RE: CISCO 2600 NAT [7:43139]
If you have ACL's applied inbound to your NAT outside interface make sure you explicitly allow outside inbound connections to port 5080. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43205&t=43139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT exam [7:43100]
I agree. I took the CIT on Monday and passed with a score of 824, after really studying for only a week. Anyway a pass is a pass, so now I join the many others on this is list who are CCNP's. I owe a great deal of thanks to those of you who have contributed to this list. - Original Message - From: "D. Tharp" To: Sent: Thursday, May 02, 2002 8:34 AM Subject: RE: CIT exam [7:43100] > This was the last exam I took to finish the CCNP and I found it easier than > I expected. It is helpful to take this exam last because it does have a lot > of material learned in preparing for other exams. To give you an example I > only got a 780 on the routing exam (which I thought was the hardest) and > scored a 931 on the CIT. I just think by the end of my studies I knew much > more about the material and had a much greater understanding for it. If you > take this exam last, you should have a much better time with it. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43204&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A couple of clarifications [7:43127]
Dear subscribers, In defense of Mr. Berkowitz, Ms.Oppenheimer and many others, here's a short story to sum it up... A man died and went to the pearly gates, and the angel said, "Well, Mr. Jones, since you've lived a special life on earth, G~d has asked me to give you special treatment. You will get to choose if you want to go to heaven or hell. Which would you like to visit first?" And Mr.Jones indicated he wanted to get a glimpse of hell first. What he saw was a place filled with misery and pain, and in spite of everyone being gathered around a banquet table, they were all starving. The angel pointed out to him that this was due to the fact that everyone who went to hell was punished by having an extremely long spoon glued to their hands, thus making it impossible to feed themselves. Next stop was heaven, but the scene was very similar to that in hell. There was a huge gathering of people also with a long spoon attached to their hands, yet everyone was enjoying the feast and having a party. The difference was in heaven, they were all feeding each other. Conclusion: If as a subscriber all you want to do is insult other listers or show us your arrogance, it is time that you GET OFF THIS LIST!!! To Howard, Priscilla, and folks like them...we can't thank you enough. Sincerely, Elmer - Original Message - From: "Howard C. Berkowitz" To: Sent: Thursday, May 02, 2002 11:49 AM Subject: A couple of clarifications [7:43127] > I hate to do anything to prolong this unpleasant thread, but a couple > of facts really should be put out. > > 1. I was a regular poster on Groupstudy well before I had any business > relationship with either CertificationZone or Gett. In both cases, I > was contacted by the CEO of each in response to what they had seen of > my posting patterns. > > 2. Gett and Groupstudy have not exchanged one cent. > > 3. Genium has never paid one cent to Gett, although I have a personal > contract > with them. In the interest of rack time rentals, we do have a > partnership > to allow their authors to develop scenarios, and to give their > subscribers > convenient and discounted scenario access. > > 4. We have a similar relationship to IPexpert, although I receive no > compensation from Gett. > > 5. We are investigating other partner relationships. Gettlab (a subsidiary > of Gett, which is an established consultancy and VAR, especially in > healthcare), has a business model of, if you will, selling razor blades > (rack time) rather than selling razors (scenarios). In our consultancy, > we do a good deal of open source work and prefer it. Open source > scenarios, > with value added support, is consistent with the way we've done things > for a long time. > > 6. Paul Borghese and I discussed my posts both regarding scenario design > and free scenarios with a very brief mention of a commercial service > being available. This was meant to be a community service, and by > community I include competitors potentially improving their scenarios. > I did some things recently such as running mini-classes on specific > scenarios, which seemed useful to a number of people, and I expect > to continue to do so. > > 7. I sometimes forget to attach my .sig, but I've never made a secret of > my affiliations. > > 8. I would invite anyone to look at the number of substantive, noncommercial > posts I have made to the list for several years. One of the most vocal > recent critics made his first post on 4/30, and has not made ANY > technical > posts in this calendar year. > > 9. I'm not going to get into a challenge of what my qualifications are or are > not. I am perfectly happy to provide my resume to people with a > legitimate > interest. But as far as certain charges have been made, I suggest people > contact people I've worked with, such as Jeff Doyle, and ask that his > response be posted to the list. I can also document having worked with > some of the figures that I have been charged with not knowing. > > I would much prefer that we get back to what I am told that Rodney > King said after he became a landscaper: "Can't we just get a lawn?" > I intend to make contributions to this list as I have done. Of > course, there's a certain commercial interest, but I never expect to > make a post relating to commercial materials that are not generally > available to the public. But my major motivation is doing what I > think any true professional does: "Pay it forward" with respect to my > own mentors. > -- > "What Problem are you trying to solve?" > ***send Cisco questions to the list, so all can benefit -- not > directly to me*** > > Howard C. Berkowitz [EMAIL PROTECTED] > Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com > Technical Director, CertificationZone.com http://www.certifi
Re: Building a Cisco Lab [7:43072]
The whole 4000 (and M) series? We have a few hundred 4700M routers, and previously 4000 routers (might have been 4000M, I forget). Haven't had too many problems with them that I'm aware of. Of course, they're EoS now, which is a slight problem... JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 03/05/2002 01:25 pm - "CiscoB" Sent by: [EMAIL PROTECTED] 03/05/2002 06:04 am Please respond to "CiscoB" To: [EMAIL PROTECTED] cc: Subject:Re: Building a Cisco Lab [7:43072] Is this part of a business decision process?: Wayne, Ive had nothing but problems with 4000 series modular routers. So many problems, in fact, that I've stopped selling them. Too many hardware failures. Stick with the 2500 series thanks, -Brad Ellis CCIE#5796 (R&S / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net ""Wayne Jang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I see, the token ring version is in less demand and you won't be using the > ethernet/token ring anyway. > > But what about those AGS+ routers. I saw one on ebay for $100. It had 8 > serial ports. What's the drawback to using that for a frame switch? > > > > ""Wayne Jang"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm thinking about buying a 2520 as a frame router. > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43201&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
(4) 2500's For Sale [7:43198]
Hello, I will be listing the following equipment soon on eBay if I don't sell it through here first: (1) 2501 (1) 2503 (1) 2504 (1) 2513 (4) back-to-back Serial Cables (4) sets of router mounting brackets (2) AUI-RJ-45 transceivers (1) 6 port hub Price is negotiable. Contact me at [EMAIL PROTECTED] for more details. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43198&t=43198 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A couple of clarifications [7:43127]
Howard, it is a shame you feel the need to post this. One way to ensure that I will read a thread, is to see that Howard B or Pricilla have contributed, the two of you have been a major contribution to my completing my CCNP and more importantly have lots more valuable input regarding real life situations that have made me a hero at work more than once. You don't need to justify yourself. Anybody who has been on the list for more than a few days should be able to see how much you contribute. Most of us don't care what you affiliations are, all we want you to do is continue sharing your knowledge. So just ignore the "Howard B dosn't have a CCIE" crowd, they speak before they think and don't deserve a reply. Hoping you will continue to contribute Regards Johnny McKenzie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43203&t=43127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Building a Cisco Lab [7:43072]
We have quite a few Cisco 4k and they are pretty reliable. In a year and a half we have only replaced one 4k in our data center, and the only others we have touched are the ones we have deinstalled and replaced with 3600's. I think we have a hundred or so. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Thursday, May 02, 2002 6:23 PM To: [EMAIL PROTECTED] Subject: Re: Building a Cisco Lab [7:43072] >Wayne, > >Ive had nothing but problems with 4000 series modular routers. So many >problems, in fact, that I've stopped selling them. Too many hardware >failures. Stick with the 2500 series > >thanks, >-Brad Ellis >CCIE#5796 (R&S / Security) >[EMAIL PROTECTED] >Cisco home labs: www.optsys.net Brad, I don't doubt your current experience is accurate, but I'm curious. When I was on the road teaching Cisco courses, the 2500's seemed to fail more than the 4000's. Probably the most persistent 4000 problem was one of the ports failing on the dual-Ethernet module. Is there any pattern to what you are seeing? I'm wondering if it's just a mechanical problem with wear on the slot modules, or something else that's aging. Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43197&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Beta [7:43164]
Interesting. As far as the "back" button goes, here's what I remember. Back when, all of the Cisco exams had the back button... (someone correct me, but the CCIE was around before CCNA/NP, etc). At some point (around the time I started taking Cisco exams) they removed the use of the back button from the Cisco Career Certs (CCNA/DA, CCNP/DP exams) because they realized that some of the questions would give away answers that could have been asked in previous questions but they left the back button in the 350-001. AFAIK, they never removed use of the back button for the CCIE written but I am surprised that they didn't remove it in the new incarnation. Good info ... I'm s'posed to take the beta tomorrow. I know MPLS is going to be probably my biggest weak point as I haven't read hardly anything about it but the rest I may have a good chance at doing alright at.. Wish me luck! (pleeze pleeze wish me luck... LOL) Mike W. "Kaminski, Shawn G" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What I found interesting about this exam was that I was able to go back to > previous questions. I can't remember if the 350-001 was like that. I wonder > if all the Cisco beta exams are like that? Another interesting thing was > that they had commands on this test that probably have been used only once > in the history of networking, and that one and only time was on this exam > :-) I thought it was a good test to make people realize that anything > in the Cisco ISO is fair game on the one-day lab. > > Shawn K. > > > -Original Message- > > From: Daniel Lafraia [SMTP:[EMAIL PROTECTED]] > > Sent: Thursday, May 02, 2002 4:28 PM > > To: [EMAIL PROTECTED] > > Subject: CCIE Written Beta [7:43164] > > > > Hello, > > > > I just took the new CCIE Written Beta test. That's really a very hard test > > (everything that we've been hearing about this test is true ). You > > have 180 minutes (I've used 179 minutes and a few seconds! YES, that's > > full > > 3 hours without going to the bathroom ) for 150 questions. It really > > seems that everything in networking is covered in this test. From some > > basic > > questions to the most complex questions about IPX, MPLS, VLAN, BGP, OSPF, > > EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping and > > Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels, IPSec > > and everything else you can think. > > > > I didn't get any "type the command" type of question, altough you may find > > some questions like "what's the command that likely would fix this > > problem". > > Basically more than 60% of these questions have its own lab scenario. > > > > For those who will take this test: Even though that's the new format > > (351-001), you really should take a look at the blueprint for the > > (350-001) > > before taking this test > > http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html > > > > I've used Boson tests CCIE practice test #2, Caslow's book, Routing TCP/IP > > volume I and II, Halabi's book and a lot of reserch on cisco.com :) > > > > Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result :) > > > > cya > > Daniel Lafraia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43200&t=43164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on VPN [7:43110]
Hi anil.. I think it depends upon what is dialing ...Is it a client with a modem or a router dialing. In case it is a client you can go for Cisco secure VPN client and it will automatically creat a VPN connection once it finds interesting traffic for corporate LAN.YOu need to configure your leased line router for this and also you have to decide what you are going to use for ISAKMP negotiation ..You can go for manual keys or Certificates. Cheers! Tribavan Raina Network Consultant TechTonics Group Limited Level 31 Grand Plimmer Tower 2-6 Gilmer Terrace PO Box 11 199 Wellington Ph: +64 4 385 2628 Fax: +64 4 385 2400 www.techtonics.co.nz -Original Message- From: Anil Kumar [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 1:12 AM To: [EMAIL PROTECTED] Subject: Question on VPN [7:43110] Hi All, Need a small clarifcation on VPN. One of the customer is having a Lease Line connection to Internet at the head office and they are having branch offices at remote location.Since being a lease line they have obtained static IP address from ISP. The branch locations will be dialing into the local ISP and all the times the remote locations will be getting dynamic IP address. Since the customer want to have a secure connection through VPN is it possible to attain and establish a IPSEC VPN tunnel between a dialup connection and the lease line router. If so please let me know how the same can be attanied. Thanks in advance. Regards.. Anil Kumar. = Thanks & Regards V Anil Kumar __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43199&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CLNS ? [7:43125]
IS-IS routing of IP is a testable subject. At 11:32 AM 5/2/2002 -0400, Miguel Mitras wrote: >Hi >Can anybody answer this vague question; on the Cisco website it says that >that CLNS OSI is withdrawn from the lab exam. Does this mean that one can >still expect to be tested on CLNS for IP? >Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43151&t=43125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Remote Access and DID [7:43196]
Setting up an AS3640 with one PRI providing dial in/out data only. The telco consultant recommended us to use DID's. I have worked with a few 5200 and 5300's before and have never seen DID in the configuration. I understand how DID works, just wondered if it was really needed for data? If DID is needed, 3 or 4 digits...or does it really matter? TIA, Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43196&t=43196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: route science [7:43131]
I saw this demoed @ InterOp last year...I had my doubts as well. I have never had to tweak BGP to the point of doing it all the time...and that was the sales pitch. Their box will do the work for you. It was a sweet box...doesn't sit inline with traffic so wouldn't be a single point of failure nor degrade speed. They will do a full thirty day eval, if you are truly interested. They can even do a test without providing you the hardware, all you have to do is stick a 1 by 1 pixel on a web page...their equipment remotely will monitor your routes and spit out a report comparing your config to their optimized routes. I have to admit I was intrigued...but for as little as I tweak BGP, 100K wasn't worth it for our size network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of sam sneed Sent: Thursday, May 02, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: route science [7:43131] I received a newsletter about a product that looks interesting. It costs $99,000 though. Has anyone heard any good this about this supposed breakthrough technology. http://www.networkcomputing.com/1305/1305sp1.html I am curious to see if htis is just a hyped up product or a viable solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43193&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
Hi all, Just to be sure for there are 2 books for CIT, may I know which Cisco Press Book is for the CIT exam? Thank you & have a nice weekend. Cheers Steven Quek -Original Message- From: adam lee [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 9:22 AM To: [EMAIL PROTECTED] Subject: RE: CIT exam [7:43100] I just took the exam today after studying for about 30 hours using the cisco press book and the course material. It wasn't that hard but it wasn't that easy because some of the wording got me. Considering what I studied, I expected more in different areas. Oh, well, a pass is a pass. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 3:54 AM To: [EMAIL PROTECTED] Subject: CIT exam [7:43100] I have taken the router, switching and remote access exams, and am about to take the support exam. I have heard from some that the CIT exam is the easiest and I have heard from others that it is one of the hardest. I would like to get the boards perspective on this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43195&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: route science [7:43131]
I saw this demoed @ InterOp last year...I had my doubts as well. I have never had to tweak BGP to the point of doing it all the time...and that was the sales pitch. Their box will do the work for you. It was a sweet box...doesn't sit inline with traffic so wouldn't be a single point of failure nor degrade speed. They will do a full thirty day eval, if you are truly interested. They can even do a test without providing you the hardware, all you have to do is stick a 1 by 1 pixel on a web page...their equipment remotely will monitor your routes and spit out a report comparing your config to their optimized routes. I have to admit I was intrigued...but for as little as I tweak BGP, 100K wasn't worth it for our size network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of sam sneed Sent: Thursday, May 02, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: route science [7:43131] I received a newsletter about a product that looks interesting. It costs $99,000 though. Has anyone heard any good this about this supposed breakthrough technology. http://www.networkcomputing.com/1305/1305sp1.html I am curious to see if htis is just a hyped up product or a viable solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43194&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question [7:43163]
You shouldn't have a problem at all. I have done this a few times, just make sure that both ISP's know you have a multihomed network and what block the other ISP provided. Just like Jason mentioned, it's AS to AS...but we had a situation where the ISP had to add the other ISP's block into an access list. Most of the bigger providers will have a form to fill out, with Sprint and WCOM they ask if you are multihomed and also ask for all of the public blocks You're good with it... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven A. Ridder Sent: Thursday, May 02, 2002 4:28 PM To: [EMAIL PROTECTED] Subject: BGP question [7:43163] Here's a question I can't seem to answer. I came up with a scenario in my head, and now I can't find a solution. Example: I have a dual homed network via BGP. I have ISP 1 and they give me 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the 209.x.x.x for my web servers, mail server, etc, and advertise that back out to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's block. So, now the whole world knows to get to me via ISP 1. Then let's say ISP 1 goes down, how would the world know how to get to me, if they only knew how to get to me Via ISP 1 and it's IP's? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43192&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route science [7:43131]
Sam, I think this was discussed probably couple of month ago on NANOG list. But I am not sure if can find something just based on the product's name from the archives. HTHs Kent ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I received a newsletter about a product that looks interesting. It costs > $99,000 though. Has anyone heard any good this about this supposed > breakthrough technology. > > http://www.networkcomputing.com/1305/1305sp1.html > > I am curious to see if htis is just a hyped up product or a viable solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43191&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switching exam [7:43038]
I guess it depends on who pays for toner and the paper it's printed on. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kaminski, Shawn G Sent: Thursday, May 02, 2002 5:18 PM To: [EMAIL PROTECTED] Subject: RE: switching exam [7:43038] Tim is actually right. Everything you need to pass these exams is free on Cisco's website. The only problem is that the site is so huge, you don't know where to start! Shawn K. > -Original Message- > From: timothy thielen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 3:02 PM > To: [EMAIL PROTECTED] > Subject: RE: switching exam [7:43038] > > You people spend MONEY on certification prep materials? I'm sorry. :-) > > --Tim > > Kaminski, Shawn G wrote: > > > > It's sad, the true signs of brainwashing :-) > > > > I never said anything was wrong with them. The proven track > > record comes > > from the fact that they've done a great job marketing their > > products. Boson > > has quality products, BUT, BUT, BUT, as I've mentioned before, > > there are > > other companies out there that offer materials that are just as > > good if not > > better than Boson and the prices are about 80% cheaper. I would > > mention the > > companies, but I have a financial interest in these companies > > and I'd get > > flamed to death (believe it or not, I also have a financial > > interest in > > Boson/Quizware, but not anywhere near as much as I'd like :-) ) > > You can't > > really blame Boson for their high prices because they have to > > pay a > > percentage to their authors. Plus, like you said, people have > > been > > brainwashed into believing that Boson is the only company out > > there, which > > allows Boson to charge higher prices. > > > > So, look around a little and take a chance on some of these > > other companies. > > Don't worry, no one is going to yell at you for spending less > > money on > > certification materials :-) I'm just trying to save people some > > money while > > at the same time hoping that I make a little, as well! > > > > Shawn K. > > > > > -Original Message- > > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 8:28 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: switching exam [7:43038] > > > > > > Boson worked well for me too, but I hardly consider $40 > > expensive > > > especially > > > given the cost of others. > > > > > > Jon > > > > > > -Original Message- > > > From: Adam Hickey [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 4:22 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: switching exam [7:43038] > > > > > > I don't think I could have gotten through my tests without > > Boson's help - > > > other than being expensive, what is wrong with them? I don't > > think I see a > > > cult here but I do see the proven track record and the > > quality name Boson > > > has developed for themselves. High price is a direct result > > of high demand > > > - > > > simple economics. > > > > > > > > > > > > Adam Hickey > > > [EMAIL PROTECTED] > > > > > > > > > > > > - Original Message - > > > From: "Kaminski, Shawn G" > > > To: > > > Sent: Wednesday, May 01, 2002 3:31 PM > > > Subject: RE: switching exam [7:43038] > > > > > > > > > > Please, people, snap out of the Boson trance. I can't take > > it anymore. > > > :-) > > > I > > > > just had a discussion with Paul Borghese a few days ago > > about how Boson > > > > always gets through the filters but other vendors don't. > > Hopefully, that > > > > will change soon and we'll start to see better and less > > expensive > > > options > > > > come through the list without being filtered. In fact, I > > wonder if this > > > will > > > > make it through the filter since I'm saying something "bad" > > about the > > > Boson > > > > cult? :-) > > > > > > > > Please proceed with flaming, ragging, name calling, tar and > > feathering, > > > etc. > > > > However, one of these days you'll thank me from preventing > > you from > > > getting > > > > that Boson tattoo on your chest ( on the ankle for the > > ladies) :-) > > > > > > > > If you're up for an argument, please email me offline :-) > > > > > > > > Shawn K. > > > > > > > > > -Original Message- > > > > > From: NetEng [SMTP:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, May 01, 2002 5:18 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: switching exam [7:43038] > > > > > > > > > > just took that switching exam: 79 ?'s, 90 minutes and 699 > > to pass. > > > pretty > > > > > easy test, boson's were great as usual. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43190&t=43038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
old news btw ccie lab has 2500's the slowest performing router but allt he money you guys pay hasn't been enough to enable any sort of upgrade so you better study it, Dave >From: "Persio Pucci" >Reply-To: "Persio Pucci" >To: [EMAIL PROTECTED] >Subject: Re: Building a Cisco Lab [7:43072] >Date: Thu, 2 May 2002 18:28:49 -0400 > >By the way... > >I don't know if it is old news (I think not), but I just read at Cisco that >the 2500 has reached it's End Of Sales. (excluding the AS models). > >More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml > >Cheers for this elder soldier of telecommunications, it deserves the >resting. :) > >Persio > >- Original Message - >From: "CiscoB" >To: >Sent: Thursday, May 02, 2002 5:04 PM >Subject: Re: Building a Cisco Lab [7:43072] > > > > Wayne, > > > > Ive had nothing but problems with 4000 series modular routers. So many > > problems, in fact, that I've stopped selling them. Too many hardware > > failures. Stick with the 2500 series > > > > thanks, > > -Brad Ellis > > CCIE#5796 (R&S / Security) > > [EMAIL PROTECTED] > > Cisco home labs: www.optsys.net > > ""Wayne Jang"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I see, the token ring version is in less demand and you won't be using >the > > > ethernet/token ring anyway. > > > > > > But what about those AGS+ routers. I saw one on ebay for $100. It >had >8 > > > serial ports. What's the drawback to using that for a frame switch? > > > > > > > > > > > > ""Wayne Jang"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > I'm thinking about buying a 2520 as a frame router. > > > > > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 >switch. > > > > > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > > > > > Wayne _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43179&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
>Wayne, > >Ive had nothing but problems with 4000 series modular routers. So many >problems, in fact, that I've stopped selling them. Too many hardware >failures. Stick with the 2500 series > >thanks, >-Brad Ellis >CCIE#5796 (R&S / Security) >[EMAIL PROTECTED] >Cisco home labs: www.optsys.net Brad, I don't doubt your current experience is accurate, but I'm curious. When I was on the road teaching Cisco courses, the 2500's seemed to fail more than the 4000's. Probably the most persistent 4000 problem was one of the ports failing on the dual-Ethernet module. Is there any pattern to what you are seeing? I'm wondering if it's just a mechanical problem with wear on the slot modules, or something else that's aging. Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43180&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
I just took the exam today after studying for about 30 hours using the cisco press book and the course material. It wasn't that hard but it wasn't that easy because some of the wording got me. Considering what I studied, I expected more in different areas. Oh, well, a pass is a pass. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 3:54 AM To: [EMAIL PROTECTED] Subject: CIT exam [7:43100] I have taken the router, switching and remote access exams, and am about to take the support exam. I have heard from some that the CIT exam is the easiest and I have heard from others that it is one of the hardest. I would like to get the boards perspective on this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43189&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route science [7:43131]
At 12:07 PM -0400 5/2/02, sam sneed wrote: >I received a newsletter about a product that looks interesting. It costs >$99,000 though. Has anyone heard any good this about this supposed >breakthrough technology. > >http://www.networkcomputing.com/1305/1305sp1.html > >I am curious to see if htis is just a hyped up product or a viable solution. I wish there were a simple answer, but products of this type, BGP-oriented lod balancers for the enterprise side, may be great under some circumstances, neutral in others, and make matters worse in yet others. There's some smart technology involved in this and several similar problems. These products have to make certain assumptions about route stability, how much load shifts from provider to provider, etc., which may or may not hold at a given time, or if the Internet routing system grows in yet another new manner. If you are having BGP load control issues with conventional routing, your first step is probably to discuss it with senior engineers at your ISPs, and/or get a qualified consultant to see if your conventional BGP can be tweaked acceptably. You're certainly going to want good, solid statistics collection to see if any solution is working. Obviously, it's cheaper if you don't have to buy new gear, but it also requires you to have some knowledgeable routing engineers in-house or under reliable contract. The routescience and related products may be an alternative if you don't. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43188&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2504s for sale [7:43187]
I have the following equipment for sale from my Lab study for ISDN. Best offer, buyer pays shipping. If you live in Toronto, these can be delivered. 2 Cisco 2504 (TR, 2 Serial, ISDN) 1 IBM 8228 MAU 2 Token Ring NIC Cables Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43187&t=43187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Test [7:43186]
Test email Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43186&t=43186 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
At 6:28 PM -0400 5/2/02, Persio Pucci wrote: >By the way... > >I don't know if it is old news (I think not), but I just read at Cisco that >the 2500 has reached it's End Of Sales. (excluding the AS models). > >More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml > >Cheers for this elder soldier of telecommunications, it deserves the >resting. :) > >Persio The Queen Mum and the 2500, all too close together. Will there be some sort of formal funeral in San Jose? Perhaps a riderless horse with backward cables in the stirrups? Jets overhead in the "missing packet" formation? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43185&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switching exam [7:43038]
Tim is actually right. Everything you need to pass these exams is free on Cisco's website. The only problem is that the site is so huge, you don't know where to start! Shawn K. > -Original Message- > From: timothy thielen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 3:02 PM > To: [EMAIL PROTECTED] > Subject: RE: switching exam [7:43038] > > You people spend MONEY on certification prep materials? I'm sorry. :-) > > --Tim > > Kaminski, Shawn G wrote: > > > > It's sad, the true signs of brainwashing :-) > > > > I never said anything was wrong with them. The proven track > > record comes > > from the fact that they've done a great job marketing their > > products. Boson > > has quality products, BUT, BUT, BUT, as I've mentioned before, > > there are > > other companies out there that offer materials that are just as > > good if not > > better than Boson and the prices are about 80% cheaper. I would > > mention the > > companies, but I have a financial interest in these companies > > and I'd get > > flamed to death (believe it or not, I also have a financial > > interest in > > Boson/Quizware, but not anywhere near as much as I'd like :-) ) > > You can't > > really blame Boson for their high prices because they have to > > pay a > > percentage to their authors. Plus, like you said, people have > > been > > brainwashed into believing that Boson is the only company out > > there, which > > allows Boson to charge higher prices. > > > > So, look around a little and take a chance on some of these > > other companies. > > Don't worry, no one is going to yell at you for spending less > > money on > > certification materials :-) I'm just trying to save people some > > money while > > at the same time hoping that I make a little, as well! > > > > Shawn K. > > > > > -Original Message- > > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 8:28 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: switching exam [7:43038] > > > > > > Boson worked well for me too, but I hardly consider $40 > > expensive > > > especially > > > given the cost of others. > > > > > > Jon > > > > > > -Original Message- > > > From: Adam Hickey [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 4:22 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: switching exam [7:43038] > > > > > > I don't think I could have gotten through my tests without > > Boson's help - > > > other than being expensive, what is wrong with them? I don't > > think I see a > > > cult here but I do see the proven track record and the > > quality name Boson > > > has developed for themselves. High price is a direct result > > of high demand > > > - > > > simple economics. > > > > > > > > > > > > Adam Hickey > > > [EMAIL PROTECTED] > > > > > > > > > > > > - Original Message - > > > From: "Kaminski, Shawn G" > > > To: > > > Sent: Wednesday, May 01, 2002 3:31 PM > > > Subject: RE: switching exam [7:43038] > > > > > > > > > > Please, people, snap out of the Boson trance. I can't take > > it anymore. > > > :-) > > > I > > > > just had a discussion with Paul Borghese a few days ago > > about how Boson > > > > always gets through the filters but other vendors don't. > > Hopefully, that > > > > will change soon and we'll start to see better and less > > expensive > > > options > > > > come through the list without being filtered. In fact, I > > wonder if this > > > will > > > > make it through the filter since I'm saying something "bad" > > about the > > > Boson > > > > cult? :-) > > > > > > > > Please proceed with flaming, ragging, name calling, tar and > > feathering, > > > etc. > > > > However, one of these days you'll thank me from preventing > > you from > > > getting > > > > that Boson tattoo on your chest ( on the ankle for the > > ladies) :-) > > > > > > > > If you're up for an argument, please email me offline :-) > > > > > > > > Shawn K. > > > > > > > > > -Original Message- > > > > > From: NetEng [SMTP:[EMAIL PROTECTED]] > > > > > Sent: Wednesday, May 01, 2002 5:18 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: switching exam [7:43038] > > > > > > > > > > just took that switching exam: 79 ?'s, 90 minutes and 699 > > to pass. > > > pretty > > > > > easy test, boson's were great as usual. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43184&t=43038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Beta [7:43164]
What I found interesting about this exam was that I was able to go back to previous questions. I can't remember if the 350-001 was like that. I wonder if all the Cisco beta exams are like that? Another interesting thing was that they had commands on this test that probably have been used only once in the history of networking, and that one and only time was on this exam :-) I thought it was a good test to make people realize that anything in the Cisco ISO is fair game on the one-day lab. Shawn K. > -Original Message- > From: Daniel Lafraia [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 4:28 PM > To: [EMAIL PROTECTED] > Subject: CCIE Written Beta [7:43164] > > Hello, > > I just took the new CCIE Written Beta test. That's really a very hard test > (everything that we've been hearing about this test is true ). You > have 180 minutes (I've used 179 minutes and a few seconds! YES, that's > full > 3 hours without going to the bathroom ) for 150 questions. It really > seems that everything in networking is covered in this test. From some > basic > questions to the most complex questions about IPX, MPLS, VLAN, BGP, OSPF, > EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping and > Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels, IPSec > and everything else you can think. > > I didn't get any "type the command" type of question, altough you may find > some questions like "what's the command that likely would fix this > problem". > Basically more than 60% of these questions have its own lab scenario. > > For those who will take this test: Even though that's the new format > (351-001), you really should take a look at the blueprint for the > (350-001) > before taking this test > http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html > > I've used Boson tests CCIE practice test #2, Caslow's book, Routing TCP/IP > volume I and II, Halabi's book and a lot of reserch on cisco.com :) > > Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result :) > > cya > Daniel Lafraia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43183&t=43164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO 2600 NAT [7:43139]
is the service port 5080 started on the server ? ""jc theard"" Hello all, > > I'm trying to configure NAT on a CISCO 2621. I managed to configure it > basicaly but I want to use overloading and there is my problem. > As shown below I try to specify a route to the right server for port 80 and > port 5080. For the port 80, everythg is going well but I can't reach port > 5080. Is there any thing to take into account for non-standard ports? > > "ip nat inside source static tcp 192.168.99.100 80 195.246.218.181 80" > "ip nat inside source static tcp 192.168.99.102 5080 195.246.218.181 5080" > > Thank you for your help > > JC Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43182&t=43139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: To The Experts and Gurus [7:42996]
Theo, I'm afraid that all PIL's are also Future CCGP's and therefore are extremely adept at getting through any PIX or ACL. They will also generate numerous spams requesting information on how much longer they have to wait before they can take the CCGP practical exam. Learn to live with it. :) Prof. Tom Lisa, CCAI, CCGP Community College of Southern Nevada Cisco ATC/Regional Networking Academy [EMAIL PROTECTED] wrote: > Cool!!! > > Hey I just got married. Do you know any CCMC- Cisco Certified Marriage > Counselors? > > And for the parents-in-law...how do I config the PIX to deny them access? > How about an ACL or an ability to route their airplane to China when they > come and visit? > > Thanks, > > Theo, > CSS1, CCNP > > "Tom Lisa" > Sent by: [EMAIL PROTECTED] > 05/02/2002 07:03 AM > Please respond to "Tom Lisa" > > > To: [EMAIL PROTECTED] > cc: > Subject:Re: To The Experts and Gurus [7:42996] > > John, > > I couldn't agree with you more. In fact, I don't think you have gone far > enough. I would tar & feather all posters who fail to remain ON TOPIC!! > Especially, those posts beginning with "I have a customer.!" BTW, I > am a CCGP (Cisco Certified Grand Parent) in child rearing and will be > happy to provide you with all the advise you need. > > HTH, > Prof. Tom Lisa, CCAI > Community College of Southern Nevada > Cisco ATC/Regional Networking Academy > (P.S. Just kidding folks) :) > > John Neiberger wrote: > > > I've been noticing a growing trend on the list for several months now > > and I'm hoping to start some discussion and perhaps alleviate this > > particular issue. > > > > As everyone knows we have a fair number of true, guru-level experts > > that participate in the list and provide a wealth of excellent > > networking knowledge. However, very often this isn't Cisco-specific and > > as such is not of much value and it really seems to irritate other > > members of the list who understand that the only topics worth studying > > are Cisco-related. > > > > To make matters even worse, many of these so-called experts aren't even > > Cisco certified!! I was under the impression that to be a true expert > > one must have attained the CCIE certification, or at least CCNP with > > multiple specializations. How can we trust your advice if you we don't > > see those initials in your email sigs?? > > > > Participation on the list by these sorts of experts, regardless of > > there vast experience and knowledge, causes excessive distress to > > certain list members. In order to show more tolerance toward the easily > > annoyed, perhaps we should consider only allowing CCIEs to answer posts. > > I'm sure others would agree that this would solve this problem. We > > must find a way to prune the non-certified from our ranks. > > > > Regards, > > > > John advice unless you've passed some sort of parenting certification. > > Thanks.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43181&t=42996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
Thanks Brad. I'll consider your input. ""CiscoB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Wayne, > > Ive had nothing but problems with 4000 series modular routers. So many > problems, in fact, that I've stopped selling them. Too many hardware > failures. Stick with the 2500 series > > thanks, > -Brad Ellis > CCIE#5796 (R&S / Security) > [EMAIL PROTECTED] > Cisco home labs: www.optsys.net > ""Wayne Jang"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I see, the token ring version is in less demand and you won't be using the > > ethernet/token ring anyway. > > > > But what about those AGS+ routers. I saw one on ebay for $100. It had 8 > > serial ports. What's the drawback to using that for a frame switch? > > > > > > > > ""Wayne Jang"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I'm thinking about buying a 2520 as a frame router. > > > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > > > Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43172&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
By the way... I don't know if it is old news (I think not), but I just read at Cisco that the 2500 has reached it's End Of Sales. (excluding the AS models). More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml Cheers for this elder soldier of telecommunications, it deserves the resting. :) Persio - Original Message - From: "CiscoB" To: Sent: Thursday, May 02, 2002 5:04 PM Subject: Re: Building a Cisco Lab [7:43072] > Wayne, > > Ive had nothing but problems with 4000 series modular routers. So many > problems, in fact, that I've stopped selling them. Too many hardware > failures. Stick with the 2500 series > > thanks, > -Brad Ellis > CCIE#5796 (R&S / Security) > [EMAIL PROTECTED] > Cisco home labs: www.optsys.net > ""Wayne Jang"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I see, the token ring version is in less demand and you won't be using the > > ethernet/token ring anyway. > > > > But what about those AGS+ routers. I saw one on ebay for $100. It had 8 > > serial ports. What's the drawback to using that for a frame switch? > > > > > > > > ""Wayne Jang"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I'm thinking about buying a 2520 as a frame router. > > > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > > > Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43167&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Running routing protocols on Windows [7:43124]
At 11:28 AM -0400 5/2/02, John Dorffler wrote: >Does anybody know whether there is software available somewhere that lets >you run IP routing protocols on a Windows computer? I know that Windows 2000 >supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something >that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be >useful if you needed to inject routes into a lab environment when a spare >router is not available. > >Thank you, >John Dorffler >CCIE #6677 Let me answer a little indirectly. I forget the name of it, but Microsoft does have a licensed port of Bay RS, which at least runs RIP and OSPF. The Bay software does support BGP, but I don't know if Microsoft's implementation does. If you're willing to use the PC with *NIX, you have some major alternatives. There is the Multithreaded Routing Toolkit (MRT) and old versions of GateD at www.merit.edu. There is GNU Zebra at www.zebra.org. Last time I looked, these both supported RIP, OSPF, ISIS, and BGP. Might be some multicast. There are commercial-grade versions of both: see www.nexthop.com and www.ipinfusion.com. These are apt to have more recent stuff such as traffic engineering extensions, MPLS, etc. Most of the early development was on NetBSD, but you're pretty safe assuming they will run on Linux or FreeBSD. Of the two, I most recently used Zebra, which has a command language more Cisco-like than GateD, which is Juniper-like (there's a fair bit of GateD tradition in JunOS heritage). At the time, Zebra's BGP was probably a little stranger than GateD, but both have pros and cons. Merit also has something called BGPsim, which specifically generates BGP updates but is not a BGP routing process -- it lets you do things, however, such as generating bad routes or arbitrary AS paths. I should be working with Zebra and BGPsim in the next couple of weeks to set up an Internet simulator, along with routers. I'll have more recent data then. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43178&t=43124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Public BGP Peering [7:43175]
I am. Get with me off line. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Thomas Crowe"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is anyone on the list interested in setting up > public BGP sessions, for training purposes? > > > __ > > Thomas Crowe > Senior Systems Engineer / Senior Architect > EMC Proven Master Architect > CTS Professional Services - Atlanta > __ > > [GroupStudy.com removed an attachment of type text/x-vcard which had a name > of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43177&t=43175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Definition of terms... Do you know the answer?? [7:43090]
I got cut off again! > >The example is the following. > >host1%> rsh host2 sort > > Your example just executes sort on host2. Why is that considered half > closed and what is host2 sorting? I could see that there might be a case > where you would tell another host to sort something and then you would > consider yourself finished. But you might be waiting for feedback that the > sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state > and still receive a message that says the sort worked. Perhaps it's the actual command was host1#> rsh host2 sort < datafile where rsh copies datafile to the connection , and copies form the connection to standard output. when EOF is reached on the input (datafile) host1 performs a half close on the TCP connection. the host2 sorts the file and writes it to the TCP connection. host1 reads its end of the TCP connection, copying the file to standard otuput (terminal). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43176&t=43090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Public BGP Peering [7:43175]
Is anyone on the list interested in setting up public BGP sessions, for training purposes? __ Thomas Crowe Senior Systems Engineer / Senior Architect EMC Proven Master Architect CTS Professional Services - Atlanta __ [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43175&t=43175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Definition of terms... Do you know the answer?? [7:43090]
> >The example is the following. > >host1%> rsh host2 sort > > Your example just executes sort on host2. Why is that considered half > closed and what is host2 sorting? I could see that there might be a case > where you would tell another host to sort something and then you would > consider yourself finished. But you might be waiting for feedback that the > sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state > and still receive a message that says the sort worked. Perhaps it's > something like that. I'm sorry the end of that command got cut off. The example was: host1%> rsh host2 sort wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 01:44 PM 5/2/02, sam sneed wrote: > >Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated. > >Reading this post I get the assumption that data can not be sent sent in > >either direction when a connection is half-closed. > > The RFC doesn't mention a "half-closed" state, but it does say that in the > FIN-WAIT-1 state, a host can still receive data. FIN-WAIT-1 means this side > has sent a FIN and is awaiting an ACK and FIN from the other side. I > suppose this could be called "half closed." > > >This contradicts what I > >read in TCP/IP Ilustrated by stevens p.238-239. There he explains an example > >when a connection is half-closed and data is still sent to the side that > >closed the connection. > > > >The example is the following. > >host1%> rsh host2 sort > > Your example just executes sort on host2. Why is that considered half > closed and what is host2 sorting? I could see that there might be a case > where you would tell another host to sort something and then you would > consider yourself finished. But you might be waiting for feedback that the > sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state > and still receive a message that says the sort worked. Perhaps it's > something like that. > > Priscilla > > >wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 11:08 AM 5/2/02, Mark Odette II wrote: > > > >Tamas- Thank you for your reply. > > > > > > > >Could you or anyone else explain in more indepth terms what is or what > > > >causes a Half-Closed TCP session?? > > > > > > There are a number of states that a TCP connection can be in per the RFC > > > for TCP (793). "Half-closed" is not one of them, however... But my guess > >is > > > that "half-closed" refers to the state that the RFC would call > >"half-open." > > > An established connection is said to be "half-open" if one of the sides > >has > > > closed or aborted the connection at its end without the knowledge of the > > > other, or if the two ends of the connection have become desynchronized > > > because of a crash. Such connections will automatically become reset if > >an > > > attempt is made to send data in either direction. > > > > > > Another possibility is that "half-closed" refers to one of the states > that > > > occurs at the normal end of a session: > > > > > > FIN-WAIT-1 - represents waiting for a connection termination request from > > > the remote TCP, or an acknowledgment of the connection termination > request > > > previously sent. > > > > > > FIN-WAIT-2 - represents waiting for a connection termination request from > > > the remote TCP. > > > > > > CLOSE-WAIT - represents waiting for a connection termination request from > > > the local user. > > > > > > CLOSING - represents waiting for a connection termination request > > > acknowledgment from the remote TCP. > > > > > > These states (and the half-open state) should be temporary, but if they > > > aren't, then they can leave a host slightly vulnerable to attack. The > host > > > may use up resources that it really no longer needs. > > > > > > I know this is a lot of theory to throw at you, but hopefully it will > > > relate somehow to your problem. ;-) For even more info about the TCP > > > states, see RFC 793. > > > > > > Priscilla > > > > > > > > > > > > >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP > > > >connections between two nodes, such as a Windows workstation running an > > > >application to connect to a Server Application Server, and the > connectios > > > >are between specific and random ports above 1024 simultaneously!?! Do I > > > >understand that correctly? > > > > > > > > > > > >I'm sure our famous question is starting to surface in many folks' > minds: > > > >"What problem are you trying to solve?" > > > > > > > >That problem is with users on workstations at remote locations > connecting > >to > > > >an application server (located at the other end of a PIX-to-PIX VPN > >Tunnel > > > >at the "main" office) and at random, they get disconnected from the > > > >server... but Internet access continues to work at the same time. In > >short, > > > >it appears that there is something happening with sessions across the > VPN > > > >tunnel for users that go idle for a varying window of time. Just > >yesterda
Re: Definition of terms... Do you know the answer?? [7:43090]
At 01:44 PM 5/2/02, sam sneed wrote: >Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated. >Reading this post I get the assumption that data can not be sent sent in >either direction when a connection is half-closed. The RFC doesn't mention a "half-closed" state, but it does say that in the FIN-WAIT-1 state, a host can still receive data. FIN-WAIT-1 means this side has sent a FIN and is awaiting an ACK and FIN from the other side. I suppose this could be called "half closed." >This contradicts what I >read in TCP/IP Ilustrated by stevens p.238-239. There he explains an example >when a connection is half-closed and data is still sent to the side that >closed the connection. > >The example is the following. >host1%> rsh host2 sort Your example just executes sort on host2. Why is that considered half closed and what is host2 sorting? I could see that there might be a case where you would tell another host to sort something and then you would consider yourself finished. But you might be waiting for feedback that the sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state and still receive a message that says the sort worked. Perhaps it's something like that. Priscilla >wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 11:08 AM 5/2/02, Mark Odette II wrote: > > >Tamas- Thank you for your reply. > > > > > >Could you or anyone else explain in more indepth terms what is or what > > >causes a Half-Closed TCP session?? > > > > There are a number of states that a TCP connection can be in per the RFC > > for TCP (793). "Half-closed" is not one of them, however... But my guess >is > > that "half-closed" refers to the state that the RFC would call >"half-open." > > An established connection is said to be "half-open" if one of the sides >has > > closed or aborted the connection at its end without the knowledge of the > > other, or if the two ends of the connection have become desynchronized > > because of a crash. Such connections will automatically become reset if >an > > attempt is made to send data in either direction. > > > > Another possibility is that "half-closed" refers to one of the states that > > occurs at the normal end of a session: > > > > FIN-WAIT-1 - represents waiting for a connection termination request from > > the remote TCP, or an acknowledgment of the connection termination request > > previously sent. > > > > FIN-WAIT-2 - represents waiting for a connection termination request from > > the remote TCP. > > > > CLOSE-WAIT - represents waiting for a connection termination request from > > the local user. > > > > CLOSING - represents waiting for a connection termination request > > acknowledgment from the remote TCP. > > > > These states (and the half-open state) should be temporary, but if they > > aren't, then they can leave a host slightly vulnerable to attack. The host > > may use up resources that it really no longer needs. > > > > I know this is a lot of theory to throw at you, but hopefully it will > > relate somehow to your problem. ;-) For even more info about the TCP > > states, see RFC 793. > > > > Priscilla > > > > > > > > >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP > > >connections between two nodes, such as a Windows workstation running an > > >application to connect to a Server Application Server, and the connectios > > >are between specific and random ports above 1024 simultaneously!?! Do I > > >understand that correctly? > > > > > > > > >I'm sure our famous question is starting to surface in many folks' minds: > > >"What problem are you trying to solve?" > > > > > >That problem is with users on workstations at remote locations connecting >to > > >an application server (located at the other end of a PIX-to-PIX VPN >Tunnel > > >at the "main" office) and at random, they get disconnected from the > > >server... but Internet access continues to work at the same time. In >short, > > >it appears that there is something happening with sessions across the VPN > > >tunnel for users that go idle for a varying window of time. Just >yesterday, > > >I was reported that at one of the remote locations (and there are 3, >which > > >all suffer the same exact problem), one user "worked straight through >lunch, > > >while everyone else who used the same application went to lunch. End >result > > >was that the continuous worker did not get "kicked" out of the system, >but > > >all the other users that left the application open and when to lunch >did." > > > > > >So, I'm trying to chase down what the issue might be, short of putting a > > >Sniffer at the main location to see if I can identify the problem there. >I > > >suspect that there is something I need to adjust with the Timeout >settings > > >on the PIX, but did not want to make changes without understanding the > > >pros/cons/implications of what I was doing. > > > > > >Unfortunately, the PIX Command Reference for 6.1, CCO, and most of >Tamas's > >
Re: 2 interesting questions on DLSW + [7:43041]
according to my understanding , it applies ring-list. Rahul Mehta ""William Lijewski"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have two questions about DLSW + that I could use some explainations for. > I would greatly appreciate any feedback you may have. > > 1) When you are doing DLSW Lite across the Frame Relay why is it necessary > to map the LLC2 across the frame when you are not using passthrough? I can > undertand it when you do specify the passthrough command, but without it I'm > kind of confused? (is it because there is no other mode of transport across > the frame since its encapsulating it in the frame packets) > > 2) Here is one that you will probably never get, but there are a couple of > us trying to figure this one out and can't find any documentation on it. > Okay, say you have the following lists set up for DLSW: > > dlsw ring-list 1 rings 1 2 > dlsw port-list 1 s0 > dlsw bgroup-list 1 bgroups 1 3 > > and then you do a command: > > dlsw remote-peer 1 tcp 1.1.1.1 > > Which list does it actually apply to the remote peer? Does it apply all of > them? The 1st one? Anyone know for sure? > > Thanks and sorry for the rather long post. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43171&t=43041 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question [7:43163]
Actually ISP2 will advertise ISP1's addresses for you, but you aren't just advertised as a block of addresses but as an AS. As long as you have your AS from ARIN this is no problem. -Original Message- From: lafraia [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 3:36 PM To: cisco Cc: lafraia Subject: Re: BGP question [7:43163] AFAIK, they couldn't. In this case you would have to apply for your own independent range of addresses and ISP1 and ISP2 would have to advertise these routes for you. In this case you would use communities, med, as_path prepend and other stuff to influence the incoming traffic. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's a question I can't seem to answer. I came up with a scenario in my > head, and now I can't find a solution. > > Example: I have a dual homed network via BGP. I have ISP 1 and they give me > 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the > 209.x.x.x for my web servers, mail server, etc, and advertise that back out > to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. > I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's > block. So, now the whole world knows to get to me via ISP 1. Then let's > say ISP 1 goes down, how would the world know how to get to me, if they only > knew how to get to me Via ISP 1 and it's IP's? > > -- > RFC 1149 Compliant > > Get in my head: > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43170&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:43163]
If you don't advertise reachability, you aren't reachable. You should however be able to get one ISP to allow the other to route its space. Otherwise, you're looking at getting some PI space, multihoming to the same ISP, or using some load balancing tools to handle things via dns. Pete At 04:28 PM 5/2/2002 -0400, Steven A. Ridder wrote: >Here's a question I can't seem to answer. I came up with a scenario in my >head, and now I can't find a solution. > >Example: I have a dual homed network via BGP. I have ISP 1 and they give me >209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the >209.x.x.x for my web servers, mail server, etc, and advertise that back out >to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. >I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's >block. So, now the whole world knows to get to me via ISP 1. Then let's >say ISP 1 goes down, how would the world know how to get to me, if they only >knew how to get to me Via ISP 1 and it's IP's? > >-- >RFC 1149 Compliant > >Get in my head: >http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43169&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
No, that's not the case. If you think of it visually, INTERNET->ROUTER->INTERFACE->ACL->LAN Then you will see that the internet can still access the interface, and it's address. Because really, you are pinging the router, not the interface or the LAN. On Thu, 2002-05-02 at 14:22, Michael Williams wrote: > Jay, > > Thanks for your input. But shouldn't ACL keep anything from other VLANs > from even pinging the gateway IP of VLAN511? > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43168&t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:43163]
In this scenario it wouldn't matter who assigned the addresses to you. You will be advertising those addresses via BGP to both ISPs, who in turn should propagate those advertisements. I believe there are situations where ISP2 would need some sort of verification from ISP1 that it's okay to advertise that block but I'm not aware of the details. An interesting situation that can occur is when the ISP who assigned your addresses doesn't advertise your specific addresses but instead aggregates them. Because the second ISP will be advertise a more-specific match the whole world will try to reach you through ISP2. So, it's important to verify that all of your ISPs are advertising your specific addresses. That's more than what you asked, but I've been rambling a lot lately. John >>> "Steven A. Ridder" 5/2/02 2:28:04 PM >>> Here's a question I can't seem to answer. I came up with a scenario in my head, and now I can't find a solution. Example: I have a dual homed network via BGP. I have ISP 1 and they give me 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the 209.x.x.x for my web servers, mail server, etc, and advertise that back out to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's block. So, now the whole world knows to get to me via ISP 1. Then let's say ISP 1 goes down, how would the world know how to get to me, if they only knew how to get to me Via ISP 1 and it's IP's? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43166&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Beta [7:43164]
Hello, I just took the new CCIE Written Beta test. That's really a very hard test (everything that we've been hearing about this test is true ). You have 180 minutes (I've used 179 minutes and a few seconds! YES, that's full 3 hours without going to the bathroom ) for 150 questions. It really seems that everything in networking is covered in this test. From some basic questions to the most complex questions about IPX, MPLS, VLAN, BGP, OSPF, EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping and Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels, IPSec and everything else you can think. I didn't get any "type the command" type of question, altough you may find some questions like "what's the command that likely would fix this problem". Basically more than 60% of these questions have its own lab scenario. For those who will take this test: Even though that's the new format (351-001), you really should take a look at the blueprint for the (350-001) before taking this test http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html I've used Boson tests CCIE practice test #2, Caslow's book, Routing TCP/IP volume I and II, Halabi's book and a lot of reserch on cisco.com :) Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result :) cya Daniel Lafraia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43164&t=43164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:43163]
AFAIK, they couldn't. In this case you would have to apply for your own independent range of addresses and ISP1 and ISP2 would have to advertise these routes for you. In this case you would use communities, med, as_path prepend and other stuff to influence the incoming traffic. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's a question I can't seem to answer. I came up with a scenario in my > head, and now I can't find a solution. > > Example: I have a dual homed network via BGP. I have ISP 1 and they give me > 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the > 209.x.x.x for my web servers, mail server, etc, and advertise that back out > to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. > I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's > block. So, now the whole world knows to get to me via ISP 1. Then let's > say ISP 1 goes down, how would the world know how to get to me, if they only > knew how to get to me Via ISP 1 and it's IP's? > > -- > RFC 1149 Compliant > > Get in my head: > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43165&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP question [7:43163]
Here's a question I can't seem to answer. I came up with a scenario in my head, and now I can't find a solution. Example: I have a dual homed network via BGP. I have ISP 1 and they give me 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the 209.x.x.x for my web servers, mail server, etc, and advertise that back out to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's block. So, now the whole world knows to get to me via ISP 1. Then let's say ISP 1 goes down, how would the world know how to get to me, if they only knew how to get to me Via ISP 1 and it's IP's? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43163&t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Urgent help Please! [7:43084]
At 12:19 AM -0400 5/2/02, [EMAIL PROTECTED] wrote: >Hi ! All, > >Can any one please break this password? > >enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1 > >Thanks in advance. > >=== >WARNING > This message may contain information that is confidential > and may be subject to the provisions of section 61A of the > Police Act 1958, which creates an offence to have unlawful > possession of Police documents. If you are not the > intended recipient of this message or have received > this message in error, you must not peruse, use, pass or > copy this message or any of its contents. > > Also note, the views expressed in this message may not > necessarily reflect those of the New Zealand Police. > It would be extremely legally risky for anyone to break a password without knowing why it is to be broken, the requester has the authority, etc. Since you are posting from an apparent government account, I suggest you contact the US Embassy and ask for the Legal Attache, who is an FBI agent. The FBI does offer cryptanalytic support to law enforcement organizations. It has a fair capability of its own, or may go to NSA when needed. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43161&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP update-source question [7:43043]
That's the weird thing. I don't see it in the routing table even with a route to the 4.4.4.0/30 network. RouterB#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 2.2.2.1 to network 0.0.0.0 102.0.0.0/25 is subnetted, 1 subnets B 102.102.102.0 [20/0] via 2.2.2.1, 21:29:29 103.0.0.0/25 is subnetted, 1 subnets D EX103.103.103.0 [170/2297856] via 3.3.3.1, 21:29:47, Serial0 2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D EX2.2.2.0/30 [170/2681856] via 3.3.3.1, 21:29:47, Serial0 D EX2.2.2.1/32 [170/2681856] via 3.3.3.1, 21:29:47, Serial0 3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D 3.0.0.0/8 is a summary, 21:29:48, Null0 C 3.3.3.0/30 is directly connected, Serial0 101.0.0.0/25 is subnetted, 1 subnets B 101.101.101.0 [20/0] via 2.2.2.1, 21:29:29 4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 4.4.4.0/30 is directly connected, Serial1 C 4.4.4.2/32 is directly connected, Serial1 C192.168.254.0/24 is directly connected, Ethernet0 104.0.0.0/25 is subnetted, 1 subnets C 104.104.104.0 is directly connected, Loopback0 B* 0.0.0.0/0 [20/0] via 2.2.2.1, 21:29:30 RouterB#show ip bgp BGP table version is 5, local router ID is 104.104.104.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *> 0.0.0.0 2.2.2.10 65000 i * i101.101.101.0/25 5.5.5.2 0100 0 65000 i *> 2.2.2.10 65000 i * i102.102.102.0/25 5.5.5.2 0100 0 65000 i *> 2.2.2.1 0 0 65000 i *> 104.104.104.0/25 0.0.0.0 0 32768 i * i105.105.105.0/25 4.4.4.2 0100 0 i ""Kane, Christopher A."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Wouldn't it be because the IP address you see in your BGP table is indeed > the next-hop. If you instead look at a specific route "sh ip rou x.x.x.x" I > would think you would see the BGP neig as you have listed (loopback1's ip > address) and then the router has to do a recursive-lookup to find out how to > get to that loopback address. > > -chris > > > -Original Message- > > From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 6:12 PM > > To: [EMAIL PROTECTED] > > Subject: Re: BGP update-source question [7:43043] > > > > > > Did you restart BGP? > > > > -- > > > > RFC 1149 Compliant. > > Get in my head: > > http://sar.dynu.com > > > > > > ""Daniel Lafraia"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello, > > > > > > How come I see the interface address in the "show ip bgp" if I've > > > specified an update-source for a neighbor? > > > > > > Thanks! > > > Daniel > > > > > > Here is the config: > > > > > > RouterA > > > interface Loopback0 > > > ip address 105.105.105.1 255.255.255.128 > > > interface Loopback1 > > > ip address 41.41.41.1 255.255.255.255 > > > interface Serial0 > > > ip address 4.4.4.2 255.255.255.252 > > > router bgp 55000 > > > no synchronization > > > network 105.105.105.0 mask 255.255.255.128 > > > neighbor 4.4.4.1 remote-as 55000 > > > neighbor 4.4.4.1 update-source Loopback1 > > > > > > RouterB > > > interface Loopback0 > > > ip address 104.104.104.1 255.255.255.128 > > > interface Serial1 > > > ip address 4.4.4.1 255.255.255.252 > > > clockrate 64000 > > > router bgp 55000 > > > network 104.104.104.0 mask 255.255.255.128 > > > neighbor 4.4.4.2 remote-as 55000 > > > > > > -- > > > Please ignore other updates, these are other stuff I have > > in my lab :) > > > -- > > > > > > RouterA#show ip bgp > > > BGP table version is 42, local router ID is 105.105.105.1 > > > Status codes: s suppressed, d damped, h history, * valid, > > > best, i - > > > internal > > > Origin codes: i - IGP, e - EGP, ? - incomplete > > > > > >Network Next Hop Metric LocPrf Weight Path > > > * i0.0.0.0 2.2.2.1 100 0 65000 i > > > * i101.101.101.0/25 2.2.2.1 100 0 65000 i > > > *> 5.5.5.20 0 65000 i > > > * i102.102.
Re: Building a Cisco Lab [7:43072]
Wayne, Ive had nothing but problems with 4000 series modular routers. So many problems, in fact, that I've stopped selling them. Too many hardware failures. Stick with the 2500 series thanks, -Brad Ellis CCIE#5796 (R&S / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net ""Wayne Jang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I see, the token ring version is in less demand and you won't be using the > ethernet/token ring anyway. > > But what about those AGS+ routers. I saw one on ebay for $100. It had 8 > serial ports. What's the drawback to using that for a frame switch? > > > > ""Wayne Jang"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm thinking about buying a 2520 as a frame router. > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43134&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent help Please! [7:43084]
I'm glad someone else feels that way. Talk about opening yourself up for trouble... --Tim Gragido,William wrote: > > Members, > > This is a problem. I feel that is not only inappropriate for > someone to > solicit the aide of this board and its subscribers in order to > crack > passwords, its unethical and potentially illegal. No offense > Ravi, but this > is unacceptable given to current state of legislation regarding > Information > Security. Paul, its your call and as such, I will leave it to > your > discretion, however there are clear problems with this. > > Regards, > > Will Gragido > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, May 01, 2002 11:19 PM > To: [EMAIL PROTECTED] > Subject: Urgent help Please! [7:43084] > > > Hi ! All, > > Can any one please break this password? > > enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1 > > Thanks in advance. > > === > WARNING > This message may contain information that is confidential > and may be subject to the provisions of section 61A of the > Police Act 1958, which creates an offence to have unlawful > possession of Police documents. If you are not the > intended recipient of this message or have received > this message in error, you must not peruse, use, pass or > copy this message or any of its contents. > > Also note, the views expressed in this message may not > necessarily reflect those of the New Zealand Police. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43155&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Some free scenarios and tutorials (slight corr [7:43146]
Peter... if you are so concerned with SPAM, why do you use a Hotmail Account to communicate on the Internet?!?! You're not going to tell me that you have successfully B!tched out the admins of the Hotmail servers for allowing all that CRAP that shows up on a weekly (sometimes daily) basis about "how to make $5000-$15000 a week with your own home business", or the annoying porn solicitations that we are all flooded with regularly! I know this is beside the point, but gimme a break! SPAM!?! As far as CCBootCamp, or any of the others that were affiliated with such offering systems..., I may be wrong, but I've been on reading this list for two years now, and wise-cracks like you RAN them off, rather than them being filtered. Brad Ellis, Marc Russel, and several others used to get similar flack, and now they simply don't participate anymore. Go figure... someone like you makes it even more difficult to weed through the search engine results to find Human Oppinions on who has the most fair or greatest deal on Cisco Certification prep materials... whether it's hardware for the "home lab", or "paper practice labs", or racktime Also, as far as credibility goes... there are PH.Ds out there that call themselves Doctors... but that doesn't mean EVERY ONE OF THEM know Internal Medicine or other Advanced Medical Science So, do you challenge them too just because they call themselves Doctors!?!! (note that this analogy is based on the principle that most "simple folk" only think of the person they go to when they are ill when they hear the term Doctor.) There are many Network Engineers out there that have been in the industry since probably before you took your first breath... and they have probably had the opportunity to get certified in a VENDOR-SPECIFIC certification, but chose not to... doesn't mean they don't know their Sh!t... just means they didn't feel like wasting money on Career Politics. They just now have to deal with the Pointy-Haired bosses that think that just because the young-buck with a number behind his name is better than himself because young-buck is a "CCIE". Total BS. My mentor has been dealing with Cisco routers and switches since they first came out... and he isn't a CCIE but he still knows his stuff. He too could teach others for monetary gain... but he just isn't interested he has a pretty busy schedule as it is, and prefers the one-on-one approach. This doesn't mean I'm going to put my cocky nose to the air and say, forget you man... you're not a CCIE, so I'm going elswhere. (of course, I'd first have to establish a cocky demeanor first, but you should DEFINITELY get the point.) Bottom line, please don't waste anymore bandwidth on this issue... and if you still have such a thorn in your side Get the Damned number, come back and show ALL of us a thing or to... and then you can feel all Big-Man-on-Campus like. Of course, with your current attitude, I doubt anyone will listen but that's just MHO. BTW, Howard, thanks for all the contributions you put forth on this forum I for one really appreciate them. There's nothing like free knowledge for those who can barely afford to participate in this career field. Sincerely, Mark Odette II CCNA, .75%CCNP, MCSE 4.0/2000, A+ certified. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of JP Sent: Wednesday, May 01, 2002 9:17 PM To: [EMAIL PROTECTED] Subject: Re: Some free scenarios and tutorials (slight correction) [7:43066] Peter, - Original Message - From: "Peter Rosenthal" To: Sent: Wednesday, May 01, 2002 11:11 AM Subject: Re: Some free scenarios and tutorials (slight correction) [7:42985] > > Besides, who wants to read CCIE prep material from a guy that hasn't even > passed the lab! Howard does us all a favor and please go take the lab. > You're so awesome with all your books and work on the IETF so it should be a > breeze. No excuses! I disagree with you on this comment. There are coaches and players. In order to pass the lab you will have to know the stuff and be able to type it in time, some people may just do feel comfortable under some pressure, I am not saying this is the case for anyone for sure, but to me, not being a CCIE just means not having that number, period. You do not have to be a world champion to coach your team to win it. I am not saying who claims to be a coach is certainly capable of being a good one, but we just cannot logically rule that out. IMHO, the owner of the list owns the list. The owner has the freedom to give some kind of privileges to anybody. That said, I think no matter how much free stuff is in there, it is an underestimation of people's intelligence claming that this kind of posting is non-business related. People open mails everyday know this for sure. Just my .02 Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43146&t=43146 -- FAQ, list a
RE: VLANS [7:42932]
Damian Rizzo is the vlan man. If he can't do it Noone can. Uh Rich. Mind if i call you dick. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43159&t=42932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: application-oriented network design [7:42933]
"Howard C. Berkowitz" wrote: > I've > always found it a graphic challenge that telephony really has two > communications paths: the control/signaling path for call setup and > the like, and the information transfer path. Amen to that. Way back in the dark ages (early 1990's) I did an FSM analysis of ISDN BRI UNI signaling. The first part of the project was to gather and summarize the CCITT and ANSI diagrams ( http://vedatel.com/Isdn/bri-uni-signaling.pdf ). It was a straightforward exercise to diagram the D-channel signaling (control plane). The only way I could get the data plane (B channels) into the picture was to use a 3-D tool, so I took the easy way out. I refer you to the bottom right-hand corner of the diagram where the B channels are indicated. Talk about minimalism! I think there's a reasonable way to approach this AVVID diagramming. I'll post when I've got a better grasp of the situation (need to follow up on suggestions from Larry and Priscilla). BTW I'd like to cast my vote of confidence and appreciation for your postings to this list. I'm unconcerned about what letters you append or prepend to your name. It's knowledge I'm after and I'm grateful to say that you share it in abundance. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43158&t=42933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
looking for lab date swap [7:43157]
Hi all.. I have lab date at RTP 23rd July,2002.I am looking for around 15th September ,2002.There is two seat you can get on 23rd July,2002 for swapping around 15th September. Regards Almazi M. Rashid [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Almazi M. Rashid.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43157&t=43157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switching exam [7:43038]
You people spend MONEY on certification prep materials? I'm sorry. :-) --Tim Kaminski, Shawn G wrote: > > It's sad, the true signs of brainwashing :-) > > I never said anything was wrong with them. The proven track > record comes > from the fact that they've done a great job marketing their > products. Boson > has quality products, BUT, BUT, BUT, as I've mentioned before, > there are > other companies out there that offer materials that are just as > good if not > better than Boson and the prices are about 80% cheaper. I would > mention the > companies, but I have a financial interest in these companies > and I'd get > flamed to death (believe it or not, I also have a financial > interest in > Boson/Quizware, but not anywhere near as much as I'd like :-) ) > You can't > really blame Boson for their high prices because they have to > pay a > percentage to their authors. Plus, like you said, people have > been > brainwashed into believing that Boson is the only company out > there, which > allows Boson to charge higher prices. > > So, look around a little and take a chance on some of these > other companies. > Don't worry, no one is going to yell at you for spending less > money on > certification materials :-) I'm just trying to save people some > money while > at the same time hoping that I make a little, as well! > > Shawn K. > > > -Original Message- > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 8:28 PM > > To: [EMAIL PROTECTED] > > Subject:RE: switching exam [7:43038] > > > > Boson worked well for me too, but I hardly consider $40 > expensive > > especially > > given the cost of others. > > > > Jon > > > > -Original Message- > > From: Adam Hickey [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 4:22 PM > > To: [EMAIL PROTECTED] > > Subject: Re: switching exam [7:43038] > > > > I don't think I could have gotten through my tests without > Boson's help - > > other than being expensive, what is wrong with them? I don't > think I see a > > cult here but I do see the proven track record and the > quality name Boson > > has developed for themselves. High price is a direct result > of high demand > > - > > simple economics. > > > > > > > > Adam Hickey > > [EMAIL PROTECTED] > > > > > > > > - Original Message - > > From: "Kaminski, Shawn G" > > To: > > Sent: Wednesday, May 01, 2002 3:31 PM > > Subject: RE: switching exam [7:43038] > > > > > > > Please, people, snap out of the Boson trance. I can't take > it anymore. > > :-) > > I > > > just had a discussion with Paul Borghese a few days ago > about how Boson > > > always gets through the filters but other vendors don't. > Hopefully, that > > > will change soon and we'll start to see better and less > expensive > > options > > > come through the list without being filtered. In fact, I > wonder if this > > will > > > make it through the filter since I'm saying something "bad" > about the > > Boson > > > cult? :-) > > > > > > Please proceed with flaming, ragging, name calling, tar and > feathering, > > etc. > > > However, one of these days you'll thank me from preventing > you from > > getting > > > that Boson tattoo on your chest ( on the ankle for the > ladies) :-) > > > > > > If you're up for an argument, please email me offline :-) > > > > > > Shawn K. > > > > > > > -Original Message- > > > > From: NetEng [SMTP:[EMAIL PROTECTED]] > > > > Sent: Wednesday, May 01, 2002 5:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: switching exam [7:43038] > > > > > > > > just took that switching exam: 79 ?'s, 90 minutes and 699 > to pass. > > pretty > > > > easy test, boson's were great as usual. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43156&t=43038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
I don't think you can filter based on MAC with Ethernet... There is a technology in which you can, but I'm drawing a blank on what it was. I think it was Token Ring only or some such nonsense. I think that it's irrelevant, however, since it's still a router function and the switching engine is still going to blissfully forward packets and ignore your access-lists. --Tim Christian Fredrickson wrote: > >IP standard access list > IP extended access list > IP standard access list (expanded range) > IP extended access list (expanded range) > > Then is it possible to create an access list based on the host > MAC address? > > Chris > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 8:36 AM > To: [EMAIL PROTECTED] > Subject: RE: Problem with access-list [7:43021] > > > OK, I'm not an all-powerful CCIE, but I'll take a stab at this. > > Applying an access list to a switch is only going to limit > access to and > from your management interface. Switched traffic through the > switch is > still switched traffic, and by and large, a switch doesn't ever > look at IP > information, thus wouldn't filter anything based on an IP > address. > > That would explain why you can't ping the host from the switch > (I'd imagine > you are getting a "Request Timed Out") but the traffic from the > outside > world still gets through. > > Also, What's up with the "2000" access list? Would not an > extended IP list > be 100-199? > > --Tim > > Christian Fredrickson wrote: > > > > Running a Cisco switch 3548XL > > Trying to block a specific IP address. The access-list looks > > like: > > (I substituted the IP addresses) > > access-list 2000 deny ip host ip_address any > > access-list 2000 permit ip range.0 0.0.0.255 any > > access-list 2000 deny ip any any > > > > All ports on this switch belong to the same VLAN and all other > > switches use > > this switch to get to the upper layer switch and use that to > > get to the > > router. The vlan looks like: > > (I substituted the IP addresses) > > interface VLAN1 > > description line > > ip address switch_ip 255.255.255.0 > > ip access-group 2000 in > > > > But I can still ping the host from external addresses. Why is > > this ACL not > > working? > > > > Thank you all in advance. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43153&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
Jay, Thanks for your input. But shouldn't ACL keep anything from other VLANs from even pinging the gateway IP of VLAN511? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43152&t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Content Switching and Keepalives [7:43141]
I have a pair of CS11152 in HA mode and we use HTTP for load balancing. In my opinion if your are using ping to load balance it is a waste. The CSS's are very capable and load balance HTTP very well. As far as load balancing methods the engineer at TAC said to use round robin which is the deafult scheme. I was using ACA, but the engineer said that should be only used for the heaviest fo traffic sites so i recommend using round robin as well, it'lll work better. Here is a sample config: service svc-w1.web ip address 172.16.10.100 port 80 keepalive type http keepalive method get keepalive uri "/http-ping.html" active service svc-w2.web ip address 172.16.10.101 port 80 keepalive type http keepalive method get keepalive uri "/http-ping.html" active content cnt-www.cobrand protocol tcp port 80 balance roundrobin ##you really don;t need this line becuase roundrobin is defaut. url "/*" add service svc-w1.web add service svc-w2.web vip address 192.168.133.100 active hope this helps ""Patrick Donlon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All > > I have two web servers which are being load balanced behind a CSS, this > is working fine. Currently we're using the default ICMP keepalive, this > is OK if the failure is at this level but when the web services process > is stopped by the DBA the CSS thinks it's up and running. I've seen the > different options, tcp, http gets, etc, and would like to know anyone > else's experience in what is the best balance over performance and > detecting the lost of service > > Cheers > > Pat > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43149&t=43141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Definition of terms... Do you know the answer?? [7:43090]
Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated. Reading this post I get the assumption that data can not be sent sent in either direction when a connection is half-closed. This contradicts what I read in TCP/IP Ilustrated by stevens p.238-239. There he explains an example when a connection is half-closed and data is still sent to the side that closed the connection. The example is the following. host1%> rsh host2 sort wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 11:08 AM 5/2/02, Mark Odette II wrote: > >Tamas- Thank you for your reply. > > > >Could you or anyone else explain in more indepth terms what is or what > >causes a Half-Closed TCP session?? > > There are a number of states that a TCP connection can be in per the RFC > for TCP (793). "Half-closed" is not one of them, however... But my guess is > that "half-closed" refers to the state that the RFC would call "half-open." > An established connection is said to be "half-open" if one of the sides has > closed or aborted the connection at its end without the knowledge of the > other, or if the two ends of the connection have become desynchronized > because of a crash. Such connections will automatically become reset if an > attempt is made to send data in either direction. > > Another possibility is that "half-closed" refers to one of the states that > occurs at the normal end of a session: > > FIN-WAIT-1 - represents waiting for a connection termination request from > the remote TCP, or an acknowledgment of the connection termination request > previously sent. > > FIN-WAIT-2 - represents waiting for a connection termination request from > the remote TCP. > > CLOSE-WAIT - represents waiting for a connection termination request from > the local user. > > CLOSING - represents waiting for a connection termination request > acknowledgment from the remote TCP. > > These states (and the half-open state) should be temporary, but if they > aren't, then they can leave a host slightly vulnerable to attack. The host > may use up resources that it really no longer needs. > > I know this is a lot of theory to throw at you, but hopefully it will > relate somehow to your problem. ;-) For even more info about the TCP > states, see RFC 793. > > Priscilla > > > > >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP > >connections between two nodes, such as a Windows workstation running an > >application to connect to a Server Application Server, and the connectios > >are between specific and random ports above 1024 simultaneously!?! Do I > >understand that correctly? > > > > > >I'm sure our famous question is starting to surface in many folks' minds: > >"What problem are you trying to solve?" > > > >That problem is with users on workstations at remote locations connecting to > >an application server (located at the other end of a PIX-to-PIX VPN Tunnel > >at the "main" office) and at random, they get disconnected from the > >server... but Internet access continues to work at the same time. In short, > >it appears that there is something happening with sessions across the VPN > >tunnel for users that go idle for a varying window of time. Just yesterday, > >I was reported that at one of the remote locations (and there are 3, which > >all suffer the same exact problem), one user "worked straight through lunch, > >while everyone else who used the same application went to lunch. End result > >was that the continuous worker did not get "kicked" out of the system, but > >all the other users that left the application open and when to lunch did." > > > >So, I'm trying to chase down what the issue might be, short of putting a > >Sniffer at the main location to see if I can identify the problem there. I > >suspect that there is something I need to adjust with the Timeout settings > >on the PIX, but did not want to make changes without understanding the > >pros/cons/implications of what I was doing. > > > >Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's > >explanation were exactly what I found, and nothing more Tamas, thank you > >for at least giving me a little more info! > > > >I even searched Google for a definition of "half-closed session", but got no > >definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase > >amidst other topics. :( > > > >Any help is appreciated. > > > >Thanks > >Mark > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >HORVATH TAMAS > >Sent: Thursday, May 02, 2002 7:41 AM > >To: [EMAIL PROTECTED] > >Subject: RE: Definition of terms... Do you know the answer?? [7:43090] > > > > > >Hi! > > > >timeout xlate: Idle time until a translation slot if freed. > > > >timeout conn: Idle time until a connection slot is freed. > > > >There is a distinction made between translated sessions (produced by nat, > >global, static, access-list, access-group commands)and connected sesssions > >when discussing
Re: Content Switching and Keepalives [7:43141]
I see no reason not to use the http keepalive. You can configure it to grab some specific small object if you'd like to limit its impact. We just grab the our homepage and I haven't noticed a performance impact at all. HTH, John >>> "Patrick Donlon" 5/2/02 11:15:19 AM >>> Hi All I have two web servers which are being load balanced behind a CSS, this is working fine. Currently we're using the default ICMP keepalive, this is OK if the failure is at this level but when the web services process is stopped by the DBA the CSS thinks it's up and running. I've seen the different options, tcp, http gets, etc, and would like to know anyone else's experience in what is the best balance over performance and detecting the lost of service Cheers Pat [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43147&t=43141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent help Please! [7:43084]
Type 7 passwords are easily decrypted. Type 5 (enable) are not. If you have physical access to the box then you can perform password recovery via the console, see the cisco website for the specifics for your router. If you have SNMP read/write access your can download the config, make the change, then push it back. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 12:19 AM To: [EMAIL PROTECTED] Subject: Urgent help Please! [7:43084] Hi ! All, Can any one please break this password? enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1 Thanks in advance. === WARNING This message may contain information that is confidential and may be subject to the provisions of section 61A of the Police Act 1958, which creates an offence to have unlawful possession of Police documents. If you are not the intended recipient of this message or have received this message in error, you must not peruse, use, pass or copy this message or any of its contents. Also note, the views expressed in this message may not necessarily reflect those of the New Zealand Police. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43129&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Closing Ports Part 2 [7:43145]
I know blocking ports isn't really going to stop people who can tunnel through via http or some other open ports. Are there firewalls that will look into specific traffic streams and drop connections that are not really http sessions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43145&t=43145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with access-list [7:43021]
ip extended access-lists are 100-199,2000-2699 I think Tim is correct, if your attempting to block pings between two devices on the same VLAN your not going to do it on the router. Dave timothy thielen wrote: > > OK, I'm not an all-powerful CCIE, but I'll take a stab at this. > > Applying an access list to a switch is only going to limit access to and > from your management interface. Switched traffic through the switch is > still switched traffic, and by and large, a switch doesn't ever look at IP > information, thus wouldn't filter anything based on an IP address. > > That would explain why you can't ping the host from the switch (I'd imagine > you are getting a "Request Timed Out") but the traffic from the outside > world still gets through. > > Also, What's up with the "2000" access list? Would not an extended IP list > be 100-199? > > --Tim > > Christian Fredrickson wrote: > > > > Running a Cisco switch 3548XL > > Trying to block a specific IP address. The access-list looks > > like: > > (I substituted the IP addresses) > > access-list 2000 deny ip host ip_address any > > access-list 2000 permit ip range.0 0.0.0.255 any > > access-list 2000 deny ip any any > > > > All ports on this switch belong to the same VLAN and all other > > switches use > > this switch to get to the upper layer switch and use that to > > get to the > > router. The vlan looks like: > > (I substituted the IP addresses) > > interface VLAN1 > > description line > > ip address switch_ip 255.255.255.0 > > ip access-group 2000 in > > > > But I can still ping the host from external addresses. Why is > > this ACL not > > working? > > > > Thank you all in advance. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43144&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and AAA [7:42302]
Thanks again for the replies everyone it worked just fine Patrick Donlon wrote: > Thanks for the replies, I only want to authenticate admininistrators on the > PIX, will let you know how I get on > > Cheers > > Pat > > -- > > email me on : [EMAIL PROTECTED] > > ""nrf"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > In such a situation, authorization would be achieved by writing a bunch of > > access-lists on the Pix. Then, you designate those particular > access-lists > > within the radius server for individual users. For example, let's say you > > have a user called billclinton, and you want to restrict his access to > > certain websites. So you write an access-list that does that, and then in > > his radius profile, you "call" that access-list. > > > > This works when you are doing straight authentication through the Pix > > directly. I have never tried it through a VPN. > > > > > > ""Darren Mitchelmore"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > NRF. > > > > > > I am just about to setup a PIX 515 with the Cisco VPN client and the ias > ( > > > WIN2K RADIUS SERVER ). From my understanding the VPN client has a group > > > login then the user will be prompted for a username/password that the > > > PIX will pass to the IAS server using Radius. That will be authenticated > > > against the Win username / password database (used to be called SAM ??) > on > > > the IAS server. > > > > > > I believe that this is authentication. Not sure how authorisation is > > > achieved. How do you tie in the access-list > > > to that individual user ?? > > > > > > Is this the setup you have got going ?? > > > > > > Do you have any problems implementing it ?? > > > > > > PS - I have setup PIXs before but only with simple policies... > > > > > > Best Regards, > > > Darren M > > > > > > > > > > > > > > > > -Original Message- > > > > From: nrf [SMTP:[EMAIL PROTECTED]] > > > > Sent: Wednesday, April 24, 2002 3:57 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: PIX and AAA [7:42302] > > > > > > > > Well, actually, the Pix does support a very limited amount of Radius > > > > authorization. It's only for users going through the Pix, not > > > > administrators of the Pix. And the authorization 'capabilities' only > > > > allow > > > > you to invoke existing access-lists on the Pix for certain users, so, > > like > > > > I > > > > said, it's very limited. Still, the capability exists. > > > > > > > > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/mn > > > > ga > > > > cl.htm#xtocid10 > > > > > > > > > > > > ""Georg Pauwen"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Paul, Tim, Patrick, > > > > > > > > > > you guys are good ! You are right, I wasn4t specific enough in what > I > > > > said: > > > > > PIX does support RADIUS, but it does NOT support RADIUS > Authorization > > :) > > > > > > > > > > Regards, > > > > > > > > > > Georg > > > > > > > > > > > > > > > >From: "Paul Borghese" > > > > > >To: "Georg Pauwen" , > > > > > >Subject: Re: PIX and AAA [7:42302] > > > > > >Date: Tue, 23 Apr 2002 10:03:43 -0400 > > > > > > > > > > > >The pix does support radius. I am using it for a small client to > > > > > >authenticate PPTP connections using the Microsoft 2000 Radius > server. > > > > > > > > > > > >Paul Borghese > > > > > >- Original Message - > > > > > >From: "Georg Pauwen" > > > > > >To: > > > > > >Sent: Tuesday, April 23, 2002 7:16 AM > > > > > >Subject: RE: PIX and AAA [7:42302] > > > > > > > > > > > > > > > > > > > Hi Patrick, > > > > > > > > > > > > > > yes, aaa is fully supported on the PIX (remember, though, that > the > > > > PIX > > > > > >does > > > > > > > not support RADIUS). Follow this link for a command overview of > > aaa > > > > on > > > > > >the > > > > > > > PIX: > > > > > > > > > > > > > > > > > > > > > > > > > >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/a > > > > b. > > > > h > > > > > >tm#xtocid3 > > > > > > > > > > > > > > Regards, > > > > > > > > > > > > > > Georg > > > > > _ > > > > > Chat with friends online, try MSN Messenger: > http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43143&t=42302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Definition of terms... Do you know the answer?? [7:43090]
At 11:08 AM 5/2/02, Mark Odette II wrote: >Tamas- Thank you for your reply. > >Could you or anyone else explain in more indepth terms what is or what >causes a Half-Closed TCP session?? There are a number of states that a TCP connection can be in per the RFC for TCP (793). "Half-closed" is not one of them, however... But my guess is that "half-closed" refers to the state that the RFC would call "half-open." An established connection is said to be "half-open" if one of the sides has closed or aborted the connection at its end without the knowledge of the other, or if the two ends of the connection have become desynchronized because of a crash. Such connections will automatically become reset if an attempt is made to send data in either direction. Another possibility is that "half-closed" refers to one of the states that occurs at the normal end of a session: FIN-WAIT-1 - represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent. FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP. CLOSE-WAIT - represents waiting for a connection termination request from the local user. CLOSING - represents waiting for a connection termination request acknowledgment from the remote TCP. These states (and the half-open state) should be temporary, but if they aren't, then they can leave a host slightly vulnerable to attack. The host may use up resources that it really no longer needs. I know this is a lot of theory to throw at you, but hopefully it will relate somehow to your problem. ;-) For even more info about the TCP states, see RFC 793. Priscilla >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP >connections between two nodes, such as a Windows workstation running an >application to connect to a Server Application Server, and the connectios >are between specific and random ports above 1024 simultaneously!?! Do I >understand that correctly? > > >I'm sure our famous question is starting to surface in many folks' minds: >"What problem are you trying to solve?" > >That problem is with users on workstations at remote locations connecting to >an application server (located at the other end of a PIX-to-PIX VPN Tunnel >at the "main" office) and at random, they get disconnected from the >server... but Internet access continues to work at the same time. In short, >it appears that there is something happening with sessions across the VPN >tunnel for users that go idle for a varying window of time. Just yesterday, >I was reported that at one of the remote locations (and there are 3, which >all suffer the same exact problem), one user "worked straight through lunch, >while everyone else who used the same application went to lunch. End result >was that the continuous worker did not get "kicked" out of the system, but >all the other users that left the application open and when to lunch did." > >So, I'm trying to chase down what the issue might be, short of putting a >Sniffer at the main location to see if I can identify the problem there. I >suspect that there is something I need to adjust with the Timeout settings >on the PIX, but did not want to make changes without understanding the >pros/cons/implications of what I was doing. > >Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's >explanation were exactly what I found, and nothing more Tamas, thank you >for at least giving me a little more info! > >I even searched Google for a definition of "half-closed session", but got no >definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase >amidst other topics. :( > >Any help is appreciated. > >Thanks >Mark > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >HORVATH TAMAS >Sent: Thursday, May 02, 2002 7:41 AM >To: [EMAIL PROTECTED] >Subject: RE: Definition of terms... Do you know the answer?? [7:43090] > > >Hi! > >timeout xlate: Idle time until a translation slot if freed. > >timeout conn: Idle time until a connection slot is freed. > >There is a distinction made between translated sessions (produced by nat, >global, static, access-list, access-group commands)and connected sesssions >when discussing the PIX firewall. Translations are at the IP layer, >connections are at the transport layer. You cab have many connections open >under one translation. > >timeout half-closed: Idle time until a TCP half-close connection is freed. > >timeout udp: Idle time until an UDP slot is freed. > >timeout rpc: Idle time until an UDP slot is freed. > >If a given slot has not been used for the idle time specified, the resource >is returned to the free pool. > >So one purpose of these commands is resource management. Another purpose is >to provide the 'Adaptive' part of the ASA, as the unused ports will be >closed. > >Best regards, > > Tamas Horvath > network en
Content Switching and Keepalives [7:43141]
Hi All I have two web servers which are being load balanced behind a CSS, this is working fine. Currently we're using the default ICMP keepalive, this is OK if the failure is at this level but when the web services process is stopped by the DBA the CSS thinks it's up and running. I've seen the different options, tcp, http gets, etc, and would like to know anyone else's experience in what is the best balance over performance and detecting the lost of service Cheers Pat [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43141&t=43141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Definition of terms... Do you know the answer?? [7:43090]
TCP allows one end of a connection to to terminate its output while still receiving data fromt he other end. One side can send a fin to close its side of the connection and still receive data. The side that recieved the FIN to close the connection can keep sending data. Only when it sends its FIN packet and receives and ACK for this packet is connection totally closed. ""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Tamas- Thank you for your reply. > > Could you or anyone else explain in more indepth terms what is or what > causes a Half-Closed TCP session?? > > Correct me if I'm wrong, but for the Connection Slot, this refers to TCP > connections between two nodes, such as a Windows workstation running an > application to connect to a Server Application Server, and the connectios > are between specific and random ports above 1024 simultaneously!?! Do I > understand that correctly? > > > I'm sure our famous question is starting to surface in many folks' minds: > "What problem are you trying to solve?" > > That problem is with users on workstations at remote locations connecting to > an application server (located at the other end of a PIX-to-PIX VPN Tunnel > at the "main" office) and at random, they get disconnected from the > server... but Internet access continues to work at the same time. In short, > it appears that there is something happening with sessions across the VPN > tunnel for users that go idle for a varying window of time. Just yesterday, > I was reported that at one of the remote locations (and there are 3, which > all suffer the same exact problem), one user "worked straight through lunch, > while everyone else who used the same application went to lunch. End result > was that the continuous worker did not get "kicked" out of the system, but > all the other users that left the application open and when to lunch did." > > So, I'm trying to chase down what the issue might be, short of putting a > Sniffer at the main location to see if I can identify the problem there. I > suspect that there is something I need to adjust with the Timeout settings > on the PIX, but did not want to make changes without understanding the > pros/cons/implications of what I was doing. > > Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's > explanation were exactly what I found, and nothing more Tamas, thank you > for at least giving me a little more info! > > I even searched Google for a definition of "half-closed session", but got no > definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase > amidst other topics. :( > > Any help is appreciated. > > Thanks > Mark > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > HORVATH TAMAS > Sent: Thursday, May 02, 2002 7:41 AM > To: [EMAIL PROTECTED] > Subject: RE: Definition of terms... Do you know the answer?? [7:43090] > > > Hi! > > timeout xlate: Idle time until a translation slot if freed. > > timeout conn: Idle time until a connection slot is freed. > > There is a distinction made between translated sessions (produced by nat, > global, static, access-list, access-group commands)and connected sesssions > when discussing the PIX firewall. Translations are at the IP layer, > connections are at the transport layer. You cab have many connections open > under one translation. > > timeout half-closed: Idle time until a TCP half-close connection is freed. > > timeout udp: Idle time until an UDP slot is freed. > > timeout rpc: Idle time until an UDP slot is freed. > > If a given slot has not been used for the idle time specified, the resource > is returned to the free pool. > > So one purpose of these commands is resource management. Another purpose is > to provide the 'Adaptive' part of the ASA, as the unused ports will be > closed. > > Best regards, > > Tamas Horvath > network engineer > Tel.: +36 22/515-452, > Fax: +36 22/327-532 > E-Mail: [EMAIL PROTECTED] > Message-ID: > From: Mark Odette II > Reply-To: Mark Odette II > To: [EMAIL PROTECTED] > Subject: Definition of terms... Do you know the answer?? [7:43090] > Date: Thu, 2 May 2002 07:29:44 +0200 > MIME-Version: 1.0 > X-Mailer: Internet Mail Service (5.5.2650.21) > Content-Type: text/plain; charset="iso-8859-2" > > Folks, I've been trying to find the answer to a couple of questions I have, > and unfortunately, my patience is thin at the moment due to a really bad > allergy attach, which in turn is making me barely be able to stay at the > computer but I've got to solve a problem. > > So, could someone give me the low-down on what the following terms/settings > really mean in relation to TCP/UDP communications? > > These terms are related to settings on a Firewall (PIX or Router), and > explanations relating to such would really help me understand their > purpose/functionality. Thanks in Advance!! > > timeout xlate > > timeo
RE: Problem with access-list [7:43021]
well, that's a bit twisted. :-) I guess those 200 other IP access lists were not enough? I fear the router which can use them all and still somehow forward packets. I'm curious to find if I was correct on the other bit, though... The access list should only apply to the Management functions on the switch, right? Just because it's an IOS switch doesn't mean it has routing functions. Switched traffic would not be effected by an access list applied to the switch. It would only limit traffic from the specified host from, say, telnetting into the sc0 (or keep pings from returning). The rest of the time, the switch will keep on passing traffic based on Layer 2 information, and never pay attention to Layer 3. --Tim, I so much want to be right on this... :-) Marko Milivojevic wrote: > > > Also, What's up with the "2000" access list? Would not an > > extended IP list > > be 100-199? > > 2000-2699 are also extended IP lists. Cisco calls them > "expanded > range" :-). Sort of reminds me of expanded and extended memory > in DOS days > ;-) > > > Marko. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43137&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP update-source question [7:43043]
Wouldn't it be because the IP address you see in your BGP table is indeed the next-hop. If you instead look at a specific route "sh ip rou x.x.x.x" I would think you would see the BGP neig as you have listed (loopback1's ip address) and then the router has to do a recursive-lookup to find out how to get to that loopback address. -chris > -Original Message- > From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 01, 2002 6:12 PM > To: [EMAIL PROTECTED] > Subject: Re: BGP update-source question [7:43043] > > > Did you restart BGP? > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com > > > ""Daniel Lafraia"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > How come I see the interface address in the "show ip bgp" if I've > > specified an update-source for a neighbor? > > > > Thanks! > > Daniel > > > > Here is the config: > > > > RouterA > > interface Loopback0 > > ip address 105.105.105.1 255.255.255.128 > > interface Loopback1 > > ip address 41.41.41.1 255.255.255.255 > > interface Serial0 > > ip address 4.4.4.2 255.255.255.252 > > router bgp 55000 > > no synchronization > > network 105.105.105.0 mask 255.255.255.128 > > neighbor 4.4.4.1 remote-as 55000 > > neighbor 4.4.4.1 update-source Loopback1 > > > > RouterB > > interface Loopback0 > > ip address 104.104.104.1 255.255.255.128 > > interface Serial1 > > ip address 4.4.4.1 255.255.255.252 > > clockrate 64000 > > router bgp 55000 > > network 104.104.104.0 mask 255.255.255.128 > > neighbor 4.4.4.2 remote-as 55000 > > > > -- > > Please ignore other updates, these are other stuff I have > in my lab :) > > -- > > > > RouterA#show ip bgp > > BGP table version is 42, local router ID is 105.105.105.1 > > Status codes: s suppressed, d damped, h history, * valid, > > best, i - > > internal > > Origin codes: i - IGP, e - EGP, ? - incomplete > > > >Network Next Hop Metric LocPrf Weight Path > > * i0.0.0.0 2.2.2.1 100 0 65000 i > > * i101.101.101.0/25 2.2.2.1 100 0 65000 i > > *> 5.5.5.20 0 65000 i > > * i102.102.102.0/25 2.2.2.10100 0 65000 i > > *> 5.5.5.2 0 65000 i > > *>i104.104.104.0/25 4.4.4.10100 0 i > > *> 105.105.105.0/25 0.0.0.00 32768 i > > > > RouterB#sh ip bgp > > BGP table version is 5, local router ID is 104.104.104.1 > > Status codes: s suppressed, d damped, h history, * valid, > > best, i - > > internal > > Origin codes: i - IGP, e - EGP, ? - incomplete > > > >Network Next HopMetric LocPrf Weight Path > > *> 0.0.0.0 2.2.2.10 65000 i > > * i101.101.101.0/25 5.5.5.2 0100 0 65000 i > > *> 2.2.2.10 65000 i > > * i102.102.102.0/25 5.5.5.2 0100 0 65000 i > > *> 2.2.2.1 0 0 65000 i > > *> 104.104.104.0/25 0.0.0.0 0 32768 i > > * i105.105.105.0/25 4.4.4.2 0100 0 i Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43138&t=43043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO 2600 NAT [7:43139]
Hello all, I'm trying to configure NAT on a CISCO 2621. I managed to configure it basicaly but I want to use overloading and there is my problem. As shown below I try to specify a route to the right server for port 80 and port 5080. For the port 80, everythg is going well but I can't reach port 5080. Is there any thing to take into account for non-standard ports? "ip nat inside source static tcp 192.168.99.100 80 195.246.218.181 80" "ip nat inside source static tcp 192.168.99.102 5080 195.246.218.181 5080" Thank you for your help JC Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43139&t=43139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
> Also, What's up with the "2000" access list? Would not an > extended IP list > be 100-199? 2000-2699 are also extended IP lists. Cisco calls them "expanded range" :-). Sort of reminds me of expanded and extended memory in DOS days ;-) Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43136&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid Access-List/VLAN question [7:43128]
If 10.51.1.1 is the only IP active on that subnet, then the traffic is not being sourced from that network, thus rendering the ACL irrelevant. If, however, your host was connected to one of the ports on vlan 511, you would not be able to communicate with the RSM past the ACL. So, in other words, you are pinging from the other (open) side of the ACL. On Thu, 2002-05-02 at 11:43, Michael Williams wrote: > Here's the deal... I have a 5500 with RSM with a few VLANs on it, > each VLAN with an IP and the RSM is handling the routing for all VLANs. > I've got one VLAN in particular (511) that I'm experimenting with I > made the following access list: > > Router#(config)access-list 10 deny any log > > (I know this seems stupid because of the implicit deny, but I'm > experimenting) > > then applied this to VLAN 511: > > Router#config t > Router#(config)#int vlan 511 > Router#(config-if)#ip access-group 10 in > Router#(config-if)#ip access-group 10 out > > This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active > in that subnet (10.51.1.0/24) as there are no devices setup yet. I > do have a port on that VLAN connected to another (Nortel) switch, so the > VLAN511 interface shows up/up when you do a 'sh int vlan511'. > > Here's my deal I'm in a different subnet a few hops away > (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC > shouldn't that access list deny all traffic coming in/out of that VLAN?!?! > I check the log file after pinging (that VLAN IP from my PC) and there's > nothing...(note the log argument was used on the access-list) > > I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the > same access list to one of the serial interfaces, and when pinging from the > other 2500, I get the expected timeouts... So why wouldn't applying this > access list to a VLAN interface on an RSM do the same thing and prevent me > from pinging the IP on that VLAN interface?!?!? > > Am I missing something? Is there something different about how the ACLs are > applied to VLANs in an RSM as opposed to a physical interface on a router? > I'm not aware of any such differences... > > Please feel free to humiliate and make fun me when telling me the simple > something that I'm just not getting =) > > TIA, > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43135&t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE LAB Prep!!! [7:43055]
Perhaps I didn't give you any details... we have 19xx,29xx,39xx,5500,6500,8500, and the GSR 12000 Gbs/r also have 1700's,26xx,3600,7200,VPN3001,IDS,Avvid,Pix 525. just on the cisco side... please check out our web... www.ictp.com regards, Jason Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43132&t=43055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN dial problem [7:43071]
Can you share the config? If you have only a group-async interface defined with the modem lines, you may need to define a dialer intreface to pickup the ISDN calls. Philip -Original Message- From: supernet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 01, 2002 10:30 PM To: [EMAIL PROTECTED] Subject: ISDN dial problem [7:43071] Hi Dear Friends, We have a Cisco 5300 as RAS router. It has PRI and digital modems. Regular modem users dial the number no problem, they can always get connected. But ISDN users (Cisco 1604 router) couldn't make a connection. On 1604 router, it says "carrier wait timeout". We suspect that it's LEC problem but they insist everything is good on their side. What seems to be the problem? Thanks a lot. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43133&t=43071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
route science [7:43131]
I received a newsletter about a product that looks interesting. It costs $99,000 though. Has anyone heard any good this about this supposed breakthrough technology. http://www.networkcomputing.com/1305/1305sp1.html I am curious to see if htis is just a hyped up product or a viable solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43131&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Running routing protocols on Windows [7:43124]
Does anybody know whether there is software available somewhere that lets you run IP routing protocols on a Windows computer? I know that Windows 2000 supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be useful if you needed to inject routes into a lab environment when a spare router is not available. Thank you, John Dorffler CCIE #6677 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43124&t=43124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
CIT was easy, I got a 950 the book is so straight forward (Cisco press). But I think there are some wording mistakes. Routing was the hardest for me because it was my first exam. Switching was interesting to me, so it was not hard, but not easy. Then there was BCRAN. Hmmm. I thought I knew everything they asked, but only walked away with an 890. However, I was in panic mode for the whole exam. The most challenging thing about this exam, was navigating the 30" command list on this 7" monitor on the 8088 they gave me. Then I had difficulty going back and forth to triple check spelling. I am the type to make typos, I make tons of typos. Being the paranoid type of person I am, I was sweating about the time. Most test I get them done very quickly, the "you know it, or you don't" approach. Computers cost 300$ now, would it kill the testing center to have a few newer PCs. I alone have spent at least 2000$ in this one testing center I go to. They take no pride in the testing center either, trash at the stations, machines not started. Or at a "It is now safe to turn of your computer" prompt. To make matters worse, the day I was going to take BCRAN, I scheduled it for a Sunday at 7PM so I would have plenty of time before the exam to gather thoughts. They call me at 9am, "Hello, could you come in early to take your exam, we would like to go home early tonight, we are closing the testing center early". I had to go in a different time then I was scheduled for the exam. I could have made a lot of trouble for them, but I just came in early and tried not to get upset about it. If I wanted to, I am sure I could get them in a lot of trouble for this, but I am not the type to try to do that. Anyway, after putting the pressure on myself, I finally got the CCNP now. I don't think my employer recognizes what this certification is, but it's one more step in the right direction. My plans are to work on the CSS1, but I am going to spend a lot of time hands on with the 515 we just got in and other actual equipment. I am taking some recovery time after this series. Brian Zeitz MCSE,CCNP -Original Message- From: D. Tharp [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: RE: CIT exam [7:43100] This was the last exam I took to finish the CCNP and I found it easier than I expected. It is helpful to take this exam last because it does have a lot of material learned in preparing for other exams. To give you an example I only got a 780 on the routing exam (which I thought was the hardest) and scored a 931 on the CIT. I just think by the end of my studies I knew much more about the material and had a much greater understanding for it. If you take this exam last, you should have a much better time with it. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43126&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A couple of clarifications [7:43127]
I hate to do anything to prolong this unpleasant thread, but a couple of facts really should be put out. 1. I was a regular poster on Groupstudy well before I had any business relationship with either CertificationZone or Gett. In both cases, I was contacted by the CEO of each in response to what they had seen of my posting patterns. 2. Gett and Groupstudy have not exchanged one cent. 3. Genium has never paid one cent to Gett, although I have a personal contract with them. In the interest of rack time rentals, we do have a partnership to allow their authors to develop scenarios, and to give their subscribers convenient and discounted scenario access. 4. We have a similar relationship to IPexpert, although I receive no compensation from Gett. 5. We are investigating other partner relationships. Gettlab (a subsidiary of Gett, which is an established consultancy and VAR, especially in healthcare), has a business model of, if you will, selling razor blades (rack time) rather than selling razors (scenarios). In our consultancy, we do a good deal of open source work and prefer it. Open source scenarios, with value added support, is consistent with the way we've done things for a long time. 6. Paul Borghese and I discussed my posts both regarding scenario design and free scenarios with a very brief mention of a commercial service being available. This was meant to be a community service, and by community I include competitors potentially improving their scenarios. I did some things recently such as running mini-classes on specific scenarios, which seemed useful to a number of people, and I expect to continue to do so. 7. I sometimes forget to attach my .sig, but I've never made a secret of my affiliations. 8. I would invite anyone to look at the number of substantive, noncommercial posts I have made to the list for several years. One of the most vocal recent critics made his first post on 4/30, and has not made ANY technical posts in this calendar year. 9. I'm not going to get into a challenge of what my qualifications are or are not. I am perfectly happy to provide my resume to people with a legitimate interest. But as far as certain charges have been made, I suggest people contact people I've worked with, such as Jeff Doyle, and ask that his response be posted to the list. I can also document having worked with some of the figures that I have been charged with not knowing. I would much prefer that we get back to what I am told that Rodney King said after he became a landscaper: "Can't we just get a lawn?" I intend to make contributions to this list as I have done. Of course, there's a certain commercial interest, but I never expect to make a post relating to commercial materials that are not generally available to the public. But my major motivation is doing what I think any true professional does: "Pay it forward" with respect to my own mentors. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43127&t=43127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on VPN [7:43110]
Anil, If it is a Cisco Router or PIX Firewall that is being used at the main office to separate the private network from the Internet, go do a search on CCO for Static-Dynamic IPSEC Tunnel. That should get you going in the right direction. Good luck. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anil Kumar Sent: Thursday, May 02, 2002 8:12 AM To: [EMAIL PROTECTED] Subject: Question on VPN [7:43110] Hi All, Need a small clarifcation on VPN. One of the customer is having a Lease Line connection to Internet at the head office and they are having branch offices at remote location.Since being a lease line they have obtained static IP address from ISP. The branch locations will be dialing into the local ISP and all the times the remote locations will be getting dynamic IP address. Since the customer want to have a secure connection through VPN is it possible to attain and establish a IPSEC VPN tunnel between a dialup connection and the lease line router. If so please let me know how the same can be attanied. Thanks in advance. Regards.. Anil Kumar. = Thanks & Regards V Anil Kumar __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43122&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent help Please! [7:43084]
Members, This is a problem. I feel that is not only inappropriate for someone to solicit the aide of this board and its subscribers in order to crack passwords, its unethical and potentially illegal. No offense Ravi, but this is unacceptable given to current state of legislation regarding Information Security. Paul, its your call and as such, I will leave it to your discretion, however there are clear problems with this. Regards, Will Gragido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 01, 2002 11:19 PM To: [EMAIL PROTECTED] Subject: Urgent help Please! [7:43084] Hi ! All, Can any one please break this password? enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1 Thanks in advance. === WARNING This message may contain information that is confidential and may be subject to the provisions of section 61A of the Police Act 1958, which creates an offence to have unlawful possession of Police documents. If you are not the intended recipient of this message or have received this message in error, you must not peruse, use, pass or copy this message or any of its contents. Also note, the views expressed in this message may not necessarily reflect those of the New Zealand Police. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43118&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Stupid Access-List/VLAN question [7:43128]
Here's the deal... I have a 5500 with RSM with a few VLANs on it, each VLAN with an IP and the RSM is handling the routing for all VLANs. I've got one VLAN in particular (511) that I'm experimenting with I made the following access list: Router#(config)access-list 10 deny any log (I know this seems stupid because of the implicit deny, but I'm experimenting) then applied this to VLAN 511: Router#config t Router#(config)#int vlan 511 Router#(config-if)#ip access-group 10 in Router#(config-if)#ip access-group 10 out This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active in that subnet (10.51.1.0/24) as there are no devices setup yet. I do have a port on that VLAN connected to another (Nortel) switch, so the VLAN511 interface shows up/up when you do a 'sh int vlan511'. Here's my deal I'm in a different subnet a few hops away (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC shouldn't that access list deny all traffic coming in/out of that VLAN?!?! I check the log file after pinging (that VLAN IP from my PC) and there's nothing...(note the log argument was used on the access-list) I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the same access list to one of the serial interfaces, and when pinging from the other 2500, I get the expected timeouts... So why wouldn't applying this access list to a VLAN interface on an RSM do the same thing and prevent me from pinging the IP on that VLAN interface?!?!? Am I missing something? Is there something different about how the ACLs are applied to VLANs in an RSM as opposed to a physical interface on a router? I'm not aware of any such differences... Please feel free to humiliate and make fun me when telling me the simple something that I'm just not getting =) TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43128&t=43128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Definition of terms... Do you know the answer?? [7:43090]
Tamas- Thank you for your reply. Could you or anyone else explain in more indepth terms what is or what causes a Half-Closed TCP session?? Correct me if I'm wrong, but for the Connection Slot, this refers to TCP connections between two nodes, such as a Windows workstation running an application to connect to a Server Application Server, and the connectios are between specific and random ports above 1024 simultaneously!?! Do I understand that correctly? I'm sure our famous question is starting to surface in many folks' minds: "What problem are you trying to solve?" That problem is with users on workstations at remote locations connecting to an application server (located at the other end of a PIX-to-PIX VPN Tunnel at the "main" office) and at random, they get disconnected from the server... but Internet access continues to work at the same time. In short, it appears that there is something happening with sessions across the VPN tunnel for users that go idle for a varying window of time. Just yesterday, I was reported that at one of the remote locations (and there are 3, which all suffer the same exact problem), one user "worked straight through lunch, while everyone else who used the same application went to lunch. End result was that the continuous worker did not get "kicked" out of the system, but all the other users that left the application open and when to lunch did." So, I'm trying to chase down what the issue might be, short of putting a Sniffer at the main location to see if I can identify the problem there. I suspect that there is something I need to adjust with the Timeout settings on the PIX, but did not want to make changes without understanding the pros/cons/implications of what I was doing. Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's explanation were exactly what I found, and nothing more Tamas, thank you for at least giving me a little more info! I even searched Google for a definition of "half-closed session", but got no definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase amidst other topics. :( Any help is appreciated. Thanks Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of HORVATH TAMAS Sent: Thursday, May 02, 2002 7:41 AM To: [EMAIL PROTECTED] Subject: RE: Definition of terms... Do you know the answer?? [7:43090] Hi! timeout xlate: Idle time until a translation slot if freed. timeout conn: Idle time until a connection slot is freed. There is a distinction made between translated sessions (produced by nat, global, static, access-list, access-group commands)and connected sesssions when discussing the PIX firewall. Translations are at the IP layer, connections are at the transport layer. You cab have many connections open under one translation. timeout half-closed: Idle time until a TCP half-close connection is freed. timeout udp: Idle time until an UDP slot is freed. timeout rpc: Idle time until an UDP slot is freed. If a given slot has not been used for the idle time specified, the resource is returned to the free pool. So one purpose of these commands is resource management. Another purpose is to provide the 'Adaptive' part of the ASA, as the unused ports will be closed. Best regards, Tamas Horvath network engineer Tel.: +36 22/515-452, Fax: +36 22/327-532 E-Mail: [EMAIL PROTECTED] Message-ID: From: Mark Odette II Reply-To: Mark Odette II To: [EMAIL PROTECTED] Subject: Definition of terms... Do you know the answer?? [7:43090] Date: Thu, 2 May 2002 07:29:44 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-2" Folks, I've been trying to find the answer to a couple of questions I have, and unfortunately, my patience is thin at the moment due to a really bad allergy attach, which in turn is making me barely be able to stay at the computer but I've got to solve a problem. So, could someone give me the low-down on what the following terms/settings really mean in relation to TCP/UDP communications? These terms are related to settings on a Firewall (PIX or Router), and explanations relating to such would really help me understand their purpose/functionality. Thanks in Advance!! timeout xlate timeout conn timeout half-closed timeout udp timeout rpc I've got what I believe is a solid idea of what the first one, and perhaps the second one covers... but someone formally explaining them all will make me, and I'm sure many others benefit. Thanks, Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43121&t=43090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Content engine question! [7:43101]
Go to http://www.cisco.com/go/fn and search for WCCP version 2 HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Magdy H. Ibrahim Sent: Thursday, May 02, 2002 4:19 AM To: [EMAIL PROTECTED] Subject: Content engine question! [7:43101] Dear All, I am studying this days on How to configure and implement Cisco Content Engine590 on my network... When I browsed Cisco online Guide I found the following regarding Router configuration for HTTP traffice and WCCP version2. I found the following: "The router or switch must be running a version of IOS that supports the Web Cache Communication Protocol (WCCP) Version 2." My question is: How to know if the Router Or switch IOS supports the Web Cache Communicatio Protocol (WCCP) Version2 Please Advice me Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43120&t=43101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip route statement [7:43001]
How a Null route can prevent a routing loop. If you have, for example, 4 networks behind you router. 10.1.0.0\24 10.1.1.0\24 10.1.2.0\24 10.1.3.0\24 And to reduce the size of the routing tables in the upstream routers you summarize those networks to one network. 10.1.0.0\26 and you have a default route point to the upstream router. All is good, until you lose one of your networks. Now you don't have 10.1.2.0\24 in your routing table, *&*^$#! So you send it to the upstream router, your gateway of last resort. The upstream router has your summary route so the packet is routed back to you, %&^$^%^%*! And around it goes... In come the null route to save the day. Add a null route to your summary address and when you have the route in your routing table, more specific prefix, you route it accordingly. However, when a more specific route disappears packets destined to the missing route will match the null route, thus stopping the loop. Hope that explains at least one case. Philip -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 01, 2002 10:18 PM To: [EMAIL PROTECTED] Subject: Re: ip route statement [7:43001] can you provide an example of what circumstance might require the use of a null route to prevent a loop? My lack of imagination is preventing me from deriving my own example. ""Ladrach, Daniel E."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The Null interface is typically used for preventing routing loops. > > Daniel Ladrach > CCNA, CCNP > WorldCom > > > > -Original Message- > > From: Stanfast Preye [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 2:34 PM > > To: [EMAIL PROTECTED] > > Subject: ip route statement [7:43001] > > > > > > Dear Group, > > > > Why is it necessary to configure all routers in a network > > with "ip route > > xxx.xxx.xxx.xxx null 0" statement before implementing > > migrating to a new IP > > address scheme and DHCP service in the network. > > > > Somebody please help > > > > Regards, > > > > Preye. > > > > > > > > > > > > > > > > - > > Do You Yahoo!? > > Yahoo! Tax Center - online filing with TurboTax Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43123&t=43001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CLNS ? [7:43125]
Hi Can anybody answer this vague question; on the Cisco website it says that that CLNS OSI is withdrawn from the lab exam. Does this mean that one can still expect to be tested on CLNS for IP? Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43125&t=43125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on VPN [7:43110]
This is possible in a number of different ways, but it really depends on what VPN hardware and software you will be using, which you didn't specify. If it's a cisco router to cisco router implementation, you can find an example here: http://www.cisco.com/warp/public/707/ios_804.html If your talking about using client VPN software, nearly all VPN clients have the option to use a combination of a shared secret key and a userid/password combo for authentication, not IP address, so again it should not be a problem. You can find information on many Cisco security topics such as VPN by doing a search on CCO for "security tips". HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anil Kumar Sent: Thursday, May 02, 2002 6:12 AM To: [EMAIL PROTECTED] Subject: Question on VPN [7:43110] Hi All, Need a small clarifcation on VPN. One of the customer is having a Lease Line connection to Internet at the head office and they are having branch offices at remote location.Since being a lease line they have obtained static IP address from ISP. The branch locations will be dialing into the local ISP and all the times the remote locations will be getting dynamic IP address. Since the customer want to have a secure connection through VPN is it possible to attain and establish a IPSEC VPN tunnel between a dialup connection and the lease line router. If so please let me know how the same can be attanied. Thanks in advance. Regards.. Anil Kumar. = Thanks & Regards V Anil Kumar __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43119&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco related ebooks for the Palm m500 [7:43112]
Can anyone recommend a source of Cisco related ebooks for the Palm m500? Free, or to purchase? TIA Ben Lovegrove, CCNP Redspan Solutions Ltd Web: www.redspan.com & www.bensbookmarks.com Tel: +44 (0)2392 492010 Fax: +44 (0)870 460 2156 Email: [EMAIL PROTECTED] Cisco hardware, software, accessories, and certification tips Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43112&t=43112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
OK, I'm not an all-powerful CCIE, but I'll take a stab at this. Applying an access list to a switch is only going to limit access to and from your management interface. Switched traffic through the switch is still switched traffic, and by and large, a switch doesn't ever look at IP information, thus wouldn't filter anything based on an IP address. That would explain why you can't ping the host from the switch (I'd imagine you are getting a "Request Timed Out") but the traffic from the outside world still gets through. Also, What's up with the "2000" access list? Would not an extended IP list be 100-199? --Tim Christian Fredrickson wrote: > > Running a Cisco switch 3548XL > Trying to block a specific IP address. The access-list looks > like: > (I substituted the IP addresses) > access-list 2000 deny ip host ip_address any > access-list 2000 permit ip range.0 0.0.0.255 any > access-list 2000 deny ip any any > > All ports on this switch belong to the same VLAN and all other > switches use > this switch to get to the upper layer switch and use that to > get to the > router. The vlan looks like: > (I substituted the IP addresses) > interface VLAN1 > description line > ip address switch_ip 255.255.255.0 > ip access-group 2000 in > > But I can still ping the host from external addresses. Why is > this ACL not > working? > > Thank you all in advance. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43117&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
I see, the token ring version is in less demand and you won't be using the ethernet/token ring anyway. But what about those AGS+ routers. I saw one on ebay for $100. It had 8 serial ports. What's the drawback to using that for a frame switch? ""Wayne Jang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm thinking about buying a 2520 as a frame router. > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > Is getting the 2520 a good way to spend my very limited funds? > > Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43075&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To The Experts and Gurus [7:42996]
Knowing what to areas to study for a certification and knowing day-to-day real life scenarios are two different things. A CCIE could just study what is needed for the test, but there is no human being that knows everything about every area of networking, its impossible. Take any 2 people in networking; each will know something the other doesn't. Don't even post that garbage here. That wasn't a joke. If you don't like the list, get off of it. You are trying to antagonize people. If you are not posting helpful information, then just keep your lame post to yourself. You don't know everything so be quiet. Never mind about CCIE, I think ignorant people who post junk like this shouldn't be allowed to post. Thanks to all of your helpful people in the group. This is a great group, and its an invaluable tool to some of us. I really hope we can avoid the sour grapes posts, and direct those people to there own newsgroups. Or we could start a newgroups for them sourgrapes@ciscostudy. Brian Zeitz MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43115&t=42996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on VPN [7:43110]
Hi Anil, This is the normal scnario of vpn..You can configure your internet router at the head office with IKE nad IPSec Policies and also you can create the ip Pool on the internet router of the head office to assign IP addresses to ur branch offices.With the IPsec client on the branch office you can conect first to your local ISP and then establish the VPN connection to your head office internet router. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "Anil Kumar" cc: Sent by: Fax to: nobody@groupsSubject: Question on VPN [7:43110] tudy.com 02/05/2002 14:12 Please respond to "Anil Kumar" Hi All, Need a small clarifcation on VPN. One of the customer is having a Lease Line connection to Internet at the head office and they are having branch offices at remote location.Since being a lease line they have obtained static IP address from ISP. The branch locations will be dialing into the local ISP and all the times the remote locations will be getting dynamic IP address. Since the customer want to have a secure connection through VPN is it possible to attain and establish a IPSEC VPN tunnel between a dialup connection and the lease line router. If so please let me know how the same can be attanied. Thanks in advance. Regards.. Anil Kumar. = Thanks & Regards V Anil Kumar __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43114&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on VPN [7:43110]
Yes. However, the central site can never establish the tunnel since it has no way of knowing the remote peer IP address. Craig At 09:12 AM 5/2/2002 -0400, you wrote: >Hi All, >Need a small clarifcation on VPN. > >One of the customer is having a Lease Line connection to >Internet at the head office and they are having branch >offices at remote location.Since being a lease line they >have obtained static IP address from ISP. >The branch locations will be dialing into the local ISP and >all the times the remote locations will be getting dynamic >IP address. Since the customer want to have a secure >connection through VPN is it possible to attain and >establish a IPSEC VPN tunnel between a dialup connection >and the lease line router. If so please let me know how the >same can be attanied. > >Thanks in advance. > >Regards.. Anil Kumar. > > >= >Thanks & Regards > >V Anil Kumar > >__ >Do You Yahoo!? >Yahoo! Health - your guide to health and wellness >http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43113&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
This was the last exam I took to finish the CCNP and I found it easier than I expected. It is helpful to take this exam last because it does have a lot of material learned in preparing for other exams. To give you an example I only got a 780 on the routing exam (which I thought was the hardest) and scored a 931 on the CIT. I just think by the end of my studies I knew much more about the material and had a much greater understanding for it. If you take this exam last, you should have a much better time with it. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43111&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT exam [7:43100]
Steven Pilkerton wrote: > I have taken the router, switching and remote access exams, and am about to > take the support exam. I have heard from some that the CIT exam is the > easiest and I have heard from others that it is one of the hardest. I would > like to get the boards perspective on this. Thanks. If the CIT certification exam is anything like Semester 8 of the Cisco Academy program, it won't be the easiest. The experience of others in my class is the same. The only course and certification exam that was difficult up to this point was routing (BSCN / Semester 5). The reason the CIT material has been difficult is that it requires comprehensive knowledge of all three areas (routing, switching, remote access), and it adds another dimension, troubleshooting methodology and tools, to the mix. The tools we used most often in the troubleshooting labs were native debug and show diagnostics that every router and switch has, although there were some exercises with CiscoWorks, protocol analysis and network monitoring. I'm glad I took the course, as I've learned a systematic approach to the defining of symptoms and problems, gathering data, laying out the possible causes and solutions of the problems, action plans and execution, and documentation of the final resolution. Included in the methodology is the isolation of problems, layer by layer, router by router, interface by interface, link by link ("divide and conquer"). If you're good at native diagnostics (sho and debug), you've got a real advantage. For me it's a challenge. I'll be glad when it's over in a couple of weeks. There's still the question, What is the certification exam like? I hope we get an answer. Specifically, I'd like to know how others would compare it to the routing exam in difficulty. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43109&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question on VPN [7:43110]
Hi All, Need a small clarifcation on VPN. One of the customer is having a Lease Line connection to Internet at the head office and they are having branch offices at remote location.Since being a lease line they have obtained static IP address from ISP. The branch locations will be dialing into the local ISP and all the times the remote locations will be getting dynamic IP address. Since the customer want to have a secure connection through VPN is it possible to attain and establish a IPSEC VPN tunnel between a dialup connection and the lease line router. If so please let me know how the same can be attanied. Thanks in advance. Regards.. Anil Kumar. = Thanks & Regards V Anil Kumar __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43110&t=43110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Building Cisco Content Networking Solutions Exam (CN 640-925) [7:43107]
Hi, Can anyone recommend any training materials for this new exam, besides the oficial course and the CCO? Thanks Josi Rola Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43107&t=43107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content Networking [7:42898] -Reply [7:43108]
Hi Ron and everyone else, I just found out about this new certification or should I say version of the CCIP. I am pursuing the CCIP and decided to do this as the elective exam. I work for a telco that also provides content transport services for tv broadcasters, mainly in SDH and ATM. We are starting to work with video streaming (Broadcast quality) over IP and expect to do a technology pilot in the beginning of next year. Josi Rola Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43108&t=43108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Definition of terms... Do you know the answer?? [7:43090]
Hi! timeout xlate: Idle time until a translation slot if freed. timeout conn: Idle time until a connection slot is freed. There is a distinction made between translated sessions (produced by nat, global, static, access-list, access-group commands)and connected sesssions when discussing the PIX firewall. Translations are at the IP layer, connections are at the transport layer. You cab have many connections open under one translation. timeout half-closed: Idle time until a TCP half-close connection is freed. timeout udp: Idle time until an UDP slot is freed. timeout rpc: Idle time until an UDP slot is freed. If a given slot has not been used for the idle time specified, the resource is returned to the free pool. So one purpose of these commands is resource management. Another purpose is to provide the 'Adaptive' part of the ASA, as the unused ports will be closed. Best regards, Tamas Horvath network engineer Tel.: +36 22/515-452, Fax: +36 22/327-532 E-Mail: [EMAIL PROTECTED] Message-ID: From: Mark Odette II Reply-To: Mark Odette II To: [EMAIL PROTECTED] Subject: Definition of terms... Do you know the answer?? [7:43090] Date: Thu, 2 May 2002 07:29:44 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-2" Folks, I've been trying to find the answer to a couple of questions I have, and unfortunately, my patience is thin at the moment due to a really bad allergy attach, which in turn is making me barely be able to stay at the computer but I've got to solve a problem. So, could someone give me the low-down on what the following terms/settings really mean in relation to TCP/UDP communications? These terms are related to settings on a Firewall (PIX or Router), and explanations relating to such would really help me understand their purpose/functionality. Thanks in Advance!! timeout xlate timeout conn timeout half-closed timeout udp timeout rpc I've got what I believe is a solid idea of what the first one, and perhaps the second one covers... but someone formally explaining them all will make me, and I'm sure many others benefit. Thanks, Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43106&t=43090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip route statement [7:43001]
Can it be used as a default-gateway for hosts in LANs when migrating from one class of IP Address to another. Example: Host configuration (default-gateway=128.100.10.32) Router global configuration (ip route 128.100.10.32 null 0) Can somebody explain how this works? Kind regards, Preye. Patrick Ramsey wrote: I've never done this before... I've migrated countless networks to new ip schemes. But you have not given us a whole lot of info to go by. check out this link. Is this what you are trying to accomplish? http://www.cisco.com/warp/public/105/52.html#subfirstone There are other reasons to route to null as well. What are your goals? -Patrick >>> "Stanfast Preye" 05/01/02 02:34PM >>> Dear Group, Why is it necessary to configure all routers in a network with "ip route xxx.xxx.xxx.xxx null 0" statement before implementing migrating to a new IP address scheme and DHCP service in the network. Somebody please help Regards, Preye. - Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax > Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Do You Yahoo!? Yahoo! Health - your guide to health and wellness Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43105&t=43001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
yes, in that shoe too, anybody has an idea of what the exam is like. cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43104&t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent help Please! [7:43084]
Way off topic here, but why did you need to do this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43103&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building a Cisco Lab [7:43072]
I would be interested in purchasing the 4500M from you. How can we proceed. Wayne ""Brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I would say 2520 can be pricey. You get 2 high speed ports, 2 low speed > and 1 bri and 1 ethernet. > > for example, I sell 4500M's 32MB DRAM/16 Flash, 4 DTE/DCE cables, 1 > ethernet, 4 serial, for $600.00. Thats cheaper than you'll probably see > a 2520 for, plus you get all the cables.. Sure the 2520 has 1 BRI, i can > throw in 4 BRI interface module (NP-4B) for $50 extra. > > The 4500M is like a dragster next to the 2520, its a whole different world > than the 4000/4000M. It has a RISC processor. 4500M's are modular and > can take FastEthernet and ATM interfaces. > > Just trying to be helpfull :) > > I have a small book I am publishing on the net, it will be on lab > equipment selection and it goes into detail on frame relay switch > selection. should be done in about 30 days. > > Brian > > > On Wed, 1 May 2002, Wayne Jang wrote: > > > I'm thinking about buying a 2520 as a frame router. > > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch. > > > > Is getting the 2520 a good way to spend my very limited funds? > > > > Wayne > I'm buying / selling used CISCO gear!! > email me for a quote > > Brian Feeny, CCIE #8036 Netjam, LLC > [EMAIL PROTECTED] http://www.netjam.net > VISA/MC/AMEX/COD phone: 318-212-0245 > 30 day warranty fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43102&t=43072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]