Re: access-list performance degradation [7:42416]

[ira]

Thanks Michael and Chris.

It was about an extended acl.
The last entry is an explicit permit.
I will keep an eye on the performance degradation, as
the traffic can be upto E1 and constant.
It's generally internet traffic.
if i'll have time i'll test it in a lab config.
I'll post the results.

Thanks again,
Ira 


__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42416&t=42416
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX and AAA [7:42302]

[Patrick Donlon]

Thanks for the replies, I only want to authenticate admininistrators on the
PIX, will let you know how I get on

Cheers

Pat



--

email me on : [EMAIL PROTECTED]

""nrf""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In such a situation, authorization would be achieved by writing a bunch of
> access-lists on the Pix.  Then, you designate those particular
access-lists
> within the radius server for individual users.  For example, let's say you
> have a user called billclinton, and you want to restrict his access to
> certain websites.  So you write an access-list that does that, and then in
> his radius profile, you "call" that access-list.
>
> This works when you are doing straight authentication through the Pix
> directly.  I have never tried it through a VPN.
>
>
> ""Darren Mitchelmore""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > NRF.
> >
> > I am just about to setup a PIX 515 with the Cisco VPN client and the ias
(
> > WIN2K RADIUS SERVER ). From my understanding the VPN client has a group
> > login then the user will be prompted for a username/password that the
> > PIX will pass to the IAS server using Radius. That will be authenticated
> > against the Win username / password database (used to be called SAM ??)
on
> > the IAS server.
> >
> > I believe that this is authentication. Not sure how authorisation is
> > achieved. How do you tie in the access-list
> > to that individual user ??
> >
> > Is this the setup you have got going ??
> >
> > Do you have any problems implementing it ??
> >
> > PS - I have setup PIXs before but only with simple policies...
> >
> > Best Regards,
> > Darren M
> >
> >
> >
> >
> > > -Original Message-
> > > From: nrf [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, April 24, 2002 3:57 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: PIX and AAA [7:42302]
> > >
> > > Well, actually, the Pix does support a very limited amount of Radius
> > > authorization.  It's only for users going through the Pix, not
> > > administrators of the Pix.  And the authorization 'capabilities' only
> > > allow
> > > you to invoke existing access-lists on the Pix for certain users, so,
> like
> > > I
> > > said, it's very limited.  Still, the capability exists.
> > >
> > >
> http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/mn
> > > ga
> > > cl.htm#xtocid10
> > >
> > >
> > > ""Georg Pauwen""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Paul, Tim, Patrick,
> > > >
> > > > you guys are good ! You are right, I wasn4t specific enough in what
I
> > > said:
> > > > PIX does support RADIUS, but it does NOT support RADIUS
Authorization
> :)
> > > >
> > > > Regards,
> > > >
> > > > Georg
> > > >
> > > >
> > > > >From: "Paul Borghese"
> > > > >To: "Georg Pauwen" ,
> > > > >Subject: Re: PIX and AAA [7:42302]
> > > > >Date: Tue, 23 Apr 2002 10:03:43 -0400
> > > > >
> > > > >The pix does support radius.  I am using it for a small client to
> > > > >authenticate PPTP connections using the Microsoft 2000 Radius
server.
> > > > >
> > > > >Paul Borghese
> > > > >- Original Message -
> > > > >From: "Georg Pauwen"
> > > > >To:
> > > > >Sent: Tuesday, April 23, 2002 7:16 AM
> > > > >Subject: RE: PIX and AAA [7:42302]
> > > > >
> > > > >
> > > > > > Hi Patrick,
> > > > > >
> > > > > > yes, aaa is fully supported on the PIX (remember, though, that
the
> > > PIX
> > > > >does
> > > > > > not support RADIUS). Follow this link for a command overview of
> aaa
> > > on
> > > > >the
> > > > > > PIX:
> > > > > >
> > > > > >
> > > >
> > >
> >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/a
> > > b.
> > > h
> > > > >tm#xtocid3
> > > > > >
> > > > > > Regards,
> > > > > >
> > > > > > Georg
> > > > _
> > > > Chat with friends online, try MSN Messenger:
http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42417&t=42302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Please confirm (conf#4876df1d06279d984daa3fc1756f109a) [7:42419]

[Dejan Ristovski]

4876df1d06279d984daa3fc1756f109a




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42419&t=42419
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2 2501 and 2610 for sale [7:42421]

[Terence]

Hello,
  I have 2 2501's and a 2610 all with the lastest ios (12.x) for sale. All
are in great condition. also comes with a DTE/DCE cable for frame simulation
pwer cords and transceiver's. All for $950. If intrested email me at
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42421&t=42421
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Security advice - opening ports other than 80 and 443 in [7:42422]

[Kelly Cobean]

This is where the use of DMZ networks comes into play.  Typically, for any
host that a firewall permits inbound TCP connections to, a DMZ segment is a
good home.  To use PIX-speak, you would place the exposed box on a
"medium-security" interface so that your internal network(s) on your
"high-security" interface can initiate connections to the box (high -->
medium), but the box cannot initiate connections in to your internal network
(medium --> high).  And of course, your "low-security" interface (typically
your internet facing interface) can only initiate the connections that you
explicitly permit.  This creates a safety net where if your DMZ host becomes
compromised, it has no access to wreak havoc on your network.

I personally would never trust a software vendor to be honest about the
stability or hackability of their product.  After all, they are under no
liability regarding such things once the product has been sold to you (their
only liability is, of course, their reputation.)  We treat any system that
has internet exposed ports as a threat to our internal systems and require
it to exist on the DMZ.  Furthermore, before that hardware can return to the
internal network, destruction of the O/S  is required so that it doesn't
bring any destructive payload with it.

HTH,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an AT&T company

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brown, M
Sent: Tuesday, April 23, 2002 12:00 PM
To: [EMAIL PROTECTED]
Subject: Security advice - opening ports other than 80 and 443 in the
[7:42333]


Certain application requires port other than 80 or 443 opened in the
firewall for inbound and outbound traffic. The firewall was configured to
allow traffic to that specific server ip address.

The software vendor argues "that the worst scenario could be that hackers
could bring the server down. No other significant would be possible. "

 Is that true  ?

How risky is that to my network ?  I would like to secure that connection
using CA from the company and IPSec. The software vendor argues that is not
necessary.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42422&t=42422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TAC [7:42141]

[Stephen Manuel]

Group,

Sorry to be a little late to the topic, but I've not kept up lately :-)

About 1 year ago I left a company that provided a TAC for Cisco, I don't
know if alot of people
know it or not, but Cisco outsources alot of the TAC support. When I worked
at the TAC we were rated
on two things, the number of cases closed and our Bingo Score. The Bingo
score is you average rating from
the surveys each of you have gotten when a case is closed. They're were
small monetary rewards for having
the highest number of closed cases accompanied by the number of High 5 Bingo
scores you had received. BTW, a HIGH 5
Bingo is when a customer gave you all 5's on the survey.

What happens alot is the lesser quality engineers who have been lazy all
month, all of a sudden get serious
at the end of the month realizing they don't have the cases closed numbers
and start taking and immediately closing
the cases, only to have them reopened later by another engineer, eventually
this catches up to the person but it went
on alot more frequently that it should have.

Another thing that happens for instance, the team I worked on initially
supported the 1600-3600 Routers for ISDN,
Frame-Relay, NAT, Access-lists, and other general purpose IOS issues. In the
span of a week, management said you
will start getting 700 router cases, my team got about 1 hour's worth of
training and then were charged with solving 700
cases, of course the 700 router is a completely different IOS which took a
little while to get use to.

I suspect that's what happened, a team was given a new techonology to
support, received little training and then were
asked to start solving cases and maintain the same Bingo Scores, etc

The reason I left the TAC I worked for was monetary, the pay was low, but
the experience was invaluable.

Hope this helps.

Stephen Manuel



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steven A. Ridder
Sent: Sunday, April 21, 2002 9:10 PM
To: [EMAIL PROTECTED]
Subject: Re: TAC [7:42141]


What I meant was in the past, I have opened up cases for customers on a
weekday, then come a weekend, the TAC engineer is gone until the next Mon.
I was just curious if this was the norm.


""Chuck""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I would presume that if you have a 7x24 onsite contract, you could expect
> engineering support on a weekend.
>
> Do you mean someone looking at configurations, checking for bugs,
replacing
> failed hardware, what specifically?
>
>
>
>
> ""Steven A. Ridder""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Has anyone ever had TAC work on a weekend?  How can I get an engineer on
a
> > weekend if I ever needed one?
> >
> > --
> >
> > RFC 1149 Compliant.
> > Get in my head:
> > http://sar.dynu.com
> >
> >
> > ""Craig Columbus""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > In my experience, either side can close the case.
> > >
> > > I've had TAC close cases that were not even close to being resolved.
I
> > > assume that there's some type of reward structure for closing cases
> > quickly.
> > >
> > > On another topic, has anyone had the experience that TAC is perhaps
> > > slipping a bit when it comes to the quality of the first line
engineers?
> > I
> > > don't remember having any problems with TAC until about the time
Cisco's
> > > stock price started seriously dropping.  Since that time, I've had
> several
> > > occurrences where I've had extremely rude and/or incompetent people
> > > initially handle my TAC cases.  In each instance, I've had to get rude
> > back
> > > and insist that they drop the case and transfer me to their
> > > supervisor.  Once transferred, I got the superior TAC support that I'm
> > used
> > > to.  I spoke with a colleague about this, and he told me that he's had
> > > exactly the same experience.  What's been your experience?  Has this
> > > happened with increasing frequency to any of you?
> > >
> > > Craig
> > >
> > >
> > >
> > > At 10:28 AM 4/21/2002 -0400, you wrote:
> > > >You have worked with TAC on a case. The problem is resolved.
> > > >
> > > >Who will close the case? The TAC engineer or the customer
> > > >
> > > >Thanks,
> > > >
> > > >Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42423&t=42141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP - Reliability and Load Dynamic? [7:42406]

[Howard C. Berkowitz]

At 12:10 AM -0400 4/24/02, Kevin Jones wrote:
>Hello everyone,
>
>I have a question that I have been struggling with for quite some time.  Are
>the reliability and load metrics in EIGRP (or IGRP for that matter)
>dynamically learned?  If so, why do we manually assign values like we do for
>bandwidth and delay.  I have searched numerous Cisco white papers and have
>found only one article where it mentions the two as being dynamically
>learned.  Since I have not found any others that mention it, I am starting
>to feel that the one article is a typo (or I am just not understanding it
>the way it is worded).  I would think that if they were dynamically learned,
>then there would be more information about the process.  No other routing
>protocol is able to detect such statistics on the fly (to my knowledge).  I
>understand that dynamic detection might not be a good thing, esp. if the
>reliability and load were constantly changing, but never-the-less there
>should be more info somewhere.
>
>If you can find more than one specific white paper and lead me to them, I
>would appreciate it.
>
>Thank you,
>
>Kevin Jones
>CCNA, CCDA, CCNP, CCDP
>A+, Net+, I-Net+

First, practical advice -- don't use them!

Second, when you use them in redistribution, remember you are 
redistributing from another protocol that doesn't collect the (E)IGRP 
statistics. So, at best, you have to approximate the values at the 
entry to the (E)IGRP command.

Third, when you configure them with metric weight, you are specifying 
weighting coefficients to be applied to the dynamically measured 
information.

The best writeup I know is in Alex Zinin's book, Cisco IP Routing.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42424&t=42406
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Source Route Transparent Bridging [7:42326]

[Johnny Routin]

The first value in your source-bridge transparent is your virtual ring group
and should match whatever you put in the source-bridge ring-group command.

The syntax is.

source-bridge transparent ring-group pseudo-ring bridge-number tb-group

  Parameter  Description
  ring-group  Virtual ring group created by the source-bridge ring-group
command. This is the source-bridge virtual ring to associate with the
transparent bridge group. This ring group number must match the number
specified with the source-bridge ring-group command. The valid range is 1 to
4095.
  pseudo-ring  Ring number used to represent the transparent bridging
domain to the source-route bridged domain. This number must be a unique
number that is not used by any other ring in the source-route bridged
network.
  bridge-number  Bridge number of the bridge that leads to the
transparent bridging domain, from a Token Ring source-routed point of view.
  tb-group  Number of the transparent bridge group that you want tied
into the source-route bridged domain. The no form of this command disables
this feature.


http://www.cisco.com/warp/public/100/48.shtml

HTH... JR

--
Johnny Routin
The "Routin" One




""Richard Botham""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
> I have a question to try and straighten out source route transparent
bridging
> r1 and r2 are connected to a 3920
> r2 and r3 and connected by a cat5
>
> --- - ---   ---
>|r1 |---|tr bridge|---|r2 |--e/net--|r3 |
> --- - ---   ---
>trcrf2trbrf 1 trcrf2bridge group 10
> tr V/ring 1000
>
> In the scenario above when we are using soure route transparent bridging
> the trbrf is 1 , the trcrf is 2 and the ethernet bridge group is 10.
>
> There is a Token ring Virtual ring of 1000 configured using source-bridge
> ring-group 1000
>
> All numbers are in decimal!
>
> If I configure source-bridge transparent 1000 1 1000 10 I need to know if
> the first 1 in the config line is mean't to refer to the trbrf number
> confgured on the 3920 or is this just an arbitrary number to link the
token
> ring source-bridge ring (1000) to the ethernet virtual ring (1000) in
order
> that they can both talk.
>
> Hope someone can clear this up for me
>
>
> Regards
> Richard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42426&t=42326
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Scenario Design: Comments Invited [7:41992]

[Kelly Cobean]

Is it just me, or does Mr. Strobel have some serious anger management
issues?  It seems that almost every post I see from him is a derogatory or
inflamatory message.  I guess some people get through their day by finding
the negative things to focus on, but gee, I'll bet that makes the road to
CCIE (or whatever your pursuits are) a long one.

Howard, this has been a thought provoking thread, and I hope that, unlike
Mr. Strobel, I can contribute something that might further your discussion
of learning and preparation for something as monumental (at least in my
eyes) as the CCIE Lab.  I for one respect the fact that having a
certification is not a qualifier for someone to be able to teach or test
others on the material which is the focus of the certification.  Years of
experience in the field, specializations in teaching methodology, etc. are
all things that make people justified teachers and trainers.  I'll take
every crumb that falls off your plate, Howard.  Thanks again for your time.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an AT&T company

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 19, 2002 10:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Scenario Design: Comments Invited [7:41992]


Hey Larry,

Why don't you take the weekends off and start wasting the bandwidth on
Mondays
when you are on Cisco's clock?

A Strobel

Quoting Larry Letterman :

> Another somewhat one sided approach by Stroebel...
> Maybe one day he'll get the names and faces together with
> the issues.
>
> Larry Letterman
> Cisco Systems
> [EMAIL PROTECTED]

-_-_-_ Mail3000 gives you 30 Megs of Email space free -_-_-
This mail sent through http://mail3000.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42425&t=41992
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Please help!!! [7:42411]

[Wallace Lee]

Hunt,
I guess you don't have the 203.147.154.0 route in the middle router.
however, you have a
defaut route in it. So, you will experience a routing loop. Check you tunnel
configuration as well. see the following from u :

 I have an OSPF connectivity problem.  I have 3 routers as follows:
>
>   OSPF Area 203.147.188.0 OSPF Area 0
> Gw1.bne2   Gw2.bne ---Gw1.bne
>
> Gw1.bne2 is connecting to Gw2.bne with Serial 0/0:0 (203.147.255.186 /30)
> Gw2.bne is connecting back to Gw1.bne2 with Serial 0/0:0 (203.147.255.185
> /30)
>
> Gw2.bne is also connected to Gw1.bne with FastEth 0/0 (202.139.236.2 /24)
> Gw1.bne is connecting back to Gw2.bne with FastEth 0/1 (202.139.236.254
/24)
>
> Now I have 5 static routes at Gw1.bne2 (the left most Router) that I want
to
> redistributed into OSPF.
>
> ip route 203.147.154.0 255.255.255.128 203.147.188.65
> ip route 203.147.154.128 255.255.255.248 203.147.188.68
> ip route 203.147.154.136 255.255.255.248 203.147.188.69
> ip route 203.147.154.144 255.255.255.252 203.147.188.66
> ip route 203.147.154.148 255.255.255.252 203.147.188.67
>
> controller E1 0/0
>  channel-group 0 timeslots 1-31
> !
> !
> interface Tunnel0
>  description BNE2->Avior
>  ip address 10.255.255.2 255.255.255.252
>  no ip route-cache cef
>  tunnel source 203.147.255.186
>  tunnel destination 203.147.190.4
> !
> interface FastEthernet0/0
>  no ip address
>  ip route-cache flow
>  speed 100
>  full-duplex
> !
> interface FastEthernet0/0.5
>  encapsulation dot1Q 5
> !
> interface FastEthernet0/0.10
>  encapsulation dot1Q 10
>  ip address 10.15.15.254 255.255.255.0 secondary
>  ip address 203.147.188.254 255.255.255.0
>  ip access-group pfilter in
>  ip accounting access-violations
>  ip nbar protocol-discovery
> !
> interface FastEthernet0/0.999
>  encapsulation dot1Q 999
>  ip address 10.2.101.1 255.255.0.0
> !
> interface Serial0/0:0
>  description N7065870L to 96 Lytton Rd
>  ip address 203.147.255.186 255.255.255.252
>  ip nbar protocol-discovery
>  ip route-cache flow
>  load-interval 30
>  service-policy output voippol
> !
> router ospf 7496
>  log-adjacency-changes
>  redistribute connected
>  redistribute static subnets
>  passive-interface FastEthernet0/0.999
>  network 203.147.188.0 0.0.0.255 area 203.147.188.0
>  network 203.147.255.184 0.0.0.3 area 203.147.188.0
>
> At Gw1.bne2, it shows the subnets are learned via "statics"
>
> gw1.bne2#sh ip route 203.147.154.136
> Routing entry for 203.147.154.136/29
>   Known via "static", distance 1, metric 0
>   Redistributing via ospf 7496
>   Advertised by ospf 7496 subnets
>   Routing Descriptor Blocks:
>   * 203.147.188.69
>   Route metric is 0, traffic share count is 1
>
> When I goto Gw2.bne (middle router), I can see the routes in the OSPF
> Topology Table (all of them are learned from 203.147.255.186 - Gw1.bne2),
> but not the its routing table:-
>
> N.B:  I also tried to do a clear ip route 203.147.144.0/20, but no help.
> The same route came straight back
>
>   Type-5 AS External Link States
>
> 203.147.154.0   203.147.255.186 572 0x8002 0xAC01   0
> 203.147.154.128 203.147.255.186 573 0x8002 0xA40D   0
> 203.147.154.136 203.147.255.186 573 0x8002 0x6246   0
> 203.147.154.144 203.147.255.186 573 0x8002 0xFF9F   0
> 203.147.154.148 203.147.255.186 573 0x8002 0xE5B4   0
>
> gw2.bne# sh ip route 203.147.154.136
> Routing entry for 203.147.144.0/20, supernet
>   Known via "ospf 7496", distance 110, metric 3, type inter area
>   Last update from 202.139.236.254 on FastEthernet0/0, 00:17:48 ago
>Routing Descriptor Blocks:
>   * 202.139.236.254, from 203.147.255.156, 00:17:48 ago, via
FastEthernet0/0
>   Route metric is 3, traffic share count is 1
>
> However, if I goto Gw1.bne (the rightmost router), it can see all 5 subnets
> in the OSPF Topoloy Table and Routing Table
>
>   Type-5 AS External Link States
>
> 203.147.154.0   203.147.255.186 867 0x8002 0xAC01   0
> 203.147.154.128 203.147.255.186 867 0x8002 0xA40D   0
> 203.147.154.136 203.147.255.186 867 0x8002 0x6246   0
> 203.147.154.144 203.147.255.186 867 0x8002 0xFF9F   0
> 203.147.154.148 203.147.255.186 867 0x8002 0xE5B4   0
>
> gw1.bne#sh ip route 203.147.154.136
> Routing entry for 203.147.154.136/29
>   Known via "ospf 7496", distance 110, metric 20, type extern 2, forward
> metric 52
>   Redistributing via ospf 7496
>   Last update from 202.139.236.2 on FastEthernet0/1, 00:49:30 ago
>Routing Descriptor Blocks:
>   * 202.139.236.2, from 203.147.255.186, 00:49:30 ago, via FastEthernet0/1
>   Route metric is 20, traffic share count is 1
>
> As a result, when I do a trace from Gw1.bne (the rightmost router), it
> points it to Gw2.bne, but Gw2.bne points it back - Routing Loop   :(
>
> gw1.bne#trace 203.147.154.136
>
> Type escape sequence to abort.
> Tracing the route to 203.147.154.136
>

Voice Specialization? [7:42429]

[Persio Pucci]

Hey guys,

I remeber that there was a CCNP Voice specialization before, but it seems
that
it was dropped by Cisco. Is CQS IP Telephony the equivalent to that one now?

I want to get a Voice Specialization, besides the CCIE. However, I am
thinking
on which one would be better to get first (I pretend to get both in a
mid-term)? I mean, not in terms of difficulty or status but to better
"absorbed" by the market. (huh?! :)

Regards!

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42429&t=42429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Syslog setup [7:42381]

[NetEng]

I use Winsyslog (www.winsyslog.com). Great product and outstanding support.
It's not free, but the features and extras are well worth the money.


""Adam Hickey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a way to setup a syslog server on Win XP without buying one of
> Cisco's Resource Management products?
>
> TIA
> Adam Hickey
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42430&t=42381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF over ISDN demand circuit [7:42348]

[timothy thielen]

If one wishes for routing updates to bring up the link, can one not just use
the "passive-interface" command on the ISDN interface?

  If it is a backup link, passive interface will keep routing updates will
keep the link from coming up for updates.  Then a couple of floating static
routes on either end should bring it up if the primary (dynamic)link goes
down as long as the administrative distance for the floaters are greater
then that of OSPF.

--Tim

Ruihai An wrote:
> 
> Hi, Group,
> 
> On an ISDN circuit running ospf , if I want to use "ip ospf
> demand-circuit"
> to keep it from being brought up by ospf update, do I need to
> define
> 224.0.0.5 as non-interesting traffic in dialer-list?
> 
> I have configured "ip ospf demand-circuit"  on one side of the
> ISDN, but
> routing update to 224.0.0.5 keeps activating the circuit?  What
> is the
> problem?
> 
> Thanks
> 
> Ruihai
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42431&t=42348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MCNS exam [7:42432]

[Brian Zeitz]

Can anyone tell me the best way to prepare for this exam? I think ill
just get the 1000 page Cisco book, and the boson exams. Any guidance
would be appreciated, am I on the right track? I don't think there are
too many choices for study material for this exam.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42432&t=42432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco vpn 3002 hash [7:42433]

[Paul Beckman]

I have remote site using a Cisco vpn 3002 that are running citrix through
the tunnel.  When ever they start the citrix client it give the hash below.
We only have two sites getting this.  does anyone have any ideas?
 
Thanks,
 
 
 
IPSec ESP Tunnel Inb: Packet authentication failed, username: , SPI:
5b9
8dc65. Dump of failed hash follows.
 
41853 04/24/2002 09:14:50.720 SEV=4 IPSEC/0 RPT=47670 
: 25203A7F B7B6F2E6 C64023F0  % :..@#.
 
41854 04/24/2002 09:14:50.720 SEV=4 IPSEC/0 RPT=47671 
: 78D8F2AA 7F064082 D2FBD258   
x.@X
 
41855 04/24/2002 09:14:50.720 SEV=4 IPSEC/0 RPT=47672 
: 5B98DC65 9C08 18E1D7A9 F1094DD2 [..e..M.
0010: A6FF8E00 326E9D05 3F117F69 4D1AF002 2n..?..iM...
0020: 0A010A0A 6B4C4EBA 0028 80122D19 kLN..(-.
0030: 0D0821D0 F6653250 DC1672C6 F7A85646 ..!..e2P..r...VF
0040: ACFA1C78 3D4BE56F DE108070 01020204 ...x=K.o...p
0050: 25203A7F B7B6F2E6 C64023F0 3FD133AA % :..@#.?.3.
0060: 20332033 8A8038BF 2EBB4F88 DA8595C9  3 3..8...O.
0070: D2C15F53 E1AB7623 ABAFE63D 6858BF6E .._S..v#...=hX.n
 
Paul Beckman
Delta Health Group
CIS Department
(850) 436-4972 x0179
[EMAIL PROTECTED] 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42433&t=42433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MRTG - Catalyst Switch CPU [7:42434]

[Patrick Kirk]

Anybody know the OID for the CPU utilization for Catalyst switches?  I'm
trying to monitor them via MRTG and I can't find any OID's that will work.
I've found 2 different values for the "cmpCPUTotal5sec" and
"cmpCPUTotal1min"...neither of which seem to be working.. 

Anybody doing this w/ MRTG now that has a valid config file ?

Thanks in advance.

Patrick Kirk
Network Engineer
VSP
http://www.vsp.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42434&t=42434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Scenario Design: Comments Invited [7:41992]

[Peter van Oene]

Actually, having not ever sat the Lab, Howard does not place himself in an 
awkward position with respect to the NDA.  Furthermore, as you point out, 
his labs may tend to lean toward practicality instead of being purely lab 
oriented which in my opinion, is an excellent thing given once you 
eventually pass the test, you'll need to apply best practises principles 
which you may not otherwise have learned.

Pete


At 02:32 PM 4/19/2002 -0400, Denise Donohue wrote:
>I don't know you, so please don't take this personally, but it seems strange
>to me that someone who is not a CCIE is writing labs that they expect people
>studying for the CCIE to buy.  From pasts posts on this forum, I think that
>you have never even taken the test.  My recommendation is for you to sit the
>exam a time (or two or three!).  Then you'll be able to answer your own
>questions about the format of practice labs.
>
>No offense, just my 2 cents.
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Howard C. Berkowitz
>Sent: Friday, April 19, 2002 11:22 AM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Scenario Design: Comments Invited
>
>
>I'd like to start a discussion on the design of two kinds of scenarios:
>   1. lab preparation.  (problem recognition, speed building,
>  interaction among many protocols, time pressure, etc.)
>   2. In-depth understanding of protocols (seeing the effects of
>  alternative configurations, learning how to solve specific
>  problems with specific technologies).  Pure tutorials on
>  technologies complement these hands-on experiences.
>
>The two requirements, of course, are not mutually exclusive. #3 are
>scenarios that either statically or dynamically switch between the
>modes.
>
>It is my hope that this will stimulate community discussion involving
>both people who use scenarios and people who write them.
>
>Now, a disclaimer:  I work for Gettlabs and Gett Communications, the
>former of which runs a virtual rack service.  Gettlabs itself uses an
>open-source model for its own scenarios, as does Fatkid and some
>others. Gettlabs has partnerships with IPexpert and
>CertificationZone, which sell scenarios and supplemental materials.
>My comments here are intended to be neutral, and I will listen, learn
>and share with competitors.  I have discussed my intentions with Paul
>Borghese, and one of our agreements is that this is eligible to stay
>off the commercial list as long as I make free scenarios available.
>
>1.  Lab Preparation
>---
>
>Above all, these have to prepare you for pressure and ambiguity.
>
>A fairly basic question:  should all lab preparation scenarios be of
>8-plus hour length, or two four-hour segments (forcing the disruption
>of a lunch break)?  Alternatively, is it acceptable to have sets of
>sub-scenarios that build on one another, so you can practice for an
>amount of time you have available, then pick up later on?
>
>I think it's a given that all you should be given is the addressing,
>etc., in the one day lab, plus instructions on what you should do,
>restrictions (e.g., no statics), and some criteria for judging
>success.  Estimated completion times/points also are important.
>
>An interesting question, however, is whether the scenario should
>include some of the sorts of things where it is fair (based on
>non-NDA statements of Cisco policy and the variations in proctors) to
>ask a proctor a question.  Should such points include things where
>variously the proctor will and will not answer, or even, in marginal
>cases, flip a software coin to see if the proctor will answer)?
>
>I believe it's realistic to be able to see a solved configuration,
>but, when you see it, you either should have demonstrated successful
>operation or accepted that you will accept losing points to be able
>to go on.
>
>I do not think that hints are appropriate in a lab preparation
>scenario, with the caveat that this sort of thing is quite
>appropriate to technology learning, and, as I suggested in #3 above,
>scenarios could be developed (possibly with a specific execution
>engine) that let you switch between preparation and learning modes,
>and even back.
>
>2.  Technology Learning
>---
>
>My general approach to designing such things is again to start with
>instructions, initialization, etc., but to break the exercise into
>relatively small steps.  Each step will have hints available, and
>will be fairly small so you can look at the successive changes to the
>configuration that move you closer to your goal.
>
>One difference comes with the physical presentation of the scenario.
>If it is a printed document, should the hints be in-line with the
>text, or in a separate section so you will use them only if needed?
>If the latter, should they be on separate pages or at least have
>significant "spoiler space" between them so you don't inadvertently
>get an unfair clue to what is coming ne

RE: Ausente [7:42361]

[timothy thielen]

This is almost as good as when I got an email from Papa John (yes, the pizza
guy) to tell me he'd be out of the office.  I've never met the guy, but I'm
glad he told me, I was gonna order a pizza that week!

--Tim

Paulo Cesar Buerger wrote:
> 
> Estarei ausente no periodo de 21/01/2002 a 25/01/2002. Favor
> encaminhar as
> questoes mais urgentes para o Luis Beu ([EMAIL PROTECTED]).
>  
> Paulo Buerger
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42438&t=42361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS upgrade on 2900 failing [7:42397]

[Daniel Cotts]

Do a "dir flash:" You should see something like:
OP_Center>dir flash:
Directory of flash:

  2  -rwx 1223432   Jun 24 1999 01:26:57  c2900XL-h2s-mz-112.8.2-SA6.bin
  3  -rwx   98833   Jun 24 1999 01:26:57  c2900XL-diag-mz-112.8.2-SA6
  4  drwx   10816   Jun 24 1999 01:27:10  html
175  -rwx 277   Jan 01 1970 00:00:18  env_vars
176  -rwx2446   Apr 21 1993 17:13:02  config.text

3612672 bytes total (1781248 bytes free)

It's possible to have more than one image in Flash. If so, there won't be
room to add the new one. Erase one of the old ones. Let us know the
solution. 

> -Original Message-
> From: Ed Gobeille [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 23, 2002 7:12 PM
> To: [EMAIL PROTECTED]
> Subject: IOS upgrade on 2900 failing [7:42397]
> 
> 
> I'm getting an unusual error while tring to upgrade IOS on 
> several of my
> 2900XL series switches.  After doing the copy tftp flash 
> command, I get the
> response from the IOS "copy to or from flash not 
> implemented".  TAC site
> does not have anything on this that I could find.  Any ideas?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42439&t=42397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS upgrade on 2900XL failing [7:42440]

[Daniel Cotts]

Do a "dir flash:" You should see something like:
OP_Center>dir flash:
Directory of flash:

  2  -rwx 1223432   Jun 24 1999 01:26:57  c2900XL-h2s-mz-112.8.2-SA6.bin
  3  -rwx   98833   Jun 24 1999 01:26:57  c2900XL-diag-mz-112.8.2-SA6
  4  drwx   10816   Jun 24 1999 01:27:10  html
175  -rwx 277   Jan 01 1970 00:00:18  env_vars
176  -rwx2446   Apr 21 1993 17:13:02  config.text

3612672 bytes total (1781248 bytes free)

It's possible to have more than one image in Flash. If so, there won't be
room to add the new one. Erase one of the old ones. Let us know the
solution. 

> -Original Message-
> From: Ed Gobeille [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 23, 2002 7:12 PM
> To: [EMAIL PROTECTED]
> Subject: IOS upgrade on 2900 failing [7:42397]
> 
> 
> I'm getting an unusual error while tring to upgrade IOS on 
> several of my
> 2900XL series switches.  After doing the copy tftp flash 
> command, I get the
> response from the IOS "copy to or from flash not 
> implemented".  TAC site
> does not have anything on this that I could find.  Any ideas?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42440&t=42440
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Please help!!! [7:42411]

[Chris Charlebois]

I agree.  Are you terminiating the tunnel on gw1.bne?  Or do you have
another route from gw1.bne2 to gw1.bne?  Becuase it looks like gw1.bne is
learning it's route directly from gw1.bne2.  If you could include the config
from gw1.bne, it would help.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42441&t=42411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IVR for conducting phone surveys [7:42405]

[Chris Charlebois]

It definitely possible to run a phone survey with IPIVR and CallManger. 
Right now, IPIVR cannot record speech (that'll be next version, I beleive)
and converting that speech to text and storing it a database would be around
the next corner.  But for caller entered digits (ie touchtones), and
scripted survey questions, IPIVR can definitely do that.

The trick, of course, is setting it up in a flexible enough configuration so
that the local administrator can adapt it to whatever survey they want run. 
Chances are someone has already done this, but I don't know who.

I know we can do it here.  I'm a CallManager guy, and I don't know the
backend of the IVR well enough to integrate with a database, but we have
people who do.  If you want to check it out, visit www.spanlink.com


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42442&t=42405
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Forwarding [7:42353]

[Andrew Edwards]

As I understand it, you are talking about IP forwarding based upon the
application which requires rewriting the layer 3 header.  Routers typically
dont rewrite layer 3 headers (save for NAT/PAT), layer 4 devices do...

If I'm not mistaken, NAT/PAT rewrites only source addresses/port, but not
destination addresses/port.

It sounds like these lookups traverse your firewall, in which case I'd
suggest an application proxy for DNS (or just caching DNS) could be set to
forward all lookups to an alternate destination DNS server.   This would
rewrite the layer 3 header destination address.

Option 2 is setting internal DNS servers to resolve to a different external
DNS server

And, option 3 is perform a planned change on the client DHCP scope with the
alternate address for the DNS resolution.

Andy


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42443&t=42353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How come I can't telnet to my router? [7:42444]

[Ricky Chan]

Hi all,

I configured a cisco 2600 router behind a ADSL router. It is working
perfect, but I can't telnet to my router from outside, it said the target
machine actively refused it. I pasted my router's configuration below,
please advice. 

Thanks

Ricky



!
version 12.2
no service pad
service tcp-keepalives-in
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname DSL
!
enable secret 5 $1$fJh4$53q/uqBz6lsMHGhw.ex49.
!
ip subnet-zero
!
!
ip name-server 141.155.0.68
ip name-server 141.154.0.68
ip name-server 10.0.0.1
ip dhcp excluded-address 10.0.0.200
!
ip dhcp pool dsl
   import all
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.200 
   dns-server 141.155.0.68 141.154.0.68 10.0.0.1 
!
vpdn enable
!
vpdn-group ppoe
 request-dialin
  protocol pppoe
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface Ethernet0/0
 ip address 10.0.0.200 255.255.255.0
 ip nat inside
 ip route-cache flow
 ip tcp adjust-mss 1452
 full-duplex
!
interface Serial0/0
 no ip address
 shutdown
!
interface Ethernet0/1
 no ip address
 ip route-cache flow
 no keepalive
 half-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Serial0/1
 no ip address
 shutdown
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 2
 ppp authentication chap callin
 ppp chap hostname [EMAIL PROTECTED]
 ppp chap password 7 11243026324158
!
router eigrp 100
 network 10.0.0.0
 network 192.168.100.0
 no auto-summary
 no eigrp log-neighbor-changes
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit any
access-list 3 deny   any
dialer-list 2 protocol ip permit
dialer-list 2 protocol ipx permit
no cdp advertise-v2
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 5 0
line aux 0
line vty 0 4
 exec-timeout 5 0
 password 7 051C050720
 login local
!
!
end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42444&t=42444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How come I can't telnet to my router? [7:42444]

[Chris Charlebois]

It's because you are running NAT overloaded.  It assumes that all traffic it
receives on the dialer interface is destined for a machine on the inside and
not for itself.  Since there is no static mapping, and no dynamic mapping
for telnet, it is refused.  That is assuming you are coming in over the
dialer interface.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42446&t=42444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF over ISDN demand circuit [7:42348]

[Logan, Harold]

I don't see what that would gain... if floating statics are in use, then
there's no reason to run ospf over the interface. Passive interface prevents
an OSPF adjacency from ever forming, since the interface can't send out
LSA's. Since floating statics are usually frowned upon in in lab scenarios,
that may not be an option.

According to CCO, only one end of an OSPF circuit needs to have the
demand-circuit command. Problems result of one end of the circuit doesn't
support the demand-circuit command (IOS older than 11.2).

Check out http://www.cisco.com/warp/public/104/dcprob.html for other
possibilites (watch the wrap).

-Original Message-
From: timothy thielen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 9:53 AM
To: [EMAIL PROTECTED]
Subject: RE: OSPF over ISDN demand circuit [7:42348]


If one wishes for routing updates to bring up the link, can one not just use
the "passive-interface" command on the ISDN interface?

  If it is a backup link, passive interface will keep routing updates will
keep the link from coming up for updates.  Then a couple of floating static
routes on either end should bring it up if the primary (dynamic)link goes
down as long as the administrative distance for the floaters are greater
then that of OSPF.

--Tim

Ruihai An wrote:
> 
> Hi, Group,
> 
> On an ISDN circuit running ospf , if I want to use "ip ospf
> demand-circuit"
> to keep it from being brought up by ospf update, do I need to
> define
> 224.0.0.5 as non-interesting traffic in dialer-list?
> 
> I have configured "ip ospf demand-circuit"  on one side of the
> ISDN, but
> routing update to 224.0.0.5 keeps activating the circuit?  What
> is the
> problem?
> 
> Thanks
> 
> Ruihai




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42445&t=42348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How come I can't telnet to my router? [7:42444]

[Chris Charlebois]

Oh, how rude of me.  I explained the problem without offering a solution. 
The easiest (and least likely, considering it appears to be residencial DSL)
is multiple IP addresses.  A secondary address that is not a part of the NAT
pool could be addressed from the outside.  The next easiest (I hesitate to
say next best, becuase this option is more secure) solution is to create a
static NAT map for telnet (port specific) to an internal box (anything with
telnetd will work).  Then you can telnet from there to the ethernet
interface of the router.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42447&t=42444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS upgrade on 2900 failing [7:42397]

[Sasa Milic]

Are you trying to install .bin or .tar file ?



Ed Gobeille wrote:
> 
> I'm getting an unusual error while tring to upgrade IOS on several of my
> 2900XL series switches.  After doing the copy tftp flash command, I get the
> response from the IOS "copy to or from flash not implemented".  TAC site
> does not have anything on this that I could find.  Any ideas?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42448&t=42397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Redistribute static Question [7:42298]

[Andrew Edwards]

I think the answer lies in where GW2.bne gets the better route from which,
according to your output, is currently 203.147.255.156 (a misconfigured
address or type-o)?

At any rate, it appears that device 203.147.255.156 has a better route
through Gw1.bne for the supernet 203.147.144.0/20 which includes networks 
203.147.144.0 - 203.147.160.0 (this includes the suspect route
203.147.154.136/29)

If your output is correct I suspect that Gs1.bne maintains the IP
203.147.255.156 directly connected and Gs1.bne has a bad supernet route.  If
the output is a type-o and it should read 203.147.255.186 then look at the
bad supernet/route on Gw1.bne2

My thoughts are two options:

1. Metric manipulation

Go to Gw1.bne2 and do "redistribute static metric 1" such that Gw1.bne2
looks like the better route.

2. Fix supernet source

Look at the 203.147.255.156 device for the supernet routing statement (or
the source thereof) and try using a /21 bit mask for the 203.147.144.0
supernet.  This will exclude the 203.147.153.0 - 203.147.160.0 networks from
the supernet (and the bad route).  I'm not sure what the rest of the
topology is, but you may have split networks across a supernet routing entry
and changing the mask would create bad routes for the dropped supernetted
networks - so be careful.

Let me know how it goes.

Andy


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42449&t=42298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: I need help with a BVI and MIBs on a Catalyst 8540 [7:42450]

[SNMP2002]

That instance was Gauge 32 : 1000 (aka 10Mbps).

I'll compare the Cisco mib.

Thanks.


- Original Message -
From: "Kevin Cullimore" 
To: 
Sent: Tuesday, April 23, 2002 10:26 PM
Subject: Re: I need help with a BVI and MIBs on a Catalyst 8540 [7:42404]


> Does an instance found under 1.3.6.1.2.1.2.2.1 exist that corresponds to
the
> BVI? My guess is yes, but guesses have funny ways of turning on their
owners.
>
> If so, what is the value found in 1.3.6.1.2.1.2.2.1.5 for that
instance_ID?
>
> It might be constructive to compare that value to the ones found in
> cisco-proprietary mibs.
>
>
>
>
> - Original Message -
> From: "SNMP2002"
> To:
> Sent: Tuesday, April 23, 2002 4:10 PM
> Subject: I need help with a BVI and MIBs on a Catalyst 8540 [7:42370]
>
>
> > We have an Catalyst 8540 with a BVI.
> > There are numerous ports on the switch that are in this bridge group.
> > If you look at the BVI interface,
> > sh int bvi2:
> >
> > MTU 1500 bytes, BW 1 Kbit, DLY 5000 usec, rely 255/255, load 1/255
> >
> > The true speed of the devices plugged into the ports is manually set to
> > 100Mbps. But
> > using our network management software which reads the MIB in the switch
> > interfaces,
> > it reads the devices as a speed of 10Mbps.  I think the MIB is using the
> > data from
> > the BVI (BW 1 Kbit) and not the real port/interface speed.
> >
> > Does the BVI2 have a true speed of only 10Mbps?  What would it do to
change
> > the
> > BW from 1 Kbit to 10 Kbit (10Mbps to 100Mbps) manually?
> >
> > Thanks for any ideas.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42450&t=42450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Networkers in San Diego [7:42402]

[Tom Lisa]

Yes.

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy


"Steven A. Ridder" wrote:

> Is anyone attending Networkers in San Diego this year?  Just curious.
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42451&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How come I can't telnet to my router? [7:42444]

[Michael Williams]

Ricky Chan wrote:
> 
> Hi all,
> 
> I configured a cisco 2600 router behind a ADSL router.

You have your 2660 behind an ADSL Router?  or ASDL Modem?  If you're behind
a DSL router, then you're more than likely being NATed by the DSL router, in
which case you need to create a static port mapping that would send all
incoming (from the internet) traffic on port 23 to go to the IP of the router.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42452&t=42444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

AAA across the internet [7:42453]

[NetEng]

I have ACS setup and would like our internet VPN routers to use it. I have
created a mapped ip on our firewall for the AAA server. Any known problems
or security issues I should know about? I heard there were some
vulnaribilitiesTIA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42453&t=42453
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS upgrade on 2900 failing [7:42397]

[Nikolay Nikolov]

What IOS version are you running on this switch? Can you send us output
from:
show flash
show boot

Thanks,
Nick


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ed Gobeille
Sent: Tuesday, April 23, 2002 7:12 PM
To: [EMAIL PROTECTED]
Subject: IOS upgrade on 2900 failing [7:42397]


I'm getting an unusual error while tring to upgrade IOS on several of my
2900XL series switches.  After doing the copy tftp flash command, I get the
response from the IOS "copy to or from flash not implemented".  TAC site
does not have anything on this that I could find.  Any ideas?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42454&t=42397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP - Reliability and Load Dynamic? [7:42406]

[Priscilla Oppenheimer]

By default IGRP and EIGRP don't use reliability and load, as you probably 
know. But when IGRP and EIGRP do use them, reliability and load are 
dynamically learned. Reliability is the worst reliability for any interface 
in the path. It's based on the ability to send and receive keepalives, 
CRCs, etc. You can see the reliability for a particular interface with the 
"show int" command. Load is cumulative. You can see load for each interface 
with the "show int" command.

The best document I have found actually covers IGRP, but EIGRP behaves like 
IGRP with regards to this question. The IGRP doc is here:

http://www.cisco.com/warp/public/103/5.html

TAC did some terrific documentation on EIGRP here:

http://www.cisco.com/warp/public/103/eigrp-toc.html

The reason you won't hear much about reliability and load is because they 
really don't work with EIGRP. I think it was just a Cisco marketing ploy to 
make a big deal of them. In his book, "EIGRP Network Design Solutions," 
Ivan Pepelnjak points out that routers can't dynamically keep track of 
reliability and load for an entire path if the routers in the path don't 
update each other on a regular basis. IGRP routers update each other every 
90 seconds. EIGRP routers don't.

Regarding manually assigning them, you only do that when redistributing. 
You have to make up something because you're redistributing from a routing 
protocol that doesn't track reliability and load.

Priscilla

At 12:10 AM 4/24/02, Kevin Jones wrote:
>Hello everyone,
>
>I have a question that I have been struggling with for quite some time.  Are
>the reliability and load metrics in EIGRP (or IGRP for that matter)
>dynamically learned?  If so, why do we manually assign values like we do for
>bandwidth and delay.  I have searched numerous Cisco white papers and have
>found only one article where it mentions the two as being dynamically
>learned.  Since I have not found any others that mention it, I am starting
>to feel that the one article is a typo (or I am just not understanding it
>the way it is worded).  I would think that if they were dynamically learned,
>then there would be more information about the process.  No other routing
>protocol is able to detect such statistics on the fly (to my knowledge).  I
>understand that dynamic detection might not be a good thing, esp. if the
>reliability and load were constantly changing, but never-the-less there
>should be more info somewhere.
>
>If you can find more than one specific white paper and lead me to them, I
>would appreciate it.
>
>Thank you,
>
>Kevin Jones
>CCNA, CCDA, CCNP, CCDP
>A+, Net+, I-Net+


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42455&t=42406
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP route selection question [7:42456]

[Michael Bray]

I have a router that is running BGP to two different providers...  When
I show the bgp entry for two different routes, it shows that one
provider is selected for one route, and the other provider is selected
for the other route, even though they seem to have the same AS path
length from each provider.  There isn't any difference as far as I can
tell for MED or local preference settings or anything like that...
The route on the bottom looks normal - its being chosen (I assume)
because the 64.*.*.* has the lower router ID (207.* instead of 208.*).
The first entry is the one that doesn't make sense to me - shouldn't it
also be selecting the 64.* router, by virtue of its lower ID?  I see
that there are different values for the "version", but I'm not sure this
would have anything to do with it??

rtr#show ip bgp 64.170.96.0/19
BGP routing table entry for 64.170.96.0/19, version 16127
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Not advertised to any peer
  4323 1239 5673
64.132.248.89 from 64.132.248.89 (207.67.76.17)
  Origin IGP, localpref 100, valid, external
  3561 1239 5673
208.174.151.61 from 208.174.151.61 (208.172.66.20)
  Origin IGP, localpref 100, valid, external, best

rtr#show ip bgp 12.3.59.0
BGP routing table entry for 12.3.59.0/24, version 742
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Not advertised to any peer
  3561 4513 17304
208.174.151.61 from 208.174.151.61 (208.172.66.20)
  Origin IGP, localpref 100, valid, external
  4323 4513 17304
64.132.248.89 from 64.132.248.89 (207.67.76.17)
  Origin IGP, localpref 100, valid, external, best

ip classless
ip route 0.0.0.0 0.0.0.0 208.174.151.61
ip route 0.0.0.0 0.0.0.0 64.132.248.89
ip as-path access-list 78 permit ^$


-Mike Bray
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42456&t=42456
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Networkers in San Diego [7:42402]

[Logan, Harold]

I'll be there. Anyone else planning on going to the CCIE prep power session?

Hal Logan  CCAI, CCDP, CCNP+Voice
Network Specialist / Adjunct Faculty
Computing & Engineering Technology
Manatee Community College


-Original Message-
From: Tom Lisa [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 2:02 PM
To: [EMAIL PROTECTED]
Subject: Re: Networkers in San Diego [7:42402]


Yes.

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy


"Steven A. Ridder" wrote:

> Is anyone attending Networkers in San Diego this year?  Just curious.
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42457&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE 350-001 [7:42344]

[khalid ameen]

what about the old one, still the topics is the same
and the questions database still the same cause we
heared about the changing in the CCNP exams is
that also about CCIE old exam 350-001

--- Kris Keen  wrote:
> I enquired about this with the CCIE Team. They
> explained the beta runs to
> May 7th, after that time it will take serveral weeks
> to evaluate the exam
> and results. I'd say the new exam will take effect
> in about 6-8 weeks.
> 
> I will be sitting the old one
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42458&t=42344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF over ISDN demand circuit [7:42348]

[timothy thielen]

point.

--Tim


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42459&t=42348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CEF Mib [7:42460]

[ashish]

Hi,
is there anything like "Cisco CEF MIB".

Thanks,
Ashish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42460&t=42460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP route selection question [7:42456]

[Peter van Oene]

off the top of my head

If these paths were advertised at different times, this could result in 
this posting, or be the artifact of some load distribution.

At 03:16 PM 4/24/2002 -0400, Michael Bray wrote:
>I have a router that is running BGP to two different providers...  When
>I show the bgp entry for two different routes, it shows that one
>provider is selected for one route, and the other provider is selected
>for the other route, even though they seem to have the same AS path
>length from each provider.  There isn't any difference as far as I can
>tell for MED or local preference settings or anything like that...
>The route on the bottom looks normal - its being chosen (I assume)
>because the 64.*.*.* has the lower router ID (207.* instead of 208.*).
>The first entry is the one that doesn't make sense to me - shouldn't it
>also be selecting the 64.* router, by virtue of its lower ID?  I see
>that there are different values for the "version", but I'm not sure this
>would have anything to do with it??
>
>rtr#show ip bgp 64.170.96.0/19
>BGP routing table entry for 64.170.96.0/19, version 16127
>Paths: (2 available, best #2, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   4323 1239 5673
> 64.132.248.89 from 64.132.248.89 (207.67.76.17)
>   Origin IGP, localpref 100, valid, external
>   3561 1239 5673
> 208.174.151.61 from 208.174.151.61 (208.172.66.20)
>   Origin IGP, localpref 100, valid, external, best
>
>rtr#show ip bgp 12.3.59.0
>BGP routing table entry for 12.3.59.0/24, version 742
>Paths: (2 available, best #2, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   3561 4513 17304
> 208.174.151.61 from 208.174.151.61 (208.172.66.20)
>   Origin IGP, localpref 100, valid, external
>   4323 4513 17304
> 64.132.248.89 from 64.132.248.89 (207.67.76.17)
>   Origin IGP, localpref 100, valid, external, best
>
>ip classless
>ip route 0.0.0.0 0.0.0.0 208.174.151.61
>ip route 0.0.0.0 0.0.0.0 64.132.248.89
>ip as-path access-list 78 permit ^$
>
>
>-Mike Bray
>[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42461&t=42456
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP route selection question [7:42456]

[Michael Bray]

Both routes should have come in at approximately the same time, since we
had just done a "clear ip bgp *" within about 30 minutes prior to seeing
these entries.  If it is load balancing, then this is good...  Its
actually the exact problem I'm trying to fix...  One of the T1 links is
pegged, the other is only getting about 300K.  This is supported by the
fact that about 75% of the route entries point out the congested link.
Not sure there is much I can do to alter the load balance, but this was
a curiosity when I was writing an email to the owner to tell him what
was happening, and I did a double-take and thought "maybe there really
is something messed up."

-mike bray
[EMAIL PROTECTED]

-Original Message-
From: Peter van Oene [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, April 24, 2002 3:25 PM
To: Michael Bray; [EMAIL PROTECTED]
Subject: Re: BGP route selection question [7:42456]


off the top of my head

If these paths were advertised at different times, this could result in 
this posting, or be the artifact of some load distribution.

At 03:16 PM 4/24/2002 -0400, Michael Bray wrote:
>I have a router that is running BGP to two different providers...  When

>I show the bgp entry for two different routes, it shows that one 
>provider is selected for one route, and the other provider is selected 
>for the other route, even though they seem to have the same AS path 
>length from each provider.  There isn't any difference as far as I can 
>tell for MED or local preference settings or anything like that... The 
>route on the bottom looks normal - its being chosen (I assume) because 
>the 64.*.*.* has the lower router ID (207.* instead of 208.*). The 
>first entry is the one that doesn't make sense to me - shouldn't it 
>also be selecting the 64.* router, by virtue of its lower ID?  I see 
>that there are different values for the "version", but I'm not sure 
>this would have anything to do with it??
>
>rtr#show ip bgp 64.170.96.0/19
>BGP routing table entry for 64.170.96.0/19, version 16127
>Paths: (2 available, best #2, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   4323 1239 5673
> 64.132.248.89 from 64.132.248.89 (207.67.76.17)
>   Origin IGP, localpref 100, valid, external
>   3561 1239 5673
> 208.174.151.61 from 208.174.151.61 (208.172.66.20)
>   Origin IGP, localpref 100, valid, external, best
>
>rtr#show ip bgp 12.3.59.0
>BGP routing table entry for 12.3.59.0/24, version 742
>Paths: (2 available, best #2, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   3561 4513 17304
> 208.174.151.61 from 208.174.151.61 (208.172.66.20)
>   Origin IGP, localpref 100, valid, external
>   4323 4513 17304
> 64.132.248.89 from 64.132.248.89 (207.67.76.17)
>   Origin IGP, localpref 100, valid, external, best




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42462&t=42456
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Networkers in San Diego [7:42402]

[Steven A. Ridder]

Are the CCIE power sessions helpful?

""Logan, Harold""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'll be there. Anyone else planning on going to the CCIE prep power
session?
>
> Hal Logan  CCAI, CCDP, CCNP+Voice
> Network Specialist / Adjunct Faculty
> Computing & Engineering Technology
> Manatee Community College
>
>
> -Original Message-
> From: Tom Lisa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 24, 2002 2:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Networkers in San Diego [7:42402]
>
>
> Yes.
>
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco ATC/Regional Networking Academy
>
>
> "Steven A. Ridder" wrote:
>
> > Is anyone attending Networkers in San Diego this year?  Just curious.
> >
> > --
> > RFC 1149 Compliant
> >
> > Get in my head:
> > http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42465&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF over ISDN demand circuit [7:42348]

[Erick B.]

Hi,

Having passive for the ISDN int would stop OSPF
multicast hellos from going across the ISDN interface.
You could still do a neighbor statement though which
is unicast however. 

If the ISDN is bouncing, it's probably due to a
route-redistribution problem or some form of IP
traffic going out the ISDN interface. Do you have
other routing protocols sending updates out ISDN (use
passive interface for those routing protocols). Check
your redistribution, do you have filters to not allow
the ISDN/dialer interface IP subnet to be
redistributed into OSPF again? 

To see whats triggering the ISDN/dialer int do:

show dialer (should have a reason)

debug interface bri/dialer
debug ip pack (see note below)

Debug ip pack generates a lot of output and might/will
crash the router so be careful with it. If you use the
debug interface (interface) condition then the debug
output will only show traffic in/out of the interface
specified which will narrow down the output.

--- timothy thielen  wrote:
> If one wishes for routing updates to bring up the
> link, can one not just use
> the "passive-interface" command on the ISDN
> interface?
> 
>   If it is a backup link, passive interface will
> keep routing updates will
> keep the link from coming up for updates.  Then a
> couple of floating static
> routes on either end should bring it up if the
> primary (dynamic)link goes
> down as long as the administrative distance for the
> floaters are greater
> then that of OSPF.
> 
> --Tim
> 
> Ruihai An wrote:
> > 
> > Hi, Group,
> > 
> > On an ISDN circuit running ospf , if I want to use
> "ip ospf
> > demand-circuit"
> > to keep it from being brought up by ospf update,
> do I need to
> > define
> > 224.0.0.5 as non-interesting traffic in
> dialer-list?
> > 
> > I have configured "ip ospf demand-circuit"  on one
> side of the
> > ISDN, but
> > routing update to 224.0.0.5 keeps activating the
> circuit?  What
> > is the
> > problem?
> > 
> > Thanks
> > 
> > Ruihai
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42463&t=42348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Networkers in San Diego [7:42402]

[Steven A. Ridder]

I was going to register for it on that Monday.

""Logan, Harold""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'll be there. Anyone else planning on going to the CCIE prep power
session?
>
> Hal Logan  CCAI, CCDP, CCNP+Voice
> Network Specialist / Adjunct Faculty
> Computing & Engineering Technology
> Manatee Community College
>
>
> -Original Message-
> From: Tom Lisa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 24, 2002 2:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Networkers in San Diego [7:42402]
>
>
> Yes.
>
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco ATC/Regional Networking Academy
>
>
> "Steven A. Ridder" wrote:
>
> > Is anyone attending Networkers in San Diego this year?  Just curious.
> >
> > --
> > RFC 1149 Compliant
> >
> > Get in my head:
> > http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42464&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: All-In-One CCIE Study Guide - Second Edition [7:42292]

[Koen Zeilstra]

Pierre,

Sorry for the confusion.

Passed the written. Hurrah!! Very few BGP questions. Lot of TokenRing.
You
better learn the Rossi Paper!

Good luck on yours.

regards,

Koen


On Tue, 23 Apr 2002, Pierre-Alex GUANEL wrote:

| Koen, I was referring to the book written by Roosvelt GILES.
|
| By the way, how was the written? I am planning to take it 1 of June.
|
| Pierre-Alex
|
| -Original Message-
| From: Koen Zeilstra [mailto:[EMAIL PROTECTED]]On Behalf Of Koen Zeilstra
| Sent: Tuesday, April 23, 2002 3:08 PM
| To: Pierre-Alex GUANEL
| Cc: [EMAIL PROTECTED]
| Subject: RE: All-In-One CCIE Study Guide - Second Edition [7:42292]
|
|
| Are we talking about the same book?
| I am referring to this one. (watch for wrap)
|
|
http://www.amazon.com/exec/obidos/ASIN/0072127600/qid=1019592419/sr=8-3/ref=
| sr_8_7_3/104-8586207-1795929
|
| Not sure though if that's the one you mean.
|
| On Tue, 23 Apr 2002, Pierre-Alex GUANEL wrote:
|
| | Good luck to you, .. one more question. Are the mistakes in the second
| | edition of Giles in the multiple choice questions or in the text itself?
| |
| | Pierre-Alex
| |
| |
| |
| | -Original Message-
| | From: Koen Zeilstra [mailto:[EMAIL PROTECTED]]On Behalf Of Koen Zeilstra
| | Sent: Tuesday, April 23, 2002 3:10 AM
| | To: Pierre-Alex GUANEL
| | Cc: [EMAIL PROTECTED]
| | Subject: Re: All-In-One CCIE Study Guide - Second Edition [7:42292]
| |
| |
| | Pierre,
| |
| | I am reading the second edition at the moment. Will go for the written
| | tomorrow. Until so far I like the book very much, although it still
| | contains errors.
| |
| | K.
| |
| | Koen Zeilstra
| | Legian
| | ---
| | Trying to define yourself is like trying to bite your own teeth.
| | -- Alan Watts
| |
| | On Mon, 22 Apr 2002, Pierre-Alex GUANEL wrote:
| |
| | | Is the second edition of Giles' book a reliable study source.
| | |
| | | I read that the first edition was crippled with mistakes and I would
| like
| | to
| | | know if all of them got fixed in the Second Edition.
| | |
| | |
| | | Thank you!
| | |
| | | Pierre-Alex
| | |
| | |
| | |
| | |
| | |
| |
| |
| |
| |
| |
|
|




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42466&t=42292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Networkers in San Diego [7:42402]

[MADMAN]

I went to the CCIE power session last year but didn't last real long. 
Most of the session seemed geared toward the lab and lots of talk about
the, at that time, proposed 1 day lab.  

  But if I can get the approval I'll go to the power session again,
things change every year.

  Dave

"Steven A. Ridder" wrote:
> 
> Are the CCIE power sessions helpful?
> 
> ""Logan, Harold""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'll be there. Anyone else planning on going to the CCIE prep power
> session?
> >
> > Hal Logan  CCAI, CCDP, CCNP+Voice
> > Network Specialist / Adjunct Faculty
> > Computing & Engineering Technology
> > Manatee Community College
> >
> >
> > -Original Message-
> > From: Tom Lisa [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, April 24, 2002 2:02 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Networkers in San Diego [7:42402]
> >
> >
> > Yes.
> >
> > Prof. Tom Lisa, CCAI
> > Community College of Southern Nevada
> > Cisco ATC/Regional Networking Academy
> >
> >
> > "Steven A. Ridder" wrote:
> >
> > > Is anyone attending Networkers in San Diego this year?  Just curious.
> > >
> > > --
> > > RFC 1149 Compliant
> > >
> > > Get in my head:
> > > http://sar.dynu.com
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42467&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: All-In-One CCIE Study Guide - Second Edition [7:42292]

[Pierre-Alex Guanel]

Congratulations!

Pierre-Alex

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Koen Zeilstra
Sent: Wednesday, April 24, 2002 3:49 PM
To: [EMAIL PROTECTED]
Subject: RE: All-In-One CCIE Study Guide - Second Edition [7:42292]


Pierre,

Sorry for the confusion.

Passed the written. Hurrah!! Very few BGP questions. Lot of TokenRing.
You
better learn the Rossi Paper!

Good luck on yours.

regards,

Koen


On Tue, 23 Apr 2002, Pierre-Alex GUANEL wrote:

| Koen, I was referring to the book written by Roosvelt GILES.
|
| By the way, how was the written? I am planning to take it 1 of June.
|
| Pierre-Alex
|
| -Original Message-
| From: Koen Zeilstra [mailto:[EMAIL PROTECTED]]On Behalf Of Koen Zeilstra
| Sent: Tuesday, April 23, 2002 3:08 PM
| To: Pierre-Alex GUANEL
| Cc: [EMAIL PROTECTED]
| Subject: RE: All-In-One CCIE Study Guide - Second Edition [7:42292]
|
|
| Are we talking about the same book?
| I am referring to this one. (watch for wrap)
|
|
http://www.amazon.com/exec/obidos/ASIN/0072127600/qid=1019592419/sr=8-3/ref=
| sr_8_7_3/104-8586207-1795929
|
| Not sure though if that's the one you mean.
|
| On Tue, 23 Apr 2002, Pierre-Alex GUANEL wrote:
|
| | Good luck to you, .. one more question. Are the mistakes in the second
| | edition of Giles in the multiple choice questions or in the text itself?
| |
| | Pierre-Alex
| |
| |
| |
| | -Original Message-
| | From: Koen Zeilstra [mailto:[EMAIL PROTECTED]]On Behalf Of Koen Zeilstra
| | Sent: Tuesday, April 23, 2002 3:10 AM
| | To: Pierre-Alex GUANEL
| | Cc: [EMAIL PROTECTED]
| | Subject: Re: All-In-One CCIE Study Guide - Second Edition [7:42292]
| |
| |
| | Pierre,
| |
| | I am reading the second edition at the moment. Will go for the written
| | tomorrow. Until so far I like the book very much, although it still
| | contains errors.
| |
| | K.
| |
| | Koen Zeilstra
| | Legian
| | ---
| | Trying to define yourself is like trying to bite your own teeth.
| | -- Alan Watts
| |
| | On Mon, 22 Apr 2002, Pierre-Alex GUANEL wrote:
| |
| | | Is the second edition of Giles' book a reliable study source.
| | |
| | | I read that the first edition was crippled with mistakes and I would
| like
| | to
| | | know if all of them got fixed in the Second Edition.
| | |
| | |
| | | Thank you!
| | |
| | | Pierre-Alex
| | |
| | |
| | |
| | |
| | |
| |
| |
| |
| |
| |
|
|




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42468&t=42292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Load Balancing Question [7:42469]

[Jablonski, Michael]

I am experiencing a similar problem, using one provider with two T1s.
Utilization appears to significantly favor one interface over the other.  I
realize there will be some variation, but considering its a discrepancy of
75% vs. 3% (these are numbers from our provider)  I've talked to the
provider; each time I receive a different configuration.

Is there a command that would better show the load balancing/utilization
rates.  I'm trying to become more familiar with BGP through my CCNP studies,
but haven't gotten that far yet   Thanks in advance for the help!



~~~
Michael Jablonski
ABN AMRO Asset Management Holdings, Inc.
161 North Clark St.
9th Flr
Chicago, IL  60601-2468
PH: 312.884.2996 
FAX: 312.278.5550
~~~







-Original Message-
From: Michael Bray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 2:17 PM
To: [EMAIL PROTECTED]
Subject: BGP route selection question [7:42456]


I have a router that is running BGP to two different providers...  When
I show the bgp entry for two different routes, it shows that one
provider is selected for one route, and the other provider is selected
for the other route, even though they seem to have the same AS path
length from each provider.  There isn't any difference as far as I can
tell for MED or local preference settings or anything like that...
The route on the bottom looks normal - its being chosen (I assume)
because the 64.*.*.* has the lower router ID (207.* instead of 208.*).
The first entry is the one that doesn't make sense to me - shouldn't it
also be selecting the 64.* router, by virtue of its lower ID?  I see
that there are different values for the "version", but I'm not sure this
would have anything to do with it??

rtr#show ip bgp 64.170.96.0/19
BGP routing table entry for 64.170.96.0/19, version 16127
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Not advertised to any peer
  4323 1239 5673
64.132.248.89 from 64.132.248.89 (207.67.76.17)
  Origin IGP, localpref 100, valid, external
  3561 1239 5673
208.174.151.61 from 208.174.151.61 (208.172.66.20)
  Origin IGP, localpref 100, valid, external, best

rtr#show ip bgp 12.3.59.0
BGP routing table entry for 12.3.59.0/24, version 742
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Not advertised to any peer
  3561 4513 17304
208.174.151.61 from 208.174.151.61 (208.172.66.20)
  Origin IGP, localpref 100, valid, external
  4323 4513 17304
64.132.248.89 from 64.132.248.89 (207.67.76.17)
  Origin IGP, localpref 100, valid, external, best

ip classless
ip route 0.0.0.0 0.0.0.0 208.174.151.61
ip route 0.0.0.0 0.0.0.0 64.132.248.89
ip as-path access-list 78 permit ^$


-Mike Bray
[EMAIL PROTECTED]
This message (including any attachments) is confidential and may be 
privileged. If you have received it by mistake please notify the sender 
by return e-mail and delete this message from your system. Any 
unauthorized use or dissemination of this message in whole or in part 
is strictly prohibited. Please note that e-mails are susceptible to 
change. ABN AMRO Bank N.V. (including its group companies) shall not be 
responsible nor liable for the proper and complete transmission of the 
information contained in this communication nor for any delay in its 
receipt or damage to your system. ABN AMRO Bank N.V. (or its group 
companies) does not guarantee that the integrity of this communication 
has been maintained nor that this communication is free of viruses, 
interceptions or interference.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42469&t=42469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Networkers in San Diego [7:42402]

[Logan, Harold]

I'm trying to take the Monday one too. I don't know if I'll be able to
though, because there are pseudo-mandatory networking academy events going
on monday. Two of our other instructors are going though, so I'm going to
try and get them to take one for the team while I do the CCIE power session.
There's a second power session on friday, but it looks like I'm going to
have to leave Thursday night.

As for whether or not they're helpful, I've never been to networkers before.
My only source of feedback from networkers is one of our instructors went
last year, but he didn't do any of the power sessions.

For the breakout sessions I'm going to try and take at least one that's on
something I'm not even remotely knowledgeable of (probably MPLS) and I'll
attend others on topics I'm weak on that are more likely to show up on the
lab, as my lab date is in july.

For those who went last year, did they have the CCIE power session then, and
would you recommend it?

Hal

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: Networkers in San Diego [7:42402]


Are the CCIE power sessions helpful?

""Logan, Harold""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'll be there. Anyone else planning on going to the CCIE prep power
session?
>
> Hal Logan  CCAI, CCDP, CCNP+Voice
> Network Specialist / Adjunct Faculty
> Computing & Engineering Technology
> Manatee Community College
>
>
> -Original Message-
> From: Tom Lisa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 24, 2002 2:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Networkers in San Diego [7:42402]
>
>
> Yes.
>
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco ATC/Regional Networking Academy
>
>
> "Steven A. Ridder" wrote:
>
> > Is anyone attending Networkers in San Diego this year?  Just curious.
> >
> > --
> > RFC 1149 Compliant
> >
> > Get in my head:
> > http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42470&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lab date Swap [7:42471]

[SALDANA,FERNANDO (HP-Mexico,ex1)]

Hi,

I would like to know if anybody would like to swap the Lab Date. I have
reserved the August 2 date on San Jose, I would like to have any date
between August 6 and September 6. 

Thank you

Fernando Saldana




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42471&t=42471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

iSCSI 5420 - Anybody got views/experience [7:42472]

[Gaz]

Hi all,

I'm looking at some iSCSI devices (particularly Cisco 5420). Does anybody
have any experiences of these bits of kit yet (Positive or Negative).
I realise they're pretty new, but just on the off chance.
If you have any experiences, can you give me a brief idea of the topology
(minimum speed connection in particular) and relative speeds of transfer to
remote SCSI devices, and if used, the Fibre Channel switches in use.

Thanks,

Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42472&t=42472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Load Balancing Question [7:42469]

[Lupi, Guy]

Are the t1's connected to different routers in the providers POP, or to
geographically diverse POP's?  Is the IP space your own ARIN assigned space
or the providers?  Do you take full bgp routes or just a default or partial
routes?  Any answer would depend on the answers to these questions.  As far
as seeing the real load balancing, use MRTG to graph the interfaces, that
will give you a good idea of how your bandwidth is being utilized.

~-Original Message-
~From: Jablonski, Michael [mailto:[EMAIL PROTECTED]]
~Sent: Wednesday, April 24, 2002 5:49 PM
~To: [EMAIL PROTECTED]
~Subject: BGP Load Balancing Question [7:42469]
~
~
~I am experiencing a similar problem, using one provider with two T1s.
~Utilization appears to significantly favor one interface over 
~the other.  I
~realize there will be some variation, but considering its a 
~discrepancy of
~75% vs. 3% (these are numbers from our provider)  I've 
~talked to the
~provider; each time I receive a different configuration.
~
~Is there a command that would better show the load 
~balancing/utilization
~rates.  I'm trying to become more familiar with BGP through my 
~CCNP studies,
~but haven't gotten that far yet   Thanks in advance for the help!
~
~
~

~Michael Jablonski
~ABN AMRO Asset Management Holdings, Inc.
~161 North Clark St.
~9th Flr
~Chicago, IL  60601-2468
~PH: 312.884.2996 
~FAX: 312.278.5550

~
~
~
~
~
~
~
~-Original Message-
~From: Michael Bray [mailto:[EMAIL PROTECTED]]
~Sent: Wednesday, April 24, 2002 2:17 PM
~To: [EMAIL PROTECTED]
~Subject: BGP route selection question [7:42456]
~
~
~I have a router that is running BGP to two different providers...  When
~I show the bgp entry for two different routes, it shows that one
~provider is selected for one route, and the other provider is selected
~for the other route, even though they seem to have the same AS path
~length from each provider.  There isn't any difference as far as I can
~tell for MED or local preference settings or anything like that...
~The route on the bottom looks normal - its being chosen (I assume)
~because the 64.*.*.* has the lower router ID (207.* instead of 208.*).
~The first entry is the one that doesn't make sense to me - shouldn't it
~also be selecting the 64.* router, by virtue of its lower ID?  I see
~that there are different values for the "version", but I'm not 
~sure this
~would have anything to do with it??
~
~rtr#show ip bgp 64.170.96.0/19
~BGP routing table entry for 64.170.96.0/19, version 16127
~Paths: (2 available, best #2, table Default-IP-Routing-Table)
~  Not advertised to any peer
~  4323 1239 5673
~64.132.248.89 from 64.132.248.89 (207.67.76.17)
~  Origin IGP, localpref 100, valid, external
~  3561 1239 5673
~208.174.151.61 from 208.174.151.61 (208.172.66.20)
~  Origin IGP, localpref 100, valid, external, best
~
~rtr#show ip bgp 12.3.59.0
~BGP routing table entry for 12.3.59.0/24, version 742
~Paths: (2 available, best #2, table Default-IP-Routing-Table)
~  Not advertised to any peer
~  3561 4513 17304
~208.174.151.61 from 208.174.151.61 (208.172.66.20)
~  Origin IGP, localpref 100, valid, external
~  4323 4513 17304
~64.132.248.89 from 64.132.248.89 (207.67.76.17)
~  Origin IGP, localpref 100, valid, external, best
~
~ip classless
~ip route 0.0.0.0 0.0.0.0 208.174.151.61
~ip route 0.0.0.0 0.0.0.0 64.132.248.89
~ip as-path access-list 78 permit ^$
~
~
~-Mike Bray
~[EMAIL PROTECTED]
~This message (including any attachments) is confidential and may be 
~privileged. If you have received it by mistake please notify 
~the sender 
~by return e-mail and delete this message from your system. Any 
~unauthorized use or dissemination of this message in whole or in part 
~is strictly prohibited. Please note that e-mails are susceptible to 
~change. ABN AMRO Bank N.V. (including its group companies) 
~shall not be 
~responsible nor liable for the proper and complete transmission of the 
~information contained in this communication nor for any delay in its 
~receipt or damage to your system. ABN AMRO Bank N.V. (or its group 
~companies) does not guarantee that the integrity of this communication 
~has been maintained nor that this communication is free of viruses, 
~interceptions or interference.
~---
~-
~
~
~
~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42473&t=42469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Power Session 2000 WAS RE: Networkers in San Diego [7:42474]

[Daniel Cotts]

Here's the URL for the CCIE Power Session for the 2000 Networkers. See if it
is useful for you.
padding
padding
http://www.cisco.com/networkers/nw00/pres/3304/3304.htm

> -Original Message-
> From: Logan, Harold [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 24, 2002 4:59 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Networkers in San Diego [7:42402]
> 
> 
> I'm trying to take the Monday one too. I don't know if I'll be able to
> though, because there are pseudo-mandatory networking academy 
> events going
> on monday. Two of our other instructors are going though, so 
> I'm going to
> try and get them to take one for the team while I do the CCIE 
> power session.
> There's a second power session on friday, but it looks like 
> I'm going to
> have to leave Thursday night.
> 
> As for whether or not they're helpful, I've never been to 
> networkers before.
> My only source of feedback from networkers is one of our 
> instructors went
> last year, but he didn't do any of the power sessions.
> 
> For the breakout sessions I'm going to try and take at least 
> one that's on
> something I'm not even remotely knowledgeable of (probably 
> MPLS) and I'll
> attend others on topics I'm weak on that are more likely to 
> show up on the
> lab, as my lab date is in july.
> 
> For those who went last year, did they have the CCIE power 
> session then, and
> would you recommend it?
> 
> Hal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42474&t=42474
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

is the following pap callin cfg viable? [7:42475]

[Mirza, Timur]

PAP Using Different Passwords On Two Different Routers

on r1:
username r2 password 0 timur
!
int BRI0
 ppp authentication pap 
 ppp pap sent-username r1 password 0 milton

on r2:
username r1 password 0 milton
!
int BRI0
 ppp authentication pap callin
 ppp pap sent-username r2 password 0 timur

!"callin" keyword on r2 means that r2 will only authenticate r1 if r1
initiated the call

Timur Mirza
Principal Network Engineer
Network Planning & Engineering, West Region
15505-B Sand Canyon Avenue
Irvine, California 92618
Verizon Wireless
949.286.6623 (o)
949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42475&t=42475
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

one more isdn cfg question [7:42476]

[Mirza, Timur]

i don't have isdn in the lab (still looking for a simulator), so one more
validation question...is the following a viable callback cfg?:

!calling (client) & called router (server) negotiate w/ ppp lcp to determine
if client requests a callback or server will initiate a callback

!other bri commands omitted for clarity

CLIENT: 

int bri0
ip address 1.1.1.2 255.255.255.252
dialer map ip 1.1.1.1 name SERVER 1949111
ppp callback request

SERVER:

int bri0
ip address 1.1.1.1 255.255.255.252
dialer callback-secure
!disconnect calls that are misconfigured for callback or unconfigured
dial-in users
dialer map ip 1.1.1.2 name CLIENT class abc 1714222
ppp callback accept
!
map-class dialer abc
 dialer callback-server username
!identify return call dial string using authenticated client's username

Timur Mirza
Principal Network Engineer
Network Planning & Engineering, West Region
15505-B Sand Canyon Avenue
Irvine, California 92618
Verizon Wireless
949.286.6623 (o)
949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42476&t=42476
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: one more isdn cfg question [7:42476]

[Johnny Routin]

Why don't you post a complete config and then we could have a better idea?

JR

--
Johnny Routin
The "Routin" One


""Mirza, Timur""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> i don't have isdn in the lab (still looking for a simulator), so one more
> validation question...is the following a viable callback cfg?:
>
> !calling (client) & called router (server) negotiate w/ ppp lcp to
determine
> if client requests a callback or server will initiate a callback
>
> !other bri commands omitted for clarity
>
> CLIENT:
>
> int bri0
> ip address 1.1.1.2 255.255.255.252
> dialer map ip 1.1.1.1 name SERVER 1949111
> ppp callback request
>
> SERVER:
>
> int bri0
> ip address 1.1.1.1 255.255.255.252
> dialer callback-secure
> !disconnect calls that are misconfigured for callback or unconfigured
> dial-in users
> dialer map ip 1.1.1.2 name CLIENT class abc 1714222
> ppp callback accept
> !
> map-class dialer abc
>  dialer callback-server username
> !identify return call dial string using authenticated client's username
>
> Timur Mirza
> Principal Network Engineer
> Network Planning & Engineering, West Region
> 15505-B Sand Canyon Avenue
> Irvine, California 92618
> Verizon Wireless
> 949.286.6623 (o)
> 949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42477&t=42476
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS for the man on the street (without ATM) [7:42214]

[Tom Scott]

"Howard C. Berkowitz" wrote:

> >I'm serious. Is there any reason why MPLS cannot be transported directly
on
> >fiber,
> >perhaps even in time slots? Have the GMPLS and IPO WGs addressed this
issue?
> >
> >-- TT
>
> That's exactly what those two working groups are doing, and other
> groups in the IETF sub-IP area are doing for other media such as
> cable TV.  Complementing this is the IEEE 802.17 (IIRC) work on
> resilient packet rings as an alternative to SONET.

Thanks for the reference. I subscribed to the 802.17 list. It's always good
to know
what's happening in the sub-IP areas even if I'm not working with it daily.

> >N.B. That's duct tape, not scotch tape. The author knew his stuff, both
> >white and
> >black. Mr. Waitzman's care in selecting the more robust concatenation
method
> >is
> >appreciated even to this day.
>
> I always wonder if he had generalized to amphibious avian carriers,
> would it instead have been duck tape?

IIRC the RFC does not specifically address the application of the avian
transport system to aquatic environments. However, one could safely
extrapolate to an affirmative answer to your question. I've had lengthy
discussions with individuals in the construction trades who claim that
the original designation of that type of tape was derived from the
sound, which resembles the audible signaling of family Anatidae, produced
when the tape is rapidly separated from the storage medium (spooling
device). In any case, the RFC illustrates the virtually unlimited
adaptability of the Internet and helps us place it in the larger historical
context. There is a logical progression of transport technologies from
avian to electrical to optical. Furthermore, if it is true that history
repeats itself, the RFC has explained not only the past but also the future
of telecommunication.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42435&t=42214
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

smartnet experiences? [7:42436]

[Ron Mansolino]

I ebayed a router a while back, and it seems to be having issues.
So, I need to have it looked over. What do I need to know about the 
repair procedure? I imagine it starts with a smartnet contract, 
can you folks provide any tips to navigating this so it doesn't 
turn into an ordeal? Thanks...

-- 
Ron Mansolino   [EMAIL PROTECTED]   http://www.netaxs.com/~rmsolino/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42436&t=42436
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP boot camps [7:42427]

[Dejan Ristovski]

Hi,

I was wondering what you falks think about CCNP boot camps. Are they worth
the
money, is it possible to get CCNP certified in 2 weeks?

Thanks,

Dejan Ristovski
Cisco Technical Support, CCNA
EKONET
Authorized Cisco Distributor
Address:
Partizanski odredi 101, 1000 Skopje
Macedonia
Tel./Fax: ++389 2 361284
E-mail: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42427&t=42427
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

External Tech support connecting on server - VPN is OK ? [7:42478]

[Brown, M]

I have to allow an external techinician to work on a third-party application
on my server.
Two options: Use connection through Modem or VPN Client (Cisco 3000
Concentrator).

I would go with the VPN account, and then at the end of the support work I
would disable the GuestTech account and change its password.

My co-worker argues that he doesn't want to grant VPN account to the techGuy
because that would release our VPN server name and configuration to the
external technician.
So my co-worker prefers that the tech guys sticks to the slow modem
solution.

Your thoughts ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42478&t=42478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP routing issue. [7:42479]

[Keith Woodworth]

We had a /24 that was not being used in one part of our network any
longer. It was routed through 2 RSM's on a Cat5500 switch.

As well the network was in an EIGRP AS that we do for IGP routing on both
RSM's. So the network was removed from the EIGRP system, a new static
route was put in on our gateway router for said network.

Everything works on the new network except for getting to some internal
sites...The interesting part is when doing a sh ip route on the RSM's I
see this:

D208.181.160.0/24 is a summary, 1w4d, Null0

Now why did the RSM's suddenly route that network to null0? My workstation
is connected to the RSM's and I cannot ping any IP's on that subnet since
that network is now being routed to null.

That network is definately gone from the EIGRP statement. Here is the
output of sho ip proto for the eigrp AS:

Routing Protocol is "eigrp 100"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  EIGRP maximum hopcount 100
  EIGRP maximum metric variance 1
  Redistributing: connected, eigrp 100
  Automatic network summarization is not in effect
  Routing for Networks:
209.53.131.0
209.53.132.0
209.53.133.0
209.53.134.0
209.53.135.0
208.181.161.0
64.0.0.0

=== Cut -==

so what do I do about getting the RSMs to take out the routing statement
for that network? Would EIGRP have just a done an update when the network
statement was removed?

Thanks for any input on this...
Keith




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42479&t=42479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE 350-001 [7:42344]

[Clark Jason]

All,

So does that mean in 6-8 weeks, the current(non-beta) exam will be no more?
And the new exam will be structured more like the BETA?

Any info would be helpful.I'm sitting the BETA tomorrow as a trial
runKnowing that would be good




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42482&t=42344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT - CCNA and CCNP books for sale [7:42484]

[Chewy Gravy]

Hopefully appropriate, I have the following books for sale:

Exam Cram CCNA (640-507)
Sybex CCNA Study Guide, CD included (640-507)
Osborne CCNP Routing Study Guide, sorry, CD is lost (640-503)
Sybex Routing Study Guide, CD included (640-503)
Osborne CCNP Switching Study Guide, CD included (640-504)

It appears that Amazon sells these for $34, so does $25 sound fair if US 
shipping is included? The Exam Cram book is free with any purchase.


Doug
[EMAIL PROTECTED]
=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42484&t=42484
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: is the following pap callin cfg viable? [7:42475]

[Erick B.]

The config is good for the pieces you posted. Is it
working or? If it's not, perhaps theres a extra space
after one of the passwords.

--- "Mirza, Timur" 
wrote:
> PAP Using Different Passwords On Two Different
> Routers
> 
> on r1:
> username r2 password 0 timur
> !
> int BRI0
>  ppp authentication pap 
>  ppp pap sent-username r1 password 0 milton
> 
> on r2:
> username r1 password 0 milton
> !
> int BRI0
>  ppp authentication pap callin
>  ppp pap sent-username r2 password 0 timur
> 
> !"callin" keyword on r2 means that r2 will only
> authenticate r1 if r1
> initiated the call
> 
> Timur Mirza
> Principal Network Engineer
> Network Planning & Engineering, West Region
> 15505-B Sand Canyon Avenue
> Irvine, California 92618
> Verizon Wireless
> 949.286.6623 (o)
> 949.697.7964 (c)


__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42485&t=42475
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Part Number ??? [7:42486]

[Juan Blanco]

Team,
Our company has 17 sites and 12 are using a 1600 router, I want to be able
to dial in to any router via a modem as backdoor trough the console port(I
know the security issue), I looked at the cisco web site for the correct
part number of the rj-45-to-db25 adapter, the one that I found seems that it
can only be used by the 2500/2600/3600 router but not mentioning about the
1600.

Which one is the correct part number of the adapter that I will need to plug
into the modem(us-robotics)

Thanks,

JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42486&t=42486
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

how to share 1 Ethernet interface. possible? [7:42487]

[hktco]

I have only ***one*** ethernet interface on 2610 and it needs to be
both a dhcp client and assigned a static IP. i.e. something like:

int e0/0
 ip address dhcp
 ip add 192.168.1.254 255.255.255.0

but in practice, it is NOT allowed. Also I tried to use subinterfaces,
and again, it won't let me to achieve the above implementation.


The reason I am doing this is that I am trying to share my broadband
connection through the Cisco
router. That's why it must be a DHCP client so that it can grab an IP from
the
ISP.

Then I'll need another ethernet interface to connect to my inside LAN!
but pathetically, I have only 1 physical ethernet interface!!!

Could there be any workaround? Thanks

hktco




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42487&t=42487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS upgrade on 2900 failing [7:42397]

[Ed Gobeille -HM]

I went through the TAC help desk and after a couple of hours, it turned
out I just needed to add a : to the end of the copy tftp flash string.
I had previously upgraded 12 2900 switches with out using the : and they
worked fine.  Tech said the difference was either IOS ver or hardware
revision.  Thanks for everyone's help.

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, April 24, 2002 11:08 AM
To: 'Ed Gobeille'; [EMAIL PROTECTED]
Subject: RE: IOS upgrade on 2900 failing [7:42397]


Do a "dir flash:" You should see something like:
OP_Center>dir flash:
Directory of flash:

  2  -rwx 1223432   Jun 24 1999 01:26:57
c2900XL-h2s-mz-112.8.2-SA6.bin
  3  -rwx   98833   Jun 24 1999 01:26:57
c2900XL-diag-mz-112.8.2-SA6
  4  drwx   10816   Jun 24 1999 01:27:10  html
175  -rwx 277   Jan 01 1970 00:00:18  env_vars
176  -rwx2446   Apr 21 1993 17:13:02  config.text

3612672 bytes total (1781248 bytes free)

It's possible to have more than one image in Flash. If so, there won't
be room to add the new one. Erase one of the old ones. Let us know the
solution.

> -Original Message-
> From: Ed Gobeille [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 23, 2002 7:12 PM
> To: [EMAIL PROTECTED]
> Subject: IOS upgrade on 2900 failing [7:42397]
>
>
> I'm getting an unusual error while tring to upgrade IOS on several of 
> my 2900XL series switches.  After doing the copy tftp flash
> command, I get the
> response from the IOS "copy to or from flash not
> implemented".  TAC site
> does not have anything on this that I could find.  Any ideas?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42488&t=42397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: External Tech support connecting on server - VPN is OK ? [7:42490]

[Kent Hundley]

Ah yes, security through obscurity. ;-)

If I would have had to guess, I would have guessed you were using one of the
following VPN products:

1) Cisco
2) Checkpoint
3) Nortel

I would have started with Cisco and assumed either a VPN concentrator or a
PIX. (in your case, I would have hit the first try)

And, let me guess, your using ESP only (no AH) in tunnel mode with a shared
secret, not certificates.

If I knew what company you worked for, I could probably find your VPN server
with a quick scan. If nothing else, I could just attempt an ISAKMP
connection on every IP address in your range and see what responds.

Bottom line, your not providing your vendor with any information they
couldn't find with a few minutes worth of work if they wanted to.  I _would_
create the vendor their own group with their own shared secret, no reason to
give them something they can't obtain on their own, but the information your
revealing is nothing that is not publically attainable.

In any case, unless you have a password protected modem, by using a modem
your creating an unauthenticated, probably unaudited backdoor into your
network via modem access, which is never a good idea.  Concentrate your
resources on monitoring the doors you do allow and be draconian in
eliminating all others.

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brown, M
Sent: Wednesday, April 24, 2002 4:51 PM
To: [EMAIL PROTECTED]
Subject: External Tech support connecting on server - VPN is OK ?
[7:42478]


I have to allow an external techinician to work on a third-party application
on my server.
Two options: Use connection through Modem or VPN Client (Cisco 3000
Concentrator).

I would go with the VPN account, and then at the end of the support work I
would disable the GuestTech account and change its password.

My co-worker argues that he doesn't want to grant VPN account to the techGuy
because that would release our VPN server name and configuration to the
external technician.
So my co-worker prefers that the tech guys sticks to the slow modem
solution.

Your thoughts ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42490&t=42490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

wr mem ?( uploading a config) [7:42491]

[Jerry Deer]

I used to download configs from cisco router make changes to such as spids
and then -copy tftp start- and wr mem so the changes would be saved to start
config and not affect the current running config so when router was
unplugged and taken to new location it would work with new isdn line. 
Now when I do a wr mem it seems to write to start and running config Am
I doing this wrong?
Thanks
JD




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42491&t=42491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Networkers in San Diego [7:42402]

[Tim Potier]

I think so... working on that now!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42493&t=42402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MCNS exam [7:42432]

[Tim Potier]

>From experience, the Cisco Press book, although very detailed, is perfect
for the exam (it is also good prep for the Pix exam and the VPN exam...money
well spent).


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42492&t=42432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to share 1 Ethernet interface. possible? [7:42487]

[Lupi, Guy]

There is a way to do this, but it is shady.  I didn't think I would ever see
a reason to use this, but your situation is described exactly in this
document.  If you are like most cable/dsl customers you have a bridge in
your house, and your address probably doesn't change all that often.  I
believe a friend said his only changes once every 3 months.  You would have
to modify your config when your address changed, but this would work.  Your
probably better off buying a Linksys for 100 dollars.  Unfortunately I don't
believe you can assign a secondary address when you have specified that the
interface uses dhcp, at least not on any of my routers.


http://www.cisco.com/warp/public/556/nat-on-stick.html

~-Original Message-
~From: hktco [mailto:[EMAIL PROTECTED]]
~Sent: Wednesday, April 24, 2002 8:46 PM
~To: [EMAIL PROTECTED]
~Subject: how to share 1 Ethernet interface. possible? [7:42487]
~
~
~I have only ***one*** ethernet interface on 2610 and it needs to be
~both a dhcp client and assigned a static IP. i.e. something like:
~
~int e0/0
~ ip address dhcp
~ ip add 192.168.1.254 255.255.255.0
~
~but in practice, it is NOT allowed. Also I tried to use subinterfaces,
~and again, it won't let me to achieve the above implementation.
~
~
~The reason I am doing this is that I am trying to share my broadband
~connection through the Cisco
~router. That's why it must be a DHCP client so that it can 
~grab an IP from
~the
~ISP.
~
~Then I'll need another ethernet interface to connect to my inside LAN!
~but pathetically, I have only 1 physical ethernet interface!!!
~
~Could there be any workaround? Thanks
~
~hktco
~
~
~
~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42494&t=42487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

newcomer to HSRP or fall-back behavior [7:42495]

[mihai iancu]

hello,

this is what i'm trying to accomplish:

box 1 (a.a.a.a)|
   |--- VPN client - IPSec tunnel
   |  Internet
box 2 (b.b.b.b)|

I'm trying to figure out a way to specify a destination for the IPsec
client that is independent of the a and b addresses.

a and b are not in the same subnet.

i went on the cisco site and i read about the HSRP but i don't think is
the right mechanism.

is there a function on a switch that can be used, something like - OK
one port goes down then use another one, without looking at IP address
or something like this?

thank you for your help,

mihai

ps: pls reply also at [EMAIL PROTECTED]

__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42495&t=42495
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: how to share 1 Ethernet interface. possible? [7:42487]

[nilesh bothra]

I have broadband connection. I set up a machine with 2 ethernet cards and
hardwired the address received via DHCP on one of my ethernet card (been
working more than 4.5 months). Enabled NAT and I connected 3 more machines
to it. Works just fine.

Nilesh

""hktco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have only ***one*** ethernet interface on 2610 and it needs to be
> both a dhcp client and assigned a static IP. i.e. something like:
>
> int e0/0
>  ip address dhcp
>  ip add 192.168.1.254 255.255.255.0
>
> but in practice, it is NOT allowed. Also I tried to use subinterfaces,
> and again, it won't let me to achieve the above implementation.
>
>
> The reason I am doing this is that I am trying to share my broadband
> connection through the Cisco
> router. That's why it must be a DHCP client so that it can grab an IP from
> the
> ISP.
>
> Then I'll need another ethernet interface to connect to my inside LAN!
> but pathetically, I have only 1 physical ethernet interface!!!
>
> Could there be any workaround? Thanks
>
> hktco




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42496&t=42487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Secret Clearance [7:42499]

[nilesh bothra]

how does one go about getting a secret clearance.

is there a website with this info

what are the requirements

nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42499&t=42499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: External Tech support connecting on server - VPN is OK ? [7:42500]

[Patrick Bass]

Can you install VNC on the server in question and allow VNC connections
through your firewall to that system?  You can close the hole once the
technician is finished.

""Brown, M""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have to allow an external techinician to work on a third-party
application
> on my server.
> Two options: Use connection through Modem or VPN Client (Cisco 3000
> Concentrator).
>
> I would go with the VPN account, and then at the end of the support work I
> would disable the GuestTech account and change its password.
>
> My co-worker argues that he doesn't want to grant VPN account to the
techGuy
> because that would release our VPN server name and configuration to the
> external technician.
> So my co-worker prefers that the tech guys sticks to the slow modem
> solution.
>
> Your thoughts ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42500&t=42500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE 350-001 [7:42344]

[Shahid Muhammad Shafi]

one line for u Khalid

"There is no shortcut to success"

Objectives are 90 percent same for both tests then why
worry. I think u r worried all those "shortcuts" or
"Cramming" wont work. If u r prepared give the new one
and save mnoney plus accept the challenge!!!

I am sitting for it on May 6th, u can also book it.
Why afraid dude, just do it and forget about
shortcuts.

--- khalid ameen  wrote:
> what about the old one, still the topics is the same
> and the questions database still the same cause we
> heared about the changing in the CCNP exams is
> that also about CCIE old exam 350-001
> 
> --- Kris Keen  wrote:
> > I enquired about this with the CCIE Team. They
> > explained the beta runs to
> > May 7th, after that time it will take serveral
> weeks
> > to evaluate the exam
> > and results. I'd say the new exam will take effect
> > in about 6-8 weeks.
> > 
> > I will be sitting the old one
> [EMAIL PROTECTED]
> 
> 
> __
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/
[EMAIL PROTECTED]


=
Shahid Muhammad Shafi

"Every man dies; not every man really lives"

Please help feed hungry people worldwide http://www.hungersite.com/
A small thing each of us can do to help others less fortunate than ourselves

__
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42502&t=42344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640-8AM ---urgent! [7:42211]

[yonghai zhang]

hi,anyboby

if you have some experience with 3640 8AM  Module,can i share with you?

thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42501&t=42211
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Secret Clearance [7:42499]

[Stanford Wong]

The company or organization that will hirer you will take care of the
paperwork.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42503&t=42499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

traffic engineering exercises [7:42504]

[Tom Scott]

>From the GMPLS/CCAMP TE draft:

   Thus we have a more general notion of a TE link.  A TE link is a
   "logical" link that has TE properties. The link is logical in a
sense
   that it represents a way to group/map the information about certain

   physical resources (and their properties) into the information that

   is used by Constrained SPF for the purpose of path computation, and

   by GMPLS signaling. This grouping/mapping must be done consistently

   at both ends of the link. LMP [LMP] could be used to check/verify
   this consistency.

Has anyone written exercises that will work on affordable CCIE/CCNP
labs?

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42504&t=42504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640-8AM ---urgent! [7:42211]

[Juli Hato]

What your problems?

HATO


>From: "yonghai zhang" 
>Reply-To: "yonghai zhang" 
>To: [EMAIL PROTECTED]
>Subject: RE: Cisco 3640-8AM ---urgent! [7:42211]
>Date: Thu, 25 Apr 2002 01:42:03 -0400
>
>hi,anyboby
>
>if you have some experience with 3640 8AM  Module,can i share with you?
>
>thanks.
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42505&t=42211
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Secret Clearance [7:42499]

[Sean Knox]

I'm sure someone will respond with a much detailed response, but in the
meantime, know that secret clearance is a very expensive, time consuming
process at the very least. Don't think it's like a Cisco cert that you can
just study or apply for. Usually people already have it from past jobs,
military experience, etc. Sponsorship by your employer is generally required
to attain TS. If a job description asks for TS clearance and you don't have
it, don't waste your time applying.

Sean

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
nilesh bothra
Sent: Wednesday, April 24, 2002 10:16 PM
To: [EMAIL PROTECTED]
Subject: Secret Clearance [7:42499]


how does one go about getting a secret clearance.

is there a website with this info

what are the requirements

nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42506&t=42499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640-8AM ---urgent! [7:42211]

[yonghai zhang]

thanks for your reply!

pls refer first past which is my question.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42507&t=42211
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Connected to ComCast Network... [7:42509]

[Mark Odette II]

Has anybody out there dealt with one of these scenarios?!?!

ComCast customer wanting to hook up their PIX 501 to their CableModem, and
use either DHCP, or a "Static" address on the outside interface; NAT and
Dynamic VPN configuration to connect back to HQ PIX also is in this picture.

I spent several hours trying to get the PIX to work, but got intermittent
failure in Ping tests, traceroutes from inside workstation, and extremely
slow and mostly failed http requests from same said workstation's browser.
Called ComCast Tech support, they argued that the client account had to be a
"Comcast Pro" account to allow such a scenario (the VPNs from the customer
firewall), but did not specify what their definition of Firewall was until
quite later... which was Windows XP workstations running its "firewall"
capability.  This ComCast Pro acct. was supposed to yield 5 "static"
addresses, but this was later defined as 5 addresses randomly chosen from a
255.255.252.0-masked 68.60.x.x network and given "extended" lease
parameters.

Tech support found something wrong with the config of the CableModem, did a
"reset of all systems" and still got no joy on the PIX...but the cable-modem
jacked directly into the workstation would work. :(

Just as a checklist for the obvious question Yes, I had already defined
Unreachables, Echo-Reply, and Time-Exceeded to be allowed in from the
outside.  I then even simply changed the rule to allow ICMP Any Any (applied
to the outside interface).

I tried initially setting the PIX to try obtaining its IP via DHCP, but got
nothing and the Tech Engineer didn't report "seeing anything coming from
the PIX over the CableModem in terms of BootP/DHCP requests."

Hard-Coding the IP of what was learned from the DHCP successful assignment
to the Workstation when it was connected directly to the CableModem yeilded
the spotty results.

If anyone has any tips or tricks on how to make this work, either via DHCP
or Hard-coding the IP from the ISP, I'd be eternally greatful.  The region
of the ComCast Network that this is being attempted on is in Rome, Georgia.

Thanks,
Mark




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42509&t=42509
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Power Session 2000 WAS RE: Networkers in San Diego [7:42508]

[Sean Knox]

Are there any discounts for the CCIE power session aside from
education/gov.'t? My company isn't paying for it, and I'd heavily prefer not
to pay $450 (the $295 discount price is ok).

- Sean

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Daniel Cotts
Sent: Wednesday, April 24, 2002 3:53 PM
To: [EMAIL PROTECTED]
Subject: CCIE Power Session 2000 WAS RE: Networkers in San Diego
[7:42474]


Here's the URL for the CCIE Power Session for the 2000 Networkers. See if it
is useful for you.
padding
padding
http://www.cisco.com/networkers/nw00/pres/3304/3304.htm

> -Original Message-
> From: Logan, Harold [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 24, 2002 4:59 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Networkers in San Diego [7:42402]
>
>
> I'm trying to take the Monday one too. I don't know if I'll be able to
> though, because there are pseudo-mandatory networking academy
> events going
> on monday. Two of our other instructors are going though, so
> I'm going to
> try and get them to take one for the team while I do the CCIE
> power session.
> There's a second power session on friday, but it looks like
> I'm going to
> have to leave Thursday night.
>
> As for whether or not they're helpful, I've never been to
> networkers before.
> My only source of feedback from networkers is one of our
> instructors went
> last year, but he didn't do any of the power sessions.
>
> For the breakout sessions I'm going to try and take at least
> one that's on
> something I'm not even remotely knowledgeable of (probably
> MPLS) and I'll
> attend others on topics I'm weak on that are more likely to
> show up on the
> lab, as my lab date is in july.
>
> For those who went last year, did they have the CCIE power
> session then, and
> would you recommend it?
>
> Hal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42508&t=42508
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wr mem ?( uploading a config) [7:42491]

[Kostov Peter]

Hi Jerry,

As i suppose, after a copy tftp start the uploaded config is already stored
in your startup config. What basically a wr mem does is to copy your running
config into your startup config. I.e. after doing a wr mem, your just before
copied file should be overwritten by your current running config. Any
intended changes by the copied file will disappear.

Peter


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42510&t=42491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]