Re: Flash upgrade problems [7:46990]
I'd always thought there was a specific way of inserting the flash chip regardless of where it's 'facing'. Odd thing is I tried loading the IOS (v11.2) on two separate flash chips. Tried it on two different routers (2511 and 2523), had the same errors. Loaded a 12.0 and the errors just disappeared. I'm just waiting for the time when I upgrade to an IOS that requires 16MB. Hope this same thing doesnt happen again. Weird! Wesley Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... face a different way?? Sounds like Flash meant for a 4500/3600 etc that runs IOS from Memory rather than from Flash. That Flash is slower. You can use 2500 Flash in 4500s but I don't believe the reverse is true. I'm assuming that you have a newer version of Boot ROMs that are more understanding of different vendor's Flash. --Original Message- From: Karen Menpes [mailto:[EMAIL PROTECTED]] Sent: Sunday, June 23, 2002 4:14 PM To: [EMAIL PROTECTED] Subject: RE: Flash upgrade problems [7:46990] I had this issue when I tried to install an 8MB flash memory chip into an old 2500 series router. I eventually had to purchase a 4MB chip to make up the flash memory to a total of only 8MB ! This 4MB memory module worked OK. It seems that some older Cisco 2500 series routers just don't like the new 8MB memory modules simply because they face a different way when they are installed. Karen Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47281t=46990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat 6k IOS upgrade failure [7:47282]
I attempted to upgrade a Cat6K on Sunday with little success, shame as the 5Ks worked a treat. If I show the steps below if anyone can point out where I went wrong. Here's the IOS version I started with: IOS (tm) c6sup2_rp Software (c6sup2_rp-IS-M), Version 12.1(3a)E4 I wanted the load this version of IOS c6sup12-is-mz.121-4.E3 which is an IP image. I copied the image into the bootflash of the Cat6k, here's the file below: CAT6k#sh bootflash: -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. image6031AC06 206DF4 25 1600884 Aug 02 2001 18:36:39 c6msfc2-boot-mz.121-3a.E4 2 .. image1F7C0C69 C20430 22 8977828 Jun 19 2002 08:12:06 c6sup12-is-mz.121-4.E3 I didn't place it in the sup-bootflash as I didn't have room for both images. Also I didn't want to erase an image I new that worked and then go through the laborious process of copying files via xmodem if the new image wouldn't load. Here's the file on the sup-bootflash CAT6k#sh sup-bootflash: -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. imageB3497649 8C4B74 23 8932084 Aug 02 2001 18:33:46 c6sup12-is-mz.121-3a.E4 To load the image I placed the following line in the config boot system flash bootflash:c6sup12-is-mz.121-4.E3. Saved the config and checked the bootvar and all seemed OK. I reloaded the switch and got the following error on bootup System Bootstrap, Version 5.3(1) Copyright (c) 1994-1999 by cisco Systems, Inc. c6k_sup1 processor with 65536 Kbytes of main memory Autoboot executing command: boot bootflash:c6sup12-is-mz.121-4.E3 open(): Open Error = -9 loadprog: error - on file open boot: cannot load bootflash:c6sup12-is-mz.121-4.E3 Exit at the end of BOOT string rommon 1 Any obvious mistakes in my approach? Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47282t=47282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: remote router IOS upgrade best practice [7:47283]
Hi group, I am trying to get info from the Groupstudy mail list archive as I remember this was posted several times before. It seems that the archive is having problem, gives me error message 'Glimpse Index Not found'. Can anyone offer some insight ? I have two 1720, each in a different subnet. One router had two 'memory allocation error' problem in two months. Both times required power-cycle the router. Opened a TAC case but could not find any memory hardware issue. The two 1720 are linked by a fractional frame-relay with an ISDN BRI dial backup. TAC said there could be IOS bug related to ISDN BRI, recommended us to upgrade from 12.1.1 to 12.1.15. Anyone has similar problem ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47283t=47283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need suggestion on MAC based VLAN [7:47284]
Dear Group I want to know about implementing Mac based Vlan in Cisco. Can anybody help me. Many thanks in advance. Hitesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47284t=47284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: VPN CLIENT + Dns [7:47125]
The VPN Client is an IPSec tunnel. If your using it, and the concentrator is set to hand them out, it should work. We use the 3030 and the VPN Client (3.5) and it works wonderfully. Its really hard to go wrong with this. Under group/general properties, make sure that the Primary and secondary DNS entries are present and that Inherit are checked. That's All I had to do to make it work. You did click on the save icon correct? Thanks Larry -Original Message- From: Smart Student [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:12 AM To: [EMAIL PROTECTED] Subject: Re: RE: VPN CLIENT + Dns [7:47125] Thanks for the reply Larry , I am using IPSEC tunnels , is it possible to do the same in IPSEC tunnels . regards, Smart Student Roberts, Larry wrote: Are these PPTP tunnels or IPSec. PPTP appends those listed in the concentrator, while the cisco client will remove the local ones and replace them with the ones from the concentrator. If you have more than 3 listed, I don't know if they would show up. Thanks Larry -Original Message- From: Smart Student [mailto:[EMAIL PROTECTED]] Sent: Friday, June 21, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: VPN CLIENT + Dns [7:47125] Hi All Guru's , I Need to config dns servers entries for all the VPN clients that login to VPN concentrator but after adding the entries in the appropiate group configuartions also I have not being able to set any dns entries on the VPN client machines .Can anybody out their suggest me what I am doing wrong. regards, Bharat Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47285t=47125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passing score of MPLS exam ? [7:47286]
Hello, I have scheduled the MPLS exam for July 1'st. Can someone tell me the passing score of this exam.Also any suggestion/comments regarding this exam will be highly helpful. TIA for your help. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47286t=47286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rogue Wireless LANs [7:47287]
I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47287t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47288t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 9:21 PM -0400 6/23/02, Kevin Cullimore wrote: It's a problem when: people assume that symmetry exists when HSRP similar L3 failover technologies are implemented. It's a problem getting in the way of: people's understanding of those failover technologies. Otherwise, I'm thinking that the flexibility (wherein conversations in different directions may be treated differently) is quite welcome. Comments? I was not assuming load-sharing (i.e., multiple HSRP groups), so I'd expect to have the two routers essentially with the same routing table. What would be different would be their uplinks, unless, possibly, there were an additional link connecting the two routers. In other words, I had considered the simple case of two redundant routers, each of which could handle the full load. Perhaps they might have physically diverse uplinks, but I wouldn't expect them to have radically different optimal routes. Consider the following: Local_LAN | -- | | R1 R2 | | telco_1 telco_2 | | R3 R4 | | -- Corporate_Network Seems to me that of R3 and R4, the coproarate network knows one of those as the route to the Local_LAN, preferably the router that is the HSRP primary. hhh thinking about this, interesting design study. HSRP effects only Local_LAN traffic to the Corporate_net. Does return traffic route matter? hhm. would good design consider that R3 and R4 also be an HSRP pair? If they were, what would the effect be, as opposed to if they were not? Maybe I'm outsmarting myself about the data flow implications? Certainly, one can create scenarios where load-sharing or other factors make the two routers significantly different. Depending on the goals and budget, you might even have HSRP in edge routers and more complex routing at a distribution tier. For that matter, people often don't consider L2 failover techniques (e.g., UplinkFast and EtherChannel) with switches feeding the HSRP routers as another aspect of no-single-point-of-failure. - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47289t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: authentication and router [7:46932]
Try to change: line con0 line authentication no_tacacs To: line con0 login authentication no_tacacs -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Friday, June 21, 2002 11:52 AM To: [EMAIL PROTECTED] Subject: FW: authentication and router [7:46932] I wouldn't like any username prompt at the console -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Blair, Philip S Sent: Thursday, June 20, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: FW: authentication and router [7:46932] At the password prompt, if you enter your configured enable password you get access? Sounds like it's working as you have it configured, how did you want it to work? Philip -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: authentication and router [7:46932] I just configured my router to authenticate with cisco secure every works ok, except if I try to Console I get a password promt, and I stop cisco secure I get a password promt Now I tried to enter my enable password and wont work Am I missing something here aaa new-model aaa authentication login default group tacacs+ enable aaa authentication login local local aaa authentication login no_tacacs enable aaa authentication ppp default if-needed group tacacs+ aaa authorization exec default group tacacs+ local aaa authorization network default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ line con0 line authentication no_tacacs Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47290t=46932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
It's only a matter of time. It's bad enough they can buy their own servers and switches down at CompUSA and set up situations that can bring your network down while spanning tree runs.. 1) does your employer have a written security policy in place? Will your management enforce such a policy if it does exist? 2) would a demonstration to senior management about how easily anyone can get into the company net help? Especially if it were done from the Visitors Parking Lot? 3) is it just easier to take on the responsibility for these kinds of rogue operations by initiating the practices recommended by others who have responded? meaning configuring the WAP's, installing the appropriate software on the wireless client machines, etc? not to mention the inevitable troubleshooting, and listening to and having to do something about the inevitable complaints about slow network? best of luck. long experience suggests that in the end, whoever set up this rogue net will win any argument you may have. Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47291t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
What about restricting DHCP based on MAC Address. Problem is a lot more administration. --- Patrick Donlon wrote: I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47292t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Thanks Chris, I was thinking more about securing the switch ports by authenticating mac's (probably a bit OTT) or using SNMP to check for new devices, any other ideas? I've already set up a wireless LAN here with WEP with authentication on an ACS server, which is a waste of time when you have people setting up there own kit, Cheers Pat -- email me on : [EMAIL PROTECTED] chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47293t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Don't know if you know about this or not, but NetStumbler is a good freeware (begware) app for finding those rogue wireless apps that you might not know about. Check them out at: http://www.netstumbler.org/ What about restricting DHCP based on MAC Address. Problem is a lot more administration. --- Patrick Donlon wrote: I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47294t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Simulator offer [7:47295]
arca technologies are offering special discount pricing on their ISDN simulators for Cisco Students and Trainers. The emutel|Solo has 2 ports which offer either S/T or U interfaces (software switchable) and a choice of Euro-ISDN, North American or NTT support. Please see www.isdnsimulator.com for more details Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47295t=47295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
When we find access points like that, we disable the switch port they connect to. We are using Network Stumbler to find rogue access points. Works well and it's free. Ken Patrick Donlon 06/24/02 08:48AM I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47296t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Simulator offer [7:47295]
I've been happy with my $1095 unit from www.CheapISDN.com -Original Message- From: Gillian Wylie [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: ISDN Simulator offer [7:47295] arca technologies are offering special discount pricing on their ISDN simulators for Cisco Students and Trainers. The emutel|Solo has 2 ports which offer either S/T or U interfaces (software switchable) and a choice of Euro-ISDN, North American or NTT support. Please see www.isdnsimulator.com for more details Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47297t=47295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Beta results [7:47144]
Did anyone receive the score ? I would like to know Nigel Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, I'm trying to understand how cisco went about grading this exam. Much like everyone else I too was told by Prometric when I called in that I had passed the exam however, the score report I received had something totally different in mind( yes I failed!) What I thought was strange was the passing score which was 45%. I guess 44% leaves short of the mark. This beta reminds me of the CCIE Security beta in which not many folks on the list passed. Good thing this test didn't count as a recert credit. I guess I'll be thinking about taking the recert exam sometime next year...:- Nigel - Original Message - From: Michael L. Williams To: Sent: Sunday, June 23, 2002 6:44 PM Subject: Re: CCIE Beta results [7:47144] Are the scores starting to come in now? I still haven't received mine yet... =( Although, banking on the fact I would fail, I went ahead and took the current written and passed, so I'm not too worried about the beta results... just curious =) Mike W. Semiglia Bodero wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did you receive the score?. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47298t=47144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WHEN WILL CCIE 350-001 EXPIRE [7:47184]
I'm at the Networkers CCIE power session as I type, and I heard July. Steve Frank Merrill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My guess is no later than the middle of August based on previous Cisco Beta-to-production life cycles. However, anything is possible. The Beta test itself ended on May 6, and the results from that are just coming in about now. The Beta was a 'brutal' exam so to speak. The current written is relatively easy compared to the Beta questions. I would guess they will have the new questions on the test very soon. Good Luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47299t=47184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
I think the picture got messed up. But, let's say R1 and R2 are running HSRP on the Local LAN. It doesn't matter which one becomes primary. If the clients send to one router, but the other router has a better route, than the router will send the packet back out the Local LAN to the other router. It's the typical extra hop that many networks have. The router should send an ICMP Redirect (although that is disabled by default when using HSRP.) But it works without any major hitches because both routers have complete routing tables that describe the entire internetwork. Since your picture is symmetrical (or at least I think it was?) the same thing can occur on the Corporate LAN. R3 and R3 can run HSRP too. Now, for traffic coming back, we have a more interesting problem It would depend on the routing protocol and the maximum-paths configuration, wouldn't it? For some routing protocols, each router would only know one way back. If that way includes the broken interface, then the protocol will have to converge before traffic can make it back. A few more comments in line... Consider the following: Local_LAN | -- | | R1 R2 | | telco_1 telco_2 | | R3 R4 | | -- Corporate_Network Seems to me that of R3 and R4, the coproarate network knows one of those as the route to the Local_LAN, preferably the router that is the HSRP primary. You mean the HSRP primary on the Local LAN? Of course the routers on the Corporate Network don't know anything about HSRP on the Local LAN. Plus, it doesn't matter whether their path goes back via R1 or R2. Which one it chooses would depend on the routing protocol. Maybe it's IGRP and one of the links has much less bandwidth so the other is preferred. Maybe you're using variance so that both routes are known. hhh thinking about this, interesting design study. HSRP effects only Local_LAN traffic to the Corporate_net. Does return traffic route matter? HSRP on the Local LAN doesn't affect it. Other things do. hhm. would good design consider that R3 and R4 also be an HSRP pair? In your simple design, sure, I would say make them HSRP pairs too. You might want to know some load balancing and make one the active for some VLANs and the other the active for other VLANs. I know you know all this basic stuff. ;-) If you meant for this to be a more advanced discussion, just let me know. Thanks. Priscilla If they were, what would the effect be, as opposed to if they were not Maybe I'm outsmarting myself about the data flow implications? Certainly, one can create scenarios where load-sharing or other factors make the two routers significantly different. Depending on the goals and budget, you might even have HSRP in edge routers and more complex routing at a distribution tier. For that matter, people often don't consider L2 failover techniques (e.g., UplinkFast and EtherChannel) with switches feeding the HSRP routers as another aspect of no-single-point-of-failure. - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47300t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN DDR and Routing Protocols [7:47301]
Hy I have a ISDN Dial up and dont want have any Routing Protocol over it. What is the right access-list, and which features should you Block over the ISDN link. access-list 101 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ( or any any ) access-list 101 deny Tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq bgp ( or 179 ) access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ip access-group 101 out ( on the BRI interface both sites ) no cdp enable ( is this nessecary? ) passiv-interface BRI 0 ( on specific Routing process ) is this enough to stop all the Routing Protocols over the ISDN link or missed I something Thanks for Help Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47301t=47301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47303t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Sorry misread the question, best option is to disable unused swithcports and resric them to mac, like you were mentioning. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks Chris, I was thinking more about securing the switch ports by authenticating mac's (probably a bit OTT) or using SNMP to check for new devices, any other ideas? I've already set up a wireless LAN here with WEP with authentication on an ACS server, which is a waste of time when you have people setting up there own kit, Cheers Pat -- email me on : [EMAIL PROTECTED] chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47305t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rogue Wireless LANs [7:47287]
Ah the old eighth layer. Policy policy policy = termination termination termination. Usually the first one to go gets the point across to the other folks. ; -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:27 PM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47306t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multi-Switch SPAN/Monitor question [7:47026]
I'm doing exactly that. I have two 5509s spanning into a smaller switch, and the smaller switch spanning into my sensor. But we're moving in a few months, and after the move, I'll be trunking the 5509s, so I won't need to do that anymore. Bob German CCNA, MCSE, CNE Sr Sys Eng - Irides, LLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Wednesday, June 19, 2002 10:20 PM To: [EMAIL PROTECTED] Subject: Multi-Switch SPAN/Monitor question [7:47026] Okay... Let's say I have three switches (or four or whatever). assume these switches are capable of SPANning/Monitoring *all* of the traffic on the switch to a single port. (assume the bandwidth required for the span port isn't more than the bandwidth of the port, which for this discussion is 100Mbps). So, now I have 3 switches , each of which are sending all of their traffic out of a span port. Is it possible to take each of those 100Mbps span links, then connect them into another switch (say a 3550 or something that takes 100Mbps ports and has Gig out) and span them out on a single link? Since a 3550 can span all traffic in a VLAN (which would be all traffic coming into the switch by default) to a port, could I use that 3550 so combine all of the data coming in across all 3 of those 100Mbps span ports from the other switches and combine them and span them out of a gig port on the 3550? Reason I ask, is that we were trying to think of a way to span all of the traffic across multiple switches into a single line to connection to an IDS sensor.. Anyone ever do this? Any of your security/IDS people every do this? TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47307t=47026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 exams [7:47308]
Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47308t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IP support Certification [7:47309]
Can anyone recommend which books to prepare for the three tests to complete the certification? jp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47309t=47309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Trust me, u dont need classes. Just study 4 books from Cisco Press and ull do it fine. I passed 3 exams in 15 days and only one to go. If u appear for MCNS, 95% CSVPN is covered and 75% Pix is covered. For IDS i am myself studying. Shahid [EMAIL PROTECTED] wrote: Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47313t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Trust me, u dont need classes. Just study 4 books from Cisco Press and ull do it fine. I passed 3 exams in 15 days and only one to go. If u appear for MCNS, 95% CSVPN is covered and 75% Pix is covered. For IDS i am myself studying. Shahid [EMAIL PROTECTED] wrote: Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47314t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Trust me, u dont need classes. Just study 4 books from Cisco Press and ull do it fine. I passed 3 exams in 15 days and only one to go. If u appear for MCNS, 95% CSVPN is covered and 75% Pix is covered. For IDS i am myself studying. Shahid [EMAIL PROTECTED] wrote: Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47312t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Obviously the corresponding books for each of the classes/exams from cisco press. Managing Cisco Network Security Cisco Secure Pix Firewalls Cisco Secure Virtual Private Networks Cisco Secure Intrusion Detection System Some other publishers have books that cover these subjects too, but I have no real experience of these. Some other books that might also be useful are Enhanced IP services for Cisco networks Cisco Secure Internet Security Solutions Cisco IOS Network Security (there may be a release specific version of this) There are also a bunch of really good technical documents on the CCO site. You should look into the product docs and data sheets for IOS, PIX, VPN Concentrator and IDS system, then read through some of the TAC technical documents and sample configurations. They cover the information you need to know but you will have to do more work to find the information you need. Hope these help. Peter Walker CISSP, CCSE, CSS1, CCNP, CCIP, etc --On Monday, June 24, 2002 3:20 PM -0400 [EMAIL PROTECTED] wrote: Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47315t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Simulator offer [7:47295]
Don't forget eBay, as well. I just picked up a Teltone ILS-1000 for a decent price. Also, I've seen some auctions for the units from Cheap ISDN and Emutel at decent prices. Shawn K. -Original Message- From: Andy Barkl [SMTP:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:30 PM To: [EMAIL PROTECTED] Subject: RE: ISDN Simulator offer [7:47295] I've been happy with my $1095 unit from www.CheapISDN.com -Original Message- From: Gillian Wylie [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: ISDN Simulator offer [7:47295] arca technologies are offering special discount pricing on their ISDN simulators for Cisco Students and Trainers. The emutel|Solo has 2 ports which offer either S/T or U interfaces (software switchable) and a choice of Euro-ISDN, North American or NTT support. Please see www.isdnsimulator.com for more details Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47304t=47295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS1 exams [7:47308]
1. Managing Cisco Network Security -- Cisco Press 2. Boson Test. It should be enough to pass the MCNS, VPN, PIX, but regarding the IDS you'd better to have some hands-on experience on that, otherwise, you have to remember lots of operation menus, commands, etc. good luck Best Regards. Leo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 2002?6?24? 15:21 To: [EMAIL PROTECTED] Subject: CSS1 exams [7:47308] Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47310t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: about ciscofan [7:47279]
Does it have English Version? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of LEOSHEN Sent: Monday, June 24, 2002 12:43 AM To: [EMAIL PROTECTED] Subject: about ciscofan [7:47279] the present url of ciscofan is ciscofan.yeah.net welcome to visit it! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47316t=47279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Beta results [7:47144]
I received my score in the mail today.. I PASSED!!! I have *no* idea how I slid by, but I got a 50 on it. (passing score was 45) The beta was very difficult, so much so that I forked up the $300 and took the current written a week or so later (and passed)... So I could look at this as $300 wasted, or not. I choose not. If anything, I look at it as $50 well spent, just to keep me up on what changes are going to be made to the written. Mike W. groupstudy.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did anyone receive the score ? I would like to know Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47317t=47144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Qualified specialist [7:47263]
Hi, They will send a congratulatory letter, a certificate and nothing moreno ID card. Enjoy --- Dwayne Saunders wrote: Hi all Was Just wondering after completing your Cisco Qualified specialist exam what does Cisco send out if anything [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47319t=47263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN DDR and Routing Protocols [7:47301]
I don't know which IGP protocols you run on your network (if any)... so this is just a wild guess. If you were running RIP it could trigger the link ... (I would add: access-list 101 deny udp any any eq 520) If you were running OSPF (I would add: access-list 101 deny ospf any any) Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47321t=47301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
klez crashed our router [7:47323]
I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47323t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WHEN WILL CCIE 350-001 EXPIRE [7:47184]
Suppose someone registers with prometric to take the exam 350-001 in August,and this exam retires in July. What happens then, he/she still takes the 350-001 version or the newest version of it (351-001). Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47324t=47184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fw: WHEN WILL CCIE 350-001 EXPIRE [7:47184]
Steve : Suppose someone registers with prometric to take the exam 350-001 in August,and this exam retires in July. What happens then, he/she still takes the 350-001 version or the newest version of it (351-001). Thanks Reply To This Message Newer - Original Message - From: Steven A. Ridder To: Sent: Monday, June 24, 2002 1:07 PM Subject: Re: WHEN WILL CCIE 350-001 EXPIRE [7:47184] I'm at the Networkers CCIE power session as I type, and I heard July. Steve Frank Merrill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My guess is no later than the middle of August based on previous Cisco Beta-to-production life cycles. However, anything is possible. The Beta test itself ended on May 6, and the results from that are just coming in about now. The Beta was a 'brutal' exam so to speak. The current written is relatively easy compared to the Beta questions. I would guess they will have the new questions on the test very soon. Good Luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47325t=47184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Benchmark CCIE [7:47320]
About 10-15 minutes would be about right. Speed is important, but more than anything else, the knowledge and reason why are you are doing it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47326t=47320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please remove my e-mail from this newsgroup. Thanks. [7:47327]
_ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47327t=47327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: klez crashed our router [7:47323]
Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47329t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Recently I had the pleasure of taking one of the courses CSVPN via a training partner. Most of the course material is echo'd on the cisco site. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt4/index.htm If you step down a layer from that directory you will find another set of docs that may help you with other sections of the CSS1. Other than that the instructor I had mentioned reading the Safe Blueprint. Or check out http://www.cisco.com/warp/public/707/index.shtml As mentioned, I am not sure of the other sections of the course but those sites may help. Don't forget hands on is a good teacher. Just my $0.02 Kim From: [EMAIL PROTECTED] Date: 2002/06/24 Mon PM 03:20:31 EDT To: [EMAIL PROTECTED] Subject: CSS1 exams [7:47308] Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47328t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: klez crashed our router [7:47323]
Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47330t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WHEN WILL CCIE 350-001 EXPIRE [7:47184]
He/She will take the newer version doesn't matter when you register. It matters when you take it. HTH, Mike W. Shaheen Gagan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Suppose someone registers with prometric to take the exam 350-001 in August,and this exam retires in July. What happens then, he/she still takes the 350-001 version or the newest version of it (351-001). Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47331t=47184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]
Hey Team, I am trying to pass data through a WIC-1DSU-T1 to test it. In order to do this, I need to put a couple of modular routers back-to-back. I can handle the configuration if I can just get the right cable. I have cable and a crimper. Does anybody have any idea what pinout I would need to use to do this correctly? I have checked Cisco's web site and can't find anything. Thanks for your help! Kevin Love [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47332t=47332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
here is the ANSWER from CISCO on the dlsw [7:47333]
CISCO'S ANSWER: --- peer-on-demand defaults does not change what we learn from the peer during CapEx. We have learned the default cost value from the remote, which is 3 - and that is what we show in 'sh dls cap'. However, the value configured on peer-on- demand defaults (5) overrides this operationally. So even though the capabilities reported a value of 3, the value that is actually being used is 5. Unfortunately, other than the config there is no show command that shows the operational cost value of the peer. - Scott PROBLEM/ISSUE: -- i have the following config...r5 is the border peer r8 r4 are clients...i configure a default cost of 5 on r5 but when i issue a show dlsw cap on either client, the peer cost stays @ 3...is this a bug or misconfig? r5 (the border peer) dlsw local-peer peer-id 100.100.5.5 group 100 border promiscuous dlsw peer-on-demand-defaults cost 5 #also tried configuring dlsw prom-peer-defaults cost 5 here but it did not work as well - the only thing that works is when i explictly configure the cost on the dlsw local-peer statement (then it shows up on r8 r4 w/ a cost of 2) -- r8 (a border peer client) dlsw local-peer peer-id 100.100.8.8 group 100 dlsw remote-peer 0 tcp 100.100.5.5 -- r4 (a border peer client) dlsw local-peer peer-id 100.100.4.4 group 100 dlsw remote-peer 0 tcp 100.100.5.5 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47333t=47333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Benchmark CCIE [7:47320]
Alex, I am sure you can improve your time as you go along. But, I have another advice on ISDN for you. Do NOT get in to the habit of configuring your Chap to use your router's name as the username. Whatever you configure (CHAP, Callback, Callin one-way authentication..), make sure Chap's username is different than the router's name. No way you can change your bad habits in the ccie lab if needed, even if you know how to. Good luck, Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: Benchmark CCIE [7:47320] How fast should a well prepared CCIE candidate take to setup the network below: (watch the wrap) http://www.cisco.com/warp/customer/129/bri-backup-map-watch.html Right now I am taking 30 minutes. Is that too slow or about right right? Thanks, Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47334t=47320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Neighbor distribute-list command w/ Extended ACL [7:47272]
The statement access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 could also be re-written as: access-list 100 permit ip host 192.108.0.0 host 255.255.0.0 which means that only the aggregate /16 will be accepted. The second statement: access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 denies the VLSM networks under the /16. Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dain Deutschman Sent: Sunday, June 23, 2002 9:05 PM To: [EMAIL PROTECTED] Subject: Re: Neighbor distribute-list command w/ Extended ACL [7:47272] It's kind of wierd. The source portion of the access list defines the network whose updates are permited/denied...no suprise...the wierd part is that the destination portion specifies the subnet mask of that network. So, in your example; access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 ( 192.108.0.0 [wildcard] 0.0.0.0 [subnet mask] 255.255.0.0 [wildcard] 0.0.0.0) ( 192.108.0.0/16 will be advertised ) Maybe someone else can jump in...because the wildcard is 0.0.0.0 does it mean that any other VLSM networks under the 192.108.0.0/16 supernet would also be advertised? access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 ( 192.108.0.0 [wildcard] 0.0.255.255 [ subnet mask ] 255.255.0.0 [wildcard ] 0.0.255.255) (192.108.0.0/16 would be denied...the last two octets are ignored ) I'm new to all this and learning it myself...so please...someone correct me if I am wrong or add to my comments. Thanks. Dain. Hunt Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Can anyone please explain this to me?? I have read some examples regarding neighbor x.x.x.x distribute-list in | out using extended Access-List from CCO, Internet Routing Arch (by Halabi) BGP 4 Command Reference (by Parkhurst), yet I'm still very confused. Below is one of them neighbor 120.23.4.1 distribute-list 100 in access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 How do you read these things?? Any help will be greatly appreciated. Thanks, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47335t=47272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP NLRI [7:47337]
I am having some trouble understanding NLRI as opposed to straight network routing updates. Anyone got a pointer to information that might clear up NLRI some? Thanks -- --Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47337t=47337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: klez crashed our router [7:47323]
Dude, you mis read. it's shares on attached networks, not on the routers :) B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:41 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47338t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]
Kevin, Check out http://www2.adtran.com/support/technotes/t1ddsadptxvr/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Love Sent: Monday, June 24, 2002 8:50 PM To: [EMAIL PROTECTED] Subject: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332] Hey Team, I am trying to pass data through a WIC-1DSU-T1 to test it. In order to do this, I need to put a couple of modular routers back-to-back. I can handle the configuration if I can just get the right cable. I have cable and a crimper. Does anybody have any idea what pinout I would need to use to do this correctly? I have checked Cisco's web site and can't find anything. Thanks for your help! Kevin Love [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47339t=47332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]
Yeah... you can make one pretty easily. http://www.cisco.com/univercd/cc/td/doc/product/dsl_prod/6015/6015hig/05inap pc.htm http://www2.adtran.com/support/technotes/t1ddsadptxvr/ HTH, Mike W. Kevin Love wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey Team, I am trying to pass data through a WIC-1DSU-T1 to test it. In order to do this, I need to put a couple of modular routers back-to-back. I can handle the configuration if I can just get the right cable. I have cable and a crimper. Does anybody have any idea what pinout I would need to use to do this correctly? I have checked Cisco's web site and can't find anything. Thanks for your help! Kevin Love [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47340t=47332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need suggestion on MAC based VLAN [7:47284]
Assuming you are using catOS, here is a start http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/v mps.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hitesh Pathak R Sent: Monday, June 24, 2002 6:42 AM To: [EMAIL PROTECTED] Subject: Need suggestion on MAC based VLAN [7:47284] Dear Group I want to know about implementing Mac based Vlan in Cisco. Can anybody help me. Many thanks in advance. Hitesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47341t=47284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
- Original Message - From: Priscilla Oppenheimer To: Sent: 24 June 2002 2:26 pm Subject: Re: Rogue Wireless LANs [7:47287] At 11:54 AM 6/24/02, chris wrote: WEP for starters, then you can set the acccess point to only accept connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Those problems might constitute an instance where the plaintext authentication mechanisms that modern routing protocols support could serve a purpose other than RFC-2223 compliance. Their use generally don't provide an adequate level of security, but they might provide enough of an obstacle to deter some of the end-users bent on bringing the network down via their participation on (in?) it. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's supposed to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla You can implement LEAP on the cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP outside the LAN/Firewall and require VPN to access the LAN resources. Cisco has good whitepaper on securing wireless. What you have experienced pretty common. Chris Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone have any tips on preventing users and dept's who don't think about security from plugging whatever they like into the network, Cheers Pat -- email me on : [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47343t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: klez crashed our router [7:47323]
Yes. being very aware of Klez and what it does/can do, I was taking his statement that the 3640 needed to be restarted as an implication that perhaps the router got the virus. That's why I was asking for a clarification. =) Mike W. Brian Backer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dude, you mis read. it's shares on attached networks, not on the routers :) B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:41 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47345t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: klez crashed our router [7:47323]
Now that would be a tricky virus...but I guess if someone wanted to do it, it would be possible to write up a little worm that instead of trying to find unpatched IIS servers looks for routers with the RW community of private then erases their config. However I don't think you are going to find that many routers compared to unpatched IIS systems. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:05 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Yes. being very aware of Klez and what it does/can do, I was taking his statement that the 3640 needed to be restarted as an implication that perhaps the router got the virus. That's why I was asking for a clarification. =) Mike W. Brian Backer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dude, you mis read. it's shares on attached networks, not on the routers :) B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:41 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47346t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]
LOL. I posted the exact same link. gotta love Google =) Mike W. Brian Backer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Kevin, Check out http://www2.adtran.com/support/technotes/t1ddsadptxvr/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47347t=47332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM T-1 cards for a 3640 [7:47348]
Someone sent me the following: Here are the prices that I found (approx. prices): 4 port T1 ATM interfaces NEW=$3000 Refurb (no returns etc.)=$2100 8 port T1 ATM interfaces NEW=$5250 Refurb (no returns etc.)=$4100 Is there not a less expensive card with a single ATM interface for a 3640? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47348t=47348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: klez crashed our router [7:47323]
True, true however, a buddy of mine in security has said (from his experiences wearing the black hat) that you wouldn't believe how many routers are setup with 'cisco/cisco' as the telnet and enable password. =) Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Now that would be a tricky virus...but I guess if someone wanted to do it, it would be possible to write up a little worm that instead of trying to find unpatched IIS servers looks for routers with the RW community of private then erases their config. However I don't think you are going to find that many routers compared to unpatched IIS systems. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:05 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Yes. being very aware of Klez and what it does/can do, I was taking his statement that the 3640 needed to be restarted as an implication that perhaps the router got the virus. That's why I was asking for a clarification. =) Mike W. Brian Backer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dude, you mis read. it's shares on attached networks, not on the routers :) B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:41 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47349t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Neighbor distribute-list command w/ Extended ACL [7:47272]
Hunt, Simply put, a distribute list simply has an ACL associated with it (in your example it's an extended ACL). Traffic inbound from the peered router (120.23.4.1) has extended ACL applied to it. You are probably familiar of defining ACL's and applying it on an interface. In this example you are simply applying it on the peer (called a distribute list). HTH, Mark. -Original Message- From: Hunt Lee [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 June 2002 1:04 PM To: [EMAIL PROTECTED] Subject: Neighbor distribute-list command w/ Extended ACL [7:47272] Hi all, Can anyone please explain this to me?? I have read some examples regarding neighbor x.x.x.x distribute-list in | out using extended Access-List from CCO, Internet Routing Arch (by Halabi) BGP 4 Command Reference (by Parkhurst), yet I'm still very confused. Below is one of them neighbor 120.23.4.1 distribute-list 100 in access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 How do you read these things?? Any help will be greatly appreciated. Thanks, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47350t=47272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need suggestion on MAC based VLAN [7:47284]
Thanks for the info. Is it possible that normal Vlan dynamic Vlan can co-exist ? -Original Message- From: Andy Hoang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 7:16 AM To: [EMAIL PROTECTED] Subject: RE: Need suggestion on MAC based VLAN [7:47284] Assuming you are using catOS, here is a start http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/v mps.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hitesh Pathak R Sent: Monday, June 24, 2002 6:42 AM To: [EMAIL PROTECTED] Subject: Need suggestion on MAC based VLAN [7:47284] Dear Group I want to know about implementing Mac based Vlan in Cisco. Can anybody help me. Many thanks in advance. Hitesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47351t=47284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: klez crashed our router [7:47323]
Tis very true... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 9:25 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] True, true however, a buddy of mine in security has said (from his experiences wearing the black hat) that you wouldn't believe how many routers are setup with 'cisco/cisco' as the telnet and enable password. =) Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Now that would be a tricky virus...but I guess if someone wanted to do it, it would be possible to write up a little worm that instead of trying to find unpatched IIS servers looks for routers with the RW community of private then erases their config. However I don't think you are going to find that many routers compared to unpatched IIS systems. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:05 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Yes. being very aware of Klez and what it does/can do, I was taking his statement that the 3640 needed to be restarted as an implication that perhaps the router got the virus. That's why I was asking for a clarification. =) Mike W. Brian Backer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dude, you mis read. it's shares on attached networks, not on the routers :) B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Monday, June 24, 2002 8:41 PM To: [EMAIL PROTECTED] Subject: Re: klez crashed our router [7:47323] Shares? On Routers? Tell me more.. Mike W. Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, some forms of the Klez infects network shares. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Crouch Sent: Monday, June 24, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: klez crashed our router [7:47323] I user brought in the w32.klez.h.mm virus our virus software was able to stop it from spreading but our router 3640 router stop responding and had to be restarted. Can this virus attack shares on networks connected to the router? can klez spread across the router using other then smtp? we curently have NBAR set up for block code red type viruses. Thanks Gary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47352t=47323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Gurus HElp! [7:47353]
Halo CIscoer, help me on this ISDN debug: 12:24:38: CALL_PROC pd = 8 callref = 0xF5 12:24:163208757248: ISDN BR1/4: TX - RRr sapi = 0 tei = 64 nr = 2 12:24:45: ISDN BR1/4: RX RRr sapi = 0 tei = 64 nr = 3 12:24:193273528320: BRI1/4: wait for isdn carrier timeout, call id=0x817F 12:24:195440255788: DDR: Dialing failed, 5 packets unqueued and discarded 12:24:195440239956: ISDN BR1/4: TX - INFOc sapi = 0 tei = 64 ns = 1 nr = 3 i = 0x0801754D08028090 12:24:193273528320: RELEASE pd = 8 callref = 0x75 12:24:195440240252: Cause i = 0x8090 - Normal call clearing 12:24:45: ISDN BR1/4: RX RRr sapi = 0 tei Thank YOu HATO _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47353t=47353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ASYNC-to-MODEM Cabling [7:47354]
Hey all, I've been having problems setting up my access server (2511) to accept incoming PPP sessions via an external modem, and I finally figured out it is a cabling problem. Therefore, I need the model and availability of a cable that connects my Hayes Accura modem (female DB-9) to a cisco octal cable (male RJ-45), with all the correct pinouts. The only reason I am not including all the correct pinouts for the cabling is because someone HAS to have run into this issue before. I am simply trying to locate a couple of these cables so I can set up my access servers on one of the 16 Async lines on my 2511... I really need your help with this. Please email me directly, if possible. Thanks in advance! Eddie [GroupStudy.com removed an attachment of type image/jpeg which had a name of Notebook.jpg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47354t=47354 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Undeliverable mail--Alto Bound [7:47355]
The following mail can't be sent to [EMAIL PROTECTED]: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Alto Bound The attachment is the original mail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47355t=47355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM T-1 cards for a 3640 [7:47348]
the cards in question are the ATM T1 IMA cards, which list for 4,000 for the 4 port and 7,000 for the 8 port. You do the math. No there is no 1 port ATM T1 for the 36xx box. OTOH, there is a 1 port ATM T1 card for the 2650 router - I don't have my pricing tools handy, so I can't get you a part number or list price. Something like AIM module, which takes a WIC T1 card inserted into it to become a T! ATM port. Last I looked, this option was not available for the 36xx series. HTH Anil Gupte wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone sent me the following: Here are the prices that I found (approx. prices): 4 port T1 ATM interfaces NEW=$3000 Refurb (no returns etc.)=$2100 8 port T1 ATM interfaces NEW=$5250 Refurb (no returns etc.)=$4100 Is there not a less expensive card with a single ATM interface for a 3640? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47356t=47348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Gurus HElp! [7:47353]
Let me take a swing at this.. Looking at the debug I would assume, that ISDN Service provider is not 'there' by looking at this line. 12:24:193273528320: BRI1/4: wait for isdn carrier timeout, call id=0x817F Can I assume that the D Channel is up looking looking at the TEI number which is normally automatically assigned a number from 63 (or was that 62) onwards. -Original Message- From: Juli Hato [mailto:[EMAIL PROTECTED]] Sent: 25 June 2002 06:38 To: [EMAIL PROTECTED] Subject: ISDN Gurus HElp! [7:47353] Halo CIscoer, help me on this ISDN debug: 12:24:38: CALL_PROC pd = 8 callref = 0xF5 12:24:163208757248: ISDN BR1/4: TX - RRr sapi = 0 tei = 64 nr = 2 12:24:45: ISDN BR1/4: RX RRr sapi = 0 tei = 64 nr = 3 12:24:193273528320: BRI1/4: wait for isdn carrier timeout, call id=0x817F 12:24:195440255788: DDR: Dialing failed, 5 packets unqueued and discarded 12:24:195440239956: ISDN BR1/4: TX - INFOc sapi = 0 tei = 64 ns = 1 nr = 3 i = 0x0801754D08028090 12:24:193273528320: RELEASE pd = 8 callref = 0x75 12:24:195440240252: Cause i = 0x8090 - Normal call clearing 12:24:45: ISDN BR1/4: RX RRr sapi = 0 tei Thank YOu HATO _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47357t=47353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please remove my e-mail from this newsgroup. T [7:47336]
To remove yourself simply type your e-mail address in the List Manager found on www.groupstudy.com and click unsubscribe all lists (which is the default value). Or you can follow the directions under the list link (http://www.groupstudy.com/list/cisco.html), or follow the directions from the e-mail sent to you when you subscribed. In general, I tried to make unsubscribing much easier then subscribing. If you can subscribe to the list, you should be able to unsubscribe. Take care, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Marlon Brown Sent: Monday, June 24, 2002 7:30 PM To: [EMAIL PROTECTED] Subject: Please remove my e-mail from this newsgroup. Thanks. [7:47327] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47336t=47336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Documentation CD Errors [7:47358]
Hi guys I have a problem that I'm sure you guys may have encountered before. Even after installing the recommended software, I still get gibberish when I click on any link on the documentation CD home page. I am currently using the November 2001 CD and have tried with various other editions of this CD. Can anyone suggest a quick course of action. Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47358t=47358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
!!!For the curious Minds; Here's The 3550-EMI !!! [7:47322]
Just got a new 3550-EMI 24port. Check the sh ip portion. Yep, it's an IP router! Looks like this little bad boy could actually throw a rather large monkey wrech into the works. -Eric ## 3550-EMI#? Exec commands: access-enableCreate a temporary Access-List entry access-template Create a temporary Access-List entry archive manage archive files cd Change current directory clearReset functions clockManage the system clock cluster cluster exec mode commands configureEnter configuration mode connect Open a terminal connection copy Copy from one file to another debugDebugging functions (see also 'undebug') delete Delete a file dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect an existing network connection dot1xIEEE 801.1X commands enable Turn on privileged commands eraseErase a filesystem exit Exit from the EXEC format Format a filesystem fsck Fsck a filesystem help Description of the interactive help system lock Lock the terminal loginLog in as a particular user logout Exit from the EXEC mkdirCreate new directory more Display the contents of a file mrinfo Request neighbor and version information from a multicast router mrm IP Multicast Routing Monitor Test mstatShow statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection no Disable debugging functions ping Send echo messages pwd Display current working directory rcommand Run command on remote switch reload Halt and perform a cold restart rename Rename a file resume Resume an active network connection rmdirRemove existing directory rsh Execute a remote command send Send a message to other tty lines setupRun the SETUP command facility show Show running system information systat Display information about terminal lines telnet Open a telnet connection terminal Set terminal line parameters test Test subsystems, memory, and interfaces traceroute Trace route to destination tunnel Open a tunnel connection udld UDLD protocol commands undebug Disable debugging functions (see also 'debug') verify Verify a file vlan Configure VLAN parameters vmps VMPS actions whereList active connections writeWrite running configuration to memory, network, or terminal ## 3550-EMI#sh ip ? access-lists List IP access lists accountingThe active IP accounting database aliases IP alias table arp IP ARP table cache IP fast-switching route cache cef Cisco Express Forwarding dvmrp DVMRP information eigrp IP-EIGRP show commands flow NetFlow switching igmp IGMP information interface IP interface status and configuration irdp ICMP Router Discovery Protocol local IP local options masks Masks associated with a network mcacheIP multicast fast-switching cache mpacket Display possible duplicate multicast packets mrm IP Multicast Routing Monitor information mrouteIP multicast routing table msdp Multicast Source Discovery Protool (MSDP) nat IP NAT information ospf OSPF information pim PIM information prefix-list List IP prefix lists protocols IP routing protocol process parameters and statistics redirects IP redirects rip IP RIP show commands route IP routing table rpf Display RPF information for multicast source sdr Session Directory (SDPv2) cache sockets Open IP sockets traffic IP protocol statistics vrf VPN Routing/Forwarding instance information ## 3550-EMI(config)#? Configure commands: aaa Authentication, Authorization and Accounting. access-list Add an access list entry alias Create command alias arp Set a static ARP entry banner Define a login banner bootBoot Commands bridge