PRI ISDN Callback, 3640, Mica Problem [7:36185]
Dear all, We have a 3640 and want to terminate both analog and ISDN calls over the PRI on the 3640. The 3640 should callback over the PRI to both analog and ISDN users. All of the 30 available B channels should be dedicated to this purpose. We are using IOS 12.0.4(T), Mica-6DM Firmware CP ver 2310, E1/PRI ISDN ctrl, client modems USRobotics, Multitech, Boca, D-Link etc. We have the following problems: 1. A high rate a unsuccessfull incoming calls (~50%) with the modems idle and a busy signal or no answer at all (debug on Cisco shows a generic ISDN disconnect error) 2. During the callback the modems do not handhshake properly. 3. Connection is being established only at very low speed 9.6 kbps and below. - the ISDN line is clean, show cont, show int ser 1/0:15 show no errors at all. We use the framing no-crc4 command on the controller, otherwise it goes down with alarm detected. Kindly send the solution/configuration for the above. Thanks in advance. Devashish Chanda India Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36185t=36185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRI ISDN Callback, 3640, Mica Problem [7:36185]
Hello Devashish, hard to tell what the cause of this behaviour is. Can you post the config of the 3640 as well as the output of the 'debug isdn q931' command ? There is a good document on the Cisco site with regard to Dial Technology Connectivity, that might help you as well: http://www.cisco.com/warp/customer/471/callin_calls.html#third Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36188t=36185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 5k system ram flash [7:36170]
Hi Colin, depends on your software release. Go to the following link: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/index.htm and check the respective 'Release x.x Memory Requirements'. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36189t=36170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Nortel NNCA certification [7:36190]
Hi, firstly my apologies for posting this in a Cisco group. However, there are (still) other networking vendors, and I'd like to get the groups opinion on the Nortel NNCA certification. James ___ http://www.webmail.co.za the South-African free email service Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36190t=36190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Redistro/Backdoor bug? Any ideas... [7:36191]
Team, Was working on BGP backdoor on routerb. Routera is advertising the 3.3.3.0/24 via eigrp 23 to routerb (the _ representing Ethernet). Routera is also advertising that same prefix via ebgp to routerb (the === marks represent the serial link). No biggie, so I threw the network 3.3.3.0 mask 255.255.255.0 backdoor) command on routerb and Voila, routerb decided to use the route learned via eigrp (ad=90) rather than the route learned via ebgp (ad=20). ___Eigrp 23___ | | 3.3.3.0/24---routera==routerb (ebgp) I then decided I was going to play around with redistribution. So I made routea stop advertising that 3.3.3.0/24 prefix to routerb via ebgp. No problem, routerb still knew about 3.3.3.0/24 via its Ethernet. I went into the bgp 2 process on routerb and did a redistribute eigrp 23. After about 90 seconds, I didnt see the 3.3.3.0/24 route in routerbs bgp table. I though what the and looked for any typos (considering Ive been studying for 11 hours so far) but didnt see any. I did however see that I forgot to take out the backdoor statement from the previous exercise. I took that out and about 15 seconds later I got this message (after turning on debugging of course) BGP(0): nettable_walker 3.3.3.0/24 route sourced locally So I took a look in the bgp table and saw r2#sh ip bgp BGP table version is 16, local router ID is 22.22.4.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 3.3.3.0/24 25.25.25.3 409600 32768 ? My question is, is this a bug that if you have that backdoor in there, BGP will not redistribute? The only thing I changed in my config was that line and then it worked. While I study, Im compiling a list of gotchas I need to remember for BGP. Anyone else done this, maybe we can compare notes? Thanks team! Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36191t=36191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
...ISP management application !!!!!!!! [7:36192]
Hallo, Question especialy for ISP's : I am interested in an application with which I can manage the ISP customers, network devices, IP address space, and implement service level groups. Exp: 1. for a site (device): location info, interfaces info (like addresses), other info 2. for a customer: details(location,contacts), interfaces info (IP), other info 3. service level groups: group customers based on different criteria (like VPN between them) 4. management of IP address space: group IP classes based on location criteria (like in a tree). Something to look like EasyIP. Also multiuser, and with a nonpropietary database behind (so to integrate it with other applications). Maybe it's an utopia-application. Anyone has any ideea? Any help very appreciated Chris, mcse, ccna bla bla Vrei sa pleci la munte??? Cum? Simplu! Inscrie-te acum la http://www.romance.ro si CASTIGA un weekend la munte pentru tine si perechea ta! E gratis, si in plus te poti distra de milioane! --- http://www.click.ro - unul dintre cele mai mari portaluri romanesti, mail gratuit. http://www.webmania.ro - FREE hosting. http://www.funmanaia.ro - bancuri, poze si filme haioase. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36192t=36192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access list question [7:36166]
Hello Amit, Ranma is right, you could use policy routing. Let's say you want to have all traffic from xxx.xxx.xxx.240/28 routed through interface serial1. The config would look like this: route-map MAP1 permit 10 match ip address 1 set interface serial1 ! access-list 1 permit xxx.xxx.xxx.240 255.255.255.240 ! interface serial1 ip policy route-map MAP1 Actually, thinking about it, wouldn't it be easier to just add a static route: ip route xxx.xxx.xxx.240 255.255.255.240 serial1 Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36193t=36166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Virtual Link Authentication problem [7:36194]
Hi Guys, Please help me to solve the issues. DO we must have to configure virtual link for authentication aswell if our Area0 is configured for authentication also?? 2nd. we have two areas A0 and A10,configured with different password keys and authentication schemes , and virtual link is setup b/w these two Area routers. So which password scheme and Key we should follow for virtual links???A0 or A10?? thanks for ur help in advance. TOM _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36194t=36194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Console speed [7:36155]
Hi, I am not sure if this works, but what happens if you just try rommon xmodem -y -s57600 to set the speed to 57600 ? Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36195t=36155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: China/Cisco connection [7:35946]
You are correct. It's called Echelon. There are some staellite stations in England and Austalia and I'm sure others as well. It's run by the NSA. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It is also rumored that every cross-country electronic conversation anyone make is been recorded in a condensed form some where in the US. Conversations like telephone calls, Fax, emails, etc is been recorded and 'diagnosed' for some specific information, and could be reproduced and expanded where necessary. With my knowledge of how Intrusion detection works in the Swicth blade (IDSM), where the blade sits as a line card in the backplane of the Catalyst 6000 switch, it does not interfere with the traffic going through the Switch backplane but these traffics are copied to its buffer for examination, it triggers an alarm and send a detail message to the director interface when it discover a comparison between at least one of its stored signatures and the packet been examined, I kind of believe that sniffing the whole internet is VERY possible and it cannot be just rumors. Again, how secure is the internet??? To me it is just a round-robin stuff. Someone implemented all the encryption technology we have seen so far and the key to decrypt then are not hiden far away in heaven, they are still with us humans. My 0.2 cent Regards. Oletu - Original Message - From: Steven A. Ridder To: Sent: Thursday, February 21, 2002 4:48 PM Subject: Re: Re: China/Cisco connection [7:35946] It's a rumor. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I only agree partially. On the other hand, US government put censorship on the whole Internet, if anyone could remember what happened during US bombing of the Serbs. The news said that a virus sent NATO secrets to an ICQ site, which was quickly deleted by an USA robot, and the robot notified government angecies of the discovery and the results. The same news claimed that the whole Internet is been checked every 10 minutes by various government programs. From TV, FRI (or CIA) experts publicly demostrated how they could trace a message from one end of the world to another end of the world. There was another news said that US government put on filters on Internet to search keywords, such as weapon. Since I am too old to be naive, I wonder what else would be on the filter list, or inside the robot programs. Let's hope whoever has the power to control information on Internet only do it for legitimate purpose. But, I know that I asked for too much. Tony Dominick Marino wrote: I agree with Joseph Brunner. To compare the two is absurd! The Chinese will use the technology to suppress the truth from becoming known to the people ( peasants to the elite). It is also a good way to find the subversives and eliminate them. As for the US government monitoring the traffic, I doubt that they plan on killing anyone for their selection of web sites. Unless they are terrorists, then, if they want, I will supply the bullets myself. Dom Marino B.J. Wilson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... An interesting article I came across this morning: http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd. a sp Comments? -- __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36196t=35946 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Services in PPTP .... [7:36197]
Hi, Can some one give me the advice that how we can configure PPTP on cisco router and my centers can access the my network. We are using the win2000 at client place and we are trying to have VPN solution for the user. So that we can have the secure network. Thanks and Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36197t=36197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 640-900 BSCI or 640-503 Routing [7:36158]
- Original Message - From: Mohammed Fahim To: Sent: Friday, February 22, 2002 12:15 AM Subject: Re: 640-900 BSCI or 640-503 Routing [7:36158] Hi Oletu Its not CISSP, its CCIP exam, If you are not sure of CISSP, here it is, its a exam for security professional who have 3 yrs of real time security experience and is administered by Internation Information Systems security Certification Consortium or (ISC)2. you can visit www.cissp.com for further details Hope you understand. regards Fahim Cisco Security Specialist wrote in message news:... If you are considering taking the CISSP exam at a later date, it would be better you take the BSCI exam. It was added when Cisco added the new set of CQS exams. The BSCI is more wide and extensive than the 640-503 exam. However, if you do not want to cover the additional materials, then go for the 640-503, but when you want to write the CISSP exam tomorrow, you must write the BSCI (640-900) exam despite the fact that you have taken the 640-503 exam before. Writing the 640-900 exam, fullfils two exam requirements(CCNP track) and CISSP track but the 640-504 only count towards your CCNP. Think of the time you would have saved, the additional knowledge, the $125, etc when you take the 640-900 instead of the 640-504 exam. http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-900.html Enjoy. Regards. Oletu - Original Message - From: Colin To: Sent: Thursday, February 21, 2002 6:28 PM Subject: 640-900 BSCI or 640-503 Routing [7:36158] Hi I was looking at the CCNP Exam page on the Cisco's web page and for the Routing exam, the had two test listed. They are 640-503 Routing and 640-900 BSCI. Why would one choose to take one exam over the other? When was the 640-900 BSCI test added? Thanks Colin _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36198t=36158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Services in PPTP .... [7:36197]
Search Virtual Private Dial Up network config.. (VPDN) Mahesh Hi, Can some one give me the advice that how we can configure PPTP on cisco router and my centers can access the my network. We are using the win2000 at client place and we are trying to have VPN solution for the user. So that we can have the secure network. Thanks and Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36199t=36197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX v6.2 [7:35987]
I heard that from another mailing-list, 6.2 will be release around April 2002. It seems that Cisco PIX team would not leak the 6.2 beta for public consume, CMIIW. Hummm, I too scanned the Cisco site for 6.2 and only found 6.1.2. I'd heard from the rumor-mill that 6.2 was out, but perhaps that's incorrect. As I'm about ready to upgrade the failover 515UR, it'd be nice if I only had to do this once -- this year. Any speculation on that 6.2 release date? Best, G. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 11:08 AM To: [EMAIL PROTECTED] Subject: RE: PIX v6.2 [7:35987] Where did you guys find the new 6.2 versions? I looked at Cisco's site, no luck. Thanksnabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36200t=35987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Virtual Link Authentication problem [7:36194]
A0---purpose of virtual link is to enable access to Area 0, for more on this check. http://www.cisco.com/warp/public/104/27.html James -Original Message- From: IT Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 5:03 AM To: [EMAIL PROTECTED] Subject: OSPF Virtual Link Authentication problem [7:36194] Hi Guys, Please help me to solve the issues. DO we must have to configure virtual link for authentication aswell if our Area0 is configured for authentication also?? 2nd. we have two areas A0 and A10,configured with different password keys and authentication schemes , and virtual link is setup b/w these two Area routers. So which password scheme and Key we should follow for virtual links???A0 or A10?? thanks for ur help in advance. TOM _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36201t=36194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Nortel NNCA certification [7:36190]
any NORTEL NEWSGROUP ? James Barber Hi, firstly my apologies for posting this in a Cisco group. However, there are (still) other networking vendors, and I'd like to get the groups opinion on the Nortel NNCA certification. James ___ http://www.webmail.co.za the South-African free email service Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36202t=36190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO equipment for rent in UAE [7:36205]
I have lot of equipment for CCNA, CCNP, CCIE Security and Routing /Switching for rent in UAE only . Kindly revert back for booking Thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36205t=36205 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access list question [7:36124]
Footnote - I believe this would also permit 'crafted' packets with the ack bit set ... which is why a good firewall is better . Thanks! TJ -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 8:25 PM To: [EMAIL PROTECTED] Subject: RE: Access list question [7:36124] That's a good conceptual explanation. I would add that technically, it allows TCP packets that have the ACK bit set. In other words, it allows packets that are acknowledging another packet. That means it would not allow an incoming SYN used to set up a session, but it would allow a reply to a SYN that already happened. Priscilla At 06:26 PM 2/21/02, David Jones wrote: Justin, This is typically used in an Internet/NAT situation where you are allowing something from the Internet to come back in, only if it's a reply to a request that originated from inside your network. For instance, with a router connected to the Internet, you typically want an access-list applied to your Internet-facing port that denies incoming traffic, as you don't want them trying to walk all over your router or network. However, this same access list will drop valid replies to requests from clients inside your network, i.e. http replies, etc. With the 'established' option, you can tell the router with access lists drop everything inbound from the Internet, except replies to requests made from inside my network. Typically, people do this because they don't want to pay for a firewall, but this isn't the best thing to do. If you need to set this up for someone for Internet access, you need to dig a little deeper into it because if my memory serves me right, this command may or may not work with UDP traffic and only TCP traffic. I'm not sure and might be totally wrong, so you need to check. Hope this helps, Dave Priscilla Oppenheimer http://www.priscilla.com * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36206t=36124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Nortel NNCA certification [7:36190]
The answer, First I like you to know that I am a Cisco Certified Systems Instructor, and also that I am a Nortel Networks Certified Instructor. But, anyone of the certifications will give you the knowledge you need to attain the other. When it comes down to it, the standards are the standards. Each vendor implements the standards, from there they then implement propietary technoligies. What you have to learn for both companies is who to interface, with their equipment.command line or gui. then understand the proprietary and cross platform standards. Sorry, that I have to inform you of this first. But, most people in the industry have a higher regard for the Cisco certs than any other Networking vendor. That is usually because of limited implementation of the other products. You should one get the cert you need for your current employment situation. Then you should pursue you personal financial goals. After that you can attain the others cert fairly easy. I am not aware of any study groups but good luck! Tshon Ocsic wrote: any NORTEL NEWSGROUP ? James Barber Hi, firstly my apologies for posting this in a Cisco group. However, there are (still) other networking vendors, and I'd like to get the groups opinion on the Nortel NNCA certification. James ___ http://www.webmail.co.za the South-African free email service Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36207t=36190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Nortel NNCA certification [7:36190]
Hi James, Trust me it wont get u anywhere. Try Juniper instead Shahid NNCA --- James Barber wrote: Hi, firstly my apologies for posting this in a Cisco group. However, there are (still) other networking vendors, and I'd like to get the groups opinion on the Nortel NNCA certification. James ___ http://www.webmail.co.za the South-African free email service [EMAIL PROTECTED] = Shahid Muhammad Shafi Every man dies; not every man really lives Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36208t=36190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Virtual Link Authentication problem [7:36194]
which area is a virtual link in? IT Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Guys, Please help me to solve the issues. DO we must have to configure virtual link for authentication aswell if our Area0 is configured for authentication also?? 2nd. we have two areas A0 and A10,configured with different password keys and authentication schemes , and virtual link is setup b/w these two Area routers. So which password scheme and Key we should follow for virtual links???A0 or A10?? thanks for ur help in advance. TOM _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36209t=36194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-900 BSCI or 640-503 Routing [7:36158]
I failed the 503, one time already. But now I think I overstudied (if there is such a thing). Now I am sitting not sure what to do, either cisco 640-503, or the new Beta Routing exam, or the 640-900. Arg! They should have just added IS-IS in the 503 exam. Why is cisco going nuts on the CCNP routing exam? Just make one exam already! I think if I take the beta, ill save 75$, but I think you don't get results right away, and get a pool of like 300 questions. I think the 640-503 is stressful enough. I probably will be stupid and send Cisco 250$ cause Ill end up taking the BCSN and The BSCI exam. Cisco how about charging like 25$ who have already passed BCSN. They need to get there stuff together on this one. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36210t=36158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX information [7:35294]
wr st will do this for you... write standby -Patrick Mears, Rob 02/21/02 05:24PM Any changes you make to the Pri PIX will be written to the SEC, no need to day anything. Good Idea to move the sec and do a Wr M Rob -Original Message- From: Evans, TJ [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 12:53 PM To: [EMAIL PROTECTED] Subject: RE: PIX information [7:35294] I believe it sync's them auto-magically, or perhaps on a timed basis. Regardless ... I always do a wr standby ... just to be sure. Thanks! TJ -Original Message- From: Hartnell, George [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 12:46 PM To: [EMAIL PROTECTED] Subject:RE: PIX information [7:35294] AND, am I to understand correctly, as the manual is quite vague, that an upgrade of the primary failover unit also updates the secondary? Or, must the hapless administrator do each individually? Best, G. -Original Message- From: Jose Celestino [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 7:12 AM To: [EMAIL PROTECTED] Subject: Re: PIX information [7:35294] PIX-FW1# copy ? usage: copy tftp[:[[//location][/pathname]]] flash For instance: copy tftp://192.168.2.2/configs/pix.cfg flash Thus spake BASSOLE Rock, on Wed, Feb 13, 2002 at 09:06:59AM -0500: Hello group, What command can I use to copy a configuraton form a tftp server to a PIX Firewall? I have look on the cisco web site for the command but couldn't find. Can somebody help. Thank you. Rock -- Jose Celestino - Little prigs and three-quarter madmen may have the conceit that the laws of nature are constantly broken for their sakes. -- Friedrich Nietzsche * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36211t=35294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New config maker [7:35386]
I have downloaded it with out much problems. if you try segmented download it may create problems. Anil Aravind William Pearch wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone had difficulty with the new Config Maker (v2.6)? I tried downloading it tonight and the executable reports as being corrupted. Is it me? Do they hate me? :) TTFN, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36212t=35386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Services in PPTP .... [7:36197]
CCO web site has very good information on setting VPN connection (PPTP, IPSEC), and also you need to configure RADIUS server or TACAS Server if you dont wanna do the local authenticaion on router. Mahesh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Can some one give me the advice that how we can configure PPTP on cisco router and my centers can access the my network. We are using the win2000 at client place and we are trying to have VPN solution for the user. So that we can have the secure network. Thanks and Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36221t=36197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless MAN coverage [7:36223]
Has anyone setup or can you point me to a wireless solution for an entire metro area? I have a hospital that we would like to link 10+ offices within a 15 mile radius. I've had good success with the Aironet 340 series, but at this point we need something more geared towards a wide coverage area, rather than point to point. Any ideas would be appreciated. Bob Sites System Engineer Valley Health System (IS) [EMAIL PROTECTED] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36223t=36223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote Access simple question [7:36213]
If I recall correctly, you are right, the answer would be S 3/1. Perhaps it's just a Type-O... It's not like that doesn't ever happen ;-) Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 22, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: Remote Access simple question [7:36213] Q) Which interface is line 97 on a 3640? A)Answer is S 2/1. The answer seems wrong to me. On a 3640, this is how lines are numbered: slot0lines 1-32 slot133-64 slot265-96 slot397-128 So, the interface would be S 3/1 rather. This question appears on Chapter4/Q6 in the QA section of cisco press remote access cert.guide Thank You Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36225t=36213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What after CCNA?? [7:36215]
With your CCNA, you are qualify to take CSS1 (Cisco Security Specialist 1) exam, it is a four modules exam, viz PIX, VPN,MCNS and CSIDS exams for this Specialist path. If you want to continue in the Cisco career path CCNP would be a good choice than CCDA, It all depends whether you prefer the design or support aspect of Cisco networking. Enjoy Oletu - Original Message - From: Gandre Amit To: Sent: Friday, February 22, 2002 7:46 AM Subject: What after CCNA?? [7:36215] Hi I got through my CCNA yesterday and I am looking forward to taking other certifications. I had the CCDA and CCNP in mind. I am not sure though which one to take. Also, if there is a Cisco certification that deals with Security, I would like to do that. Another factor is that, I do not have the money to pay for any courses and so this is going to be self study. Woudl anyone recommend doing CCNP or any higher security certification without a course or access to a lab.. BTW has anyone taken the SSCP and if so what books did u use.. Please advice. Amit _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36224t=36215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Reposting again: NAS and NACServer [7:36218]
It means your Network Access Server like a AS5300 must have IOS v11.1 to be able to support the TACACS+ protocol on your CiscoSecure Access Control Server v2.3 installed on your Solaris V2.51 or V2.6, V7, V8 or IOS v11.2 to support RADIUS protocol. The requirement refer to both the Network Access Server(Cisco Box) and the Cisco Secure Access control server(Solaris). Enjoy Oletu - Original Message - From: John Green To: Sent: Friday, February 22, 2002 8:07 AM Subject: Reposting again: NAS and NACServer [7:36218] i am reposting this again. if someone could help me with this -- Network Access Server and Network Access Control Server are two different boxes ? eg CiscoSecure Access Control Server (unix) is a software that is installed on Solaris box, to which a Network Access Server like a AS5300 can connect to or vice-versa for user authentication and authorization purposes ? but if you would refer to the software specifications as mentioned in http://www.cisco.com/univercd/cc/td/doc/pcat/sqasux.htm1 it refers to IOS as well. Software specifications for CiscoSecure Access Control Server v2.3 for UNIX (Solaris). Solaris V2.51 or V2.6, V7, V8 IOS v11.1 (TACACS+) IOS v11.2 (RADIUS) the Solaris OS versions refer to the fact that the Access Control Server software can be installed onto these Solaris Operating system versions. fine. where is this IOS ? where is this IOS installed ? is the logical diagram ok as below NAS---User | | AccessControl server is the logical flow ok ? __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36227t=36218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dennis Laganiere's rif examples [7:36228]
Does anyone have a url to Dennis Laganiere's rif examples? I almost have this RIF thing down but I could use a few more examples. Eric CCNP __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36228t=36228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #1920 [7:36229]
Hi all; I would be interested in renting for several days a 25xx or 26xx cisco router preferably from someone in the greater ny area. please email me at [EMAIL PROTECTED] if you can help. mo __ Sent via the Pace University Mail system at fsmail.pace.edu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36229t=36229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Autonomous-system command [7:36067]
It specifies your autonomous system if you are running the old EGP protocol. I sent a message last night, here it is: John, I don't know if you found an answer. Looks like this command is used to specify your AS number when you are running EGP, which is something like the precursor to BGP. There is actually a chapter on this in Doyle's Routing TCP/IP Volume II, chapter 1. HTH. From CCO: autonomous-system (EGP) Use the autonomous-system global configuration command to specify the local autonomous system that the router resides in for EGP. To remove the AS number, use the no autonomous-system command. autonomous-system local-as no autonomous-system local-as Syntax Description local-as Local autonomous system (AS) number to which the router belongs. Default None Command Mode Global configuration Usage Guidelines Before you can set up EGP routing, you must specify an autonomous system number. The local AS number will be included in EGP messages sent by the router. Example The following sample configuration specifies an autonomous system number of 110: autonomous-system 110 Related Command router egp ~-Original Message- ~From: Chuck [mailto:[EMAIL PROTECTED]] ~Sent: Friday, February 22, 2002 12:28 AM ~To: [EMAIL PROTECTED] ~Subject: Re: Autonomous-system command [7:36067] ~ ~ ~the question is - what does the command do? it does not appear in the ~documentation. there is no apparent result using show ip ~protocol, or show ~ip anything else. ~ ~if you can explain what the command autonomous-system does, ~I'm all ears. ~ ~Chuck ~ ~ ~ ~Anthony Toh wrote in message ~[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... ~ Hi, take a look at the protocol IGRP in the Cisco website. ~Maybe you can ~ have a better understanding of what an Autonomous system ~number is all ~about. ~ ~ Anthony. ~ ~ ~ ~ ~Report misconduct ~and Nondisclosure violations to [EMAIL PROTECTED] ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36230t=36067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
site survey [7:36231]
Hi ! Do anybody know, what steps (checklist) one should follow when going for a network site survey for deploying an ISP setup. Any website links ? Thanks Stanzin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36231t=36231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dennis Laganiere's rif examples [7:36228]
hes on this list somewhere ...:) but you might want to check the groupstudy archive -Original Message- From: Eric Mwambaji [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 11:18 AM To: [EMAIL PROTECTED] Subject: Dennis Laganiere's rif examples [7:36228] Does anyone have a url to Dennis Laganiere's rif examples? I almost have this RIF thing down but I could use a few more examples. Eric CCNP __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36232t=36228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access Lists are a bit mystifying [7:36164]
Remember the model OSI model. IP can have multiple higher level protocols running over it. So IP uses protocol numbers to identify the higher level protocol that it should send the data to. If you do a deny ? on a router you will see all the different protocols (eigrp, gre, icmp, ospf, pim, tcp, udp). Once the IP layer passes the packet up to the transport layer the layer 4 protocol has to know which application to send the data to. So the TCP protocol will send traffic on port 80 to the web server and traffic to port 25 to the smtp server. Layer 7 - Application Layer 6 - Presentation Layer 5 - Session Layer 4 - Transport Hi Anil, Sometimes its scaring posting to this group. =) To answer your question, if you don't the permit IP any any command, there is an implicit deny rule at the end of an access-list, which will drop all traffic that you have not allowed through the access-list. The other two deny statements are dropping netbios port 139 and something that uses port . Hope this helps. Scott -Original Message- From: Anil Gupte [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 7:59 PM To: [EMAIL PROTECTED] Subject: Access Lists are a bit mystifying [7:36164] Hi All! I watch this list occassionally (when I have time). This is my first post to this list, so be kind. :p) In the access list below: ** conf t int ethernet0/0 no ip access-list extended secure2 ip access-list extended secure2 deny tcp any any eq deny tcp any any eq 139 permit ip any any int ethernet0/0 ip access-group secure2 out ip access-group secure2 in exit wr ** Why is it that you need to deny TCP and permit IP? Or did I not do this right? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36233t=36164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Console speed [7:36155]
Hello, I tried this on a new 2650 router and it states The -s speed option is not supported on this platform, which it sounds like it is supported on other platforms. Scott -Original Message- From: Georg Pauwen [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 2:57 AM To: [EMAIL PROTECTED] Subject: RE: Console speed [7:36155] Hi, I am not sure if this works, but what happens if you just try rommon xmodem -y -s57600 to set the speed to 57600 ? Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36234t=36155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-900 BSCI or 640-503 Routing [7:36158]
My recommendation would be to proceed with caution. IS-IS is not just an additional topic on the 900 exam. It is core to it. Also, since the CCIP is geared towards ISP environments, know you BGP very well. This is a tough exam. Longer than 503 and requires higher passing score. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36236t=36158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cipt [7:36148]
Excuse me...So it's a problem to ask how an exam was. You really think its bad to ask what a passing score is.. Damn..Not like I was asking for the answers..Wow..Unbelievable...By the way..I have those objectives the day I satrted studying..I was JUST asking how the exam was... So I cant perform research cuz I asked for what passing score is...Man whatever. Tony Tim Medley wrote in message news:[EMAIL PROTECTED]... Part of becoming Cisco Certified is the ability to perform research. http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exams/9E0-402.html Also what does it matter what the passing score is for the exam? Tim Medley - CCNP+Voice, CCDP Sr. Network Architect VoIP Group iReadyWorld p 704.943.3615 f 704.525.9119 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of tony paparazzo Sent: Thursday, February 21, 2002 8:28 PM To: [EMAIL PROTECTED] Subject: cipt [7:36148] Anyone take this yet..What is passing..What are some key areas to study.. Thanks Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36237t=36148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Foundation Exam [7:36186]
Don't drink any coffee beforehand ! You are on the right track with respect to the ciscopress books. The exam will follow those Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36238t=36186 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hop count in EIGRP? [7:36082]
Chuck wrote: BTW, it occurs to me that we have had this discussion before. There being nothing in the routing table indicating IGRP or EIGRP hop counts, how does (E)IGRP know the diameter of the network of which it is a member? And why would it care? ;-) Maybe one of these days I'll daisy chain the routers in my lab, and set the max hops to 4 and see what happens ;- Chuck If you look at my earlier post you will see that I have already done this. Hop count is carried in the payload I believe - not the header. Exceeding the hop cound causes routes to disappear. It is used and enforced apparently. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36239t=36082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
simple access-lists question [7:36240]
Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36240t=36240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: simple access-lists question [7:36240]
I believe you need something like access-list 101 permit tcp any any eq www you have something that permits IP protocol numbers I think. Like 6 is tcp, 17 is udp, 9 is igrp, etc.. etc... -- RFC 1149 Compliant. NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36241t=36240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Easy ways to pick up a few extra minutes on the CCIE lab. [7:36242]
Another option with a newer IOS is if you want to see the Config for an interface is to use: sh ru INT E 0 and you will get the config for the interface only Redback Users wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, start by not to see the config so often (just to look for the IP address). 25XX is extremely slow doing the thing so. Better use show ip int brie or show ip int instead. Wright, Jeremy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... also, check the groupstudy database...there was a list of aliases that a guy put on the list -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35547] Better than the CTRL+R that I've been using. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 1:45 PM To: [EMAIL PROTECTED] Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35541] That's a really good one. I hate it when the console blasts some stupid message at you while you're typing. It still throws me off even though I should be used to it. ;-) Thanks for telling us about this. Priscilla At 02:11 PM 2/15/02, Sean Knox wrote: I always enter console config and turn on logging synchronous; it inserts a carriage return automatically after system messages show up. Doesn't hurt to enable it on the vtys either. core8500#conf t Enter configuration commands, one per line. End with CNTL/Z. core8500(config)#line con 0 core8500(config-line)#logg sync -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35523] no ip domain-lookup (how do you spell pnig again) terminal escape-char 3 (Press Ctrl-c to break out of ping Telnet) Anybody got others? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36242t=36242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Question [7:36243]
I saw a resume with CCIE (Q) after their name, what is the Q mean? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36243t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Question [7:36243]
I would quess that means that person has passed the CCIE Qualification Exam, or the written portion of the certification. He or she is presumably studying/preparing for the lab exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36246t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
it means they only passed the qualification exam. they should not be putting CCIE on their resume at all Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I saw a resume with CCIE (Q) after their name, what is the Q mean? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36244t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Detection Utility [7:36248]
Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36248t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dennis Laganiere's rif examples [7:36228]
Try this link, it allows you to test your RIF knowledge. http://www.loopy.org/rif.cgi I have attached Dennis' RIF paper. It's very good. Debbie Westall --- Wright, Jeremy wrote: hes on this list somewhere ...:) but you might want to check the groupstudy archive -Original Message- From: Eric Mwambaji [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 11:18 AM To: [EMAIL PROTECTED] Subject: Dennis Laganiere's rif examples [7:36228] Does anyone have a url to Dennis Laganiere's rif examples? I almost have this RIF thing down but I could use a few more examples. Eric CCNP __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com [GroupStudy.com removed an attachment of type application/pdf which had a name of Doing RIFs.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36249t=36228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hop count in EIGRP? [7:36082]
At 12:51 AM 2/22/02, Chuck wrote: it gets complicated, routing protocols versus ip packets. It's not complicated. Is this Chuck Larrieu? You know that it's not complicated. Of course IP routing protocol packets are carried in an IP packet. No biggie. They can set the IP TTL in the IP header to whatever they want. Routing protocols generally set the IP TTL to 1 in their routing protocol packets. That works fine because the recipient is next door. Note that we are not talking about the hop count in distance vector route descriptors carried by RIP, IGRP, and EIGRP. OSPF sets the TTL to 1. OSPF virtual links are a special case. The packet might have to go more hops, as you say. BGP also sets the TTL to 1. eBGP multihop might be another special case. RIPv1 and v2, IGRP, and EIGRP set the TTL to 2. Maybe the developers were worried that the recipient would decrement by one and trash the packet. Priscilla first of all, if I understand correctly, all ip routing protocols use ip headers. The routing protocol packet is the payload, and not an entity unto itself. I have seen traces of OSPF packets showing IP TTL of various values. Someone shared with me some traces to validate something I suspected - that the OSPF virtual link packet has an initial TTL of 255. My theory is that it has to be deliberately set high because there is no predicting the number of hops a virtual link will traverse. The eBGP multihop command sets the IP TTL to something greater than the native BGP TTL of 1. EIGRP? Don't know. Was merely speculating. But consider - where else might the hop limit occur? The EIGRP header has no field indicating hop count that I can see. My source is the Rad Com World of Protocols book. Yes, RIP and RIPv2 contain within the RIP packet ( not the IP header ) a field in which metric / hopcount is carried. This leads me to believe that RIP does nothing to manipulate the IP TTL value. The others appear to do just that, however. Chuck Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:05 PM 2/21/02, Chuck wrote: to augment the other answers, the IP hop count is really the IP TTL value. It can never exceed 255 You're confusing two issues. Remember the router has two jobs: forwarding packets and learning the topology. Hop count has to do with the latter and affects what goes in the routing table. The IP TTL causes a router to drop a packet before forwarding if the TTL becomes zero. EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL is set at 100 at that point. Routing packets only go to neighbors. The IP TTL should be set to one or two. This has nothing to do with hop count which will be later in the packet in the distance vectors. Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an adjustment made. After all, the (E)IGRP metric includes end to end metrics. hhmmm... ( looking over Priscilla's trace again ) way down there I see an EIGRP hop count 0 line. The router was advertising a directly-connected network. the IP TTL is still really the only thing that makes sense in terms of the way IP works. In terms of forwarding maybe. You better reconsider routing protocols though... Priscilla Anyone? Chuck Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know why there is a hop-count in EIGRP? It has a 1 byte value, but it doesn't limit the number of hops and it looks like routers don't use it in their calculations. Why is it there? -- RFC 1149 Compliant. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36247t=36082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: simple access-lists question [7:36240]
Hey, are you ever going to upgrade to RFC 2549 compliance? If you haven't already, you're behind the times by about three years! :-) John Steven A. Ridder 2/22/02 11:43:33 AM I believe you need something like access-list 101 permit tcp any any eq www you have something that permits IP protocol numbers I think. Like 6 is tcp, 17 is udp, 9 is igrp, etc.. etc... -- RFC 1149 Compliant. NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36250t=36240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: simple access-lists question [7:36240]
Your syntax is wrong. You are permitting IP protocols 80, 21, 23 and 53 - NOT ports 80, 21, 23 and 53. The correct syntax would be: access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq telnet access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq domain access-list 101 permit icmp any any Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: NetEng [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 12:39 PM To: [EMAIL PROTECTED] Subject: simple access-lists question [7:36240] Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36251t=36240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hop count in EIGRP? [7:36082]
At 12:56 AM 2/22/02, Chuck wrote: BTW, it occurs to me that we have had this discussion before. Yes, unfortunately. ;-) There being nothing in the routing table indicating IGRP or EIGRP hop counts, You can't see the hop count with show ip route perhaps, but the router certainly saves the info. Try the show ip eigrp command. It shows the hop count. how does (E)IGRP know the diameter of the network of which it is a member? It's basic distance vector processing. I receive a packet that lists a network as being 0 hops away. (The router listing it is directly connected.) From my point of view, then, the network is 1 hop away. When I advertise this network, I say that it is 1 hop away. My downstream neighbor considers it 2 hops away. When I add 1 to the hop count, if that causes the hop count to exceed maximum hop count, then I trash the route and don't advertise it. And why would it care? ;- Now, that's a good question. But why does any routing protocol care? Maybe one of these days I'll daisy chain the routers in my lab, and set the max hops to 4 and see what happens ;- Just set the max to something smaller than the actual width. You'll see routes disappear. Chuck Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:05 PM 2/21/02, Chuck wrote: to augment the other answers, the IP hop count is really the IP TTL value. It can never exceed 255 You're confusing two issues. Remember the router has two jobs: forwarding packets and learning the topology. Hop count has to do with the latter and affects what goes in the routing table. The IP TTL causes a router to drop a packet before forwarding if the TTL becomes zero. EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL is set at 100 at that point. Routing packets only go to neighbors. The IP TTL should be set to one or two. This has nothing to do with hop count which will be later in the packet in the distance vectors. Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an adjustment made. After all, the (E)IGRP metric includes end to end metrics. hhmmm... ( looking over Priscilla's trace again ) way down there I see an EIGRP hop count 0 line. The router was advertising a directly-connected network. the IP TTL is still really the only thing that makes sense in terms of the way IP works. In terms of forwarding maybe. You better reconsider routing protocols though... Priscilla Anyone? Chuck Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know why there is a hop-count in EIGRP? It has a 1 byte value, but it doesn't limit the number of hops and it looks like routers don't use it in their calculations. Why is it there? -- RFC 1149 Compliant. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36252t=36082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36253t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Easy ways to pick up a few extra minutes on the CCIE lab. [7:36254]
Nice! Been looking for something like that for awhile. Sean -Original Message- From: Jeff Buehler [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: Easy ways to pick up a few extra minutes on the CCIE lab. [7:36242] Another option with a newer IOS is if you want to see the Config for an interface is to use: sh ru INT E 0 and you will get the config for the interface only Redback Users wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, start by not to see the config so often (just to look for the IP address). 25XX is extremely slow doing the thing so. Better use show ip int brie or show ip int instead. Wright, Jeremy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... also, check the groupstudy database...there was a list of aliases that a guy put on the list -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35547] Better than the CTRL+R that I've been using. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 1:45 PM To: [EMAIL PROTECTED] Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35541] That's a really good one. I hate it when the console blasts some stupid message at you while you're typing. It still throws me off even though I should be used to it. ;-) Thanks for telling us about this. Priscilla At 02:11 PM 2/15/02, Sean Knox wrote: I always enter console config and turn on logging synchronous; it inserts a carriage return automatically after system messages show up. Doesn't hurt to enable it on the vtys either. core8500#conf t Enter configuration commands, one per line. End with CNTL/Z. core8500(config)#line con 0 core8500(config-line)#logg sync -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35523] no ip domain-lookup (how do you spell pnig again) terminal escape-char 3 (Press Ctrl-c to break out of ping Telnet) Anybody got others? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36254t=36254 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
Hehehe... just like some folks that I've seen saying that they are CCNP 1/4 or 2/4... u can do the math :) - Original Message - From: Chris Charlebois To: Sent: Friday, February 22, 2002 4:02 PM Subject: RE: CCIE Question [7:36243] I would quess that means that person has passed the CCIE Qualification Exam, or the written portion of the certification. He or she is presumably studying/preparing for the lab exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36255t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36256t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hop count in EIGRP? [7:36082]
It should say show ip eigrp topology network. Network is the argument to the command. I had it encapsulated in less than and greater than symbols so it got munged by the mail server. Argh. There's probably other ways to see the hop count too. Bottom line: the router saves it. You just have to get the router to tell it to you. At 02:25 PM 2/22/02, Priscilla Oppenheimer wrote: At 12:56 AM 2/22/02, Chuck wrote: BTW, it occurs to me that we have had this discussion before. Yes, unfortunately. ;-) There being nothing in the routing table indicating IGRP or EIGRP hop counts, You can't see the hop count with show ip route perhaps, but the router certainly saves the info. Try the show ip eigrp command. It shows the hop count. how does (E)IGRP know the diameter of the network of which it is a member? It's basic distance vector processing. I receive a packet that lists a network as being 0 hops away. (The router listing it is directly connected.) From my point of view, then, the network is 1 hop away. When I advertise this network, I say that it is 1 hop away. My downstream neighbor considers it 2 hops away. When I add 1 to the hop count, if that causes the hop count to exceed maximum hop count, then I trash the route and don't advertise it. And why would it care? ;- Now, that's a good question. But why does any routing protocol care? Maybe one of these days I'll daisy chain the routers in my lab, and set the max hops to 4 and see what happens ;- Just set the max to something smaller than the actual width. You'll see routes disappear. Chuck Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 08:05 PM 2/21/02, Chuck wrote: to augment the other answers, the IP hop count is really the IP TTL value. It can never exceed 255 You're confusing two issues. Remember the router has two jobs: forwarding packets and learning the topology. Hop count has to do with the latter and affects what goes in the routing table. The IP TTL causes a router to drop a packet before forwarding if the TTL becomes zero. EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL is set at 100 at that point. Routing packets only go to neighbors. The IP TTL should be set to one or two. This has nothing to do with hop count which will be later in the packet in the distance vectors. Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an adjustment made. After all, the (E)IGRP metric includes end to end metrics. hhmmm... ( looking over Priscilla's trace again ) way down there I see an EIGRP hop count 0 line. The router was advertising a directly-connected network. the IP TTL is still really the only thing that makes sense in terms of the way IP works. In terms of forwarding maybe. You better reconsider routing protocols though... Priscilla Anyone? Chuck Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know why there is a hop-count in EIGRP? It has a 1 byte value, but it doesn't limit the number of hops and it looks like routers don't use it in their calculations. Why is it there? -- RFC 1149 Compliant. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36257t=36082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Detection Utility [7:36248]
dynamic nat a security breach? I was under the impression that dynamic was a security practice?and if you are speaking of static nat, well darn...that's you guys... -Patrick Kwame 02/22/02 02:04PM Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36258t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dennis Laganiere's rif examples [7:36228]
Here are the ones I could find from Dennis: 1. RIF - 0810.0011.0033.0040 2. RIF - 0a10.0032.00b3.0124.0020 3. RIF - 0810.0022.0013.0020 4. RIF - 0800.0011.0022.0030 5. RIF - 0a10.0011.00a2.0033.0040 6. RIF - 0630.0011.0191.0030 7. RIF - 0810.00a1.014f.01e0 8. RIF - 0830.0195.00a1.0230 9. RIF - 0a10.0045.0067.0101.0080 10. RIF - 0c10.047e.0067.00c8.043a.0080 Here are my answers: 1. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 8 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 1 (0x1), Bridge 1 (0x1) Ring 3 (0x3), Bridge 3 (0x3) Ring 2 (0x4) to the destination 2. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 10 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 3 (0x3), Bridge 2 (0x2) Ring 11 (0xb), Bridge 3 (0x3) Ring 18 (0x12), Bridge 4 (0x4) Ring 2 (0x2) to the destination 3. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 8 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 2 (0x2), Bridge 2 (0x2) Ring 1 (0x1), Bridge 3 (0x3) Ring 3 (0x3) to the destination 4. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 8 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 512 bytes Ring 1 (0x1), Bridge 1 (0x1) Ring 3 (0x2), Bridge 3 (0x2) Ring 3 (0x3) to the destination 5. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 10 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 1 (0x1), Bridge 1 (0x1) Ring a (0x10), Bridge 2 (0x2) Ring 3 (0x3), Bridge 3(0x3) Ring 4 (0x4) to the destination 6. The RIF is invalid because the length specified in the RIF differs from the actual length of the RIF 7. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 8 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 10 (0xa), Bridge 1 (0x1) Ring 20 (0x14), Bridge 15 (0xf) Ring 30 (0x1e) to the destination 8. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 8 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 4,472 bytes Ring 25 (0x19), Bridge 5 (0x5) Ring 10 (0xa), Bridge 1 (0x1) Ring 35 (0x23) to the destination 9. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 10 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 4 (0x4), Bridge 5 (0x5) Ring 6 (0x6), Bridge 7 (0x7) Ring 16 (0x10), Bridge 1 (0x1) Ring 8 (0x8) to the destination 10. The RIF is valid, and its breakdown is: RIF type: single route frame RIF Length: 12 bytes Direction to read the RIF: left-to-right Maximum frame length: up to 1,500 bytes Ring 71 (0x47), Bridge 15 (0xe) Ring 6 (0x6), Bridge 7 (0x7) Ring 12 (0xc), Bridge 8 (0x8) Ring 67 (0x43), Bridge 10 (0xa) Ring 8 (0x8) to the destination Shawn K. -Original Message- From: Eric Mwambaji [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 12:18 PM To: [EMAIL PROTECTED] Subject: Dennis Laganiere's rif examples [7:36228] Does anyone have a url to Dennis Laganiere's rif examples? I almost have this RIF thing down but I could use a few more examples. Eric CCNP __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36259t=36228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Detection Utility [7:36248]
Have you been reading NANOG or Slashdot? There was an article about Comcast, specifically, who is trying to combat NAT. What was determined is that: 1) There is no definite way to detect NAT 2) There are many implementations of NAT (even many RFC's stating how NAT works) 3) Bandwidth usage or number of open connections can not be correlated to using NAT What I do not understand is your AUP. I also do not understand how NAT has very serious security breach implications. You seem to have a misunderstanding of NAT operation. What is the real problem you are trying to solve? For understanding NAT, you might want to read up, especially: RFC 1631, 2391, 2428, 2663, 2694, 2709, 2766, 2962, 2993, 3022, 3027, and 3235 Internet-Drafts http://www.ietf.org/ids.by.wg/nat.html Bandwidth usage can be combated in several other different ways. 1) Add more bandwidth (well, this costs money and you are a University... so...) 2) Implement QoS methods (rate-limiting, queueing, RED, etc -- there are many ways) 3) Get a cache server (either transparent, wpad, or configured) and optionally join a cache hierarchy Your overall network design and bottlenecks should be looked at very closely. Gathering the right data to know what's going on in your network is probably the number one priority over everything else. Some of the tools are easy to setup (Ntop, MRTG, etc). The best way to look at your network is really up to you and may take years of work to get exactly what you want. Some suggestions that people from Cisco would give would be like using NBAR or NetFlow and maybe RMON to get at the network application data passing through your network. There are millions of ways to do this. Also, you might want to take a look at your AUP and policies again. It sounds like you might be moving in a direction that doesn't fit the needs of your University or your users. Read through RFC 1173 and RFC 1746 for help in building up your AUP. I believe that setting up a cache server (especially Squid) may help you with a lot of your problems, especially if you use it as a staging ground to combat the problems you think you are having. Fight fire with fire. If somebody is going proxy-crazy on your network and creating all sort of covert channels all over the place (playing with TCP/IP in interesting ways), then put up your own proxies and covert channels. Maybe you will learn a lot about their methods and motivations, as well. -dre Kwame wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36260t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
I never meant to imply that you supported the practice. I should have said that some people treat this as a common practice, not that you were one of those people. - Original Message - From: Michael J. Doherty To: nrf ; Sent: Friday, February 22, 2002 12:19 PM Subject: Re: CCIE Question [7:36243] Never said that I agreed with the practice. I am perfectly well aware of Cisco's stance on the subject. My message, also, did not state that I thought that it is not a big deal. Personally, if I were in a position responsible for hiring, all candidates who posted that information in their resume would automatically find themselves removed from consideration. I am proud of my own accomplishments and all of the initials that I can place behind my name are placed with the full knowledge that I have the score sheets and experience to back them up. Sincerely, Michael J. Doherty MCSE-NT4, MCSE-W2K, CCNA Certified, CCDA Certified, NREMT-P and many others that do not have initials. - Original Message - From: nrf To: Sent: Friday, February 22, 2002 2:46 PM Subject: Re: CCIE Question [7:36243] Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36265t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Port Secure not working ? [7:36267]
I was expecting to see a FastEthernet 0/26 ENABLED after the configuration below. Instead it is disabled. Any ideas? Thanks, Pierre-Alex Switch1(config)#int f 0/26 Switch1(config-if)#port secure max-mac-count 1 Switch1(config-if)#exit Switch1(config)#address-violation suspend Switch1(config)#end Switch1#sh mac-address-table security Action upon address violation : Disable Interface Addressing Security Address Table Size Clear Address --- Ethernet 0/1 Disabled N/A No Ethernet 0/2 Disabled N/A No Ethernet 0/3 Disabled N/A No Ethernet 0/4 Disabled N/A No Ethernet 0/5 Disabled N/A No Ethernet 0/6 Disabled N/A No Ethernet 0/7 Disabled N/A No Ethernet 0/8 Disabled N/A No Ethernet 0/9 Disabled N/A No Ethernet 0/10 Disabled N/A No Ethernet 0/11 Disabled N/A No Ethernet 0/12 Disabled N/A No Ethernet 0/13 Disabled N/A No Ethernet 0/14 Disabled N/A No Ethernet 0/15 Disabled N/A No Ethernet 0/16 Disabled N/A No Ethernet 0/17 Disabled N/A No --More-- Ethernet 0/18 Disabled N/A No Ethernet 0/19 Disabled N/A No Ethernet 0/20 Disabled N/A No Ethernet 0/21 Disabled N/A No Ethernet 0/22 Disabled N/A No Ethernet 0/23 Disabled N/A No Ethernet 0/24 Disabled N/A No Ethernet 0/25 Disabled N/A No FastEthernet 0/26 Disabled N/A No FastEthernet 0/27 Disabled N/A No No Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36267t=36267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LLQ Configuration [7:36272]
To Group: I am working with a client who is having problems with Video Conference using Polycom Equipment. The problem is jitter and audio drops. The solution that has been suggested to us by Cisco Low Latency Queueing (LLQ) over Frame Relay. I'm not sure the release but I was told this is a new feature for Frame Relay. We were instructed to upgrade to 12.2.6a IP Plus Feature Set... We did this.. This particular client has one DLCI on the physical interface, the port speed of the interface is 768kb. This is the same for both sites that have the video equipment. Here's the configuration I put together. access-list 101 permit tcp any any range 3230 3231 access-list 101 permit udp any any range 3230 3235 class-map match-all video match access-group 101 Policy-map video-police class video priority 540 class class-default fair-queue 64 map-class frame-relay video-data no frame-relay adaptive-shaping frame-relay cir 768000 frame-relay bc 7680 frame-relay be 0 service-policy out video-police frame-relay fragment 1280 Applied to these two commands to physical interface. frame-relay traffic-shaping frame-relay class video-data Here's the error we are getting. I/f Serial0/0 DLCI 400 class video requested bandwidth 540 (kbps) Not Available Removing service policy from map-class We even tried this on a router not connected to the network at all. When you do a show run after the error the service-policy statement is removed from the map-class configuration. Does anyone have experience with LLQ or have any suggestions. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36272t=36272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Interesting DDR Brain Teaser (long and pointless ) [7:36271]
I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36271t=36271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Detection Utility [7:36248]
The probably want the ability to scan every machine on their network; if you're behind a NAT firewall they can't do this. Sounds to me like they've got a problem but are trying to correct it with the *wrong* solution. Hire, Ejay wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The only way to do it would be to look for out of baseline utilization patterns, and investigate them. On the security policy ... How does a guy in a dorm with a linksys router performing NAT impose a security risk? -Original Message- From: Kwame [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: NAT Detection Utility [7:36248] Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36273t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LLQ Configuration [7:36272]
I'm guessig you have the bandwidth statement set to 768 on the serial interface. If so, type max-reserved-bandwidth 90 on the serial interface. Show us the stats for s0/0 when you do sh int s0/0. Steve Manuel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... To Group: I am working with a client who is having problems with Video Conference using Polycom Equipment. The problem is jitter and audio drops. The solution that has been suggested to us by Cisco Low Latency Queueing (LLQ) over Frame Relay. I'm not sure the release but I was told this is a new feature for Frame Relay. We were instructed to upgrade to 12.2.6a IP Plus Feature Set... We did this.. This particular client has one DLCI on the physical interface, the port speed of the interface is 768kb. This is the same for both sites that have the video equipment. Here's the configuration I put together. access-list 101 permit tcp any any range 3230 3231 access-list 101 permit udp any any range 3230 3235 class-map match-all video match access-group 101 Policy-map video-police class video priority 540 class class-default fair-queue 64 map-class frame-relay video-data no frame-relay adaptive-shaping frame-relay cir 768000 frame-relay bc 7680 frame-relay be 0 service-policy out video-police frame-relay fragment 1280 Applied to these two commands to physical interface. frame-relay traffic-shaping frame-relay class video-data Here's the error we are getting. I/f Serial0/0 DLCI 400 class video requested bandwidth 540 (kbps) Not Available Removing service policy from map-class We even tried this on a router not connected to the network at all. When you do a show run after the error the service-policy statement is removed from the map-class configuration. Does anyone have experience with LLQ or have any suggestions. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36274t=36272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT Detection Utility [7:36248]
The only way to do it would be to look for out of baseline utilization patterns, and investigate them. On the security policy ... How does a guy in a dorm with a linksys router performing NAT impose a security risk? -Original Message- From: Kwame [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: NAT Detection Utility [7:36248] Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36261t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: simple access-lists question [7:36240]
Not enought customers have asked for that feature yet. :) Was RFC 1149 the precursor to wireless? John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey, are you ever going to upgrade to RFC 2549 compliance? If you haven't already, you're behind the times by about three years! :-) John Steven A. Ridder 2/22/02 11:43:33 AM I believe you need something like access-list 101 permit tcp any any eq www you have something that permits IP protocol numbers I think. Like 6 is tcp, 17 is udp, 9 is igrp, etc.. etc... -- RFC 1149 Compliant. NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36275t=36240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Question [7:36243]
That's ok, because I'm the President of the United States (F-MLN) (Future-Most Likely Not ) :) Larry -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 2:46 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Question [7:36243] Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36263t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
Never said that I agreed with the practice. I am perfectly well aware of Cisco's stance on the subject. My message, also, did not state that I thought that it is not a big deal. Personally, if I were in a position responsible for hiring, all candidates who posted that information in their resume would automatically find themselves removed from consideration. I am proud of my own accomplishments and all of the initials that I can place behind my name are placed with the full knowledge that I have the score sheets and experience to back them up. Sincerely, Michael J. Doherty MCSE-NT4, MCSE-W2K, CCNA Certified, CCDA Certified, NREMT-P and many others that do not have initials. - Original Message - From: nrf To: Sent: Friday, February 22, 2002 2:46 PM Subject: Re: CCIE Question [7:36243] Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36262t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LLQ Configuration [7:36272]
Strangely enough, we're using LLQ to support video conferencing with Polycomm equipment. However, I don't really have any idea why you're getting that error. What routers are you using? About the only difference I can think of between our implementations is that we're setting the IP Precendence in the Polycomm units and then I'm using that to identify video traffic in the class-map instead of using an access list. That won't matter with this issue, obviously. Another trick, which I don't think is officially supported but seems to work, is to not apply the LLQ to the frame relay class directly. Simply go to the major interface and use the service-policy command there. It may not be correct, but it might accomplish your goal anyway. Also, even though it won't make a difference here, you may want to reconsider the use of fragmentation, or at least try it without it once you get this working. I've found, at lease with VoIP, that fragmentation made things worse. I'm not sure why, but it did. Regards, John Steve Manuel 2/22/02 2:05:40 PM To Group: I am working with a client who is having problems with Video Conference using Polycom Equipment. The problem is jitter and audio drops. The solution that has been suggested to us by Cisco Low Latency Queueing (LLQ) over Frame Relay. I'm not sure the release but I was told this is a new feature for Frame Relay. We were instructed to upgrade to 12.2.6a IP Plus Feature Set... We did this.. This particular client has one DLCI on the physical interface, the port speed of the interface is 768kb. This is the same for both sites that have the video equipment. Here's the configuration I put together. access-list 101 permit tcp any any range 3230 3231 access-list 101 permit udp any any range 3230 3235 class-map match-all video match access-group 101 Policy-map video-police class video priority 540 class class-default fair-queue 64 map-class frame-relay video-data no frame-relay adaptive-shaping frame-relay cir 768000 frame-relay bc 7680 frame-relay be 0 service-policy out video-police frame-relay fragment 1280 Applied to these two commands to physical interface. frame-relay traffic-shaping frame-relay class video-data Here's the error we are getting. I/f Serial0/0 DLCI 400 class video requested bandwidth 540 (kbps) Not Available Removing service policy from map-class We even tried this on a router not connected to the network at all. When you do a show run after the error the service-policy statement is removed from the map-class configuration. Does anyone have experience with LLQ or have any suggestions. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36276t=36272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
guys should keep in mind: No there is no CCIE Q or written cert. Cisco has identified you as a lab candidate. This applies to everyone on the planet. You have been invited to take the lab, if you pass the written and after that date you are still a CCIE candidate just like everyone elso on the planet. Just because you are a CCNP w/a specialization or not. you are not invited! Next there is the financial aspect for corporations (the smart one). CCIE's are expensive salaries are easily $120,000/yr plus. But, if I can get a guy just before he passes lab but after he has passed his written, I know that he is trying and his knowledge will continue to increase. I then close to lab time have a CCIE on staff, working for pennies. And I have first crack at a offer. So, thanks to the demand for CCIE's the CCIE written as you have been identified has had a little weight, not taking into account the present economy. Now there have been job posting for CCIE written, candidates, Qualification exam people. And if you feel confident enough to wear that title put what they are looking for on the resume. Now CCNP whatevers have not been identified as such by anyone on the planet. Finally it comes down to this Do you have a number behind those letters? nrf wrote: Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36277t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting DDR Brain Teaser (long and pointless ) [7:36279]
Yes this is possible exactly as you discribed. Hope fully in this scenario you have more than one bri. But, say you don't you have two B channels unless the load exceeds one of the B channels you have no problem I believe the last question is is there a priority or preempt command? Make a dialer interface and see : - ) John Neiberger wrote: I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36279t=36279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LLQ Configuration [7:36272]
I've done lot's of LLQ but never with FR. My bet however, would be than you can do LLQ on the int, for FRTS, but not both. Mike --- Mike Bernico [EMAIL PROTECTED] Illinois Century Network http://www.illinois.net (217) 557-6555 -Original Message- From: Steve Manuel [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 3:06 PM To: [EMAIL PROTECTED] Subject: LLQ Configuration [7:36272] To Group: I am working with a client who is having problems with Video Conference using Polycom Equipment. The problem is jitter and audio drops. The solution that has been suggested to us by Cisco Low Latency Queueing (LLQ) over Frame Relay. I'm not sure the release but I was told this is a new feature for Frame Relay. We were instructed to upgrade to 12.2.6a IP Plus Feature Set... We did this.. This particular client has one DLCI on the physical interface, the port speed of the interface is 768kb. This is the same for both sites that have the video equipment. Here's the configuration I put together. access-list 101 permit tcp any any range 3230 3231 access-list 101 permit udp any any range 3230 3235 class-map match-all video match access-group 101 Policy-map video-police class video priority 540 class class-default fair-queue 64 map-class frame-relay video-data no frame-relay adaptive-shaping frame-relay cir 768000 frame-relay bc 7680 frame-relay be 0 service-policy out video-police frame-relay fragment 1280 Applied to these two commands to physical interface. frame-relay traffic-shaping frame-relay class video-data Here's the error we are getting. I/f Serial0/0 DLCI 400 class video requested bandwidth 540 (kbps) Not Available Removing service policy from map-class We even tried this on a router not connected to the network at all. When you do a show run after the error the service-policy statement is removed from the map-class configuration. Does anyone have experience with LLQ or have any suggestions. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36280t=36272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting DDR Brain Teaser (long and pointless ) [7:36281]
Thanks. I knew there was a way to set the dialer priority but I just wasn't sure how it operated. I have yet to find a reference on CCO that specifies what the priority really accomplishes. If a dialer with a high priority needs to use a line but the line is being used by a dialer with a lower priority, does it simply disconnect the existing call and take over? Or, does it make use of the fast idle timer to be a little more fair? I'm still looking on CCO at the moment. Hopefully, I'll find a link that makes this more clear. Thanks again, John Tshon 2/22/02 3:07:43 PM Yes this is possible exactly as you discribed. Hope fully in this scenario you have more than one bri. But, say you don't you have two B channels unless the load exceeds one of the B channels you have no problem I believe the last question is is there a priority or preempt command? Make a dialer interface and see : - ) John Neiberger wrote: I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36281t=36281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
Inline Tshon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... guys should keep in mind: No there is no CCIE Q or written cert. Cisco has identified you as a lab candidate. This applies to everyone on the planet. You have been invited to take the lab, if you pass the written and after that date you are still a CCIE candidate just like everyone elso on the planet. Just because you are a CCNP w/a specialization or not. you are not invited! Next there is the financial aspect for corporations (the smart one). CCIE's are expensive salaries are easily $120,000/yr plus. Maybe in 1999. Not anymore. But, if I can get a guy just before he passes lab but after he has passed his written, I know that he is trying and his knowledge will continue to increase. I then close to lab time have a CCIE on staff, working for pennies. And I have first crack at a offer. If he passes, which is no sure thing. So, thanks to the demand for CCIE's the CCIE written as you have been identified has had a little weight, not taking into account the present economy. Sure, but I think to be more relevant you do indeed have to take account of the present economy. Now there have been job posting for CCIE written, candidates, Qualification exam people. And if you feel confident enough to wear that title put what they are looking for on the resume. Now CCNP whatevers have not been identified as such by anyone on the planet. Finally it comes down to this Do you have a number behind those letters? nrf wrote: Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36282t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting DDR Brain Teaser (long and pointless ) [7:36283]
I can't remember but... this also helps dialer pool-member number [priority priority] [min-link minimum] [max link maximum] - Assigns a physical interface to a dialer pool. priority priority - Sets the priority of the physical interface within the dialer pool (from 1 to 255). Interfaces with the highest priorities are selected first when dialing out. min-link minimum - Sets the minimum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). Used for dialer backup. max-link maximum - Sets the maximum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). John Neiberger wrote: Thanks. I knew there was a way to set the dialer priority but I just wasn't sure how it operated. I have yet to find a reference on CCO that specifies what the priority really accomplishes. If a dialer with a high priority needs to use a line but the line is being used by a dialer with a lower priority, does it simply disconnect the existing call and take over? Or, does it make use of the fast idle timer to be a little more fair? I'm still looking on CCO at the moment. Hopefully, I'll find a link that makes this more clear. Thanks again, John Tshon 2/22/02 3:07:43 PM Yes this is possible exactly as you discribed. Hope fully in this scenario you have more than one bri. But, say you don't you have two B channels unless the load exceeds one of the B channels you have no problem I believe the last question is is there a priority or preempt command? Make a dialer interface and see : - ) John Neiberger wrote: I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36283t=36283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting DDR Brain Teaser (long and pointless ) [7:36284]
I've been reading and I still don't see how to do it. The command you mention seems to solve a different problem. If I had a single dialer interface and two physical interfaces to choose from, the priority lets the dialer know which to try first. I have yet to see how to give one dialer interface priority over another when there is only a single BRI available. Still looking though! John Tshon 2/22/02 3:45:58 PM I can't remember but... this also helps dialer pool-member number [priority priority] [min-link minimum] [max link maximum] - Assigns a physical interface to a dialer pool. priority priority - Sets the priority of the physical interface within the dialer pool (from 1 to 255). Interfaces with the highest priorities are selected first when dialing out. min-link minimum - Sets the minimum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). Used for dialer backup. max-link maximum - Sets the maximum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). John Neiberger wrote: Thanks. I knew there was a way to set the dialer priority but I just wasn't sure how it operated. I have yet to find a reference on CCO that specifies what the priority really accomplishes. If a dialer with a high priority needs to use a line but the line is being used by a dialer with a lower priority, does it simply disconnect the existing call and take over? Or, does it make use of the fast idle timer to be a little more fair? I'm still looking on CCO at the moment. Hopefully, I'll find a link that makes this more clear. Thanks again, John Tshon 2/22/02 3:07:43 PM Yes this is possible exactly as you discribed. Hope fully in this scenario you have more than one bri. But, say you don't you have two B channels unless the load exceeds one of the B channels you have no problem I believe the last question is is there a priority or preempt command? Make a dialer interface and see : - ) John Neiberger wrote: I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36284t=36284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting DDR Brain Teaser (long and pointless ) [7:36285]
go further down... the command I sent you let you set a minimum number and max number of B channels to use there for excluding some B channels for use by another dialer profile. John Neiberger wrote: I've been reading and I still don't see how to do it. The command you mention seems to solve a different problem. If I had a single dialer interface and two physical interfaces to choose from, the priority lets the dialer know which to try first. I have yet to see how to give one dialer interface priority over another when there is only a single BRI available. Still looking though! John Tshon 2/22/02 3:45:58 PM I can't remember but... this also helps dialer pool-member number [priority priority] [min-link minimum] [max link maximum] - Assigns a physical interface to a dialer pool. priority priority - Sets the priority of the physical interface within the dialer pool (from 1 to 255). Interfaces with the highest priorities are selected first when dialing out. min-link minimum - Sets the minimum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). Used for dialer backup. max-link maximum - Sets the maximum number of ISDN B channels on an interface reserved for this dialer pool (from 1 to 255). John Neiberger wrote: Thanks. I knew there was a way to set the dialer priority but I just wasn't sure how it operated. I have yet to find a reference on CCO that specifies what the priority really accomplishes. If a dialer with a high priority needs to use a line but the line is being used by a dialer with a lower priority, does it simply disconnect the existing call and take over? Or, does it make use of the fast idle timer to be a little more fair? I'm still looking on CCO at the moment. Hopefully, I'll find a link that makes this more clear. Thanks again, John Tshon 2/22/02 3:07:43 PM Yes this is possible exactly as you discribed. Hope fully in this scenario you have more than one bri. But, say you don't you have two B channels unless the load exceeds one of the B channels you have no problem I believe the last question is is there a priority or preempt command? Make a dialer interface and see : - ) John Neiberger wrote: I was just talking to a guy I work with about this and I thought it was an interesting scenario. It was his idea and my first thought was that it wasn't possible, but then after a little more pondering I decided that it might be possible. Note: 'possible' does not mean desirable. :-)Here's the scoop: [A]-[B] | \ |\ | \ |\ | \ |\ | \ [C] --- [D] Site A is connected to B, a disaster recovery facility, via frame relay. A also has point-to-point connections to sites C and D. C and D are connected via frame relay but obviously only use the frame relay link to reach A if their own primary link goes down. C and D have ISDN connections configured to dial B in case both links to A go away (Dialer Watch). Now for the twist What if you wanted to configure C to dial D when the load on its primary link reached a certain point, yet still dial B if both point-to-point links went down? I haven't completely figured out how to do this yet, but here's a start. You might configure two Dialer profiles, one for each destination. On the major interface on C you'd configure Dialer0 as your backup interface and configure an appropriate load. When the line utilization reaches that load, the router would dial Site D. Then you might configure Dialer Watch on Dialer1 and make it dialer Site B if routes originating from Site A disappear. The difficulty is that the Dialer interface that calls Site B would have to have absolute priority. If the primary link goes down, because Dialer0 is configured as a backup it might grab the BRI first. Even if it does get there first, when Dialer Watch kicks in, we'd have to have a way to clear the line immediately so Dialer1 could dial out. Is that possible? Admittedly, I'm a bit weak on DDR of this variety, but this sounded like an interesting brain teaser. Regards, John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36285t=36285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Port Secure not working ? [7:36278]
Problem solved . port secure was to enabled! Thanks! Pierre-Alex -Original Message- From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 2:56 PM To: Cisco Subject: Port Secure not working ? I was expecting to see a FastEthernet 0/26 ENABLED after the configuration below. Instead it is disabled. Any ideas? Thanks, Pierre-Alex Switch1(config)#int f 0/26 Switch1(config-if)#port secure max-mac-count 1 Switch1(config-if)#exit Switch1(config)#address-violation suspend Switch1(config)#end Switch1#sh mac-address-table security Action upon address violation : Disable Interface Addressing Security Address Table Size Clear Address --- Ethernet 0/1 Disabled N/A No Ethernet 0/2 Disabled N/A No Ethernet 0/3 Disabled N/A No Ethernet 0/4 Disabled N/A No Ethernet 0/5 Disabled N/A No Ethernet 0/6 Disabled N/A No Ethernet 0/7 Disabled N/A No Ethernet 0/8 Disabled N/A No Ethernet 0/9 Disabled N/A No Ethernet 0/10 Disabled N/A No Ethernet 0/11 Disabled N/A No Ethernet 0/12 Disabled N/A No Ethernet 0/13 Disabled N/A No Ethernet 0/14 Disabled N/A No Ethernet 0/15 Disabled N/A No Ethernet 0/16 Disabled N/A No Ethernet 0/17 Disabled N/A No --More-- Ethernet 0/18 Disabled N/A No Ethernet 0/19 Disabled N/A No Ethernet 0/20 Disabled N/A No Ethernet 0/21 Disabled N/A No Ethernet 0/22 Disabled N/A No Ethernet 0/23 Disabled N/A No Ethernet 0/24 Disabled N/A No Ethernet 0/25 Disabled N/A No FastEthernet 0/26 Disabled N/A No FastEthernet 0/27 Disabled N/A No No Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36278t=36278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Last Minute Prayers, Advice and Tips---CSIDSPM [7:36288]
Hi all, I have just 2 hours between me and my Cisco Secure Intrusion Detection Systems with Policy Manager(CSIDSPM) version 2.1 exam. It is the last lap to my CSS1 certification. Please any last minute tips, advice and offcourse prayers would be appreciated. Send an offline message where necessary. Until I hear from you, Enjoy. Regards. Godswill Oletu CCNP,CCDP,CSS1(3/4). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36288t=36288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Question [7:36243]
I don't think employers are being fooled by somebody putting CCIE-Q on their resume. I can see a person getting into a tight spot, though, if they fraudulently try to pass themselves off as having passed the CCIE. After all, a company can just check with Cisco to make sure that a person is certified. The penalty for this infraction would be a rescinded job offer. I personally have put the phrase CCIE candidate on my resume. I am currently unemployed (Lucent shut our facility down here in Raleigh) and actively seeking employment. I have put that phrase on my resume to let employers know that, although I am out of work, I am not sitting around twittling my thumbs waiting for a job to fall out of the sky. In addition, it will create a scenario where interviewers will ask my about my networking knowledge. My full-time job right now is studying for the CCIE. My lab exam is on May 2nd. Hope I pass it!!! :-) nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco has made it clear that passing the written -CCIE exam does not get you a certificate in itself. Only by passing both the written and the lab do you obtain a cert. I don't know how it came to be acceptable that people can claim a certificate that doesn't exist. While you might say that it's not really a big deal - after all, the written is an exam, so it 'sort-of' is like a cert, so what's the harm in pretending that it's another cert? Well, the real problem is that if people are allowed to make up a CCIE-Q cert that doesn't exist, then what's to stop them from making up other qualifications that don't exist? It's the classic slippery slope. For example, if the CCIE-Q becomes an accepted pseudo-cert, then later somebody will inevitably say they have a CCIE-A, because they (A)ttempted the written (but didn't pass). Or a CCIE-F for somebody who's never even seen a router in his life, but has heard about the CCIE program and is thinking about doing it in the (F)uture. Or heck, how about a Bachelor's Degree-(F) for somebody who's never stepped into a classroom in his life, but might do it in the future. I don't know about you, but I hold a Ph.D-(F), an MBA-(F), a Law-degree-(F), and a Medical-degree-(F), all from Harvard. Michael J. Doherty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It seems to be common these days to use that abbreviation to mean that the individual has taken, and passed, the Written exam, but not yet challenged/passed the Lab. As for me, personally, when I get to that point, I do not plan on advertising it in this manner. If it comes up in an interview question, I would answer it. But, I refuse to put any certification on my resume until I can honestly claim the entire title. - Original Message - From: Brian Zeitz To: Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36290t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed ccie-security written exam!! [7:36268]
I passed the CCIE security qualification exam today. I'm very excited about this. My main study guides were: CCIE Security Written Exam Workbook (http://www.ccbootcamp.com/secexamwkbk.asp) -- I consider this a *must have* CSIDS Book CSVPN Book (The first few chapters were the best) MCNS Book CCIE Exam Cram (The regular R/S one was great to review *IP* routing and switching topics) Vconsole CCIE Security exam simulation, another must have (http://www.ccbootcamp.com/secpractest.asp) I also read and studied several white papers on IPSec and VPNs from CCO... general security info from NIST and others. I also used the Boson CCIE-Security exam simulation; my advice on this one is don't waste your money. In case anyone is interested I have over six years of experience in networking and security. I'm also a CISSP. I'm looking forward to the lab challenge. I just ordered a lab subscription from hellocomputers.com Good luck in YOUR endeavors! Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36268t=36268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP helper-address, domain browsing amp;amp; N [7:36089]
I am going to venture a guess :- According to MS NT's static ports assignment, TCP: 42 is for WINS replication, perhaps by changing this statetment from ip nat inside source static 10.0.3.40 xxx.xxx.xxx.156 extendable to ip nat inside source static 10.0.3.40 42 xxx.xxx.xxx.156 42 extendable may solve the problem. However, according to MS two other ports are also used in WINS functions: TCP:135 for WINS Manager and TCP:137 for WINS Registration. Interest to know if this helps. Kurdziel Peter wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know of any issues using the IP helper-address and domain browsing while using NAT? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36220t=36089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP helper-address, domain browsing amp;amp; N [7:36089]
Is Nat on on the NJ router? If so, just Nat from CA only. -- RFC 1149 Compliant. Kurdziel Peter wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know of any issues using the IP helper-address and domain browsing while using NAT? I have 2 locations, CA and NJ. CA has a connection to the internet, NJ does not. CA and NJ are connected via a point-to-point link via their serial insterfaces. With the help of NATting NJ now is able to access the internet via the router in CA. My problem is that I need the servers at each location to replicate their WINS databases. To try and solve this issues I added IP Helper-adress to the serial point to point link on both side. If I remove the ip nat inside or the ip nat outside command from either the fastethernet or the serail interfaces I can broswe the domain and replicate the Wins database in either location. But the NJ location does not have internet access. What do I need to do to enable both browsing to and from either location and Internet access at both locations. Here is a copy of my config from both locations. hostname California ! enable secret ! ! ! ! ! memory-size iomem 25 ip subnet-zero ! ! ! ! interface Serial0 description Connection to ISP ip address 10.0.10.1 255.255.255.252 ip nat outside no fair-queue interface Serial1 description point to point t1 to New Jersey ip address 192.168.254.2 255.255.255.252 ip helper-address 10.0.3.40 ***Server's IP in New Jersey* no fair-queue ! interface FastEthernet0 ip address 10.0.2.1 255.255.255.0 secondary ip address xxx.xxx.xxx.155 255.255.255.248 ip nat inside speed auto ! ip nat pool local xxx.xxx.xxx.155 xxx.xxx.xxx.155 prefix-length 28 ip nat inside source list 1 pool local overload ip nat inside source static 10.0.3.40 xxx.xxx.xxx.156 extendable ip classless ip route 0.0.0.0 0.0.0.0 serial0 ip route 10.0.3.0 255.255.255.0 192.168.254.1 ip route xxx.xxx.xxx.0 255.255.255.248 192.168.254.1 no ip http server ! access-list 1 permit 10.0.2.0 0.0.0.255 ! line con 0 password line aux 0 password line vty 0 4 password ! end hostname NewJersy ! enable secret ! ! ! ! ! memory-size iomem 25 ip subnet-zero ! ! ! ! interface Serial0 description point to point t1 to California ip address 192.168.254.1 255.255.255.252 ip nat outside no fair-queue service-module t1 timeslots 1-24 ! interface FastEthernet0 ip address 10.0.3.1 255.255.255.0 secondary ip address xxx.xxx.xxx.46 255.255.255.248 ip helper-address 10.0.2.9 ***Server's IP in California* ip nat inside speed auto ! ip nat pool local xxx.xxx.xxx.46 xxx.xxx.xxx.46 prefix-length 28 ip nat inside source list 1 pool local overload ip nat inside source static 10.0.3.40 xxx.xxx.xxx.45 extendable ip classless ip route 0.0.0.0 0.0.0.0 192.168.254.2 no ip http server ! access-list 1 permit 10.0.3.0 0.0.0.255 ! line con 0 password line aux 0 password line vty 0 4 password ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36204t=36089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dennis Laganiere's rif examples [7:36228]
actually Dennis has a book out with ccbootcamp. you can find it on amazon isbn #1931881006. I went to a class that Dennis put on and he helped me understand all about bridging and RIF's. This book is a good asset to have in your CCIE library..i also have that book reviewed on amazon. -Original Message- From: Eric Mwambaji [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 11:18 AM To: [EMAIL PROTECTED] Subject: Dennis Laganiere's rif examples [7:36228] Does anyone have a url to Dennis Laganiere's rif examples? I almost have this RIF thing down but I could use a few more examples. Eric CCNP __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36235t=36228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
IMO, there is no reason for any organization connected to the Internet not to run IDS. There is an increasing trend in the security arena away from formal risk analysis/cost benefit methodologies towards one of implementing best practices. There are several reasons for this: 1) Formal risk analysis methodologies generally take a long time and cost a lot of money. There are abbreviated versions of the process, but it's still a significant effort to do these correctly. 2) In the end, the effort may not be all that helpful. The problem is that a risk analysis is based on cost/benefit numbers that don't really map to hackers and vandals. You may not consider your web server to be worth much since it has only public data, but it may be very valuable to someone who can use it to attack other sites. Also, it is nearly impossible to weigh the risk of a loss of customer confidence in your company. If your site is publicly compromised, it doesn't matter much whether companies do financial transactions through your web-site or not, they probably will have a very dim view of your organization if you can't keep your web site secure. 3) There are efforts underway to formalize best practices for security for anyone connected to the Internet. (for example, see http://www.cisecurity.org/) It is logical to assume that as these efforts become widespread, a company may very well be held financially responsible if they do not follow these practices under traditional business standards of due care. If your site is compromised and is used to compromise other sites, it is likely you will be sued and lose. If your site becomes a warez site, software companies may sue you for supporting piracy, and you will lose. There is simply too much information on good security practices and too many open source tools that can be deployed for almost zero cost for any organization to continue to claim ignorance or budget as an excuse for not implementing basic security measures. Given this, the question is not should someone deploy IDS, the question is what IDS should we deploy. Snort is an excellent choice for the cost and has a sizable installed base of admins to help newbies. If budget permits, there are lot's of decent products to choose from and one can certainly mix and match open source with commercial tools to suit almost any budget. Regards, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Thursday, February 21, 2002 7:15 AM To: [EMAIL PROTECTED] Subject: Re: Should I buy IDS ? [7:36053] Well...it depends on how secure you want your network! The size is completely irrelevant... if you own a medical practice with patient data floating around your network and you only have 10 computers, with 4 of them offering some type of internet service through the firewal,etc etc... then I would say yes...ids is important... if you own jokenetwork.com and you have 50,000 machines trading jokes all day, are you worried about sombody stealing your jokes? probably not... If you do decide to implement some type of ids, look at http://www.lids.org/ remember signature based ids are signature based ids regardless of company and price as long as you have a constant way to update signatures, you should be fine. To supplement your signature based design, though check out www.lancope.com ...They have an AWESOME supplement to signature based systems. Even though there box will trigger on some signature based attacks, it is not meant to trigger on them as soon as they happenThis is why I say it is a supplement and not a complete kit. Of course...a good security policy would help you decide on what you need! :) http://www.sans.org/newlook/resources/policies/policies.htm#template -Patrick ps. if you run tons of data through your internet connection (45mb plus) or your ids is from backbone to backbone, I would stay away from LIDS unless you have a BADA$$ machine to run it on... :) Arni V. Skarphedinsson 02/21/02 09:32AM I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or
RE: What after CCNA?? [7:36215]
The CCDA is only one more exam and gets you another certification. I'm sure it's possible to pass the CCNP without access to lab equipment, but you'd be doing yourself a huge disservice by attempting it. If you want to go after the CCNP exams, consider looking for a CCNP Network Academy site in your area. You'll almost always end up paying less then you would for a CCNP bootcamp, and since most CCNP academies are community colleges, you may be able to swing financial aid as well. There's an academy locator at http://cisco.netacad.net. Good luck, Hal -Original Message- From: Gandre Amit [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 10:47 AM To: [EMAIL PROTECTED] Subject: What after CCNA?? [7:36215] Hi I got through my CCNA yesterday and I am looking forward to taking other certifications. I had the CCDA and CCNP in mind. I am not sure though which one to take. Also, if there is a Cisco certification that deals with Security, I would like to do that. Another factor is that, I do not have the money to pay for any courses and so this is going to be self study. Woudl anyone recommend doing CCNP or any higher security certification without a course or access to a lab.. BTW has anyone taken the SSCP and if so what books did u use.. Please advice. Amit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36226t=36215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CISCO INTERNSHIP.....CCIE..... [7:36091]
That's cool of you to give that tip, Larry. How about giving such tips for all members of this group for different areas of the country?? From: Larry Letterman Reply-To: Larry Letterman To: [EMAIL PROTECTED] Subject: RE: CISCO INTERNSHIP.CCIE. [7:36091] Date: Fri, 22 Feb 2002 02:19:58 -0500 there are some positions at Bank one in Illinois and ohio.. if your interested.. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marc Maxwell Sent: Thursday, February 21, 2002 9:45 PM To: [EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091] ONe would hope that would be factored in. The high cost of living here, still doesn't automatically raise salaries I am afraid. The bootcamps eventually lower everyone's salary since they are churning out armies of 'qualified' people, that look somewhat the same on paper to many recruiters. At the moment there seem to be NO jobs for networking in the SF Bay area. I have 5+ years experience, consulting exp, network design, security, etc. I am currently teaching a Cisco class as well. Although I have made a lot more when the economy was better, I would LOVE to interview for a 50k job at the moment! Desperately yours, Marc Maxwell CCNA/MCSE/A+ From: Steven A. Ridder Reply-To: Steven A. Ridder To: [EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091] Date: Thu, 21 Feb 2002 18:37:34 -0500 In MA we have a high cost of living, so maybe that explains it. Larry Letterman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would have to assume that your ccna candidates are paid well then..Most places in the midwest pay ccnp people about 60K or so...as far as training I have not been seeing many people in the last few classes I have attended. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Thursday, February 21, 2002 1:35 PM To: [EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091] Well in the good old days of the economy, I made more than that even before becoming a CCNA. I would never settle for 50k, even in this econ., especially as a CCIE. Plus, a CCIE IMO should already have exp., and lots of it. Otherwise it defeats the purpose of becoming a CCIE - cisco certified internet EXPERT! -- RFC 1149 Compliant. Sean Knox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A CCNA with little or no experience? Hardly. He's lucky to even land a job right now. I think this intern program is aimed at people new to the field. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 12:50 PM To: [EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091] A CCNA makes more than 50k. And you wouldn't have to pay your company to work for them and get training. Most companies pay you and pay for your training. -- RFC 1149 Compliant. Sean Knox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've taken some classes at ICTP. From what I gather, their CCIE intern program works like this: you sign up for their CCIE program (which is not cheap I should add) and when you pass your CCIE written/lab (I vaguely remember that the CCIE written pass is all you need), you can work as a subcontractor for ICTP. You make substantially less money than a CCIE is worth, (I believe around $50,000, don't quote me on that) but for those with little or no experience (i.e., people enrolling in this program), it works out really well. Hopefully Mr. Lee could explain the program more in detail. - Sean -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 11:34 AM To: [EMAIL PROTECTED] Subject: Re: CISCO INTERNSHIP.CCIE. [7:36091] Perhaps its a new look on recruiting, they train u, get a slice of the dough for awhile?? Just speculating of course.. Brian On Thu, 21 Feb 2002, Cisco Nuts wrote: And upon finishing the program, how many years of slavery will we unfortunate ones be indebted to your gracious company? :-) Can you clarify this?? From: Jason Lee Reply-To: Jason Lee To: [EMAIL PROTECTED] Subject: CISCO INTERNSHIP.CCIE. [7:36091] Date: Thu, 21 Feb 2002 13:40:20 -0500 Hi all, My name is Jason Lee I currently work for ICTP located in anaheim california we are currently looking for few candidates to go through our very intense
Re: What after CCNA?? [7:36215]
You can do all but the CCIE just by reading and having a good networking background, however, if you've never touched a Cisco router it will be much more difficult. A good source of free study guides/cheat sheets (or whatever you wanna call them) can be obtained from http://www.gdd.net HTH! Clayton Dukes CCNA, CCDA, CCDP, CCNP, NCC (h) 904-292-1881 (c) 904-477-7825 #rm -rf /bin/laden #kill -9 /bin/laden - Original Message - From: Gandre Amit To: Sent: Friday, February 22, 2002 10:46 AM Subject: What after CCNA?? [7:36215] Hi I got through my CCNA yesterday and I am looking forward to taking other certifications. I had the CCDA and CCNP in mind. I am not sure though which one to take. Also, if there is a Cisco certification that deals with Security, I would like to do that. Another factor is that, I do not have the money to pay for any courses and so this is going to be self study. Woudl anyone recommend doing CCNP or any higher security certification without a course or access to a lab.. BTW has anyone taken the SSCP and if so what books did u use.. Please advice. Amit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36222t=36215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Question [7:36243]
Oh I am not a recruiter, I just read something on the net. Can I put CCNP(q) when/if I pass my routing exam. Ha ha, just kidding! I know there is a few kinds of CCIE, Security, and SR. Though maybe the (Q) was for QOS. Nevermind :) -Original Message- From: Brad Ellis [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 1:57 PM To: Brian Zeitz Subject: Re: CCIE Question [7:36243] it means they only passed the qualification exam. they should not be putting CCIE on their resume at all. toss it! :) thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net 22 1-Day Lab Scenarios Now Shipping: http://www.ccbootcamp.com/quicklinks.html Voice: 248-299-7789 FAX: 509-271-9288 - Original Message - From: Brian Zeitz Newsgroups: groupstudy.cisco Sent: Friday, February 22, 2002 1:54 PM Subject: CCIE Question [7:36243] I saw a resume with CCIE (Q) after their name, what is the Q mean? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36245t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: passed ccie-security written exam!! [7:36268]
Great job man. I'm taking the RS written in a couple weeks. I hope I can do just as well and post a message like that. I'm really getting nervous about my test. (I'm paying for it out of my own pocket) TC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36291t=36268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anybody read this book? [7:36292]
Hi All, Did anybody give a look to new book from Doyle? Is it good enough resource for JNCIS or need some supllement? http://www.amazon.com/exec/obidos/ASIN/0072194812/junipernetwor-20/103-2737968-0643821 Thanks, Shahid = Shahid Muhammad Shafi Every man dies; not every man really lives Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36292t=36292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Q on FR spoke configuration. [7:36293]
Hi all, Can somebody clarify me the following : 1. In a Hub-Spoke configuration of FR network, what is the appropriate configuration on the spoke side when it is a (a) Physical Interface : FR map statements / Interface-dlci (b) Point-Point interface :I am pretty sure it is Interface-dlci config. (c)Multipoint interface :FR map / Interface-dlci ( I know it doesn't mean much by making a spoke to be a multipoint interface, but lets keep for argument sake..) Thanks, Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36293t=36293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Detection Utility [7:36248]
you might be surprised... I'm currently involved with a couple of universities, in the sales process. of the three campuses with which I have been engaged, all are using public IP space on their inside network, and from here in my study, using my personal IP connection, I can ping just about every IP address I try on their inside networks, supposedly behind firewalls... It would appear, then, that these colleges have just such a policy - forbidding NAT. ;- I kid you not. I was speaking with one of my associates the other day about one of these campuses, and he told me he was able to set up an OSPF adjacency with one of the routers on the inside network. Amazing!! Chuck Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... dynamic nat a security breach? I was under the impression that dynamic was a security practice?and if you are speaking of static nat, well darn...that's you guys... -Patrick Kwame 02/22/02 02:04PM Anyone know of a tool for detecting NAT activity on the network. I work in a large university and we've instituted a policy against nat especially in the dorms due to some very serious security breaches. Is there anything out there that can remotely detect a nat operation? Thanks. Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36294t=36248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please help me answer this question [7:36295]
1. Which of the following customers can probably meet their security requirements with a simple firewall system? A. Company ABC wants to make sure customers can see public marketing data but not proprietary sales figures. B. University ABC want to make sure students can see but not change their grades in administrative database. C. Company XYZ wants to make sure employees do not download software from unauthorized site. D. University XYZ wants to make sure that public central software developed at the university stops working after a period of time if the user does not pay shareware fees. = I think C is right. But some people think A. What do you think? Why? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36295t=36295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please help me answer this question [7:36295]
I think you're a bad boy, and you know exactly what I mean. Chuck Love Cisco wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1. Which of the following customers can probably meet their security requirements with a simple firewall system? A. Company ABC wants to make sure customers can see public marketing data but not proprietary sales figures. B. University ABC want to make sure students can see but not change their grades in administrative database. C. Company XYZ wants to make sure employees do not download software from unauthorized site. D. University XYZ wants to make sure that public central software developed at the university stops working after a period of time if the user does not pay shareware fees. = I think C is right. But some people think A. What do you think? Why? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36296t=36295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Please help me answer this question [7:36295]
Chuck, I was thinking exactly the same thing! John Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Fri, 22 Feb 2002, Chuck ([EMAIL PROTECTED]) wrote: I think you're a bad boy, and you know exactly what I mean. Chuck Love Cisco wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1. Which of the following customers can probably meet their security requirements with a simple firewall system? A. Company ABC wants to make sure customers can see public marketing data but not proprietary sales figures. B. University ABC want to make sure students can see but not change their grades in administrative database. C. Company XYZ wants to make sure employees do not download software from unauthorized site. D. University XYZ wants to make sure that public central software developed at the university stops working after a period of time if the user does not pay shareware fees. = I think C is right. But some people think A. What do you think? Why? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36297t=36295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO INTERNSHIP.....CCIE..... [7:36091]
The idiots never stop. Why waste your time and effort on a wanker special like Mr. Lee advertises. For that kind of money you can buy your own lab and pay for the lab exam several times and even have money left over for headhunters or even moving expenses. May ICTP truly go fast into bankruptcy! On 21 Feb 2002 13:40:22 -0500, [EMAIL PROTECTED] (Jason Lee) wrote: Hi all, My name is Jason Lee I currently work for ICTP located in anaheim california we are currently looking for few candidates to go through our very intense cisco training, also to note that upon finishing the program CEA (cisco expert academy)you can be eligible for an internship... we have information session going on every other friday, so if this sounds interesting to you, or if you need a lab to study for the ccie or ccnp please give me a call. Jason Lee IT specialist 714-783-1083 www.ICTP.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36298t=36091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless MAN coverage [7:36223]
Is this legal ? I would think that you could run into legal issues as 2.4Gig is also used by lots of other devices and there is potential problem with increase the power to deal with such a requirement. Sites, Bob wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone setup or can you point me to a wireless solution for an entire metro area? I have a hospital that we would like to link 10+ offices within a 15 mile radius. I've had good success with the Aironet 340 series, but at this point we need something more geared towards a wide coverage area, rather than point to point. Any ideas would be appreciated. Bob Sites System Engineer Valley Health System (IS) [EMAIL PROTECTED] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36299t=36223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]