setting a vlan on a port [7:45210]

[Stuart Laubstein]

Morning all, I have been trying to set a VLAN on a port on a 2948 but it
will not work for me. I have been using set port membership 2/48 100 (with
2/48 being the port and module and 100 being the vlan. It will not accept it
for some reason. It will not accept any VLAN actually. TheVLAN in question
is on the switch. Am I just being really stupid here?

thanks

stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45210&t=45210
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 515E Question [7:45206]

[[EMAIL PROTECTED]]

Wow you are right.  There is another card in there!

I didn't see it at first but yeah it is there and it is big..

No ports at all.







"Kris Keen" 
Sent by: [EMAIL PROTECTED]
05/28/2002 03:38 PM
Please respond to "Kris Keen"

 
To: [EMAIL PROTECTED]
cc: 
Subject:RE: PIX 515E Question [7:45206]


I know this! sorta, cant remember it thought its a card for 3des or 
similar
for PIX to PIX authentication and security? it has no ports right?
Nod , seen it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45211&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 515E Question [7:45206]

[[EMAIL PROTECTED]]

The card is a SafeNet Crypt PCI card.

It looks exactly like the VPN accelerator card I used last year for the 
515.

What's up?  Now we have to buy these things?

Theo






"[EMAIL PROTECTED]" http://www.groupstudy.com/form/read.php?f=7&i=45212&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 515E Question [7:45206]

[Chee Kin]

That's right.  It's the card with no port.  I think there's a DSP chip on
the card.  Was wondering if I can remove the card and put in two single port
NIC onto the PIX.

Thanks.

cheekin

- Original Message -
From: "Kris Keen" 
To: 
Sent: Tuesday, May 28, 2002 2:38 PM
Subject: RE: PIX 515E Question [7:45206]


> I know this! sorta, cant remember it thought its a card for 3des or
similar
> for PIX to PIX authentication and security? it has no ports right?
> Nod , seen it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45213&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Terminal server required for CCNP/CCIE lab? [7:42600]

[Peter I. Racz]

Hello,

I used to swap the console cable too and was wondering about the same 
thing, and then I have bought a CS-516 with the "latest" IOS, which is 
the cheap equivalent of the 2511. If you devide the how many times you 
plug in and out the console cable till you become a CCIE, you will get 
something like 0.1c/plug. It is not worth... ;-)

But seriously, the good thing which has not yet been mentioned here is 
that you can have connection to each router in a different window thus 
seeing in real time what happens on other routers when you change 
something here... This is extremely useful when you learn...

The multiple connections are set up via multiple telnet sessions from 
your pc to the terminal server and connecting each session to a 
different router.

I also include here the sh ver of my CS516. If you come accross one of 
these, make sure your OS version is not older than 10.3, which is the 
latest. This will make sure you will have the same experience then 
having a 2511.

Peter Ivo


Cisco Internetwork Operating System Software
IOS (tm) CS Software (CS500-C-M), Version 10.3(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Wed 01-Nov-95 15:17 by vatran
Image text-base: 0x00802000, data-base: 0x00AB23A4

ROM: System Bootstrap, Version 5.3(7), SOFTWARE

CS uptime is 3 minutes
System restarted by power-on
Running default software

Cisco-CS500 (68331) processor with 10240K bytes of memory.
TN3270 Emulation software (copyright 1994 by TGV Inc).
SuperLAT software copyright 1990 by Meridian Technology Corp).
1 Ethernet/IEEE 802.3 interface.
16 terminal lines.
32K bytes of non-volatile configuration memory.

Configuration register is 0x2102

CS#

Frank Herschell wrote:

>Hello,
>
>Can someone tell me if a terminal server (2509-2512) is required for a
>CCNP/CCIE lab? I'm continuing to build up my lab and was thinking of buying
>one soon. I read somewhere that the CCIE lab does not use reverse telnetting
>anymore. Is this true or not? Right now I'm swapping the console cable among
>all my routers and switches for configuration purposes. Should I buy a
>terminal server or not? I'm working towards a CCNP for now.
>
>Thanks,
>
>Frank
>.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45214&t=42600
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 515E Question [7:45206]

[Chee Kin]

Thanks for the info.  Just managed to get hold of the delivery order and it
is listed as VAC.

cheekin

- Original Message -
From: 
To: 
Sent: Tuesday, May 28, 2002 3:25 PM
Subject: RE: PIX 515E Question [7:45206]


> The card is a SafeNet Crypt PCI card.
>
> It looks exactly like the VPN accelerator card I used last year for the
> 515.
>
> What's up?  Now we have to buy these things?
>
> Theo
>
>
>
>
>
>
> "[EMAIL PROTECTED]"  Sent by: [EMAIL PROTECTED]
> 05/28/2002 04:02 PM
> Please respond to "[EMAIL PROTECTED]"
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject:RE: PIX 515E Question [7:45206]
>
>
> Our is the 515E-DMZ so there is one card in there for the FE port.
> In there other port, there is nothing there.
>
> I will look again.
>
>
>
>
>
>
> "Kris Keen"
> Sent by: [EMAIL PROTECTED]
> 05/28/2002 03:38 PM
> Please respond to "Kris Keen"
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject:RE: PIX 515E Question [7:45206]
>
>
> I know this! sorta, cant remember it thought its a card for 3des or
> similar
> for PIX to PIX authentication and security? it has no ports right?
> Nod , seen it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45215&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Anti-spoofing [7:45217]

[Postman Pat]

Greetings,
Please help me, I am trying to configure anti-spoofing on a router:

Interface eth 0
Ip address 192.168.1.1 255.255.255.0

Interface ser 0
ip address 10.0.0.1 255.255.255.0
access-list 10 deny 192.168.1.0 0.0.0.255
access-class 10 in

Is my understanding of setting up anti-spoofing correct? Is there anything 
I need to change to get this working? How do I improve the security on 
this config?

Regards

LK




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45217&t=45217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Emergency: HOw to extend the telnet timeout for a router? [7:45216]

[Ocsic]

Hi, all
the default timeout for a telnet session is 300 sec

Any command can extend the telnet timeout time ?


Please mail me [EMAIL PROTECTED]

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45216&t=45216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 515E Question [7:45206]

[Tim O'Brien]

Actually, now they are included in the 515E-UR for free! You still need to
purchase it in the 515E-R models, I believe. This card increases throughput
for DES and 3DES to over 63Mbps. It works basically like a math-coprocessor
and offloads all of the IPSec encryption traffic so that the main processor
does not have to work so hard.

Here is the Q&A for the "E" models
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/p615e_qa.htm

And here is the data sheet for the VPN Accelerator card that you are finding
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/vac_ds.htm


Hope that helps,

Tim
CCIE 9015


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, May 28, 2002 3:25 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX 515E Question [7:45206]


The card is a SafeNet Crypt PCI card.

It looks exactly like the VPN accelerator card I used last year for the
515.

What's up?  Now we have to buy these things?

Theo






"[EMAIL PROTECTED]" http://www.groupstudy.com/form/read.php?f=7&i=45218&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 515E Question [7:45206]

[[EMAIL PROTECTED]]

Yeah you can remove it I did.

I haven't turned it on yet though.






"Chee Kin" 
Sent by: [EMAIL PROTECTED]
05/28/2002 05:14 PM
Please respond to "Chee Kin"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: PIX 515E Question [7:45206]


That's right.  It's the card with no port.  I think there's a DSP chip on
the card.  Was wondering if I can remove the card and put in two single 
port
NIC onto the PIX.

Thanks.

cheekin

- Original Message -
From: "Kris Keen"
To:
Sent: Tuesday, May 28, 2002 2:38 PM
Subject: RE: PIX 515E Question [7:45206]


> I know this! sorta, cant remember it thought its a card for 3des or
similar
> for PIX to PIX authentication and security? it has no ports right?
> Nod , seen it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45219&t=45206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Discontiguous networks ? [7:45220]

[Phil Barker]

Hi group,
 I set up a Lab to highlight the problem that
discontiguous networks brings to distance vector
protocols. I seperated three Class B networks
(172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24) with the
class C networks (192.168.1.4/30 & 192.168.1.8/30).

As expected with RIP 1, I can clearly see network
172.16.0.0/16 being advertised over the serial
interfaces, with 'debug ip rip'. 

I then configured the Lab for RIP 2 thinking that this
would be a solution to the problem, since RIP 2
advertises the subnet mask with the network address,
but ran up against the same problem as RIP 1.

I can solve the problem using secondary addresses,
however, I feel that RIP 2 should also solve the
problem. 

Am I missing something here ?

Just thinking out loud, should I have put 'no
auto-summary' under the rip routing ? maybe it
defaults to classful behaviour anyway !!!

Appreciate any responses.

Phil.

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45220&t=45220
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

For Gurus : ROuting Timers and Mobile ARP Question [7:45221]

[IT Guy]

Guys,

I am confused out Playing with Different  kind of timers in ROuting and 
switching.

Moslty, if we change timers in routing protocols like RIP /OSPF update or 
hello interval , we must have to change it on both sides of link

DOes it mean that when ever we have to change "ANY" timer on one side of 
interface, we  must have to chnage on other side of that link aswell?? like 
in case of changing timers on IPX rip or nlsp??

2nd Q is that, To configure IP mobile ARP, do i have to put Bridge group on 
interface as well?? I found this under documentation althouhg I didnt see 
this
anywhere else ??so wat the right method?

Thanks for help.

TOM

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45221&t=45221
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

AW: setting a vlan on a port [7:45210]

[Stuart Laubstein]

Thanks to those who answered me--I was just being stupid.  They were correct
in that the command I had to use was 
set vlan 100 2/48   

thanks again

stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45223&t=45210
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Emergency: HOw to extend the telnet timeout for a router? [7:45222]

[Mohannad Khuffash]

Use exec-timeout command at vty line interface .

--




Mohannad N. Khuffash
Network Administrator
Palestine Telecom
Tel : 00970-09-2390509
""Ocsic""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, all
> the default timeout for a telnet session is 300 sec
>
> Any command can extend the telnet timeout time ?
>
>
> Please mail me [EMAIL PROTECTED]
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45222&t=45222
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Discontiguous networks ? [7:45220]

[cebuano]

Phil,
Without seeing your config, the first thing that comes to mind
with your RIP experiment is
do you have "no ip classless" on all your RIP routers?
Before using "no auto-summary" with RIP,
check the notes on your IOS version on CCO.
Ver.12.2 specially has features that are new, you'd be
amazed what the above command does.

Elmer

- Original Message -
From: "Phil Barker" 
To: 
Sent: Tuesday, May 28, 2002 4:52 AM
Subject: Discontiguous networks ? [7:45220]


> Hi group,
>  I set up a Lab to highlight the problem that
> discontiguous networks brings to distance vector
> protocols. I seperated three Class B networks
> (172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24) with the
> class C networks (192.168.1.4/30 & 192.168.1.8/30).
>
> As expected with RIP 1, I can clearly see network
> 172.16.0.0/16 being advertised over the serial
> interfaces, with 'debug ip rip'.
>
> I then configured the Lab for RIP 2 thinking that this
> would be a solution to the problem, since RIP 2
> advertises the subnet mask with the network address,
> but ran up against the same problem as RIP 1.
>
> I can solve the problem using secondary addresses,
> however, I feel that RIP 2 should also solve the
> problem.
>
> Am I missing something here ?
>
> Just thinking out loud, should I have put 'no
> auto-summary' under the rip routing ? maybe it
> defaults to classful behaviour anyway !!!
>
> Appreciate any responses.
>
> Phil.
>
> __
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45224&t=45220
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Lab Rats [7:44611]

[cebuano]

Comments inline.

- Original Message -
From: "nrf" 
To: 
Sent: Monday, May 27, 2002 11:52 PM
Subject: Re: Doyle on Lab Rats [7:44611]


> Keep on reading through my old post,  I was getting to the link between
> experience and your network.  The nutshell of it is that experience
> generally lets you grow a good network (both the router kind and the
people
> kind).You don't meet too many people by hanging out at Sylvan
Prometric.
Yeah, the ratio between Cisco and everything-else examinees are 1 to 50.
The ratio between 350-001 and everything-else is about 0.1 to 100.
I know cause I work for a company that preaches exam-passing as a Gospel.
I wonder how much percentage of the exam fees they get.

> I said it before, I'll say it again.  Some experience is exceptionally
bad.
> But some experience is exceptionally good.  So when some guy says he has 5
> years experience, it might be bad experience, but it might be good
> experience.  So without any further information, it's not unreasonable to
> say that 5 years is really worth 5 years, until you investigate further to
> find out that it's actually 1, or 5, or 15, or whatever.
You hit the nail right on the head again.
There are certainly individuals who thrive on growth in their field. But
I've
seen too many who are just "doing time".




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45225&t=44611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Provider Backbone Engineering and CCIEs [7:44876]

[R. Benjamin Kessler]

One of the nice features of Ethereal is that you can do "TCP Stream
Analysis."  Basically, this shows the ASCII stream of data going
back-and-forth between the client and server.  When analyzing telnet
sessions it is pretty easy to see the clear-text passwords this way.

HTH

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Sasa Milic
Sent: Friday, May 24, 2002 2:32 PM
To: [EMAIL PROTECTED]
Subject: Re: Provider Backbone Engineering and CCIEs [7:44876]

Because pop3 username and password use two packets (one for
"USER username" and another for "PASS password" command).
With telnet, every keystroke is transmitted in separate
packet. It is possible to collect them all and reconstruct
username/password, but it's not trivial as with pop3.

Sasa
CCIE 8635

Henrique Duarte wrote:
> 
> Why can't I sniff my telnet login/password in clear text but can sniff
my
> pop3 login/password in clear text? I'm using Sniffer Pro 4.5.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45226&t=44876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SYSLOG time stamp problem [7:44949]

[R. Benjamin Kessler]

I know on RedHat you have to ensure that syslogd is started with the -r
flag so that it accepts syslog messages from "remote" systems.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steven A. Ridder
Sent: Friday, May 24, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: Re: SYSLOG time stamp problem [7:44949]

Speaking of syslog, if a syslog daemon is running on a unix machine, is
that
all that needs to happen for it to collect messages.  I can get a Kiwi
syslog program to work, but if I have a customer set up syslog on unix,
nothing is in the logs, even though the router claims to have sent him
messages (and all connectivity is working).

--

RFC 1149 Compliant.



""Jeffrey Reed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I set up a syslog server and have a problem with the time stamp in a
sys
log
> message. When a message is sent to my syslog server (using solar
winds
> syslog monitor) the date/time field is correct, but the time stamp
with
the
> message itself is not, its 4 hours ahead. I show calendar and clock on
the
> 6500 MSFC and they are both set correctly. I have the system set up
for
EST
> and daylight savings, so I think the syslog facility is not factoring
in
> those settings.
>
> How can I get the syslog message to display the correct time?
>
> Thanks!!
>
> Jeff Reed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45227&t=44949
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Emergency: HOw to extend the telnet timeout for a router? [7:45228]

[Dain Deutschman]

Is it
line vty 0 4
exec-timeout  ??
I could be misunderstanding the question. Please correct me if I am wrong.

Dain

""Ocsic""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, all
> the default timeout for a telnet session is 300 sec
>
> Any command can extend the telnet timeout time ?
>
>
> Please mail me [EMAIL PROTECTED]
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45228&t=45228
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What next? [7:45176]

[Howard C. Berkowitz]

At 10:29 PM -0400 5/27/02, nrf wrote:
>Nothing much better than the RFC's.  Cisco has some textbooks, but in my
>opinion they really aren't that good.   The MPLS/VPN book, for example, is
>OK if you really really want to do VPN's, but even then it still isn't that
>informative.   They also have a frustratingly Cisco-centric approach to MPLS
>(yeah yeah, I know what you're going to say, what do you expect if it's from
>Ciscopress, but still...).
>
>
>From what I've seen, MPLS gets a lot clearer when you can actually see it in
>action.  If you guys are implementing an MPLS network somewhere (and I know
>quite a few ISP's are doing just that), then that would be the best place to
>learn it.

Just as it takes a certain change of mindset to understand what 
problem BGP is solving, it takes a change of mindset to understand 
MPLS and the next generation, GMPLS.  Many people have problems with 
the ideas that MPLS does not do away with the needs for routing 
protocols, and indeed adds new protocols.  Also, there tends to be an 
assumption that MPLS is faster than conventional IP routing, which no 
longer is the case.

There are real values to MPLS, which are more carrier than enterprise 
oriented. These include traffic engineering/QoS, and extremely 
flexible failure override techniques that can make link recovery 
times comparable to SONET. You won't find any Cisco (or other) 
configuration examples in my new book, but you will see an extensive 
discussion of functionality--why would you want to use MPLS, and how 
it changes design approaches (e.g., perhaps no IGP in a large network 
core).

It's a sufficiently rapidly developing field that books will have 
trouble keeping up with it.  The RFCs _and_ Internet-Drafts (see 
http://www.ietf.org/html.charters/mpls-charter.html ) are still the 
best references. Don't worry too much about CR-LDP, but pay attention 
to the traffic engineering and link restoral documents.

If you like PowerPoint tutorials, browse around www.nanog.org, and 
you'll find several good presentations at the last few meetings.

>
>
>""Scott H.""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  Any recommendations for good sources on MPLS?
>>
>>  ""Howard C. Berkowitz""  wrote in message
>>  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  > At 8:58 PM -0400 5/27/02, Scott H. wrote:
>>  > >I recently completed the CCIE lab exam (R&S) and have been
>contemplating
>>  the
>>  > >next mountain.  Anybody have any suggestions?  I have considered both
>>  > >Juniper and Nortel but my interest level in those is limited and so is
>my
>>  > >access to equipment.  Anybody gone down the road of CCIP yet?  Metro
>>  seems
>>  > >like a fun topic and I would love to learn MPLS.  Any comments (except
>>  B.S.
>>  > >cert bashing) welcome.
>>  > >
>>  > >Scott
>>  > >CCIE #9340
>>  >
>>  > I'd encourage studying MPLS, if for no other reason that to
>>  > understand it, you have to learn new paradigms, which will indirectly
>>  > improve your knowledge of IP routing.  For that matter, it's a key
>>  > technology for Juniper, Nortel, and metro services.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45229&t=45176
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[Peter van Oene]

What leads you to believe that they "will be at the tail end of the
recovery?"

At 09:04 PM 5/27/2002 -0400, Wes Stevens wrote:
>Jenny I assume you are talking about Juniper. I really don't know anything
>about their cert. The company I know pretty well. I would not want to be
>looking for a job in this market place with only Juniper experience. Juniper
>will not go away for sure, but they will be at the tail end of the recovery
>at best.
>
>
> >From: "[EMAIL PROTECTED]"
> >Reply-To: "[EMAIL PROTECTED]"
> >To: [EMAIL PROTECTED]
> >Subject: Re: How do I approach the company about my CCIE [7:40261]
> >Date: Mon, 27 May 2002 19:15:12 -0400
> >
> >"A CCIE is still the highest networking cert and the only one that is not
a
> >
> >paper cert. "
> >
> >I'll save nrf the trouble of saying this.
> >Highest networking cert?  Arguable.  Depends how you define "highest". But
> >it's certainly not a totally unreasonable claim.  Only one that is not a
> >paper cert?  Hardly.  Try doing a little more research.
> >However, if you substitute "Cisco" for "networking" in your original
> >sentence, it looks far more accurate.
> >
> >Cisco is not the only player, or even the only significant player, in the
> >networking game.
> >
> >JMcL
> >
> >
> >- Forwarded by Jenny Mcleod/NSO/CSDA on 28/05/2002 08:39 am -
> >
> >
> >"Wes Stevens"
> >Sent by: [EMAIL PROTECTED]
> >27/05/2002 11:40 pm
> >Please respond to "Wes Stevens"
> >
> >
> > To: [EMAIL PROTECTED]
> > cc:
> > Subject:Re: How do I approach the company about my CCIE
> >[7:40261]
> >Is this part of a business decision process?:
> >
> >
> >If you look at Cisco over the last 18 months compared to it's competitors
> >it
> >has done well. It's sales have dropped much less then most other
> >networking
> >companies and they have actually gained market share in all major areas.
> >The
> >major telco's built out way too fast and the growth did not come like they
> >
> >expected. But on the enterprise side companies took it a lot slower. This
> >economy is starting a slow recovery. Next year things will pick up. It
> >will
> >never be like 1999 as you say, but we will get back to the point where
> >there
> >will be plenty of jobs.
> >
> >A CCIE is still the highest networking cert and the only one that is not a
> >
> >paper cert. We have seen a lot more numbers comming out these days, but
> >Cisco doubled the number of lab seats in San Jose and RTP back in March.
> >Add
> >to that the one day lab and Sat and Sun testing and there are a lot more
> >people taking the test. Cisco keeps track of the passing percent and will
> >adjust the challenge of the lab if necessary. The other thing is we
> >probably
> >will see major changes in the lab before the end of the year. When they
> >get
> >rid of token ring who knows what goodies they will replace it with. It
> >will
> >take a while for the boot camps to adjust their programs to the new topics
> >
> >and the candidates that take the self study route will be searching for
> >ways
> >to cover the new material. There will be a big slow down for a while at
> >that
> >point.
> >
> >
> >I guess my point is I do not see the value of the CCIE going the way of
> >the
> >microsoft certs. Thing will get better next year and the demand for CCIE's
> >
> >will raise.
> >
> >[snipped]
> >
> >
> >
> >
> >Important:  This e-mail is intended for the use of the addressee and may
> >contain information that is confidential, commercially valuable or subject
> >to legal or parliamentary privilege.  If you are not the intended
recipient
> >you are notified that any review, re-transmission, disclosure, use or
> >dissemination of this communication is strictly prohibited by several
> >Commonwealth Acts of Parliament.  If you have received this communication
> >in
> >error please notify the sender immediately and delete all copies of this
> >transmission together with any attachments.
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45231&t=40261
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[Peter van Oene]

The JNCIE is a difficult exam, however it is quite realistic.  Hence, if 
you use Junipers in service provider networks and are familiar typical SP 
configurations, you should have a decent shot at it.   The written test 
itself was designed to be fairly challenging and to compliment the lab and 
I do recall it being more technically deep than the CCIE written. However, 
it is also much more focused on a few topics so the increased technical 
depth makes sense.

Pete


At 10:39 PM 5/27/2002 -0400, John Neiberger wrote:
>I've heard that the JNCIE (Juniper) cert is unbelievably difficult.  I've
>also heard it said that both their written and lab exams are considerably
>more difficult than the CCIE.  This may no longer be true once Cisco rolls
>out the final version of the new written exam, though.  It looks like a
>bear!
>
>John
>
>- Original Message -
>From:
>To:
>Sent: Monday, May 27, 2002 5:15 PM
>Subject: Re: How do I approach the company about my CCIE [7:40261]
>
>
> > "A CCIE is still the highest networking cert and the only one that is not
>a
> >
> > paper cert. "
> >
> > I'll save nrf the trouble of saying this.
> > Highest networking cert?  Arguable.  Depends how you define "highest".
But
> > it's certainly not a totally unreasonable claim.  Only one that is not a
> > paper cert?  Hardly.  Try doing a little more research.
> > However, if you substitute "Cisco" for "networking" in your original
> > sentence, it looks far more accurate.
> >
> > Cisco is not the only player, or even the only significant player, in the
> > networking game.
> >
> > JMcL
> >
> >
> > - Forwarded by Jenny Mcleod/NSO/CSDA on 28/05/2002 08:39 am -
> >
> >
> > "Wes Stevens"
> > Sent by: [EMAIL PROTECTED]
> > 27/05/2002 11:40 pm
> > Please respond to "Wes Stevens"
> >
> >
> > To: [EMAIL PROTECTED]
> > cc:
> > Subject:Re: How do I approach the company about my CCIE
> > [7:40261]
> > Is this part of a business decision process?:
> >
> >
> > If you look at Cisco over the last 18 months compared to it's competitors
> > it
> > has done well. It's sales have dropped much less then most other
> > networking
> > companies and they have actually gained market share in all major areas.
> > The
> > major telco's built out way too fast and the growth did not come like
they
> >
> > expected. But on the enterprise side companies took it a lot slower. This
> > economy is starting a slow recovery. Next year things will pick up. It
> > will
> > never be like 1999 as you say, but we will get back to the point where
> > there
> > will be plenty of jobs.
> >
> > A CCIE is still the highest networking cert and the only one that is not
a
> >
> > paper cert. We have seen a lot more numbers comming out these days, but
> > Cisco doubled the number of lab seats in San Jose and RTP back in March.
> > Add
> > to that the one day lab and Sat and Sun testing and there are a lot more
> > people taking the test. Cisco keeps track of the passing percent and will
> > adjust the challenge of the lab if necessary. The other thing is we
> > probably
> > will see major changes in the lab before the end of the year. When they
> > get
> > rid of token ring who knows what goodies they will replace it with. It
> > will
> > take a while for the boot camps to adjust their programs to the new
topics
> >
> > and the candidates that take the self study route will be searching for
> > ways
> > to cover the new material. There will be a big slow down for a while at
> > that
> > point.
> >
> >
> > I guess my point is I do not see the value of the CCIE going the way of
> > the
> > microsoft certs. Thing will get better next year and the demand for
CCIE's
> >
> > will raise.
> >
> > [snipped]
> >
> >
> >
> >
> > Important:  This e-mail is intended for the use of the addressee and may
> > contain information that is confidential, commercially valuable or
subject
> > to legal or parliamentary privilege.  If you are not the intended
>recipient
> > you are notified that any review, re-transmission, disclosure, use or
> > dissemination of this communication is strictly prohibited by several
> > Commonwealth Acts of Parliament.  If you have received this communication
>in
> > error please notify the sender immediately and delete all copies of this
> > transmission together with any attachments.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45230&t=40261
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS Upgrades [7:45128]

[BASSOLE Rock]

Thank you all for the information.

-Message d'origine-
De : Marko Milivojevic [mailto:[EMAIL PROTECTED]]
Envoyi : lundi 27 mai 2002 13:15
@ : [EMAIL PROTECTED]
Objet : RE: IOS Upgrades [7:45128]


> We are having difficulties with one of our router that has 
> it's flash in
> Read-Only. Which make it impossible to upgrade I think. Do 
> you have an idea
> on how to upgrade an IOS on a router with a Read-Only flash.

Boot router from ROM and take it from there.


Marko.

-Message d'origine-
De : Angel Leiva [mailto:[EMAIL PROTECTED]]
Envoyi : lundi 27 mai 2002 17:19
@ : [EMAIL PROTECTED]
Objet : RE: IOS Upgrades [7:45128]


Rock,

I'd suggest that you follow CCO's IOS Upgrade procedures for the routers
with RO Flash you may have. The fact that those routers have Read-Only Flash
type, doesn't mean that you can't erase and upload a new IOS image.

Read-Only FLASH memory requires a different method of "erasing" its
contents. The delete and squeeze commands do not apply to them. Cisco's
upgrade method for those routers that use Read-Only Flash, includes a couple
of steps that will apply a high enough Voltage level to the Flash that will
blank its entire content, and then copy the new IOS image in it.

Of course, there is a chance that you could have a router with "defective"
Flash, meaning that it would not accept new images because its "delete"
function no longer works.

Please visit this CCO URL for upgrade procedures:
http://www.cisco.com/warp/public/130/upgrade_index.shtml

Hth,

Angel

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
BASSOLE Rock
Sent: Monday, May 27, 2002 5:38 AM
To: [EMAIL PROTECTED]
Subject: IOS Upgrades [7:45128]


Hello group,


After the announce on SNMP and NTP vulnerabilites we are doing upgrades on
our routers with Cisco's recommandations.

We are having difficulties with one of our router that has it's flash in
Read-Only. Which make it impossible to upgrade I think. Do you have an idea
on how to upgrade an IOS on a router with a Read-Only flash.

Any information is welcome.

Thank you.

Rock.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45232&t=45128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What next? [7:45176]

[Peter van Oene]

www.mplsrc.com is a good place to start

At 10:21 PM 5/27/2002 -0400, Scott H. wrote:
>Any recommendations for good sources on MPLS?
>
>""Howard C. Berkowitz""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 8:58 PM -0400 5/27/02, Scott H. wrote:
> > >I recently completed the CCIE lab exam (R&S) and have been contemplating
>the
> > >next mountain.  Anybody have any suggestions?  I have considered both
> > >Juniper and Nortel but my interest level in those is limited and so is
my
> > >access to equipment.  Anybody gone down the road of CCIP yet?  Metro
>seems
> > >like a fun topic and I would love to learn MPLS.  Any comments (except
>B.S.
> > >cert bashing) welcome.
> > >
> > >Scott
> > >CCIE #9340
> >
> > I'd encourage studying MPLS, if for no other reason that to
> > understand it, you have to learn new paradigms, which will indirectly
> > improve your knowledge of IP routing.  For that matter, it's a key
> > technology for Juniper, Nortel, and metro services.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45236&t=45176
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP addressing..i think i understand but i am not sure [7:45235]

[Peter van Oene]

Hey Nigel,

I'm not sure where to point you.  All I can tell you is that it is 
commonplace and likely will continue to be so.  I'm currently not aware of 
any routing issues that this behavior would induce.

Pete


At 08:04 PM 5/27/2002 -0400, Nigel Taylor wrote:
>Peter,
>  It would seem that Cable&Wireless and Above along with RIPE are
the
>main culprits.
>
>It would seem to me that this inconsistent route issue would present
>problems, what I'm I missing? It maybe that I'm not totally
>clear on what constitutes an "inconsistent route".  RFC 1930 clearly states
>that "one-prefix, one originating AS". I know it's been
>mentioned in this thread and I see it noted that the RSNG Project will
>notify peers of inconsistent policies registered in the IRR.
>So, how effective is this initiative if most of the community feels it's not
>something to be worried about.
>
>Anyone care to point me in a specific direction.
>
>thanks
>Nigel
>
>- Original Message -
>From: "Peter van Oene"
>To:
>Sent: Monday, May 27, 2002 6:31 PM
>Subject: Re: BGP addressing..i think i understand but i am not sure
>[7:45169]
>
>
> > quick comment in line.
> >
> > At 04:53 PM 5/27/2002 -0400, Chuck wrote:
> > >I have a question, Howard - in line:
> > >
> > >
> > >""Howard C. Berkowitz""  wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > This is one of those posts where the attributions have gotten very
> > > > confused. Comments inline.
> > > >
> > >snip for brevity
> > > >
> > > > It can be done, if both ISPs agree to it and coordinate their routing
> > > > policies. A public AS, however, is justified in this circumstance.
> > > >
> > > > While doesn't quite describe this situation, look at RFC 2270 for the
> > > > general strategy. Both ISPs have to remove private AS.  This will
> > > > also cause more than one ISP to appear to originate the route, which
> > > > is a technical violation of BGP (i.e., it's an "inconsistent route"),
> > > > but that isn't that uncommon and doesn't seem to break anything.
> > > >
> > >
> > >Question: in an ideal world, what would happen when an "inconsistant
>route"
> > >shows up? idealy, would that route be black holed?
> > >Since it is "common" and since it "doesn't seem to break anything" in
ral
> > >terms, what happens? BGP advertises reachability to other BGP routers,
be
> > >they internal or external. But in terms of a packet traveling from my
>house
> > >to a destination that is "inconsistant" what happens? What matters? My
> > >packet continues to be passed from here to there until some directly
> > >connected router receives it. I'm assuming that "inconsistant" does not
> > >imply "loop"
> > >
> > >thanks.
> >
> > You are correct in that inconsistent advertisements do not represent
>looped
> > routes. In the case of a prefix seemingly existing in two AS's, a remote
> > router simply passes that prefix through the basic BGP path selection
> > algorithm and selects the more preferable of the two for export to the
>main
> > routing table.   Once a route hits the routing table, transiting packets
> > are forwarded as usual.
> >
> > Any potential concern lies in the handling of routes that show up as
> > inconsistent.  I have seen discussions from various communities (RIPE
>comes
> > first to mind) about specifying a globally accepted behavior for such
> > routes, but haven't seen a consensus on this issue other than to leave it
> > alone.  Howard probably has somewhat more detailed insight here.  At
> > present, inconsistent advertisements are accepted and many feel are valid
> > and should not be handled differently from normal announcements.
> >
> > Customers who think that connecting to two providers is generally better
> > than two pops from a single provider and providers who are too about
> > nervous about losing customer revenue to force customers to properly
> > multi-home (PI space/ASN) or not multi-home to different providers at all
> > are likely the cause of this situation.   So long as this continues to be
> > the norm, we'll likely see more and more of these type announcements and
> > the likelihood of routers dealing with them differently (dropping for
> > example) will similarly decrease.
> >
> > Hit a route server (say route-server.exodus.net) and do a show ip bgp
>incon
> > and you'll see just how many of these routes we are dealing with.
> >
> > Pete
> >
> >
> >
> >
> >
> > > >snip for brevity<




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45235&t=45235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Config on Cisco 7200 [7:45133]

[MADMAN]

No differant than on a 800,1700,2600,3600...

  Dave

Igor Bloch wrote:
> 
> Hello,
> 
> I am trying to configure a Cisco 7200 for direct ISDN connexion.
> Could you please give me some advice or web links to get some lessons on
it ?
> 
> Thanks.
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45234&t=45133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

how to set duplex and speed on 2500 router int ??? [7:45238]

[Kenny Smith]

Dear all,

Question1: May I know how to set the speed and duplex type of the interface 
ethernet0 of 2500 router. See below..  there is no speed and duplex option 
unlike IOS switch fasthernet switch.

internetRT(config)int e0
internetRT(config-if)#?
Interface configuration commands:
  access-expression   Build a bridge boolean access expression
  arp Set arp type (arpa, probe, snap) or timeout
  backup  Modify dial-backup parameters
  bandwidth   Set bandwidth informational parameter
  bridge-groupTransparent bridging interface parameters
  cdp CDP interface subcommands
  cmnsOSI CMNS
  custom-queue-list   Assign a custom queue list to an interface
  delay   Specify interface throughput delay
  description Interface specific description
  exitExit from interface configuration mode
  frame-relay Set frame relay parameters
  helpDescription of the interactive help system
  hold-queue  Set hold queue depth
  ip  Interface Internet Protocol config commands
  ipx Novell interface subcommands
  keepalive   Enable keepalive
  llc2LLC2 Interface Subcommands
  load-interval   Specify interval for load calculation for an interface
  loopbackConfigure internal loopback on an interface
  mac-address Manually set interface MAC address
  mtu Set the interface Maximum Transmission Unit (MTU)
  netbios Use a defined NETBIOS access list or enable 
name-caching
  no  Negate a command or set its defaults
  ntp Configure NTP
  priority-group  Assign a priority group to an interface
  shutdownShutdown the selected interface
  snapshotConfigure snapshot support on the interface
  snmpModify SNMP interface parameters
  standby Hot standby interface subcommands
  transmit-interface  Assign a transmit interface to a receive-only 
interface
  tx-queue-limit  Configure card level transmit queue limit

internetRT(config-if)#

Question2,
When I config my solaris box's (boxA) hme0 as IP 61.9.200.114 netmask 
255.255.255.240 broadcast 61.9.200.127.  But it keep changed to 61.9.200.114 
netmask 255.0.0.0 broadcast 61.255.255.255 after reboot.  May I know why?  I 
configure it on another solaris (boxB) but it stays as 61.9.200.114 netmask 
255.255.255.240 broadcast 61.9.200.127 after rebooting.  Why box A netmask 
changed?

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45238&t=45238
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Lab Rats [7:44611]

[Peter van Oene]

Michael>

>(speaking of contract firms), I've noticed that regardless of certs or
>experience, it seems many more places are doing a "6-month right-to-hire"
>because it's so hard to really tell from a resume, certs, experience, or
>even an interview if someone really knows what they're doing.  So a 6-month
>trial period usually is plenty for them to see if the person has the mettle
>or not.
Pete>

Of note, most jobs I've looked at including my own include the ability for 
the employer to terminate employment at their discretion.  The may be more 
prevalent in the VAR/Vendor space however.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45237&t=44611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Discontiguous networks ? [7:45220]

[Peter van Oene]

This looks like a summary issue to me.  You should see a RIP advertisement 
for 172.16.1.0, not 0.0.  Of note, the classless and classful behavior are 
not entirely related to whether or not an update includes the prefix 
length.  Make sure you have ip classless enabled and I would try turning 
off auto-summary to see if you end up with more appropriate 
announcements.  Of note, with the same prefix length used in your RIP 
network you shouldn't see any issues with V1 routing.  With ip classless 
off however, you should bump into some issue.


At 04:52 AM 5/28/2002 -0400, Phil Barker wrote:
>Hi group,
>  I set up a Lab to highlight the problem that
>discontiguous networks brings to distance vector
>protocols. I seperated three Class B networks
>(172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24) with the
>class C networks (192.168.1.4/30 & 192.168.1.8/30).
>
>As expected with RIP 1, I can clearly see network
>172.16.0.0/16 being advertised over the serial
>interfaces, with 'debug ip rip'.
>
>I then configured the Lab for RIP 2 thinking that this
>would be a solution to the problem, since RIP 2
>advertises the subnet mask with the network address,
>but ran up against the same problem as RIP 1.
>
>I can solve the problem using secondary addresses,
>however, I feel that RIP 2 should also solve the
>problem.
>
>Am I missing something here ?
>
>Just thinking out loud, should I have put 'no
>auto-summary' under the rip routing ? maybe it
>defaults to classful behaviour anyway !!!
>
>Appreciate any responses.
>
>Phil.
>
>__
>Do You Yahoo!?
>Everything you'll ever need on one web page
>from News and Sport to Email and Music Charts
>http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45240&t=45220
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: how to set duplex and speed on 2500 router int ??? [7:45242]

[Steven A. Ridder]

You can't change the duplex and speed on a 2500.  It's too old.


""Kenny Smith""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear all,
>
> Question1: May I know how to set the speed and duplex type of the
interface
> ethernet0 of 2500 router. See below..  there is no speed and duplex option
> unlike IOS switch fasthernet switch.
>
> internetRT(config)int e0
> internetRT(config-if)#?
> Interface configuration commands:
>   access-expression   Build a bridge boolean access expression
>   arp Set arp type (arpa, probe, snap) or timeout
>   backup  Modify dial-backup parameters
>   bandwidth   Set bandwidth informational parameter
>   bridge-groupTransparent bridging interface parameters
>   cdp CDP interface subcommands
>   cmnsOSI CMNS
>   custom-queue-list   Assign a custom queue list to an interface
>   delay   Specify interface throughput delay
>   description Interface specific description
>   exitExit from interface configuration mode
>   frame-relay Set frame relay parameters
>   helpDescription of the interactive help system
>   hold-queue  Set hold queue depth
>   ip  Interface Internet Protocol config commands
>   ipx Novell interface subcommands
>   keepalive   Enable keepalive
>   llc2LLC2 Interface Subcommands
>   load-interval   Specify interval for load calculation for an
interface
>   loopbackConfigure internal loopback on an interface
>   mac-address Manually set interface MAC address
>   mtu Set the interface Maximum Transmission Unit (MTU)
>   netbios Use a defined NETBIOS access list or enable
> name-caching
>   no  Negate a command or set its defaults
>   ntp Configure NTP
>   priority-group  Assign a priority group to an interface
>   shutdownShutdown the selected interface
>   snapshotConfigure snapshot support on the interface
>   snmpModify SNMP interface parameters
>   standby Hot standby interface subcommands
>   transmit-interface  Assign a transmit interface to a receive-only
> interface
>   tx-queue-limit  Configure card level transmit queue limit
>
> internetRT(config-if)#
>
> Question2,
> When I config my solaris box's (boxA) hme0 as IP 61.9.200.114 netmask
> 255.255.255.240 broadcast 61.9.200.127.  But it keep changed to
61.9.200.114
> netmask 255.0.0.0 broadcast 61.255.255.255 after reboot.  May I know why?
I
> configure it on another solaris (boxB) but it stays as 61.9.200.114
netmask
> 255.255.255.240 broadcast 61.9.200.127 after rebooting.  Why box A netmask
> changed?
>
> _
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45242&t=45242
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM/IMA and Multilink-group [7:45239]

[TMS]

Hello

I have two offices in two diffrent buildings. The are connected
for now using 4 port ATM/IMA interfaces. But 4xE1 is too small
bandwidth for me, so I installed next 4 port ATM/IMA cards. I tryed
multilink-group and multilink interface for create 1 logical interface
from 2 phycials ATM/IMA links, but multilink interface is down :(

Network diagram:

ATM2/ima0  ATM3/ima0
C3640C3660
ATM3/ima0  ATM4/ima0

C3640 configuration:

interface ATM2/ima0
 bandwidth 8000
 no ip address
 ima clock-mode independent
 atm ilmi-enable
 atm pvc 1 32 1 aal5snap inarp 
 multilink-group 1
!
interface ATM3/ima0
 bandwidth 8000
 no ip address
 ima clock-mode independent
 atm ilmi-enable
 atm pvc 2 32 2 aal5snap inarp 
 multilink-group 1
!
interface Multilink 1
 ip address 10.10.10.1 255.255.255.252
 no ip route-cache cef
 no ip redirects
 no ip proxy-arp
 ppp multilink
 multilink-group 1
!

on C3660 configuration is indetical, only interfaces number and
ip address
are diffrent.

Interfaces status:

ATM2/ima0 is up/up (protocol,line)
ATM3/ima0 is up/up
Multilunk 1 is down/down

ATM3/ima0 is up/up
ATM4/ima0 is up/up
Multilink 1 is down/down

And idea how to resolv this problem ?


-- 
TMS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45239&t=45239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[Wes Stevens]

Peter I have been following and trading Juniper stock for years. In the 
beginning everyone loved it because it was so focused - just high end 
routers. Two things came together in 2000 to help them grow sales 6x over 
1999 one was the massive build out of the telcos and the other was the fact 
that they had a year lead on cisco for delivering 192 interfaces. In 2001 
the telco's started cutting back and juniper sales growth went to up 32 %, 
but all of it came in the first half. Since mid year last year sales have 
been dropping qtr over qtr. The biggest reason is the same reason the 
analysts used to love it - focused only on the high end telco market. Well 
the telco's are in a world of trouble. They are so deep in dept that most 
will never climb out. Global xing bit the dust and it looks like wcom may 
follow. Quest is in deep trouble too. Believe it or not the only hope for a 
recovery in the next year is that these big guys go chapter 11 and then 
reorg. All the investors get screwed but their debt goes away and they may 
have some money to invest again. All of the major telcos cut capex for the 
rest of this year and next in their first quarter report. Juniper's also has 
to deal with cisco now as they are going after that same market and have 
taken share away in the last year. This will be especially a problem in 
markets outside the us where cisco already has a presence and juniper does 
not. The last two purchases by Juniper say the reconize the problem as they 
are trying to broaden their product line. But they paid too much for 
Unishere and it will be dilutive this year.

The bottom line is that the big telcos are in real trouble and there is 
still a lot of competition and excess capacity out there. Their capex 
spending is going to be the last thing to recover and along with it Juniper.

Another good indication is in the job market. Go to dice.com or hotjobs and 
do a search on jncie and ccie and see what you get for both.


>From: "Peter van Oene" 
>Reply-To: "Peter van Oene" 
>To: [EMAIL PROTECTED]
>Subject: Re: How do I approach the company about my CCIE [7:40261]
>Date: Tue, 28 May 2002 08:43:09 -0400
>
>What leads you to believe that they "will be at the tail end of the
>recovery?"
>
>At 09:04 PM 5/27/2002 -0400, Wes Stevens wrote:
> >Jenny I assume you are talking about Juniper. I really don't know 
>anything
> >about their cert. The company I know pretty well. I would not want to be
> >looking for a job in this market place with only Juniper experience. 
>Juniper
> >will not go away for sure, but they will be at the tail end of the 
>recovery
> >at best.
> >
> >
> > >From: "[EMAIL PROTECTED]"
> > >Reply-To: "[EMAIL PROTECTED]"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: How do I approach the company about my CCIE [7:40261]
> > >Date: Mon, 27 May 2002 19:15:12 -0400
> > >
> > >"A CCIE is still the highest networking cert and the only one that is 
>not
>a
> > >
> > >paper cert. "
> > >
> > >I'll save nrf the trouble of saying this.
> > >Highest networking cert?  Arguable.  Depends how you define "highest". 
>But
> > >it's certainly not a totally unreasonable claim.  Only one that is not 
>a
> > >paper cert?  Hardly.  Try doing a little more research.
> > >However, if you substitute "Cisco" for "networking" in your original
> > >sentence, it looks far more accurate.
> > >
> > >Cisco is not the only player, or even the only significant player, in 
>the
> > >networking game.
> > >
> > >JMcL
> > >
> > >
> > >- Forwarded by Jenny Mcleod/NSO/CSDA on 28/05/2002 08:39 am -
> > >
> > >
> > >"Wes Stevens"
> > >Sent by: [EMAIL PROTECTED]
> > >27/05/2002 11:40 pm
> > >Please respond to "Wes Stevens"
> > >
> > >
> > > To: [EMAIL PROTECTED]
> > > cc:
> > > Subject:Re: How do I approach the company about my 
>CCIE
> > >[7:40261]
> > >Is this part of a business decision process?:
> > >
> > >
> > >If you look at Cisco over the last 18 months compared to it's 
>competitors
> > >it
> > >has done well. It's sales have dropped much less then most other
> > >networking
> > >companies and they have actually gained market share in all major 
>areas.
> > >The
> > >major telco's built out way too fast and the growth did not come like 
>they
> > >
> > >expected. But on the enterprise side companies took it a lot slower. 
>This
> > >economy is starting a slow recovery. Next year things will pick up. It
> > >will
> > >never be like 1999 as you say, but we will get back to the point where
> > >there
> > >will be plenty of jobs.
> > >
> > >A CCIE is still the highest networking cert and the only one that is 
>not a
> > >
> > >paper cert. We have seen a lot more numbers comming out these days, but
> > >Cisco doubled the number of lab seats in San Jose and RTP back in 
>March.
> > >Add
> > >to that the one day lab and Sat and Sun testing and there are a lot 
>more
> > >people taking the test. Cisco keeps track of the passing percent and 
>will
> > >adjust the challenge of

Re: Diffrences between buildin and NM 10/100 Ether [7:45152]

[s vermill]

John Dorffler wrote:
> 
> The FE interfaces that support VLAN trunking all use a chipset
> that supports
> trunking. Not all router models and not all modules that have
> 100Mbps
> interfaces use the required chipset. The best way to determine
> whether a
> router or module supports trunking is to read the release notes
> for the
> hardware. There is always a grid that lists the versions of IOS
> that are
> supported on that hardware along with the individual features
> that each
> version supports. Its a little tedious, but it can help prevent
> buying
> hardware that doesn't do what you assume it should do. I
> recently checked on
> the 1700 series and the 2620/2621 and discovered that the
> 172x/175x does NOT
> support trunking while the 262x does. I am not sure about the
> new rack-mount
> 1760s. 

I have several 1720s that do not support trunking but I understand that the
new 1721 does.

It is also rumored (urban legend?) that there are one or
> two 10Mb
> interfaces on some router/module that supports trunking. I
> wouldn't attempt
> that in a production environment, but in a study lab it would
> be cool.
> 
> My $0.02,
> John Dorffler
> CCIE #6677
> 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45241&t=45152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to set duplex and speed on 2500 router int ??? [7:45243]

[Lupi, Guy]

The 2500 routers don't support full duplex operation.  As far as your Sun
box, box A appears to be following classful IP rules, automatically assuming
that since your first octet is a 61 that your address space is a class A,
and therefore your netmask should be 255.0.0.0.  I don't know enough about
Solaris to tell you how to fix it unfortunately.  I'm sure someone on the
list does though.

-Original Message-
From: Kenny Smith [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 10:17 AM
To: [EMAIL PROTECTED]
Subject: how to set duplex and speed on 2500 router int ??? [7:45238]


Dear all,

Question1: May I know how to set the speed and duplex type of the interface 
ethernet0 of 2500 router. See below..  there is no speed and duplex option 
unlike IOS switch fasthernet switch.

internetRT(config)int e0
internetRT(config-if)#?
Interface configuration commands:
  access-expression   Build a bridge boolean access expression
  arp Set arp type (arpa, probe, snap) or timeout
  backup  Modify dial-backup parameters
  bandwidth   Set bandwidth informational parameter
  bridge-groupTransparent bridging interface parameters
  cdp CDP interface subcommands
  cmnsOSI CMNS
  custom-queue-list   Assign a custom queue list to an interface
  delay   Specify interface throughput delay
  description Interface specific description
  exitExit from interface configuration mode
  frame-relay Set frame relay parameters
  helpDescription of the interactive help system
  hold-queue  Set hold queue depth
  ip  Interface Internet Protocol config commands
  ipx Novell interface subcommands
  keepalive   Enable keepalive
  llc2LLC2 Interface Subcommands
  load-interval   Specify interval for load calculation for an interface
  loopbackConfigure internal loopback on an interface
  mac-address Manually set interface MAC address
  mtu Set the interface Maximum Transmission Unit (MTU)
  netbios Use a defined NETBIOS access list or enable 
name-caching
  no  Negate a command or set its defaults
  ntp Configure NTP
  priority-group  Assign a priority group to an interface
  shutdownShutdown the selected interface
  snapshotConfigure snapshot support on the interface
  snmpModify SNMP interface parameters
  standby Hot standby interface subcommands
  transmit-interface  Assign a transmit interface to a receive-only 
interface
  tx-queue-limit  Configure card level transmit queue limit

internetRT(config-if)#

Question2,
When I config my solaris box's (boxA) hme0 as IP 61.9.200.114 netmask 
255.255.255.240 broadcast 61.9.200.127.  But it keep changed to 61.9.200.114

netmask 255.0.0.0 broadcast 61.255.255.255 after reboot.  May I know why?  I

configure it on another solaris (boxB) but it stays as 61.9.200.114 netmask 
255.255.255.240 broadcast 61.9.200.127 after rebooting.  Why box A netmask 
changed?

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45243&t=45243
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Design [7:44953]

[Patrick Ramsey]

Well, have you thought this setup through?

I mean... if you are placing the vpn device's external nic in the dmz, and
it's internal nic on your lan, you are defeating your firewall.  You still
have to allow access into the vpn device.(which is the same as having it on
the outside)  If you really want to have the double protection, you should
think about placing the vpn's external nic on the outside and creating a
tunnel though the dmz. (of course this also defeats your firewall, but at
least you can set the pix to only tunnel from the vpn device)

But at this point, it's a trust game.  You trust your firewall to protect
your corporate lan right?  Why would you not trust your vpn device?  There's
nothing wrong with running parallel firewalls or vpn scenarios.  I'm pretty
sure I can come up with a list of pros and cons for both.  In the end you'll
probably find them to be 50/50.

Of course, running in parallel may actualy cause issues for your clients on
the outside.  If the concentrator is not the default route, then you may run
into asymetric routing problems.

You might try just using one nic in the concentrator too.  Unless you are in
a scenario that requires high speed routing, chances are, that t1 to the
internet is not going to bog down your vpn device.

just somoe tidbits to think about.

-Patrick

>>> "neil K."  05/24/02 11:10AM >>>
Hi All,

1. Could anyone please tell me what needs to be done on the PIX firewall if
the
Cisco VPN concentrator is placed in such a way as the public interface is in
the DMZ and private interface on the inside network.
2. This design of placing the Concentraor in the DMZ is a little complex as
compared to keeping the Concentrator Parallel to Firewall, which has
security
risks.Also in the case of Parallel design concentrator public address has to
be in the IP subnet as the
Firewall and the External Router( If I am not wrong) can this be overcome by
placing the Concentrator in the DMZ.
3. Does the firewall need some routing capability so that it can route
Encrypted packets to go thru concentrator or can it be done by adding routes
to the servers pointing to concentrator.
4. What will have to be done if there are some AS-400 servers and we are
planning to use IPsec.

Any help will be highly appreciated.

Thanks,

Neil
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45244&t=44953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA level IPX question, proper phrasing [7:45138]

[Logan, Harold]

In my opinion that question is fair game. the optional MAC address that can
be specified is used for interface that have no bia, such as serial and
loopback interfaces. By default they "borrow" the MAC from a LAN interface,
but you may want to specify your own in order to keep documentation and
troubleshooting simple.

For example, if I enable ipx on router #1 using the command 'ipx routing
1.1.1' then all I need to do to ping a serial interface on router 1 that's
on network 1a is ping ipx 1a.1.1.1, which is a lot easier than having to
look up and type out a mac address.

I think that's a great question, and it's certainly a CCNA-level question.

Hal Logan CCAI, CCDP, CCNP+Voice
Network Specialist / Adjunct Faculty
Computing & Engineering Technology
Manatee Community College


> -Original Message-
> From: Mike Sweeney [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 27, 2002 9:39 AM
> To: [EMAIL PROTECTED]
> Subject: CCNA level IPX question, proper phrasing [7:45138]
> 
> 
> I have a IPX question in my CCNA practice test beta and I've 
> had some mixed
> feedback on it. The questions asks what is the command to 
> enable IPX routing
> on a router and gives a MAC address as part of the question. 
> The question is
> a *fill in the blank* type.  The answer I have is:
> 
> ipx routing 
> 
> Is making the MAC a requirement of the answer a *fair* use of 
> the command? I
> thought so even though IPX routing will automaticaly assign the node
> address. I felt inclusion of the MAC into the question was a 
> clue that it
> needed to specified.  Is this too much to ask of a budding CCNA?
> 
> PS-  for those who would want to look at the entire beta, 
> it's 60 questions
> at this point and a free download.. as long as you use the 
> feedback form to
> give me yes, no, it sucks etc..etc..  :) I have managed to 
> get some good
> feedback so far and will always take more.
> 
> www.packetattack.com/tutorials.html
> 
> Thanks
> 
> MikeS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45245&t=45138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Private Addressing over Distances [7:44946]

[Patrick Ramsey]

You know...I just revamped a class b network (150.150.0.0) that a company
had implemented years ago and they didn't own the space.
Even though everything seemed to be working properly, the entire 150.150
network was not accessible on the internet.Heaven forbid micrsoft move
their hotmail servers to 150.150.x.x.

There should be no reason to not do things the right way... :)

>>> "Craig Columbus"  05/25/02 01:25PM >>>
IMO, it's never a good idea to use public addresses in a private network.
The standard response I get when I tell people this is "Well, it's never 
going to be put on the Internet or connected to another network, so it 
doesn't matter."

But, you should look at it this way:
For a given network, there are two outcomes:  1)  It will never be 
connected to another network or 2) It will someday be connected to another 
network.

For small test networks, training networks, home networks, etc., the first 
option may truly be the case.  If so, it is just as easy to assign one of 
the 10.x, 172.x, or 192.x networks as it is to assign some other IP block 
that another company may own.  At the least, it gets you accustomed to 
working with the RFC spec private ranges.

For business networks, experience tells me that you should always assume 
that the network will be connected to another network at some point in the 
future...even if you can't imagine it now.  To mitigate problems down the 
road, a RFC spec private range should be used.  This doesn't eliminate the 
possibility of overlapping private addresses if, for example, you merge 
with another company that uses the same private block.  It does, however, 
assure that if you hook to the Internet, you won't hit a local server when 
trying to get to a registered IP address on the Internet.

Here's a true story to illustrate the point:  I was called in to examine a 
network that had chronic connectivity problems to points both inside and 
outside the corporate network.  When I looked at the routers, I was 
astonished to find that each WAN remote site and each subnet had a 
different public block assigned.  Further, there was a spattering of 
routing protocols installed, including RIP, OSPF, and iBGP, with no 
apparent purpose or reason.  The company had a single Internet gateway that 
was performing NAT.  I pointed out all of the flaws with the installation 
and design to the company owners who insisted on calling a meeting with the 
company that had been maintaining the network.  We sat down at the table 
and I presented my findings.  The network admin's only defense to his 
workmanship was "Show me where it says that I can't set things up this 
way".  Needless to say, the meeting was over in less than an hour and I 
walked away with a substantial contract to fix and maintain the network.
I readdressed the network and put static routes in place of the routing 
protocols.  Problem was solved and connectivity was never again an issue.
The moral of the story is that just because you CAN do something, it 
doesn't mean that you SHOULD do something.

Craig

At 12:52 AM 5/25/2002 -0400, you wrote:
>Thanks Craig.  Yes I know 128.128.0.0 is not technically a standard private
>address defined in RFC 1918, but those are just so that ISPs have a standard
>address in which to block routing information for.  Therefore a private
>address within a network can be any class A B or C address.  Thanks for your
>reply.
>
>Jarred
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45246&t=44946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4 * 2500 (full memory) + 2 * 4000 plus all the interface [7:45247]

[John Abruzzese]

Is anyone on the Group Study news group interested in purchasing a CCIE kit
with the following:

  4 * 2500 (full memory)
  2 * 4000 plus all the interface cards and cables

Cost for all the equipment is $2500. Receipts available.




John M. Abruzzese
181 Fox Road Unit #222
Waltham, MA 02451
Home Phone:781-209-0706
Cell Phone:978-621-8880
Email:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45247&t=45247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA level IPX question, proper phrasing [7:45138]

[Mike Sweeney]

So far I'm running about 3 to 1 in favor of the question as it is. Both
sides have made interesting arguments in their favor. But I'm a bit biased :)

Logan, I had not thought of the IPX pinging, good call on that.

MikeS



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45248&t=45138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Emergency: HOw to extend the telnet timeout for a router? [7:45249]

[Wallace Lee]

yes ,
exec-timeout 0  0

rgds

Dain Deutschman wrote:

> Is it
> line vty 0 4
> exec-timeout  ??
> I could be misunderstanding the question. Please correct me if I am wrong.
>
> Dain
>
> ""Ocsic""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi, all
> > the default timeout for a telnet session is 300 sec
> >
> > Any command can extend the telnet timeout time ?
> >
> >
> > Please mail me [EMAIL PROTECTED]
> >
> > Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45249&t=45249
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: how to set duplex and speed on 2500 router int ??? [7:45251]

[sam sneed]

What version of Solaris are your running? Do uname -a to find out.
bash-2.05# uname -a
SunOS ACSNY 5.7 Generic_106541-18 sun4m sparc SUNW,SPARCstation-5

This shows I'm running 5.7 or Solaris 7. Older versions of Solaris only
support classful routing and there is no way of changing it beyond upgrading
that I know of. Sun calls it variable length sunbet masks or VLSM. You need
at least 2.6 to support VLSM.

""Lupi, Guy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The 2500 routers don't support full duplex operation.  As far as your Sun
> box, box A appears to be following classful IP rules, automatically
assuming
> that since your first octet is a 61 that your address space is a class A,
> and therefore your netmask should be 255.0.0.0.  I don't know enough about
> Solaris to tell you how to fix it unfortunately.  I'm sure someone on the
> list does though.
>
> -Original Message-
> From: Kenny Smith [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 28, 2002 10:17 AM
> To: [EMAIL PROTECTED]
> Subject: how to set duplex and speed on 2500 router int ??? [7:45238]
>
>
> Dear all,
>
> Question1: May I know how to set the speed and duplex type of the
interface
> ethernet0 of 2500 router. See below..  there is no speed and duplex option
> unlike IOS switch fasthernet switch.
>
> internetRT(config)int e0
> internetRT(config-if)#?
> Interface configuration commands:
>   access-expression   Build a bridge boolean access expression
>   arp Set arp type (arpa, probe, snap) or timeout
>   backup  Modify dial-backup parameters
>   bandwidth   Set bandwidth informational parameter
>   bridge-groupTransparent bridging interface parameters
>   cdp CDP interface subcommands
>   cmnsOSI CMNS
>   custom-queue-list   Assign a custom queue list to an interface
>   delay   Specify interface throughput delay
>   description Interface specific description
>   exitExit from interface configuration mode
>   frame-relay Set frame relay parameters
>   helpDescription of the interactive help system
>   hold-queue  Set hold queue depth
>   ip  Interface Internet Protocol config commands
>   ipx Novell interface subcommands
>   keepalive   Enable keepalive
>   llc2LLC2 Interface Subcommands
>   load-interval   Specify interval for load calculation for an
interface
>   loopbackConfigure internal loopback on an interface
>   mac-address Manually set interface MAC address
>   mtu Set the interface Maximum Transmission Unit (MTU)
>   netbios Use a defined NETBIOS access list or enable
> name-caching
>   no  Negate a command or set its defaults
>   ntp Configure NTP
>   priority-group  Assign a priority group to an interface
>   shutdownShutdown the selected interface
>   snapshotConfigure snapshot support on the interface
>   snmpModify SNMP interface parameters
>   standby Hot standby interface subcommands
>   transmit-interface  Assign a transmit interface to a receive-only
> interface
>   tx-queue-limit  Configure card level transmit queue limit
>
> internetRT(config-if)#
>
> Question2,
> When I config my solaris box's (boxA) hme0 as IP 61.9.200.114 netmask
> 255.255.255.240 broadcast 61.9.200.127.  But it keep changed to
61.9.200.114
>
> netmask 255.0.0.0 broadcast 61.255.255.255 after reboot.  May I know why?
I
>
> configure it on another solaris (boxB) but it stays as 61.9.200.114
netmask
> 255.255.255.240 broadcast 61.9.200.127 after rebooting.  Why box A netmask
> changed?
>
> _
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45251&t=45251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCDP, What book? [7:45109]

[Logan, Harold]

That book, along with some reading up on SNA on CCO, worked fine for me.

Good luck,
Hal

> -Original Message-
> From: Kris Keen [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 27, 2002 12:09 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCDP, What book? [7:45109]
> 
> 
> I purchased the Top Down book my Priscilla!
> 
> Lets see how I go at the exam in 2 weeks!
> Thanks Andy!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45252&t=45109
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM/IMA and Multilink-group [7:45239]

[MADMAN]

How about setting up two 4 port IMA groups and loadshare over them.
Your basically multlinking via IMA 4 ports and then trying to multilink
the two 4 port IMA multilinks.  If that can be done it seems pretty ugly
and potentially bug riddled.

  Dave

TMS wrote:
> 
> Hello
> 
> I have two offices in two diffrent buildings. The are connected
> for now using 4 port ATM/IMA interfaces. But 4xE1 is too small
> bandwidth for me, so I installed next 4 port ATM/IMA cards. I tryed
> multilink-group and multilink interface for create 1 logical interface
> from 2 phycials ATM/IMA links, but multilink interface is down :(
> 
> Network diagram:
> 
> ATM2/ima0  ATM3/ima0
> C3640C3660
> ATM3/ima0  ATM4/ima0
> 
> C3640 configuration:
> 
> interface ATM2/ima0
>  bandwidth 8000
>  no ip address
>  ima clock-mode independent
>  atm ilmi-enable
>  atm pvc 1 32 1 aal5snap inarp
>  multilink-group 1
> !
> interface ATM3/ima0
>  bandwidth 8000
>  no ip address
>  ima clock-mode independent
>  atm ilmi-enable
>  atm pvc 2 32 2 aal5snap inarp
>  multilink-group 1
> !
> interface Multilink 1
>  ip address 10.10.10.1 255.255.255.252
>  no ip route-cache cef
>  no ip redirects
>  no ip proxy-arp
>  ppp multilink
>  multilink-group 1
> !
> 
> on C3660 configuration is indetical, only interfaces number and
> ip address
> are diffrent.
> 
> Interfaces status:
> 
> ATM2/ima0 is up/up (protocol,line)
> ATM3/ima0 is up/up
> Multilunk 1 is down/down
> 
> ATM3/ima0 is up/up
> ATM4/ima0 is up/up
> Multilink 1 is down/down
> 
> And idea how to resolv this problem ?
> 
> --
> TMS
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45255&t=45239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bandwidth Domain (WAS RE: written) [7:45254]

[Logan, Harold]

Here's the short answer for a bandwidth domain: It's a collision domain for
a non CSMACD network. It kinda makes sense, you can't very well have a
tokenring collision domain can you?

hth,
Hal

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, May 26, 2002 9:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: written [7:45056]
> 
> 
> I agree with your statement about poorly worded questions.  
> However, this 
> is just an excuse for a poorly written test!
> 
> Oh just for the record, ever hear of a bandwidth domain?  If you have 
> please let me know about it because I can't find it anywhere.
> 
> I didn't say that only CCSE<>knowledge of security!  (Man if 
> you had any
> clue you would have said
> CSS1<> knowledge of security and I didn't say that either!  
> But why not 
> say CCNP/IP<> knowledge of Routing just to be consistant!) 
> What I implied 
> was that those 3 tests in combination would give at least a 
> suggestion 
> that I do know security enough to not get a 0% on an easier test 
> especially with the same vendor!  Additionally, what I said 
> before is that 
> the CCSE was a test where I had to memorize answers in order 
> to pass the 
> test pure and simple vs Most of Cisco's tests where what I 
> read in a book 
> is used the same day on the job. If you know the theory then 
> you know it. 
> It will be the same in RSA or a RFC or sometimes even 
> Microsoft or other 
> publications. 
> 
> Oh can I make this clearer?  If I read Doyle, Halabi, 
> Pricilla, Howard or 
> Moy, I can not only apply their knowledge to any vendor 
> network, but I can 
> pass Cisco tests based on their books and become more educated in the 
> process. (I am still making money just from Top-Down)  If I 
> don't know what
> these 5 authors are talking about then I need to
> reread them for I will fail to know networking in more than one 
> environment. I really didn't have this experience with 
> Checkpoint although 
> RFC 2401-2410 did help a bit. With Checkpoint I was pretty 
> much on my own 
> and no matter how many times I did the labs and implemented 
> solutions for 
> customers, I still didn't help me on the test.  4 routers, Halabi and 
> Caslow, and a day in an ISP was all I needed to increase from 
> a 10% to a 
> 100% on the BGP section of the BSCN (of yeah about 10 lattes 
> at least). 
> That is how tests should be.
> 
> Reread what I said about the CCSE again...  The implication is more 
> towards the CSS1 and CCIE Sec wri.  I just aced the first RSA 
> test and 
> Microsoft design Sec test and what helped me out for them?  
> Grad School, 
> CSS1, CCSE, CISSP, work, RFC 2401-2410, RSA Press, white 
> papers,Maeda.  If 
> Cisco can help me get a better score on a non-Cisco test then 
> it should 
> help me get a better score on a Cisco test!  Got the point? 
> 
> Perhaps what you said about my history situation is correct.  If my 
> customer have pre 12.0 I just tell them to upgrade or I will 
> not work for 
> them.  So far it has worked every time.  The same goes for 
> PIXs.  If they 
> are using 5.2 or the 520 I tell them to get 6.1 and upgrade 
> to the 525 and 
> po's are signed.  Just force the issue with them or walk 
> away.  It works 
> well for me :-)  It makes your company more money too.
> 
> I know Foundry is not the only solution.  We have here, 
> Extreme, Juniper, 
> NEC, Hitachi, Packeteer, BigIP, among other vendors.  I used Foundry 
> because of the straight forwardness of the vendor, quality, 
> and price but 
> I evaluated the other vendors as well. 
> 
> Theo
> 
> 
> 
> 
> 
> 
> 
> "Kevin Cullimore" 
> Sent by: [EMAIL PROTECTED]
> 05/27/2002 08:44 AM
> Please respond to "Kevin Cullimore"
> 
>  
> To: [EMAIL PROTECTED]
> cc: 
> Subject:Re: written [7:45056]
> 
> 
> Dealing with poorly worded questions can sometimes serve as 
> good practice
> for interpreting the inherent incoherence & unrealism 
> characterizing many
> customer demands and concerns in real time.
> 
> The relevance of the history questions underscores the 
> distinctiveness of
> your situation. You are indeed fortunate to not have to contend with 
> legacy
> code, but many of us lack the financial independence to 
> adhere to your 
> high
> standards, so we're faced with situations where we need to 
> make sure that
> the intermediate systems on the far end running code from 
> 1999 can support
> the relatively new functionality we were hoping to implement 
> on devices
> found at the near end.
> 
> Two side notes: Foundry is not the only alternative, and I can verify
> firsthand that CCSE<>knowledge of security (although I admit 
> that those
> exams contained more questions concerning rfc-based security 
> standards 
> than
> any other exams I've taken).
> 
> 
> - Original Message -
> From:
> To:
> Sent: 26 May 2002 4:44 am
> Subject: Re: written [7:45056]
> 
> 
> > Yeah but I can sympathize with you man because several

Re: Doyle on Lab Rats [7:44611]

[MADMAN]

Unless your union I think most jobs are "at will" positions.

  Dave

Peter van Oene wrote:
> 
> Michael>
> 
> >(speaking of contract firms), I've noticed that regardless of certs or
> >experience, it seems many more places are doing a "6-month right-to-hire"
> >because it's so hard to really tell from a resume, certs, experience, or
> >even an interview if someone really knows what they're doing.  So a
6-month
> >trial period usually is plenty for them to see if the person has the
mettle
> >or not.
> Pete>
> 
> Of note, most jobs I've looked at including my own include the ability for
> the employer to terminate employment at their discretion.  The may be more
> prevalent in the VAR/Vendor space however.
> 
> Pete
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45253&t=44611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anti-spoofing [7:45217]

[Daniel Cotts]

Here's some sources dealing with perimeter router hardening.
pad
pad
pad
http://www.cisco.com/warp/public/707/21.html
Essential IOS Features Every ISP Should Consider
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip  182
pages!
http://www.cisco.com/public/cons/isp/security/
http://rr.sans.org/firewall/router2.php
http://rr.sans.org/firewall/blocking_cisco.php
http://www.ietf.org/rfc/rfc2827.txt
http://nsa2.www.conxion.com/cisco/download.htm
http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
The above author has several other papers.

> -Original Message-
> From: Postman Pat [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 28, 2002 3:35 AM
> To: [EMAIL PROTECTED]
> Subject: Anti-spoofing [7:45217]
> 
> 
> Greetings,
> Please help me, I am trying to configure anti-spoofing on a router:
> 
> Interface eth 0
> Ip address 192.168.1.1 255.255.255.0
> 
> Interface ser 0
> ip address 10.0.0.1 255.255.255.0
> access-list 10 deny 192.168.1.0 0.0.0.255
> access-class 10 in
> 
> Is my understanding of setting up anti-spoofing correct? Is 
> there anything 
> I need to change to get this working? How do I improve the 
> security on 
> this config?
> 
> Regards
> 
> LK




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45256&t=45217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISP 30bit net question [7:45257]

[Patrick Ramsey]

Is there a specific reason why isp's do not use private addess space for
their 30bit networks to customers?

I can't think of anything right off hand that would prevent an isp from
being able to route properly using private addresses for serial links.

-Patrick


>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45257&t=45257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[richard dumoulin]

Nobody knows ??


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45258&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNA level IPX question, proper phrasing [7:45138]

[Priscilla Oppenheimer]

At 09:39 AM 5/27/02, Mike Sweeney wrote:
>I have a IPX question in my CCNA practice test beta and I've had some mixed
>feedback on it. The questions asks what is the command to enable IPX routing
>on a router and gives a MAC address as part of the question. The question is
>a *fill in the blank* type.  The answer I have is:
>
>ipx routing

If you ask for a MAC address why is the answer ipx routing? It should be 
ipx routing followed by whatever MAC address you specified.

If you're trying to get them to say that the command is still ipx routing 
even when you want to specify the MAC address, then that is just too tricky.


>Is making the MAC a requirement of the answer a *fair* use of the command? I
>thought so even though IPX routing will automaticaly assign the node
>address. I felt inclusion of the MAC into the question was a clue that it
>needed to specified.

But you don't expect it to be specified if the answer is just ipx routing.

>Is this too much to ask of a budding CCNA?

The concept isn't too much, but the trickiness is.

Priscilla


>PS-  for those who would want to look at the entire beta, it's 60 questions
>at this point and a free download.. as long as you use the feedback form to
>give me yes, no, it sucks etc..etc..  :) I have managed to get some good
>feedback so far and will always take more.
>
>www.packetattack.com/tutorials.html
>
>Thanks
>
>MikeS


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45259&t=45138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

how to set duplex and speed on 2500 router int ??? [7:45238]

[Andy Ethelston]

Hi Kenny,

First, the Cisco 2500 is an old router and doesn't support 10/100, the
interfaces are 10BaseT running at 10mbps.
The only way round this is to upgrade the router to either a 1700 or
2600 with a fast Ethernet module.

Second, try this url for the solaris
http://www.enteract.com/~lspitz/interfaces.html

There are two sections explaining the configuration of the if on Solaris
boxes.
There's two things I think you're missing, one you may need a patch on
the server to allow vlsm on the hme0 port and secondly I think you're
configuring the port under ifconfig which is a temporary measure, in
that it will lose the config once you commit a reboot.

Load the config using ifconfig, and then edit your file/etc/hostname
file so the information will be read on the next startup.

I hope this answer the questions you had.

Best Regards

Andy.




PGP Key ID:  0x3075A920
PGP Fingerprint: B68F F21B C6F1 21B5 2829  2547 E977 83FB 3075 A920




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45260&t=45238
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Diffrences between buildin and NM 10/100 Ether [7:45152]

[John Dorffler]

Yeah, someone else busted me down on my comment. I checked with my friend,
and he had a 1720, not a 1750, and it wasn't new, so your observation about
the difference between the -0 and the -1 models may be what tripped me up.

Sincerely,
John Dorffler
CCIE #6677

""s vermill""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> John Dorffler wrote:
> >
> > The FE interfaces that support VLAN trunking all use a chipset
> > that supports
> > trunking. Not all router models and not all modules that have
> > 100Mbps
> > interfaces use the required chipset. The best way to determine
> > whether a
> > router or module supports trunking is to read the release notes
> > for the
> > hardware. There is always a grid that lists the versions of IOS
> > that are
> > supported on that hardware along with the individual features
> > that each
> > version supports. Its a little tedious, but it can help prevent
> > buying
> > hardware that doesn't do what you assume it should do. I
> > recently checked on
> > the 1700 series and the 2620/2621 and discovered that the
> > 172x/175x does NOT
> > support trunking while the 262x does. I am not sure about the
> > new rack-mount
> > 1760s.
>
> I have several 1720s that do not support trunking but I understand that
the
> new 1721 does.
>
> It is also rumored (urban legend?) that there are one or
> > two 10Mb
> > interfaces on some router/module that supports trunking. I
> > wouldn't attempt
> > that in a production environment, but in a study lab it would
> > be cool.
> >
> > My $0.02,
> > John Dorffler
> > CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45261&t=45152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mail Relay [7:45144]

[Steven A. Ridder]

I think mail relays are to use any mail server to direct your mail on it's
final destination.  Just like you can use any DNS server on the internet to
answer a query, you could send your smtp message to a open relay server to
send your mail, especially if you didn't have a server on your network.



""richard dumoulin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anyone tell me what is a mail relay for ??
>
> I know it is not a Cisco issue, but for me it is related to the fact that
I
> am only studying cisco stuff and therefore do not know anything about
those
> kind of Microsoft things.
>
> Regards.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45262&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP 30bit net question [7:45257]

[dre]

""Patrick Ramsey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a specific reason why isp's do not use private addess space for
> their 30bit networks to customers?

Because if those links somehow send ICMP messages back to sources
(e.g. host-/net-/prot-/port- unreachables, squench, time exceeded, needs
frag unreachables, etc), it looks a lot better if these are publically
routable
IP addresses.  Some people also would end up blocking these messages
more often if they had a deny filter for, say, 10-dot space (if that ISP
used
10-dot space for their infrastructure addressing).  This could end up
affecting
things like traceroutes, path MTU discovery, and other unfriendly things.

http://www.ietf.org/rfc/rfc1191.txt
RFC 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.
 (Format: TXT=47936 bytes) (Obsoletes RFC1063) (Status: DRAFT
 STANDARD)
http://www.ietf.org/rfc/rfc2923.txt
RFC 2923 TCP Problems with Path MTU Discovery. K. Lahey. September 2000.
 (Format: TXT=30976 bytes) (Status: INFORMATIONAL)
http://www.ietf.org/rfc/rfc792.txt
RFC 792 Internet Control Message Protocol. J. Postel. Sep-01-1981.
 (Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
 (Also STD0005) (Status: STANDARD)

So when you do a traceroute through an ISP, especially the time exceeded
messages will come from publically routable IP space that not only is
available
in the BGP table and marked as owned by a particular ASN, but also available
in the Internet routing registries (e.g. RADB) and regional internet
registries (e.g.
ARIN) as ISP-owned space that can be accounted for.  This could be important
for a number of reasons.

Also, if you want to give those links "DNS", in particular, "Reverse DNS",
there
is no global authority for 10-dot or private address space as far as reverse
DNS
is concerned.  There would be no way to update that type of information for
any
ISP.  This would affect more things as well (esp. traceroutes again).

For more information on the above, you might want to check out this
Internet-
Draft,
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dontpublish-unreachable
-03.txt

Here is another Internet-Draft that somewhat covers these issues:
http://www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt

You'll also note that a customer might find it difficult to set his next-hop
(or default
gateway) to an ISP infrastructure address that's made up of 10-dots,
especially if
that customer is already routing 10-dots on his/her internal network(s).
You could
eventually hit router-id problems, etc etc.  This wouldn't work so well for
routing
protocols.

> I can't think of anything right off hand that would prevent an isp from
> being able to route properly using private addresses for serial links.

Basically, because it breaks things and it is also ugly and unmanageable.

I can't think of any reason that would allow an ISP to route properly using
private addresses, yet somehow some ISP's in the past may have gotten away
with it here and there.  Consider all the reasons above before you implement
something like that.

I highly recommend that ISP's use PI public address space for their
infrastructure
addresses, including /30's and /32 loopback addresses.  I also implore
vendors and
ISP's to implement RFC 3021 and use 31-bit prefixes instead of 30-bit
prefixes for
point-to-point interfaces.

http://www.ietf.org/rfc/rfc3021.txt
RFC 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A. Retana, R.
 White, V. Fuller, D. McPherson. December 2000. (Format: TXT=19771
 bytes) (Status: PROPOSED STANDARD)

I also suggest implementing correct ICMP operation for these devices
(rate-limiting
works well in the place of filtering outright).  Here is a document
concering that:
http://www.cymru.com/~robt/Docs/Articles/icmp-messages.html

Finally, I suggest registering these routes in an IRR system (e.g. RADB),
the RIR
system (e.g. ARIN) and having RFC 2142 or stdaddr correct SMTP addresses
for contact information about these networks.  Also making these routers a
part
of the global DNS system (both forward and reverse) completes a best
practice
reference architecture for routing in the Internet.

http://www.ietf.org/rfc/rfc2142.txt
RFC 2142 Mailbox Names for Common Services, Roles and Functions. D.
 Crocker. May 1997. (Format: TXT=12195 bytes) (Status: PROPOSED
 STANDARD)
http://www.watersprings.org/pub/id/draft-vixie-ops-stdaddr-01.txt

http://www.ietf.org/rfc/rfc1034.txt
RFC 1034 Domain names - concepts and facilities. P.V. Mockapetris.
 Nov-01-1987. (Format: TXT=129180 bytes) (Obsoletes RFC0973, RFC0882,
 RFC0883) (Updated by RFC1101, RFC1183, RFC1348, RFC1876, RFC1982,
 RFC2065, RFC2181, RFC2308, RFC2535) (Also STD0013) (Status: STANDARD)
http://www.ietf.org/rfc/rfc1035.txt
RFC 1035 Domain names - implementation and specification. P.V.
 Mockapetris. Nov-01-1987. (Format: TXT=125626 bytes) (Obsoletes
 RFC0973, RFC0

RE: Mail Relay [7:45144]

[Craig Columbus]

Richard,

I assume no one responded since it's not really on topic for the group.
A mail relay isn't a Microsoft thing.  It's basically any server (MS, UNIX, 
etc.) that sends mail to another server.
Open relays, or mail servers that don't restrict who can send mail through 
them, are a huge problem on the Internet since they're widely used for spam 
purposes.

HTH,
Craig



At 12:41 PM 5/28/2002 -0400, you wrote:
>Nobody knows ??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45263&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[Patrick Ramsey]

nobody knows what?

>>> "richard dumoulin"  05/28/02 12:41PM >>>
Nobody knows ??
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45265&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mail Relay [7:45144]

[Patrick Ramsey]

a mail relay is simply any mail server.

Your pc is a mail relay when you send smtp traffic to your upstream mail
server.  That mail server then relays that traffic by doing an mx lookup on
the domain name.  That server could be an antivirus/content scanner which
could then relay the email to your internal mail server.

Just tossing the baton

-Patrick

>>> "Steven A. Ridder"  05/28/02 12:52PM >>>
I think mail relays are to use any mail server to direct your mail on it's
final destination.  Just like you can use any DNS server on the internet to
answer a query, you could send your smtp message to a open relay server to
send your mail, especially if you didn't have a server on your network.



""richard dumoulin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anyone tell me what is a mail relay for ??
>
> I know it is not a Cisco issue, but for me it is related to the fact that
I
> am only studying cisco stuff and therefore do not know anything about
those
> kind of Microsoft things.
>
> Regards.
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45266&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Emergency: HOw to extend the telnet timeout for a router? [7:45268]

[Daniel Cotts]

Be extremely careful if you configure an exec-timout of 0 0 on a vty port.
It will never release! So when you drop the connection and again telnet into
the box you now have one less open port. After five times (or number of vty
ports) you are locked out of the box. Should you still be inclined to use
this - then either (a) don't save the config (so someone can power cycle the
box to let you back in) or (b) change the setting before you log off.

> -Original Message-
> From: Wallace Lee [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 28, 2002 10:37 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Emergency: HOw to extend the telnet timeout for a router?
> [7:45249]
> 
> 
> yes ,
> exec-timeout 0  0
> 
> rgds
> 
> Dain Deutschman wrote:
> 
> > Is it
> > line vty 0 4
> > exec-timeout  ??
> > I could be misunderstanding the question. Please correct me 
> if I am wrong.
> >
> > Dain
> >
> > ""Ocsic""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi, all
> > > the default timeout for a telnet session is 300 sec
> > >
> > > Any command can extend the telnet timeout time ?
> > >
> > >
> > > Please mail me [EMAIL PROTECTED]
> > >
> > > Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45268&t=45268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP 30bit net question [7:45257]

[Patrick Ramsey]

dude!

information overload!   :)

I've got some reading to do...   (not that I am going to start an isp, it
was just a thought that crossed through many mangled brain cells...)

thanks for all the links!

-Patrick

>>> dre  05/28/02 12:59PM >>>
""Patrick Ramsey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a specific reason why isp's do not use private addess space for
> their 30bit networks to customers?

Because if those links somehow send ICMP messages back to sources
(e.g. host-/net-/prot-/port- unreachables, squench, time exceeded, needs
frag unreachables, etc), it looks a lot better if these are publically
routable
IP addresses.  Some people also would end up blocking these messages
more often if they had a deny filter for, say, 10-dot space (if that ISP
used
10-dot space for their infrastructure addressing).  This could end up
affecting
things like traceroutes, path MTU discovery, and other unfriendly things.

http://www.ietf.org/rfc/rfc1191.txt 
RFC 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.
 (Format: TXT=47936 bytes) (Obsoletes RFC1063) (Status: DRAFT
 STANDARD)
http://www.ietf.org/rfc/rfc2923.txt 
RFC 2923 TCP Problems with Path MTU Discovery. K. Lahey. September 2000.
 (Format: TXT=30976 bytes) (Status: INFORMATIONAL)
http://www.ietf.org/rfc/rfc792.txt 
RFC 792 Internet Control Message Protocol. J. Postel. Sep-01-1981.
 (Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
 (Also STD0005) (Status: STANDARD)

So when you do a traceroute through an ISP, especially the time exceeded
messages will come from publically routable IP space that not only is
available
in the BGP table and marked as owned by a particular ASN, but also available
in the Internet routing registries (e.g. RADB) and regional internet
registries (e.g.
ARIN) as ISP-owned space that can be accounted for.  This could be important
for a number of reasons.

Also, if you want to give those links "DNS", in particular, "Reverse DNS",
there
is no global authority for 10-dot or private address space as far as reverse
DNS
is concerned.  There would be no way to update that type of information for
any
ISP.  This would affect more things as well (esp. traceroutes again).

For more information on the above, you might want to check out this
Internet-
Draft,
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dontpublish-unreachable 
-03.txt

Here is another Internet-Draft that somewhat covers these issues:
http://www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt 

You'll also note that a customer might find it difficult to set his next-hop
(or default
gateway) to an ISP infrastructure address that's made up of 10-dots,
especially if
that customer is already routing 10-dots on his/her internal network(s).
You could
eventually hit router-id problems, etc etc.  This wouldn't work so well for
routing
protocols.

> I can't think of anything right off hand that would prevent an isp from
> being able to route properly using private addresses for serial links.

Basically, because it breaks things and it is also ugly and unmanageable.

I can't think of any reason that would allow an ISP to route properly using
private addresses, yet somehow some ISP's in the past may have gotten away
with it here and there.  Consider all the reasons above before you implement
something like that.

I highly recommend that ISP's use PI public address space for their
infrastructure
addresses, including /30's and /32 loopback addresses.  I also implore
vendors and
ISP's to implement RFC 3021 and use 31-bit prefixes instead of 30-bit
prefixes for
point-to-point interfaces.

http://www.ietf.org/rfc/rfc3021.txt 
RFC 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A. Retana, R.
 White, V. Fuller, D. McPherson. December 2000. (Format: TXT=19771
 bytes) (Status: PROPOSED STANDARD)

I also suggest implementing correct ICMP operation for these devices
(rate-limiting
works well in the place of filtering outright).  Here is a document
concering that:
http://www.cymru.com/~robt/Docs/Articles/icmp-messages.html 

Finally, I suggest registering these routes in an IRR system (e.g. RADB),
the RIR
system (e.g. ARIN) and having RFC 2142 or stdaddr correct SMTP addresses
for contact information about these networks.  Also making these routers a
part
of the global DNS system (both forward and reverse) completes a best
practice
reference architecture for routing in the Internet.

http://www.ietf.org/rfc/rfc2142.txt 
RFC 2142 Mailbox Names for Common Services, Roles and Functions. D.
 Crocker. May 1997. (Format: TXT=12195 bytes) (Status: PROPOSED
 STANDARD)
http://www.watersprings.org/pub/id/draft-vixie-ops-stdaddr-01.txt 

http://www.ietf.org/rfc/rfc1034.txt 
RFC 1034 Domain names - concepts and facilities. P.V. Mockapetris.
 Nov-01-1987. (Format: TXT=129180 bytes) (Obsoletes RFC0973, RFC0882,
 RFC0883) (Updated by RFC1101, RFC1183, RFC1348, RFC1876, RFC1982,
 

RE: CCNA level IPX question, proper phrasing [7:45138]

[Logan, Harold]

I tried to install the practice test, but no dice so far. I don't suppose
it's win2k friendly?

In the meantime, would you mind sharing with us the wording of the question?
I think it's fair to require someone to know the significance of the
optional mac address after the IPX routing command, but depending on how you
worded the question (and how the explanation of the correct answer is
worded) you may be getting ready to frustrate the h3ll out of anyone who
takes it.

> -Original Message-
> From: Mike Sweeney [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 28, 2002 11:35 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCNA level IPX question, proper phrasing [7:45138]
> 
> 
> So far I'm running about 3 to 1 in favor of the question as 
> it is. Both
> sides have made interesting arguments in their favor. But I'm 
> a bit biased :)
> 
> Logan, I had not thought of the IPX pinging, good call on that.
> 
> MikeS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45269&t=45138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: how to set duplex and speed on 2500 router int ??? [7:45270]

[Drew]

Andy Ethelston wrote:
> 
> 
> Load the config using ifconfig, and then edit your file/etc/hostname
> file so the information will be read on the next startup.
> 

A "non-answer" is superior to a wrong answer.  The file to edit to 
set a netmask is (quite logically) /etc/netmasks (actually, 
/etc/inet/netmasks, but there's a link, so all is well).

Back to cisco, please...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45270&t=45270
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[Peter van Oene]

Interesting points.  I was of the opinion that you meant the Juniper would 
be the last of the core players to pull out of the downturn, vs the last of 
the networking vendors in general.  The enterprise hasn't taken as much of 
a hit as has the SP business which is helpful for those companies that do 
business there.  I tend not to have much faith in market share numbers, 
particularly when the division between SP and enterprise becomes 
blurry.  For what its worth, I'm not aware of any new initiative on Cisco's 
behalf to go after the core market.  I believe they have had tremendous 
success in this market in the past wish to continue that success.

On the hiring side, I would suggest that I've seen very few service 
providers use vendor certifications as a guideline in the hiring 
process.  Furthermore, there are less than 70ish JNCIE's and many work for 
Juniper and thus it would likely be easier to call them individually than 
mass market advertise for them.  I further doubt that many if any 
mainstream recruiters know about the certification.

However, this really is rather OT for this list :)  My bad for asking the 
question I suppose.

Pete

At 10:36 AM 5/28/2002 -0400, Wes Stevens wrote:
>Peter I have been following and trading Juniper stock for years. In the
>beginning everyone loved it because it was so focused - just high end
>routers. Two things came together in 2000 to help them grow sales 6x over
>1999 one was the massive build out of the telcos and the other was the fact
>that they had a year lead on cisco for delivering 192 interfaces. In 2001
>the telco's started cutting back and juniper sales growth went to up 32 %,
>but all of it came in the first half. Since mid year last year sales have
>been dropping qtr over qtr. The biggest reason is the same reason the
>analysts used to love it - focused only on the high end telco market. Well
>the telco's are in a world of trouble. They are so deep in dept that most
>will never climb out. Global xing bit the dust and it looks like wcom may
>follow. Quest is in deep trouble too. Believe it or not the only hope for a
>recovery in the next year is that these big guys go chapter 11 and then
>reorg. All the investors get screwed but their debt goes away and they may
>have some money to invest again. All of the major telcos cut capex for the
>rest of this year and next in their first quarter report. Juniper's also has
>to deal with cisco now as they are going after that same market and have
>taken share away in the last year. This will be especially a problem in
>markets outside the us where cisco already has a presence and juniper does
>not. The last two purchases by Juniper say the reconize the problem as they
>are trying to broaden their product line. But they paid too much for
>Unishere and it will be dilutive this year.
>
>The bottom line is that the big telcos are in real trouble and there is
>still a lot of competition and excess capacity out there. Their capex
>spending is going to be the last thing to recover and along with it Juniper.
>
>Another good indication is in the job market. Go to dice.com or hotjobs and
>do a search on jncie and ccie and see what you get for both.
>
>
> >From: "Peter van Oene"
> >Reply-To: "Peter van Oene"
> >To: [EMAIL PROTECTED]
> >Subject: Re: How do I approach the company about my CCIE [7:40261]
> >Date: Tue, 28 May 2002 08:43:09 -0400
> >
> >What leads you to believe that they "will be at the tail end of the
> >recovery?"
> >
> >At 09:04 PM 5/27/2002 -0400, Wes Stevens wrote:
> > >Jenny I assume you are talking about Juniper. I really don't know
> >anything
> > >about their cert. The company I know pretty well. I would not want to be
> > >looking for a job in this market place with only Juniper experience.
> >Juniper
> > >will not go away for sure, but they will be at the tail end of the
> >recovery
> > >at best.
> > >
> > >
> > > >From: "[EMAIL PROTECTED]"
> > > >Reply-To: "[EMAIL PROTECTED]"
> > > >To: [EMAIL PROTECTED]
> > > >Subject: Re: How do I approach the company about my CCIE [7:40261]
> > > >Date: Mon, 27 May 2002 19:15:12 -0400
> > > >
> > > >"A CCIE is still the highest networking cert and the only one that is
> >not
> >a
> > > >
> > > >paper cert. "
> > > >
> > > >I'll save nrf the trouble of saying this.
> > > >Highest networking cert?  Arguable.  Depends how you define "highest".
> >But
> > > >it's certainly not a totally unreasonable claim.  Only one that is not
> >a
> > > >paper cert?  Hardly.  Try doing a little more research.
> > > >However, if you substitute "Cisco" for "networking" in your original
> > > >sentence, it looks far more accurate.
> > > >
> > > >Cisco is not the only player, or even the only significant player, in
> >the
> > > >networking game.
> > > >
> > > >JMcL
> > > >
> > > >
> > > >- Forwarded by Jenny Mcleod/NSO/CSDA on 28/05/2002 08:39 am -
> > > >
> > > >
> > > >"Wes Stevens"
> > > >Sent by: [EMAIL PROTECTED]
> > > >27/05/2002 11:40 pm
> > > >Please respond to "W

Fast Ether Channel [7:45271]

[Reza]

Dear Group,
Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit Ethernet?

Thanks
Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45271&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[Ron Trunk]

Fast Etherchannel is just that:  Fast Ethernet (100mbs).  There is
EtherChannel, Fast EtherChannel and Gigabit EtherChannel.

What do you mean by support?  If your question is, can I have different
types on each end of a link, the answer is no.
Ron
""Reza""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear Group,
> Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
Ethernet?
>
> Thanks
> Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45272&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Emergency: HOw to extend the telnet timeout for a router? [7:45274]

[MADMAN]

That depends on how you drop the connection.  If you type "exit" or
"quit" the vty is again available.  If you never disconnect, are
abruptly disconected or do a ctrl^x then the connection will remain
indeffinately.

  Dave

Daniel Cotts wrote:
> 
> Be extremely careful if you configure an exec-timout of 0 0 on a vty port.
> It will never release! So when you drop the connection and again telnet
into
> the box you now have one less open port. After five times (or number of vty
> ports) you are locked out of the box. Should you still be inclined to use
> this - then either (a) don't save the config (so someone can power cycle
the
> box to let you back in) or (b) change the setting before you log off.
> 
> > -Original Message-
> > From: Wallace Lee [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, May 28, 2002 10:37 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Emergency: HOw to extend the telnet timeout for a router?
> > [7:45249]
> >
> >
> > yes ,
> > exec-timeout 0  0
> >
> > rgds
> >
> > Dain Deutschman wrote:
> >
> > > Is it
> > > line vty 0 4
> > > exec-timeout  ??
> > > I could be misunderstanding the question. Please correct me
> > if I am wrong.
> > >
> > > Dain
> > >
> > > ""Ocsic""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Hi, all
> > > > the default timeout for a telnet session is 300 sec
> > > >
> > > > Any command can extend the telnet timeout time ?
> > > >
> > > >
> > > > Please mail me [EMAIL PROTECTED]
> > > >
> > > > Thanks
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45274&t=45274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fast Ether Channel [7:45271]

[Schneider, Matt]

just fast ethernet and giga ethernet

-Original Message-
From: Reza [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 1:44 PM
To: [EMAIL PROTECTED]
Subject: Fast Ether Channel [7:45271]


Dear Group,
Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit Ethernet?

Thanks
Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45275&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[MADMAN]

Yes, Yes and Yes

  dave

  disclaimer: of coarse not all cards/switches/OS support channeling.

Reza wrote:
> 
> Dear Group,
> Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
Ethernet?
> 
> Thanks
> Reza
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45276&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

problem at HSRP [7:45277]

[Mohannad Khuffash]

Dear All,
I have two 3660 routers works fine independently, when i tried to configure
one of them to be standby  for the other one, the first one be active always
which has higher priority, where the other goes in a loop in the states of
standby : speak, standby,active, speak,standby, active etc .
Where the first one, didn't see any standby router (unkown).

Router 1
f0/0
ip address 172.16.0.101 255.255.0.0
standby 1 ip 172.16.0.1
standby 1 priority 150 preempt

Router 2
f0/0
ip address 172.16.0.102 255.255.0.0
standby 1 ip 172.16.0.1

Any help please ?


--







Mohannad N. Khuffash
Network Administrator
Palestine Telecommunication Company
Tel: 00972-02-2982330
Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45277&t=45277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fast Ether Channel [7:45271]

[Michael Williams]

AFAIK, you can only do EtherChannel with Fast or Gig ethernet...

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45280&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA level IPX question, proper phrasing [7:45138]

[Mike Sweeney]

It win2K friendly.. in fact it's being developed on a Win2K box :)  I will
check the current package since I reloaded it late yesterday with some edits.

MikeS



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45279&t=45138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP addressing..i think i understand but i am not sure [7:45278]

[dre]

""Peter van Oene""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm not sure where to point you.  All I can tell you is that it is
> commonplace and likely will continue to be so.  I'm currently not aware of
> any routing issues that this behavior would induce.
""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm not sure I could point you to anything more specific than the
> IDR, NANOG, and RIPE routing group archives.  I hadn't noticed this
> desire of the RSNG; the impression I have was the inconsistent routes
> to be reported were those who were NOT registered in the IRR.  Such
> unregistered routes are far more likely to be due to error.
>
> RFC 1930, while a wonderful document certainly worth reading by any
> CCIE candidate, is informational rather than standards-track.

Ahem.
http://www.nanog.org/mtg-0110/lixia.html

I know of many instances where this has been used to hijack traffic.
It's not just a rumor, this is real.  AS3847 used to participate in such
overbearing rediculous practices (for fun and profit).

Announcing inconsistent routes can also have many operational benefits.
Most of the "why" is included in the NANOG presentation, but not
necesarily the "how".

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45278&t=45278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Emergency: HOw to extend the telnet timeout fo [7:45268]

[Michael Williams]

Daniel Cotts wrote:
> 
> Be extremely careful if you configure an exec-timout of 0 0 on
> a vty port.
> It will never release! So when you drop the connection and
> again telnet into
> the box you now have one less open port. After five times (or
> number of vty
> ports) you are locked out of the box. Should you still be
> inclined to use
> this - then either (a) don't save the config (so someone can
> power cycle the
> box to let you back in) or (b) change the setting before you
> log off.

Good point.  We have this setup on some of our routers that we commonly
just sit in all day, and if I kill the telnet process (without allowing it a
graceful exit) my session doesn't hang. it frees up the VTY line I was
using.  Interesting.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45281&t=45268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem at HSRP [7:45277]

[Steven A. Ridder]

What IOS version?

""Mohannad Khuffash""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All,
> I have two 3660 routers works fine independently, when i tried to
configure
> one of them to be standby  for the other one, the first one be active
always
> which has higher priority, where the other goes in a loop in the states of
> standby : speak, standby,active, speak,standby, active etc .
> Where the first one, didn't see any standby router (unkown).
>
> Router 1
> f0/0
> ip address 172.16.0.101 255.255.0.0
> standby 1 ip 172.16.0.1
> standby 1 priority 150 preempt
>
> Router 2
> f0/0
> ip address 172.16.0.102 255.255.0.0
> standby 1 ip 172.16.0.1
>
> Any help please ?
>
>
> --
>
>
>
>
>
>
>
> Mohannad N. Khuffash
> Network Administrator
> Palestine Telecommunication Company
> Tel: 00972-02-2982330
> Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45282&t=45277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[dre]

""Reza""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
Ethernet?

fast etherchannel supports only fast ethernet.

however, etherchannel is supported by all the
ethernet speeds you mentioned.

it also works with 10-gigabit ethernet.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45283&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem at HSRP [7:45277]

[Raul F. Fernandez]

Turn off spanning tree on the switch ports the router lan interfaces are
connected to. Also make sure both ports are in the same vlan. Anyways, long
and short of it, HSRP is timing out when trying to discover a neighbor due
to STP startup time. Also instead of turning off  HSRP you could trry
portfast.

Raul
- Original Message -
From: "Mohannad Khuffash" 
To: 
Sent: Tuesday, May 28, 2002 2:46 PM
Subject: problem at HSRP [7:45277]


> Dear All,
> I have two 3660 routers works fine independently, when i tried to
configure
> one of them to be standby  for the other one, the first one be active
always
> which has higher priority, where the other goes in a loop in the states of
> standby : speak, standby,active, speak,standby, active etc .
> Where the first one, didn't see any standby router (unkown).
>
> Router 1
> f0/0
> ip address 172.16.0.101 255.255.0.0
> standby 1 ip 172.16.0.1
> standby 1 priority 150 preempt
>
> Router 2
> f0/0
> ip address 172.16.0.102 255.255.0.0
> standby 1 ip 172.16.0.1
>
> Any help please ?
>
>
> --
>
>
>
>
>
>
>
> Mohannad N. Khuffash
> Network Administrator
> Palestine Telecommunication Company
> Tel: 00972-02-2982330
> Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45285&t=45277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anti-spoofing [7:45217]

[Kent Hundley]

You need to block more than just your own subnet.  You'll want to block at
least the RFC1918 address spaces and hosts that claim to be from 0.0.0.0,
255.255.255.255, 127.x.x.x and multicast addresses.  You can take a look at
the following for more info:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm

http://www.cisco.com/warp/public/779/largeent/issues/security/safe.html

http://www.cisco.com/warp/public/707/21.html

http://www.phrack.org/phrack/55/P55-10

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Postman Pat
Sent: Tuesday, May 28, 2002 1:35 AM
To: [EMAIL PROTECTED]
Subject: Anti-spoofing [7:45217]


Greetings,
Please help me, I am trying to configure anti-spoofing on a router:

Interface eth 0
Ip address 192.168.1.1 255.255.255.0

Interface ser 0
ip address 10.0.0.1 255.255.255.0
access-list 10 deny 192.168.1.0 0.0.0.255
access-class 10 in

Is my understanding of setting up anti-spoofing correct? Is there anything
I need to change to get this working? How do I improve the security on
this config?

Regards

LK




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45287&t=45217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem at HSRP [7:45277]

[Mohannad Khuffash]

Both are 12.1 .
""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What IOS version?
>
> ""Mohannad Khuffash""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Dear All,
> > I have two 3660 routers works fine independently, when i tried to
> configure
> > one of them to be standby  for the other one, the first one be active
> always
> > which has higher priority, where the other goes in a loop in the states
of
> > standby : speak, standby,active, speak,standby, active etc .
> > Where the first one, didn't see any standby router (unkown).
> >
> > Router 1
> > f0/0
> > ip address 172.16.0.101 255.255.0.0
> > standby 1 ip 172.16.0.1
> > standby 1 priority 150 preempt
> >
> > Router 2
> > f0/0
> > ip address 172.16.0.102 255.255.0.0
> > standby 1 ip 172.16.0.1
> >
> > Any help please ?
> >
> >
> > --
> >
> >
> >
> >
> >
> >
> >
> > Mohannad N. Khuffash
> > Network Administrator
> > Palestine Telecommunication Company
> > Tel: 00972-02-2982330
> > Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45286&t=45277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

max number of Sub interfaces [7:45288]

[Steven A. Ridder]

Is there a max number of subinterfaces a router can handle before it slows
down?  Is this number constrained by memory on a router?  But from a general
design perspecitive, is there a limit to the number?  Could I do 1000
subinterfaces on a router with no performance degredation?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45288&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: max number of Sub interfaces [7:45288]

[Lupi, Guy]

It really depends on the router, memory and processor do factor into it
significantly.  We have a 7206 with an NPE-300 and 256M of memory, it has
well over 1000 subinterfaces on an ATM OC3, an additional OC3 and a clear
channel DS3, no excessive memory or processor usage.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 3:43 PM
To: [EMAIL PROTECTED]
Subject: max number of Sub interfaces [7:45288]


Is there a max number of subinterfaces a router can handle before it slows
down?  Is this number constrained by memory on a router?  But from a general
design perspecitive, is there a limit to the number?  Could I do 1000
subinterfaces on a router with no performance degredation?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45291&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: max number of Sub interfaces [7:45288]

[Matt Street]

check out the link below for your answer

http://www.cisco.com/warp/public/63/idb_limit.html

Matt Street

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steven A. Ridder
Sent: Tuesday, May 28, 2002 3:43 PM
To: [EMAIL PROTECTED]
Subject: max number of Sub interfaces [7:45288]


Is there a max number of subinterfaces a router can handle before it slows
down?  Is this number constrained by memory on a router?  But from a general
design perspecitive, is there a limit to the number?  Could I do 1000
subinterfaces on a router with no performance degredation?

--
RFC 1149 Compliant

Get in my head:
http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45290&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem at HSRP [7:45277]

[MADMAN]

there are some useful standby debugs that may help, no flames
Priscilla;)

  Dave

Mohannad Khuffash wrote:
> 
> Both are 12.1 .
> ""Steven A. Ridder""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > What IOS version?
> >
> > ""Mohannad Khuffash""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Dear All,
> > > I have two 3660 routers works fine independently, when i tried to
> > configure
> > > one of them to be standby  for the other one, the first one be active
> > always
> > > which has higher priority, where the other goes in a loop in the states
> of
> > > standby : speak, standby,active, speak,standby, active etc .
> > > Where the first one, didn't see any standby router (unkown).
> > >
> > > Router 1
> > > f0/0
> > > ip address 172.16.0.101 255.255.0.0
> > > standby 1 ip 172.16.0.1
> > > standby 1 priority 150 preempt
> > >
> > > Router 2
> > > f0/0
> > > ip address 172.16.0.102 255.255.0.0
> > > standby 1 ip 172.16.0.1
> > >
> > > Any help please ?
> > >
> > >
> > > --
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Mohannad N. Khuffash
> > > Network Administrator
> > > Palestine Telecommunication Company
> > > Tel: 00972-02-2982330
> > > Fax:00972-02-2980235
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45293&t=45277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: max number of Sub interfaces [7:45288]

[Mister X]

IDB is the magic Word: Interface Descriptor Block
http://www.cisco.com/warp/public/63/idb_limit.html

Cheers
Tom


""Steven A. Ridder""  schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a max number of subinterfaces a router can handle before it slows
> down?  Is this number constrained by memory on a router?  But from a
general
> design perspecitive, is there a limit to the number?  Could I do 1000
> subinterfaces on a router with no performance degredation?
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45294&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: max number of Sub interfaces [7:45288]

[Rahul Kachalia]

Steven,

Every interfaces includes subinterface(sw), physical interface(hw),
virtual/logical interface(sw) is divided into s/w & h/w category. Each
Software IDBs takes ~2600bytes v/s Hardware IDBs takes ~4700bytes. No.of
IDBs you want to use it depends upon your system resources have it
currently, going with higher number of subinterfaces may slow down boot
process since it has to nvgen configuration, slow-down other processes like
"sh run" & saving configuration to nvram may not fit with or without
compression, etc...

thanks,
rahul.
""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a max number of subinterfaces a router can handle before it slows
> down?  Is this number constrained by memory on a router?  But from a
general
> design perspecitive, is there a limit to the number?  Could I do 1000
> subinterfaces on a router with no performance degredation?
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45295&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Complete, Passed CID 3.0 640-025 [7:45289]

[Ejay Hire]

Hello all.

Today I passed CID 3.0 640-025.  90 minutes, 75 questions, Scoring range 
300-1000, passing score 755.

I will not divulge any information about the exam other than the following.
-The cisco exam outline does not mention SNA
-The cisco exam outline does mention layer two technologies including ATM.
I found the exam to follow the cisco exam outling very closely.

For Preparation I used the Sybex book and residual knowledge from CCNP 
certification.

I've almost got the whole set now.  CCNA, CCNP, CCDP  I'm going to reattempt 
the R&S Lab this fall.

Anyone know of any openings for a Network Engineer with 3-5 years of 
experience?

Please CC me on replies.  I'm unsubscribed now because of hotmail 
limitations.

Thanks,
Ejay Hire
434-591-4564



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45289&t=45289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: max number of Sub interfaces [7:45288]

[Brad Ellis]

Steven,

I supposed it would really depend what else you're doing on the device.
I've worked with a pair of 3640s that each had 300 or so sub-interfaces on
them, running just EIGRP on the routers and they didn't miss a beat.  If
each of those sub-interfaces also had crypto running on them, I'm sure that
would be another story!!!  :)

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there a max number of subinterfaces a router can handle before it slows
> down?  Is this number constrained by memory on a router?  But from a
general
> design perspecitive, is there a limit to the number?  Could I do 1000
> subinterfaces on a router with no performance degredation?
>
> --
> RFC 1149 Compliant
>
> Get in my head:
> http://sar.dynu.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45292&t=45288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[Michael L. Williams]

Do you have any documents or URLs that talk more about the etherchannel
(that allows you to use 10Mbps ethernet in a bundle).

I'm not saying I don't believe you, but twice today I've searched Cisco's
website to find info on it, and I can't find anything but references to
Fast- and Gig-Etherchannel  I even did a Google search on 'etherchannel'
and of the non-Cisco websites that came up, they still indicated it would
only work on 100/1000Mbps ethernet

Thanks!
Mike W.

"dre"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Reza""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
> Ethernet?
>
> fast etherchannel supports only fast ethernet.
>
> however, etherchannel is supported by all the
> ethernet speeds you mentioned.
>
> it also works with 10-gigabit ethernet.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45297&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[Phil Lorenz]

Hmmm- mail relay is a basic function of most ISP and Web hosting
services.

Big picture- your DNS name space and map too IP (range) for your SMTP
gateway must be listed in or accessible (resolvable) via Global DNS.
This allows for the relay downstream toward your exchange server
(assuming Microsoft).

It all pretty much starts with where your MX (Mail Exchanger) transmit
and receive records are pointed and what if any weights are applied in
your DNS entries.

I have studied this process and actually in the past have had to do a
little design work here, but shy of breaking-out the books this is all I
can seem to recall @ the moment.

Topics for research would be DNS & BIND (specifically MX records), Send
Mail, and Exchange (specifically where traffic is received).

Sorry if this may be too vague

Phil



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 27, 2002 12:40 PM
To: [EMAIL PROTECTED]
Subject: Mail Relay [7:45144]

Can anyone tell me what is a mail relay for ??

I know it is not a Cisco issue, but for me it is related to the fact
that I
am only studying cisco stuff and therefore do not know anything about
those
kind of Microsoft things.

Regards.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45298&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP addressing..i think i understand but i am not sure [7:45299]

[Peter van Oene]

At 02:52 PM 5/28/2002 -0400, dre wrote:
>""Peter van Oene""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm not sure where to point you.  All I can tell you is that it is
> > commonplace and likely will continue to be so.  I'm currently not aware
of
> > any routing issues that this behavior would induce.
>""Howard C. Berkowitz""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm not sure I could point you to anything more specific than the
> > IDR, NANOG, and RIPE routing group archives.  I hadn't noticed this
> > desire of the RSNG; the impression I have was the inconsistent routes
> > to be reported were those who were NOT registered in the IRR.  Such
> > unregistered routes are far more likely to be due to error.
> >
> > RFC 1930, while a wonderful document certainly worth reading by any
> > CCIE candidate, is informational rather than standards-track.
>
>Ahem.
>http://www.nanog.org/mtg-0110/lixia.html
>
>I know of many instances where this has been used to hijack traffic.
>It's not just a rumor, this is real.  AS3847 used to participate in such
>overbearing rediculous practices (for fun and profit).
>
>Announcing inconsistent routes can also have many operational benefits.
>Most of the "why" is included in the NANOG presentation, but not
>necesarily the "how".
>
>-dre

Another nice reason for IRR based filtering.  I suppose one could 
erroneously register space to support a hijack, but this would simply leave 
more of a trail.  Thanks for the tip on the presentation, I hadn't see that 
one.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45299&t=45299
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Emergency: HOw to extend the telnet timeout fo [7:45268]

[Shawn Heisey]

If your connection is clean, and the telnet program properly written, it
will terminate the TCP session correctly when the program is closed.

It's badly written clients, or when your network connection gets cut, or
your system crashes that it becomes a problem.  In these instances, the
TCP session isn't properly shut down.  A router with default
configuration will never take action to disconnect the hung session.

What I typically do is configure a 240 minute (4 hour) timeout.  It's
long enough to give you time to think about what you're doing, and short
enough that if my session is killed by a network problem or an
overzealous firewall, I know I'll eventually get back in.

There is also another way to deal with the problem - TCP keepalives.
http://www.cisco.com/warp/public/471/tcpkeepalive.html

Thanks,
Shawn

Michael Williams wrote:
> 
> Daniel Cotts wrote:
> >
> > Be extremely careful if you configure an exec-timout of 0 0 on
> > a vty port.
> > It will never release! So when you drop the connection and
> > again telnet into
> > the box you now have one less open port. After five times (or
> > number of vty
> > ports) you are locked out of the box. Should you still be
> > inclined to use
> > this - then either (a) don't save the config (so someone can
> > power cycle the
> > box to let you back in) or (b) change the setting before you
> > log off.
> 
> Good point.  We have this setup on some of our routers that we commonly
> just sit in all day, and if I kill the telnet process (without allowing it
a
> graceful exit) my session doesn't hang. it frees up the VTY line I was
> using.  Interesting.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45300&t=45268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[MADMAN]

Though this wasn't my post I also said yes to 10M channeling but
realized my mistake upon seeing the first reply mentioning no support
for 10M channels.

  Miller time!!

  Dave

"Michael L. Williams" wrote:
> 
> Do you have any documents or URLs that talk more about the etherchannel
> (that allows you to use 10Mbps ethernet in a bundle).
> 
> I'm not saying I don't believe you, but twice today I've searched Cisco's
> website to find info on it, and I can't find anything but references to
> Fast- and Gig-Etherchannel  I even did a Google search on
'etherchannel'
> and of the non-Cisco websites that came up, they still indicated it would
> only work on 100/1000Mbps ethernet
> 
> Thanks!
> Mike W.
> 
> "dre"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > ""Reza""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
> > Ethernet?
> >
> > fast etherchannel supports only fast ethernet.
> >
> > however, etherchannel is supported by all the
> > ethernet speeds you mentioned.
> >
> > it also works with 10-gigabit ethernet.
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45303&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Complete, Passed CID 3.0 640-025 [7:45289]

[Kris Keen]

I sit this exam in a few weeks, you are saying I shouldnt study SNA?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45301&t=45289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Odd thought on HSRP [7:45302]

[Chuck]

got to thinking about this for one reason or another.

fundamentally, we look at HSRP as a means of providing failover from LAN
stations to redundant WAN links, as illustrated:

wan_link_1  wan_link_2
   |  |
router_1 (HSRP MAC/IP) router_2
  |--|
  workstations



suppose, however, I have a topology wherein I want downstream routers to
have HSRP protection:


wan_link_1  wan_link_2
   |  |
router_1 (HSRP MAC/IP) router_2
  |--|
 | workstations|
 |   |
  router_3 router_4
 |   |
downstream_group_1   downstream_group_2

If I were to set the quad zero route to the HSRP address configured for
routers 1 and 2, think this would work?


I'm wondering what the implications might be. any thoughts?

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45302&t=45302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fast Ether Channel [7:45271]

[Nick Harris]

Mike,

Here is a whitepaper on Fast EtherChannel (please continue reading). It
talks about Kalpana switches, where Cisco acquired the technology from,
and their use of EtherChannel in the early 90s. (look under the title
Fast EtherChannel Components, it's in the first paragraph)

http://www.cisco.com/warp/public/cc/techno/media/lan/ether/channel/tech/
fetec_wp.htm

I don't think there were many Cisco switches that supported
EtherChannel. Kalpana switches did (EPS-2015 is one I can think of) and
the Catalyst 3000, which was just a Kalpana switch anyway.

I bet you could hard set the port speed and duplex on a couple of ports
of a 2900-XL or 3500-XL to 10Mbps and setup an EtherChannel group if you
really needed to test it.

I hope this helps.

Nick

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Michael L. Williams
Sent: Tuesday, May 28, 2002 3:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Fast Ether Channel [7:45271]


Do you have any documents or URLs that talk more about the etherchannel
(that allows you to use 10Mbps ethernet in a bundle).

I'm not saying I don't believe you, but twice today I've searched
Cisco's website to find info on it, and I can't find anything but
references to
Fast- and Gig-Etherchannel  I even did a Google search on
'etherchannel' and of the non-Cisco websites that came up, they still
indicated it would only work on 100/1000Mbps ethernet

Thanks!
Mike W.

"dre"  wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Reza""  wrote in message 
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
> Ethernet?
>
> fast etherchannel supports only fast ethernet.
>
> however, etherchannel is supported by all the
> ethernet speeds you mentioned.
>
> it also works with 10-gigabit ethernet.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45304&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What next? [7:45176]

[Frank Merrill]

What next?

How about Disney World?

Sorry, the question just reminded me of those corny events where the winners
announce such  ;-)



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45306&t=45176
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to set duplex and speed on 2500 router int ??? [7:45238]

[Frank Merrill]

> 
> Question1: May I know how to set the speed and duplex type of
> the interface
> ethernet0 of 2500 router. See below..  there is no speed and
> duplex option
> unlike IOS switch fasthernet switch.

That interface is a 10Mbs/Half-Duplex interface.  You can't set it to
anything else.  The speed and duplex are fixed.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45307&t=45238
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fast Ether Channel [7:45271]

[Brunner Joseph]

tested it.. works on 3548XL but not on 7206VXR (command was not under int
e4/0). On the 3548XL I just set hardcode 10, so it must be in the hardware

!3548XL

!
interface FastEthernet0/1
 speed 10
 port group 3
 spanning-tree portfast
!
interface FastEthernet0/2
 speed 10
 port group 3
 spanning-tree portfast
!


3548XL_1#sh port group
Group  Interface  Transmit Distribution
-  -  -
3  FastEthernet0/2source address
3  FastEthernet0/1source address








Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45305&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Odd thought on HSRP [7:45302]

[Priscilla Oppenheimer]

Chuck,

You have a knack for finding simple solutions that nobody else has thought 
of! ;-)

I think it would work to have routers 3 and 4 in your example have a 
default route to the HSRP address. I can't think of any reason it wouldn't 
work. The only doc I found that mentioned it was an explanation of why PIM 
sparse mode doesn't work when doing this, but notice that the doc doesn't 
say other things won't work:

http://www.cisco.com/warp/public/619/hsrpmcast.html

Priscilla

At 06:35 PM 5/28/02, Chuck wrote:
>got to thinking about this for one reason or another.
>
>fundamentally, we look at HSRP as a means of providing failover from LAN
>stations to redundant WAN links, as illustrated:
>
>wan_link_1  wan_link_2
>|  |
>router_1 (HSRP MAC/IP) router_2
>   |--|
>   workstations
>
>
>
>suppose, however, I have a topology wherein I want downstream routers to
>have HSRP protection:
>
>
>wan_link_1  wan_link_2
>|  |
>router_1 (HSRP MAC/IP) router_2
>   |--|
>  | workstations|
>  |   |
>   router_3 router_4
>  |   |
>downstream_group_1   downstream_group_2
>
>If I were to set the quad zero route to the HSRP address configured for
>routers 1 and 2, think this would work?
>
>
>I'm wondering what the implications might be. any thoughts?
>
>Chuck


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45308&t=45302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Odd thought on HSRP [7:45302]

[John Dorffler]

I worked at an ISP that had many customers with dual Ethernet connections.
Some of these customers wanted to do what you described, and it worked fine,
as long as the customer configured HSRP so that we could put up static
routes to the customer's networks behind their routers using the HSRP
gateway as the next hop address. The only issue, and it was minor, was
making sure the customer's subnets were advertised to the Internet.

Sincerely,
John Dorffler
CCIE #6677

""Chuck""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> got to thinking about this for one reason or another.
>
> fundamentally, we look at HSRP as a means of providing failover from LAN
> stations to redundant WAN links, as illustrated:
>
> wan_link_1  wan_link_2
>|  |
> router_1 (HSRP MAC/IP) router_2
>   |--|
>   workstations
>
>
>
> suppose, however, I have a topology wherein I want downstream routers to
> have HSRP protection:
>
>
> wan_link_1  wan_link_2
>|  |
> router_1 (HSRP MAC/IP) router_2
>   |--|
>  | workstations|
>  |   |
>   router_3 router_4
>  |   |
> downstream_group_1   downstream_group_2
>
> If I were to set the quad zero route to the HSRP address configured for
> routers 1 and 2, think this would work?
>
>
> I'm wondering what the implications might be. any thoughts?
>
> Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45309&t=45302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[Michael L. Williams]

I appreciate your information, Joseph.  I guess my question was more toward
the types of interfaces that will run etherchannel.  i.e. if you're knocking
the speed down on a FastEthernet interface to 10Mbps, it's still a
FastEthernet interface, not Ethernet interface.

One of the requirements for an etherchannel bundle is that all of the ports
(interfaces) in the bundle all be matching speed/duplex.  So it would make
sense that you could knock 100Mbps interfaces down to 10Mbps (as long as
they all match) and it still work.

But are they any Ethernet interfaces (not Fast- or Gig-Ethernet) on any
Cisco devices that support Etherchannel.  I'm thinking there's not, but
that's not to say there's not some switch/router out there that may violate
this Cisco "rule of thumb"  (being you can only do EtherChannel on Fast- or
Gig-Ethernet)

Mike W.

"Brunner Joseph"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> tested it.. works on 3548XL but not on 7206VXR (command was not under int
> e4/0). On the 3548XL I just set hardcode 10, so it must be in the hardware
>
> !3548XL
>
> !
> interface FastEthernet0/1
>  speed 10
>  port group 3
>  spanning-tree portfast
> !
> interface FastEthernet0/2
>  speed 10
>  port group 3
>  spanning-tree portfast
> !
>
>
> 3548XL_1#sh port group
> Group  Interface  Transmit Distribution
> -  -  -
> 3  FastEthernet0/2source address
> 3  FastEthernet0/1source address




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45310&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Complete, Passed CID 3.0 640-025 [7:45289]

[Michael L. Williams]

I can't speak for him, but I think he was "complaining" about (so to speak)
was that SNA and ATM were not on the outline (implying they were on the
exam).

Mike W.

"Kris Keen"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I sit this exam in a few weeks, you are saying I shouldnt study SNA?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45311&t=45289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What next? [7:45176]

[[EMAIL PROTECTED]]

Hey that sounds good.  Maybe I will take tomorrow off and just go see 
Mickey!

Take my wife too!







"Frank Merrill" 
Sent by: [EMAIL PROTECTED]
05/29/2002 08:16 AM
Please respond to "Frank Merrill"

 
To: [EMAIL PROTECTED]
cc: 
Subject:RE: What next? [7:45176]


What next?

How about Disney World?

Sorry, the question just reminded me of those corny events where the 
winners
announce such  ;-)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45312&t=45176
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]