RE: CISCO 2600 NAT [7:43139]

[Don Nguyen]

If you have ACL's applied inbound to your NAT outside interface make sure
you explicitly allow outside inbound connections to port 5080.

HTH,
Don Nguyen


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43205&t=43139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT exam [7:43100]

[Don Queen]

I agree. I took the CIT on Monday and passed with a score of 824, after
really studying for only a week. Anyway a  pass is a pass, so now I join the
many others on this is list who are CCNP's.

I owe a great deal of thanks to those of you who have contributed to this
list.

- Original Message -
From: "D. Tharp" 
To: 
Sent: Thursday, May 02, 2002 8:34 AM
Subject: RE: CIT exam [7:43100]


> This was the last exam I took to finish the CCNP and I found it easier
than
> I expected.  It is helpful to take this exam last because it does have a
lot
> of material learned in preparing for other exams.  To give you an example
I
> only got a 780 on the routing exam (which I thought was the hardest) and
> scored a 931 on the CIT.  I just think by the end of my studies I knew
much
> more about the material and had a much greater understanding for it.  If
you
> take this exam last, you should have a much better time with it.  Good
luck!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43204&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A couple of clarifications [7:43127]

[cebuano]

Dear subscribers,

In defense of Mr. Berkowitz, Ms.Oppenheimer and many others,
here's a short story to sum it up...

A man died and went to the pearly gates, and the angel said,
"Well, Mr. Jones, since you've lived a special life on earth, G~d has
asked me to give you special treatment. You will get to choose if
you want to go to heaven or hell. Which would you like to visit first?"
And Mr.Jones indicated he wanted to get a glimpse of hell first.
What he saw was a place filled with misery and pain, and in spite of
everyone being gathered around a banquet table, they were all starving.
The angel pointed out to him that this was due to the fact that
everyone who went to hell was punished by having an extremely long
spoon glued to their hands, thus making it impossible to feed themselves.

Next stop was heaven, but the scene was very similar to that in hell.
There was a huge gathering of people also with a long spoon attached
to their hands, yet everyone was enjoying the feast and having a party.
The difference was in heaven, they were all feeding each other.

Conclusion:
If as a subscriber all you want to do is insult other listers or show us
your arrogance, it is time that you GET OFF THIS LIST!!!

To Howard, Priscilla, and folks like them...we can't thank you enough.

Sincerely,

Elmer
- Original Message -
From: "Howard C. Berkowitz" 
To: 
Sent: Thursday, May 02, 2002 11:49 AM
Subject: A couple of clarifications [7:43127]


> I hate to do anything to prolong this unpleasant thread, but a couple
> of facts really should be put out.
>
> 1. I was a regular poster on Groupstudy well before I had any business
> relationship with either CertificationZone or Gett.  In both cases, I
> was contacted by the CEO of each in response to what they had seen of
> my posting patterns.
>
> 2. Gett and Groupstudy have not exchanged one cent.
>
> 3. Genium has never paid one cent to Gett, although I have a personal
> contract
> with them.  In the interest of rack time rentals, we do have a
> partnership
> to allow their authors to develop scenarios, and to give their
> subscribers
> convenient and discounted scenario access.
>
> 4. We have a similar relationship to IPexpert, although I receive no
> compensation from Gett.
>
> 5. We are investigating other partner relationships.  Gettlab (a
subsidiary
> of Gett, which is an established consultancy and VAR, especially in
> healthcare), has a business model of, if you will, selling razor
blades
> (rack time) rather than selling razors (scenarios). In our
consultancy,
> we do a good deal of open source work and prefer it. Open source
> scenarios,
> with value added support, is consistent with the way we've done things
> for a long time.
>
> 6. Paul Borghese and I discussed my posts both regarding scenario design
> and free scenarios with a very brief mention of a commercial service
> being available. This was meant to be a community service, and by
> community I include competitors potentially improving their scenarios.
> I did some things recently such as running mini-classes on specific
> scenarios, which seemed useful to a number of people, and I expect
> to continue to do so.
>
> 7. I sometimes forget to attach my .sig, but I've never made a secret of
> my affiliations.
>
> 8. I would invite anyone to look at the number of substantive,
noncommercial
> posts I have made to the list for several years.  One of the most
vocal
> recent critics made his first post on 4/30, and has not made ANY
> technical
> posts in this calendar year.
>
> 9. I'm not going to get into a challenge of what my qualifications are or
are
> not. I am perfectly happy to provide my resume to people with a
> legitimate
> interest. But as far as certain charges have been made, I suggest
people
> contact people I've worked with, such as Jeff Doyle, and ask that his
> response be posted to the list. I can also document having worked with
> some of the figures that I have been charged with not knowing.
>
> I would much prefer that we get back to what I am told that Rodney
> King said after he became a landscaper:  "Can't we just get a lawn?"
> I intend to make contributions to this list as I have done.  Of
> course, there's a certain commercial interest, but I never expect to
> make a post relating to commercial materials that are not generally
> available to the public. But my major motivation is doing what I
> think any true professional does: "Pay it forward" with respect to my
> own mentors.
> --
> "What Problem are you trying to solve?"
> ***send Cisco questions to the list, so all can benefit -- not
> directly to me***
>


> Howard C. Berkowitz  [EMAIL PROTECTED]
> Chief Technology Officer, GettLab/Gett Communications
http://www.gettlabs.com
> Technical Director, CertificationZone.com http://www.certifi

Re: Building a Cisco Lab [7:43072]

[[EMAIL PROTECTED]]

The whole 4000 (and M) series?
We have a few hundred 4700M routers, and previously 4000 routers (might 
have been 4000M, I forget).  Haven't had too many problems with them that 
I'm aware of.  Of course, they're EoS now, which is a slight problem...

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 03/05/2002 01:25 pm -


"CiscoB" 
Sent by: [EMAIL PROTECTED]
03/05/2002 06:04 am
Please respond to "CiscoB"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: Building a Cisco Lab [7:43072]
Is this part of a business decision process?: 


Wayne,

Ive had nothing but problems with 4000 series modular routers.  So many
problems, in fact, that I've stopped selling them.  Too many hardware
failures.  Stick with the 2500 series

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
[EMAIL PROTECTED]
Cisco home labs:  www.optsys.net
""Wayne Jang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I see, the token ring version is in less demand and you won't be using 
the
> ethernet/token ring anyway.
>
> But what about those AGS+ routers.  I saw one on ebay for $100.  It had 
8
> serial ports.  What's the drawback to using that for a frame switch?
>
>
>
> ""Wayne Jang""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm thinking about buying a 2520 as a frame router.
> >
> > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 
switch.
> >
> > Is getting the 2520 a good way to spend my very limited funds?
> >
> > Wayne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43201&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

(4) 2500's For Sale [7:43198]

[kevin mezei]

Hello,

I will be listing the following equipment soon on eBay if I don't sell it 
through here first:

(1) 2501
(1) 2503
(1) 2504
(1) 2513
(4) back-to-back Serial Cables
(4) sets of router mounting brackets
(2) AUI-RJ-45 transceivers
(1) 6 port hub

Price is negotiable. Contact me at [EMAIL PROTECTED] for more details.

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43198&t=43198
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A couple of clarifications [7:43127]

[[EMAIL PROTECTED]]

Howard, it is a shame you feel the need to post this.

One way to ensure that I will read a thread, is to see that Howard B or
Pricilla have contributed, the two of you have been a major contribution to
my completing my CCNP and more importantly have lots more valuable input
regarding real life situations that have made me a hero at work more than
once.

You don't need to justify yourself. Anybody who has been on the list for
more than a few days should be able to see how much you contribute.
Most of us don't care what you affiliations are, all we want you to do is
continue sharing your knowledge.

So just ignore the "Howard B dosn't have a CCIE" crowd, they speak before
they think and don't deserve a reply.

Hoping you will continue to contribute

Regards

Johnny McKenzie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43203&t=43127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Building a Cisco Lab [7:43072]

[adam lee]

We have quite a few Cisco 4k and they are pretty reliable.  In a year and a
half we have only replaced one 4k in our data center, and the only others we
have touched are the ones we have deinstalled and replaced with 3600's.  I
think we have a hundred or so.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Thursday, May 02, 2002 6:23 PM
To: [EMAIL PROTECTED]
Subject: Re: Building a Cisco Lab [7:43072]


>Wayne,
>
>Ive had nothing but problems with 4000 series modular routers.  So many
>problems, in fact, that I've stopped selling them.  Too many hardware
>failures.  Stick with the 2500 series
>
>thanks,
>-Brad Ellis
>CCIE#5796 (R&S / Security)
>[EMAIL PROTECTED]
>Cisco home labs:  www.optsys.net

Brad,

I don't doubt your current experience is accurate, but I'm curious.
When I was on the road teaching Cisco courses, the 2500's seemed to
fail more than the 4000's. Probably the most persistent 4000 problem
was one of the ports failing on the dual-Ethernet module.

Is there any pattern to what you are seeing?  I'm wondering if it's
just a mechanical problem with wear on the slot modules, or something
else that's aging.

Howard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43197&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written Beta [7:43164]

[Michael L. Williams]

Interesting.  As far as the "back" button goes, here's what I
remember. Back when, all of the Cisco exams had the back button...
(someone correct me, but the CCIE was around before CCNA/NP, etc).  At
some point (around the time I started taking Cisco exams) they removed the
use of the back button from the Cisco Career Certs (CCNA/DA, CCNP/DP exams)
because they realized that some of the questions would give away answers
that could have been asked in previous questions  but they left the back
button in the 350-001.  AFAIK, they never removed use of the back button for
the CCIE written but I am surprised that they didn't remove it in the
new incarnation.

Good info ... I'm s'posed to take the beta tomorrow.   I know MPLS is
going to be probably my biggest weak point as I haven't read hardly anything
about it but the rest I may have a good chance at doing alright at..
Wish me luck!  (pleeze pleeze wish me luck... LOL)

Mike W.

"Kaminski, Shawn G"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What I found interesting about this exam was that I was able to go back to
> previous questions. I can't remember if the 350-001 was like that. I
wonder
> if all the Cisco beta exams are like that? Another interesting thing was
> that they had commands on this test that probably have been used only once
> in the history of networking, and that one and only time was on this exam
> :-)  I thought it was a good test to make people realize that anything
> in the Cisco ISO is fair game on the one-day lab.
>
> Shawn K.
>
> > -Original Message-
> > From: Daniel Lafraia [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, May 02, 2002 4:28 PM
> > To: [EMAIL PROTECTED]
> > Subject: CCIE Written Beta [7:43164]
> >
> > Hello,
> >
> > I just took the new CCIE Written Beta test. That's really a very hard
test
> > (everything that we've been hearing about this test is true ). You
> > have 180 minutes (I've used 179 minutes and a few seconds! YES, that's
> > full
> > 3 hours without going to the bathroom ) for 150 questions. It really
> > seems that everything in networking is covered in this test. From some
> > basic
> > questions to the most complex questions about IPX, MPLS, VLAN, BGP,
OSPF,
> > EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping
and
> > Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels,
IPSec
> > and everything else you can think.
> >
> > I didn't get any "type the command" type of question, altough you may
find
> > some questions like "what's the command that likely would fix this
> > problem".
> > Basically more than 60% of these questions have its own lab scenario.
> >
> > For those who will take this test: Even though that's the new format
> > (351-001), you really should take a look at the blueprint for the
> > (350-001)
> > before taking this test
> >
http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html
> >
> > I've used Boson tests CCIE practice test #2, Caslow's book, Routing
TCP/IP
> > volume I and II, Halabi's book and a lot of reserch on cisco.com :)
> >
> > Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result
:)
> >
> > cya
> > Daniel Lafraia




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43200&t=43164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question on VPN [7:43110]

[Tribavan Raina]

Hi anil..

I think it depends upon what is dialing ...Is it a client with a modem or a
router dialing.

In case it is a client you can go for Cisco secure VPN client and it will
automatically creat a VPN connection once it finds interesting traffic for
corporate LAN.YOu need to configure your leased line router for this and
also you have to decide what you are going to use  for ISAKMP negotiation
..You can go for manual keys or Certificates.

Cheers!

Tribavan Raina
Network Consultant

TechTonics Group Limited
Level 31 Grand Plimmer Tower
2-6 Gilmer Terrace
PO Box 11 199
Wellington

Ph:   +64 4 385 2628
Fax: +64 4 385 2400

www.techtonics.co.nz


-Original Message-
From: Anil Kumar [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 1:12 AM
To: [EMAIL PROTECTED]
Subject: Question on VPN [7:43110]


Hi All,
Need a small clarifcation on VPN.

One of the customer is having a Lease Line connection to
Internet at the head office and they are having branch
offices at remote location.Since being a lease line they
have obtained static IP address from ISP.
The branch locations will be dialing into the local ISP and
all the times the remote locations will be getting dynamic
IP address. Since the customer want to have a secure
connection through VPN is it possible to attain and
establish a IPSEC VPN tunnel between a dialup connection
and the lease line router. If so please let me know how the
same can be attanied.

Thanks in advance.

Regards.. Anil Kumar. 


=
Thanks & Regards

V Anil Kumar

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43199&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CLNS ? [7:43125]

[Peter van Oene]

IS-IS routing of IP is a testable subject.

At 11:32 AM 5/2/2002 -0400, Miguel Mitras wrote:
>Hi
>Can anybody answer this vague question; on the Cisco website it says that
>that CLNS OSI is withdrawn from the lab exam. Does this mean that one can
>still expect to be tested on CLNS for IP?
>Cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43151&t=43125
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Remote Access and DID [7:43196]

[Junkie]

Setting up an AS3640 with one PRI providing dial in/out data only.  The
telco consultant recommended us to use DID's.  I have worked with a few
5200 and 5300's before and have never seen DID in the configuration.

I understand how DID works, just wondered if it was really needed for
data?  

If DID is needed, 3 or 4 digits...or does it really matter?

TIA,
Tony




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43196&t=43196
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route science [7:43131]

[Anthony Mann]

I saw this demoed @ InterOp last year...I had my doubts as well.  I have
never had to tweak BGP to the point of doing it all the time...and that
was the sales pitch.  Their box will do the work for you.

It was a sweet box...doesn't sit inline with traffic so wouldn't be a
single point of failure nor degrade speed.

They will do a full thirty day eval, if you are truly interested.   They
can even do a test without providing you the hardware, all you have to
do is stick a 1 by 1 pixel on a web page...their equipment remotely will
monitor your routes and spit out a report comparing your config to their
optimized routes.

I have to admit I was intrigued...but for as little as I tweak BGP, 100K
wasn't worth it for our size network.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
sam sneed
Sent: Thursday, May 02, 2002 12:07 PM
To: [EMAIL PROTECTED]
Subject: route science [7:43131]

I received a newsletter about a product that looks interesting. It costs
$99,000 though. Has anyone heard any good this about this supposed
breakthrough technology.

http://www.networkcomputing.com/1305/1305sp1.html

I am curious to see if htis is just a hyped up product or a viable
solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43193&t=43131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT exam [7:43100]

[Quek, Steven]

Hi all,

Just to be sure for there are 2 books for CIT,
may I know which Cisco Press Book is for the CIT exam?

Thank you & have a nice weekend.

Cheers
Steven Quek


-Original Message-
From: adam lee [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 9:22 AM
To: [EMAIL PROTECTED]
Subject: RE: CIT exam [7:43100]


I just took the exam today after studying for about 30 hours using the cisco
press book and the course material.  It wasn't that hard but it wasn't that
easy because some of the wording got me.

Considering what I studied, I expected more in different areas.  Oh, well, a
pass is a pass.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 3:54 AM
To: [EMAIL PROTECTED]
Subject: CIT exam [7:43100]


I have taken the router, switching and remote access exams, and am about to
take the support exam.  I have heard from some that the CIT exam is the
easiest and I have heard from others that it is one of the hardest.  I would
like to get the boards perspective on this.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43195&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route science [7:43131]

[Junkie]

I saw this demoed @ InterOp last year...I had my doubts as well.  I have
never had to tweak BGP to the point of doing it all the time...and that
was the sales pitch.  Their box will do the work for you.

It was a sweet box...doesn't sit inline with traffic so wouldn't be a
single point of failure nor degrade speed.

They will do a full thirty day eval, if you are truly interested.   They
can even do a test without providing you the hardware, all you have to
do is stick a 1 by 1 pixel on a web page...their equipment remotely will
monitor your routes and spit out a report comparing your config to their
optimized routes.

I have to admit I was intrigued...but for as little as I tweak BGP, 100K
wasn't worth it for our size network.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
sam sneed
Sent: Thursday, May 02, 2002 12:07 PM
To: [EMAIL PROTECTED]
Subject: route science [7:43131]

I received a newsletter about a product that looks interesting. It costs
$99,000 though. Has anyone heard any good this about this supposed
breakthrough technology.

http://www.networkcomputing.com/1305/1305sp1.html

I am curious to see if htis is just a hyped up product or a viable
solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43194&t=43131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP question [7:43163]

[Junkie]

You shouldn't have a problem at all.  I have done this a few times, just
make sure that both ISP's know you have a multihomed network and what
block the other ISP provided.  Just like Jason mentioned, it's AS to
AS...but we had a situation where the ISP had to add the other ISP's
block into an access list.

Most of the bigger providers will have a form to fill out, with Sprint
and WCOM they ask if you are multihomed and also ask for all of the
public blocks

You're good with it...


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steven A. Ridder
Sent: Thursday, May 02, 2002 4:28 PM
To: [EMAIL PROTECTED]
Subject: BGP question [7:43163]

Here's a question I can't seem to answer.  I came up with a scenario in
my
head, and now I can't find a solution.

Example: I have a dual homed network via BGP.  I have ISP 1 and they
give me
209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use the
209.x.x.x for my web servers, mail server, etc, and advertise that back
out
to the Internet via ISP 1 (the ISP that assigned me the block) and in
DNS.
I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's
block.  So, now the whole world knows to get to me via ISP 1.  Then
let's
say ISP 1 goes down, how would the world know how to get to me, if they
only
knew how to get to me Via ISP 1 and it's IP's?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43192&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route science [7:43131]

[Kent Yu]

Sam,



I think this was discussed probably couple of month ago on NANOG list. But I
am not sure if can find something just based on the product's name from the
archives.



HTHs

Kent


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I received a newsletter about a product that looks interesting. It costs
> $99,000 though. Has anyone heard any good this about this supposed
> breakthrough technology.
>
> http://www.networkcomputing.com/1305/1305sp1.html
>
> I am curious to see if htis is just a hyped up product or a viable
solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43191&t=43131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: switching exam [7:43038]

[adam lee]

I guess it depends on who pays for toner and the paper it's printed on.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kaminski, Shawn G
Sent: Thursday, May 02, 2002 5:18 PM
To: [EMAIL PROTECTED]
Subject: RE: switching exam [7:43038]


Tim is actually right. Everything you need to pass these exams is free on
Cisco's website. The only problem is that the site is so huge, you don't
know where to start!

Shawn K.

> -Original Message-
> From: timothy thielen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 02, 2002 3:02 PM
> To:   [EMAIL PROTECTED]
> Subject:  RE: switching exam [7:43038]
>
> You people spend MONEY on certification prep materials?  I'm sorry.  :-)
>
> --Tim
>
> Kaminski, Shawn G wrote:
> >
> > It's sad, the true signs of brainwashing :-)
> >
> > I never said anything was wrong with them. The proven track
> > record comes
> > from the fact that they've done a great job marketing their
> > products. Boson
> > has quality products, BUT, BUT, BUT, as I've mentioned before,
> > there are
> > other companies out there that offer materials that are just as
> > good if not
> > better than Boson and the prices are about 80% cheaper. I would
> > mention the
> > companies, but I have a financial interest in these companies
> > and I'd get
> > flamed to death (believe it or not, I also have a financial
> > interest in
> > Boson/Quizware, but not anywhere near as much as I'd like :-) )
> > You can't
> > really blame Boson for their high prices because they have to
> > pay a
> > percentage to their authors. Plus, like you said, people have
> > been
> > brainwashed into believing that Boson is the only company out
> > there, which
> > allows Boson to charge higher prices.
> >
> > So, look around a little and take a chance on some of these
> > other companies.
> > Don't worry, no one is going to yell at you for spending less
> > money on
> > certification materials :-) I'm just trying to save people some
> > money while
> > at the same time hoping that I make a little, as well!
> >
> > Shawn K.
> >
> > > -Original Message-
> > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 01, 2002 8:28 PM
> > > To:   [EMAIL PROTECTED]
> > > Subject:  RE: switching exam [7:43038]
> > >
> > > Boson worked well for me too, but I hardly consider $40
> > expensive
> > > especially
> > > given the cost of others.
> > >
> > > Jon
> > >
> > > -Original Message-
> > > From: Adam Hickey [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 01, 2002 4:22 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: switching exam [7:43038]
> > >
> > > I don't think I could have gotten through my tests without
> > Boson's help -
> > > other than being expensive, what is wrong with them? I don't
> > think I see a
> > > cult here but I do see the proven track record and the
> > quality name Boson
> > > has developed for themselves. High price is a direct result
> > of high demand
> > > -
> > > simple economics.
> > >
> > >
> > >
> > > Adam Hickey
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > > - Original Message -
> > > From: "Kaminski, Shawn G"
> > > To:
> > > Sent: Wednesday, May 01, 2002 3:31 PM
> > > Subject: RE: switching exam [7:43038]
> > >
> > >
> > > > Please, people, snap out of the Boson trance. I can't take
> > it anymore.
> > > :-)
> > > I
> > > > just had a discussion with Paul Borghese a few days ago
> > about how Boson
> > > > always gets through the filters but other vendors don't.
> > Hopefully, that
> > > > will change soon and we'll start to see better and less
> > expensive
> > > options
> > > > come through the list without being filtered. In fact, I
> > wonder if this
> > > will
> > > > make it through the filter since I'm saying something "bad"
> > about the
> > > Boson
> > > > cult? :-)
> > > >
> > > > Please proceed with flaming, ragging, name calling, tar and
> > feathering,
> > > etc.
> > > > However, one of these days you'll thank me from preventing
> > you from
> > > getting
> > > > that Boson tattoo on your chest ( on the ankle for the
> > ladies) :-)
> > > >
> > > > If you're up for an argument, please email me offline :-)
> > > >
> > > > Shawn K.
> > > >
> > > > > -Original Message-
> > > > > From: NetEng [SMTP:[EMAIL PROTECTED]]
> > > > > Sent: Wednesday, May 01, 2002 5:18 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: switching exam [7:43038]
> > > > >
> > > > > just took that switching exam: 79 ?'s, 90 minutes and 699
> > to pass.
> > > pretty
> > > > > easy test, boson's were great as usual.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43190&t=43038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[DAve Diaz]

old news btw ccie lab has 2500's the slowest performing router but allt he 
money you guys pay hasn't been enough to enable any sort of upgrade so you 
better study it,

Dave


>From: "Persio Pucci" 
>Reply-To: "Persio Pucci" 
>To: [EMAIL PROTECTED]
>Subject: Re: Building a Cisco Lab [7:43072]
>Date: Thu, 2 May 2002 18:28:49 -0400
>
>By the way...
>
>I don't know if it is old news (I think not), but I just read at Cisco that
>the 2500 has reached it's End Of Sales. (excluding the AS models).
>
>More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml
>
>Cheers for this elder soldier of telecommunications, it deserves the
>resting. :)
>
>Persio
>
>- Original Message -
>From: "CiscoB"
>To:
>Sent: Thursday, May 02, 2002 5:04 PM
>Subject: Re: Building a Cisco Lab [7:43072]
>
>
> > Wayne,
> >
> > Ive had nothing but problems with 4000 series modular routers.  So many
> > problems, in fact, that I've stopped selling them.  Too many hardware
> > failures.  Stick with the 2500 series
> >
> > thanks,
> > -Brad Ellis
> > CCIE#5796 (R&S / Security)
> > [EMAIL PROTECTED]
> > Cisco home labs:  www.optsys.net
> > ""Wayne Jang""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I see, the token ring version is in less demand and you won't be using
>the
> > > ethernet/token ring anyway.
> > >
> > > But what about those AGS+ routers.  I saw one on ebay for $100.  It 
>had
>8
> > > serial ports.  What's the drawback to using that for a frame switch?
> > >
> > >
> > >
> > > ""Wayne Jang""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > I'm thinking about buying a 2520 as a frame router.
> > > >
> > > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912
>switch.
> > > >
> > > > Is getting the 2520 a good way to spend my very limited funds?
> > > >
> > > > Wayne
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43179&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Howard C. Berkowitz]

>Wayne,
>
>Ive had nothing but problems with 4000 series modular routers.  So many
>problems, in fact, that I've stopped selling them.  Too many hardware
>failures.  Stick with the 2500 series
>
>thanks,
>-Brad Ellis
>CCIE#5796 (R&S / Security)
>[EMAIL PROTECTED]
>Cisco home labs:  www.optsys.net

Brad,

I don't doubt your current experience is accurate, but I'm curious. 
When I was on the road teaching Cisco courses, the 2500's seemed to 
fail more than the 4000's. Probably the most persistent 4000 problem 
was one of the ports failing on the dual-Ethernet module.

Is there any pattern to what you are seeing?  I'm wondering if it's 
just a mechanical problem with wear on the slot modules, or something 
else that's aging.

Howard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43180&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT exam [7:43100]

[adam lee]

I just took the exam today after studying for about 30 hours using the cisco
press book and the course material.  It wasn't that hard but it wasn't that
easy because some of the wording got me.

Considering what I studied, I expected more in different areas.  Oh, well, a
pass is a pass.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 3:54 AM
To: [EMAIL PROTECTED]
Subject: CIT exam [7:43100]


I have taken the router, switching and remote access exams, and am about to
take the support exam.  I have heard from some that the CIT exam is the
easiest and I have heard from others that it is one of the hardest.  I would
like to get the boards perspective on this.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43189&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route science [7:43131]

[Howard C. Berkowitz]

At 12:07 PM -0400 5/2/02, sam sneed wrote:
>I received a newsletter about a product that looks interesting. It costs
>$99,000 though. Has anyone heard any good this about this supposed
>breakthrough technology.
>
>http://www.networkcomputing.com/1305/1305sp1.html
>
>I am curious to see if htis is just a hyped up product or a viable solution.

I wish there were a simple answer, but products of this type, 
BGP-oriented lod balancers for the enterprise side, may be great 
under some circumstances, neutral in others, and make matters worse 
in yet others.  There's some smart technology involved in this and 
several similar problems.

These products have to make certain assumptions about route 
stability, how much load shifts from provider to provider, etc., 
which may or may not hold at a given time, or if the Internet routing 
system grows in yet another new manner.

If you are having BGP load control issues with conventional routing, 
your first step is probably to discuss it with senior engineers at 
your ISPs, and/or get a qualified consultant to see if your 
conventional BGP can be tweaked acceptably.  You're certainly going 
to want good, solid statistics collection to see if any solution is 
working.

Obviously, it's cheaper if you don't have to buy new gear, but it 
also requires you to have some knowledgeable routing engineers 
in-house or under reliable contract. The routescience and related 
products may be an alternative if you don't.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43188&t=43131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2504s for sale [7:43187]

[2504s]

I have the following equipment for sale from my  Lab study for ISDN.

Best offer, buyer pays shipping.  If you live in Toronto, these can be
delivered.

2 Cisco 2504  (TR, 2 Serial, ISDN)
1 IBM 8228 MAU
2 Token Ring NIC
Cables




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43187&t=43187
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Test [7:43186]

[Ali, Abbas]

Test email




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43186&t=43186
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Howard C. Berkowitz]

At 6:28 PM -0400 5/2/02, Persio Pucci wrote:
>By the way...
>
>I don't know if it is old news (I think not), but I just read at Cisco that
>the 2500 has reached it's End Of Sales. (excluding the AS models).
>
>More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml
>
>Cheers for this elder soldier of telecommunications, it deserves the
>resting. :)
>
>Persio

The Queen Mum and the 2500, all too close together.

Will there be some sort of formal funeral in San Jose?   Perhaps a 
riderless horse with backward cables in the stirrups?  Jets overhead 
in the "missing packet" formation?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43185&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: switching exam [7:43038]

[Kaminski, Shawn G]

Tim is actually right. Everything you need to pass these exams is free on
Cisco's website. The only problem is that the site is so huge, you don't
know where to start!

Shawn K. 

> -Original Message-
> From: timothy thielen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 02, 2002 3:02 PM
> To:   [EMAIL PROTECTED]
> Subject:  RE: switching exam [7:43038]
> 
> You people spend MONEY on certification prep materials?  I'm sorry.  :-)
> 
> --Tim
> 
> Kaminski, Shawn G wrote:
> > 
> > It's sad, the true signs of brainwashing :-) 
> > 
> > I never said anything was wrong with them. The proven track
> > record comes
> > from the fact that they've done a great job marketing their
> > products. Boson
> > has quality products, BUT, BUT, BUT, as I've mentioned before,
> > there are
> > other companies out there that offer materials that are just as
> > good if not
> > better than Boson and the prices are about 80% cheaper. I would
> > mention the
> > companies, but I have a financial interest in these companies
> > and I'd get
> > flamed to death (believe it or not, I also have a financial
> > interest in
> > Boson/Quizware, but not anywhere near as much as I'd like :-) )
> > You can't
> > really blame Boson for their high prices because they have to
> > pay a
> > percentage to their authors. Plus, like you said, people have
> > been
> > brainwashed into believing that Boson is the only company out
> > there, which
> > allows Boson to charge higher prices. 
> > 
> > So, look around a little and take a chance on some of these
> > other companies.
> > Don't worry, no one is going to yell at you for spending less
> > money on
> > certification materials :-) I'm just trying to save people some
> > money while
> > at the same time hoping that I make a little, as well!
> > 
> > Shawn K.
> > 
> > > -Original Message-
> > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 01, 2002 8:28 PM
> > > To:   [EMAIL PROTECTED]
> > > Subject:  RE: switching exam [7:43038]
> > > 
> > > Boson worked well for me too, but I hardly consider $40
> > expensive
> > > especially
> > > given the cost of others.
> > > 
> > > Jon
> > > 
> > > -Original Message-
> > > From: Adam Hickey [mailto:[EMAIL PROTECTED]] 
> > > Sent: Wednesday, May 01, 2002 4:22 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: switching exam [7:43038]
> > > 
> > > I don't think I could have gotten through my tests without
> > Boson's help -
> > > other than being expensive, what is wrong with them? I don't
> > think I see a
> > > cult here but I do see the proven track record and the
> > quality name Boson
> > > has developed for themselves. High price is a direct result
> > of high demand
> > > -
> > > simple economics.
> > > 
> > > 
> > > 
> > > Adam Hickey
> > > [EMAIL PROTECTED]
> > > 
> > > 
> > > 
> > > - Original Message -
> > > From: "Kaminski, Shawn G" 
> > > To: 
> > > Sent: Wednesday, May 01, 2002 3:31 PM
> > > Subject: RE: switching exam [7:43038]
> > > 
> > > 
> > > > Please, people, snap out of the Boson trance. I can't take
> > it anymore.
> > > :-)
> > > I
> > > > just had a discussion with Paul Borghese a few days ago
> > about how Boson
> > > > always gets through the filters but other vendors don't.
> > Hopefully, that
> > > > will change soon and we'll start to see better and less
> > expensive
> > > options
> > > > come through the list without being filtered. In fact, I
> > wonder if this
> > > will
> > > > make it through the filter since I'm saying something "bad"
> > about the
> > > Boson
> > > > cult? :-)
> > > >
> > > > Please proceed with flaming, ragging, name calling, tar and
> > feathering,
> > > etc.
> > > > However, one of these days you'll thank me from preventing
> > you from
> > > getting
> > > > that Boson tattoo on your chest ( on the ankle for the
> > ladies) :-)
> > > >
> > > > If you're up for an argument, please email me offline :-)
> > > >
> > > > Shawn K.
> > > >
> > > > > -Original Message-
> > > > > From: NetEng [SMTP:[EMAIL PROTECTED]]
> > > > > Sent: Wednesday, May 01, 2002 5:18 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: switching exam [7:43038]
> > > > >
> > > > > just took that switching exam: 79 ?'s, 90 minutes and 699
> > to pass.
> > > pretty
> > > > > easy test, boson's were great as usual.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43184&t=43038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Written Beta [7:43164]

[Kaminski, Shawn G]

What I found interesting about this exam was that I was able to go back to
previous questions. I can't remember if the 350-001 was like that. I wonder
if all the Cisco beta exams are like that? Another interesting thing was
that they had commands on this test that probably have been used only once
in the history of networking, and that one and only time was on this exam
:-)  I thought it was a good test to make people realize that anything
in the Cisco ISO is fair game on the one-day lab.

Shawn K. 

> -Original Message-
> From: Daniel Lafraia [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 02, 2002 4:28 PM
> To:   [EMAIL PROTECTED]
> Subject:  CCIE Written Beta [7:43164]
> 
> Hello,
> 
> I just took the new CCIE Written Beta test. That's really a very hard test
> (everything that we've been hearing about this test is true ). You
> have 180 minutes (I've used 179 minutes and a few seconds! YES, that's
> full
> 3 hours without going to the bathroom ) for 150 questions. It really
> seems that everything in networking is covered in this test. From some
> basic
> questions to the most complex questions about IPX, MPLS, VLAN, BGP, OSPF,
> EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping and
> Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels, IPSec
> and everything else you can think.
> 
> I didn't get any "type the command" type of question, altough you may find
> some questions like "what's the command that likely would fix this
> problem".
> Basically more than 60% of these questions have its own lab scenario.
> 
> For those who will take this test: Even though that's the new format
> (351-001), you really should take a look at the blueprint for the
> (350-001)
> before taking this test
> http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html
> 
> I've used Boson tests CCIE practice test #2, Caslow's book, Routing TCP/IP
> volume I and II, Halabi's book and a lot of reserch on cisco.com :)
> 
> Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result :)
> 
> cya
> Daniel Lafraia




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43183&t=43164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO 2600 NAT [7:43139]

[Ocsic]

is the service port 5080 started on the server  ?

""jc theard""   Hello all,
>
> I'm trying to configure NAT on a CISCO 2621. I managed to configure it
> basicaly but I want to use overloading and there is my problem.
> As shown below I try to specify a route to the right server for port 80
and
> port 5080. For the port 80, everythg is going well but I can't reach port
> 5080. Is there any thing to take into account for non-standard ports?
>
> "ip nat inside source static tcp 192.168.99.100 80 195.246.218.181 80"
> "ip nat inside source static tcp 192.168.99.102 5080 195.246.218.181 5080"
>
> Thank you for your help
>
> JC




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43182&t=43139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: To The Experts and Gurus [7:42996]

[Tom Lisa]

Theo,

I'm afraid that all PIL's are also Future CCGP's and therefore are
extremely adept at getting through any PIX or ACL.  They will also
generate numerous spams requesting information on how much longer
they have to wait before they can take the CCGP practical exam.
Learn to live with it. :)

Prof. Tom Lisa, CCAI, CCGP
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy



[EMAIL PROTECTED] wrote:

> Cool!!!
>
> Hey I just got married.  Do you know any CCMC- Cisco Certified Marriage
> Counselors?
>
> And for the parents-in-law...how do I config the PIX to deny them access?
>  How about an ACL or an ability to route their airplane to China when they
> come and visit?
>
> Thanks,
>
> Theo,
> CSS1, CCNP
>
> "Tom Lisa" 
> Sent by: [EMAIL PROTECTED]
> 05/02/2002 07:03 AM
> Please respond to "Tom Lisa"
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject:Re: To The Experts and Gurus [7:42996]
>
> John,
>
> I couldn't agree with you more.  In fact, I don't think you have gone far
> enough.  I would tar & feather all posters who fail to remain ON TOPIC!!
> Especially, those posts beginning with "I have a customer.!"  BTW, I
> am a CCGP (Cisco Certified Grand Parent) in child rearing and will be
> happy to provide you with all the advise you need.
>
> HTH,
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco ATC/Regional Networking Academy
> (P.S. Just kidding folks) :)
>
> John Neiberger wrote:
>
> > I've been noticing a growing trend on the list for several months now
> > and I'm hoping to start some discussion and perhaps alleviate this
> > particular issue.
> >
> > As everyone knows we have a fair number of true, guru-level experts
> > that participate in the list and provide a wealth of excellent
> > networking knowledge.  However, very often this isn't Cisco-specific and
> > as such is not of much value and it really seems to irritate other
> > members of the list who understand that the only topics worth studying
> > are Cisco-related.
> >
> > To make matters even worse, many of these so-called experts aren't even
> > Cisco certified!!  I was under the impression that to be a true expert
> > one must have attained the CCIE certification, or at least CCNP with
> > multiple specializations.  How can we trust your advice if you we don't
> > see those initials in your email sigs??
> >
> > Participation on the list by these sorts of experts, regardless of
> > there vast experience and knowledge, causes excessive distress to
> > certain list members.  In order to show more tolerance toward the easily
> > annoyed, perhaps we should consider only allowing CCIEs to answer posts.
> >  I'm sure others would agree that this would solve this problem.  We
> > must find a way to prune the non-certified from our ranks.
> >
> > Regards,
> >
> > John   advice unless you've passed some sort of parenting certification.
> > Thanks.)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43181&t=42996
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Wayne Jang]

Thanks Brad.  I'll consider your input.

""CiscoB""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Wayne,
>
> Ive had nothing but problems with 4000 series modular routers.  So many
> problems, in fact, that I've stopped selling them.  Too many hardware
> failures.  Stick with the 2500 series
>
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)
> [EMAIL PROTECTED]
> Cisco home labs:  www.optsys.net
> ""Wayne Jang""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I see, the token ring version is in less demand and you won't be using
the
> > ethernet/token ring anyway.
> >
> > But what about those AGS+ routers.  I saw one on ebay for $100.  It had
8
> > serial ports.  What's the drawback to using that for a frame switch?
> >
> >
> >
> > ""Wayne Jang""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I'm thinking about buying a 2520 as a frame router.
> > >
> > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912
switch.
> > >
> > > Is getting the 2520 a good way to spend my very limited funds?
> > >
> > > Wayne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43172&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Persio Pucci]

By the way...

I don't know if it is old news (I think not), but I just read at Cisco that
the 2500 has reached it's End Of Sales. (excluding the AS models).

More info @ http://www.cisco.com/warp/public/cc/pd/rt/2500/index.shtml

Cheers for this elder soldier of telecommunications, it deserves the
resting. :)

Persio

- Original Message -
From: "CiscoB" 
To: 
Sent: Thursday, May 02, 2002 5:04 PM
Subject: Re: Building a Cisco Lab [7:43072]


> Wayne,
>
> Ive had nothing but problems with 4000 series modular routers.  So many
> problems, in fact, that I've stopped selling them.  Too many hardware
> failures.  Stick with the 2500 series
>
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)
> [EMAIL PROTECTED]
> Cisco home labs:  www.optsys.net
> ""Wayne Jang""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I see, the token ring version is in less demand and you won't be using
the
> > ethernet/token ring anyway.
> >
> > But what about those AGS+ routers.  I saw one on ebay for $100.  It had
8
> > serial ports.  What's the drawback to using that for a frame switch?
> >
> >
> >
> > ""Wayne Jang""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I'm thinking about buying a 2520 as a frame router.
> > >
> > > I already have two 2501s, one 2502, one 1201 swtich, and a 1912
switch.
> > >
> > > Is getting the 2520 a good way to spend my very limited funds?
> > >
> > > Wayne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43167&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Running routing protocols on Windows [7:43124]

[Howard C. Berkowitz]

At 11:28 AM -0400 5/2/02, John Dorffler wrote:
>Does anybody know whether there is software available somewhere that lets
>you run IP routing protocols on a Windows computer? I know that Windows 2000
>supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something
>that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be
>useful if you needed to inject routes into a lab environment when a spare
>router is not available.
>
>Thank you,
>John Dorffler
>CCIE #6677

Let me answer a little indirectly.  I forget the name of it, but 
Microsoft does have a licensed port of Bay RS, which at least runs 
RIP and OSPF.  The Bay software does support BGP, but I don't know if 
Microsoft's implementation does.

If you're willing to use the PC with *NIX, you have some major 
alternatives. There is the Multithreaded Routing Toolkit (MRT) and 
old versions of GateD at www.merit.edu. There is GNU Zebra at 
www.zebra.org.   Last time I looked, these both supported RIP, OSPF, 
ISIS, and BGP. Might be some multicast.

There are commercial-grade versions of both:  see www.nexthop.com and 
www.ipinfusion.com.  These are apt to have more recent stuff such as 
traffic engineering extensions, MPLS, etc.

Most of the early development was on NetBSD, but you're pretty safe 
assuming they will run on Linux or FreeBSD.

Of the two, I most recently used Zebra, which has a command language 
more Cisco-like than GateD, which is Juniper-like (there's a fair bit 
of GateD tradition in JunOS heritage). At the time, Zebra's BGP was 
probably a little stranger than GateD, but both have pros and cons.

Merit also has something called BGPsim, which specifically generates 
BGP updates but is not a BGP routing process -- it lets you do 
things, however, such as generating bad routes or arbitrary AS paths.

I should be working with Zebra and BGPsim in the next couple of weeks 
to set up an Internet simulator, along with routers.  I'll have more 
recent data then.

-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43178&t=43124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Public BGP Peering [7:43175]

[Steven A. Ridder]

I am.  Get with me off line.

--

RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com


""Thomas Crowe""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is anyone on the list interested in setting up
> public BGP sessions, for training purposes?
>
>
> __
>
> Thomas Crowe
> Senior Systems Engineer / Senior Architect
> EMC Proven Master Architect
> CTS Professional Services - Atlanta
> __
>
> [GroupStudy.com removed an attachment of type text/x-vcard which had a
name
> of Thomas Crowe.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43177&t=43175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Definition of terms... Do you know the answer?? [7:43090]

[sam sneed]

I got cut off again!


> >The example is the following.
> >host1%> rsh host2 sort
>
> Your example just executes sort on host2. Why is that considered half
> closed and what is host2 sorting? I could see that there might be a case
> where you would tell another host to sort something and then you would
> consider yourself finished. But you might be waiting for feedback that the
> sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state
> and still receive a message that says the sort worked. Perhaps it's


the actual command was

host1#> rsh  host2 sort < datafile

where rsh copies datafile to the connection , and copies form the connection
to standard output. when EOF is reached on the input (datafile) host1
performs a half close on the TCP connection. the host2 sorts the file and
writes it to the TCP connection. host1 reads its end of the TCP connection,
copying the file to standard otuput (terminal).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43176&t=43090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Public BGP Peering [7:43175]

[Thomas Crowe]

Is anyone on the list interested in setting up 
public BGP sessions, for training purposes?


__

Thomas Crowe
Senior Systems Engineer / Senior Architect
EMC Proven Master Architect
CTS Professional Services - Atlanta
__ 

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of Thomas Crowe.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43175&t=43175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Definition of terms... Do you know the answer?? [7:43090]

[sam sneed]

> >The example is the following.
> >host1%> rsh host2 sort
>
> Your example just executes sort on host2. Why is that considered half
> closed and what is host2 sorting? I could see that there might be a case
> where you would tell another host to sort something and then you would
> consider yourself finished. But you might be waiting for feedback that the
> sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state
> and still receive a message that says the sort worked. Perhaps it's
> something like that.

I'm sorry the end of that command got cut off. The example was:

host1%> rsh host2 sort  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 01:44 PM 5/2/02, sam sneed wrote:
> >Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated.
> >Reading this post I get the assumption that data can not be sent sent in
> >either direction when a connection is half-closed.
>
> The RFC doesn't mention a "half-closed" state, but it does say that in the
> FIN-WAIT-1 state, a host can still receive data. FIN-WAIT-1 means this
side
> has sent a FIN and is awaiting an ACK and FIN from the other side. I
> suppose this could be called "half closed."
>
> >This contradicts what I
> >read in TCP/IP Ilustrated by stevens p.238-239. There he explains an
example
> >when a connection is half-closed and data is still sent to the side that
> >closed the connection.
> >
> >The example is the following.
> >host1%> rsh host2 sort
>
> Your example just executes sort on host2. Why is that considered half
> closed and what is host2 sorting? I could see that there might be a case
> where you would tell another host to sort something and then you would
> consider yourself finished. But you might be waiting for feedback that the
> sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state
> and still receive a message that says the sort worked. Perhaps it's
> something like that.
>
> Priscilla
>
> >wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > At 11:08 AM 5/2/02, Mark Odette II wrote:
> > > >Tamas- Thank you for your reply.
> > > >
> > > >Could you or anyone else explain in more indepth terms what is or
what
> > > >causes a Half-Closed TCP session??
> > >
> > > There are a number of states that a TCP connection can be in per the
RFC
> > > for TCP (793). "Half-closed" is not one of them, however... But my
guess
> >is
> > > that "half-closed" refers to the state that the RFC would call
> >"half-open."
> > > An established connection is said to be "half-open" if one of the
sides
> >has
> > > closed or aborted the connection at its end without the knowledge of
the
> > > other, or if the two ends of the connection have become desynchronized
> > > because of a crash.  Such connections will automatically become reset
if
> >an
> > > attempt is made to send data in either direction.
> > >
> > > Another possibility is that "half-closed" refers to one of the states
> that
> > > occurs at the normal end of a session:
> > >
> > > FIN-WAIT-1 - represents waiting for a connection termination request
from
> > > the remote TCP, or an acknowledgment of the connection termination
> request
> > > previously sent.
> > >
> > > FIN-WAIT-2 - represents waiting for a connection termination request
from
> > > the remote TCP.
> > >
> > > CLOSE-WAIT - represents waiting for a connection termination request
from
> > > the local user.
> > >
> > > CLOSING - represents waiting for a connection termination request
> > > acknowledgment from the remote TCP.
> > >
> > > These states (and the half-open state) should be temporary, but if
they
> > > aren't, then they can leave a host slightly vulnerable to attack. The
> host
> > > may use up resources that it really no longer needs.
> > >
> > > I know this is a lot of theory to throw at you, but hopefully it will
> > > relate somehow to your problem. ;-) For even more info about the TCP
> > > states, see RFC 793.
> > >
> > > Priscilla
> > >
> > >
> > >
> > > >Correct me if I'm wrong, but for the Connection Slot, this refers to
TCP
> > > >connections between two nodes, such as a Windows workstation running
an
> > > >application to connect to a Server Application Server, and the
> connectios
> > > >are between specific and random ports above 1024 simultaneously!?! Do
I
> > > >understand that correctly?
> > > >
> > > >
> > > >I'm sure our famous question is starting to surface in many folks'
> minds:
> > > >"What problem are you trying to solve?"
> > > >
> > > >That problem is with users on workstations at remote locations
> connecting
> >to
> > > >an application server (located at the other end of a PIX-to-PIX VPN
> >Tunnel
> > > >at the "main" office) and at random, they get disconnected from the
> > > >server... but Internet access continues to work at the same time.  In
> >short,
> > > >it appears that there is something happening with sessions across the
> VPN
> > > >tunnel for users that go idle for a varying window of time.  Just
> >yesterda

Re: Definition of terms... Do you know the answer?? [7:43090]

[Priscilla Oppenheimer]

At 01:44 PM 5/2/02, sam sneed wrote:
>Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated.
>Reading this post I get the assumption that data can not be sent sent in
>either direction when a connection is half-closed.

The RFC doesn't mention a "half-closed" state, but it does say that in the 
FIN-WAIT-1 state, a host can still receive data. FIN-WAIT-1 means this side 
has sent a FIN and is awaiting an ACK and FIN from the other side. I 
suppose this could be called "half closed."

>This contradicts what I
>read in TCP/IP Ilustrated by stevens p.238-239. There he explains an example
>when a connection is half-closed and data is still sent to the side that
>closed the connection.
>
>The example is the following.
>host1%> rsh host2 sort

Your example just executes sort on host2. Why is that considered half 
closed and what is host2 sorting? I could see that there might be a case 
where you would tell another host to sort something and then you would 
consider yourself finished. But you might be waiting for feedback that the 
sort actually worked. You could send a FIN and be in the FIN-WAIT-1 state 
and still receive a message that says the sort worked. Perhaps it's 
something like that.

Priscilla

>wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 11:08 AM 5/2/02, Mark Odette II wrote:
> > >Tamas- Thank you for your reply.
> > >
> > >Could you or anyone else explain in more indepth terms what is or what
> > >causes a Half-Closed TCP session??
> >
> > There are a number of states that a TCP connection can be in per the RFC
> > for TCP (793). "Half-closed" is not one of them, however... But my guess
>is
> > that "half-closed" refers to the state that the RFC would call
>"half-open."
> > An established connection is said to be "half-open" if one of the sides
>has
> > closed or aborted the connection at its end without the knowledge of the
> > other, or if the two ends of the connection have become desynchronized
> > because of a crash.  Such connections will automatically become reset if
>an
> > attempt is made to send data in either direction.
> >
> > Another possibility is that "half-closed" refers to one of the states
that
> > occurs at the normal end of a session:
> >
> > FIN-WAIT-1 - represents waiting for a connection termination request from
> > the remote TCP, or an acknowledgment of the connection termination
request
> > previously sent.
> >
> > FIN-WAIT-2 - represents waiting for a connection termination request from
> > the remote TCP.
> >
> > CLOSE-WAIT - represents waiting for a connection termination request from
> > the local user.
> >
> > CLOSING - represents waiting for a connection termination request
> > acknowledgment from the remote TCP.
> >
> > These states (and the half-open state) should be temporary, but if they
> > aren't, then they can leave a host slightly vulnerable to attack. The
host
> > may use up resources that it really no longer needs.
> >
> > I know this is a lot of theory to throw at you, but hopefully it will
> > relate somehow to your problem. ;-) For even more info about the TCP
> > states, see RFC 793.
> >
> > Priscilla
> >
> >
> >
> > >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP
> > >connections between two nodes, such as a Windows workstation running an
> > >application to connect to a Server Application Server, and the
connectios
> > >are between specific and random ports above 1024 simultaneously!?! Do I
> > >understand that correctly?
> > >
> > >
> > >I'm sure our famous question is starting to surface in many folks'
minds:
> > >"What problem are you trying to solve?"
> > >
> > >That problem is with users on workstations at remote locations
connecting
>to
> > >an application server (located at the other end of a PIX-to-PIX VPN
>Tunnel
> > >at the "main" office) and at random, they get disconnected from the
> > >server... but Internet access continues to work at the same time.  In
>short,
> > >it appears that there is something happening with sessions across the
VPN
> > >tunnel for users that go idle for a varying window of time.  Just
>yesterday,
> > >I was reported that at one of the remote locations (and there are 3,
>which
> > >all suffer the same exact problem), one user "worked straight through
>lunch,
> > >while everyone else who used the same application went to lunch.  End
>result
> > >was that the continuous worker did not get "kicked" out of the system,
>but
> > >all the other users that left the application open and when to lunch
>did."
> > >
> > >So, I'm trying to chase down what the issue might be, short of putting a
> > >Sniffer at the main location to see if I can identify the problem there.
>I
> > >suspect that there is something I need to adjust with the Timeout
>settings
> > >on the PIX, but did not want to make changes without understanding the
> > >pros/cons/implications of what I was doing.
> > >
> > >Unfortunately, the PIX Command Reference for 6.1, CCO, and most of
>Tamas's
> >

Re: 2 interesting questions on DLSW + [7:43041]

[Rahul Mehta]

according to my understanding , it applies ring-list.

Rahul Mehta

""William Lijewski""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have two questions about DLSW + that I could use some explainations for.
> I would greatly appreciate any feedback you may have.
>
> 1) When you are doing DLSW Lite across the Frame Relay why is it necessary
> to map the LLC2 across the frame when you are not using passthrough?  I
can
> undertand it when you do specify the passthrough command, but without it
I'm
> kind of confused?  (is it because there is no other mode of transport
across
> the frame since its encapsulating it in the frame packets)
>
> 2) Here is one that you will probably never get, but there are a couple of
> us trying to figure this one out and can't find any documentation on it.
> Okay, say you have the following lists set up for DLSW:
>
> dlsw ring-list 1 rings 1 2
> dlsw port-list 1 s0
> dlsw bgroup-list 1 bgroups 1 3
>
> and then you do a command:
>
> dlsw remote-peer 1 tcp 1.1.1.1
>
> Which list does it actually apply to the remote peer?  Does it apply all
of
> them?  The 1st one?  Anyone know for sure?
>
> Thanks and sorry for the rather long post.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43171&t=43041
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP question [7:43163]

[[EMAIL PROTECTED]]

Actually ISP2 will advertise ISP1's addresses for you, but 
you aren't just advertised as a block of addresses but as an AS.
As long as you have your AS from ARIN this is no problem.


-Original Message-
From: lafraia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 3:36 PM
To: cisco
Cc: lafraia
Subject: Re: BGP question [7:43163]


AFAIK, they couldn't. In this case you would have to apply for your own
independent range of addresses and ISP1 and ISP2 would have to advertise
these routes for you. In this case you would use communities, med, 
as_path
prepend and other stuff to influence the incoming traffic.

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Here's a question I can't seem to answer.  I came up with a scenario 
in my
> head, and now I can't find a solution.
>
> Example: I have a dual homed network via BGP.  I have ISP 1 and they 
give
me
> 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use 
the
> 209.x.x.x for my web servers, mail server, etc, and advertise that 
back
out
> to the Internet via ISP 1 (the ISP that assigned me the block) and in 
DNS.
> I'm assuming ISP 2 will not advertise that block for me, as it's ISP 
1's
> block.  So, now the whole world knows to get to me via ISP 1.  Then 
let's
> say ISP 1 goes down, how would the world know how to get to me, if 
they
only
> knew how to get to me Via ISP 1 and it's IP's?
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43170&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP question [7:43163]

[Peter van Oene]

If you don't advertise reachability, you aren't reachable.  You should 
however be able to get one ISP to allow the other to route its 
space.  Otherwise, you're looking at getting some PI space, multihoming to 
the same ISP, or using some load balancing tools to handle things via dns.

Pete


At 04:28 PM 5/2/2002 -0400, Steven A. Ridder wrote:
>Here's a question I can't seem to answer.  I came up with a scenario in my
>head, and now I can't find a solution.
>
>Example: I have a dual homed network via BGP.  I have ISP 1 and they give me
>209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use the
>209.x.x.x for my web servers, mail server, etc, and advertise that back out
>to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS.
>I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's
>block.  So, now the whole world knows to get to me via ISP 1.  Then let's
>say ISP 1 goes down, how would the world know how to get to me, if they only
>knew how to get to me Via ISP 1 and it's IP's?
>
>--
>RFC 1149 Compliant
>
>Get in my head:
>http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43169&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid Access-List/VLAN question [7:43128]

[Jay]

No, that's not the case.  If you think of it visually,

INTERNET->ROUTER->INTERFACE->ACL->LAN

Then you will see that the internet can still access the interface, and
it's address.  Because really, you are pinging the router, not the
interface or the LAN.

On Thu, 2002-05-02 at 14:22, Michael Williams wrote:
> Jay,
> 
> Thanks for your input.  But shouldn't ACL keep anything from other VLANs
> from even pinging the gateway IP of VLAN511?
> 
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43168&t=43128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP question [7:43163]

[John Neiberger]

In this scenario it wouldn't matter who assigned the addresses to you. 
You will be advertising those addresses via BGP to both ISPs, who in
turn should propagate those advertisements.  I believe there are
situations where ISP2 would need some sort of verification from ISP1
that it's okay to advertise that block but I'm not aware of the
details.

An interesting situation that can occur is when the ISP who assigned
your addresses doesn't advertise your specific addresses but instead
aggregates them.  Because the second ISP will be advertise a
more-specific match the whole world will try to reach you through ISP2. 
So, it's important to verify that all of your ISPs are advertising your
specific addresses.  

That's more than what you asked, but I've been rambling a lot lately. 


John

>>> "Steven A. Ridder"  5/2/02 2:28:04 PM >>>
Here's a question I can't seem to answer.  I came up with a scenario in
my
head, and now I can't find a solution.

Example: I have a dual homed network via BGP.  I have ISP 1 and they
give me
209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use
the
209.x.x.x for my web servers, mail server, etc, and advertise that back
out
to the Internet via ISP 1 (the ISP that assigned me the block) and in
DNS.
I'm assuming ISP 2 will not advertise that block for me, as it's ISP
1's
block.  So, now the whole world knows to get to me via ISP 1.  Then
let's
say ISP 1 goes down, how would the world know how to get to me, if they
only
knew how to get to me Via ISP 1 and it's IP's?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43166&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Beta [7:43164]

[Daniel Lafraia]

Hello,

I just took the new CCIE Written Beta test. That's really a very hard test
(everything that we've been hearing about this test is true ). You
have 180 minutes (I've used 179 minutes and a few seconds! YES, that's full
3 hours without going to the bathroom ) for 150 questions. It really
seems that everything in networking is covered in this test. From some basic
questions to the most complex questions about IPX, MPLS, VLAN, BGP, OSPF,
EIGRP, DLSw+, ATM, LANE, NAT, Queueing (all WFQ, RSVP, Traffic Shaping and
Load Balancing), VoIP, Frame Relay, ISDN, Token Ring, EtherChannels, IPSec
and everything else you can think.

I didn't get any "type the command" type of question, altough you may find
some questions like "what's the command that likely would fix this problem".
Basically more than 60% of these questions have its own lab scenario.

For those who will take this test: Even though that's the new format
(351-001), you really should take a look at the blueprint for the (350-001)
before taking this test
http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html

I've used Boson tests CCIE practice test #2, Caslow's book, Routing TCP/IP
volume I and II, Halabi's book and a lot of reserch on cisco.com :)

Well. I hope this helps! :) Now I have to wait 6-8 weeks for the result :)

cya
Daniel Lafraia




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43164&t=43164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP question [7:43163]

[Daniel Lafraia]

AFAIK, they couldn't. In this case you would have to apply for your own
independent range of addresses and ISP1 and ISP2 would have to advertise
these routes for you. In this case you would use communities, med, as_path
prepend and other stuff to influence the incoming traffic.

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Here's a question I can't seem to answer.  I came up with a scenario in my
> head, and now I can't find a solution.
>
> Example: I have a dual homed network via BGP.  I have ISP 1 and they give
me
> 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use the
> 209.x.x.x for my web servers, mail server, etc, and advertise that back
out
> to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS.
> I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's
> block.  So, now the whole world knows to get to me via ISP 1.  Then let's
> say ISP 1 goes down, how would the world know how to get to me, if they
only
> knew how to get to me Via ISP 1 and it's IP's?
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43165&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP question [7:43163]

[Steven A. Ridder]

Here's a question I can't seem to answer.  I came up with a scenario in my
head, and now I can't find a solution.

Example: I have a dual homed network via BGP.  I have ISP 1 and they give me
209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21.  Say I use the
209.x.x.x for my web servers, mail server, etc, and advertise that back out
to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS.
I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's
block.  So, now the whole world knows to get to me via ISP 1.  Then let's
say ISP 1 goes down, how would the world know how to get to me, if they only
knew how to get to me Via ISP 1 and it's IP's?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43163&t=43163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Urgent help Please! [7:43084]

[Howard C. Berkowitz]

At 12:19 AM -0400 5/2/02, [EMAIL PROTECTED] wrote:
>Hi ! All,
>
>Can any one please break this password?
>
>enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1
>
>Thanks in advance.
>
>===
>WARNING
>  This message may contain information that is confidential
>  and may be subject to the provisions of section 61A of the
>  Police Act 1958, which creates an offence to have unlawful
>  possession of Police documents. If you are not the
>  intended recipient of this message or have received
>  this message in error, you must not peruse, use, pass or
>  copy this message or any of its contents.
>
>  Also note, the views expressed in this message may not
>  necessarily reflect those of the New Zealand Police.
>

It would be extremely legally risky for anyone to break a password 
without knowing why it is to be broken, the requester has the 
authority, etc.

Since you are posting from an apparent government account, I suggest 
you contact the US Embassy and ask for the Legal Attache, who is an 
FBI agent.  The FBI does offer cryptanalytic support to law 
enforcement organizations.  It has a fair capability of its own, or 
may go to NSA when needed.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43161&t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP update-source question [7:43043]

[Daniel Lafraia]

That's the weird thing. I don't see it in the routing table even with a
route to the 4.4.4.0/30 network.

RouterB#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 2.2.2.1 to network 0.0.0.0

 102.0.0.0/25 is subnetted, 1 subnets
B   102.102.102.0 [20/0] via 2.2.2.1, 21:29:29
 103.0.0.0/25 is subnetted, 1 subnets
D EX103.103.103.0 [170/2297856] via 3.3.3.1, 21:29:47, Serial0
 2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D EX2.2.2.0/30 [170/2681856] via 3.3.3.1, 21:29:47, Serial0
D EX2.2.2.1/32 [170/2681856] via 3.3.3.1, 21:29:47, Serial0
 3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D   3.0.0.0/8 is a summary, 21:29:48, Null0
C   3.3.3.0/30 is directly connected, Serial0
 101.0.0.0/25 is subnetted, 1 subnets
B   101.101.101.0 [20/0] via 2.2.2.1, 21:29:29
 4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C   4.4.4.0/30 is directly connected, Serial1
C   4.4.4.2/32 is directly connected, Serial1
C192.168.254.0/24 is directly connected, Ethernet0
 104.0.0.0/25 is subnetted, 1 subnets
C   104.104.104.0 is directly connected, Loopback0
B*   0.0.0.0/0 [20/0] via 2.2.2.1, 21:29:30

RouterB#show ip bgp
BGP table version is 5, local router ID is 104.104.104.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*> 0.0.0.0  2.2.2.10 65000 i
* i101.101.101.0/25 5.5.5.2  0100  0 65000 i
*>  2.2.2.10 65000 i
* i102.102.102.0/25 5.5.5.2  0100  0 65000 i
*>  2.2.2.1  0 0 65000 i
*> 104.104.104.0/25 0.0.0.0  0 32768 i
* i105.105.105.0/25 4.4.4.2  0100  0 i



""Kane, Christopher A.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Wouldn't it be because the IP address you see in your BGP table is indeed
> the next-hop. If you instead look at a specific route "sh ip rou x.x.x.x"
I
> would think you would see the BGP neig as you have listed (loopback1's ip
> address) and then the router has to do a recursive-lookup to find out how
to
> get to that loopback address.
>
> -chris
>
> > -Original Message-
> > From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 01, 2002 6:12 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: BGP update-source question [7:43043]
> >
> >
> > Did you restart BGP?
> >
> > --
> >
> > RFC 1149 Compliant.
> > Get in my head:
> > http://sar.dynu.com
> >
> >
> > ""Daniel Lafraia""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hello,
> > >
> > > How come I see the interface address in the "show ip bgp" if I've
> > > specified an update-source for a neighbor?
> > >
> > > Thanks!
> > > Daniel
> > >
> > > Here is the config:
> > >
> > > RouterA
> > > interface Loopback0
> > >  ip address 105.105.105.1 255.255.255.128
> > > interface Loopback1
> > >  ip address 41.41.41.1 255.255.255.255
> > > interface Serial0
> > >  ip address 4.4.4.2 255.255.255.252
> > > router bgp 55000
> > >  no synchronization
> > >  network 105.105.105.0 mask 255.255.255.128
> > >  neighbor 4.4.4.1 remote-as 55000
> > >  neighbor 4.4.4.1 update-source Loopback1
> > >
> > > RouterB
> > > interface Loopback0
> > >  ip address 104.104.104.1 255.255.255.128
> > > interface Serial1
> > >  ip address 4.4.4.1 255.255.255.252
> > >  clockrate 64000
> > > router bgp 55000
> > >  network 104.104.104.0 mask 255.255.255.128
> > >  neighbor 4.4.4.2 remote-as 55000
> > >
> > > --
> > > Please ignore other updates, these are other stuff I have
> > in my lab :)
> > > --
> > >
> > > RouterA#show ip bgp
> > > BGP table version is 42, local router ID is 105.105.105.1
> > > Status codes: s suppressed, d damped, h history, * valid, >
> > best, i -
> > > internal
> > > Origin codes: i - IGP, e - EGP, ? - incomplete
> > >
> > >Network  Next Hop  Metric LocPrf Weight Path
> > > * i0.0.0.0  2.2.2.1 100  0 65000 i
> > > * i101.101.101.0/25 2.2.2.1 100  0 65000 i
> > > *>  5.5.5.20 0 65000 i
> > > * i102.102.

Re: Building a Cisco Lab [7:43072]

[CiscoB]

Wayne,

Ive had nothing but problems with 4000 series modular routers.  So many
problems, in fact, that I've stopped selling them.  Too many hardware
failures.  Stick with the 2500 series

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
[EMAIL PROTECTED]
Cisco home labs:  www.optsys.net
""Wayne Jang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I see, the token ring version is in less demand and you won't be using the
> ethernet/token ring anyway.
>
> But what about those AGS+ routers.  I saw one on ebay for $100.  It had 8
> serial ports.  What's the drawback to using that for a frame switch?
>
>
>
> ""Wayne Jang""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm thinking about buying a 2520 as a frame router.
> >
> > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch.
> >
> > Is getting the 2520 a good way to spend my very limited funds?
> >
> > Wayne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43134&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent help Please! [7:43084]

[timothy thielen]

I'm glad someone else feels that way.  Talk about opening yourself up for
trouble...

--Tim

Gragido,William wrote:
> 
> Members,
> 
> This is a problem.  I feel that is not only inappropriate for
> someone to
> solicit the aide of this board and its subscribers in order to
> crack
> passwords, its unethical and potentially illegal.  No offense
> Ravi, but this
> is unacceptable given to current state of legislation regarding
> Information
> Security.  Paul, its your call and as such, I will leave it to
> your
> discretion, however there are clear problems with this.
> 
> Regards,
> 
> Will Gragido
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of
> [EMAIL PROTECTED]
> Sent: Wednesday, May 01, 2002 11:19 PM
> To: [EMAIL PROTECTED]
> Subject: Urgent help Please! [7:43084]
> 
> 
> Hi ! All,
> 
> Can any one please break this password?
> 
> enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1
> 
> Thanks in advance.
> 
> ===
> WARNING
>  This message may contain information that is confidential
>  and may be subject to the provisions of section 61A of the
>  Police Act 1958, which creates an offence to have unlawful
>  possession of Police documents. If you are not the
>  intended recipient of this message or have received
>  this message in error, you must not peruse, use, pass or
>  copy this message or any of its contents.
> 
>  Also note, the views expressed in this message may not
>  necessarily reflect those of the New Zealand Police.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43155&t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Some free scenarios and tutorials (slight corr [7:43146]

[Mark Odette II]

Peter... if you are so concerned with SPAM, why do you use a Hotmail Account
to communicate on the Internet?!?!  You're not going to tell me that you
have successfully B!tched out the admins of the Hotmail servers for allowing
all that CRAP that shows up on a weekly (sometimes daily) basis about "how
to make $5000-$15000 a week with your own home business", or the annoying
porn solicitations that we are all flooded with regularly!

I know this is beside the point, but gimme a break! SPAM!?!

As far as CCBootCamp, or any of the others that were affiliated with such
offering systems..., I may be wrong, but I've been on reading this list for
two years now, and wise-cracks like you RAN them off, rather than them being
filtered.
Brad Ellis, Marc Russel, and several others used to get similar flack, and
now they simply don't participate anymore.  Go figure... someone like you
makes it even more difficult to weed through the search engine results to
find Human Oppinions on who has the most fair or greatest deal on Cisco
Certification prep materials... whether it's hardware for the "home lab", or
"paper practice labs", or racktime

Also, as far as credibility goes... there are PH.Ds out there that call
themselves Doctors... but that doesn't mean EVERY ONE OF THEM know Internal
Medicine or other Advanced Medical Science So, do you challenge them too
just because they call themselves Doctors!?!!
(note that this analogy is based on the principle that most "simple folk"
only think of the person they go to when they are ill when they hear the
term Doctor.)

There are many Network Engineers out there that have been in the industry
since probably before you took your first breath... and they have probably
had the opportunity to get certified in a VENDOR-SPECIFIC certification, but
chose not to... doesn't mean they don't know their Sh!t... just means they
didn't feel like wasting money on Career Politics.  They just now have to
deal with the Pointy-Haired bosses that think that just because the
young-buck with a number behind his name is better than himself because
young-buck is a "CCIE".  Total BS.

My mentor has been dealing with Cisco routers and switches since they first
came out... and he isn't a CCIE but he still knows his stuff.  He too
could teach others for monetary gain... but he just isn't interested he
has a pretty busy schedule as it is, and prefers the one-on-one approach.
This doesn't mean I'm going to put my cocky nose to the air and say, forget
you man... you're not a CCIE, so I'm going elswhere. (of course, I'd first
have to establish a cocky demeanor first, but you should DEFINITELY get the
point.)

Bottom line, please don't waste anymore bandwidth on this issue... and if
you still have such a thorn in your side Get the Damned number, come
back and show ALL of us a thing or to... and then you can feel all
Big-Man-on-Campus like.  Of course, with your current attitude, I doubt
anyone will listen but that's just MHO.

BTW, Howard, thanks for all the contributions you put forth on this
forum I for one really appreciate them.  There's nothing like free
knowledge for those who can barely afford to participate in this career
field.

Sincerely,
Mark Odette II
CCNA, .75%CCNP, MCSE 4.0/2000, A+ certified.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
JP
Sent: Wednesday, May 01, 2002 9:17 PM
To: [EMAIL PROTECTED]
Subject: Re: Some free scenarios and tutorials (slight correction)
[7:43066]


Peter,

- Original Message -
From: "Peter Rosenthal"
To:
Sent: Wednesday, May 01, 2002 11:11 AM
Subject: Re: Some free scenarios and tutorials (slight correction) [7:42985]

>
> Besides, who wants to read CCIE prep material from a guy that hasn't even
> passed the lab!  Howard does us all a favor and please go take the lab.
> You're so awesome with all your books and work on the IETF so it should be
a
> breeze.  No excuses!

I disagree with you on this comment. There are coaches and players. In order
to pass the lab you will have to know the stuff and be able to type it in
time, some people may just do feel comfortable under some pressure, I am not
saying this is the case for anyone for sure, but to me, not being a CCIE
just means not having that number, period.  You do not have to be a world
champion to coach your team to win it. I am not saying who claims to be a
coach is certainly capable of being a good one, but we just cannot logically
rule that out.



IMHO, the owner of the list owns the list. The owner has the freedom to give
some kind of privileges to anybody.



That said, I think no matter how much free stuff is in there, it is an
underestimation of people's intelligence claming that this kind of posting
is non-business related. People open mails everyday know this for sure.

Just my .02
Kent




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43146&t=43146
--
FAQ, list a

RE: VLANS [7:42932]

[Lee James]

Damian Rizzo is the vlan man. If he can't do it Noone can. Uh Rich. Mind if
i call you dick.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43159&t=42932
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: application-oriented network design [7:42933]

[Tom Scott]

"Howard C. Berkowitz" wrote:

> I've
> always found it a graphic challenge that telephony really has two
> communications paths:  the control/signaling path for call setup and
> the like, and the information transfer path.

Amen to that. Way back in the dark ages (early 1990's) I did
an FSM analysis of ISDN BRI UNI signaling. The first part of
the project was to gather and summarize the CCITT and ANSI
diagrams ( http://vedatel.com/Isdn/bri-uni-signaling.pdf ).
It was a straightforward exercise to diagram the D-channel
signaling (control plane). The only way I could get the data
plane (B channels) into the picture was to use a 3-D tool,
so I took the easy way out.  I refer you to the bottom
right-hand corner of the diagram where the B channels are
indicated. Talk about minimalism!

I think there's a reasonable way to approach this AVVID
diagramming.  I'll post when I've got a better grasp of the
situation (need to follow up on suggestions from Larry and
Priscilla).

BTW I'd like to cast my vote of confidence and appreciation for
your postings to this list. I'm unconcerned about what letters
you append or prepend to your name. It's knowledge I'm after
and I'm grateful to say that you share it in abundance.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43158&t=42933
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

looking for lab date swap [7:43157]

[Almazi Rashid]

Hi all..
I have lab date at RTP 23rd July,2002.I am looking for around 15th September
,2002.There is two seat you can get on 23rd July,2002 for swapping around
15th September.

Regards
Almazi M. Rashid

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of Almazi M. Rashid.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43157&t=43157
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: switching exam [7:43038]

[timothy thielen]

You people spend MONEY on certification prep materials?  I'm sorry.  :-)

--Tim

Kaminski, Shawn G wrote:
> 
> It's sad, the true signs of brainwashing :-) 
> 
> I never said anything was wrong with them. The proven track
> record comes
> from the fact that they've done a great job marketing their
> products. Boson
> has quality products, BUT, BUT, BUT, as I've mentioned before,
> there are
> other companies out there that offer materials that are just as
> good if not
> better than Boson and the prices are about 80% cheaper. I would
> mention the
> companies, but I have a financial interest in these companies
> and I'd get
> flamed to death (believe it or not, I also have a financial
> interest in
> Boson/Quizware, but not anywhere near as much as I'd like :-) )
> You can't
> really blame Boson for their high prices because they have to
> pay a
> percentage to their authors. Plus, like you said, people have
> been
> brainwashed into believing that Boson is the only company out
> there, which
> allows Boson to charge higher prices. 
> 
> So, look around a little and take a chance on some of these
> other companies.
> Don't worry, no one is going to yell at you for spending less
> money on
> certification materials :-) I'm just trying to save people some
> money while
> at the same time hoping that I make a little, as well!
> 
> Shawn K.
> 
> > -Original Message-
> > From:   Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]]
> > Sent:   Wednesday, May 01, 2002 8:28 PM
> > To: [EMAIL PROTECTED]
> > Subject:RE: switching exam [7:43038]
> > 
> > Boson worked well for me too, but I hardly consider $40
> expensive
> > especially
> > given the cost of others.
> > 
> > Jon
> > 
> > -Original Message-
> > From: Adam Hickey [mailto:[EMAIL PROTECTED]] 
> > Sent: Wednesday, May 01, 2002 4:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: switching exam [7:43038]
> > 
> > I don't think I could have gotten through my tests without
> Boson's help -
> > other than being expensive, what is wrong with them? I don't
> think I see a
> > cult here but I do see the proven track record and the
> quality name Boson
> > has developed for themselves. High price is a direct result
> of high demand
> > -
> > simple economics.
> > 
> > 
> > 
> > Adam Hickey
> > [EMAIL PROTECTED]
> > 
> > 
> > 
> > - Original Message -
> > From: "Kaminski, Shawn G" 
> > To: 
> > Sent: Wednesday, May 01, 2002 3:31 PM
> > Subject: RE: switching exam [7:43038]
> > 
> > 
> > > Please, people, snap out of the Boson trance. I can't take
> it anymore.
> > :-)
> > I
> > > just had a discussion with Paul Borghese a few days ago
> about how Boson
> > > always gets through the filters but other vendors don't.
> Hopefully, that
> > > will change soon and we'll start to see better and less
> expensive
> > options
> > > come through the list without being filtered. In fact, I
> wonder if this
> > will
> > > make it through the filter since I'm saying something "bad"
> about the
> > Boson
> > > cult? :-)
> > >
> > > Please proceed with flaming, ragging, name calling, tar and
> feathering,
> > etc.
> > > However, one of these days you'll thank me from preventing
> you from
> > getting
> > > that Boson tattoo on your chest ( on the ankle for the
> ladies) :-)
> > >
> > > If you're up for an argument, please email me offline :-)
> > >
> > > Shawn K.
> > >
> > > > -Original Message-
> > > > From: NetEng [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, May 01, 2002 5:18 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: switching exam [7:43038]
> > > >
> > > > just took that switching exam: 79 ?'s, 90 minutes and 699
> to pass.
> > pretty
> > > > easy test, boson's were great as usual.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43156&t=43038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with access-list [7:43021]

[timothy thielen]

I don't think you can filter based on MAC with Ethernet...  There is a
technology in which you can, but I'm drawing a blank on what it was.  I
think it was Token Ring only or some such nonsense.  I think that it's
irrelevant, however, since it's still a router function and the switching
engine is still going to blissfully forward packets and ignore your
access-lists.

--Tim

Christian Fredrickson wrote:
> 
>IP standard access list
>   IP extended access list
> IP standard access list (expanded range)
> IP extended access list (expanded range)
> 
> Then is it possible to create an access list based on the host
> MAC address?
> 
> Chris
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 02, 2002 8:36 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Problem with access-list [7:43021]
> 
> 
> OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
> 
> Applying an access list to a switch is only going to limit
> access to and
> from your management interface.  Switched traffic through the
> switch is
> still switched traffic, and by and large, a switch doesn't ever
> look at IP
> information, thus wouldn't filter anything based on an IP
> address.
> 
> That would explain why you can't ping the host from the switch
> (I'd imagine
> you are getting a "Request Timed Out") but the traffic from the
> outside
> world still gets through.
> 
> Also,  What's up with the "2000" access list?  Would not an
> extended IP list
> be 100-199?
> 
> --Tim
> 
> Christian Fredrickson wrote:
> >
> > Running a Cisco switch 3548XL
> > Trying to block a specific IP address. The access-list looks
> > like:
> > (I substituted the IP addresses)
> > access-list 2000 deny   ip host ip_address any
> > access-list 2000 permit ip range.0 0.0.0.255 any
> > access-list 2000 deny   ip any any
> >
> > All ports on this switch belong to the same VLAN and all other
> > switches use
> > this switch to get to the upper layer switch and use that to
> > get to the
> > router. The vlan looks like:
> > (I substituted the IP addresses)
> > interface VLAN1
> >  description line
> >  ip address switch_ip 255.255.255.0
> >  ip access-group 2000 in
> >
> > But I can still ping the host from external addresses. Why is
> > this ACL not
> > working?
> >
> > Thank you all in advance.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43153&t=43021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid Access-List/VLAN question [7:43128]

[Michael Williams]

Jay,

Thanks for your input.  But shouldn't ACL keep anything from other VLANs
from even pinging the gateway IP of VLAN511?

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43152&t=43128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Content Switching and Keepalives [7:43141]

[sam sneed]

I have a pair of CS11152 in HA mode and we use HTTP for load balancing. In
my opinion if your are using ping to load balance it is a waste. The CSS's
are very capable and load balance HTTP very well. As far as load balancing
methods the engineer at TAC said to use round robin which is the deafult
scheme. I was using ACA, but the engineer said that should be only used for
the heaviest fo traffic sites so i recommend using round robin as well,
it'lll work better.

Here is a sample config:

service svc-w1.web
  ip address 172.16.10.100
  port 80
  keepalive type http
  keepalive method get
  keepalive uri "/http-ping.html"
  active

service svc-w2.web
  ip address 172.16.10.101
  port 80
  keepalive type http
  keepalive method get
  keepalive uri "/http-ping.html"
  active

content cnt-www.cobrand
protocol tcp
port 80
balance roundrobin  ##you really don;t need this line becuase
roundrobin is defaut.
url "/*"
add service svc-w1.web
add service svc-w2.web
vip address 192.168.133.100
active

hope this helps

""Patrick Donlon""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
>
> I have two web servers which are being load balanced behind a CSS, this
> is working fine. Currently we're using the default ICMP keepalive, this
> is OK if the failure is at this level but when the web services process
> is stopped by the DBA the CSS thinks it's up and running. I've seen the
> different options, tcp, http gets, etc, and would like to know anyone
> else's experience in what is the best balance over performance and
> detecting the lost of service
>
> Cheers
>
> Pat
>
>
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43149&t=43141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Definition of terms... Do you know the answer?? [7:43090]

[sam sneed]

Richard Stevens defines TCP Half CLose in his book TCP/IP Ilustrated.
Reading this post I get the assumption that data can not be sent sent in
either direction when a connection is half-closed. This contradicts what I
read in TCP/IP Ilustrated by stevens p.238-239. There he explains an example
when a connection is half-closed and data is still sent to the side that
closed the connection.

The example is the following.
host1%> rsh host2 sort  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 11:08 AM 5/2/02, Mark Odette II wrote:
> >Tamas- Thank you for your reply.
> >
> >Could you or anyone else explain in more indepth terms what is or what
> >causes a Half-Closed TCP session??
>
> There are a number of states that a TCP connection can be in per the RFC
> for TCP (793). "Half-closed" is not one of them, however... But my guess
is
> that "half-closed" refers to the state that the RFC would call
"half-open."
> An established connection is said to be "half-open" if one of the sides
has
> closed or aborted the connection at its end without the knowledge of the
> other, or if the two ends of the connection have become desynchronized
> because of a crash.  Such connections will automatically become reset if
an
> attempt is made to send data in either direction.
>
> Another possibility is that "half-closed" refers to one of the states that
> occurs at the normal end of a session:
>
> FIN-WAIT-1 - represents waiting for a connection termination request from
> the remote TCP, or an acknowledgment of the connection termination request
> previously sent.
>
> FIN-WAIT-2 - represents waiting for a connection termination request from
> the remote TCP.
>
> CLOSE-WAIT - represents waiting for a connection termination request from
> the local user.
>
> CLOSING - represents waiting for a connection termination request
> acknowledgment from the remote TCP.
>
> These states (and the half-open state) should be temporary, but if they
> aren't, then they can leave a host slightly vulnerable to attack. The host
> may use up resources that it really no longer needs.
>
> I know this is a lot of theory to throw at you, but hopefully it will
> relate somehow to your problem. ;-) For even more info about the TCP
> states, see RFC 793.
>
> Priscilla
>
>
>
> >Correct me if I'm wrong, but for the Connection Slot, this refers to TCP
> >connections between two nodes, such as a Windows workstation running an
> >application to connect to a Server Application Server, and the connectios
> >are between specific and random ports above 1024 simultaneously!?! Do I
> >understand that correctly?
> >
> >
> >I'm sure our famous question is starting to surface in many folks' minds:
> >"What problem are you trying to solve?"
> >
> >That problem is with users on workstations at remote locations connecting
to
> >an application server (located at the other end of a PIX-to-PIX VPN
Tunnel
> >at the "main" office) and at random, they get disconnected from the
> >server... but Internet access continues to work at the same time.  In
short,
> >it appears that there is something happening with sessions across the VPN
> >tunnel for users that go idle for a varying window of time.  Just
yesterday,
> >I was reported that at one of the remote locations (and there are 3,
which
> >all suffer the same exact problem), one user "worked straight through
lunch,
> >while everyone else who used the same application went to lunch.  End
result
> >was that the continuous worker did not get "kicked" out of the system,
but
> >all the other users that left the application open and when to lunch
did."
> >
> >So, I'm trying to chase down what the issue might be, short of putting a
> >Sniffer at the main location to see if I can identify the problem there.
I
> >suspect that there is something I need to adjust with the Timeout
settings
> >on the PIX, but did not want to make changes without understanding the
> >pros/cons/implications of what I was doing.
> >
> >Unfortunately, the PIX Command Reference for 6.1, CCO, and most of
Tamas's
> >explanation were exactly what I found, and nothing more Tamas, thank
you
> >for at least giving me a little more info!
> >
> >I even searched Google for a definition of "half-closed session", but got
no
> >definitiion hits... just lots of pages (mostly Cisco) mentioning the
phrase
> >amidst other topics. :(
> >
> >Any help is appreciated.
> >
> >Thanks
> >Mark
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >HORVATH TAMAS
> >Sent: Thursday, May 02, 2002 7:41 AM
> >To: [EMAIL PROTECTED]
> >Subject: RE: Definition of terms... Do you know the answer?? [7:43090]
> >
> >
> >Hi!
> >
> >timeout xlate: Idle time until a translation slot if freed.
> >
> >timeout conn: Idle time until a connection slot is freed.
> >
> >There is a distinction made between translated sessions (produced by nat,
> >global, static,  access-list, access-group commands)and connected
sesssions
> >when discussing

Re: Content Switching and Keepalives [7:43141]

[John Neiberger]

I see no reason not to use the http keepalive.  You can configure it to
grab some specific small object if you'd like to limit its impact.  We
just grab the our homepage and I haven't noticed a performance impact at
all.

HTH,
John

>>> "Patrick Donlon"  5/2/02 11:15:19 AM >>>
Hi All

I have two web servers which are being load balanced behind a CSS,
this
is working fine. Currently we're using the default ICMP keepalive,
this
is OK if the failure is at this level but when the web services
process
is stopped by the DBA the CSS thinks it's up and running. I've seen
the
different options, tcp, http gets, etc, and would like to know anyone
else's experience in what is the best balance over performance and
detecting the lost of service

Cheers

Pat


[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43147&t=43141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent help Please! [7:43084]

[Blair, Philip S]

Type 7 passwords are easily decrypted.  Type 5 (enable) are not.

If you have physical access to the box then you can perform password
recovery via the console, see the cisco website for the specifics for your
router.

If you have SNMP read/write access your can download the config, make the
change, then push it back.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 12:19 AM
To: [EMAIL PROTECTED]
Subject: Urgent help Please! [7:43084]


Hi ! All,

Can any one please break this password?

enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1

Thanks in advance.

===
WARNING
 This message may contain information that is confidential
 and may be subject to the provisions of section 61A of the
 Police Act 1958, which creates an offence to have unlawful
 possession of Police documents. If you are not the
 intended recipient of this message or have received
 this message in error, you must not peruse, use, pass or
 copy this message or any of its contents.

 Also note, the views expressed in this message may not
 necessarily reflect those of the New Zealand Police.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43129&t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Closing Ports Part 2 [7:43145]

[exchange]

I know blocking ports isn't really going to stop people who can tunnel
through via http or some other open ports.  Are there firewalls that
will look into specific traffic streams and drop connections that are
not really http sessions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43145&t=43145
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem with access-list [7:43021]

[MADMAN]

ip extended access-lists are 100-199,2000-2699

  I think Tim is correct, if your attempting to block pings between two
devices on the same VLAN your not going to do it on the router.

  Dave
timothy thielen wrote:
> 
> OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
> 
> Applying an access list to a switch is only going to limit access to and
> from your management interface.  Switched traffic through the switch is
> still switched traffic, and by and large, a switch doesn't ever look at IP
> information, thus wouldn't filter anything based on an IP address.
> 
> That would explain why you can't ping the host from the switch (I'd imagine
> you are getting a "Request Timed Out") but the traffic from the outside
> world still gets through.
> 
> Also,  What's up with the "2000" access list?  Would not an extended IP
list
> be 100-199?
> 
> --Tim
> 
> Christian Fredrickson wrote:
> >
> > Running a Cisco switch 3548XL
> > Trying to block a specific IP address. The access-list looks
> > like:
> > (I substituted the IP addresses)
> > access-list 2000 deny   ip host ip_address any
> > access-list 2000 permit ip range.0 0.0.0.255 any
> > access-list 2000 deny   ip any any
> >
> > All ports on this switch belong to the same VLAN and all other
> > switches use
> > this switch to get to the upper layer switch and use that to
> > get to the
> > router. The vlan looks like:
> > (I substituted the IP addresses)
> > interface VLAN1
> >  description line
> >  ip address switch_ip 255.255.255.0
> >  ip access-group 2000 in
> >
> > But I can still ping the host from external addresses. Why is
> > this ACL not
> > working?
> >
> > Thank you all in advance.
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43144&t=43021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX and AAA [7:42302]

[Patrick Donlon]

Thanks again for the replies everyone it worked just fine




Patrick Donlon wrote:

> Thanks for the replies, I only want to authenticate admininistrators on the
> PIX, will let you know how I get on
>
> Cheers
>
> Pat
>
> --
>
> email me on : [EMAIL PROTECTED]
>
> ""nrf""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > In such a situation, authorization would be achieved by writing a bunch
of
> > access-lists on the Pix.  Then, you designate those particular
> access-lists
> > within the radius server for individual users.  For example, let's say
you
> > have a user called billclinton, and you want to restrict his access to
> > certain websites.  So you write an access-list that does that, and then
in
> > his radius profile, you "call" that access-list.
> >
> > This works when you are doing straight authentication through the Pix
> > directly.  I have never tried it through a VPN.
> >
> >
> > ""Darren Mitchelmore""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > NRF.
> > >
> > > I am just about to setup a PIX 515 with the Cisco VPN client and the
ias
> (
> > > WIN2K RADIUS SERVER ). From my understanding the VPN client has a group
> > > login then the user will be prompted for a username/password that the
> > > PIX will pass to the IAS server using Radius. That will be
authenticated
> > > against the Win username / password database (used to be called SAM ??)
> on
> > > the IAS server.
> > >
> > > I believe that this is authentication. Not sure how authorisation is
> > > achieved. How do you tie in the access-list
> > > to that individual user ??
> > >
> > > Is this the setup you have got going ??
> > >
> > > Do you have any problems implementing it ??
> > >
> > > PS - I have setup PIXs before but only with simple policies...
> > >
> > > Best Regards,
> > > Darren M
> > >
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: nrf [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, April 24, 2002 3:57 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: PIX and AAA [7:42302]
> > > >
> > > > Well, actually, the Pix does support a very limited amount of Radius
> > > > authorization.  It's only for users going through the Pix, not
> > > > administrators of the Pix.  And the authorization 'capabilities' only
> > > > allow
> > > > you to invoke existing access-lists on the Pix for certain users, so,
> > like
> > > > I
> > > > said, it's very limited.  Still, the capability exists.
> > > >
> > > >
> >
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/mn
> > > > ga
> > > > cl.htm#xtocid10
> > > >
> > > >
> > > > ""Georg Pauwen""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Paul, Tim, Patrick,
> > > > >
> > > > > you guys are good ! You are right, I wasn4t specific enough in what
> I
> > > > said:
> > > > > PIX does support RADIUS, but it does NOT support RADIUS
> Authorization
> > :)
> > > > >
> > > > > Regards,
> > > > >
> > > > > Georg
> > > > >
> > > > >
> > > > > >From: "Paul Borghese"
> > > > > >To: "Georg Pauwen" ,
> > > > > >Subject: Re: PIX and AAA [7:42302]
> > > > > >Date: Tue, 23 Apr 2002 10:03:43 -0400
> > > > > >
> > > > > >The pix does support radius.  I am using it for a small client to
> > > > > >authenticate PPTP connections using the Microsoft 2000 Radius
> server.
> > > > > >
> > > > > >Paul Borghese
> > > > > >- Original Message -
> > > > > >From: "Georg Pauwen"
> > > > > >To:
> > > > > >Sent: Tuesday, April 23, 2002 7:16 AM
> > > > > >Subject: RE: PIX and AAA [7:42302]
> > > > > >
> > > > > >
> > > > > > > Hi Patrick,
> > > > > > >
> > > > > > > yes, aaa is fully supported on the PIX (remember, though, that
> the
> > > > PIX
> > > > > >does
> > > > > > > not support RADIUS). Follow this link for a command overview of
> > aaa
> > > > on
> > > > > >the
> > > > > > > PIX:
> > > > > > >
> > > > > > >
> > > > >
> > > >
> >
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/a
> > > > b.
> > > > h
> > > > > >tm#xtocid3
> > > > > > >
> > > > > > > Regards,
> > > > > > >
> > > > > > > Georg
> > > > > _
> > > > > Chat with friends online, try MSN Messenger:
> http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43143&t=42302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Definition of terms... Do you know the answer?? [7:43090]

[Priscilla Oppenheimer]

At 11:08 AM 5/2/02, Mark Odette II wrote:
>Tamas- Thank you for your reply.
>
>Could you or anyone else explain in more indepth terms what is or what
>causes a Half-Closed TCP session??

There are a number of states that a TCP connection can be in per the RFC 
for TCP (793). "Half-closed" is not one of them, however... But my guess is 
that "half-closed" refers to the state that the RFC would call "half-open." 
An established connection is said to be "half-open" if one of the sides has 
closed or aborted the connection at its end without the knowledge of the 
other, or if the two ends of the connection have become desynchronized 
because of a crash.  Such connections will automatically become reset if an 
attempt is made to send data in either direction.

Another possibility is that "half-closed" refers to one of the states that 
occurs at the normal end of a session:

FIN-WAIT-1 - represents waiting for a connection termination request from 
the remote TCP, or an acknowledgment of the connection termination request 
previously sent.

FIN-WAIT-2 - represents waiting for a connection termination request from 
the remote TCP.

CLOSE-WAIT - represents waiting for a connection termination request from 
the local user.

CLOSING - represents waiting for a connection termination request 
acknowledgment from the remote TCP.

These states (and the half-open state) should be temporary, but if they 
aren't, then they can leave a host slightly vulnerable to attack. The host 
may use up resources that it really no longer needs.

I know this is a lot of theory to throw at you, but hopefully it will 
relate somehow to your problem. ;-) For even more info about the TCP 
states, see RFC 793.

Priscilla



>Correct me if I'm wrong, but for the Connection Slot, this refers to TCP
>connections between two nodes, such as a Windows workstation running an
>application to connect to a Server Application Server, and the connectios
>are between specific and random ports above 1024 simultaneously!?! Do I
>understand that correctly?
>
>
>I'm sure our famous question is starting to surface in many folks' minds:
>"What problem are you trying to solve?"
>
>That problem is with users on workstations at remote locations connecting to
>an application server (located at the other end of a PIX-to-PIX VPN Tunnel
>at the "main" office) and at random, they get disconnected from the
>server... but Internet access continues to work at the same time.  In short,
>it appears that there is something happening with sessions across the VPN
>tunnel for users that go idle for a varying window of time.  Just yesterday,
>I was reported that at one of the remote locations (and there are 3, which
>all suffer the same exact problem), one user "worked straight through lunch,
>while everyone else who used the same application went to lunch.  End result
>was that the continuous worker did not get "kicked" out of the system, but
>all the other users that left the application open and when to lunch did."
>
>So, I'm trying to chase down what the issue might be, short of putting a
>Sniffer at the main location to see if I can identify the problem there.  I
>suspect that there is something I need to adjust with the Timeout settings
>on the PIX, but did not want to make changes without understanding the
>pros/cons/implications of what I was doing.
>
>Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's
>explanation were exactly what I found, and nothing more Tamas, thank you
>for at least giving me a little more info!
>
>I even searched Google for a definition of "half-closed session", but got no
>definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase
>amidst other topics. :(
>
>Any help is appreciated.
>
>Thanks
>Mark
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>HORVATH TAMAS
>Sent: Thursday, May 02, 2002 7:41 AM
>To: [EMAIL PROTECTED]
>Subject: RE: Definition of terms... Do you know the answer?? [7:43090]
>
>
>Hi!
>
>timeout xlate: Idle time until a translation slot if freed.
>
>timeout conn: Idle time until a connection slot is freed.
>
>There is a distinction made between translated sessions (produced by nat,
>global, static,  access-list, access-group commands)and connected sesssions
>when discussing the PIX firewall. Translations are at the IP layer,
>connections are at the transport layer. You cab have many connections open
>under one translation.
>
>timeout half-closed: Idle time until a TCP half-close connection is freed.
>
>timeout udp: Idle time until an UDP slot is freed.
>
>timeout rpc: Idle time until an UDP slot is freed.
>
>If a given slot has not been used for the idle time specified, the resource
>is returned to the free pool.
>
>So one purpose of these commands is resource management. Another purpose is
>to provide the 'Adaptive' part of the ASA, as the unused ports will be
>closed.
>
>Best regards,
>
> Tamas Horvath
> network en

Content Switching and Keepalives [7:43141]

[Patrick Donlon]

Hi All

I have two web servers which are being load balanced behind a CSS, this
is working fine. Currently we're using the default ICMP keepalive, this
is OK if the failure is at this level but when the web services process
is stopped by the DBA the CSS thinks it's up and running. I've seen the
different options, tcp, http gets, etc, and would like to know anyone
else's experience in what is the best balance over performance and
detecting the lost of service

Cheers

Pat


[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43141&t=43141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Definition of terms... Do you know the answer?? [7:43090]

[sam sneed]

TCP allows one end of a connection to to terminate its output while still
receiving data fromt he other end. One side can send a fin to close its side
of the connection and still receive data. The side that recieved the FIN to
close the connection can keep sending data. Only when it sends its FIN
packet and receives and ACK for this packet is connection totally closed.


""Mark Odette II""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Tamas- Thank you for your reply.
>
> Could you or anyone else explain in more indepth terms what is or what
> causes a Half-Closed TCP session??
>
> Correct me if I'm wrong, but for the Connection Slot, this refers to TCP
> connections between two nodes, such as a Windows workstation running an
> application to connect to a Server Application Server, and the connectios
> are between specific and random ports above 1024 simultaneously!?! Do I
> understand that correctly?
>
>
> I'm sure our famous question is starting to surface in many folks' minds:
> "What problem are you trying to solve?"
>
> That problem is with users on workstations at remote locations connecting
to
> an application server (located at the other end of a PIX-to-PIX VPN Tunnel
> at the "main" office) and at random, they get disconnected from the
> server... but Internet access continues to work at the same time.  In
short,
> it appears that there is something happening with sessions across the VPN
> tunnel for users that go idle for a varying window of time.  Just
yesterday,
> I was reported that at one of the remote locations (and there are 3, which
> all suffer the same exact problem), one user "worked straight through
lunch,
> while everyone else who used the same application went to lunch.  End
result
> was that the continuous worker did not get "kicked" out of the system, but
> all the other users that left the application open and when to lunch did."
>
> So, I'm trying to chase down what the issue might be, short of putting a
> Sniffer at the main location to see if I can identify the problem there.
I
> suspect that there is something I need to adjust with the Timeout settings
> on the PIX, but did not want to make changes without understanding the
> pros/cons/implications of what I was doing.
>
> Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's
> explanation were exactly what I found, and nothing more Tamas, thank
you
> for at least giving me a little more info!
>
> I even searched Google for a definition of "half-closed session", but got
no
> definitiion hits... just lots of pages (mostly Cisco) mentioning the
phrase
> amidst other topics. :(
>
> Any help is appreciated.
>
> Thanks
> Mark
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> HORVATH TAMAS
> Sent: Thursday, May 02, 2002 7:41 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Definition of terms... Do you know the answer?? [7:43090]
>
>
> Hi!
>
> timeout xlate: Idle time until a translation slot if freed.
>
> timeout conn: Idle time until a connection slot is freed.
>
> There is a distinction made between translated sessions (produced by nat,
> global, static,  access-list, access-group commands)and connected
sesssions
> when discussing the PIX firewall. Translations are at the IP layer,
> connections are at the transport layer. You cab have many connections open
> under one translation.
>
> timeout half-closed: Idle time until a TCP half-close connection is freed.
>
> timeout udp: Idle time until an UDP slot is freed.
>
> timeout rpc: Idle time until an UDP slot is freed.
>
> If a given slot has not been used for the idle time specified, the
resource
> is returned to the free pool.
>
> So one purpose of these commands is resource management. Another purpose
is
> to provide the 'Adaptive' part of the ASA, as the unused ports will be
> closed.
>
> Best regards,
>
> Tamas Horvath
> network engineer
> Tel.: +36 22/515-452,
> Fax: +36 22/327-532
> E-Mail: [EMAIL PROTECTED]
> Message-ID:
> From: Mark Odette II
> Reply-To: Mark Odette II
> To: [EMAIL PROTECTED]
> Subject: Definition of terms... Do you know the answer?? [7:43090]
> Date: Thu, 2 May 2002 07:29:44 +0200
> MIME-Version: 1.0
> X-Mailer: Internet Mail Service (5.5.2650.21)
> Content-Type: text/plain; charset="iso-8859-2"
>
> Folks, I've been trying to find the answer to a couple of questions I
have,
> and unfortunately, my patience is thin at the moment due to a really bad
> allergy attach, which in turn is making me barely be able to stay at the
> computer but I've got to solve a problem.
>
> So, could someone give me the low-down on what the following
terms/settings
> really mean in relation to TCP/UDP communications?
>
> These terms are related to settings on a Firewall (PIX or Router), and
> explanations relating to such would really help me understand their
> purpose/functionality.  Thanks in Advance!!
>
> timeout xlate
>
> timeo

RE: Problem with access-list [7:43021]

[timothy thielen]

well, that's a bit twisted.  :-)  I guess those 200 other IP access lists
were not enough?  I fear the router which can use them all and still somehow
forward packets.

I'm curious to find if I was correct on the other bit, though...  The access
list should only apply to the Management functions on the switch, right? 
Just because it's an IOS switch doesn't mean it has routing functions. 
Switched traffic would not be effected by an access list applied to the
switch.  It would only limit traffic from the specified host from, say,
telnetting into the sc0 (or keep pings from returning).  The rest of the
time, the switch will keep on passing traffic based on Layer 2 information,
and never pay attention to Layer 3.

--Tim, I so much want to be right on this... :-)


Marko Milivojevic wrote:
> 
> > Also,  What's up with the "2000" access list?  Would not an 
> > extended IP list
> > be 100-199?
> 
>   2000-2699 are also extended IP lists. Cisco calls them
> "expanded
> range" :-). Sort of reminds me of expanded and extended memory
> in DOS days
> ;-)
> 
> 
> Marko.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43137&t=43021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP update-source question [7:43043]

[Kane, Christopher A.]

Wouldn't it be because the IP address you see in your BGP table is indeed
the next-hop. If you instead look at a specific route "sh ip rou x.x.x.x" I
would think you would see the BGP neig as you have listed (loopback1's ip
address) and then the router has to do a recursive-lookup to find out how to
get to that loopback address.

-chris

> -Original Message-
> From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 01, 2002 6:12 PM
> To: [EMAIL PROTECTED]
> Subject: Re: BGP update-source question [7:43043]
> 
> 
> Did you restart BGP?
> 
> --
> 
> RFC 1149 Compliant.
> Get in my head:
> http://sar.dynu.com
> 
> 
> ""Daniel Lafraia""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello,
> >
> > How come I see the interface address in the "show ip bgp" if I've
> > specified an update-source for a neighbor?
> >
> > Thanks!
> > Daniel
> >
> > Here is the config:
> >
> > RouterA
> > interface Loopback0
> >  ip address 105.105.105.1 255.255.255.128
> > interface Loopback1
> >  ip address 41.41.41.1 255.255.255.255
> > interface Serial0
> >  ip address 4.4.4.2 255.255.255.252
> > router bgp 55000
> >  no synchronization
> >  network 105.105.105.0 mask 255.255.255.128
> >  neighbor 4.4.4.1 remote-as 55000
> >  neighbor 4.4.4.1 update-source Loopback1
> >
> > RouterB
> > interface Loopback0
> >  ip address 104.104.104.1 255.255.255.128
> > interface Serial1
> >  ip address 4.4.4.1 255.255.255.252
> >  clockrate 64000
> > router bgp 55000
> >  network 104.104.104.0 mask 255.255.255.128
> >  neighbor 4.4.4.2 remote-as 55000
> >
> > --
> > Please ignore other updates, these are other stuff I have 
> in my lab :)
> > --
> >
> > RouterA#show ip bgp
> > BGP table version is 42, local router ID is 105.105.105.1
> > Status codes: s suppressed, d damped, h history, * valid, > 
> best, i -
> > internal
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> >Network  Next Hop  Metric LocPrf Weight Path
> > * i0.0.0.0  2.2.2.1 100  0 65000 i
> > * i101.101.101.0/25 2.2.2.1 100  0 65000 i
> > *>  5.5.5.20 0 65000 i
> > * i102.102.102.0/25 2.2.2.10100  0 65000 i
> > *>  5.5.5.2  0 65000 i
> > *>i104.104.104.0/25 4.4.4.10100  0 i
> > *> 105.105.105.0/25 0.0.0.00 32768 i
> >
> > RouterB#sh ip bgp
> > BGP table version is 5, local router ID is 104.104.104.1
> > Status codes: s suppressed, d damped, h history, * valid, > 
> best, i -
> > internal
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> >Network  Next HopMetric LocPrf Weight Path
> > *> 0.0.0.0  2.2.2.10 65000 i
> > * i101.101.101.0/25 5.5.5.2  0100  0 65000 i
> > *>  2.2.2.10 65000 i
> > * i102.102.102.0/25 5.5.5.2  0100  0 65000 i
> > *>  2.2.2.1  0 0 65000 i
> > *> 104.104.104.0/25 0.0.0.0  0 32768 i
> > * i105.105.105.0/25 4.4.4.2  0100  0 i




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43138&t=43043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CISCO 2600 NAT [7:43139]

[jc theard]

Hello all,

I'm trying to configure NAT on a CISCO 2621. I managed to configure it
basicaly but I want to use overloading and there is my problem.
As shown below I try to specify a route to the right server for port 80 and
port 5080. For the port 80, everythg is going well but I can't reach port
5080. Is there any thing to take into account for non-standard ports?

"ip nat inside source static tcp 192.168.99.100 80 195.246.218.181 80"
"ip nat inside source static tcp 192.168.99.102 5080 195.246.218.181 5080"

Thank you for your help

JC


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43139&t=43139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with access-list [7:43021]

[Marko Milivojevic]

> Also,  What's up with the "2000" access list?  Would not an 
> extended IP list
> be 100-199?

2000-2699 are also extended IP lists. Cisco calls them "expanded
range" :-). Sort of reminds me of expanded and extended memory in DOS days
;-)


Marko.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43136&t=43021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid Access-List/VLAN question [7:43128]

[Jay]

If 10.51.1.1 is the only IP active on that subnet, then the traffic is
not being sourced from that network, thus rendering the ACL irrelevant. 
If, however, your host was connected to one of the ports on vlan 511,
you would not be able to communicate with the RSM past the ACL.

So, in other words, you are pinging from the other (open) side of the
ACL.

On Thu, 2002-05-02 at 11:43, Michael Williams wrote:
> Here's the deal... I have a 5500 with RSM with a few VLANs on it,
> each VLAN with an IP and the RSM is handling the routing for all VLANs. 
> I've got one VLAN in particular (511) that I'm experimenting with  I
> made the following access list:
> 
> Router#(config)access-list 10 deny any log
> 
> (I know this seems stupid because of the implicit deny, but I'm
> experimenting)
> 
> then applied this to VLAN 511:
> 
> Router#config t
> Router#(config)#int vlan 511
> Router#(config-if)#ip access-group 10 in
> Router#(config-if)#ip access-group 10 out
> 
> This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active
> in that subnet (10.51.1.0/24) as there are no devices setup yet.  I
> do have a port on that VLAN connected to another (Nortel) switch, so the
> VLAN511 interface shows up/up when you do a 'sh int vlan511'.
> 
> Here's my deal I'm in a different subnet a few hops away
> (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC
> shouldn't that access list deny all traffic coming in/out of that VLAN?!?! 
> I check the log file after pinging (that VLAN IP from my PC) and there's
> nothing...(note the log argument was used on the access-list)
> 
> I have a couple of 2500s with CSUs and crossover T1 cable, and I applied
the
> same access list to one of the serial interfaces, and when pinging from the
> other 2500, I get the expected timeouts...  So why wouldn't applying this
> access list to a VLAN interface on an RSM do the same thing and prevent me
> from pinging the IP on that VLAN interface?!?!?
> 
> Am I missing something?  Is there something different about how the ACLs
are
> applied to VLANs in an RSM as opposed to a physical interface on a router? 
> I'm not aware of any such differences...
> 
> Please feel free to humiliate and make fun me when telling me the simple
> something that I'm just not getting =)
> 
> TIA,
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43135&t=43128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE LAB Prep!!! [7:43055]

[Jason Lee]

Perhaps I didn't give you any details... we have
19xx,29xx,39xx,5500,6500,8500, and the GSR 12000 Gbs/r also have
1700's,26xx,3600,7200,VPN3001,IDS,Avvid,Pix 525. just on the cisco
side... please check out our web... www.ictp.com

regards,

Jason Lee


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43132&t=43055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN dial problem [7:43071]

[Blair, Philip S]

Can you share the config?

If you have only a group-async interface defined with the modem lines, you
may need to define a dialer intreface to pickup the ISDN calls.

Philip

-Original Message-
From: supernet [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 10:30 PM
To: [EMAIL PROTECTED]
Subject: ISDN dial problem [7:43071]


Hi Dear Friends,
 
We have a Cisco 5300 as RAS router. It has PRI and digital modems.
Regular modem users dial the number no problem, they can always get
connected. But ISDN users (Cisco 1604 router) couldn't make a
connection. On 1604 router, it says "carrier wait timeout". We suspect
that it's LEC problem but they insist everything is good on their side.
What seems to be the problem?
 
Thanks a lot.
 
Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43133&t=43071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route science [7:43131]

[sam sneed]

I received a newsletter about a product that looks interesting. It costs
$99,000 though. Has anyone heard any good this about this supposed
breakthrough technology.

http://www.networkcomputing.com/1305/1305sp1.html

I am curious to see if htis is just a hyped up product or a viable solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43131&t=43131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Running routing protocols on Windows [7:43124]

[John Dorffler]

Does anybody know whether there is software available somewhere that lets
you run IP routing protocols on a Windows computer? I know that Windows 2000
supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something
that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be
useful if you needed to inject routes into a lab environment when a spare
router is not available.

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43124&t=43124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT exam [7:43100]

[Brian Zeitz]

CIT was easy, I got a 950 the book is so straight forward (Cisco press).
But I think there are some wording mistakes. Routing was the hardest for
me because it was my first exam. Switching was interesting to me, so it
was not hard, but not easy. Then there was BCRAN. Hmmm. I thought I knew
everything they asked, but only walked away with an 890. However, I was
in panic mode for the whole exam. The most challenging thing about this
exam, was navigating the 30" command list on this 7" monitor on the 8088
they gave me. Then I had difficulty going back and forth to triple check
spelling. I am the type to make typos, I make tons of typos. Being the
paranoid type of person I am, I was sweating about the time. Most test I
get them done very quickly, the "you know it, or you don't" approach.
Computers cost 300$ now, would it kill the testing center to have a few
newer PCs. I alone have spent at least 2000$ in this one testing center
I go to. They take no pride in the testing center either, trash at the
stations, machines not started. Or at a "It is now safe to turn of your
computer" prompt. To make matters worse, the day I was going to take
BCRAN, I scheduled it for a Sunday at 7PM so I would have plenty of time
before the exam to gather thoughts. They call me at 9am, "Hello, could
you come in early to take your exam, we would like to go home early
tonight, we are closing the testing center early". I had to go in a
different time then I was scheduled for the exam. I could have made a
lot of trouble for them, but I just came in early and tried not to get
upset about it. If I wanted to,  I am sure I could get them in a lot of
trouble for this, but I am not the type to try to do that. Anyway, after
putting the pressure on myself, I finally got the CCNP now. I don't
think my employer recognizes what this certification is, but it's one
more step in the right direction. My plans are to work on the CSS1, but
I am going to spend a lot of time hands on with the 515 we just got in
and other actual equipment. I am taking some recovery time after this
series. 

Brian Zeitz MCSE,CCNP


-Original Message-
From: D. Tharp [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 02, 2002 9:34 AM
To: [EMAIL PROTECTED]
Subject: RE: CIT exam [7:43100]

This was the last exam I took to finish the CCNP and I found it easier
than
I expected.  It is helpful to take this exam last because it does have a
lot
of material learned in preparing for other exams.  To give you an
example I
only got a 780 on the routing exam (which I thought was the hardest) and
scored a 931 on the CIT.  I just think by the end of my studies I knew
much
more about the material and had a much greater understanding for it.  If
you
take this exam last, you should have a much better time with it.  Good
luck!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43126&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

A couple of clarifications [7:43127]

[Howard C. Berkowitz]

I hate to do anything to prolong this unpleasant thread, but a couple 
of facts really should be put out.

1. I was a regular poster on Groupstudy well before I had any business
relationship with either CertificationZone or Gett.  In both cases, I
was contacted by the CEO of each in response to what they had seen of
my posting patterns.

2. Gett and Groupstudy have not exchanged one cent.

3. Genium has never paid one cent to Gett, although I have a personal
contract
with them.  In the interest of rack time rentals, we do have a
partnership
to allow their authors to develop scenarios, and to give their
subscribers
convenient and discounted scenario access.

4. We have a similar relationship to IPexpert, although I receive no
compensation from Gett.

5. We are investigating other partner relationships.  Gettlab (a subsidiary
of Gett, which is an established consultancy and VAR, especially in
healthcare), has a business model of, if you will, selling razor blades
(rack time) rather than selling razors (scenarios). In our consultancy,
we do a good deal of open source work and prefer it. Open source
scenarios,
with value added support, is consistent with the way we've done things
for a long time.

6. Paul Borghese and I discussed my posts both regarding scenario design
and free scenarios with a very brief mention of a commercial service
being available. This was meant to be a community service, and by
community I include competitors potentially improving their scenarios.
I did some things recently such as running mini-classes on specific
scenarios, which seemed useful to a number of people, and I expect
to continue to do so.

7. I sometimes forget to attach my .sig, but I've never made a secret of
my affiliations.

8. I would invite anyone to look at the number of substantive, noncommercial
posts I have made to the list for several years.  One of the most vocal
recent critics made his first post on 4/30, and has not made ANY
technical
posts in this calendar year.

9. I'm not going to get into a challenge of what my qualifications are or are
not. I am perfectly happy to provide my resume to people with a
legitimate
interest. But as far as certain charges have been made, I suggest people
contact people I've worked with, such as Jeff Doyle, and ask that his
response be posted to the list. I can also document having worked with
some of the figures that I have been charged with not knowing.

I would much prefer that we get back to what I am told that Rodney 
King said after he became a landscaper:  "Can't we just get a lawn?" 
I intend to make contributions to this list as I have done.  Of 
course, there's a certain commercial interest, but I never expect to 
make a post relating to commercial materials that are not generally 
available to the public. But my major motivation is doing what I 
think any true professional does: "Pay it forward" with respect to my 
own mentors.
-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43127&t=43127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question on VPN [7:43110]

[Mark Odette II]

Anil,
If it is a Cisco Router or PIX Firewall that is being used at the main
office to separate the private network from the Internet, go do a search on
CCO for Static-Dynamic IPSEC Tunnel.

That should get you going in the right direction.

Good luck.
Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Anil Kumar
Sent: Thursday, May 02, 2002 8:12 AM
To: [EMAIL PROTECTED]
Subject: Question on VPN [7:43110]


Hi All,
Need a small clarifcation on VPN.

One of the customer is having a Lease Line connection to
Internet at the head office and they are having branch
offices at remote location.Since being a lease line they
have obtained static IP address from ISP.
The branch locations will be dialing into the local ISP and
all the times the remote locations will be getting dynamic
IP address. Since the customer want to have a secure
connection through VPN is it possible to attain and
establish a IPSEC VPN tunnel between a dialup connection
and the lease line router. If so please let me know how the
same can be attanied.

Thanks in advance.

Regards.. Anil Kumar.


=
Thanks & Regards

V Anil Kumar

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43122&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent help Please! [7:43084]

[Gragido,William]

Members,

This is a problem.  I feel that is not only inappropriate for someone to
solicit the aide of this board and its subscribers in order to crack
passwords, its unethical and potentially illegal.  No offense Ravi, but this
is unacceptable given to current state of legislation regarding Information
Security.  Paul, its your call and as such, I will leave it to your
discretion, however there are clear problems with this.

Regards,

Will Gragido

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 01, 2002 11:19 PM
To: [EMAIL PROTECTED]
Subject: Urgent help Please! [7:43084]


Hi ! All,

Can any one please break this password?

enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1

Thanks in advance.

===
WARNING
 This message may contain information that is confidential
 and may be subject to the provisions of section 61A of the
 Police Act 1958, which creates an offence to have unlawful
 possession of Police documents. If you are not the
 intended recipient of this message or have received
 this message in error, you must not peruse, use, pass or
 copy this message or any of its contents.

 Also note, the views expressed in this message may not
 necessarily reflect those of the New Zealand Police.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43118&t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Stupid Access-List/VLAN question [7:43128]

[Michael Williams]

Here's the deal... I have a 5500 with RSM with a few VLANs on it,
each VLAN with an IP and the RSM is handling the routing for all VLANs. 
I've got one VLAN in particular (511) that I'm experimenting with  I
made the following access list:

Router#(config)access-list 10 deny any log

(I know this seems stupid because of the implicit deny, but I'm
experimenting)

then applied this to VLAN 511:

Router#config t
Router#(config)#int vlan 511
Router#(config-if)#ip access-group 10 in
Router#(config-if)#ip access-group 10 out

This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active
in that subnet (10.51.1.0/24) as there are no devices setup yet.  I
do have a port on that VLAN connected to another (Nortel) switch, so the
VLAN511 interface shows up/up when you do a 'sh int vlan511'.

Here's my deal I'm in a different subnet a few hops away
(10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC
shouldn't that access list deny all traffic coming in/out of that VLAN?!?! 
I check the log file after pinging (that VLAN IP from my PC) and there's
nothing...(note the log argument was used on the access-list)

I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the
same access list to one of the serial interfaces, and when pinging from the
other 2500, I get the expected timeouts...  So why wouldn't applying this
access list to a VLAN interface on an RSM do the same thing and prevent me
from pinging the IP on that VLAN interface?!?!?

Am I missing something?  Is there something different about how the ACLs are
applied to VLANs in an RSM as opposed to a physical interface on a router? 
I'm not aware of any such differences...

Please feel free to humiliate and make fun me when telling me the simple
something that I'm just not getting =)

TIA,
Mike W.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43128&t=43128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Definition of terms... Do you know the answer?? [7:43090]

[Mark Odette II]

Tamas- Thank you for your reply.

Could you or anyone else explain in more indepth terms what is or what
causes a Half-Closed TCP session??

Correct me if I'm wrong, but for the Connection Slot, this refers to TCP
connections between two nodes, such as a Windows workstation running an
application to connect to a Server Application Server, and the connectios
are between specific and random ports above 1024 simultaneously!?! Do I
understand that correctly?


I'm sure our famous question is starting to surface in many folks' minds:
"What problem are you trying to solve?"

That problem is with users on workstations at remote locations connecting to
an application server (located at the other end of a PIX-to-PIX VPN Tunnel
at the "main" office) and at random, they get disconnected from the
server... but Internet access continues to work at the same time.  In short,
it appears that there is something happening with sessions across the VPN
tunnel for users that go idle for a varying window of time.  Just yesterday,
I was reported that at one of the remote locations (and there are 3, which
all suffer the same exact problem), one user "worked straight through lunch,
while everyone else who used the same application went to lunch.  End result
was that the continuous worker did not get "kicked" out of the system, but
all the other users that left the application open and when to lunch did."

So, I'm trying to chase down what the issue might be, short of putting a
Sniffer at the main location to see if I can identify the problem there.  I
suspect that there is something I need to adjust with the Timeout settings
on the PIX, but did not want to make changes without understanding the
pros/cons/implications of what I was doing.

Unfortunately, the PIX Command Reference for 6.1, CCO, and most of Tamas's
explanation were exactly what I found, and nothing more Tamas, thank you
for at least giving me a little more info!

I even searched Google for a definition of "half-closed session", but got no
definitiion hits... just lots of pages (mostly Cisco) mentioning the phrase
amidst other topics. :(

Any help is appreciated.

Thanks
Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
HORVATH TAMAS
Sent: Thursday, May 02, 2002 7:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Definition of terms... Do you know the answer?? [7:43090]


Hi!

timeout xlate: Idle time until a translation slot if freed.

timeout conn: Idle time until a connection slot is freed.

There is a distinction made between translated sessions (produced by nat,
global, static,  access-list, access-group commands)and connected sesssions
when discussing the PIX firewall. Translations are at the IP layer,
connections are at the transport layer. You cab have many connections open
under one translation.

timeout half-closed: Idle time until a TCP half-close connection is freed.

timeout udp: Idle time until an UDP slot is freed.

timeout rpc: Idle time until an UDP slot is freed.

If a given slot has not been used for the idle time specified, the resource
is returned to the free pool.

So one purpose of these commands is resource management. Another purpose is
to provide the 'Adaptive' part of the ASA, as the unused ports will be
closed.

Best regards,

Tamas Horvath
network engineer
Tel.: +36 22/515-452,
Fax: +36 22/327-532
E-Mail: [EMAIL PROTECTED]
Message-ID:
From: Mark Odette II
Reply-To: Mark Odette II
To: [EMAIL PROTECTED]
Subject: Definition of terms... Do you know the answer?? [7:43090]
Date: Thu, 2 May 2002 07:29:44 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-2"

Folks, I've been trying to find the answer to a couple of questions I have,
and unfortunately, my patience is thin at the moment due to a really bad
allergy attach, which in turn is making me barely be able to stay at the
computer but I've got to solve a problem.

So, could someone give me the low-down on what the following terms/settings
really mean in relation to TCP/UDP communications?

These terms are related to settings on a Firewall (PIX or Router), and
explanations relating to such would really help me understand their
purpose/functionality.  Thanks in Advance!!

timeout xlate

timeout conn

timeout half-closed

timeout udp

timeout rpc


I've got what I believe is a solid idea of what the first one, and perhaps
the second one covers... but someone formally explaining them all will make
me, and I'm sure many others benefit.

Thanks,
Mark




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43121&t=43090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Content engine question! [7:43101]

[Kent Hundley]

Go to

http://www.cisco.com/go/fn

and search for WCCP version 2

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Magdy H. Ibrahim
Sent: Thursday, May 02, 2002 4:19 AM
To: [EMAIL PROTECTED]
Subject: Content engine question! [7:43101]


Dear All,

I am studying this days on How to configure and implement Cisco Content
Engine590 on my network...
When I browsed Cisco online Guide I found the following regarding Router
configuration for HTTP traffice and WCCP version2.
I found the following:
"The router or switch must be running a version of IOS that supports the Web
Cache Communication Protocol (WCCP) Version 2."
My question is: How to know if the Router Or switch IOS supports the Web
Cache Communicatio Protocol (WCCP) Version2

Please Advice me

Regards,,

Magdy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43120&t=43101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ip route statement [7:43001]

[Blair, Philip S]

How a Null route can prevent a routing loop.

If you have, for example, 4 networks behind you router.

10.1.0.0\24
10.1.1.0\24
10.1.2.0\24
10.1.3.0\24

And to reduce the size of the routing tables in the upstream routers you
summarize those networks to one network.

10.1.0.0\26

and you have a default route point to the upstream router.

All is good, until you lose one of your networks.

Now you don't have 10.1.2.0\24 in your routing table, *&*^$#!
So you send it to the upstream router, your gateway of last resort.
The upstream router has your summary route so the packet is routed back to
you, %&^$^%^%*!
And around it goes...

In come the null route to save the day.
Add a null route to your summary address and when you have the route in your
routing table, more specific prefix, you route it accordingly.  However,
when a more specific route disappears packets destined to the missing route
will match the null route, thus stopping the loop.

Hope that explains at least one case.

Philip

-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 10:18 PM
To: [EMAIL PROTECTED]
Subject: Re: ip route statement [7:43001]


can you provide an example of what circumstance might require the use of a
null route to prevent a loop? My lack of imagination is preventing me from
deriving my own example.




""Ladrach, Daniel E.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The Null interface is typically used for preventing routing loops.
>
> Daniel Ladrach
> CCNA, CCNP
> WorldCom
>
>
> > -Original Message-
> > From: Stanfast Preye [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 01, 2002 2:34 PM
> > To: [EMAIL PROTECTED]
> > Subject: ip route statement [7:43001]
> >
> >
> > Dear Group,
> >
> > Why is it necessary to configure all routers in a network
> > with "ip route
> > xxx.xxx.xxx.xxx null 0" statement before implementing
> > migrating to a new IP
> > address scheme and DHCP service in the network.
> >
> > Somebody please help
> >
> > Regards,
> >
> > Preye.
> >
> >
> >
> >
> >
> >
> >
> > -
> > Do You Yahoo!?
> > Yahoo! Tax Center - online filing with TurboTax




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43123&t=43001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CLNS ? [7:43125]

[Miguel Mitras]

Hi
Can anybody answer this vague question; on the Cisco website it says that
that CLNS OSI is withdrawn from the lab exam. Does this mean that one can
still expect to be tested on CLNS for IP?
Cheers



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43125&t=43125
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question on VPN [7:43110]

[Kent Hundley]

This is possible in a number of different ways, but it really depends on
what VPN hardware and software you will be using, which you didn't specify.

If it's a cisco router to cisco router implementation, you can find an
example here:

http://www.cisco.com/warp/public/707/ios_804.html

If your talking about using client VPN software, nearly all VPN clients have
the option to use a combination of a shared secret key and a userid/password
combo for authentication, not IP address, so again it should not be a
problem.

You can find information on many Cisco security topics such as VPN by doing
a search on CCO for "security tips".

HTH,
Kent


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Anil Kumar
Sent: Thursday, May 02, 2002 6:12 AM
To: [EMAIL PROTECTED]
Subject: Question on VPN [7:43110]


Hi All,
Need a small clarifcation on VPN.

One of the customer is having a Lease Line connection to
Internet at the head office and they are having branch
offices at remote location.Since being a lease line they
have obtained static IP address from ISP.
The branch locations will be dialing into the local ISP and
all the times the remote locations will be getting dynamic
IP address. Since the customer want to have a secure
connection through VPN is it possible to attain and
establish a IPSEC VPN tunnel between a dialup connection
and the lease line router. If so please let me know how the
same can be attanied.

Thanks in advance.

Regards.. Anil Kumar.


=
Thanks & Regards

V Anil Kumar

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43119&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco related ebooks for the Palm m500 [7:43112]

[Ben Lovegrove]

Can anyone recommend a source of Cisco related ebooks for the Palm m500? 
Free, or to purchase?

 

TIA

Ben Lovegrove, CCNP

Redspan Solutions Ltd Web: www.redspan.com & www.bensbookmarks.com Tel:
+44 (0)2392 492010 Fax: +44 (0)870 460 2156 Email: [EMAIL PROTECTED]
Cisco hardware, software, accessories, and certification tips



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43112&t=43112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with access-list [7:43021]

[timothy thielen]

OK, I'm not an all-powerful CCIE, but I'll take a stab at this.

Applying an access list to a switch is only going to limit access to and
from your management interface.  Switched traffic through the switch is
still switched traffic, and by and large, a switch doesn't ever look at IP
information, thus wouldn't filter anything based on an IP address.

That would explain why you can't ping the host from the switch (I'd imagine
you are getting a "Request Timed Out") but the traffic from the outside
world still gets through.

Also,  What's up with the "2000" access list?  Would not an extended IP list
be 100-199?

--Tim

Christian Fredrickson wrote:
> 
> Running a Cisco switch 3548XL
> Trying to block a specific IP address. The access-list looks
> like:
> (I substituted the IP addresses)
> access-list 2000 deny   ip host ip_address any
> access-list 2000 permit ip range.0 0.0.0.255 any
> access-list 2000 deny   ip any any
> 
> All ports on this switch belong to the same VLAN and all other
> switches use
> this switch to get to the upper layer switch and use that to
> get to the
> router. The vlan looks like:
> (I substituted the IP addresses)
> interface VLAN1
>  description line
>  ip address switch_ip 255.255.255.0
>  ip access-group 2000 in
> 
> But I can still ping the host from external addresses. Why is
> this ACL not
> working?
> 
> Thank you all in advance.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43117&t=43021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Wayne Jang]

I see, the token ring version is in less demand and you won't be using the
ethernet/token ring anyway.

But what about those AGS+ routers.  I saw one on ebay for $100.  It had 8
serial ports.  What's the drawback to using that for a frame switch?



""Wayne Jang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm thinking about buying a 2520 as a frame router.
>
> I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch.
>
> Is getting the 2520 a good way to spend my very limited funds?
>
> Wayne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43075&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: To The Experts and Gurus [7:42996]

[Brian Zeitz]

Knowing what to areas to study for a certification and knowing
day-to-day real life scenarios are two different things. A CCIE could
just study what is needed for the test, but there is no human being that
knows everything about every area of networking, its impossible. Take
any 2 people in networking; each will know something the other doesn't.

Don't even post that garbage here. That wasn't a joke. If you don't like
the list, get off of it. You are trying to antagonize people. If you are
not posting helpful information, then just keep your lame post to
yourself. You don't know everything so be quiet.

Never mind about CCIE, I think ignorant people who post junk like this
shouldn't be allowed to post. 

Thanks to all of your helpful people in the group. This is a great
group, and its an invaluable tool to some of us. I really hope we can
avoid the sour grapes posts, and direct those people to there own
newsgroups. Or we could start a newgroups for them
sourgrapes@ciscostudy.


Brian Zeitz MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43115&t=42996
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question on VPN [7:43110]

[[EMAIL PROTECTED]]

Hi Anil,

This is the normal scnario of vpn..You can configure your internet router
at the head office  with IKE nad IPSec Policies and also you can create the
ip Pool on the internet router of the head office to assign IP addresses to
ur branch offices.With the IPsec client on the branch office you can conect
first to your local ISP and then establish the VPN connection to your head
office internet router.

Kind Regards /Thangavel

186K
Reading,Brkshire
Direct No   -0118 9064259
Mobile No  -07796292416
Post code: RG16LH
www.186k.co.uk

--
The greatest glory in living lies not in never falling,
 but in rising every time we fall ."
 -- Nelson Mandela




   

"Anil
Kumar"
   
cc:
Sent by: Fax
to:
nobody@groupsSubject: Question on VPN
[7:43110]
   
tudy.com
   

   

   
02/05/2002
   
14:12
   
Please
respond
to
"Anil
Kumar"
   

   





Hi All,
Need a small clarifcation on VPN.

One of the customer is having a Lease Line connection to
Internet at the head office and they are having branch
offices at remote location.Since being a lease line they
have obtained static IP address from ISP.
The branch locations will be dialing into the local ISP and
all the times the remote locations will be getting dynamic
IP address. Since the customer want to have a secure
connection through VPN is it possible to attain and
establish a IPSEC VPN tunnel between a dialup connection
and the lease line router. If so please let me know how the
same can be attanied.

Thanks in advance.

Regards.. Anil Kumar.


=
Thanks & Regards

V Anil Kumar

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
**
This e-mail is from 186k Ltd and is intended only for the 
addressee named above. As this e-mail may contain confidential
or priveleged information, if you are not the named addressee or
the person responsible for delivering the message to the named 
addressee, please advise the sender by return e-mail. The
contents should not be disclosed to any other person nor copies
taken.
186k Ltd is a Lattice Group company, registered in England 
& Wales No. 3751494 Registered Office 130 Jermyn Street 
London SW1Y 4UR
**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43114&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question on VPN [7:43110]

[Craig Columbus]

Yes.  However, the central site can never establish the tunnel since it has 
no way of knowing the remote peer IP address.

Craig


At 09:12 AM 5/2/2002 -0400, you wrote:
>Hi All,
>Need a small clarifcation on VPN.
>
>One of the customer is having a Lease Line connection to
>Internet at the head office and they are having branch
>offices at remote location.Since being a lease line they
>have obtained static IP address from ISP.
>The branch locations will be dialing into the local ISP and
>all the times the remote locations will be getting dynamic
>IP address. Since the customer want to have a secure
>connection through VPN is it possible to attain and
>establish a IPSEC VPN tunnel between a dialup connection
>and the lease line router. If so please let me know how the
>same can be attanied.
>
>Thanks in advance.
>
>Regards.. Anil Kumar.
>
>
>=
>Thanks & Regards
>
>V Anil Kumar
>
>__
>Do You Yahoo!?
>Yahoo! Health - your guide to health and wellness
>http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43113&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT exam [7:43100]

[D. Tharp]

This was the last exam I took to finish the CCNP and I found it easier than
I expected.  It is helpful to take this exam last because it does have a lot
of material learned in preparing for other exams.  To give you an example I
only got a 780 on the routing exam (which I thought was the hardest) and
scored a 931 on the CIT.  I just think by the end of my studies I knew much
more about the material and had a much greater understanding for it.  If you
take this exam last, you should have a much better time with it.  Good luck!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43111&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT exam [7:43100]

[Tom Scott]

Steven Pilkerton wrote:

> I have taken the router, switching and remote access exams, and am about to
> take the support exam.  I have heard from some that the CIT exam is the
> easiest and I have heard from others that it is one of the hardest.  I
would
> like to get the boards perspective on this.  Thanks.

If the CIT certification exam is anything like Semester 8 of the Cisco
Academy program,
it won't be the easiest. The experience of others in my class is the same.

The only course and certification exam that was difficult up to this point
was routing
(BSCN / Semester 5). The reason the CIT material has been difficult is that
it requires
comprehensive knowledge of all three areas (routing, switching, remote
access), and it
adds another dimension, troubleshooting methodology and tools, to the mix.
The tools we
used most often in the troubleshooting labs were native debug and show
diagnostics that
every router and switch has, although there were some exercises with
CiscoWorks,
protocol analysis and network monitoring.

I'm glad I took the course, as I've learned a systematic approach to the
defining of
symptoms and problems, gathering data, laying out the possible causes and
solutions of
the problems, action plans and execution, and documentation of the final
resolution.
Included in the methodology is the isolation of problems, layer by layer,
router by
router, interface by interface, link by link ("divide and conquer"). If
you're good at
native diagnostics (sho and debug), you've got a real advantage. For me it's
a
challenge. I'll be glad when it's over in a couple of weeks.

There's still the question, What is the certification exam like? I hope we
get an
answer. Specifically, I'd like to know how others would compare it to the
routing exam
in difficulty.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43109&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question on VPN [7:43110]

[Anil Kumar]

Hi All,
Need a small clarifcation on VPN.

One of the customer is having a Lease Line connection to
Internet at the head office and they are having branch
offices at remote location.Since being a lease line they
have obtained static IP address from ISP.
The branch locations will be dialing into the local ISP and
all the times the remote locations will be getting dynamic
IP address. Since the customer want to have a secure
connection through VPN is it possible to attain and
establish a IPSEC VPN tunnel between a dialup connection
and the lease line router. If so please let me know how the
same can be attanied.

Thanks in advance.

Regards.. Anil Kumar. 


=
Thanks & Regards

V Anil Kumar

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43110&t=43110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Building Cisco Content Networking Solutions Exam (CN 640-925) [7:43107]

[Jose A Rola]

Hi,

Can anyone recommend any training materials for this new exam, besides the
oficial course and the CCO?

Thanks

Josi Rola




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43107&t=43107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Content Networking [7:42898] -Reply [7:43108]

[Jose A Rola]

Hi Ron and everyone else,

I just found out about this new certification or should I say version of the
CCIP.

I am pursuing the CCIP and decided to do this as the elective exam.

I work for a telco that also provides content transport services for tv
broadcasters, mainly in SDH and ATM. We are starting to work with video
streaming (Broadcast quality) over IP and expect to do a technology pilot in
the beginning of next year.

Josi Rola




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43108&t=43108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Definition of terms... Do you know the answer?? [7:43090]

[HORVATH TAMAS]

Hi!

timeout xlate: Idle time until a translation slot if freed.

timeout conn: Idle time until a connection slot is freed.

There is a distinction made between translated sessions (produced by nat,
global, static,  access-list, access-group commands)and connected sesssions
when discussing the PIX firewall. Translations are at the IP layer,
connections are at the transport layer. You cab have many connections open
under one translation.

timeout half-closed: Idle time until a TCP half-close connection is freed.

timeout udp: Idle time until an UDP slot is freed.

timeout rpc: Idle time until an UDP slot is freed.

If a given slot has not been used for the idle time specified, the resource
is returned to the free pool.

So one purpose of these commands is resource management. Another purpose is
to provide the 'Adaptive' part of the ASA, as the unused ports will be
closed.

Best regards,

Tamas Horvath
network engineer
Tel.: +36 22/515-452,
Fax: +36 22/327-532
E-Mail: [EMAIL PROTECTED]
Message-ID: 
From: Mark Odette II 
Reply-To: Mark Odette II 
To: [EMAIL PROTECTED]
Subject: Definition of terms... Do you know the answer?? [7:43090]
Date: Thu, 2 May 2002 07:29:44 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-2"

Folks, I've been trying to find the answer to a couple of questions I have,
and unfortunately, my patience is thin at the moment due to a really bad
allergy attach, which in turn is making me barely be able to stay at the
computer but I've got to solve a problem.

So, could someone give me the low-down on what the following terms/settings
really mean in relation to TCP/UDP communications?

These terms are related to settings on a Firewall (PIX or Router), and
explanations relating to such would really help me understand their
purpose/functionality.  Thanks in Advance!!

timeout xlate

timeout conn

timeout half-closed

timeout udp

timeout rpc


I've got what I believe is a solid idea of what the first one, and perhaps
the second one covers... but someone formally explaining them all will make
me, and I'm sure many others benefit.

Thanks,
Mark




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43106&t=43090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip route statement [7:43001]

[Stanfast Preye]

Can it be used as a default-gateway for hosts in LANs when migrating from
one class of IP Address to another.
   Example:
   Host configuration (default-gateway=128.100.10.32)
   Router global configuration (ip route 128.100.10.32 null 0)
Can somebody explain how this works?
Kind regards,
Preye.
 
 
  Patrick Ramsey  wrote: I've never done this before... I've migrated
countless networks to new ip
schemes.

But you have not given us a whole lot of info to go by. check out this
link. Is this what you are trying to accomplish?

http://www.cisco.com/warp/public/105/52.html#subfirstone 

There are other reasons to route to null as well. What are your goals?

-Patrick

>>> "Stanfast Preye" 05/01/02 02:34PM >>>
Dear Group,

Why is it necessary to configure all routers in a network with "ip route
xxx.xxx.xxx.xxx null 0" statement before implementing migrating to a new IP
address scheme and DHCP service in the network.

Somebody please help

Regards,

Preye.







-
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
> Confidentiality Disclaimer 
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.


Do You Yahoo!?
Yahoo! Health - your guide to health and wellness




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43105&t=43001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT exam [7:43100]

[NIGEC Spar Enginers]

yes, in that shoe too,
anybody has an idea of what the exam is like.

cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43104&t=43100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent help Please! [7:43084]

[Bruce McNamara]

Way off topic here, but why did you need to do this?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43103&t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Building a Cisco Lab [7:43072]

[Wayne Jang]

I would be interested in purchasing the 4500M from you.  How can we proceed.

Wayne
""Brian""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I would say 2520 can be pricey.  You get 2 high speed ports, 2 low speed
> and 1 bri and 1 ethernet.
>
> for example, I sell 4500M's 32MB DRAM/16 Flash, 4 DTE/DCE cables, 1
> ethernet, 4 serial, for $600.00.  Thats cheaper than  you'll probably see
> a 2520 for, plus you get all the cables..  Sure the 2520 has 1 BRI, i can
> throw in 4 BRI interface module (NP-4B) for $50 extra.
>
> The 4500M is like a dragster next to the 2520, its a whole different world
> than the 4000/4000M.  It has a RISC processor.  4500M's are modular and
> can take FastEthernet and ATM interfaces.
>
> Just trying to be helpfull :)
>
> I have a small book I am publishing on the net, it will be on lab
> equipment selection and it goes into detail on frame relay switch
> selection.  should be done in about 30 days.
>
> Brian
>
>
>  On Wed, 1 May 2002, Wayne Jang wrote:
>
> > I'm thinking about buying a 2520 as a frame router.
> >
> > I already have two 2501s, one 2502, one 1201 swtich, and a 1912 switch.
> >
> > Is getting the 2520 a good way to spend my very limited funds?
> >
> > Wayne
> I'm buying / selling used CISCO gear!!
> email me for a quote
>
> Brian Feeny, CCIE #8036   Netjam, LLC
> [EMAIL PROTECTED] http://www.netjam.net
> VISA/MC/AMEX/COD   phone: 318-212-0245
> 30 day warranty   fax:   318-212-0246




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43102&t=43072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]