Re: CCIE written [7:43221]
there is no formula. However, you may remember, and should, with real life associations: a.. 000: 516 bytes (DDN 1822) a.. 001: 1500 bytes (Ethernet) a.. 010: 2052 bytes a.. 011: 4472 bytes (Token Ring, and Cisco maximum) -- baba Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have to remember them. Phil. Sharifi, Reza wrote: Hi, Can any body tell me is there is formula to figure out the maximum frame size in a RIF packet, or do I have to memorize all these numbers?. Thanks 000 516 001 1500 010 2052 011 4472 Do You Yahoo!? Get personalised at My Yahoo!. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43376t=43221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix load balance? [7:42974]
Hi, Do you have any URL on Cisco site which point on how to configure a CCS11 to provide a load balance to PIXes ? I tried looking at cisco.com but couldn`t find it. This URL is the closest that I found on Firewall load balance with CCS, but it doesn`t specifically says it is a PIX. http://www.cisco.com/warp/public/117/fw_load_balancing.html Thanks in advance - Original Message - From: Greene, Patrick To: Sent: Monday, May 06, 2002 9:03 AM Subject: RE: Pix load balance? [7:42974] Yes if you front-end them with a Cisco Content Switch...the CSS11000. It will also provide fault-tolerance. -Original Message- From: Patrick [mailto:[EMAIL PROTECTED]] Sent: Sun 5/5/2002 5:28 PM To: [EMAIL PROTECTED] Cc: Subject: Re: Pix load balance? [7:42974] No. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you load balance to pix firewalls? Has anyone done this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43379t=42974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Digital modems - software upgrade [7:43216]
Many thanksThat's exactly what I was after!!! Andrew -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: 03 May 2002 14:23 To: [EMAIL PROTECTED] Subject: Re: Digital modems - software upgrade [7:43216] After logging into CCO, from Cisco's main page, click Software Center, then click Access Software, then you'll see Cisco 3600 56Kbps MICA Modem Firmware. The only newer version than the one you have is 2910 which adds V.92 and V.44. http://www.cisco.com/pcgi-bin/tablebuild.pl/mica HTH, Mike W. Andrew Larkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I read that the digital modems can be software upgraded. I have a requirement for v.110 for GSM access. Does anyone have the URL where I can see what the most recent level of software is for these modems. I am battling to find this info on CCO I currently have: MICA-6DM Firmware: CP ver 2730 - 5/23/2001, SP ver 2730 - 5/23/2001. Thanks Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43378t=43216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Content Switching and Keepalives [7:43141]
Hi Dave I've not had chance to test the keepalive yet but I see you mention using head or get can depend on the page type. Can you explain further or do you have any links? Cheers Pat David Harrison wrote: This is correct. The domain name is not necessary. Since the CSS knows the ip address of the box it's watching it doesn't have to rely on a domain name to find the location of the server. However it is important that the css know the path to reach the reference page. I've used the following: service blah_blah ip address 10.1.1.1 keepalive frequency 8 keepalive type http keepalive uri /.reference/arrowpoint-keepalive.html active I usually use the default head method vs the get. Depends on whether the file you are watching is static or dynamic. Dave -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: Re: Content Switching and Keepalives [7:43141] I'm not positive about this but I don't believe you're supposed to include the domain name in the URI. We simply use 'keepalive uri /index.htm' and that works well. Give that a shot and see if it works for you. John Patrick Donlon 5/3/02 9:54:47 AM Hi I tested it and for some reason it didn't work, I configured the following on the service: keepalive port 81, keepalive method get, keepalive type http keepalive frequency 25, keepalive retry 25 keepalive uri www.blahblah.com/index.html I then activated the service (and re-activated it a few times just in case) Any thing obviously wrong and what should I check in the log cheers Pat Patrick Donlon wrote: Hi All I have two web servers which are being load balanced behind a CSS, this is working fine. Currently we're using the default ICMP keepalive, this is OK if the failure is at this level but when the web services process is stopped by the DBA the CSS thinks it's up and running. I've seen the different options, tcp, http gets, etc, and would like to know anyone else's experience in what is the best balance over performance and detecting the lost of service Cheers Pat [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43380t=43141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Modem auto-configuration [7:43381]
everyone, i think the answer is 1,2 and 3 but, the dump said, the answer is 1,2 and 4 am i wrong? when should modem auto-configuration mode be used? 1. To be able to configure a modem without sending modem configuration commands. 2. To configure modem devices that are no currently supported by Cisco 3. To allow for the auto-discovery of modems 4. To allow modem configuration commands to be sent through a termianl emulator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43381t=43381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Routing on Firewalls - ZebOS [7:43373]
At 1:22 AM -0400 5/6/02, Tarek Sabry wrote: Hi everyone I was wondering if anyone here ever had experience/expoure to a situation where you needed to run something like BGP on a firewall (PIX or CheckPoint). Are there any alternatives in addition to Zebra? I know there's some shareware and freeware but I'm interested in commercial, field-proven and supported products. If not then can anyone evaluate ZebOS for me or tell me if they know any organizations using it? The real nice thing about it is that it has a Cisco IOS interface, which is AWESOME! But my boss still needs some vendor verification before we include Zebra in any MPLS/VPN designs. Thanks a lot Tarek First, to answer your question directly, the same people that developed Zebra also have a commercial, supported version called IPinfusion (www.ipinfusion.com). The other alternative is commercial GateD from NextHop Technologies (www.nexthop.com). Native GateD command language is more Juniper- than Cisco-like, but there are ways to get much more Cisco like. Check with NextHop for details; I honestly don't remember which of the details are under NDA. There's a good deal more operational experience with GateD than IPinfusion. That being said, butting BGP on a firewall, IMNSHO, is a BAD idea. One of the basic ideas of firewalls is to put the minimal functionality on them that is necessary for the security function. Best practice is to front-end the firewall with routers, even splitting them into BGP and router-based security functions. Performance optimizations are different for routing and firewall platforms. Also, having an external router gives you better hardware protection against DoS attacks, and also avoids conduit problems for encrypted protocols not supported on the firewall. It's perfectly plausible, depending on your requirements, to have an external BGP router function that feeds a stateful firewall, an SSH or IPsec proxy, and another router function that passes encrypted tunnels. Three or four distinct functions, depending on whether you separate the router functions into different boxes. Some firewalls also may include an SSH or IPsec proxy. Neither IPinfusion nor GateD actually do the forwarding; they are routing protocol and RIB implementations. They rely on the underlying operating system and hardware for forwarding, generally expecting some flavor of UNIX (most commonly NetBSD, FreeBSD, and lately Linux). Having actually worked with these packages, I don't think you'd have a hope of integrating them unless you had access to the source code of the firewall. These routing software packages are really meant for manufacturers, not end users. I've worked with both in that context. Incidentally, don't take the assertion that a non-IOS routing package that claims to have CLI is fully compatible. Think about it. If it's not just a front end to IOS but an independent package, how can it have features that depend on Cisco software and hardware implementation? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43382t=43373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Traceroute [7:43327]
Hello Priscilla Thank you for 'shining the light'... it might well be 'the right' solution. Router RTR-AL - IOS is 11.3(11a). Router RTR-3 - IOS is 12.0(7). I will try to upgrade the IOS to 12.0 at least to see if this problem can be solved. will report the outcome. Kind regards Arjun Das Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43383t=43327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Modem auto-configuration [7:43381]
Comments inline. -Original Message- From: Ki Hyun Kim [mailto:[EMAIL PROTECTED]] Sent: 06 May 2002 11:23 To: [EMAIL PROTECTED] Subject: Modem auto-configuration [7:43381] everyone, i think the answer is 1,2 and 3 but, the dump said, the answer is 1,2 and 4 am i wrong? when should modem auto-configuration mode be used? 1. To be able to configure a modem without sending modem configuration commands. - definitely!! 2. To configure modem devices that are no currently supported by Cisco -sounds correct. As from what I remember, auto discovery will try various different settings , so this can work 3. To allow for the auto-discovery of modems - definitely 4. To allow modem configuration commands to be sent through a termianl emulator. - not sure Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43384t=43381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1720 IOS compatibility [7:43385]
Does anyone know if the 1700 series IP/ADSL IOS versions will run on a 1700 without ADSL? Does the ADSL version support WIC-1DSU-T1? I'm just curious because IP Plus/ADSL 56 software is MUCH cheaper than regular IP Plus 56. Thanks, Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43385t=43385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Traceroute [7:43327]
If SWITCH1 is a layer two device, then RTR-1 and RTR-3 should be on the same IPX Network (either 1c10 or 1100). Of course I could be misinterupting the ASCII art. Philip -Original Message- From: Arjun Das [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 4:55 AM To: [EMAIL PROTECTED] Subject: IPX Traceroute [7:43327] Dear Group Members, This is my first message please accept apologies for any mistakes. However, I seek help for the following problem. Here is the setup! IPX Network: 100 ---|--|--- | | RTR-1 RTR-AL / / |(1c10) / /| (1120)/ / SWITCH1 / / | / /(1210)| (1100) RTR-2 RTR-3 Problem: IPX routing is enabled on all the routers. I can ping (IPX) RTR-AL from RTR-3 but can not perform TRACEROUTE? Any help will be much appreciated? Output from ROUTER-3 (RTR-3) --- RTR-3# RTR-3#ping 100..0c3d.d1eb Translating 100..0c3d.d1eb Type escape sequence to abort. Sending 5, 100-byte IPX Novell Echoes to 100..0c3d.d1eb, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/44 ms RTR-3# RTR-3# RTR-3#traceroute ipx 100..0c3d.d1eb Type escape sequence to abort. Tracing the route to 100..0c3d.d1eb 0 * * * 1 * * * 2 * * * 3 * * * ... tracing the route using Diagnostic Requests 4 * * * RTR-3# __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43386t=43327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Traceroute [7:43327]
Hello Priscilla, I upgreaded the IOS of Router RTR_AL, and it worked. However I didn't upgrade the IOS of Router RTR_1. Listed below is the outcome of the 'traceroute ipx' from Router RTR_3. R3# trace ipx 100.000.0c3d.d1eb Tracing the route to 100.000.0c3d.d1eb 0 * * * 1 * * * 2 100.000.0c3d.d1eb 24 Msec 16 Msec 16 Msec R3# A million thanks Regards Arjun Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43387t=43327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Traceroute [7:43327]
Hello Philip, Apologies for such 'skewed' ASCII ART, it was not intended that way. A better image (well sort of) is provided at 'http://www.geocities.com/nerubaba/'. Well the problem is now solved, as suggested by Priscilla Oppenheimer - upgrade the IOS to a newer version. Once again a million thanks for the trouble taken to answer the post. Kind regards Arjun Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43388t=43327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1720 IOS compatibility [7:43385]
Check out www.cisco.com/go/fn This is a great tool for comparing IOS's and determining what your current IOS can run. Best Regards. BC- Craig Columbus wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know if the 1700 series IP/ADSL IOS versions will run on a 1700 without ADSL? Does the ADSL version support WIC-1DSU-T1? I'm just curious because IP Plus/ADSL 56 software is MUCH cheaper than regular IP Plus 56. Thanks, Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43389t=43385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Location of serial number for Cisco 6160 [7:43390]
Can anyone tell me where I can locate the serial number for a Cisco 6160? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43390t=43390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:43391]
Hi Ladies and Gentleman I am writing my written in less then two weeks. Help! Can anyone give me some Hints ;-) and inspiration, motivation all the good stuff. Your information is greatly appreciated. Thanks in advance! Regards, Sergio Silva Network Engineer Dimension Data Help Desk 011-7091026 This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies (Dimension Data). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43391t=43391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dot1q problem [7:43392]
Hi, We have two 6506 switches with MSFC cards. One is HSRP active router and the other standby, and these switches are connected to each other with trunk links. When we configure dot1q on these trunk links, both routers(MSFC cards) declare themselves as HSRP active router on Vlan1, and the devices connected to different switches on Vlan1 can not communicate with each other. I didn't see any problem on other Vlan's. When we configure ISL on these switches, everything works fine. Vlan 1 is the default vlan for these swiches and the trunk ports are the members of Vlan1. Any Ideas? Thanks, Bulent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43392t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dynamic Routing on Firewalls - ZebOS [7:43373]
Why don't you run BGP through the firewall? Firewalls are generally supposed to be transparent devices - why would you want to make it participate in routing? Just stick a router behind it and have it pass BGP through. No fuss, no muss, any vendor will work. Just my first take on the issue... --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43393t=43373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dot1q problem [7:43392]
The only issue I can think of in dot1q vs ISL is the native vlan. If the native vlan is set to something other than default (which is Vlan1) on one end of the trunk, and not on the other, then the 2 routers would not be on the same subnet and would behave the way you describe. One way to check this is to remove see if you can ping the real ip address of each router from the other while dot1q is up. If you can't than there must be something wrong with the trunk. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43395t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dot1q problem [7:43392]
See if this link helps your situation... http://www.cisco.com/warp/public/473/23.html --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43394t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dot1q problem [7:43392]
Is HSRP on on VLAN 1? B|lent Sahin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, We have two 6506 switches with MSFC cards. One is HSRP active router and the other standby, and these switches are connected to each other with trunk links. When we configure dot1q on these trunk links, both routers(MSFC cards) declare themselves as HSRP active router on Vlan1, and the devices connected to different switches on Vlan1 can not communicate with each other. I didn't see any problem on other Vlan's. When we configure ISL on these switches, everything works fine. Vlan 1 is the default vlan for these swiches and the trunk ports are the members of Vlan1. Any Ideas? Thanks, Bulent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43396t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:43391]
I'm taking it on the 17th of May. Best of luck to you! wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Ladies and Gentleman I am writing my written in less then two weeks. Help! Can anyone give me some Hints ;-) and inspiration, motivation all the good stuff. Your information is greatly appreciated. Thanks in advance! Regards, Sergio Silva Network Engineer Dimension Data Help Desk 011-7091026 This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies (Dimension Data). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43397t=43391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Code upgrade switch catalyst 1200 [7:43348]
Just curious, I have a 1201 and I just practiced making a copy of my nmp and dmp with TFTP server. Did you give your switch a IP address using the admin port? Than make sure you are plugged into a port with ethernet and make sure your laptop is on the same subnet. What software version are you upgrading to? I have 4.26. Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Which model switch is it? If it's running IOS then you simply need an IP on interface VLAN1. By defaults all ports are in VLAN1, but if you've changed it around, you need to make a port in VLAN1 and connect to it. If it's using the CatOS, then make sure you're plugging into a port (again) on VLAN1 since that's the default mgmt VLAN (i.e. can communicate with sc0) Mike W. Alexandre Carvalho wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Guys, I have a weird problem with upgrading my switch and I was wondering if somebody could help me out. My laptop is in the same subnet as the switch , but I cannot ping each other. I am running tftp server in my laptop so if I cannot ping I cannot upgrade it. I check the port where my laptop is connected and it says OK. Any ideas?? Laptop: 10.2.2.1 /16 Switch : 10.2.2.2 /16 Command used in the switch : set interface sc0 10.2.2.2 255.255.0.0 Thanks, Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43398t=43348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dynamic Routing on Firewalls - ZebOS [7:43373]
Howard I did look at GateD from NextHop before, but they are prohibitively expensive. That's why I was leaning more towards IPInfusion. Now the problem with the latter is that I don't know how dependable or field-proven they are. I totally agree with you about butting BGP on a firewall. There are many reason why one should not use a combination firewall/router. However, I am not doing any tunnels in this case. I am in a situation where I need to terminate eBGP sessions for MPLS VPN endpoints in numerous locations around the world. I'm not sure I understand your statement about having an external router gives [you] better hardware protection against DoS attacks, and also avoids conduit problems for encrypted protocols not supported on the firewall. Yes I thought it would only run on BSD. In fact I did use GateD in a manufactruing environment over FreeBSD. However, to my surprise, ZebOS runs on Sun Solaris too. I am running a demo license right now on Solaris with CheckPoint as a firewall. Things seem good, except for the fact that I have a problem with performance testing. Any ideas for testing firewalls? Any good tools? I also agree with you that maybe we shouldn't expect using the object code right out of the box and that having a CLI that looks like IOS is no guarantee for 100% compatibility. But again for the past week I was surprised about the high degree of compatibility and resemblence to Cisco to the extent that I started forgetting that I'm configuring a Unix box!! Thank you very much for your insightful thoughts. Tarek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Monday, May 06, 2002 5:27 AM To: [EMAIL PROTECTED] Subject: Re: Dynamic Routing on Firewalls - ZebOS [7:43373] At 1:22 AM -0400 5/6/02, Tarek Sabry wrote: Hi everyone I was wondering if anyone here ever had experience/expoure to a situation where you needed to run something like BGP on a firewall (PIX or CheckPoint). Are there any alternatives in addition to Zebra? I know there's some shareware and freeware but I'm interested in commercial, field-proven and supported products. If not then can anyone evaluate ZebOS for me or tell me if they know any organizations using it? The real nice thing about it is that it has a Cisco IOS interface, which is AWESOME! But my boss still needs some vendor verification before we include Zebra in any MPLS/VPN designs. Thanks a lot Tarek First, to answer your question directly, the same people that developed Zebra also have a commercial, supported version called IPinfusion (www.ipinfusion.com). The other alternative is commercial GateD from NextHop Technologies (www.nexthop.com). Native GateD command language is more Juniper- than Cisco-like, but there are ways to get much more Cisco like. Check with NextHop for details; I honestly don't remember which of the details are under NDA. There's a good deal more operational experience with GateD than IPinfusion. That being said, butting BGP on a firewall, IMNSHO, is a BAD idea. One of the basic ideas of firewalls is to put the minimal functionality on them that is necessary for the security function. Best practice is to front-end the firewall with routers, even splitting them into BGP and router-based security functions. Performance optimizations are different for routing and firewall platforms. Also, having an external router gives you better hardware protection against DoS attacks, and also avoids conduit problems for encrypted protocols not supported on the firewall. It's perfectly plausible, depending on your requirements, to have an external BGP router function that feeds a stateful firewall, an SSH or IPsec proxy, and another router function that passes encrypted tunnels. Three or four distinct functions, depending on whether you separate the router functions into different boxes. Some firewalls also may include an SSH or IPsec proxy. Neither IPinfusion nor GateD actually do the forwarding; they are routing protocol and RIB implementations. They rely on the underlying operating system and hardware for forwarding, generally expecting some flavor of UNIX (most commonly NetBSD, FreeBSD, and lately Linux). Having actually worked with these packages, I don't think you'd have a hope of integrating them unless you had access to the source code of the firewall. These routing software packages are really meant for manufacturers, not end users. I've worked with both in that context. Incidentally, don't take the assertion that a non-IOS routing package that claims to have CLI is fully compatible. Think about it. If it's not just a front end to IOS but an independent package, how can it have features that depend on Cisco software and hardware implementation? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43400t=43373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CIT test info [7:43399]
took the CIT test today, 79 ?'s with 90 minutes and 69x to pass. not too bad of a test other than than the horrible wording of the questions. (did M$ write this exam for them?) Anyway, I passed and am now among the ranks of ccnp's. CID in a couple of weeks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43399t=43399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT test info [7:43399]
Yea, I would love to talk about what is wrong with this test, but I would be violating the NDA. It's a catch-22. Maybe they will fix the wording in the 600 series. -Original Message- From: NetEng [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: CIT test info [7:43399] took the CIT test today, 79 ?'s with 90 minutes and 69x to pass. not too bad of a test other than than the horrible wording of the questions. (did M$ write this exam for them?) Anyway, I passed and am now among the ranks of ccnp's. CID in a couple of weeks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43401t=43399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dynamic Routing on Firewalls - ZebOS [7:43373]
At 10:30 AM -0500 5/6/02, Tarek Sabry wrote: Howard I did look at GateD from NextHop before, but they are prohibitively expensive. That's why I was leaning more towards IPInfusion. Now the problem with the latter is that I don't know how dependable or field-proven they are. Well, I can't speak to direct experience with IPinfusion, only Zebra. We ran our BGP convergence tester on Zebra running on Linux, and it certainly interoperated with Cisco routers. We were using it as a load generator, a load receiver, and sometimes as a router under test. We were able to make some modifications fairly easily to be able to tie its timestamps to a precision hardware clock. There were some oddities in the way in which it would handle BGP updates when we'd want to send a more- and -less specific version of an address block. Sometimes it would just send one rather than both. You may get performance difference in convergence, which again is something we are actively defining in the IETF work. Specifically, different router implementations differ in the order they send out a BGP update. Some will send out the least specific and then all more specifics under it in that order, where others will send all /8, then all /9, etc. Depending on the internal Loc-RIB and RIB storage models of the receiving implementation, convergence time can vary significantly based on the order of sending. There is no standard way of doing this. I totally agree with you about butting BGP on a firewall. There are many reason why one should not use a combination firewall/router. However, I am not doing any tunnels in this case. I am in a situation where I need to terminate eBGP sessions for MPLS VPN endpoints in numerous locations around the world. I'm not sure I understand your statement about having an external router gives [you] better hardware protection against DoS attacks, and also avoids conduit problems for encrypted protocols not supported on the firewall. Assume someone is smurfing, doing an ICMP flood, or other fairly low-level attacks. A router can filter or otherwise stop these using much more specialized hardware than the firewall platform, so it's cheaper per attack packet to stop it only on the firewall. Yes I thought it would only run on BSD. In fact I did use GateD in a manufactruing environment over FreeBSD. However, to my surprise, ZebOS runs on Sun Solaris too. As mentioned, we ran it on LINUX. I am running a demo license right now on Solaris with CheckPoint as a firewall. Things seem good, except for the fact that I have a problem with performance testing. Any ideas for testing firewalls? Any good tools? Here's the standardization work at least on terminology: http://www.ietf.org/rfc/rfc2647.txt I also agree with you that maybe we shouldn't expect using the object code right out of the box and that having a CLI that looks like IOS is no guarantee for 100% compatibility. But again for the past week I was surprised about the high degree of compatibility and resemblence to Cisco to the extent that I started forgetting that I'm configuring a Unix box!! My current use is a little different -- I'm using both Zebra and BGPsim to generate test routes, including routes with deliberate errors, or that are flapping. Thank you very much for your insightful thoughts. Tarek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Monday, May 06, 2002 5:27 AM To: [EMAIL PROTECTED] Subject: Re: Dynamic Routing on Firewalls - ZebOS [7:43373] At 1:22 AM -0400 5/6/02, Tarek Sabry wrote: Hi everyone I was wondering if anyone here ever had experience/expoure to a situation where you needed to run something like BGP on a firewall (PIX or CheckPoint). Are there any alternatives in addition to Zebra? I know there's some shareware and freeware but I'm interested in commercial, field-proven and supported products. If not then can anyone evaluate ZebOS for me or tell me if they know any organizations using it? The real nice thing about it is that it has a Cisco IOS interface, which is AWESOME! But my boss still needs some vendor verification before we include Zebra in any MPLS/VPN designs. Thanks a lot Tarek First, to answer your question directly, the same people that developed Zebra also have a commercial, supported version called IPinfusion (www.ipinfusion.com). The other alternative is commercial GateD from NextHop Technologies (www.nexthop.com). Native GateD command language is more Juniper- than Cisco-like, but there are ways to get much more Cisco like. Check with NextHop for details; I honestly don't remember which of the details are under NDA. There's a good deal more operational experience with GateD than IPinfusion. That being said, butting BGP on a firewall, IMNSHO, is a BAD idea. One of the basic ideas of firewalls is to put the minimal functionality on them that is necessary for the security function. Best practice is to
RE: Configuring Pix with EnterNet DSL [7:43302]
I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im going to hook it up to the DSL line. This is just for development. Eventually I will get real cisco routers. Also I had verizon change my ADSL Global Service provider. I was having some routing problems within verizons network. Now I have Qwest, and everything is cool. So ill try the pix with the new GSP. If anyone wants to contact me about ADSL or pIx 515 stuff, feel free. -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Ronnie- I assume you are referring to the fact that your DSL is PPPoE DSL (You have to install the EnterNet DSL software on your computer if you want to access the DSL Gateway and connect to the internet (which also means you use a User Name/Password combination to connect) correct!?! If so, what model PIX do you have? The 501/506 models support PPPoE under 6.2.1. The following link should get you started http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ pixc lnt.htm Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Higginbotham Sent: Saturday, May 04, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Configuring Pix with EnterNet DSL [7:43302] I am new to the Pix setup has anybody configured a PIX with EnterNet DSL setup. Any config help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43403t=43302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:43404]
test Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43404t=43404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 [7:43405]
I started a yahoo group called CSS1 if anyone is interested. Currently it has 1 member, me :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43405t=43405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 [7:43405]
Try this one http://www.securityie.com/ Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I started a yahoo group called CSS1 if anyone is interested. Currently it has 1 member, me :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43406t=43405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:43408]
Steve Smith Sarcom Service Manager Memphis 901-252-3030 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43408t=43408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rack Mounting Kit for 1600/1720??? [7:43407]
I have a customer that swears that he has seen a kit to rack mount a 1600/1720 router. Has anyone ever heard of this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43407t=43407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT test info [7:43399]
Wouldn't it only be a violation to talk about it with people who haven't already taken and passed it? =) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43409t=43399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rack Mounting Kit for 1600/1720??? [7:43407]
Yah there called shelves :) Cost $30 or so. --- Jim Newton wrote: I have a customer that swears that he has seen a kit to rack mount a 1600/1720 router. Has anyone ever heard of this? [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43410t=43407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
At 01:12 AM 5/6/02, Nnanna Obuba wrote: There's absolutely nothing wrong with being in it for the money...we all are, some admit it and some don't. No, we aren't all in it for the money. Why would you assume that?? It's indeed a wise strategy to pursue financial security, then you can afford to do the stuff u love. I'm doing what I love and I get paid for it. But I would do it even if the pay sucked. I discovered computer programming while studying to be a librarian. I was expecting to be poor. ;-) Priscilla = Nnanna Obuba CCIE # 6586 __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43411t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written [7:43221]
I doubt you really have to know them anyway. It would be really silly if you did since there's actually no agreement on them. The numbers that got standardized in IEEE 802.1D Annex C don't agree with what IBM was already using and what many vendors still use. Priscilla At 02:11 AM 5/6/02, Sergei G. wrote: there is no formula. However, you may remember, and should, with real life associations: a.. 000: 516 bytes (DDN 1822) a.. 001: 1500 bytes (Ethernet) a.. 010: 2052 bytes a.. 011: 4472 bytes (Token Ring, and Cisco maximum) -- baba Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have to remember them. Phil. Sharifi, Reza wrote: Hi, Can any body tell me is there is formula to figure out the maximum frame size in a RIF packet, or do I have to memorize all these numbers?. Thanks 000 516 001 1500 010 2052 011 4472 Do You Yahoo!? Get personalised at My Yahoo!. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43412t=43221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS on existing routers [7:43414]
Folks, I would like to mess around with MPLS, both Traffic Engineering and MPLS based VPN's if possible. However, the routers I have may or may not be able to do any MPLS. I've got some 2509's, a 2600, and some 4000-M's. Does anyone know what code levels I would need? I can figure out the memory and flash requirements if I can just figure out what minimum code level to run. Thanks, Michelle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43414t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS1 [7:43405]
I will sign up too. Also check out www.securityie.com for some good content. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Monday, May 06, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: CSS1 [7:43405] I started a yahoo group called CSS1 if anyone is interested. Currently it has 1 member, me :-) [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43413t=43405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1720 IOS compatibility [7:43385]
Yep. Installed many of them. If you need a config with a firewall post a message on here. Do not send me an email. Craig Columbus wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know if the 1700 series IP/ADSL IOS versions will run on a 1700 without ADSL? Does the ADSL version support WIC-1DSU-T1? I'm just curious because IP Plus/ADSL 56 software is MUCH cheaper than regular IP Plus 56. Thanks, Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43416t=43385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS on existing routers [7:43414]
2500 does not support MPLS, but it does support ISIS and BGP - 12.0.22 (4M DRAM / 8M Flash) 2600 supports MPLS labels only (not MPLS-TE, etc) code to run would be 12.1.14 (48M DRAM, 16M Flash) 3600 supports MPLS well with: MPLS labels - 12.0.22 (48M DRAM, 8M Flash) MPLS, MPLS-TE - 12.1.14 (48M DRAM, 16M Flash) MPLS, MPLS-TE, MPLS-CoS, MPLS-LDP - 12.2.8T3 (64M DRAM, 16M Flash) According to the Cisco Software Advisor, MPLS-TE and MP-BGP are supported on the 4000-M with 12.1.14 SERVICE PROVIDER (16M DRAM, 4M Flash), but I have not verified this. You can always check the Cisco Feature Navigator and/or Software Advisor http://www.cisco.com/go/fn Also, most production networks use 12.0ST for MPLS-TE and MPLS-VPN, and even then, they use specialized custom code (IOS patches) that you cannot download on CCO. If you want real-world experience, you have to start there (or go the J-brand route). -dre Michelle T wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, I would like to mess around with MPLS, both Traffic Engineering and MPLS based VPN's if possible. However, the routers I have may or may not be able to do any MPLS. I've got some 2509's, a 2600, and some 4000-M's. Does anyone know what code levels I would need? I can figure out the memory and flash requirements if I can just figure out what minimum code level to run. Thanks, Michelle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43418t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Without any violation....... [7:43318]
**Shakes Magic 8-Ball** My sources say No Well, there you have it. The frame-switch is preconfigured for you. I got a similar response when I consulted it about the communications server. --Tim, the Cheerful Cynic. Juan Blanco wrote: Team, Do you have to setup the frame-relay switch when you take the lab test or it is already configure (save time), just a curiosity.. Thanks, J Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43417t=43318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
general question on rip/igrp/eigrp over isdn [7:43419]
if u running any one of these three protocols over isdn for backup, is it best to use a floating static or dialer-watch? is it pretty much limited to these two methods (0ther than backup interface command in a non-vc environment) Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43419t=43419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Content Switching and Keepalives [7:43141]
There are 2 methods of keepalives, get and head. get: CSS gets the web page, computes a hash based on the page and stores it for reference. The next time the CSS gets the webpage it looks for 200 OK and stauts and compares the new hash with the hash stored for reference. If they are different the CSS marks the service as down. So you can conclude this method only works well for static content on pages. Head: CSS only issues an HTTP head on the service and looks for 200 OK status , if it gets it service is marked up other wise its down. Less overhead than get method and good for Dynamic content as well. hope that helped a bit. Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Dave I've not had chance to test the keepalive yet but I see you mention using head or get can depend on the page type. Can you explain further or do you have any links? Cheers Pat David Harrison wrote: This is correct. The domain name is not necessary. Since the CSS knows the ip address of the box it's watching it doesn't have to rely on a domain name to find the location of the server. However it is important that the css know the path to reach the reference page. I've used the following: service blah_blah ip address 10.1.1.1 keepalive frequency 8 keepalive type http keepalive uri /.reference/arrowpoint-keepalive.html active I usually use the default head method vs the get. Depends on whether the file you are watching is static or dynamic. Dave -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: Re: Content Switching and Keepalives [7:43141] I'm not positive about this but I don't believe you're supposed to include the domain name in the URI. We simply use 'keepalive uri /index.htm' and that works well. Give that a shot and see if it works for you. John Patrick Donlon 5/3/02 9:54:47 AM Hi I tested it and for some reason it didn't work, I configured the following on the service: keepalive port 81, keepalive method get, keepalive type http keepalive frequency 25, keepalive retry 25 keepalive uri www.blahblah.com/index.html I then activated the service (and re-activated it a few times just in case) Any thing obviously wrong and what should I check in the log cheers Pat Patrick Donlon wrote: Hi All I have two web servers which are being load balanced behind a CSS, this is working fine. Currently we're using the default ICMP keepalive, this is OK if the failure is at this level but when the web services process is stopped by the DBA the CSS thinks it's up and running. I've seen the different options, tcp, http gets, etc, and would like to know anyone else's experience in what is the best balance over performance and detecting the lost of service Cheers Pat [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43420t=43141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Real Life Wireless Question [7:43293]
A bridge is used to connect networks often in different buildings up to several miles apart. Because the bridge does not rely on acknowledgements like a normal access point it can do this. An access point cannot do this because it must comply with the 802.11 standard strictly and it will expect acknowledgements to be received more quickly than could be expected over those distances. Bruce Marko Milivojevic wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have one question that most probably doesn't fit into any studies here, but there are a lot of knowlegable people here that might help. What is the difference between Aironet bridges and aironet access points? Bridges are, obviously, more expensive and that's not my point. Can you use two AP's (AIR-AP352E2R-E-K9 for example) on two remote locations and bridge two LAN's over them? Post answers directly to me, if inapropriate for the list. Thanks in advance. Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43421t=43293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Security Specialization [7:43422]
Can anyone tell me what exam I need to pass to receive my CCNP Security Specialization? The Cisco website lists this as a possibility but I can't seem to find how to obtain this. Thanks in advance for your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43422t=43422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS on existing routers [7:43414]
This might help: http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1575_pp.htm Goes over some MPLS terminology and concepts as well as the product lines needed to accomplish various roles on the MPLS network (CE, PE, P). Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michelle T Sent: Monday, May 06, 2002 11:35 AM To: [EMAIL PROTECTED] Subject: MPLS on existing routers [7:43414] Folks, I would like to mess around with MPLS, both Traffic Engineering and MPLS based VPN's if possible. However, the routers I have may or may not be able to do any MPLS. I've got some 2509's, a 2600, and some 4000-M's. Does anyone know what code levels I would need? I can figure out the memory and flash requirements if I can just figure out what minimum code level to run. Thanks, Michelle [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43423t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rack Mounting Kit for 1600/1720??? [7:43407]
Jim Newton wrote: I have a customer that swears that he has seen a kit to rack mount a 1600/1720 router. Has anyone ever heard of this? Yes, I've seen them as well. They are basically just a fancy shelf with a faceplate. They are sold on e-bay all the time. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2021421586 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43415t=43407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: assign (static) IP address to VPN client [7:43329]
Hans, To assign an address to a remote client once it connected, you have four options. These options are as follow : 1. Use Client Address (supplied by the client software) 2. Use Address from Authentication Server (supplied by an auth server) 3. Use DHCP (supplied by a DHCP server). 4. Use address pool (supplied by an internal address pool) Choose one which do you prefer to assign an address to the remote client. This menu is under: Configuration-System-Address Management-Assignment HTH - Original Message - From: Hans Schimek To: Sent: Sunday, May 05, 2002 7:38 PM Subject: assign (static) IP address to VPN client [7:43329] I am using a VPN Concentrator 3000 - and locally address pools . The clients gets assigned an IP address out of that pool. But I`d like to give it a preconfigured address . So I tried : USER MANAGEMENT - USERS - there I put in the IP address I4d like the client should get ! But it gets an address out of that pool - at random ! Does anyone have an idea ? thx in advance Hans Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43377t=43329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
Though if I were to win the 64 million $ power ball Wednesday... Dave Priscilla Oppenheimer wrote: At 01:12 AM 5/6/02, Nnanna Obuba wrote: There's absolutely nothing wrong with being in it for the money...we all are, some admit it and some don't. No, we aren't all in it for the money. Why would you assume that?? It's indeed a wise strategy to pursue financial security, then you can afford to do the stuff u love. I'm doing what I love and I get paid for it. But I would do it even if the pay sucked. I discovered computer programming while studying to be a librarian. I was expecting to be poor. ;-) Priscilla = Nnanna Obuba CCIE # 6586 __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Priscilla Oppenheimer http://www.priscilla.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43424t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rack Mounting Kit for 1600/1720??? [7:43425]
-Original Message- From: Jim Newton [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 1:50 PM To: Ccielab Cc: Group Study Subject: Rack Mounting Kit for 1600/1720??? I have a customer that swears that he has seen a kit to rack mount a 1600/1720 router. Has anyone ever heard of this? _ Commercial lab list: http://www.groupstudy.com/list/commercial.html Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43425t=43425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Security Specialization [7:43422]
The CCNP-Security desgination is gone. It has been replaced with the Cisco Security Specialist 1 Designation. You need to pass 4 tests for this: Managing Cisco Network Security Virtual Private Networks Pix Firewall Intrusion Detections --- D. Tharp wrote: Can anyone tell me what exam I need to pass to receive my CCNP Security Specialization? The Cisco website lists this as a possibility but I can't seem to find how to obtain this. Thanks in advance for your help. [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43427t=43422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: general question on rip/igrp/eigrp over isdn [7:43419]
RIP is not supported with dialer watch. IMHO floating static routes work best for most applications and is easier to configure. backup interface works with frame subinterfaces, (p-p) and VC with OAM enabled. dave Mirza, Timur wrote: if u running any one of these three protocols over isdn for backup, is it best to use a floating static or dialer-watch? is it pretty much limited to these two methods (0ther than backup interface command in a non-vc environment) Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43428t=43419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuring Pix with EnterNet DSL [7:43302]
Brian... I'd be interested to hear what your results are... as the documentation for 6.2 says that it only supports PPPoE/DHCP connections on the 501 and 506 models of PIX. If you get it to work on the 515, that would be good to know. Since you changed GSPs, does that mean that you don't have to worry about PPPoE, and you just simply get a Dynamic IP straight off the wire?? Only reason I ask is, I have SWB DSL, and it's the Enhanced service, which simply means I get 5 static IPs assigned to me. The technical difference for my CPE connecting to them, whether it be a Cisco Router or the PIX, is that I don't have to configure the User ID/Password Authentication stuff anymore which was something I had to do with the Basic Service, and it was dependent upon PPPoE. Anyway... let us know how you do! Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im going to hook it up to the DSL line. This is just for development. Eventually I will get real cisco routers. Also I had verizon change my ADSL Global Service provider. I was having some routing problems within verizons network. Now I have Qwest, and everything is cool. So ill try the pix with the new GSP. If anyone wants to contact me about ADSL or pIx 515 stuff, feel free. -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Ronnie- I assume you are referring to the fact that your DSL is PPPoE DSL (You have to install the EnterNet DSL software on your computer if you want to access the DSL Gateway and connect to the internet (which also means you use a User Name/Password combination to connect) correct!?! If so, what model PIX do you have? The 501/506 models support PPPoE under 6.2.1. The following link should get you started http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ pixc lnt.htm Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Higginbotham Sent: Saturday, May 04, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Configuring Pix with EnterNet DSL [7:43302] I am new to the Pix setup has anybody configured a PIX with EnterNet DSL setup. Any config help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43429t=43302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Security Specialization [7:43422]
In article , [EMAIL PROTECTED] says... Can anyone tell me what exam I need to pass to receive my CCNP Security Specialization? The Cisco website lists this as a possibility but I can't seem to find how to obtain this. Thanks in advance for your help. Look here http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/security -- Wes Knight CCNP, CSS1, MCT, MCSE, CNE, PSI, ASE, etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43431t=43422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written [7:43221]
Although I see you point, it doesn't matter who has agreed on what, if Cisco puts it on the exam a certain way, that's what you would need to learn. =) About the only time it comes up is when they give you a RIF and ask you to decipher the 4 fields in the RC. All of the study guides, practice exams, etc all use the same references it seems that you (Reza) already have. Mike W. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I doubt you really have to know them anyway. It would be really silly if you did since there's actually no agreement on them. The numbers that got standardized in IEEE 802.1D Annex C don't agree with what IBM was already using and what many vendors still use. Priscilla At 02:11 AM 5/6/02, Sergei G. wrote: there is no formula. However, you may remember, and should, with real life associations: a.. 000: 516 bytes (DDN 1822) a.. 001: 1500 bytes (Ethernet) a.. 010: 2052 bytes a.. 011: 4472 bytes (Token Ring, and Cisco maximum) -- baba Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have to remember them. Phil. Sharifi, Reza wrote: Hi, Can any body tell me is there is formula to figure out the maximum frame size in a RIF packet, or do I have to memorize all these numbers?. Thanks 000 516 001 1500 010 2052 011 4472 Do You Yahoo!? Get personalised at My Yahoo!. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43434t=43221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Without any violation....... [7:43318]
LOL. nice! The magic 8-ball knows all.. are we allowed to take one with us into the lab? Perhaps they provide you one so you bring in a doctored one with commands on it... =) Mike W. timothy thielen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... **Shakes Magic 8-Ball** My sources say No Well, there you have it. The frame-switch is preconfigured for you. I got a similar response when I consulted it about the communications server. --Tim, the Cheerful Cynic. Juan Blanco wrote: Team, Do you have to setup the frame-relay switch when you take the lab test or it is already configure (save time), just a curiosity.. Thanks, J Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43433t=43318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
COLT [7:43435]
Hi guys, Can anybody tell me the URL of Cisco Online Testing which cisco offers at their website? I had this one but i missed it unfortunately. Thanks Shoaib __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43435t=43435 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
Becareful with the kid comment. I passed my CCIE at 20, dang near 19. Jason CCIE 8748 Michael L. Williams wrote: nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Bullshi*. There are a significant number of guys lately who've passed the lab who I wouldn't hesitate to call paper (heck, even they have honestly referred to themselves as paper, usually after getting a few drinks into them). Significant? Help me understand the extent to which you use that word? If you're a proctor for CCIE labs and saw people day in and day out, then I would take your word for it. I have yet to take the lab, but I'm trying to understand how someone could make it through the lab and still be considered paper. Is the lab that big of a joke? Consider it's very high fail rate, I can't see it being so easy that people can't pass without understanding what they're doing? At least to the same level that anyone else who ever passed the lab did Personally I use paper to mean someone with a cert that doesn't have any hands-on to match it like paper MSCE.. I worked with this kid who was 19, has his MSCE, CNE, and Master CNE, but had zero hands on definitely paper... but we're talking the CCIE lab here. it's simply not possible (IMHO) to pass the lab without at least a minimum of hands-on (whether in a job or on practice equipment) to give one the skills to pass. But I do agree with the premise that the main reason for the devaluing of the cert is the bad economy, and the lab-rats are a lesser consideration (still important, but lesser). But on the other hand, I think it is the case that the CCIE will probably never attain the status that it once did, simply because the we will probably never see another huge network buildout orgy like the dotcom boom again in our lifetime. So while I believe the networking industry will get better, people who thinks it's going to get back to, say, 1999, are just deluding themselves. Agreed I don't thik we'll see things back like there were a couple of years ago. But I'm trying to draw a fine distinction between the devaluing of a cert (due to shoddy cert process) -vs- the salary that one pulls in with the cert. The CCIEs now (in general) don't make and probably in the future won't make what CCIEs of two years ago did. Is this a devaluation of the cert. Certainly not. That's the market that's the economy I don't believe that has much to do with whether employers and network professionals value the certification (i.e. consider someone with CCIE to be a true expert in networking). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43436t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
I appreciate your comments and I applaud your accomplishment, especially at such a young age. but once ones age is past 25 and 30 and beyond, everyone that's 19, 20, 21 is still considered a kid =) Mike W. Jason Forrester wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Becareful with the kid comment. I passed my CCIE at 20, dang near 19. Jason CCIE 8748 Michael L. Williams wrote: nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Bullshi*. There are a significant number of guys lately who've passed the lab who I wouldn't hesitate to call paper (heck, even they have honestly referred to themselves as paper, usually after getting a few drinks into them). Significant? Help me understand the extent to which you use that word? If you're a proctor for CCIE labs and saw people day in and day out, then I would take your word for it. I have yet to take the lab, but I'm trying to understand how someone could make it through the lab and still be considered paper. Is the lab that big of a joke? Consider it's very high fail rate, I can't see it being so easy that people can't pass without understanding what they're doing? At least to the same level that anyone else who ever passed the lab did Personally I use paper to mean someone with a cert that doesn't have any hands-on to match it like paper MSCE.. I worked with this kid who was 19, has his MSCE, CNE, and Master CNE, but had zero hands on definitely paper... but we're talking the CCIE lab here. it's simply not possible (IMHO) to pass the lab without at least a minimum of hands-on (whether in a job or on practice equipment) to give one the skills to pass. But I do agree with the premise that the main reason for the devaluing of the cert is the bad economy, and the lab-rats are a lesser consideration (still important, but lesser). But on the other hand, I think it is the case that the CCIE will probably never attain the status that it once did, simply because the we will probably never see another huge network buildout orgy like the dotcom boom again in our lifetime. So while I believe the networking industry will get better, people who thinks it's going to get back to, say, 1999, are just deluding themselves. Agreed I don't thik we'll see things back like there were a couple of years ago. But I'm trying to draw a fine distinction between the devaluing of a cert (due to shoddy cert process) -vs- the salary that one pulls in with the cert. The CCIEs now (in general) don't make and probably in the future won't make what CCIEs of two years ago did. Is this a devaluation of the cert. Certainly not. That's the market that's the economy I don't believe that has much to do with whether employers and network professionals value the certification (i.e. consider someone with CCIE to be a true expert in networking). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43437t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE in 3-6 Months from cisco Interesting [7:43306]
I agree, there is a perception of CCIE's as arrogant know-it-alls. Some of this is surely warranted, and some surely stems from envy. Which is why I can laugh at this joke you may have already heard: Q:What's the difference between a CCIE and God? A:God doesn't think he is a CCIE... Pat (Set to incur the wrath of the aforementioned God at the RS Lab in RTP on May 18) -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 7:29 PM To: [EMAIL PROTECTED] Subject: Re: CCIE in 3-6 Months from cisco Interesting [7:43306] I also agree with you on many points. But anyway, inline I see your point about people not skipping the tech interview because of CCIE. And I also agree that it's a good thing. After all, when 'lab rats' (as you call them) are applying for jobs, it just makes sense that one would give a tough interview to weed them out. However, one must ask themselves What is the purpose of the cert? Just like a college degree in, say Computer Science. The BS in CS doesn't guarantee an employer that the person has experience, say, with PERL. However, the degree indicates that this person can learn and understand the logic of programming, etc. I don't think the purpose of the CCIE (or any Cisco cert) is to guarentee knowledge of absolutely everything in networking. That's not possible. However, I believe that it does indicate an advanced level of understanding of network principles as well as knowledge of specific technologies (EIGRP, HSRP, DLSw+, etc). So, as in your example of the person that didn't learn BGP because it wasn't required for the cert, I have to say So what. That wasn't the point of the CCIE. The CCNP cert doesn't cover IS-IS, for example, but I would hope anyone with CCNP could sit down, read about IS-IS, know how to look up IS-IS related commands on Cisco's site, and then implement what needs to be implemented. That's, IMHO, the purpose of obtaining the cert. This is absolutely true, nobody can know everything, and the CCIE was never designed to do that. On the other hand, there is a major difference between somebody who admits he doesn't know the answer, but can probably look it up, and somebody who boldly states something that is flatly wrong. For example, with that guy I interviewed who claimed that CEF can only be run on a GSR, clearly this was a case where he was trying to snow me. Now I admit, I was trying to trick him (I deliberately pretended that I knew nothing about networks because I wanted to see what kinds of things he would say if he didn't think I was a networking guy myself), and boy, was he tricked. It's certainly not a big joke, it's just that yes you really can pass the lab without experience. Granted, you need dedication and you need money to buy a home lab. Exactly - you need practice equipment. So you don't need a real job that provides hands-on equipment. You just need a lab, a lot of time, and a lot of money for exam attempts (or a willingness to go into debt). But a networking job? Not really, not to pass the lab. I understand your differentiation between real-world hands-on and practice lab (lab rat) hands-on. I truly do. But, again, it's like the college degree thing. If a company wants someone who has experience, they'll interview and ask questions that only seasoned professionals could answer. But, if they want someone with a certain level of knowledge, demonstrated ability to learn new things, and the ability to find resources and answer questions, then that could be a seasoned professional or someone that's certified (or someone with both). On the flip side of your argument, I've met people that are trying to get into networking from the telco side, and could explain in great detail how a T1 works, but couldn't explain HSRP (a very simple thing to understand and setup) to save their life. Doesn't mean their stupid, just not exposed to it. And the cert provides exposure to these things, whether real world or lab rat experience I mean, really, does it matter if you setup HSRP in a lab or in the real-world? I think not... HSRP is HSRP I guess, when it comes down to it, I feel if you (the hiring person) wants someone that can explain CEF, which models have software CEF, which have hardware CEF, which 6500 blades are fabric enabled and which aren't just by their model number, then you're not looking for anything but sheer experience. So why blame the cert for not providing that background to a person, when that's not the point of the cert to begin with? Two friends of mine, for example, are basically lab-rats (Ok, they did have previous experience, but very little). They accomplished it by basically borrowing my lab and all my books. They can't find decent work, because they can't pass the newly tightened tech interviews. So they are back doing sys-admin work, which is what they had been doing before
Re: MPLS on existing routers [7:43414]
12.2(8)T1, telco feature set, runs on 2600 with 8MB flash and 32 MB dram. That should be enough for MPLS. dre wrote: 2600 supports MPLS labels only (not MPLS-TE, etc) code to run would be 12.1.14 (48M DRAM, 16M Flash) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43439t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
At 3:56 PM -0400 5/6/02, MADMAN wrote: Though if I were to win the 64 million $ power ball Wednesday... Dave You know, that's a fantasy that's occurred to me at times. One of things I'd do with PART of the money is to start up some technology companies to develop what _I_ think are some new ideas in routers. Some, however, would indeed go for finally replacing my two-oven, eight-burner Viking stove that's had a part on back order for over six months. Priscilla Oppenheimer wrote: At 01:12 AM 5/6/02, Nnanna Obuba wrote: There's absolutely nothing wrong with being in it for the money...we all are, some admit it and some don't. No, we aren't all in it for the money. Why would you assume that?? It's indeed a wise strategy to pursue financial security, then you can afford to do the stuff u love. I'm doing what I love and I get paid for it. But I would do it even if the pay sucked. I discovered computer programming while studying to be a librarian. I was expecting to be poor. ;-) Priscilla = Nnanna Obuba CCIE # 6586 __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Priscilla Oppenheimer http://www.priscilla.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43440t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rack Mounting Kit for 1600/1720??? [7:43407]
Yes, I've seen them on Ebay all the time Here's a current auction. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2021421586 Seems cheaper to buy via auction than it is to purchase direct. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Newton Sent: Monday, May 06, 2002 12:51 PM To: [EMAIL PROTECTED] Subject: Rack Mounting Kit for 1600/1720??? [7:43407] I have a customer that swears that he has seen a kit to rack mount a 1600/1720 router. Has anyone ever heard of this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43430t=43407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS on existing routers [7:43414]
dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Also, most production networks use 12.0ST for MPLS-TE and MPLS-VPN, and even then, they use specialized custom code (IOS patches) that you cannot download on CCO. If you want real-world experience, you have to start there (or go the J-brand route). I'm a dummy when it comes to MPLS, just reading the thread to learn a little something.. Just curious, if you can't get the MPLS specialized IOS patches on CCO, where would you get them? (I'm picturing some d00d selling CDs on a stree corner or a MPLS IOS warez group on the usenet... LOL) Thanks! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43432t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuring Pix with EnterNet DSL [7:43302]
Mark I sent you a email. Brian Here is the config I used on my PPPoE. Works great. Commands added to PIX vpdn group pppoe-sbc request dialout pppoe vpdn group pppoe-sbc localname xx vpdn group pppoe-sbc ppp authentication pap vpdn username xx password xx ip address outside pppoe setroute showing the active PPPoE session** pixfirewall# sh vpdn session PPPoE Session Information (Total tunnels=1 sessions=1) Remote MAC is 00:10:67:00:B1:AD Session state is SESSION_UP Time since event change 97811 secs, interface outside PPP interface id is 1 16269 packets sent, 16820 received, 1464059 bytes sent, 0 received *showing the route received for my ISP** pixfirewall# sh ip address outside pppoe PPPoE Assigned IP addr: 65.67.102.20 255.255.255.255 on Interface: outside Remote IP addr: 65.67.103.254 This is now my default route. Once I reboot my pix it takes about 3 to 4 minutes to restore a active PPPoE session. Mark Odette II wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Brian... I'd be interested to hear what your results are... as the documentation for 6.2 says that it only supports PPPoE/DHCP connections on the 501 and 506 models of PIX. If you get it to work on the 515, that would be good to know. Since you changed GSPs, does that mean that you don't have to worry about PPPoE, and you just simply get a Dynamic IP straight off the wire?? Only reason I ask is, I have SWB DSL, and it's the Enhanced service, which simply means I get 5 static IPs assigned to me. The technical difference for my CPE connecting to them, whether it be a Cisco Router or the PIX, is that I don't have to configure the User ID/Password Authentication stuff anymore which was something I had to do with the Basic Service, and it was dependent upon PPPoE. Anyway... let us know how you do! Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im going to hook it up to the DSL line. This is just for development. Eventually I will get real cisco routers. Also I had verizon change my ADSL Global Service provider. I was having some routing problems within verizons network. Now I have Qwest, and everything is cool. So ill try the pix with the new GSP. If anyone wants to contact me about ADSL or pIx 515 stuff, feel free. -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Ronnie- I assume you are referring to the fact that your DSL is PPPoE DSL (You have to install the EnterNet DSL software on your computer if you want to access the DSL Gateway and connect to the internet (which also means you use a User Name/Password combination to connect) correct!?! If so, what model PIX do you have? The 501/506 models support PPPoE under 6.2.1. The following link should get you started http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ pixc lnt.htm Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Higginbotham Sent: Saturday, May 04, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Configuring Pix with EnterNet DSL [7:43302] I am new to the Pix setup has anybody configured a PIX with EnterNet DSL setup. Any config help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43441t=43302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
Emotion should reflect reason not guide it Did you make that one up I like it. I've had many philosophical (sp?) discussions with a very keen co-worker about being guided by emotions or logic/reason. My stance is, emotions cloud good judgement (not 100% but mostly), and he maintains there are 2 kinds of people: Those that are guided by emotion and have success doing it, and those that don't. For those that do use emotion successfully, sometimes trying to use logic/reason can actually be bad Interesting tho. I'm going to forward your quote to my work acct so I can forward to him Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43443t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS on existing routers [7:43414]
Sean Knox wrote: This might help: http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1575_pp.htm Goes over some MPLS terminology and concepts as well as the product lines needed to accomplish various roles on the MPLS network (CE, PE, P). Thanks for the reference. Here's what they suggest for PE UNI routers: Cisco 3640 series Cisco 3660 series Cisco 7200 series Cisco 7400 series Cisco 7500 series Cisco 1 series Cisco 12000 series This is for the core P routers: Cisco 7200 series Cisco 7500 series Cisco 8540 series Cisco 8650 series Cisco 8800 series Cisco 1 series Cisco 12000 series I'm wondering, how much these routers cost? If they're expensive, would anyone have scenarios and labs that work with the low-end routers mentioned previously in this thread (2500/2600) and UNI and core routers running the MPLS For Linux software? Or is MPLS going to be one of those technologies like ATM that poor folks like me can't afford? Even if it's possible to build an affordable hybrid lab from Cisco and Linux platforms, we'll still need a scenario builder to develop and market the product. Hint hint. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43444t=43414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Recert Resources [7:43445]
Anyone have suggestions for the CCNP recert? I thought I'd try the 4 CramSession study guides. TIA Greg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43445t=43445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
I didn't make it up, I have heard it said by a local talk show personality, a small l libertarian and I obviously liked it. Why are domestic disturbances most dangerous for the police to respond to? Emotions. What do demogouges use to gain influence and power, emotions, why are people willing to surrender some liberty, which is almost always permanent, in the aftermath of most any tragedy, emotions... Unfortuately those that hunger for power and control over others use emotional appeals and too often are successful. remember gov't can only do for you in the equal proportion that it does to you. Off my soapbox! I need to find a new PC, my home system puked over the weekend:( Dave Michael L. Williams wrote: Emotion should reflect reason not guide it Did you make that one up I like it. I've had many philosophical (sp?) discussions with a very keen co-worker about being guided by emotions or logic/reason. My stance is, emotions cloud good judgement (not 100% but mostly), and he maintains there are 2 kinds of people: Those that are guided by emotion and have success doing it, and those that don't. For those that do use emotion successfully, sometimes trying to use logic/reason can actually be bad Interesting tho. I'm going to forward your quote to my work acct so I can forward to him Mike W. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43447t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need Power Supply for ADC Kentrox [7:43446]
Hi, I just bought a ADC Kentrox DataSMART T1 DSU/CSU model #78563. Unfortunately it didn't come with AC power. I'm having trouble locating a power supply on ebay etc. Any ideas? Thanks, Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43446t=43446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Immdeiate Assistance is Reaquired! [7:43449]
Dear Members, We have 2620 router with Fastethenet port and a Serial Interface. 1-We just want that no user traffic should directly go to router and only the traffic that is coming through Proxy Server should reach the router. 2- We want to to stop ping as no one should be able to ping us from outside network and may not chock our bandwidth. 3- We want to stop Telnet. No ne should be able to telnet it. We only want to configure router through Console Port. How can we accomplish these task? The current configuration is provided below. Thank You In Advance! Ahmad .. ip subnet-zero ! no ip finger ! interface FastEthernet0/0 ip address x.x.x.x 255.255.255.248 secondary (Proxy IP) ip address x.x.x.x 255.255.255.240 (Gateway IP) speed 100 full-duplex ! interface Serial0/0 bandwidth 256 no ip address ip accounting output-packets encapsulation ppp shutdown no fair-queue ! interface BRI0/0 no ip address shutdown ! interface Serial0/1 bandwidth 256 ip address x.x.x.x 255.255.255.252 ip access-group 109 in encapsulation ppp no keepalive ! ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.x ip route x.x.x.x 255.255.255.128 x.x.x.x (reverse path for user traffic) no ip http server ! access-list 108 permit ip x.x.x.x 0.0.0.15 any log access-list 108 permit ip host x.x.x.x any access-list 108 permit ip host x.x.x.x any access-list 109 permit icmp any any echo-reply access-list 109 deny icmp any any access-list 109 deny tcp any any eq telnet access-list 109 deny udp any any eq tftp access-list 109 permit ip any any ! line con 0 password ... transport input none line aux 0 line vty 0 password ... login ! End Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43449t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
Wow, you must like to cook too!! I drool at the pictures of the Viking equipment in my Bon Appetit' magazine as I do a lot of cooking and looking forward to getting my garden going. Not very good service though huh?? Dave Yup...just getting my herb seedlings planted. I shouldn't complain -- I got the stove at half price on a closeout. But an AGS (not AGS+) is better built. The enamel came off when hit by oven cleaner. The oven doors don't quite go in without a good shove. My house was *ahem* honored by a now former-family of rats. They ate through the control cabling. I have the low voltage ignition controller. I have the power cord. I don't have the power supply between them. Now, I really don't think it would be hard to pull the power supply and reverse engineer it. But only authorized dealers can get the rest of the parts. Viking says parts are their distributors' problems, not theirs. The dealer/repair shop is as frustrated as I am. If I could just get SmartNet on it... Howard C. Berkowitz wrote: At 3:56 PM -0400 5/6/02, MADMAN wrote: Though if I were to win the 64 million $ power ball Wednesday... Dave You know, that's a fantasy that's occurred to me at times. One of things I'd do with PART of the money is to start up some technology companies to develop what _I_ think are some new ideas in routers. Some, however, would indeed go for finally replacing my two-oven, eight-burner Viking stove that's had a part on back order for over six months. Priscilla Oppenheimer wrote: At 01:12 AM 5/6/02, Nnanna Obuba wrote: There's absolutely nothing wrong with being in it for the money...we all are, some admit it and some don't. No, we aren't all in it for the money. Why would you assume that?? It's indeed a wise strategy to pursue financial security, then you can afford to do the stuff u love. I'm doing what I love and I get paid for it. But I would do it even if the pay sucked. I discovered computer programming while studying to be a librarian. I was expecting to be poor. ;-) Priscilla = Nnanna Obuba CCIE # 6586 __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Priscilla Oppenheimer http://www.priscilla.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43448t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
content delivery network [7:43450]
Dear Friends, Where can I find some white paper about content delivery network? I'd like to design a network with CSS and CE. Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43450t=43450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix load balance? [7:42974]
Yeah, I asked the same questions last month. They can not. If you really need firewall and Load balancing, FW-1 is the way to go. Theo CSS1, CCNP, CCSE Patrick Sent by: [EMAIL PROTECTED] 05/06/2002 06:28 AM Please respond to Patrick To: [EMAIL PROTECTED] cc: Subject:Re: Pix load balance? [7:42974] No. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you load balance to pix firewalls? Has anyone done this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43451t=42974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
Here's an interesting that is along the lines of our discussion of certifications without skills to back them up. Tim was so learned, that he could name a horse in nine Languages. So ignorant, that he bought a cow to ride on. - Ben Franklin Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43452t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
My remarks on the 351-001 R/S Beta [7:43453]
Hey all, This was a tough one. All I can say is that what others have written about this test is pretty consistent. Your troubleshooting and experience is put to the test here more than anything, and it encompasses all the topics that Cisco provided in the blueprint. This was the last day it was offered though, and it seems like the CCIE Written exam of the future is going to rise from this. I'm going to take the old one before it is retired, and I would recommend the same unless you have experience/good knowledge of the newer technologies such as MPLS, advanced QoS concepts, etc. Good luck all, A.K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43453t=43453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load balancing [7:43265]
I second that. Theo Sean Knox Sent by: [EMAIL PROTECTED] 05/04/2002 09:52 AM Please respond to Sean Knox To: [EMAIL PROTECTED] cc: Subject:RE: VLAN Load balancing [7:43265] Correct me if I'm wrong, but VLAN priorization isn't really load balancing- you are just forcing VLANS over a preselected path. It does not take into consideration that one VLAN may utilize more bandwidth than another. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Friday, May 03, 2002 3:05 PM To: [EMAIL PROTECTED] Subject: Re: VLAN Load balancing [7:43265] Yes. An example would be two core 6500 trunked together. You have switches in the closets, one uplink to 6500A the other to 6500B. Set priority on even VLAN/s to A odd to B. Dave Steven A. Ridder wrote: Does anyone do any VLAN load balancing via STP in the real world? I've never seen it yet, and am just curious if it's ever done. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43454t=43265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT test info [7:43399]
I sat this test about a month ago, passed with 898 I thought it was a shocking test. Badly written, VERY badly written. I hope they change it, I feel I could have gotten alot better mark if it was clear what they were asking! Anyway, CCNP done...CCIE written tomorrow! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43456t=43399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
Comments inline a. ahmad wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Members, We have 2620 router with Fastethenet port and a Serial Interface. 1-We just want that no user traffic should directly go to router and only the traffic that is coming through Proxy Server should reach the router. Setup an inbound access list on the Fastethernet interface. here's a simple example: Router(config)#access-list 1 permit 0.0.0.0 Router(config)#interface Fast0 Router(config-if)#ip access-group 1 in This would only allow traffic coming from the proxy server to be allowed into the router via the FastEthernet... modify as needed. 2- We want to to stop ping as no one should be able to ping us from outside network and may not chock our bandwidth. Although you can stop an incoming ping with an inbound access list on the serial interface, nothing you can do on that router can stop someone from at least sending pings (or any other unwanted traffic) to your router and using your bandwidth. The best you can do is to block the unwanted traffic where it comes in. 3- We want to stop Telnet. No ne should be able to telnet it. We only want to configure router through Console Port. The easiest way to prevent telnet access to the router is to simply not assign a password (or remove an existing password) on the VTY lines. I see in your config you have a password on the VTY lines. Remove it like so: Router(config)#line vty 0 4 Router(config-line)# no password If you try to telnet to it, you will see the following: AnotherRouter#telnet 10.1.1.1 Trying 10.1.1.1 ... Open Password required, but none set [Connection to 10.1.1.1 closed by foreign host] AnotherRouter# Hope this helps! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43457t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: My remarks on the 351-001 R/S Beta [7:43453]
And you ain't just whistling Dixie! =) Khan Audil wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey all, This was a tough one. All I can say is that what others have written about this test is pretty consistent. Your troubleshooting and experience is put to the test here more than anything, and it encompasses all the topics that Cisco provided in the blueprint. This was the last day it was offered though, and it seems like the CCIE Written exam of the future is going to rise from this. I'm going to take the old one before it is retired, and I would recommend the same unless you have experience/good knowledge of the newer technologies such as MPLS, advanced QoS concepts, etc. Good luck all, A.K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43458t=43453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router/Bridge re-transmit frames? [7:43459]
I've always known routers to route and bridges to learn, filter, forward, and flood. A co-worker said that if a router is configured with transparent bridging, it can re-transmit a frame. He said that he heard this somewhere. I'm pretty sure he's wrong because this just isn't something that a router/bridge is meant to do. I also searched CCO but came up empty-handed. For example, say you have two segments connected to a router; one segment off of e0 and one segment off of e1. If a host on the e0 segment sends a frame to a host on the e1 segment and a collision occurs on the e1 segment before reaching the destination host, then I believe that the host on e0 is responsible for re-transmitting the frame, not the router/bridge. Has anyone heard of a router configured with transparent bridging re-transmitting frames? I just can't see how this could happen. However, I've seen stranger things happen, so I just wanted to get the opinions of others on this group. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43459t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: My remarks on the 351-001 R/S Beta [7:43453]
Indeed it was. I took this today also, and although I think I was prepared well enough for the 350-001, I'm not so certain about this 351-001. I was actually surprised at the intensity and difficulty level. I consider it money well spent though as it is just another few dollars on the road to being better at what I do. Although I may also venture to pass the current one before it goes away, I'm still going to follow the blueprint for the beta as an additional path of learning. Good Luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43460t=43453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router/Bridge re-transmit frames? [7:43459]
You're right. A bridge is not going to retransmit any frame that failed to reach it's destination. That will be up to the appropriate protocol on the originating host. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43461t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2061 (Vacation) [7:43462]
I will be on vacation from 5-7-02 to 5-22-02. Any matter regarding network management please forward to Bob Taylor @ 213-979-0032. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43462t=43462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:43391]
I'm assuming you're getting ready for 350-001, in which case you might want to take a look at www.laganiere.net, where I put together some documents that might be helpful. There's a document on doing RIFs, some advice on preparation, and a list of corrections for the cramsession at brainbuzz I wrote a few years ago. I hope you find it useful... Good luck, and please let us all know how well you do... --- Dennis - Original Message - From: To: Sent: Monday, May 06, 2002 7:13 AM Subject: CCIE Written [7:43391] Hi Ladies and Gentleman I am writing my written in less then two weeks. Help! Can anyone give me some Hints ;-) and inspiration, motivation all the good stuff. Your information is greatly appreciated. Thanks in advance! Regards, Sergio Silva Network Engineer Dimension Data Help Desk 011-7091026 This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies (Dimension Data). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43463t=43391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:43391]
Here's another great site that generates (randomly?) RIFs for you to practice reading http://www.loopy.org/rif.cgi Mike W. Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm assuming you're getting ready for 350-001, in which case you might want to take a look at www.laganiere.net, where I put together some documents that might be helpful. There's a document on doing RIFs, some advice on preparation, and a list of corrections for the cramsession at brainbuzz I wrote a few years ago. I hope you find it useful... Good luck, and please let us all know how well you do... --- Dennis - Original Message - From: To: Sent: Monday, May 06, 2002 7:13 AM Subject: CCIE Written [7:43391] Hi Ladies and Gentleman I am writing my written in less then two weeks. Help! Can anyone give me some Hints ;-) and inspiration, motivation all the good stuff. Your information is greatly appreciated. Thanks in advance! Regards, Sergio Silva Network Engineer Dimension Data Help Desk 011-7091026 This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies (Dimension Data). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43464t=43391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router/Bridge re-transmit frames? [7:43459]
Regardless of whether a router is configured for bridging or routing, it must send an Ethernet frame successfully, without a collision. A half-duplex Ethernet interface (whether on a bridge, switch, router, server, or PC) monitors for a collision while sending. If a collision occurs, the interface retransmits the frame. This happens at the Media Access Layer, and has to do with accessing the medium successfully and nothing more. The station listens while sending and retransmits if a collision occurs. That's basic CSMA/CD. Every Ethernet interface (that is in half-duplex mode) must do CSMA/CD. This doesn't mean that a router or bridge retransmits in most cases. The CCIE tests expect you to know that neither a bridge nor a router retransmits if a frame experiences a bit error or gets lost somehow. Retransmitting is up to the end station. A recipient bridge or router doesn't send back any sort of message to a sending bridge or router to report a problem. It's up to the end station to know that a packet didn't get ACKed. A router could send an ICMP message. In general, those go back to the end station though. An intermediate router has no way to know if a problem occurred and retransmit. A few other exceptions to the rule that a router doesn't retransmit are Binary Synchronous Communication Protocol (BISYNC) and LAPB. Priscilla At 11:27 PM 5/6/02, Kaminski, Shawn G wrote: I've always known routers to route and bridges to learn, filter, forward, and flood. A co-worker said that if a router is configured with transparent bridging, it can re-transmit a frame. He said that he heard this somewhere. I'm pretty sure he's wrong because this just isn't something that a router/bridge is meant to do. I also searched CCO but came up empty-handed. For example, say you have two segments connected to a router; one segment off of e0 and one segment off of e1. If a host on the e0 segment sends a frame to a host on the e1 segment and a collision occurs on the e1 segment before reaching the destination host, then I believe that the host on e0 is responsible for re-transmitting the frame, not the router/bridge. Has anyone heard of a router configured with transparent bridging re-transmitting frames? I just can't see how this could happen. However, I've seen stranger things happen, so I just wanted to get the opinions of others on this group. Shawn K. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43466t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router/Bridge re-transmit frames? [7:43459]
I agree with you transparent bridges are just that, transparent. Any retransmittal of corrupt or lost frames would need to be done by the end station AFAIK, (with ethernet) even if a device receives a corrupt frame, at layer 2, it simply discards it it doesn't request retransmittal as that is left to higher protocols to correct. Mike W. Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've always known routers to route and bridges to learn, filter, forward, and flood. A co-worker said that if a router is configured with transparent bridging, it can re-transmit a frame. He said that he heard this somewhere. I'm pretty sure he's wrong because this just isn't something that a router/bridge is meant to do. I also searched CCO but came up empty-handed. For example, say you have two segments connected to a router; one segment off of e0 and one segment off of e1. If a host on the e0 segment sends a frame to a host on the e1 segment and a collision occurs on the e1 segment before reaching the destination host, then I believe that the host on e0 is responsible for re-transmitting the frame, not the router/bridge. Has anyone heard of a router configured with transparent bridging re-transmitting frames? I just can't see how this could happen. However, I've seen stranger things happen, so I just wanted to get the opinions of others on this group. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43465t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router/Bridge re-transmit frames? [7:43459]
If an Ethernet device receives a damaged frame, it silently discards it. That is true. But a half-duplex Ethernet sender knows when a collision occurs with a frame that is sending and retransmits. That's the CD part of CSMA/CD. If a frame got damaged for some other reason, say noise or crosstalk or whatever, the Ethernet sender wouldn't know, however. Very few protocols have any sort of method for explicitly telling a sender that a packet got damaged. The sender simply figures out that a frame got lost because it never gets ACKed. This usually happens at an upper layer, such as TCP. There are some exceptions to this implicit behavior. LLC2 and LAPB have an explicit REJ and FRMR, for example. LLC2 is usually end-to-end, but it can be router-to-router in DLSW+, for example. And, then there's BISYNC. It has a NAK and a WAK! Priscilla At 12:11 AM 5/7/02, Michael L. Williams wrote: I agree with you transparent bridges are just that, transparent. Any retransmittal of corrupt or lost frames would need to be done by the end station AFAIK, (with ethernet) even if a device receives a corrupt frame, at layer 2, it simply discards it it doesn't request retransmittal as that is left to higher protocols to correct. Mike W. Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've always known routers to route and bridges to learn, filter, forward, and flood. A co-worker said that if a router is configured with transparent bridging, it can re-transmit a frame. He said that he heard this somewhere. I'm pretty sure he's wrong because this just isn't something that a router/bridge is meant to do. I also searched CCO but came up empty-handed. For example, say you have two segments connected to a router; one segment off of e0 and one segment off of e1. If a host on the e0 segment sends a frame to a host on the e1 segment and a collision occurs on the e1 segment before reaching the destination host, then I believe that the host on e0 is responsible for re-transmitting the frame, not the router/bridge. Has anyone heard of a router configured with transparent bridging re-transmitting frames? I just can't see how this could happen. However, I've seen stranger things happen, so I just wanted to get the opinions of others on this group. Shawn K. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43468t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Immdeiate Assistance is Reaquired! [7:43449]
Minor quibbles/comments, see inline 1-We just want that no user traffic should directly go to router and only the traffic that is coming through Proxy Server should reach the router. Router(config)#access-list 1 permit 0.0.0.0 Router(config)#interface Fast0 Router(config-if)#ip access-group 1 in This would only allow traffic coming from the proxy server to be allowed into the router via the FastEthernet... modify as needed. It should be blatantly obvious (to Cisco people anyway), but make sure you replace the 0.0.0.0 with the address of your proxy server. :) 0.0.0.0 equates to any host. 3- We want to stop Telnet. No ne should be able to telnet it. We only want to configure router through Console Port. The easiest way to prevent telnet access to the router is to simply not assign a password (or remove an existing password) on the VTY lines. I see in your config you have a password on the VTY lines. Remove it like so: Router(config)#line vty 0 4 Router(config-line)# no password I agree this is the easiest way to simply disable telnet, but for security purposes, I would instead use another ACL to block - it's better than some random person being able to identify your Cisco router immediately from the No password dialog... of course with some additional knowledge of IP and Cisco, one can determine it's a Cisco router, but at least this stops casual users. Plus, with an open port (i.e., Telnet=23), a port scan could perform some OS fingerprinting and other recon on your box. Here's an example... blocked internal LAN access to the telnet as well as outside with this. Router(config)access-list 100 deny any eq telnet Router(config)access-list 100 permit 10.1.1.1 --- Proxy server ip Router(config-if)#ip access-group 100 in --- LAN interface Router(config)access-list 101 deny any eq telnet Router(config)access-list 101 permit any any Router(config-if)#ip access-group 101 in --- WAN interface Simple, but works. Sean Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43467t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router/Bridge re-transmit frames? [7:43459]
I'm doing my written tomorrow, I've studied that retransmits are part of the Host's job, especially in a TB network. TB's are stupid, they do no error recover or anything similar. You are correct Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43469t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Modem auto-configuration [7:43381]
Answers are 1,2,3. Dont trust those stupid testing engines, they are full of errors. The NLI Study Guide testing engine is a fine example of a testing engine full of errors! Authors need to do the test a few times I think.. I don't rely on these anymore, get out Cisco Press, its right. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43470t=43381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
