switch and router pricing [7:42778]

[Magichut]

Hello all , I have 2-3com 4007 switches fully loaded.  2-930 watt power
supplies, 2 enterprise management engine modules (model ecb9eme), 4-36-port
10/100BASE-TX Switching Module (Model Number: 3CB9LF36R) , 1-9-port Gigabit
Switching Module (Model Number: 3CB9LG9MC) Fiber, 1-12-port 10/100BASE-TX
MultiLayer Switching Module (Model Number: 3CB9RF12R), 1-24-port Switching
Fabric (Model Number: 3CB9FG24T) which has no ports on this blade.

After checking the prices on major and minor websites, I found that a
combined powerhouse like the one mentioned above was right around $35,000.
I am looking to part with them for about $20,000 (flexible) each.  Does that
sound like a good ball park? and I have 5 cisco routers That are soon to be
replaced by new ones that I will sell also.  Can someone point me to a good
website to sell them on?

Thanks for your replies,
Magichut




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42778&t=42778
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT dilemma [7:42762]

[Howard C. Berkowitz]

Chuck shaped electrons, photons, and little dot things to say:

>interesting question. without tearing up my pod to set up a Q&D, let me try
>a little logic here.
>
>when the router checks its FIB, and determines that the packet in question
>is to go out a particular interface ( as opposed to a network ) what happens
>then? does the router place that packet onto the wire out that interface, or
>does it place the packet into the process that manages what happens on that
>interface?

In the unnamed router designs which which I have the most experience, 
most processing takes place on the input side, which hands the packet 
off to the switching fabric ("fast path"). There's usually an 
internal header indicating the destination as an interface or as a 
multicast group.

Lower-layer encapsulation, output shaping, etc., do take place at the 
output interface.  Typically, IP fragmentation is handled there 
UNLESS that has to be done in the "slow path", which normally is in 
the main processor.

>
>In other words, if the packet is destined out an Ethernet interface, how is
>it handled? differently than it would be handled under other circumstances?
>I don't think so. I would think that the process that controls the Ethernet
>interface would then follow the standard operating procedure for all packets
>bound out onto an Ethernet - that there would be an ARP request. If there
>were no response from some device that knew the destination network, then
>the packet would be dropped. if there were a device, the router would then
>forward the packet.

The output interface pretty well has to be a part of ARPs, but it may 
be fairly stupid with respect to them -- the ARP requests may 
originate in some other processor and the ARP cache may be kept 
there, depending on the design.

>
>I guess what I am saying is that the router operates in a standard manner.
>all packets that the router handles are treated the same way. meaning they
>are all processed by the appropriate router process. the router code is like
>any other computer code - a series of if-then-else sequences. all packets
>are processed the same way - inbound and outbound.

I think you are overestimating the role of interface intelligence and 
underestimating how much goes on in one or more separate processors. 
Of courxe, this is for high-performance routers.  With 1600s and the 
like, even more intelligence moves from the interface into the main 
processor.

>
>in the case we have been discussing, the question I now have is whether or
>not the cable modem is responding to the ARP requests of the 1605 router.
>
>anyone have a different understanding of how the router operates?
>
>Chuck
>
>
>
>""Michael L. Williams""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  "Paul Lalonde"  wrote in message
>>  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  > but
>>  > routing out via an Ethernet interface will likely just *drop* the
packet
>>  > onto that broadcast domain (subnet) without pointing it to a specific
>next
>>  > hop.
>>
>>  This raises an interesting question:  If you try to make a static route
>that
>>  routes out an ethernet interface (multi-access medium), does the router
>send
>>  the frame to the Layer 2 broadcast address?  If so, then if there is
>another
>>  router somewhere on that segment, wouldn't it hear and route the packet
>>  properly, or would it see it as a layer 2 broadcast and it not go any
>>  further?
>>
>>  Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42779&t=42762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R&S Beta Experience [7:42761]

[Steven A. Ridder]

What's ITM?  I'm sure once you tell me what it is, I'll say "DOH!"


""dre""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I took the CCIE R&S Beta this afternoon, here's what I experienced:
>
> About 1/5 of the exam I thought should be on the CCNA instead (Make
> sure you know ITM well for this part)
> About 1/5 of the exam I only knew because of my 5 years+ IP/Ethernet
> Cat5k/Cat6k/7x00 experience (especially know IP Multicast, OSPF,
> BGP, STP, VLAN, UDLD, VACL/RACL, etc)
> About 1/5 of the exam I thought were really math questions and not
> Cisco questions (Know various QoS case scenarios from IP, FR,
> ATM, etc)
> About 1/5 of the exam I figured only a person who worked 5 years+
> doing IPX would know
> About 1/5 of the exam I figured only a person who worked 5 years+
> doing SNA/DLSw+ would know
>
> Which means I probably got 2/5's of the test's answers wrong, putting
> me ~60%.  I hope the pass rate is near that number.
>
> When you go through the blueprint, do not skip over anything; it's
> all on the exam.
>
> The insight that there are a lot of IP Multicast and Catalyst 6500
> questions was true in my experience as well.  If you don't know
> those down cold, you probably shouldn't bother taking the test.
>
> Cisco LAN Switching is not enough to get by, but Routing TCP/IP
> Volume II is probably the best book you could read that covers a
> lot of the material (lucky I read this the night before the exam).
>
> If you are lacking in any areas, reading isn't going to help too
> too much since a lot of the questions are really exercises with
> real world examples and interesting concepts that can only be applied
> with hands-on exposure.  Make sure you get that hands-on exposure
> if you aren't working with it day-to-day.
>
> -dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42780&t=42761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT dilemma [7:42762]

[Marty Adkins]

"Michael L. Williams" wrote:
> 
> "Paul Lalonde"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > but
> > routing out via an Ethernet interface will likely just *drop* the packet
> > onto that broadcast domain (subnet) without pointing it to a specific
next
> > hop.
> 
> This raises an interesting question:  If you try to make a static route
that
> routes out an ethernet interface (multi-access medium), does the router
send
> the frame to the Layer 2 broadcast address?  If so, then if there is
another
> router somewhere on that segment, wouldn't it hear and route the packet
> properly, or would it see it as a layer 2 broadcast and it not go any
> further?
> 
One might think that a static route to a broadcast interface type would be
ambiguous for layer 2, and it is.  But what IOS does in that case is just
ARP for the destination IP and hope it gets an answer.  It will work, but
only if some other adjacent router will perform a proxy ARP reply.  Use
"debug arp" to observe this.  I used this trick several years ago when I
didn't want to run a routing protocol on one interface and there were
quite a number of potential next hops (long story).

As for the original question... I compared the supplied config to mine
and it should work, but then I have Comcast, not Roadrunner.  I agree
with Paul Lalonde -- just let the router learn the default route via
DHCP (it works for me).

Once you get it working, you'll want to add some things like an inbound
ACL, pass the domain name to your internal DHCP clients, possibly extend
the internal DHCP lease time, etc.

- Marty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42781&t=42762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Homebuilt Pix Firewall [7:42022]

[netman]

> Any particular intel motherboard?


Sure, I guess my other posts didn't make it to the list.

Here is some more info.

Intel SE440BX-2 motherboard (check the revision, the news revs of the board
seem to work better)
2 or 3 Intel 82577 Pro100/B NIC
Cisco 16MB PIX Flash card (or the Cisco 2 meg Pix flash card)
Floppy drive
Case/power supply
128MB DRAM
350MHZ Processor w/ 512K cache

I took this info from a post on securityie.com

Anyway I am running on a P3-450 and 128 meg of ram. I tried other
motherboard (ASUS) and the thing would not work. As soon as I used this
motherboard, it came right up. I had a spare 2meg flash from a Pix upgrade I
did and that is what I am using. Of course you can't run the latest Pix OS
on it which kinda sucks. I don't have the $700 to fork over for that card.

I did nothing to the bios on the motherboard. It came right up and worked. I
hear you can change it to boot up from NET, but I think I will leave it
alone (since it is  working).

One thing, do not try to buy this board from www.edgemicro.com. I have been
waiting 3 weeks so far for the board I ordered from them. I finally ordered
from another place in Texas and got it in 3 days.

I ordered from www.directron.com

Here is a link to the Motherboard.

http://www.directron.com/mb-intel-bx2-na.html

Hope that helps some,

Don Hickey




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42782&t=42022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can't ping [7:42783]

[Giles Funnell]

Hello everyone,

 

I'm quite new to the world of Cisco so please bear with me.

 

I've just replaced an old 10MB hub with a 2900 Catalyst Switch.  All the
connections are fine except for one.  I have a relatively blank
configuration with all the computers in one vlan.  For this one
connection I can't ping either the PC or the switch from the PC.  There
is a connection there and the MAC address of the computer shows up in
the table on the switch so I don't think there's any physical problem
with the connection.  I've tried playing around with the speed and
duplex settings but had no luck.  I have attached a couple of
configurations from the switch.

 

Another problem I'm having is when I use HyperTerminal to connect to the
switch it locks up after a while.  Even if I close it down and re-open
it there isn't any response from the switch.  I can still telnet into it
and connect through Internet Explorer.  

 

If you have any suggestions it would be greatly appreciated.

Thanks for your time,

 

Giles
switch2912#show vlan
VLAN Name StatusPorts
  -
--
1default  activeFa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default active
1003 token-ring-default   active
1004 fddinet-default  active
1005 trnet-defaultactive

VLAN Type  SAID   MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1
Trans2
 - -- - -- --    --
--
1enet  11 1500  -  -  ---1002   1003
1002 fddi  101002 1500  -  -  ---1  1003
1003 tr101003 1500  1005   0  --srb  1  1002
1004 fdnet 101004 1500  -  -  1ibm  -0  0
1005 trnet 101005 1500  -  -  1ibm  -0  0
switch2912#

-
--


switch2912#show running-config
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch2912
!
enable secret 5 $1$c8FL$ZoVBlifHy7vekBQGtyg6S.
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface VLAN1
 ip address 192.168.0.253 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
ip default-gateway 192.168.0.1
snmp-server engineID local 00090202FDC859C0
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x0D


-
---


switch2912#show int
VLAN1 is up, line protocol is up
  Hardware is CPU Interface, address is 0002.fdc8.59c0 (bia 0002.fdc8.59c0)
  Internet address is 192.168.0.253/24
  MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
 4348 packets input, 299605 bytes, 0 no buffer
 Received 3783 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 input packets with dribble condition detected
 569 packets output, 118010 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0002.fdc8.59c1 (bia 0002.fdc8.59c1)
  MTU 1500 bytes, BW 10 Kbit, DLY 100 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 138000 bits/sec, 22 packets/sec
  5 minute output rate 68000 

Re: NAT dilemma [7:42762]

[Michael L. Williams]

"Marty Adkins"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> One might think that a static route to a broadcast interface type would be
> ambiguous for layer 2, and it is.  But what IOS does in that case is just
> ARP for the destination IP and hope it gets an answer.  It will work, but
> only if some other adjacent router will perform a proxy ARP reply.

Cool.. that makes sense.  at first, I was going through my thought
processes saying "If it's routing a packet (sending a frame) out the
ethernet interface what Layer 2 destination address is it using?"  That's
why I was speculating that it was perhaps a L2 broadcast but  it makes
sense that it would ARP for the dest. IP and then a router on the
multi-access could respond via proxy-arp, etc..

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42784&t=42762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT dilemma [7:42762]

[JohnZ]

Wow Thank you all, I have definitely learned a lot from this. When I do "sh
IP route" I can see that I am getting a default route from the cable
provider. Earlier when I was trying to figure out this problem I was running
several debugs and I saw encapsulation failed errors which is in line with
the ARP process pointed out by Marty. One last thing .what should I have
on this router to improve performance and provide security for the inside
network. Most of the traffic flowing through this router will be http to the
outside. What extra advantage does upgrading to a IOS with firewall feature
set give me in this case.
""Marty Adkins""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> "Michael L. Williams" wrote:
> >
> > "Paul Lalonde"  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > but
> > > routing out via an Ethernet interface will likely just *drop* the
packet
> > > onto that broadcast domain (subnet) without pointing it to a specific
> next
> > > hop.
> >
> > This raises an interesting question:  If you try to make a static route
> that
> > routes out an ethernet interface (multi-access medium), does the router
> send
> > the frame to the Layer 2 broadcast address?  If so, then if there is
> another
> > router somewhere on that segment, wouldn't it hear and route the packet
> > properly, or would it see it as a layer 2 broadcast and it not go any
> > further?
> >
> One might think that a static route to a broadcast interface type would be
> ambiguous for layer 2, and it is.  But what IOS does in that case is just
> ARP for the destination IP and hope it gets an answer.  It will work, but
> only if some other adjacent router will perform a proxy ARP reply.  Use
> "debug arp" to observe this.  I used this trick several years ago when I
> didn't want to run a routing protocol on one interface and there were
> quite a number of potential next hops (long story).
>
> As for the original question... I compared the supplied config to mine
> and it should work, but then I have Comcast, not Roadrunner.  I agree
> with Paul Lalonde -- just let the router learn the default route via
> DHCP (it works for me).
>
> Once you get it working, you'll want to add some things like an inbound
> ACL, pass the domain name to your internal DHCP clients, possibly extend
> the internal DHCP lease time, etc.
>
> - Marty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42785&t=42762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can't ping [7:42783]

[Tom Scott]

Giles Funnell wrote:

> I've just replaced an old 10MB hub with a 2900 Catalyst Switch.  All the
> connections are fine except for one.  I have a relatively blank
> configuration with all the computers in one vlan.  For this one
> connection I can't ping either the PC or the switch from the PC.  There
> is a connection there and the MAC address of the computer shows up in
> the table on the switch so I don't think there's any physical problem
> with the connection.  I've tried playing around with the speed and
> duplex settings but had no luck.  I have attached a couple of
> configurations from the switch.

Did you enable portfast on the access ports? A  switch interface is in one
of two modes: access or trunk. Since you're not connecting to another
switch, it's advisaable to use portfast. You can even enable
portfast on an interface that connects to a router if you're not using
the router/switch link in a ROAST or OAR configuration (router on a stick /
one-armed router). Since the PC MAC addr shows up in the switch table but
you're not able to ping the PC, it's likely that the PC doesn't have an IP
addr (assuming you're using a DHCP srvr, are you?). Portfast activates the
interface quickly so the exchange of messages can occur within the time
slice allowed by the DHCP srvr.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42787&t=42783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSPM for IDS4210 [7:42788]

[Timo Graser]

I just got a IDS 4210 and want to manage it now, where can I download
a CSPM 3.0 Eval?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42788&t=42788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can't ping [7:42783]

[Marko Milivojevic]

> I'm quite new to the world of Cisco so please bear with me.

Since this is quite basic question, you might post it on associate
list, as well. But, here we go anyway. Someone more experienced will, of
course, correct me if I'm blatantly wrong in what I write (just a humble
apprentice here).

> I've just replaced an old 10MB hub with a 2900 Catalyst 
> Switch.  All the
> connections are fine except for one. 

It would greatly help to point to exact interface where this
problematic PC is connected. Based on "show interfaces" output that you
sent, there are two likely candidates - FastEthernet0/5 (less likely) and
FastEthernet0/6 (more likely).

FastEthernet0/5 is down, meaning that whatever is there is not up
and running. There have been some traffic on the interface, as statistics
show. No errors though. Might point to faulty NIC on he other side, although
in that case, some errors would be there.

FastEthernet0/6 is more interesting. Whatever is there has some
issues. There have been a lot of CRC errors (38 errors on 47KB of traffic is
a lot - someone correct me if I'm wrong, but error rate on this interface is
around 10% ?). Errors are CRC and frame errors. Assuming that you have
simple setup there, this would most probably point to a bad cable or bad NIC
in that PC. 

On the other hand, amount of broadcast traffic compared to unicast
on that interface is amazing. What exactly is there, even if that PC is not
the problem?

> Another problem I'm having is when I use HyperTerminal to 
> connect to the switch it locks up after a while.  Even if
> I close it down and re-open it there isn't any response
> from the switch.  I can still telnet into it
> and connect through Internet Explorer.  

This has been bugging me, as well. With 2900XL and 3500XL series.
The only solution that I came up with was the process of actually connecting
the console to PC:

1. Connect cable to switch
2. Connect connector converter (little brown thing, don't know the
correct name, sorry) to PC
3. Plug the cable into PC
4. Start terminal program

It might all be coincidence, but this annoyed me a lot few months
ago.


Regards,

Marko.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42789&t=42783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Syslog setup [7:42381]

[JohnZ]

I use Kiwisyslog, it works great for me, they have several other useful
utilities on their website including Cattools which can be scheduled to save
router configs periodically.
""Chris Charlebois""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Cisco syslog can be directed at *any* syslog deamon.  NT and *nix come
with
> syslog deamons, but you can add one to other OSes, too.  I did a quick
look
> on Tucows and found one that will run on XP.  You can check it out at
> http://www.kiwisyslog.com/products.htm.  And it's freeware.  (Note: I
> haven't used that package, so it could be complete crap. But whaddya
expect
> from freeware.)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42791&t=42381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS based Catalyst and Protocol filtering [7:42792]

[Steven A. Ridder]

Can the IOS based 4000's and 6000's do protocol filtering like they can in
the CatOS?  If so, what is the command, as I can't find it anywhere.

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42792&t=42792
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R&S Beta Experience [7:42761]

[dre]

> "Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What's ITM?  I'm sure once you tell me what it is, I'll say "DOH!"

Internetworking Technology Multimedia CD or the Internetwokring
Technology Handbook from Cisco Press.

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42793&t=42761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Homebuilt Pix Firewall [7:42022]

[John Golovich]

A standard PCMCIA PCI card will work for the flash card?

- Original Message -
From: "netman" 
To: 
Sent: Sunday, April 28, 2002 10:36 AM
Subject: Re: Homebuilt Pix Firewall [7:42022]


> > Any particular intel motherboard?
>
>
> Sure, I guess my other posts didn't make it to the list.
>
> Here is some more info.
>
> Intel SE440BX-2 motherboard (check the revision, the news revs of the
board
> seem to work better)
> 2 or 3 Intel 82577 Pro100/B NIC
> Cisco 16MB PIX Flash card (or the Cisco 2 meg Pix flash card)
> Floppy drive
> Case/power supply
> 128MB DRAM
> 350MHZ Processor w/ 512K cache
>
> I took this info from a post on securityie.com
>
> Anyway I am running on a P3-450 and 128 meg of ram. I tried other
> motherboard (ASUS) and the thing would not work. As soon as I used this
> motherboard, it came right up. I had a spare 2meg flash from a Pix upgrade
I
> did and that is what I am using. Of course you can't run the latest Pix OS
> on it which kinda sucks. I don't have the $700 to fork over for that card.
>
> I did nothing to the bios on the motherboard. It came right up and worked.
I
> hear you can change it to boot up from NET, but I think I will leave it
> alone (since it is  working).
>
> One thing, do not try to buy this board from www.edgemicro.com. I have
been
> waiting 3 weeks so far for the board I ordered from them. I finally
ordered
> from another place in Texas and got it in 3 days.
>
> I ordered from www.directron.com
>
> Here is a link to the Motherboard.
>
> http://www.directron.com/mb-intel-bx2-na.html
>
> Hope that helps some,
>
> Don Hickey




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42794&t=42022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Homebuilt Pix Firewall [7:42022]

[netman]

NO, It has to be the one from Cisco. I had purchased the 16meg Pix flash
upgrade and had the old Cisco Pix 2 MB flash card left over. That is what I
am using in this home-built Pix.


- Original Message -
From: "John Golovich" 
To: "netman" ; 
Sent: Sunday, April 28, 2002 2:28 PM
Subject: Re: Homebuilt Pix Firewall [7:42022]


> A standard PCMCIA PCI card will work for the flash card?
>
> - Original Message -
> From: "netman" 
> To: 
> Sent: Sunday, April 28, 2002 10:36 AM
> Subject: Re: Homebuilt Pix Firewall [7:42022]
>
>
> > > Any particular intel motherboard?
> >
> >
> > Sure, I guess my other posts didn't make it to the list.
> >
> > Here is some more info.
> >
> > Intel SE440BX-2 motherboard (check the revision, the news revs of the
> board
> > seem to work better)
> > 2 or 3 Intel 82577 Pro100/B NIC
> > Cisco 16MB PIX Flash card (or the Cisco 2 meg Pix flash card)
> > Floppy drive
> > Case/power supply
> > 128MB DRAM
> > 350MHZ Processor w/ 512K cache
> >
> > I took this info from a post on securityie.com
> >
> > Anyway I am running on a P3-450 and 128 meg of ram. I tried other
> > motherboard (ASUS) and the thing would not work. As soon as I used this
> > motherboard, it came right up. I had a spare 2meg flash from a Pix
upgrade
> I
> > did and that is what I am using. Of course you can't run the latest Pix
OS
> > on it which kinda sucks. I don't have the $700 to fork over for that
card.
> >
> > I did nothing to the bios on the motherboard. It came right up and
worked.
> I
> > hear you can change it to boot up from NET, but I think I will leave it
> > alone (since it is  working).
> >
> > One thing, do not try to buy this board from www.edgemicro.com. I have
> been
> > waiting 3 weeks so far for the board I ordered from them. I finally
> ordered
> > from another place in Texas and got it in 3 days.
> >
> > I ordered from www.directron.com
> >
> > Here is a link to the Motherboard.
> >
> > http://www.directron.com/mb-intel-bx2-na.html
> >
> > Hope that helps some,
> >
> > Don Hickey




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42795&t=42022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Returned mail--"rights reserved." [7:42796]

[postmaster]

The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: rights reserved.
The file is the original mail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42796&t=42796
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 2900XL's (and 3500's) [7:42687]

[John W. Reames]

My understanding is the Cat2950's replace the 2900XL's, and that with the
exception of the 3508G's and the 3524-PWR's the 3500 line is EOI (i think
july 1?).  The 3550 is a 'suggested' replacement for the 3500Xl, and the
pricing is supposed to drop on the 3550's. Bear in mind that the 3550 is a
pretty nice little box; it does ip routing and will out-forward the
4232-L3 blade...
-j.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42797&t=42687
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNA Authors needed [7:4550]

[Hehdili Nizar]

Hi ,
I m interested to participate
- Original Message -
From: ""CiscoB"" 
Newsgroups: groupstudy.jobs
Sent: Sunday, April 28, 2002 12:49 AM
Subject: CCNA Authors needed [3:4550]


> I'm looking for a few people that would be interested in authoring a
chapter
> for a CCNA book Network Learning Inc. is going to publish (for the new
> 640-607 test).  If you are interested, please email me,
> [EMAIL PROTECTED]
>
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42786&t=4550
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSPM for IDS4210 [7:42788]

[Don Nguyen]

You can try the software center on cisco's website.  You might need a CCO
account in order to download the CSPM eval though.

HTH, 
Don Nguyen


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42798&t=42788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: switch and router pricing [7:42778]

[Don Nguyen]

So... which routers will you have on sell soon ?  Still looking to fill out
my CCIE lab =)

Don


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42800&t=42778
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 2900 XLs [7:42687]

[[EMAIL PROTECTED]]

The EOL URL referenced below is, in my opinion, one of the most incomplete 
"lists" on CCO.  Use it as a starting point by all means, but don't rely 
on it to cover everything that has been EOL'd, because it doesn't.

(Actually, it appears to be a little more complete now than it used to be 
- but it's still pretty hopeless).

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 29/04/2002 09:03 am -


"[EMAIL PROTECTED] (John Nemeth)" http://www.cisco.com/go/eol/ .

} Same with 3500s and 3550 (well the 3500's do have GBICs slots available,
but

 The last of the 3500XLs will be discontinued on July 27th, 2002.

}-- End of excerpt from "Michael L. Williams"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42801&t=42687
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Terminal Server to 3542 Switch Access Probelms [7:42802]

[Ed Moss]

I am having a problem getting a CS-516 to reverse telnet to a 3524XL Switch.

The 516 is running 10.3(7) and can reverse telnet to routers, a PIX and VPN
3005 with no problem.
If I move a known good port from say a router to the 3524, it will not make
the connection.

If I connect my PC serial port to the switch, it works great... the same
cable that works with the other devices.
I have tried several cables (all that work with other devices.. it should be
a rolled cable, but I also tried a straight through cable as well). I have
even tried other ports off the 516.

Is there anything special about the console port, or config on the 3524?
Flowcontrol - Stop Bits???

Thanks
Ed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42802&t=42802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Home Lab Stuff [7:42804]

[Nigel Taylor]

Some items I had in my home lab that I no longer need.  I'm willing to
let it
all go to 1 buyer for $1200  If interested in individual pieces that's ok
too.

1 Cisco 2517 - 16MB/8MB, 2 serial, 1 BRI(S/T), 1 Token Ring, 8-port MAU  
$300

1 Cisco 2521 - 6MB/8MB, 4 Serial(2Sync/2Async), 1 BRI(S/T), 1 token ring 
$400

1 AGS+ -  CSC4 w/4 MB NVRAM, 8 Ethernet, 6 Serial(HD26)  
$550
  I also have aanother 4-port V.35 serial applique
  with 10' cables, 3 HD26-HD26 DCE-DTE cables, and
  3 HD26- HD60 DCE-DTE cables.
  IOS 11.26a - the last avialable code version
  Great "FRame Switch"

  The cables here alone cost about $350-$400.
 
2 MGS  -  (1st) 1 Serial, 1 ethernet, 1 token ring.  
$150
  (2nd) 3 serial, 1 ethernet, 1 token ring.

1 Cisco STS-10x - 1 ethernet, 9-port(poor-man's) terminal server 
$100
  all terminal cables(custom made) included

Any questions contact me directly. please do not post to the list.

Nigel



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42804&t=42804
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Spanning Tree Question [7:42806]

[Anil Gupte]

For spanning tree to work, do all the switches on a network (let us say a
LAN) have to support or enable Spanning Tree?  That is the general question.

Specifically, I have an HP Procurve connected to a router, and then a
Netgear Switch that hooks into one of the ports on the HP.  On the Netgear
are 3 or 4 more Netgear switches (all of there are simple unmanaged
switches)and we are pretty sure there are some redundant loops in there -
especially with two servers that dual NICs that are bound together using an
Intel "teaming" driver.  Do I need to turn Spanning Tree on?  It is
recommended?  Is it even going to work?

Thanx for any input.
Anil Gupte




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42806&t=42806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Alternatives to Cisco VPN client [7:42604]

[Kent Hundley]

The issue isn't with IPSec per se, its with allowing split tunneling.  If a
user PC becomes compromised via a trojan that allows remote control such as
BackOrifice, Netbus, etc., if you allow split tunneling then not only can
the attacker control the users machine, they can use it as a jumping off
point into the the corporate network.  If split tunneling is disabled, then
the attacker would not be able to connect to the users machine while the
user was connected via the VPN.  Personal firewall software can assist with
this, but many corporations still don't allow split tunneling because of
this issue since it is very difficult to keep a home users PC's reasonably
secure.

Regards,
Kent


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lidiya White
Sent: Friday, April 26, 2002 3:34 PM
To: [EMAIL PROTECTED]
Subject: RE: Alternatives to Cisco VPN client [7:42604]


If you want your VPN client to have Internet connectivity while VPN
tunnel is up, the solutions is the split tunnel configuration.
PIX will push an access-list to a client, so only traffic between your
private networks will flow through the tunnel, but the rest will go out
to the Internet unencrypted.
I work with Microsoft, Cisco VPN and IRE clients, and I don't really
know what security holes people were talking about. No matter what, when
a computer has a connection to the Internet, it's already a "security
hole" right there. I don't see how adding IPSec on the client, will make
it less secure. As far as decreased security for the LAN behind the PIX,
again, I don't see a major hole there.
As far as Microsoft client goes, it doesn't have as strong encryption as
Cisco client does.

Example:
http://www.cisco.com/warp/public/110/pix3000.html
(search for "split").


-- Lidiya White



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Odette II
Sent: Friday, April 26, 2002 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: Alternatives to Cisco VPN client [7:42604]

what's the security risk?

(putting on learning cap now... :)  )

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Louie Belt
Sent: Thursday, April 25, 2002 8:12 PM
To: [EMAIL PROTECTED]
Subject: RE: Alternatives to Cisco VPN client [7:42604]


You are creating a security risk for the other end of the tunnel when
you
are using split-tunneling from your client.

louieb



-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 6:49 PM
To: [EMAIL PROTECTED]
Subject: RE: Alternatives to Cisco VPN client [7:42604]


Thanks for the responses.

I'm aware of split tunneling with a concentrator.  That's not what I
want.
I'm looking for something that lets me connect to any IPSEC compliant
endpoint, whether it's a PIX, a router, or a Linux box.  In other words,
the client shouldn't care what it's connecting to.  It should only care
whether the traffic has a destination within the remote network or not.
If
so, send through tunnel, if not, send to Internet.

Hope this helps clarify.

Thanks!
Craig

At 07:39 PM 4/25/2002 -0400, you wrote:
>You can definitely do this using the Cisco VPN client. This is a policy
push
>from the concentrator. If you would like split-tunneling you need to
enable
>that on the concentrator to allow the clients to do that.
>
>http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel3_5_1/adm
in_g
d
>/vca.pdf
>
>Tim
>CCIE 9015
>
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Craig Columbus
>Sent: Thursday, April 25, 2002 6:25 PM
>To: [EMAIL PROTECTED]
>Subject: Alternatives to Cisco VPN client [7:42604]
>
>
>Let me preface this by saying that all of my VPN experience has been
either
>peer-peer or client to peer with the Cisco VPN client 1.x or 3.x.
Please
>ignore my ignorance if I've missed something obvious.
>
>I've got a major complaint with the Cisco VPN client.  It's not smart
>enough to differentiate local traffic/Internet traffic from VPN
>traffic.  Therefore, you can't browse the Internet and your VPN network
at
>the same time.
>I'm looking for alternative software clients that are smart enough to
say
>"Ok.  Any traffic destined for 10.x.x.x (or whatever you define VPN
traffic
>to be) goes to the tunnel.  If the traffic has any destination other
than
>10.x.x.x, it's treated as if the tunnel weren't even present."  This
would
>allow my client machine to easily browse the Internet and the VPN
remote
>network at the same time.
>I've done some preliminary searches for third-party clients, but don't
want
>to waste time trying 50 clients that may not be any good.  I've found
some
>for Mac OS X that'll do what I want, but I haven't found one for Win
>9x/ME/NT/2K/XP.
>There's got to be a decent client that does this.
>Sorry for rambling :-)  It's been a long day.
>
>As usual, thanks in advance to everyone.
>
>Craig




Message Posted at:
http:

Re: Terminal Server to 3542 Switch Access Probelms [7:42802]

[Larry Letterman]

we have a couple hundred of those same 3524xl boxes running on
console servers in cisco and have no problems...no special setup either.

Larry Letterman
Cisco Systems
[EMAIL PROTECTED]
- Original Message -
From: "Ed Moss" 
To: 
Sent: Sunday, April 28, 2002 4:50 PM
Subject: Terminal Server to 3542 Switch Access Probelms [7:42802]


> I am having a problem getting a CS-516 to reverse telnet to a 3524XL
Switch.
>
> The 516 is running 10.3(7) and can reverse telnet to routers, a PIX and
VPN
> 3005 with no problem.
> If I move a known good port from say a router to the 3524, it will not
make
> the connection.
>
> If I connect my PC serial port to the switch, it works great... the same
> cable that works with the other devices.
> I have tried several cables (all that work with other devices.. it should
be
> a rolled cable, but I also tried a straight through cable as well). I have
> even tried other ports off the 516.
>
> Is there anything special about the console port, or config on the 3524?
> Flowcontrol - Stop Bits???
>
> Thanks
> Ed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42809&t=42802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Spanning Tree Question [7:42806]

[Larry Letterman]

I dont think stp will work since the netgears dont support spanning tree.
The netgear
switch thats connected to the HP will not be issuing bpdu's to the HP, so
the HP should not
see any spanning tree info from the rest of the network. Any loops in the
netgears will not be
detected by the STP running on the HP.

Larry Letterman
Cisco Systems
[EMAIL PROTECTED]
- Original Message -
From: "Anil Gupte" 
To: 
Sent: Sunday, April 28, 2002 6:50 PM
Subject: Spanning Tree Question [7:42806]


> For spanning tree to work, do all the switches on a network (let us say a
> LAN) have to support or enable Spanning Tree?  That is the general
question.
>
> Specifically, I have an HP Procurve connected to a router, and then a
> Netgear Switch that hooks into one of the ports on the HP.  On the Netgear
> are 3 or 4 more Netgear switches (all of there are simple unmanaged
> switches)and we are pretty sure there are some redundant loops in there -
> especially with two servers that dual NICs that are bound together using
an
> Intel "teaming" driver.  Do I need to turn Spanning Tree on?  It is
> recommended?  Is it even going to work?
>
> Thanx for any input.
> Anil Gupte




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42810&t=42806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NLI Study Guide [7:42812]

[Kris Keen]

All,

Recieved this book today, mind you I paid for it with my arm. This book cant
be had in Australia, express delivery and the book, set me back a nice $220
bucks!

So far, Ive sucked in the Bridging Chapter, very condensed, nice overview
with I believe all you need to know...

Sit the exam in 2weeks, hope to really drill this book over that 2 weeks.

If your doing the old written, get this book. If I believe the explaination
is week, I hit doyle or clarke or similar

Cheers


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42812&t=42812
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]