v6.2 [7:35987]

Has anyone installed and used PPPoE with the new Pix 6.2 Beta?


Clayton Dukes
CCNA, CCDA, CCDP, CCNP, NCC
(h) 904-292-1881
(c) 904-477-7825
#rm -rf /bin/laden
#kill -9 /bin/laden




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36079t=35987
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trunk Modes Perspective [7:36016]

[Daniel Cotts]

... And the answer comes from ... you guessed it ... Cisco LAN Switching
by Clark and Hamilton. page 320
The 'desirable' mode causes a Catalyst interface to inform the remote end
of its 'intent' to enable ISL, but does not actually enable ISL unless the
remote end agrees to enable it. The remote end must be set in the 'on',
'auto', or 'desirable' mode for the link to establish an ISL trunk. Do not
use the 'desirable' mode if the remote end does not support DISL.
Configuring a Catalyst in 'auto' mode enables the Catalyst to recieve a
request to enable ISL trunking and to automatically enter that mode. The
Catalyst configured in 'auto' never initiates a request to create a trunk
and never becomes a trunk unless the remote end is configured as 'on' or
'desirable'. The 'auto' mode is the Catalyst default configuration. In when
enabling a trunk you do not specify a mode, 'auto' is assumed. A Catalyst
never enables trunk mode when left to the default value at both ends. When
one end is set as 'auto', you must set the other end to either 'on' or
'desirable' to activate a trunk.

 -Original Message-
 From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 20, 2002 6:36 PM
 To: [EMAIL PROTECTED]
 Subject: Trunk Modes Perspective [7:36016]
 
 
 In the real world when would you set a trunk type in auto 
 rather than
 desirable?
 
 Both will be triggered when the connected device is set to 
 on, desirable
 (or auto when setup with desirable).
 
 Thank you,
 
 Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36080t=36016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trunk Modes Perspective [7:36016]

[Pierre-Alex GUANEL]

Thanks again ... I wished we add a major bookstore in Fairfield 

Do you have a real world practical example of when you used one versus the
other 

I would like to share something concrete with my class tonight...

Pierre-Alex

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:28 AM
To: 'Pierre-Alex GUANEL'; [EMAIL PROTECTED]
Subject: RE: Trunk Modes Perspective [7:36016]


... And the answer comes from ... you guessed it ... Cisco LAN Switching
by Clark and Hamilton. page 320
The 'desirable' mode causes a Catalyst interface to inform the remote end
of its 'intent' to enable ISL, but does not actually enable ISL unless the
remote end agrees to enable it. The remote end must be set in the 'on',
'auto', or 'desirable' mode for the link to establish an ISL trunk. Do not
use the 'desirable' mode if the remote end does not support DISL.
Configuring a Catalyst in 'auto' mode enables the Catalyst to recieve a
request to enable ISL trunking and to automatically enter that mode. The
Catalyst configured in 'auto' never initiates a request to create a trunk
and never becomes a trunk unless the remote end is configured as 'on' or
'desirable'. The 'auto' mode is the Catalyst default configuration. In when
enabling a trunk you do not specify a mode, 'auto' is assumed. A Catalyst
never enables trunk mode when left to the default value at both ends. When
one end is set as 'auto', you must set the other end to either 'on' or
'desirable' to activate a trunk.

 -Original Message-
 From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 20, 2002 6:36 PM
 To: [EMAIL PROTECTED]
 Subject: Trunk Modes Perspective [7:36016]


 In the real world when would you set a trunk type in auto
 rather than
 desirable?

 Both will be triggered when the connected device is set to
 on, desirable
 (or auto when setup with desirable).

 Thank you,

 Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36081t=36016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Should I buy IDS ? [7:36053]

[Irwin Lazar]

There is another public domain IDS at http://www.icir.org/vern/bro-info.html

it is also worth checking out http://www.networkintrusion.co.uk/ids.htm for
a detailed list of IDSs

irwin


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: Should I buy IDS ? [7:36053]


www.snort.org 

and remember

www.lids.org 

:)  Install lids then snort... (unless you are plannign on runnign snort on
a microsoft platform!  :)  (but that kinda defeats the purpose of
security...)

 Tel Khan  02/21/02 10:12AM 
Hi,

 Where can i obtain information on SNORT?


Thanks in advance

Tel
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36078t=36053
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Successor [7:36044]

[s vermill]

Hunt Lee wrote:
 
 I have an EIGRP question that I'm a bit confused:
 
 Firstly, let me try to see if I understand the terms: (for
 EIGRP)
 
 Successor - A neighoring router used for packet forwarding that
 has a least
 cost path to a destination.
 
 Feasible Successor - Next-hop router for the backup path.
 
 
 If this is the case, on TCP / IP Vol 1 (by Doyle) at p342 Fig
 8.8
 
 It shows the following EIGRP topology table:- (for Router
 Chanute)
 
 Chanute# show ip eigrp topology
 
 P10.1.6.0 /24, 1 successors, FD is 768
 via 10.1.2.1 (768 / 512), Ethernet0
 
 First number (768) is the Feasible Dist of this local router
 (Chanute),
 while the second number is the Advertised Dist from the
 neighbor router (at
 10.1.2.1)
 
 Since the first number equals the FD, this 10.1.2.1 is a
 successor for
 subnet 10.1.6.0 /24.  However, Jeff said the route to 10.1.6.0
 has an FD of
 768 (which I agree so far), and Wright (at 10.1.2.1) is the
 only feasible
 successor. ???
 
 But isn't 10.1.2.1 the successor rather than the feasible
 successor?


Yes, I think you are correct.  This is a fairly common use of terminology
though.  If a successor stands alone, it also by default is the only
*feasible* successor.  You could just as well debate the definition of
synchronous.


 
 
 As another example:  (for another router called Langley)
 
 Langley# show ip eigrp topology
 
 P10.1.2.0 /24, 1 successors, FD is 768
 via 10.1.3.1 (768 / 256), Serial 0
 via 10.1.5.2 (1280 / 256), Serial 1
 
 In this case, since the route via 10.1.3.1 has FD have 768, it
 will be the
 successor,
 
 and the route via 10.1.5.2 has FD have 1280 (which is  768) -
 so it is a
 feasible successor
 
 Am I on the right track?


I don't think so.  I think that DUAL requires that the AD of the FS be less
than the FD via the successor.  Now if you are just asking whether or not
the fact that the FD is higher makes it a FS instead of a full-fledged
successor, I would sort of agree.  But the loop-prevention aspect of DUAL
needs to be met before a route becomes a FS.


 
 Time to go home
 
 Thanks for any help in advance,
 
 Best Regards,
 Hunt Lee
 System Engineer
 WebCentral
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36076t=36044
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: %Error: No System flash chip information available - Help [7:36077]

[Chuck]

on the 25xx series, you can have 2x4 meg or 2x8 meg

I believe what needs be done is to enter the command

partition flash 1

this will perform some magic that will result in one great big 16 meg flash
after reloading.

Chuck



MADMAN  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Are you installing two 8M SIMMs?  Scratching my head but I seem to
 recall that if you do you will have partitoned flash.  If you want an
 unpartitioned 16M you need to install a single 16M SIMM.  I'm sure this
 can be verified on CCO if your so inclined.

   good luck

   Dave

 Cisco Nuts wrote:
 
  Ok,
  Just tried to unpartition and partition my flash and then this error
msg.
  when I do a #sh ver . help!! :-)
 
  %Error: No System flash chip information available
 
  Here is what happened:
  First configed-register to 0x2101...Reloaded...
  Then a erase flash cmd.
  Remote(boot)#erase flash
  Partition   SizeUsed  Free  Bank-Size  State  Copy
Mode
1 8192K   5180K 3011K 8192K  Read/Write Direct
2 8192K   7918K  273K 8192K  Read/Write Direct
 
  [Type ? for partition directory; ? for full directory; q to abort]
  Which partition? [default = 1] 2
 
  System flash directory, partition 2:
  File  Length   Name/status
1   8108960  /c2500-js-l_112-17.bin
  [8109024 bytes used, 279584 available, 8388608 total]
 
  Erase flash device, partition 2? [confirm]
  Are you sure? [yes/no]: y
  Erasing device...  ...erased
 
  Next step did a:
  Remote(boot)(config)#partition flash 2 16 to make it one big 16MB
 
  Then did a #sh flash
  Remote(boot)#sh flash
 
  System flash directory, partition 1:
  File  Length   Name/status
1   5304572  80135005.bin
  [5304636 bytes used, 11472580 available, 16777216 total]
  16384K bytes of processor board System flash (Read/Write)
 
  %Error: No System flash chip information available
 
  Can anyone help?? Thank you.
 
  _
  Join the worlds largest e-mail service with MSN Hotmail.
  http://www.hotmail.com
 --
 David Madland
 Sr. Network Engineer
 CCIE# 2016
 Qwest Communications Int. Inc.
 [EMAIL PROTECTED]
 612-664-3367

 Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36077t=36077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Priscilla Oppenheimer]

A router sends the components of the metric. The recipient calculates the 
actual composite metric by working a bunch of black magic.

The DUAL process and figuring out successors are separate from the metric 
calculation, but use the metric info.

Here's a terrific paper on the topic:

http://www.cisco.com/warp/public/103/eigrp-toc.html

Priscilla

At 09:36 AM 2/21/02, Steven A. Ridder wrote:
So is it safe for me to conclude that I was wrong in stating that EIGRP
sends the metrics to its neighbors.  It actually sends the raw data such as
bandwidth, and delay, and the neighbor router uses the DUAL FSM process to
calculate the Reported Distance and then it's distance?  I've been sniffing
and debugging all morning and I can't find a metric in a packet, just raw
data.

--
RFC 1149 Compliant.

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  The delay part of the EIGRP composite metric is not measured. It's based
on
  the type of interface. Each type of interface has a default value. You
can
  change it, although this is risky and not recommended.
 
  Because EIGRP is a distance-vector protocol, the router sends route
updates
  that list networks. For each network, the router states the different
parts
  of the composite metric:
 
  1) The delay to get to the network, which is a cumulation of all
interface
  delays.
 
  2) The bandwidth to that network, which is the minimum bandwidth for all
  interfaces.
 
  3) Reliability which is not used by default, but you can configure the
  router to use it. If used, the reliability is measured and represents how
  much of the bandwidth to the network is in use.
 
  4) Load which is not used by default, but you can configure the router to
  use it. If used, the load is measured and represents the fraction of
  packets that arrive at the network undamaged.
 
  The router also sends the following info, which is not part of the
metric,
  but useful for other routers to know:
 
  1) MTU is the maximum packet size that can be sent along the entire path
  without fragmentation. (That is, it is the minimum of the MTUs of all the
  networks involved in the path.)
 
  2) The hop count is simply the number of routers that a packet will have
to
  go through to get to the destination.
 
  3) Next hop is the address of the router to use to get to the
destination,
  which is usually the router sending the update.
 
  Priscilla
 
  At 05:15 PM 2/20/02, Yatou Wu wrote:
  Hi,
  
  In EIGRP, the delay metric is taken as configured in the interface of
the
  router by the administrator, by default, or by measurement?
  
  when the router calculates the metric, it needs to know the minimum
  bandwidth along the path, and also the delay along the path. how can the
  router pass the infor around? pass the total delay along the path, or
delay
  of every link?
  
  thanks
  
  yatou
  
  _
  Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36083t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: hop count in EIGRP? [7:36082]

[s vermill]

Actually there are hop count limits that need to be adhered to when you
implement EIGRP for Appletalk and IPX.  You can search on CCO and read all
about it.

Steven A. Ridder wrote:
 
 Anyone know why there is a hop-count in EIGRP?  It has a 1 byte
 value, but
 it doesn't limit the number of hops and it looks like routers
 don't use it
 in their calculations.  Why is it there?
 
 --
 RFC 1149 Compliant.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36084t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Autonomous-system command [7:36067]

[Kane, Christopher A.]

Checked one of my lab boxes, it's running 12.0(16) and had that command as
well. Like you I searched cisco command ref online and couldn't find it. I
have an old 11.1 command summary manual and found it on page 453.

[no] autonomous-system (local-as)
To specify the local autonomous system that the router resides in for EGP,
use the autonomous-system global configuration command.

To me it looks as if this is a throwback to the EGP days (pre-BGP). Rather
than do a search for EGP on CCO and get 1100 results that are referring to
anything but the old protocol, I have Doyle's VOL II handy. His first
chapter in VOL II is about EGP, the protocol. On page 26 he lists the steps
for turning it on:

1. Specify the router's AS with the command autonomous-system
2. Start the EGP process and specify the neighbor's AS with the command
router egp
3. Specify the EGP neighbors with the neighbor command
4. Specify what networks are to be advertised by EGP


HTH,
-chris


-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:39 AM
To: [EMAIL PROTECTED]
Subject: Autonomous-system command [7:36067]


In 12.2(3) I just ran across the following global configuration command:


  autonomous-system [AS]

Router(config)#?   
Configure commands:
  aaa Authentication, Authorization and
Accounting.
  access-list Add an access list entry
  alias   Create command alias
  alpsConfigure Airline Protocol Support
  apollo  Apollo global configuration commands
  appletalk   Appletalk global configuration commands
  arapAppletalk Remote Access Protocol
  arp Set a static ARP entry
  async-bootp Modify system bootp parameters
  autonomous-system   Specify local AS number to which we
belong

I can't find this command in the master indexes and I've done a google
search on CCO and wasn't able to find it.  

Any idea what this command might be used for?

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36085t=36067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Steven A. Ridder]

thanks!

--
RFC 1149 Compliant.

s vermill  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Actually there are hop count limits that need to be adhered to when you
 implement EIGRP for Appletalk and IPX.  You can search on CCO and read all
 about it.

 Steven A. Ridder wrote:
 
  Anyone know why there is a hop-count in EIGRP?  It has a 1 byte
  value, but
  it doesn't limit the number of hops and it looks like routers
  don't use it
  in their calculations.  Why is it there?
 
  --
  RFC 1149 Compliant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36086t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Autonomous-system command [7:36067]

[John Neiberger]

Thanks!  I figured it must do something or they wouldn't have it there.
:-)  It's interesting that they don't have it in the command references
any longer, though.  You'd think that if you check the master index that
all possible commands would be in there somewhere, but I couldn't find
this one.

Thanks again,
John

 Kane, Christopher A.  2/21/02 10:51:16
AM 
Checked one of my lab boxes, it's running 12.0(16) and had that command
as
well. Like you I searched cisco command ref online and couldn't find
it. I
have an old 11.1 command summary manual and found it on page 453.

[no] autonomous-system (local-as)
To specify the local autonomous system that the router resides in for
EGP,
use the autonomous-system global configuration command.

To me it looks as if this is a throwback to the EGP days (pre-BGP).
Rather
than do a search for EGP on CCO and get 1100 results that are referring
to
anything but the old protocol, I have Doyle's VOL II handy. His first
chapter in VOL II is about EGP, the protocol. On page 26 he lists the
steps
for turning it on:

1. Specify the router's AS with the command autonomous-system
2. Start the EGP process and specify the neighbor's AS with the
command
router egp
3. Specify the EGP neighbors with the neighbor command
4. Specify what networks are to be advertised by EGP


HTH,
-chris


-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 21, 2002 10:39 AM
To: [EMAIL PROTECTED] 
Subject: Autonomous-system command [7:36067]


In 12.2(3) I just ran across the following global configuration
command:


  autonomous-system [AS]

Router(config)#?   
Configure commands:
  aaa Authentication, Authorization and
Accounting.
  access-list Add an access list entry
  alias   Create command alias
  alpsConfigure Airline Protocol Support
  apollo  Apollo global configuration commands
  appletalk   Appletalk global configuration commands
  arapAppletalk Remote Access Protocol
  arp Set a static ARP entry
  async-bootp Modify system bootp parameters
  autonomous-system   Specify local AS number to which we
belong

I can't find this command in the master indexes and I've done a google
search on CCO and wasn't able to find it.  

Any idea what this command might be used for?

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36087t=36067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route selection in BGP [7:36088]

[Joep Hoet]

Can someone solve this confusion regarding the route selection process in
Cisco BGP.

Suppose the route is sync and the next-hop is reachable, which is then thru?
A)
1) highest weight
2) highest local preference
3) shortest AS-path
4) lowest origin code (IGPEGPunknown)
5) lowest MED
6) EBGP learned over IBGP learned
etc

B) 
1) highest weight
2) highest local preference
3) originated by local router   *1
4) shortest AS-path
5) lowest origin code (IGPEGPunknown)
6) lowest MED
7) EBGP learned over IBGP learned

*1: Is this correct, one source says yes, one says no?

Cheers, 
 Joep


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36088t=36088
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Logs [7:36090]

[[EMAIL PROTECTED]]

Greetings all,

I have a big pix log (50mb) and I need to clean it up to get src/dest
and port numbers in a clean format.  Do you guys know of any freebie I
can use to clean it?

Thanks.Nabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36090t=36090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route selection in BGP [7:36088]

[Brian Zeitz]

I am not that familiar with BGP but I would say weight.

   Select the path with the highest administrative weight. 

* If weights are equal, prefer the route with the highest local
preference; 

* If the local preferences are the same, prefer the route originated by
this router; 

* If none of the routes originated from this router, prefer the route
that passes through the fewest ASes; 

-Original Message-
From: Joep Hoet [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 21, 2002 1:09 PM
To: [EMAIL PROTECTED]
Subject: route selection in BGP [7:36088]

Can someone solve this confusion regarding the route selection process
in
Cisco BGP.

Suppose the route is sync and the next-hop is reachable, which is then
thru?
A)
1) highest weight
2) highest local preference
3) shortest AS-path
4) lowest origin code (IGPEGPunknown)
5) lowest MED
6) EBGP learned over IBGP learned
etc

B) 
1) highest weight
2) highest local preference
3) originated by local router   *1
4) shortest AS-path
5) lowest origin code (IGPEGPunknown)
6) lowest MED
7) EBGP learned over IBGP learned

*1: Is this correct, one source says yes, one says no?

Cheers, 
 Joep




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36092t=36088
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX v6.2 [7:35987]

[[EMAIL PROTECTED]]

Where did you guys find the new 6.2 versions?  I looked at Cisco's site,
no luck.

Thanksnabil




   
   
Brian
Zeitz
 
cc:
Sent by:Subject: RE: PIX v6.2
[7:35987]
   
nobody@groupstud
   
y.com
   
   
   
   
02/21/2002
11:27
   
AM
Please
respond
to Brian
Zeitz
   
   
   
   




I have not used it, but I think there is going to be some issues for
someone trying to use PPPoe on a firewall, especially if the IP is
dynamic. Just to get hands on with a firewall, I was playing with ISA
2000 Server at home (Microsoft Firewall). Their packet filters would not
bind to a dynamic IP. My opinion of using PPPoe with Pix 6.2b is that if
you're using a DSL line with a static IP, it should work, but if the IP
is dynamic I think there is going to be a lot of issues with stability.
Packet filters like to be bound to a static IP, when the IP suddenly
disappears, it doesn't work correctly.

So what I did was installed a small router that accepted PPPoe, with
client side DCHP, so I set the PPPOE password on the router. Then my
inside interface is 10.x.x.1, which goes do a switch. Though port
forwarding, I can forward packets different servers. So like my first
server is 10.x.x.3, and I make a rule to forward port 21 there. I am
also doing DNS forwarding, for port 81, cause my ISP blocks incoming 80.
I also run dynamic DNS services to keep my domain name mapped to the ip
of the day.

Maybe they will make a router as small at the 501 pix next, if they did,
I would use that with PPPoe instead of a firewall. I think it's a nice
theory, but I am skeptical.

-Original Message-
From: Clayton Dukes [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 3:49 PM
To: [EMAIL PROTECTED]
Subject: PIX v6.2 [7:35987]

Has anyone installed and used PPPoE with the new Pix 6.2 Beta?


Clayton Dukes
CCNA, CCDA, CCDP, CCNP, NCC
(h) 904-292-1881
(c) 904-477-7825
#rm -rf /bin/laden
#kill -9 /bin/laden




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36093t=35987
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pin #6 - DSR - Why?? [7:36094]

[Cisco Nuts]

Hello,
The BCRAN course book mentions 8 pins being used for modem connections: Pins 
2,3,4,5,6,7,8,20...Pin # 6 it says is not really used for modem connection 
and infact I don't even see that pin on the actual adapter. Then why is it 
mentioned and if it is actually used, when would it be used? Can someone 
help clarify this for me?
Thank you.




_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36094t=36094
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Cisco Nuts]

And upon finishing the program, how many years of slavery will we 
unfortunate ones be indebted to your gracious company? :-)
Can you clarify this??


From: Jason Lee 
Reply-To: Jason Lee 
To: [EMAIL PROTECTED]
Subject: CISCO INTERNSHIP.CCIE. [7:36091]
Date: Thu, 21 Feb 2002 13:40:20 -0500

Hi all,

My name is Jason Lee I currently work for ICTP located in anaheim 
california
we are currently looking for few candidates to go through our very intense
cisco training, also to note that upon finishing the program CEA (cisco
expert academy)you can be eligible for an internship... we have information
session going on every other friday, so if this sounds interesting to you,
or if you need a lab to study for the ccie or ccnp please give me a call.

Jason Lee
IT specialist
714-783-1083
www.ICTP.com
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36095t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Brian]

Perhaps its a new look on recruiting, they train u, get a slice of the
dough for awhile??  Just speculating of course..

Brian

On Thu, 21 Feb 2002, Cisco Nuts wrote:

 And upon finishing the program, how many years of slavery will we
 unfortunate ones be indebted to your gracious company? :-)
 Can you clarify this??


 From: Jason Lee
 Reply-To: Jason Lee
 To: [EMAIL PROTECTED]
 Subject: CISCO INTERNSHIP.CCIE. [7:36091]
 Date: Thu, 21 Feb 2002 13:40:20 -0500
 
 Hi all,
 
 My name is Jason Lee I currently work for ICTP located in anaheim
 california
 we are currently looking for few candidates to go through our very intense
 cisco training, also to note that upon finishing the program CEA (cisco
 expert academy)you can be eligible for an internship... we have
information
 session going on every other friday, so if this sounds interesting to you,
 or if you need a lab to study for the ccie or ccnp please give me a call.
 
 Jason Lee
 IT specialist
 714-783-1083
 www.ICTP.com
 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36096t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Priscilla Oppenheimer]

Did anyone notice that I explained reliability and load backwards? ;-) It 
was a copy-and-paste error. Reverse the two explanations below please.

Priscilla

At 08:43 PM 2/20/02, Priscilla Oppenheimer wrote:
The delay part of the EIGRP composite metric is not measured. It's based on
the type of interface. Each type of interface has a default value. You can
change it, although this is risky and not recommended.

Because EIGRP is a distance-vector protocol, the router sends route updates
that list networks. For each network, the router states the different parts
of the composite metric:

1) The delay to get to the network, which is a cumulation of all interface
delays.

2) The bandwidth to that network, which is the minimum bandwidth for all
interfaces.

3) Reliability which is not used by default, but you can configure the
router to use it. If used, the reliability is measured and represents how
much of the bandwidth to the network is in use.

4) Load which is not used by default, but you can configure the router to
use it. If used, the load is measured and represents the fraction of
packets that arrive at the network undamaged.

The router also sends the following info, which is not part of the metric,
but useful for other routers to know:

1) MTU is the maximum packet size that can be sent along the entire path
without fragmentation. (That is, it is the minimum of the MTUs of all the
networks involved in the path.)

2) The hop count is simply the number of routers that a packet will have to
go through to get to the destination.

3) Next hop is the address of the router to use to get to the destination,
which is usually the router sending the update.

Priscilla

At 05:15 PM 2/20/02, Yatou Wu wrote:
 Hi,
 
 In EIGRP, the delay metric is taken as configured in the interface of the
 router by the administrator, by default, or by measurement?
 
 when the router calculates the metric, it needs to know the minimum
 bandwidth along the path, and also the delay along the path. how can the
 router pass the infor around? pass the total delay along the path, or
delay
 of every link?
 
 thanks
 
 yatou
 
 _
 Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.


Priscilla Oppenheimer
http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36097t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Practical studies - review by Brad. [7:36038]

[Paul Borghese]

We have a complete archive of all messages sent at www.groupstudy.com.  You
may also try the Webboard for this group which has every message from the
last six months.

Take care,

Paul
- Original Message -
From: Rajesh Kumar 
To: 
Sent: Wednesday, February 20, 2002 10:28 PM
Subject: CCIE Practical studies - review by Brad. [7:36038]


 Hi all,

 Some time back, Brad had sent out an email about the review of the book
 - CCIE Practical Studies Vol I - chapter wise. Somehow I couldn't see
 this in my mail box.  If anybody have saved a copy of the mail, Is it
 possible to forward to me?

 Thanks
 Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36098t=36038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pin #6 - DSR - Why?? [7:36094]

[s vermill]

I suspect that you will get a fair number of responses since there are many
variations on the use of this signal.  I seem to recall reading that section
and disagreeing somewhat on the author's comments.  But the perspective was
a Cisco one, so you can't fight City Hall.  Asserting DSR is typically a DCE
response to a DTR having asserted DTR.  In reality, it often just comes on
with power.  Sometimes it comes one with power and a sucessfully passed self
test on the interface.  When the author said that it isn't often used, I
think she meant that the DTE rarely cares.  The DCE will usually support the
signal anyway just to meet specs.

I suspect that it was mentioned in the interest of being thorough. 


Cisco Nuts wrote:
 
 Hello,
 The BCRAN course book mentions 8 pins being used for modem
 connections: Pins
 2,3,4,5,6,7,8,20...Pin # 6 it says is not really used for modem
 connection
 and infact I don't even see that pin on the actual adapter.
 Then why is it
 mentioned and if it is actually used, when would it be used?
 Can someone
 help clarify this for me?
 Thank you.
 
 
 
 
 _
 Join the worlds largest e-mail service with MSN Hotmail. 
 http://www.hotmail.com
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36100t=36094
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Sean Knox]

I've taken some classes at ICTP. From what I gather, their CCIE intern
program works like this: you sign up for their CCIE program (which is not
cheap I should add) and when you pass your CCIE written/lab (I vaguely
remember that the CCIE written pass is all you need), you can work as a
subcontractor for ICTP. You make substantially   less money than a CCIE is
worth, (I believe around $50,000, don't quote me on that) but for those
with little or no experience (i.e., people enrolling in this program), it
works out really well. Hopefully Mr. Lee could explain the program more in
detail.

- Sean

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 11:34 AM
To: [EMAIL PROTECTED]
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


Perhaps its a new look on recruiting, they train u, get a slice of the
dough for awhile??  Just speculating of course..

Brian

On Thu, 21 Feb 2002, Cisco Nuts wrote:

 And upon finishing the program, how many years of slavery will we
 unfortunate ones be indebted to your gracious company? :-)
 Can you clarify this??


 From: Jason Lee
 Reply-To: Jason Lee
 To: [EMAIL PROTECTED]
 Subject: CISCO INTERNSHIP.CCIE. [7:36091]
 Date: Thu, 21 Feb 2002 13:40:20 -0500
 
 Hi all,
 
 My name is Jason Lee I currently work for ICTP located in anaheim
 california
 we are currently looking for few candidates to go through our very
intense
 cisco training, also to note that upon finishing the program CEA (cisco
 expert academy)you can be eligible for an internship... we have
information
 session going on every other friday, so if this sounds interesting to
you,
 or if you need a lab to study for the ccie or ccnp please give me a call.
 
 Jason Lee
 IT specialist
 714-783-1083
 www.ICTP.com
 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36101t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Steven A. Ridder]

A CCNA makes more than 50k.  And you wouldn't have to pay your company to
work for them and get training.  Most companies pay you and pay for your
training.

--
RFC 1149 Compliant.

Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've taken some classes at ICTP. From what I gather, their CCIE intern
 program works like this: you sign up for their CCIE program (which is not
 cheap I should add) and when you pass your CCIE written/lab (I vaguely
 remember that the CCIE written pass is all you need), you can work as a
 subcontractor for ICTP. You make substantially   less money than a CCIE is
 worth, (I believe around $50,000, don't quote me on that) but for those
 with little or no experience (i.e., people enrolling in this program), it
 works out really well. Hopefully Mr. Lee could explain the program more in
 detail.

 - Sean

 -Original Message-
 From: Brian [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 21, 2002 11:34 AM
 To: [EMAIL PROTECTED]
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 Perhaps its a new look on recruiting, they train u, get a slice of the
 dough for awhile??  Just speculating of course..

 Brian

 On Thu, 21 Feb 2002, Cisco Nuts wrote:

  And upon finishing the program, how many years of slavery will we
  unfortunate ones be indebted to your gracious company? :-)
  Can you clarify this??
 
 
  From: Jason Lee
  Reply-To: Jason Lee
  To: [EMAIL PROTECTED]
  Subject: CISCO INTERNSHIP.CCIE. [7:36091]
  Date: Thu, 21 Feb 2002 13:40:20 -0500
  
  Hi all,
  
  My name is Jason Lee I currently work for ICTP located in anaheim
  california
  we are currently looking for few candidates to go through our very
 intense
  cisco training, also to note that upon finishing the program CEA (cisco
  expert academy)you can be eligible for an internship... we have
 information
  session going on every other friday, so if this sounds interesting to
 you,
  or if you need a lab to study for the ccie or ccnp please give me a
call.
  
  Jason Lee
  IT specialist
  714-783-1083
  www.ICTP.com
  _
  Join the worlds largest e-mail service with MSN Hotmail.
  http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36102t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Sean Knox]

A CCNA with little or no experience? Hardly. He's lucky to even land a job
right now. I think this intern program is aimed at people new to the field.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 12:50 PM
To: [EMAIL PROTECTED]
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


A CCNA makes more than 50k.  And you wouldn't have to pay your company to
work for them and get training.  Most companies pay you and pay for your
training.

--
RFC 1149 Compliant.

Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've taken some classes at ICTP. From what I gather, their CCIE intern
 program works like this: you sign up for their CCIE program (which is not
 cheap I should add) and when you pass your CCIE written/lab (I vaguely
 remember that the CCIE written pass is all you need), you can work as a
 subcontractor for ICTP. You make substantially   less money than a CCIE is
 worth, (I believe around $50,000, don't quote me on that) but for those
 with little or no experience (i.e., people enrolling in this program), it
 works out really well. Hopefully Mr. Lee could explain the program more in
 detail.

 - Sean

 -Original Message-
 From: Brian [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 21, 2002 11:34 AM
 To: [EMAIL PROTECTED]
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 Perhaps its a new look on recruiting, they train u, get a slice of the
 dough for awhile??  Just speculating of course..

 Brian

 On Thu, 21 Feb 2002, Cisco Nuts wrote:

  And upon finishing the program, how many years of slavery will we
  unfortunate ones be indebted to your gracious company? :-)
  Can you clarify this??
 
 
  From: Jason Lee
  Reply-To: Jason Lee
  To: [EMAIL PROTECTED]
  Subject: CISCO INTERNSHIP.CCIE. [7:36091]
  Date: Thu, 21 Feb 2002 13:40:20 -0500
  
  Hi all,
  
  My name is Jason Lee I currently work for ICTP located in anaheim
  california
  we are currently looking for few candidates to go through our very
 intense
  cisco training, also to note that upon finishing the program CEA (cisco
  expert academy)you can be eligible for an internship... we have
 information
  session going on every other friday, so if this sounds interesting to
 you,
  or if you need a lab to study for the ccie or ccnp please give me a
call.
  
  Jason Lee
  IT specialist
  714-783-1083
  www.ICTP.com
  _
  Join the worlds largest e-mail service with MSN Hotmail.
  http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36103t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Steven A. Ridder]

Well in the good old days of the economy, I made more than that even before
becoming a CCNA.  I would never settle for 50k, even in this econ.,
especially as a CCIE.  Plus, a CCIE IMO should already have exp., and lots
of it.  Otherwise it defeats the purpose of becoming a CCIE - cisco
certified internet EXPERT!

--
RFC 1149 Compliant.

Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 A CCNA with little or no experience? Hardly. He's lucky to even land a job
 right now. I think this intern program is aimed at people new to the
field.

 -Original Message-
 From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 21, 2002 12:50 PM
 To: [EMAIL PROTECTED]
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 A CCNA makes more than 50k.  And you wouldn't have to pay your company to
 work for them and get training.  Most companies pay you and pay for your
 training.

 --
 RFC 1149 Compliant.

 Sean Knox  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I've taken some classes at ICTP. From what I gather, their CCIE intern
  program works like this: you sign up for their CCIE program (which is
not
  cheap I should add) and when you pass your CCIE written/lab (I vaguely
  remember that the CCIE written pass is all you need), you can work as a
  subcontractor for ICTP. You make substantially   less money than a CCIE
is
  worth, (I believe around $50,000, don't quote me on that) but for
those
  with little or no experience (i.e., people enrolling in this program),
it
  works out really well. Hopefully Mr. Lee could explain the program more
in
  detail.
 
  - Sean
 
  -Original Message-
  From: Brian [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, February 21, 2002 11:34 AM
  To: [EMAIL PROTECTED]
  Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
 
 
  Perhaps its a new look on recruiting, they train u, get a slice of the
  dough for awhile??  Just speculating of course..
 
  Brian
 
  On Thu, 21 Feb 2002, Cisco Nuts wrote:
 
   And upon finishing the program, how many years of slavery will we
   unfortunate ones be indebted to your gracious company? :-)
   Can you clarify this??
  
  
   From: Jason Lee
   Reply-To: Jason Lee
   To: [EMAIL PROTECTED]
   Subject: CISCO INTERNSHIP.CCIE. [7:36091]
   Date: Thu, 21 Feb 2002 13:40:20 -0500
   
   Hi all,
   
   My name is Jason Lee I currently work for ICTP located in anaheim
   california
   we are currently looking for few candidates to go through our very
  intense
   cisco training, also to note that upon finishing the program CEA
(cisco
   expert academy)you can be eligible for an internship... we have
  information
   session going on every other friday, so if this sounds interesting to
  you,
   or if you need a lab to study for the ccie or ccnp please give me a
 call.
   
   Jason Lee
   IT specialist
   714-783-1083
   www.ICTP.com
   _
   Join the worlds largest e-mail service with MSN Hotmail.
   http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36104t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX v6.2 [7:35987]

[Hartnell, George]

Hummm, I too scanned the Cisco site for 6.2 and only found 6.1.2.  I'd heard
from the rumor-mill that 6.2 was out, but perhaps that's incorrect.

As I'm about ready to upgrade the failover 515UR, it'd be nice if I only had
to do this once -- this year.

Any speculation on that 6.2 release date?

Best, G.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 21, 2002 11:08 AM
 To: [EMAIL PROTECTED]
 Subject: RE: PIX v6.2 [7:35987]
 
 
 Where did you guys find the new 6.2 versions?  I looked at 
 Cisco's site,
 no luck.
 
 Thanksnabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36105t=35987
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Logs [7:36090]

[Patrick Ramsey]

50mb?  What are you logging to?

check out kiwisyslog  and the various utils on their site

www.kiwisyslog.com 

-Patrick

 [EMAIL PROTECTED]  02/21/02 01:37PM 
Greetings all,

I have a big pix log (50mb) and I need to clean it up to get src/dest
and port numbers in a clean format.  Do you guys know of any freebie I
can use to clean it?

Thanks.Nabil
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36106t=36090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Patrick Ramsey]

ahhh you ole cut'n'paster

:p

:)

 Priscilla Oppenheimer  02/21/02 02:51PM 
Did anyone notice that I explained reliability and load backwards? ;-) It 
was a copy-and-paste error. Reverse the two explanations below please.

Priscilla

At 08:43 PM 2/20/02, Priscilla Oppenheimer wrote:
The delay part of the EIGRP composite metric is not measured. It's based on
the type of interface. Each type of interface has a default value. You can
change it, although this is risky and not recommended.

Because EIGRP is a distance-vector protocol, the router sends route updates
that list networks. For each network, the router states the different parts
of the composite metric:

1) The delay to get to the network, which is a cumulation of all interface
delays.

2) The bandwidth to that network, which is the minimum bandwidth for all
interfaces.

3) Reliability which is not used by default, but you can configure the
router to use it. If used, the reliability is measured and represents how
much of the bandwidth to the network is in use.

4) Load which is not used by default, but you can configure the router to
use it. If used, the load is measured and represents the fraction of
packets that arrive at the network undamaged.

The router also sends the following info, which is not part of the metric,
but useful for other routers to know:

1) MTU is the maximum packet size that can be sent along the entire path
without fragmentation. (That is, it is the minimum of the MTUs of all the
networks involved in the path.)

2) The hop count is simply the number of routers that a packet will have to
go through to get to the destination.

3) Next hop is the address of the router to use to get to the destination,
which is usually the router sending the update.

Priscilla

At 05:15 PM 2/20/02, Yatou Wu wrote:
 Hi,
 
 In EIGRP, the delay metric is taken as configured in the interface of the
 router by the administrator, by default, or by measurement?
 
 when the router calculates the metric, it needs to know the minimum
 bandwidth along the path, and also the delay along the path. how can the
 router pass the infor around? pass the total delay along the path, or
delay
 of every link?
 
 thanks
 
 yatou
 
 _
 Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.


Priscilla Oppenheimer
http://www.priscilla.com 


Priscilla Oppenheimer
http://www.priscilla.com 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36107t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Patrick Ramsey]

ccna makes 50?  uh

maybe with a little experience Here in atlanta cna means squat

 Steven A. Ridder  02/21/02 03:50PM 
A CCNA makes more than 50k.  And you wouldn't have to pay your company to
work for them and get training.  Most companies pay you and pay for your
training.

--
RFC 1149 Compliant.

Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've taken some classes at ICTP. From what I gather, their CCIE intern
 program works like this: you sign up for their CCIE program (which is not
 cheap I should add) and when you pass your CCIE written/lab (I vaguely
 remember that the CCIE written pass is all you need), you can work as a
 subcontractor for ICTP. You make substantially   less money than a CCIE is
 worth, (I believe around $50,000, don't quote me on that) but for those
 with little or no experience (i.e., people enrolling in this program), it
 works out really well. Hopefully Mr. Lee could explain the program more in
 detail.

 - Sean

 -Original Message-
 From: Brian [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, February 21, 2002 11:34 AM
 To: [EMAIL PROTECTED] 
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 Perhaps its a new look on recruiting, they train u, get a slice of the
 dough for awhile??  Just speculating of course..

 Brian

 On Thu, 21 Feb 2002, Cisco Nuts wrote:

  And upon finishing the program, how many years of slavery will we
  unfortunate ones be indebted to your gracious company? :-)
  Can you clarify this??
 
 
  From: Jason Lee
  Reply-To: Jason Lee
  To: [EMAIL PROTECTED] 
  Subject: CISCO INTERNSHIP.CCIE. [7:36091]
  Date: Thu, 21 Feb 2002 13:40:20 -0500
  
  Hi all,
  
  My name is Jason Lee I currently work for ICTP located in anaheim
  california
  we are currently looking for few candidates to go through our very
 intense
  cisco training, also to note that upon finishing the program CEA (cisco
  expert academy)you can be eligible for an internship... we have
 information
  session going on every other friday, so if this sounds interesting to
 you,
  or if you need a lab to study for the ccie or ccnp please give me a
call.
  
  Jason Lee
  IT specialist
  714-783-1083
  www.ICTP.com 
  _
  Join the worlds largest e-mail service with MSN Hotmail.
  http://www.hotmail.com 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36108t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trunk Modes Perspective [7:36016]

[McIntosh, Leslie (US - Tulsa)]

Try Amazon. COM, Barnes and Noble is out there and there are a bunch more
book sales on the net, then you do not have to fight the traffic to find
that book you want.

Thank You,

Leslie McIntosh
Network Engineer
Deloitte  Touche
(918)461-4894
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex GUANEL
Sent: Thursday, February 21, 2002 10:34 AM
To: [EMAIL PROTECTED]
Subject: RE: Trunk Modes Perspective [7:36016]


Thanks again ... I wished we add a major bookstore in Fairfield 

Do you have a real world practical example of when you used one versus the
other 

I would like to share something concrete with my class tonight...

Pierre-Alex

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:28 AM
To: 'Pierre-Alex GUANEL'; [EMAIL PROTECTED]
Subject: RE: Trunk Modes Perspective [7:36016]


... And the answer comes from ... you guessed it ... Cisco LAN Switching
by Clark and Hamilton. page 320
The 'desirable' mode causes a Catalyst interface to inform the remote end
of its 'intent' to enable ISL, but does not actually enable ISL unless the
remote end agrees to enable it. The remote end must be set in the 'on',
'auto', or 'desirable' mode for the link to establish an ISL trunk. Do not
use the 'desirable' mode if the remote end does not support DISL.
Configuring a Catalyst in 'auto' mode enables the Catalyst to recieve a
request to enable ISL trunking and to automatically enter that mode. The
Catalyst configured in 'auto' never initiates a request to create a trunk
and never becomes a trunk unless the remote end is configured as 'on' or
'desirable'. The 'auto' mode is the Catalyst default configuration. In when
enabling a trunk you do not specify a mode, 'auto' is assumed. A Catalyst
never enables trunk mode when left to the default value at both ends. When
one end is set as 'auto', you must set the other end to either 'on' or
'desirable' to activate a trunk.

 -Original Message-
 From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 20, 2002 6:36 PM
 To: [EMAIL PROTECTED]
 Subject: Trunk Modes Perspective [7:36016]


 In the real world when would you set a trunk type in auto
 rather than
 desirable?

 Both will be triggered when the connected device is set to
 on, desirable
 (or auto when setup with desirable).

 Thank you,

 Pierre-Alex
- This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law.  -
If you are not the intended recipient, you should delete this message and
are hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36109t=36016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Cisco Nuts]

That's right. A CCNA could potentially make more than $50K (with skills
though)

Here is what I don't understand: Jason states that his company is
looking(note) for people while Sean mentions that you do have to actually
sign up(note) for their program which he adds is not cheap??

So basically, looks like people will first have to shell out this huge
dough out of their pocket to get an intership thru this company.

 

From: Steven A. Ridder Reply-To: Steven A. Ridder To:
[EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE.
[7:36091] Date: Thu, 21 Feb 2002 15:50:16 -0500  A CCNA makes more
than 50k. And you wouldn't have to pay your company to work for them and
get training. Most companies pay you and pay for your training.  --
RFC 1149 Compliant.  Sean Knox wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...   I've taken some classes
at ICTP. From what I gather, their CCIE intern   program works like
this: you sign up for their CCIE program (which is not   cheap I should
add) and when you pass your CCIE written/lab (I vaguely   remember that
the CCIE written pass is all you need), you can work as a  
subcontractor for ICTP. You make substantially less money than a CCIE is
  worth, (I believe around $50,000, don't quote me on that) but for
those   with little or no experience (i.e., people enrolling in this
program), it   works out really well. Hopefully Mr. Lee could explain
the program more in   detail. - Sean -Original
Message-   From: Brian [mailto:[EMAIL PROTECTED]]   Sent:
Thursday, February 21, 2002 11:34 AM   To: [EMAIL PROTECTED]  
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]   Perhaps
its a new look on recruiting, they train u, get a slice of the   dough
for awhile?? Just speculating of course.. Brian On Thu,
21 Feb 2002, Cisco Nuts wrote:  And upon finishing the program,
how many years of slavery will weunfortunate ones be indebted to
your gracious company? :-)Can you clarify this?? 
From: Jason LeeReply-To: Jason LeeTo:
[EMAIL PROTECTED]Subject: CISCO INTERNSHIP.CCIE.
[7:36091]Date: Thu, 21 Feb 2002 13:40:20 -0500Hi
all,My name is Jason Lee I currently work for ICTP
located in anaheimcaliforniawe are currently looking for
few candidates to go through our very   intensecisco training,
also to note that upon finishing the program CEA (ciscoexpert
academy)you can be eligible for an internship... we have   information
   session going on every other friday, so if this sounds interesting
to   you,or if you need a lab to study for the ccie or ccnp
please give me a call.Jason LeeIT specialist  
 714-783-1083www.ICTP.com   
_   
Join the worlds largest e-mail service with MSN Hotmail.   
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get your FREE download of MSN Explorer at http://explorer.msn.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36110t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trunk Modes Perspective [7:36016]

[Pierre-Alex GUANEL]

Thanks, sometimes I forget the obvious :)

Pierre-Alex

-Original Message-
From: McIntosh, Leslie (US - Tulsa) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 3:54 PM
To: 'Pierre-Alex GUANEL'; '[EMAIL PROTECTED]'
Subject: RE: Trunk Modes Perspective [7:36016]


Try Amazon. COM, Barnes and Noble is out there and there are a bunch more
book sales on the net, then you do not have to fight the traffic to find
that book you want.

Thank You,

Leslie McIntosh
Network Engineer
Deloitte  Touche
(918)461-4894
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex GUANEL
Sent: Thursday, February 21, 2002 10:34 AM
To: [EMAIL PROTECTED]
Subject: RE: Trunk Modes Perspective [7:36016]


Thanks again ... I wished we add a major bookstore in Fairfield 

Do you have a real world practical example of when you used one versus the
other 

I would like to share something concrete with my class tonight...

Pierre-Alex

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 10:28 AM
To: 'Pierre-Alex GUANEL'; [EMAIL PROTECTED]
Subject: RE: Trunk Modes Perspective [7:36016]


... And the answer comes from ... you guessed it ... Cisco LAN Switching
by Clark and Hamilton. page 320
The 'desirable' mode causes a Catalyst interface to inform the remote end
of its 'intent' to enable ISL, but does not actually enable ISL unless the
remote end agrees to enable it. The remote end must be set in the 'on',
'auto', or 'desirable' mode for the link to establish an ISL trunk. Do not
use the 'desirable' mode if the remote end does not support DISL.
Configuring a Catalyst in 'auto' mode enables the Catalyst to recieve a
request to enable ISL trunking and to automatically enter that mode. The
Catalyst configured in 'auto' never initiates a request to create a trunk
and never becomes a trunk unless the remote end is configured as 'on' or
'desirable'. The 'auto' mode is the Catalyst default configuration. In when
enabling a trunk you do not specify a mode, 'auto' is assumed. A Catalyst
never enables trunk mode when left to the default value at both ends. When
one end is set as 'auto', you must set the other end to either 'on' or
'desirable' to activate a trunk.

 -Original Message-
 From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 20, 2002 6:36 PM
 To: [EMAIL PROTECTED]
 Subject: Trunk Modes Perspective [7:36016]


 In the real world when would you set a trunk type in auto
 rather than
 desirable?

 Both will be triggered when the connected device is set to
 on, desirable
 (or auto when setup with desirable).

 Thank you,

 Pierre-Alex
- This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law.  -
If you are not the intended recipient, you should delete this message and
are hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36111t=36016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Patrick Ramsey]

pay for an internship?

sounds like I am in the wrong business all together...  hehe

 Cisco Nuts  02/21/02 04:54PM 
That's right. A CCNA could potentially make more than $50K (with skills
though)

Here is what I don't understand: Jason states that his company is
looking(note) for people while Sean mentions that you do have to actually
sign up(note) for their program which he adds is not cheap??

So basically, looks like people will first have to shell out this huge
dough out of their pocket to get an intership thru this company.

 

From: Steven A. Ridder Reply-To: Steven A. Ridder To:
[EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE.
[7:36091] Date: Thu, 21 Feb 2002 15:50:16 -0500  A CCNA makes more
than 50k. And you wouldn't have to pay your company to work for them and
get training. Most companies pay you and pay for your training.  --
RFC 1149 Compliant.  Sean Knox wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...   I've taken some classes
at ICTP. From what I gather, their CCIE intern   program works like
this: you sign up for their CCIE program (which is not   cheap I should
add) and when you pass your CCIE written/lab (I vaguely   remember that
the CCIE written pass is all you need), you can work as a  
subcontractor for ICTP. You make substantially less money than a CCIE is
  worth, (I believe around $50,000, don't quote me on that) but for
those   with little or no experience (i.e., people enrolling in this
program), it   works out really well. Hopefully Mr. Lee could explain
the program more in   detail. - Sean -Original
Message-   From: Brian [mailto:[EMAIL PROTECTED]]   Sent:
Thursday, February 21, 2002 11:34 AM   To: [EMAIL PROTECTED]  
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]   Perhaps
its a new look on recruiting, they train u, get a slice of the   dough
for awhile?? Just speculating of course.. Brian On Thu,
21 Feb 2002, Cisco Nuts wrote:  And upon finishing the program,
how many years of slavery will weunfortunate ones be indebted to
your gracious company? :-)Can you clarify this?? 
From: Jason LeeReply-To: Jason LeeTo:
[EMAIL PROTECTED]Subject: CISCO INTERNSHIP.CCIE.
[7:36091]Date: Thu, 21 Feb 2002 13:40:20 -0500Hi
all,My name is Jason Lee I currently work for ICTP
located in anaheimcaliforniawe are currently looking for
few candidates to go through our very   intensecisco training,
also to note that upon finishing the program CEA (ciscoexpert
academy)you can be eligible for an internship... we have   information
   session going on every other friday, so if this sounds interesting
to   you,or if you need a lab to study for the ccie or ccnp
please give me a call.Jason LeeIT specialist  
 714-783-1083www.ICTP.com   
_   
Join the worlds largest e-mail service with MSN Hotmail.   
misconduct and Nondisclosure violations to [EMAIL PROTECTED] 



Get your FREE download of MSN Explorer at http://explorer.msn.com.
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36112t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Priscilla Oppenheimer]

The EIGRP bandwidth metric is 2.56 billion divided by the real bandwidth. 
That's just how Cisco does it (and how Sniffer displays it). In this case, 
the bandwidth metric is 1657856, as the Sniffer reports. The network is 
reachable via a single, ordinary 1544 Kbps serial interface. Do the math. ;-)

Priscilla

At 10:00 PM 2/20/02, Chuck wrote:
I'm curious about the EIGRP bandwidth being reported at 2.5 billion bps.
what kind of a network you running there, PO? ;-

see below:


Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  At 07:03 PM 2/20/02, Steven A. Ridder wrote:
  It's not in a packet that gets sent.
 
  It is actually. Here's a packet for you:
 
  DLC:  - DLC Header -
 DLC:  Destination = Station Cisco1053E80
 DLC:  Source  = Station Cisco1002E75
 DLC:  Ethertype   = 0800 (IP)
  IP: - IP Header -
 IP: Version = 4, header length = 20 bytes
 IP: Type of service = 00
 IP:   000.    = routine
 IP:   ...0  = normal delay
 IP:    0... = normal throughput
 IP:    .0.. = normal reliability
 IP: Total length= 68 bytes
 IP: Identification  = 0
 IP: Flags   = 0X
 IP:   .0..  = may fragment
 IP:   ..0.  = last fragment
 IP: Fragment offset = 0 bytes
 IP: Time to live= 2 seconds/hops
 IP: Protocol= 88 (EIGRP)
 IP: Header checksum = 4C3F (correct)
 IP: Source address  = [172.16.10.2] Charlotte
 IP: Destination address = [172.16.10.1] Albany
 IP: No options
  EIGRP: - Enhanced IGRP Header -
 EIGRP:
 EIGRP: Version= 2
 EIGRP: Opcode = 1 (Update)
 EIGRP: EIGRP Checksum = E17D (correct)
 EIGRP: Flags (unused) = 
 EIGRP: Flags  = 0001
 EIGRP:      ..0. = Conditionally receive mode is not
  required
 EIGRP:      ...1 = Is an initial update packet
 EIGRP: Sequence number  = 1
 EIGRP: Acknowledgment number= 0
 EIGRP: Autonomous System number = 100
 EIGRP:
 EIGRP: Protocol ID  = 0x01 (IP)
 EIGRP: Type Code= 0x0102 (IP Internal Routes)
 EIGRP: Field length = 28
 EIGRP: Next hop address= 0 (use source IP
addr)

 EIGRP: Time delay (10 msec/256)=
512000EIGRP: Path bandwidth (2,560,000,000/kbps) =
1657856
 EIGRP: Min/max transmission unit (MTU) = 1500
 EIGRP: Hop count   = 0
 EIGRP: Reliability (error percentage)  = 250
 EIGRP: Load utilization percentage = 1
 EIGRP: Reserved
 EIGRP: Prefix length in bits   = 24
 EIGRP: IP Destination Address  = 0.172.16.40
 
  Priscilla
 
 
 
  Sasa Milic  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
The router DOES pass total delay and minumum bandwidth of the route
to neighbors.
   
check show ip eigrp topologu
   
Sasa
CCIE No 8635
   
   
   
Steven A. Ridder wrote:

 I believe the delay is by default set on the interface by the
router
  based
 on the type of link it is.  I'm sure there's charts on CCO
somewhere.
  You
 can change this info on the interface with the delay command, which
is
  the
 recommended way of changing a metric if you are forced to do so.
The
router
 dosen't pass the delay info of a link to other routers as a raw
figure,
  it
 calculates the BW and delay, then multiplies it by 256 and sends
that
 calculation to a neighbor, which is the metric.

 Yatou Wu  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  In EIGRP, the delay metric is taken as configured in the
interface
of
  the
  router by the administrator, by default, or by measurement?
 
  when the router calculates the metric, it needs to know the
minimum
  bandwidth along the path, and also the delay along the path. how
can
  the
  router pass the infor around? pass the total delay along the
path,
or
 delay
  of every link?
 
  thanks
 
  yatou
 
  _
  Get your FREE download of MSN Explorer at
 http://explorer.msn.com/intl.asp.
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36114t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL 

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Brian]

I suspect the below is not as true as it used to be..

Brian

On Thu, 21 Feb 2002, Steven A. Ridder wrote:

 A CCNA makes more than 50k.  And you wouldn't have to pay your company to
 work for them and get training.  Most companies pay you and pay for your
 training.

 --
 RFC 1149 Compliant.

 Sean Knox  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I've taken some classes at ICTP. From what I gather, their CCIE intern
  program works like this: you sign up for their CCIE program (which is not
  cheap I should add) and when you pass your CCIE written/lab (I vaguely
  remember that the CCIE written pass is all you need), you can work as a
  subcontractor for ICTP. You make substantially   less money than a CCIE
is
  worth, (I believe around $50,000, don't quote me on that) but for those
  with little or no experience (i.e., people enrolling in this program), it
  works out really well. Hopefully Mr. Lee could explain the program more
in
  detail.
 
  - Sean
 
  -Original Message-
  From: Brian [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, February 21, 2002 11:34 AM
  To: [EMAIL PROTECTED]
  Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
 
 
  Perhaps its a new look on recruiting, they train u, get a slice of the
  dough for awhile??  Just speculating of course..
 
  Brian
 
  On Thu, 21 Feb 2002, Cisco Nuts wrote:
 
   And upon finishing the program, how many years of slavery will we
   unfortunate ones be indebted to your gracious company? :-)
   Can you clarify this??
  
  
   From: Jason Lee
   Reply-To: Jason Lee
   To: [EMAIL PROTECTED]
   Subject: CISCO INTERNSHIP.CCIE. [7:36091]
   Date: Thu, 21 Feb 2002 13:40:20 -0500
   
   Hi all,
   
   My name is Jason Lee I currently work for ICTP located in anaheim
   california
   we are currently looking for few candidates to go through our very
  intense
   cisco training, also to note that upon finishing the program CEA
(cisco
   expert academy)you can be eligible for an internship... we have
  information
   session going on every other friday, so if this sounds interesting to
  you,
   or if you need a lab to study for the ccie or ccnp please give me a
 call.
   
   Jason Lee
   IT specialist
   714-783-1083
   www.ICTP.com
   _
   Join the worlds largest e-mail service with MSN Hotmail.
   http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36113t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Priscilla Oppenheimer]

Reposting. I never saw this one get posted.

The EIGRP bandwidth metric is 2.56 billion divided by the real bandwidth. 
That's just how Cisco does it (and how Sniffer displays it). In this case, 
the bandwidth metric is 1657856, as the Sniffer reports. The network is 
reachable via a single, ordinary 1544 Kbps serial interface. Do the math. ;-)

Priscilla

At 10:00 PM 2/20/02, Chuck wrote:
I'm curious about the EIGRP bandwidth being reported at 2.5 billion bps.
what kind of a network you running there, PO? ;-

see below:


Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  At 07:03 PM 2/20/02, Steven A. Ridder wrote:
  It's not in a packet that gets sent.
 
  It is actually. Here's a packet for you:
 
  DLC:  - DLC Header -
 DLC:  Destination = Station Cisco1053E80
 DLC:  Source  = Station Cisco1002E75
 DLC:  Ethertype   = 0800 (IP)
  IP: - IP Header -
 IP: Version = 4, header length = 20 bytes
 IP: Type of service = 00
 IP:   000.    = routine
 IP:   ...0  = normal delay
 IP:    0... = normal throughput
 IP:    .0.. = normal reliability
 IP: Total length= 68 bytes
 IP: Identification  = 0
 IP: Flags   = 0X
 IP:   .0..  = may fragment
 IP:   ..0.  = last fragment
 IP: Fragment offset = 0 bytes
 IP: Time to live= 2 seconds/hops
 IP: Protocol= 88 (EIGRP)
 IP: Header checksum = 4C3F (correct)
 IP: Source address  = [172.16.10.2] Charlotte
 IP: Destination address = [172.16.10.1] Albany
 IP: No options
  EIGRP: - Enhanced IGRP Header -
 EIGRP:
 EIGRP: Version= 2
 EIGRP: Opcode = 1 (Update)
 EIGRP: EIGRP Checksum = E17D (correct)
 EIGRP: Flags (unused) = 
 EIGRP: Flags  = 0001
 EIGRP:      ..0. = Conditionally receive mode is not
  required
 EIGRP:      ...1 = Is an initial update packet
 EIGRP: Sequence number  = 1
 EIGRP: Acknowledgment number= 0
 EIGRP: Autonomous System number = 100
 EIGRP:
 EIGRP: Protocol ID  = 0x01 (IP)
 EIGRP: Type Code= 0x0102 (IP Internal Routes)
 EIGRP: Field length = 28
 EIGRP: Next hop address= 0 (use source IP
addr)

 EIGRP: Time delay (10 msec/256)=
512000EIGRP: Path bandwidth (2,560,000,000/kbps) =
1657856
 EIGRP: Min/max transmission unit (MTU) = 1500
 EIGRP: Hop count   = 0
 EIGRP: Reliability (error percentage)  = 250
 EIGRP: Load utilization percentage = 1
 EIGRP: Reserved
 EIGRP: Prefix length in bits   = 24
 EIGRP: IP Destination Address  = 0.172.16.40
 
  Priscilla
 
 
 
  Sasa Milic  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
The router DOES pass total delay and minumum bandwidth of the route
to neighbors.
   
check show ip eigrp topologu
   
Sasa
CCIE No 8635
   
   
   
Steven A. Ridder wrote:

 I believe the delay is by default set on the interface by the
router
  based
 on the type of link it is.  I'm sure there's charts on CCO
somewhere.
  You
 can change this info on the interface with the delay command, which
is
  the
 recommended way of changing a metric if you are forced to do so.
The
router
 dosen't pass the delay info of a link to other routers as a raw
figure,
  it
 calculates the BW and delay, then multiplies it by 256 and sends
that
 calculation to a neighbor, which is the metric.

 Yatou Wu  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  In EIGRP, the delay metric is taken as configured in the
interface
of
  the
  router by the administrator, by default, or by measurement?
 
  when the router calculates the metric, it needs to know the
minimum
  bandwidth along the path, and also the delay along the path. how
can
  the
  router pass the infor around? pass the total delay along the
path,
or
 delay
  of every link?
 
  thanks
 
  yatou
 
  _
  Get your FREE download of MSN Explorer at
 http://explorer.msn.com/intl.asp.
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36115t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct 

Re: hop count in EIGRP? [7:36082]

[Priscilla Oppenheimer]

It's possible it's just a holdover from IGRP which does limit the diameter 
of a network by checking the hop count.

But EIGRP may limit the number of hops too, depending on which document you 
read. ;-) The following document says that the default max is 100 but can 
be increased with the metric maximum-hops command (even though it's not 
part of the metric). Some docs say this is for IGRP only, so you better try
it.

http://www.cisco.com/warp/public/103/eigrp12.html

Also, I know we discussed this before so you might want to check the Group 
Study archives.

Priscilla

At 11:56 AM 2/21/02, Steven A. Ridder wrote:
Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value, but
it doesn't limit the number of hops and it looks like routers don't use it
in their calculations.  Why is it there?

--
RFC 1149 Compliant.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36116t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX information [7:35294]

[Mears, Rob]

Any changes you make to the Pri PIX will be written to the SEC, no need to
day anything.  Good Idea to move the sec and do a Wr M


Rob

-Original Message-
From: Evans, TJ [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 13, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX information [7:35294]

I believe it sync's them auto-magically, or perhaps on a timed basis.
Regardless ... I always do a wr standby ... just to be sure.


Thanks!
TJ

 -Original Message-
From:   Hartnell, George [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, February 13, 2002 12:46 PM
To: [EMAIL PROTECTED]
Subject:RE: PIX information [7:35294]

AND, am I to understand correctly, as the manual is quite vague, that an
upgrade of the primary failover unit also updates the secondary?  Or, must
the hapless administrator do each individually?

Best, G.

 -Original Message-
 From: Jose Celestino [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 13, 2002 7:12 AM
 To: [EMAIL PROTECTED]
 Subject: Re: PIX information [7:35294]
 
 
 PIX-FW1# copy ?
 usage: copy tftp[:[[//location][/pathname]]] flash
 
 For instance:
 
 copy tftp://192.168.2.2/configs/pix.cfg flash
 
 
 Thus spake BASSOLE Rock, on Wed, Feb 13, 2002 at 09:06:59AM -0500:
  Hello group,
  
  
  What command can I use to copy a configuraton form a tftp 
 server to a PIX
  Firewall? I have look on the cisco web site for the command 
 but couldn't
  find. Can somebody help.
  
  Thank you.
  
  Rock
 -- 
 Jose Celestino 
 -
 Little prigs and three-quarter madmen may have the conceit 
 that the laws of
 nature are constantly broken for their sakes.
 -- Friedrich Nietzsche

*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36117t=35294
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[s vermill]

Priscilla Oppenheimer wrote:
 
 It's possible it's just a holdover from IGRP which does limit
 the diameter
 of a network by checking the hop count.
 
 But EIGRP may limit the number of hops too, depending on which
 document you
 read. ;-) The following document says that the default max is
 100 but can
 be increased with the metric maximum-hops command (even though
 it's not
 part of the metric). Some docs say this is for IGRP only, so
 you better try it.
 
 http://www.cisco.com/warp/public/103/eigrp12.html
 
 Also, I know we discussed this before so you might want to
 check the Group
 Study archives.
 
 Priscilla

I have seen references to EIGRP hop count limits before.  As I mentioned in
my first post, that seems related to Appletalk and IPX support.  However, a
'sh ip prot' will indeed produce a line that stated EIGRP maximum hopcount
100.  Thus far, I haven't been able to find a command to change that
value.  Interesting.

Scott


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36118t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Marc Maxwell]

I would be curious to know what type of contractual obligation is involved 
here.  I would be willing to look at *something*, as long as it wasn't too 
binding (yeah right).  And I *haven't* seen companies pay for training, at 
least not this (the good kind, that advances your career).  Many if not most 
companies make it clear that they want you to stay whereever you are at.

Marc


From: Cisco Nuts 
Reply-To: Cisco Nuts 
To: [EMAIL PROTECTED]
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
Date: Thu, 21 Feb 2002 16:54:41 -0500

That's right. A CCNA could potentially make more than $50K (with skills
though)

Here is what I don't understand: Jason states that his company is
looking(note) for people while Sean mentions that you do have to actually
sign up(note) for their program which he adds is not cheap??

So basically, looks like people will first have to shell out this huge
dough out of their pocket to get an intership thru this company.



 From: Steven A. Ridder Reply-To: Steven A. Ridder To:
[EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE.
[7:36091] Date: Thu, 21 Feb 2002 15:50:16 -0500  A CCNA makes more
than 50k. And you wouldn't have to pay your company to work for them and
get training. Most companies pay you and pay for your training.  --
 RFC 1149 Compliant.  Sean Knox wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...   I've taken some classes
at ICTP. From what I gather, their CCIE intern   program works like
this: you sign up for their CCIE program (which is not   cheap I should
add) and when you pass your CCIE written/lab (I vaguely   remember that
the CCIE written pass is all you need), you can work as a  
subcontractor for ICTP. You make substantially less money than a CCIE is
   worth, (I believe around $50,000, don't quote me on that) but for
those   with little or no experience (i.e., people enrolling in this
program), it   works out really well. Hopefully Mr. Lee could explain
the program more in   detail. - Sean -Original
Message-   From: Brian [mailto:[EMAIL PROTECTED]]   Sent:
Thursday, February 21, 2002 11:34 AM   To: [EMAIL PROTECTED]  
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]   Perhaps
its a new look on recruiting, they train u, get a slice of the   dough
for awhile?? Just speculating of course.. Brian On Thu,
21 Feb 2002, Cisco Nuts wrote:  And upon finishing the program,
how many years of slavery will weunfortunate ones be indebted to
your gracious company? :-)Can you clarify this?? 
 From: Jason LeeReply-To: Jason LeeTo:
[EMAIL PROTECTED]Subject: CISCO INTERNSHIP.CCIE.
[7:36091]Date: Thu, 21 Feb 2002 13:40:20 -0500Hi
all,My name is Jason Lee I currently work for ICTP
located in anaheimcaliforniawe are currently looking for
few candidates to go through our very   intensecisco training,
also to note that upon finishing the program CEA (ciscoexpert
academy)you can be eligible for an internship... we have   information
session going on every other friday, so if this sounds interesting
to   you,or if you need a lab to study for the ccie or ccnp
please give me a call.Jason LeeIT specialist  
  714-783-1083www.ICTP.com   
_   
Join the worlds largest e-mail service with MSN Hotmail.   
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get your FREE download of MSN Explorer at http://explorer.msn.com.
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36119t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[s vermill]

 I have seen references to EIGRP hop count limits before.  As I
 mentioned in my first post, that seems related to Appletalk and
 IPX support.  However, a 'sh ip prot' will indeed produce a
 line that stated EIGRP maximum hopcount 100.  Thus far, I
 haven't been able to find a command to change that value. 
 Interesting.
 
 Scott

Well, a little messing around with the command line produced this:

p1r1(config-router)#metric ?
  holddown  Enable IGRP holddown
  maximum-hops  Advertise IGRP routes greater than  as unreachable
  weights   Modify IGRP metric coefficients






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36120t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[s vermill]

 
 Well, a little messing around with the command line produced
 this:
 
 p1r1(config-router)#metric ?
   holddown  Enable IGRP holddown
   maximum-hops  Advertise IGRP routes greater than  as
 unreachable
   weights   Modify IGRP metric coefficients
 

However, setting the max-hops metric and then exceeding that value seems to
cause routes to disappear - even if only running EIGRP.  So this appears to
be a true-blue hop count limit for EIGRP.  Is it just me or does there seem
to be a bit of inconsistency in the description and the functionality of
this command?

Note:  This appears to impact only incoming routes and not outgoing.  That
makes sense I guess but just thought I would throw that out there.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36121t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Larry Letterman]

I would have to assume that your ccna candidates
are paid well then..Most places in the midwest
pay ccnp people about 60K or so...as far as training
I have not been seeing many people in the last few
classes I have attended.

Larry Letterman
Cisco Systems
[EMAIL PROTECTED] 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steven A. Ridder
Sent: Thursday, February 21, 2002 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


Well in the good old days of the economy, I made more than that even before
becoming a CCNA.  I would never settle for 50k, even in this econ.,
especially as a CCIE.  Plus, a CCIE IMO should already have exp., and lots
of it.  Otherwise it defeats the purpose of becoming a CCIE - cisco
certified internet EXPERT!

--
RFC 1149 Compliant.

Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 A CCNA with little or no experience? Hardly. He's lucky to even land a job
 right now. I think this intern program is aimed at people new to the
field.

 -Original Message-
 From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 21, 2002 12:50 PM
 To: [EMAIL PROTECTED]
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 A CCNA makes more than 50k.  And you wouldn't have to pay your company to
 work for them and get training.  Most companies pay you and pay for your
 training.

 --
 RFC 1149 Compliant.

 Sean Knox  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I've taken some classes at ICTP. From what I gather, their CCIE intern
  program works like this: you sign up for their CCIE program (which is
not
  cheap I should add) and when you pass your CCIE written/lab (I vaguely
  remember that the CCIE written pass is all you need), you can work as a
  subcontractor for ICTP. You make substantially   less money than a CCIE
is
  worth, (I believe around $50,000, don't quote me on that) but for
those
  with little or no experience (i.e., people enrolling in this program),
it
  works out really well. Hopefully Mr. Lee could explain the program more
in
  detail.
 
  - Sean
 
  -Original Message-
  From: Brian [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, February 21, 2002 11:34 AM
  To: [EMAIL PROTECTED]
  Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
 
 
  Perhaps its a new look on recruiting, they train u, get a slice of the
  dough for awhile??  Just speculating of course..
 
  Brian
 
  On Thu, 21 Feb 2002, Cisco Nuts wrote:
 
   And upon finishing the program, how many years of slavery will we
   unfortunate ones be indebted to your gracious company? :-)
   Can you clarify this??
  
  
   From: Jason Lee
   Reply-To: Jason Lee
   To: [EMAIL PROTECTED]
   Subject: CISCO INTERNSHIP.CCIE. [7:36091]
   Date: Thu, 21 Feb 2002 13:40:20 -0500
   
   Hi all,
   
   My name is Jason Lee I currently work for ICTP located in anaheim
   california
   we are currently looking for few candidates to go through our very
  intense
   cisco training, also to note that upon finishing the program CEA
(cisco
   expert academy)you can be eligible for an internship... we have
  information
   session going on every other friday, so if this sounds interesting to
  you,
   or if you need a lab to study for the ccie or ccnp please give me a
 call.
   
   Jason Lee
   IT specialist
   714-783-1083
   www.ICTP.com
   _
   Join the worlds largest e-mail service with MSN Hotmail.
   http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36123t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Access list question [7:36124]

[Justin M. Clark]

can someone explain to me exactly what this line means:

access-list 101 permit tcp any any established

thanks
Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36124t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Regis Thornton]

Justin M. Clark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 can someone explain to me exactly what this line means:

 access-list 101 permit tcp any any established

 thanks
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36125t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Brian]

If you're on your lan and go to an external website, you presumably want
the data to be able to get back to you, you dont want to write a permit
statement for the return traffic of every site people visit.  This allows
tcp traffic from any ip to any ip in the direction implied in the config.

Brian

On Thu, 21 Feb 2002, Justin M. Clark wrote:

 can someone explain to me exactly what this line means:

 access-list 101 permit tcp any any established

 thanks
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36126t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Access list question [7:36124]

[David Jones]

Justin,

This is typically used in an Internet/NAT situation where you are allowing
something from the Internet to come back in, only if it's a reply to a
request that originated from inside your network.  For instance, with a
router connected to the Internet, you typically want an access-list applied
to your Internet-facing port that denies incoming traffic, as you don't want
them trying to walk all over your router or network.  However, this same
access list will drop valid replies to requests from clients inside your
network, i.e. http replies, etc.

With the 'established' option, you can tell the router with access lists
drop everything inbound from the Internet, except replies to requests made
from inside my network.

Typically, people do this because they don't want to pay for a firewall, but
this isn't the best thing to do.  If you need to set this up for someone for
Internet access, you need to dig a little deeper into it because if my
memory serves me right, this command may or may not work with UDP traffic
and only TCP traffic.  I'm not sure and might be totally wrong, so you need
to check.

Hope this helps,

Dave


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36127t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Brian]

Or for a better explanation, see the ack bit discussion on
http://www.daemon.org/tcp.html.

Brian

On Thu, 21 Feb 2002, Justin M. Clark wrote:

 can someone explain to me exactly what this line means:

 access-list 101 permit tcp any any established

 thanks
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36128t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO INTERNSHIP.....CCIE..... [7:36091]

[Steven A. Ridder]

In MA we have a high cost of living, so maybe that explains it.
Larry Letterman  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I would have to assume that your ccna candidates
 are paid well then..Most places in the midwest
 pay ccnp people about 60K or so...as far as training
 I have not been seeing many people in the last few
 classes I have attended.

 Larry Letterman
 Cisco Systems
 [EMAIL PROTECTED]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Steven A. Ridder
 Sent: Thursday, February 21, 2002 1:35 PM
 To: [EMAIL PROTECTED]
 Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]


 Well in the good old days of the economy, I made more than that even
before
 becoming a CCNA.  I would never settle for 50k, even in this econ.,
 especially as a CCIE.  Plus, a CCIE IMO should already have exp., and lots
 of it.  Otherwise it defeats the purpose of becoming a CCIE - cisco
 certified internet EXPERT!

 --
 RFC 1149 Compliant.

 Sean Knox  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  A CCNA with little or no experience? Hardly. He's lucky to even land a
job
  right now. I think this intern program is aimed at people new to the
 field.
 
  -Original Message-
  From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, February 21, 2002 12:50 PM
  To: [EMAIL PROTECTED]
  Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
 
 
  A CCNA makes more than 50k.  And you wouldn't have to pay your company
to
  work for them and get training.  Most companies pay you and pay for your
  training.
 
  --
  RFC 1149 Compliant.
 
  Sean Knox  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I've taken some classes at ICTP. From what I gather, their CCIE intern
   program works like this: you sign up for their CCIE program (which is
 not
   cheap I should add) and when you pass your CCIE written/lab (I vaguely
   remember that the CCIE written pass is all you need), you can work as
a
   subcontractor for ICTP. You make substantially   less money than a
CCIE
 is
   worth, (I believe around $50,000, don't quote me on that) but for
 those
   with little or no experience (i.e., people enrolling in this program),
 it
   works out really well. Hopefully Mr. Lee could explain the program
more
 in
   detail.
  
   - Sean
  
   -Original Message-
   From: Brian [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, February 21, 2002 11:34 AM
   To: [EMAIL PROTECTED]
   Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091]
  
  
   Perhaps its a new look on recruiting, they train u, get a slice of the
   dough for awhile??  Just speculating of course..
  
   Brian
  
   On Thu, 21 Feb 2002, Cisco Nuts wrote:
  
And upon finishing the program, how many years of slavery will we
unfortunate ones be indebted to your gracious company? :-)
Can you clarify this??
   
   
From: Jason Lee
Reply-To: Jason Lee
To: [EMAIL PROTECTED]
Subject: CISCO INTERNSHIP.CCIE. [7:36091]
Date: Thu, 21 Feb 2002 13:40:20 -0500

Hi all,

My name is Jason Lee I currently work for ICTP located in anaheim
california
we are currently looking for few candidates to go through our very
   intense
cisco training, also to note that upon finishing the program CEA
 (cisco
expert academy)you can be eligible for an internship... we have
   information
session going on every other friday, so if this sounds interesting
to
   you,
or if you need a lab to study for the ccie or ccnp please give me a
  call.

Jason Lee
IT specialist
714-783-1083
www.ICTP.com
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36130t=36091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Another access list question [7:36131]

[Justin M. Clark]

I have the following access list and am trying to make since of it.  Here is
what I have sofar with what I think the line does.

1.   access-list 101 deny   icmp any any redirect
stop all redirects
2.   access-list 101 deny   icmp any any echo
stop ping
3.   access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
stop localhost from going anywhere
4.   access-list 101 deny   ip 224.0.0.0 31.255.255.255 any
stop private address from going anywhere
5.   access-list 101 deny   ip xxx.xxx.40.0 0.0.0.255 any
stop xxx.xxx.40.0/24 from getting to anything
6.   access-list 101 permit tcp any any eq telnet
permit telnet from anywhere
7.   access-list 101 permit tcp any any established
permit anything from established connection
8.   access-list 101 permit tcp any host xxx.xxx.43.133 eq smtp
permit anyone to xxx.xxx.43.113 port 25
9.   access-list 101 permit tcp any host xxx.xxx.43.133 eq pop3
permit anyone to xxx.xxx.43.113 port 110
10. access-list 101 permit tcp any host xxx.xxx.43.133 eq ftp
permit anyone to xxx.xxx.43.113 port 21
11. access-list 101 permit ip host XXX.152.0.8 any
permit external dns servers to go anywhere
12. access-list 101 permit ip host XXX.152.16.8 any
permit external dns servers to go anywhere
13. access-list 101 permit tcp any host xxx.xxx.43.134 eq www
permit anyone to xxx.xxx.43.134 port 80
14. access-list 101 permit tcp any host xxx.xxx.43.134 eq 443
permit anyone to xxx.xxx.43.134 port 443
15. access-list 101 permit icmp any any
permit ping from anywhere to anywhere

this is applied to a serial interface in.
we have external DNS and internal SMTP and POP3 and WWW

the lines that are confusing me are 1, 2, and 15
it looks to me that at first it is denying redirects and ping but then on
line 15 it permits everything.  is this correct?

Also, if you notice anything else that i don't have right could you please
mention it as well.

thanks,
Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36131t=36131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Steven A. Ridder]

I can get through it by just setting the ack bit in the IP packet on.
That's all it check for.  Not very secure.
Justin M. Clark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 can someone explain to me exactly what this line means:

 access-list 101 permit tcp any any established

 thanks
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36132t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Another access list question [7:36131]

[Brian]

the last line doesnt permit everything, just icmp packets that are not
echo request, since those will be dropped by the second line.  Looks like
the icmp approach is block ping, permit other icmp, which is a common
approach.  First match wins..

Bri

On Thu, 21 Feb 2002, Justin M. Clark wrote:

 I have the following access list and am trying to make since of it.  Here
is
 what I have sofar with what I think the line does.

 1.   access-list 101 deny   icmp any any redirect
 stop all redirects
 2.   access-list 101 deny   icmp any any echo
 stop ping
 3.   access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
 stop localhost from going anywhere
 4.   access-list 101 deny   ip 224.0.0.0 31.255.255.255 any
 stop private address from going anywhere
 5.   access-list 101 deny   ip xxx.xxx.40.0 0.0.0.255 any
 stop xxx.xxx.40.0/24 from getting to anything
 6.   access-list 101 permit tcp any any eq telnet
 permit telnet from anywhere
 7.   access-list 101 permit tcp any any established
 permit anything from established connection
 8.   access-list 101 permit tcp any host xxx.xxx.43.133 eq smtp
 permit anyone to xxx.xxx.43.113 port 25
 9.   access-list 101 permit tcp any host xxx.xxx.43.133 eq pop3
 permit anyone to xxx.xxx.43.113 port 110
 10. access-list 101 permit tcp any host xxx.xxx.43.133 eq ftp
 permit anyone to xxx.xxx.43.113 port 21
 11. access-list 101 permit ip host XXX.152.0.8 any
 permit external dns servers to go anywhere
 12. access-list 101 permit ip host XXX.152.16.8 any
 permit external dns servers to go anywhere
 13. access-list 101 permit tcp any host xxx.xxx.43.134 eq www
 permit anyone to xxx.xxx.43.134 port 80
 14. access-list 101 permit tcp any host xxx.xxx.43.134 eq 443
 permit anyone to xxx.xxx.43.134 port 443
 15. access-list 101 permit icmp any any
 permit ping from anywhere to anywhere

 this is applied to a serial interface in.
 we have external DNS and internal SMTP and POP3 and WWW

 the lines that are confusing me are 1, 2, and 15
 it looks to me that at first it is denying redirects and ping but then on
 line 15 it permits everything.  is this correct?

 Also, if you notice anything else that i don't have right could you please
 mention it as well.

 thanks,
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36133t=36131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[MADMAN]

packets coming into the router that are part of a session initiated
from within.  I'm sure someone came be more eloquent in describing it
though:)

  Dave

Justin M. Clark wrote:
 
 can someone explain to me exactly what this line means:
 
 access-list 101 permit tcp any any established
 
 thanks
 Justin
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36134t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Brian]

Which is why most people who are concerned use firewalls that actually
keep a table of open connections.

Brian

On Thu, 21 Feb 2002, Steven A. Ridder wrote:

 I can get through it by just setting the ack bit in the IP packet on.
 That's all it check for.  Not very secure.
 Justin M. Clark  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  can someone explain to me exactly what this line means:
 
  access-list 101 permit tcp any any established
 
  thanks
  Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36135t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Re: China/Cisco connection [7:35946]

[[EMAIL PROTECTED]]

I only agree partially. On the other hand, US government put censorship on
the whole Internet, if anyone could remember what happened during US bombing
of the Serbs. The news said that a virus sent NATO secrets to an ICQ site,
which was quickly deleted by an USA robot, and the robot notified government
angecies of the discovery and the results. The same news claimed that the
whole Internet is been checked every 10 minutes by various government
programs. From TV, FRI (or CIA) experts publicly demostrated how they could
trace a message from one end of the world to another end of the world. There
was another news said that US government put on filters on Internet to
search keywords, such as weapon.

Since I am too old to be naive, I wonder what else would be on the filter
list, or inside the robot programs.

Let's hope whoever has the power to control information on Internet only do
it for legitimate purpose. But, I know that I asked for too much.

Tony



Dominick Marino  wrote:

I agree with Joseph Brunner.

To compare the two is absurd!   The Chinese will use the technology to
suppress the truth from becoming known to the people ( peasants to the
elite).  It is also a good way to find the subversives and eliminate them.

As for the US government monitoring the traffic, I doubt that they plan on
killing anyone for their selection of web sites.

Unless they are terrorists, then, if they want, I will supply the bullets
myself.




Dom Marino







B.J. Wilson  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 An interesting article I came across this morning:


http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.a
 sp

 Comments?
-- 




__
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36137t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX 520 ---no console access [7:36138]

[Sunil Soporie]

Hi All,

I recently upgraded Flash and RAM on a Cisco PIX 520 and it worked fine for
a week.After a week or so in production it suddenly stopped , rebooted but
no luck, I could not even console into it.What happend is after some time I
had the console access again and everything is fine, no errors.Its behaviour
is intermittent.
One thing I also noticed is that when I don't have console access, It
doesn't check the floppy drive which it normally does.

Any sugessions?

Sunil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36138t=36138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Another access list question [7:36131]

[Justin M. Clark]

Thats, that just slipped my mind.

Justin

Brian  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 the last line doesnt permit everything, just icmp packets that are not
 echo request, since those will be dropped by the second line.  Looks like
 the icmp approach is block ping, permit other icmp, which is a common
 approach.  First match wins..

 Bri

 On Thu, 21 Feb 2002, Justin M. Clark wrote:

  I have the following access list and am trying to make since of it.
Here
 is
  what I have sofar with what I think the line does.
 
  1.   access-list 101 deny   icmp any any redirect
  stop all redirects
  2.   access-list 101 deny   icmp any any echo
  stop ping
  3.   access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
  stop localhost from going anywhere
  4.   access-list 101 deny   ip 224.0.0.0 31.255.255.255 any
  stop private address from going anywhere
  5.   access-list 101 deny   ip xxx.xxx.40.0 0.0.0.255 any
  stop xxx.xxx.40.0/24 from getting to anything
  6.   access-list 101 permit tcp any any eq telnet
  permit telnet from anywhere
  7.   access-list 101 permit tcp any any established
  permit anything from established connection
  8.   access-list 101 permit tcp any host xxx.xxx.43.133 eq smtp
  permit anyone to xxx.xxx.43.113 port 25
  9.   access-list 101 permit tcp any host xxx.xxx.43.133 eq pop3
  permit anyone to xxx.xxx.43.113 port 110
  10. access-list 101 permit tcp any host xxx.xxx.43.133 eq ftp
  permit anyone to xxx.xxx.43.113 port 21
  11. access-list 101 permit ip host XXX.152.0.8 any
  permit external dns servers to go anywhere
  12. access-list 101 permit ip host XXX.152.16.8 any
  permit external dns servers to go anywhere
  13. access-list 101 permit tcp any host xxx.xxx.43.134 eq www
  permit anyone to xxx.xxx.43.134 port 80
  14. access-list 101 permit tcp any host xxx.xxx.43.134 eq 443
  permit anyone to xxx.xxx.43.134 port 443
  15. access-list 101 permit icmp any any
  permit ping from anywhere to anywhere
 
  this is applied to a serial interface in.
  we have external DNS and internal SMTP and POP3 and WWW
 
  the lines that are confusing me are 1, 2, and 15
  it looks to me that at first it is denying redirects and ping but then
on
  line 15 it permits everything.  is this correct?
 
  Also, if you notice anything else that i don't have right could you
please
  mention it as well.
 
  thanks,
  Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36139t=36131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 520 ---no console access [7:36138]

[Thom Castognalia]

Sunil - Open up the PIX.  Remove the flash card and the RAM.  Re-install the
flash card and the RAM.  See if that does the trick.  If not, replace the RAM.

TC


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36140t=36138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Practical Volume I [7:36060]

[Thom Castognalia]

Is this book good for the written exam too?  Where's the cheapest place to
pick it up at?

TC


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36141t=36060
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: China/Cisco connection [7:35946]

[Steven A. Ridder]

It's a rumor.
 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I only agree partially. On the other hand, US government put censorship on
 the whole Internet, if anyone could remember what happened during US
bombing
 of the Serbs. The news said that a virus sent NATO secrets to an ICQ site,
 which was quickly deleted by an USA robot, and the robot notified
government
 angecies of the discovery and the results. The same news claimed that the
 whole Internet is been checked every 10 minutes by various government
 programs. From TV, FRI (or CIA) experts publicly demostrated how they
could
 trace a message from one end of the world to another end of the world.
There
 was another news said that US government put on filters on Internet to
 search keywords, such as weapon.

 Since I am too old to be naive, I wonder what else would be on the filter
 list, or inside the robot programs.

 Let's hope whoever has the power to control information on Internet only
do
 it for legitimate purpose. But, I know that I asked for too much.

 Tony



 Dominick Marino  wrote:

 I agree with Joseph Brunner.
 
 To compare the two is absurd!   The Chinese will use the technology to
 suppress the truth from becoming known to the people ( peasants to the
 elite).  It is also a good way to find the subversives and eliminate
them.
 
 As for the US government monitoring the traffic, I doubt that they plan
on
 killing anyone for their selection of web sites.
 
 Unless they are terrorists, then, if they want, I will supply the bullets
 myself.
 



 Dom Marino
 
 
 
 
 
 
 
 B.J. Wilson  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  An interesting article I came across this morning:
 
 

http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.
a
  sp
 
  Comments?
 --




 __
 Your favorite stores, helpful shopping tools and great gift ideas.
 Experience the convenience of buying online with Shop@Netscape!
 http://shopnow.netscape.com/

 Get your own FREE, personal Netscape Mail account today at
 http://webmail.netscape.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36142t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

https to log in to a router - Possible?? [7:36143]

[Cisco Nuts]

Hello,
Is it possible to use https:// to access a router? I have just been 
thinking about this and would like to know if and how it would indeed be 
possible?
An acl permitting 443 would not work as it is not for traffic originating 
from the router itself, correct?
Is there like a access-class cmd. for https at all?
Thank you.



_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36143t=36143
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Chuck]

to augment the other answers, the IP hop count is really the IP TTL value.
It can never exceed 255

EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL
is set at 100 at that point.

Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a
couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an
adjustment made. After all, the (E)IGRP metric includes end to end metrics.
hhmmm... ( looking over Priscilla's trace again ) way down there I see an
EIGRP hop count 0 line.

the IP TTL is still really the only thing that makes sense in terms of the
way IP works.

Anyone?

Chuck

Steven A. Ridder  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value, but
 it doesn't limit the number of hops and it looks like routers don't use it
 in their calculations.  Why is it there?

 --
 RFC 1149 Compliant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36145t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: https to log in to a router - Possible?? [7:36143]

[Steven A. Ridder]

The router would have to have a web server with ssl built in, and I don't
believe Cisco's do.
Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,
 Is it possible to use https:// to access a router? I have just been
 thinking about this and would like to know if and how it would indeed be
 possible?
 An acl permitting 443 would not work as it is not for traffic originating
 from the router itself, correct?
 Is there like a access-class cmd. for https at all?
 Thank you.



 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36146t=36143
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Access list question [7:36124]

[Priscilla Oppenheimer]

That's a good conceptual explanation. I would add that technically, it 
allows TCP packets that have the ACK bit set. In other words, it allows 
packets that are acknowledging another packet. That means it would not 
allow an incoming SYN used to set up a session, but it would allow a reply 
to a SYN that already happened.

Priscilla

At 06:26 PM 2/21/02, David Jones wrote:
Justin,

This is typically used in an Internet/NAT situation where you are allowing
something from the Internet to come back in, only if it's a reply to a
request that originated from inside your network.  For instance, with a
router connected to the Internet, you typically want an access-list applied
to your Internet-facing port that denies incoming traffic, as you don't want
them trying to walk all over your router or network.  However, this same
access list will drop valid replies to requests from clients inside your
network, i.e. http replies, etc.

With the 'established' option, you can tell the router with access lists
drop everything inbound from the Internet, except replies to requests made
from inside my network.

Typically, people do this because they don't want to pay for a firewall, but
this isn't the best thing to do.  If you need to set this up for someone for
Internet access, you need to dig a little deeper into it because if my
memory serves me right, this command may or may not work with UDP traffic
and only TCP traffic.  I'm not sure and might be totally wrong, so you need
to check.

Hope this helps,

Dave


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36147t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cipt [7:36148]

[tony paparazzo]

Anyone take this yet..What is passing..What are some key areas to study..

Thanks

Tony




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36148t=36148
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access list question [7:36124]

[Priscilla Oppenheimer]

IP doesn't have an ACK bit. You mean TCP.

Picky, picky, I know. ;-)

Priscilla

At 07:00 PM 2/21/02, Steven A. Ridder wrote:
I can get through it by just setting the ack bit in the IP packet on.
That's all it check for.  Not very secure.
Justin M. Clark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  can someone explain to me exactly what this line means:
 
  access-list 101 permit tcp any any established
 
  thanks
  Justin


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36149t=36124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Re: China/Cisco connection [7:35946]

[Priscilla Oppenheimer]

At 07:13 PM 2/21/02, [EMAIL PROTECTED] wrote:

Let's hope whoever has the power to control information on Internet only do
it for legitimate purpose.

That would be nobody. (at least in most countries ;-) It's out of control.

But, I know that I asked for too much.

Tony



Dominick Marino  wrote:

 I agree with Joseph Brunner.
 
 To compare the two is absurd!   The Chinese will use the technology to
 suppress the truth from becoming known to the people ( peasants to the
 elite).  It is also a good way to find the subversives and eliminate them.
 
 As for the US government monitoring the traffic, I doubt that they plan on
 killing anyone for their selection of web sites.
 
 Unless they are terrorists, then, if they want, I will supply the bullets
 myself.
 



 Dom Marino
 
 
 
 
 
 
 
 B.J. Wilson  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  An interesting article I came across this morning:
 
 

http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.a
  sp
 
  Comments?
--




__
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36150t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Priscilla Oppenheimer]

At 08:05 PM 2/21/02, Chuck wrote:
to augment the other answers, the IP hop count is really the IP TTL value.
It can never exceed 255

You're confusing two issues.

Remember the router has two jobs: forwarding packets and learning the 
topology. Hop count has to do with the latter and affects what goes in the 
routing table. The IP TTL causes a router to drop a packet before 
forwarding if the TTL becomes zero.


EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL
is set at 100 at that point.

Routing packets only go to neighbors. The IP TTL should be set to one or 
two. This has nothing to do with hop count which will be later in the 
packet in the distance vectors.


Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a
couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an
adjustment made. After all, the (E)IGRP metric includes end to end metrics.
hhmmm... ( looking over Priscilla's trace again ) way down there I see an
EIGRP hop count 0 line.

The router was advertising a directly-connected network.


the IP TTL is still really the only thing that makes sense in terms of the
way IP works.

In terms of forwarding maybe. You better reconsider routing protocols
though...

Priscilla


Anyone?

Chuck

Steven A. Ridder  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value,
but
  it doesn't limit the number of hops and it looks like routers don't use
it
  in their calculations.  Why is it there?
 
  --
  RFC 1149 Compliant.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36151t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Priscilla Oppenheimer]

At 05:45 PM 2/21/02, s vermill wrote:
 
  Well, a little messing around with the command line produced
  this:
 
  p1r1(config-router)#metric ?
holddown  Enable IGRP holddown
maximum-hops  Advertise IGRP routes greater than  as
  unreachable
weights   Modify IGRP metric coefficients
 

However, setting the max-hops metric and then exceeding that value seems to
cause routes to disappear - even if only running EIGRP.  So this appears to
be a true-blue hop count limit for EIGRP.  Is it just me or does there seem
to be a bit of inconsistency in the description and the functionality of
this command?

I think the description is wrong in a couple ways. First of all, it 
actually affects EIGRP too, not just IGRP. Secondly, it sounds like a RIP 
sort of explanation where a router announces that a route is unreachable by 
announcing a hop count of 16 (infinity). IGRP and EIGRP don't do that. They 
announce that the delay is infinite. When they do this, they don't increase 
the hop count.

If there were a loop, on the other hand, the hop count would increase. 
Although that shouldn't happen, I think I remember hearing that it's one 
more reason to have a hop count in IGRP and EIGRP. The protocol developers 
were pretty paranoid about avoiding routing loops. If a router notices an 
increasing hop count, it puts the route in holddown.

Now, I need some hops after this discussion! ;-)

Priscilla


Note:  This appears to impact only incoming routes and not outgoing.  That
makes sense I guess but just thought I would throw that out there.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36153t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Autonomous-system command [7:36067]

[Lupi, Guy]

John, I don't know if you found an answer.  Looks like this command is used
to specify your AS number when you are running EGP, which is something like
the precursor to BGP.  There is actually a chapter on this in Doyle's
Routing TCP/IP Volume II, chapter 1.  HTH.

From CCO:

autonomous-system (EGP)
Use the autonomous-system global configuration command to specify the local
autonomous system that the router resides in for EGP. To remove the AS
number, use the no autonomous-system command.

autonomous-system local-as
no autonomous-system local-as 
Syntax Description
local-as  Local autonomous system (AS) number to which the router belongs.  

Default
None

Command Mode
Global configuration

Usage Guidelines
Before you can set up EGP routing, you must specify an autonomous system
number. The local AS number will be included in EGP messages sent by the
router.

Example
The following sample configuration specifies an autonomous system number of
110:

autonomous-system 110

Related Command
router egp



-Original Message-
From: John Neiberger
To: [EMAIL PROTECTED]
Sent: 2/21/2002 10:39 AM
Subject: Autonomous-system command [7:36067]

In 12.2(3) I just ran across the following global configuration command:


  autonomous-system [AS]

Router(config)#?   
Configure commands:
  aaa Authentication, Authorization and
Accounting.
  access-list Add an access list entry
  alias   Create command alias
  alpsConfigure Airline Protocol Support
  apollo  Apollo global configuration commands
  appletalk   Appletalk global configuration commands
  arapAppletalk Remote Access Protocol
  arp Set a static ARP entry
  async-bootp Modify system bootp parameters
  autonomous-system   Specify local AS number to which we
belong

I can't find this command in the master indexes and I've done a google
search on CCO and wasn't able to find it.  

Any idea what this command might be used for?

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36154t=36067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: https to log in to a router - Possible?? [7:36143]

[Cisco Nuts]

Hum! Suprisingly it has the http built-in. I would think that they should 
have implemented ssl functionality in the code than http


From: Steven A. Ridder 
Reply-To: Steven A. Ridder 
To: [EMAIL PROTECTED]
Subject: Re: https to log in to a router - Possible?? [7:36143]
Date: Thu, 21 Feb 2002 20:22:00 -0500

The router would have to have a web server with ssl built in, and I don't
believe Cisco's do.
Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hello,
  Is it possible to use https:// to access a router? I have just been
  thinking about this and would like to know if and how it would indeed be
  possible?
  An acl permitting 443 would not work as it is not for traffic 
originating
  from the router itself, correct?
  Is there like a access-class cmd. for https at all?
  Thank you.
 
 
 
  _
  Join the worlds largest e-mail service with MSN Hotmail.
  http://www.hotmail.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36156t=36143
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Console speed [7:36155]

[Ranma]

Re-start the router
then BREAK it during it boot up and enter  rommonconfig

it will ask you question one by one...

choose the option of different console=speed here

then reboot the machine again.



NK Sat  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi guys,
   I am not able to change the console speed of my 7204 VXR at all.I
 wanted it at 115200 to do a xmodem But it just cannot beyond 9600

 What am i missing here.


 r7#line con 0
 r7(config-line)#speed 0
 Failed to change line 0's speed


 Does 7204 VXR console cannot go beyond 9600 ?  Please advise


 Thanks


 _
 Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36157t=36155
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]