Last stretch to CID on Friday [7:51344]

[Andrew Larkins]

Hi all, 

Busy cramming away here for my exam on Friday morning. Anyone have any
pointers
>From the Cisco exam outline webpage there is no mention on AppleTalk and SNA
- that bothers me a little as I really expected this
I realise that this is a badly worded exam - can't really be worse than the
CCDA exam??!!

Thanks in advance

Andrew Larkins
BCom, CCNP, CCDA
Bytes Technology Networks
A Division of the Bytes Technology Group
A Member of the Altron Group
www.btgroup.co.za
visit the press office @ www.itweb.co.za/office/bytes

Tel :  +27 11 800 9336
Fax : +27 11 800 9496
Mobile : +27 83 656 7214
Email :  [EMAIL PROTECTED]
OR  [EMAIL PROTECTED]
   

"This message may contain information which is confidential and subject to
legal privilege.  If you are not the intended recipient, you may not peruse,
use, disseminate, distribute or copy this message.  If you have received
this message in error, please notify the sender immediately by email,
facsimile or telephone and return and/or destroy the original message."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51344&t=51344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco GBIC ZX [7:51345]

[Nguyen Quyen]

Have anyone installed the Cisco GBIC ZX (WS-G5487)?
We have the 12km singlemode fiber optic link between 2 site and we use 02
Cisco 2950G-24 with 02 GBIC ZX. The end-to-end link attenuation was 7dB.
The question is: we must use the additional attenuator? If yes, what kind of
it we must choose?.

Pls help me! Thank a lot!

Quyen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51345&t=51345
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN and wildcard masking [7:51342]

[Evans, TJ]

Haven't had my coffee yet ... 

*) couldn't you just be more explicit/specific in your ACLs when specifying
interesting/matching traffic? ... IOW, don't summarize the whole range :)

(or - to go a step further, could you do the summarization but precede it
with a deny that specifies the other VPN(s) IP's?)



Thanks!
TJ


-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 12:59 AM
To: [EMAIL PROTECTED]
Subject: VPN and wildcard masking [7:51342]

Hi All.

On a spare time job I do with a charity, I have a remote client, that is
going to connect to our site via an IPSEC vpn tunnel. The problem is, that,
if you can imagine the remote site as a hub site, and my site as site-b,
that site-b is using internal networks that range from 172.16.0.0 -
172.32.0.0 which can easily be summarised as 172.16.0.0 0.15.255.255 ..The
problem is that the hub site, has connections to other parts of the world,
that use the same addressing scheme as my site, site-b. 

The question is, how do I get, if at all possible, the hub site, to filter
traffic to the appropriate subnet. A real example of this is The hub site
"needs" access to the following subnets in site-b

* 172.17.3.0
* 172.17.1.0
* 172.17.9.0
Yet, they need access to subnets described below, that are on another
completely seperate VPN

* 172.17.20.0
* 172.17.21.0

How if possible can this be done ? Would the hub site, (the hub site is
establinsh the connection) need to create a tunnel for each subnet they wish
to route ?

The equiptment in use is a Cisco 3005 VPN Accelerator and a watchguard
firewall at the hub site.

Thanks all for your input 

John 
Sydney Australia 


**

visit http://www.solution6.com
visit http://www.eccountancy.com - everything for accountants.

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.
*
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51346&t=51342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Router Error [7:51347]

[Steiven Poh-\(Jaring MailBox\)]

Dear All,

Could anyone advice below error msg, I have test the cable seem to be ok?
Thanks...

01:47:36: %LANCE-3-BADCABLE: Unit 0, Transmits stalled. Check ethernet cable
connection


Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51347&t=51347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Best T3 router [7:51349]

[Firesox]

Folks, Just a quick question.
I need to come up the below config.
site 1 - PTP T3 to ISP and 2 PTP T3s to two other sites

site 2 - PTP T3 to another ISP and 1 PTP T3 to site 1

site 3 - PTP T3 to site 1.

Trying to figure out what the best router is to use.  All I require on LAN
side is 100mb link.
Do 3600 serires routers support T3s?  if they do, what is the maximum T3s
can you have?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51349&t=51349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

test [7:51348]

[Jake]

thankyou for your patience!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51348&t=51348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multilayer Switching, CCO contradicts itself? [7:51272]

[Thorne Gene]

I think your argument makes a lot of sense. 

Turpin, Mark wrote:
> 
> I can understand your disagreement.  But I hope you will
> understand that
> its semantics at this point.  A flow by any other name is still
> a flow.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51350&t=51272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router Error [7:51347]

[Mohammed Saro]

If you have a cco account you can try
http://www.cisco.com/cgi-bin/Support/Errordecoder/error_decoder.pl?index=ios
&query=+%25ALIGN-3-TRACE%3A+-Traceback%3D+601D044C+6033D758+602F3018+000
0&counter=0&paging=5&links=reference&sa=Submit

1. %LANCE-3-BADCABLE: Unit [dec], Transmits stalled. Check ethernet cable
connection
The Ethernet cable is not connected.

Recommended Action: Check the Ethernet cable connection.

Related documents: No specific documents apply to this error message.






- Original Message -
From: "Steiven Poh-(Jaring MailBox)" 
To: 
Sent: Wednesday, August 14, 2002 2:14 PM
Subject: Router Error [7:51347]


> Dear All,
>
> Could anyone advice below error msg, I have test the cable seem to be ok?
> Thanks...
>
> 01:47:36: %LANCE-3-BADCABLE: Unit 0, Transmits stalled. Check ethernet
cable
> connection
>
>
> Rgds,
> Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51351&t=51347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Router Error [7:51347]

[Vicuna, Mark]

Cisco's answer:

'
The Ethernet cable is not connected. 

Recommended Action: Check the Ethernet cable connection. 
'

HTH,
Mark.


-Original Message-
From: Steiven Poh-(Jaring MailBox) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 14 August 2002 21:15
To: [EMAIL PROTECTED]
Subject: Router Error [7:51347]


Dear All,

Could anyone advice below error msg, I have test the cable seem to be
ok?
Thanks...

01:47:36: %LANCE-3-BADCABLE: Unit 0, Transmits stalled. Check ethernet
cable
connection


Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51352&t=51347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Security Advisory: Cisco VPN Client Multiple [7:51353]

[Evans, TJ]

In case you use the VPN Client, and missed the bulletin ... 


Thanks!
TJ


-Original Message-
From: CCO Field Notice [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, August 13, 2002 1:48 PM
To: [EMAIL PROTECTED]
Subject: Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities

This e-mail is coming to you courtesy of the Cisco.com 
Field Notice tool. Thank you for indicating through your 
interest profile that you wish to receive these alerts.

Want to change your Alert Profile or create a new one?
Please go to:
http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice

Title:   Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities
URL: 
http://www.cisco.com/warp/customer/707/vpnclient-multiple-vuln-pub.shtml 
 (available to registered users)
http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml 
 (available to non-registered users)
Posted:  August 12, 2002

Summary: Multiple vulnerabilities exist in the Cisco Virtual Private Network
(VPN)
Client software. Exploitation of these vulnerabilities prevents the Cisco 
VPN Client software program from functioning correctly.
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51353&t=51353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bgp prefix number [7:51354]

[So PaulDong]

Hi all,

What command can I use to find out how many prefixes I am advertising via
bgp?

Thanks in advance

Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51354&t=51354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX & Novell [7:51303]

[John Chang]

Here it is.

We have a Cisco PIX 525.  The Novell 4.83 user/client is behind the 
firewall.  The Novell Netware 5.1 server is outside the firewall.  What do 
I need to do to make the client be able to sign into the server?  We have 
it configured so that anyone in the inside can do any ip to the 
outside?  The Netware client is set to use IP as the preferred method.

Looking at the syslog what happens is the client connects to the directory 
agent server which directs another server to communicate with the 
client.  Is there a way of telling the client to authenticate to a specific 
server.

Thank you.



At 11:34 PM 8/13/2002 +, Priscilla Oppenheimer wrote:
>Not junk at all. :-) I think it's impressive that Novell continues to
>innovate. Comments below:
>
>Don Queen wrote:
> >
> > What version of Netware are you running on the server? If it 5
> > or 6, it's
> > native IP, so basically you're sending IP traffic out of the
> > Pix, which
> > should work. It sound as if your problem may be with the packet
> > actually
> > coming back into the Pix. Do you have any rules that may be
> > preventing the
> > server from responding back to the client? Here is the
> > information from
> > Novell's website listing the port that Novell uses
> >
> > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for
> > Pure IP
> > connectivity. The following ports are used for communication.
> >
> > TCP 524 - NCP Requests - Source port will be a high port
> > (1024-65535)
> > UDP 524 - NCP for time synchronization - Source port will be a
> > high port
> > UDP 123 - NTP for time synchronization - Source port will be
> > the same
> > UDP 427 - SLP Requests - Source port will be the same (427)
> > TCP 427 - SLP Requests - Source port will be the same (427)
> > TCP 2302 - CMD - Source port will be a high port
> > UDP 2645 - CMD - Source port will be the same (2645)
>
>I thought I would add to this the decoding of the acronyms:
>
>NCP sort of obviously NetWare Core Protocol, the classic client/server
>protocol that Novell has used for almost 20 years.
>
>SLP is for Service Location Protocol, a protocol for finding services that
>may catch on, although admittedly it is mostly Novell and Apple making a big
>deal of it. RFC 2608 defines the current version of SLP, version 2. I think
>I read somewhere that Novell uses the older version. It's defined int RFC
>2165. They use different multicast addresses which could be an issue.
>
>CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port 2645.
>I hadn't heard of it using TCP port 2302.
>
>Note that all of these ports might not be necessary for every
implementation.
>
>The original poster needs to tell us what his problem is, if anything. Maybe
>he was just getting info.
>
>Priscilla
>
> >
> > Not bad for "junk" as you call it.
> >
> > - Original Message -
> > From: "Brian Zeitz"
> > To:
> > Sent: Tuesday, August 13, 2002 2:02 PM
> > Subject: RE: Cisco PIX & Novell [7:51303]
> >
> >
> > > Usually people set up a web interfaces for this. I don't
> > really know the
> > > Novell Junk, but I would start by upgrading the client to
> > Novell 6, if
> > > you even want to attempt VPN, if that's what you are trying
> > to do.
> > >
> > > If the server is on the DMZ, you want cut though proxy
> > (probably doesn't
> > > work with Novell). If you server is on the internet, you
> > don't want to
> > > transmit your passwords over the internet in clear text so
> > you need VPN.
> > >
> > > Save yourself a lot of headaches and trouble and switch to
> > Microsoft or
> > > Unix.
> > >
> > > -Original Message-
> > > From: John Chang [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, August 13, 2002 1:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Cisco PIX & Novell [7:51303]
> > >
> > > We have a Cisco PIX 525.  The Novell 5.1 user/client is
> > behind the
> > > firewall.  The server is outside the firewall.  What do I
> > need to do
> > > make
> > > the client be able to sign into the server?  We have it
> > configured so
> > > that
> > > anyone in the inside can do any ip to the outside?  The
> > Netware client
> > > is
> > > set to use IP as the preferred method.  Thank you.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51355&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Configuring Multiple ASN for BGP [7:51340]

[Peter van Oene]

It is possible to spoof one's AS per neighbor or peer group much like one 
controls the source address using the local-as command.Running multiple 
BGP processes in a non VR enabled router is not possible, nor usually 
desirable. What are you trying to accomplish?

Here is a link that explains this command:

http://www.cisco.com/warp/public/459/39.html


At 04:47 AM 8/14/2002 +, Aamer Kaleem wrote:
>Hi,
>
>Is there a way to configure more than one ASN (BGP Processes) without using
>BGP Confedration? I mean can a router have BGP sessions peering with one
>router with its own ASN as 100, and with another router bgp peering with its
>own remote-as as 50 simultaneously.
>
>Thank you,
>
>Aamer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51356&t=51340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet Access in Buffalo NY [7:51317]

[Joseph Carreira]

I would try ROADRUNNER and see if they provide service in that area... I
know they service the Upstate NY area with Cable Modem service farther east
and north in the Syracuse and Watertown areas... They are affiliated with
Time Warner...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51357&t=51317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: Cisco PIX & Novell [7:51358]

[Chuck Church]

John,

Keep in mind that Pure IP NW uses multicasts as part of SLP to map
server names to IP addresses and build a table.  The PIX won't pass
multicasts.  I assume you're manually putting in the server IP address into
the client.  Otherwise you'll need a directory agent.  Or replace it with
MS.  Now that's funny :)

Chuck Church
CCIE #8776, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51358&t=51358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bgp prefix number [7:51354]

[Ismail M Saeed]

sh ip bgp neighbors  x.x.x.x advertised-routes



- Original Message -
From: "So PaulDong" 
To: 
Sent: Wednesday, August 14, 2002 4:05 PM
Subject: bgp prefix number [7:51354]


> Hi all,
>
> What command can I use to find out how many prefixes I am advertising via
> bgp?
>
> Thanks in advance
>
> Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51359&t=51354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco PIX & Novell [7:51303]

[Don Queen]

That was my point exactly. Novell continues to improve there products to
work with any OS...Microsoft, Apple, Unix, & Linux and PDAs. Granted they
were behind on the Internet front, but they've may great strives to catch up
and make there products Internet ready out of the box.

Donald R. Queen CCNP,CCA,MCSE,CNE5
Baker Robbins & Company
Technology Consultants
Knowledge, Solutions, Partnership


- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Tuesday, August 13, 2002 6:34 PM
Subject: Re: Cisco PIX & Novell [7:51303]


> Not junk at all. :-) I think it's impressive that Novell continues to
> innovate. Comments below:
>
> Don Queen wrote:
> >
> > What version of Netware are you running on the server? If it 5
> > or 6, it's
> > native IP, so basically you're sending IP traffic out of the
> > Pix, which
> > should work. It sound as if your problem may be with the packet
> > actually
> > coming back into the Pix. Do you have any rules that may be
> > preventing the
> > server from responding back to the client? Here is the
> > information from
> > Novell's website listing the port that Novell uses
> >
> > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for
> > Pure IP
> > connectivity. The following ports are used for communication.
> >
> > TCP 524 - NCP Requests - Source port will be a high port
> > (1024-65535)
> > UDP 524 - NCP for time synchronization - Source port will be a
> > high port
> > UDP 123 - NTP for time synchronization - Source port will be
> > the same
> > UDP 427 - SLP Requests - Source port will be the same (427)
> > TCP 427 - SLP Requests - Source port will be the same (427)
> > TCP 2302 - CMD - Source port will be a high port
> > UDP 2645 - CMD - Source port will be the same (2645)
>
> I thought I would add to this the decoding of the acronyms:
>
> NCP sort of obviously NetWare Core Protocol, the classic client/server
> protocol that Novell has used for almost 20 years.
>
> SLP is for Service Location Protocol, a protocol for finding services that
> may catch on, although admittedly it is mostly Novell and Apple making a
big
> deal of it. RFC 2608 defines the current version of SLP, version 2. I
think
> I read somewhere that Novell uses the older version. It's defined int RFC
> 2165. They use different multicast addresses which could be an issue.
>
> CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port
2645.
> I hadn't heard of it using TCP port 2302.
>
> Note that all of these ports might not be necessary for every
implementation.
>
> The original poster needs to tell us what his problem is, if anything.
Maybe
> he was just getting info.
>
> Priscilla
>
> >
> > Not bad for "junk" as you call it.
> >
> > - Original Message -
> > From: "Brian Zeitz"
> > To:
> > Sent: Tuesday, August 13, 2002 2:02 PM
> > Subject: RE: Cisco PIX & Novell [7:51303]
> >
> >
> > > Usually people set up a web interfaces for this. I don't
> > really know the
> > > Novell Junk, but I would start by upgrading the client to
> > Novell 6, if
> > > you even want to attempt VPN, if that's what you are trying
> > to do.
> > >
> > > If the server is on the DMZ, you want cut though proxy
> > (probably doesn't
> > > work with Novell). If you server is on the internet, you
> > don't want to
> > > transmit your passwords over the internet in clear text so
> > you need VPN.
> > >
> > > Save yourself a lot of headaches and trouble and switch to
> > Microsoft or
> > > Unix.
> > >
> > > -Original Message-
> > > From: John Chang [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, August 13, 2002 1:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Cisco PIX & Novell [7:51303]
> > >
> > > We have a Cisco PIX 525.  The Novell 5.1 user/client is
> > behind the
> > > firewall.  The server is outside the firewall.  What do I
> > need to do
> > > make
> > > the client be able to sign into the server?  We have it
> > configured so
> > > that
> > > anyone in the inside can do any ip to the outside?  The
> > Netware client
> > > is
> > > set to use IP as the preferred method.  Thank you.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51360&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pre-sales [7:51361]

[Shaikh Raees]

Dear Buddies,

Has anybody here, ever attended a presales training or a presales exam, I
know Cisco has a bunch of them .
But not sure of who should be acquiring that.

Just a Query.

--
Shaikh Raees Ahmed,
System & Network Engineer,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51361&t=51361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bgp prefix number [7:51354]

[MADMAN]

sh bgp nei x.x.x.x advertised-routes

  Dave

So PaulDong wrote:
> 
> Hi all,
> 
> What command can I use to find out how many prefixes I am advertising via
> bgp?
> 
> Thanks in advance
> 
> Paul
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51362&t=51354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: access-list for steaming audio [7:49817]

[Don Queen]

Exchange 2000 has IM built in. You don't need a seperate server to do this.
- Original Message -
From: "Dan Penn" 
To: 
Sent: Saturday, July 27, 2002 11:36 AM
Subject: RE: access-list for steaming audio [7:49817]


> What I really like is some corporations embracing instant messaging for
> internal use.  I think that having a private corporate IM server for the
> corporate users to connect to would be a great way to increase
> productivity.  However, on the same hand, I would fear the end-users
> being able to connect to AIM, ICQ, MSN, etc.  That would open up way to
> many holes.  I mean really...what good is going to come of user being
> able to connect to an instant messenger.  Who do they need to talk to
> outside of the corporation during working hours?
>
> Dan
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Maccubbin, Duncan
> Sent: Saturday, July 27, 2002 9:34 AM
> To: [EMAIL PROTECTED]
> Subject: RE: access-list for steaming audio [7:49817]
>
> Be careful with this kind of thinking. More and more holes in IM are
> showing up everyday. If you let IRC on your network then you are asking
> for
> trouble. As for streaming audio, have you looked at the % of bandwidth
> they
> use? If you have a fairly utilized pipe or (like most companies) are
> paying
> for bandwidth then that is a consideration.
>
> Just my $0.02.
>
> Duncan
>
> -Original Message-
> From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, July 27, 2002 10:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: access-list for steaming audio [7:49817]
>
> I haven't been keeping up with NBAR, but they may have some pdm's to
> block
> the streaming audio apps.
>
> NBAR was built for stuff like that, but I don't feel there's a need to
> block
> this type of stuff.  Same with IM.  Let the users have some use of their
> PC
> and increase productivity.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51364&t=49817
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX & Novell [7:51303]

[Brian Zeitz]

He may need to encapsulate the IPX into TCP/IP. Cisco only supports IP
on the VPN3000 concentrator. Maybe a good test question for us taking
the CSS1 exams. The VPN 5000 will support IPX.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51365&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3620 Flash question [7:51366]

[Ken Corkins]

I have a 3620 with the following flash configuration;

8192K bytes of processor board System flash (Read/Write)
8192K bytes of processor board PCMCIA Slot0 flash (Read/Write)
8192K bytes of processor board PCMCIA Slot1 flash (Read/Write)


Can I combine the two PCMCIA slots into 1 partition so that I can install a
16M IOS image?

Thanks in advance.



 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51366&t=51366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

First thing I would do... [7:51304]

[Chris Charlebois]

Is look at the traffic and figure out what it is and if it's necessary.  3
mbs is some serious bandwidth for one spoke site.  Is it database lookups on
some apps?  Perhaps it makes sense to put a database in the remote site and
synchronize.  Voice/video traffic?  make sure your QoS infrastructure is up
to date.  Is it internet traffic? Perhaps some policies would help, or
perhaps the third T1 should go from the remote site directly to an ISP.  Is
it garbage (i.e. SAP, DHCP, DNS, routing protocols, proxied arp, etc)?  Then
cut that B (as in b) S (as in s) out.

Anyone can throw more money at a problem.  As professionals, we need to
throw brains first.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51367&t=51304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX & Novell [7:51303]

[Brian Zeitz]

If you believe any of this, you can spend $1.50 and own some of the
Novell Company (stock market). About the cost of a candy bar? My
experience with Novell you need to spend a lot of effort to get anything
to work, and there support is non-existant. I have heard of even
hardcore Novell shops switch to a different OS, after trying Novell 5
with horror stories. Everything about Novell works with broadcasts that
flood the network. They are considered a step up from Apple networks
though, in the unnecessary traffic they create. Recently, I was told I
needed to make a VPN connection to another company using ADSL, the
problem is that Novell Client will not work with ADSL. It may work now
in Novell 6 client. There was a long laundry list of "work arounds", and
modifications you had to do to get it running. I really don't have this
kind of patience, so I think they dropped the idea of getting a VPN
connection into Novell. Some of the fixes were playing games with the
MTU size to get it to work. The problem with that, is the rest of my
network is using the ADSL line.

I think you will find issues with using Pix Firewall with Novell. Novell
requires so many modifications to make it work, that you will compromise
performance and security (i.e. "compatability mode), if you can get it
to work at all. With major security Vulnerabilities like "Denial of
Service" issues with the Novell VPN.

I find a lot of people like Novell (and other obsolete OS's) because
they have good memories of running the 3.xx box on a 386. Maybe back
then it was worth mentioning. Now, it is full of security holes, and
bugs that are in the Novell OS which no one bothers to fix. At this
point, they are just struggling to keep the lights on at Novell.

Novell got IPX from Xerox anyway, not so innovating at all. 




-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, August 13, 2002 7:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco PIX & Novell [7:51303]

Not junk at all. :-) I think it's impressive that Novell continues to
innovate. Comments below:

Don Queen wrote:
> 
> What version of Netware are you running on the server? If it 5
> or 6, it's
> native IP, so basically you're sending IP traffic out of the
> Pix, which
> should work. It sound as if your problem may be with the packet
> actually
> coming back into the Pix. Do you have any rules that may be
> preventing the
> server from responding back to the client? Here is the
> information from
> Novell's website listing the port that Novell uses
> 
> TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for
> Pure IP
> connectivity. The following ports are used for communication.
> 
> TCP 524 - NCP Requests - Source port will be a high port
> (1024-65535)
> UDP 524 - NCP for time synchronization - Source port will be a
> high port
> UDP 123 - NTP for time synchronization - Source port will be
> the same
> UDP 427 - SLP Requests - Source port will be the same (427)
> TCP 427 - SLP Requests - Source port will be the same (427)
> TCP 2302 - CMD - Source port will be a high port
> UDP 2645 - CMD - Source port will be the same (2645)

I thought I would add to this the decoding of the acronyms:

NCP sort of obviously NetWare Core Protocol, the classic client/server
protocol that Novell has used for almost 20 years.

SLP is for Service Location Protocol, a protocol for finding services
that
may catch on, although admittedly it is mostly Novell and Apple making a
big
deal of it. RFC 2608 defines the current version of SLP, version 2. I
think
I read somewhere that Novell uses the older version. It's defined int
RFC
2165. They use different multicast addresses which could be an issue.

CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port
2645.
I hadn't heard of it using TCP port 2302.

Note that all of these ports might not be necessary for every
implementation.

The original poster needs to tell us what his problem is, if anything.
Maybe
he was just getting info.

Priscilla

> 
> Not bad for "junk" as you call it.
> 
> - Original Message -
> From: "Brian Zeitz" 
> To: 
> Sent: Tuesday, August 13, 2002 2:02 PM
> Subject: RE: Cisco PIX & Novell [7:51303]
> 
> 
> > Usually people set up a web interfaces for this. I don't
> really know the
> > Novell Junk, but I would start by upgrading the client to
> Novell 6, if
> > you even want to attempt VPN, if that's what you are trying
> to do.
> >
> > If the server is on the DMZ, you want cut though proxy
> (probably doesn't
> > work with Novell). If you server is on the internet, you
> don't want to
> > transmit your passwords over the internet in clear text so
> you need VPN.
> >
> > Save yourself a lot of headaches and trouble and switch to
> Microsoft or
> > Unix.
> >
> > -Original Message-
> > From: John Chang [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 13, 2002 1:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Cisco PIX & Novell [7:51303]
> >
> > We have a Cisco PIX 525

Re: 3620 Flash question [7:51366]

[Brad Ellis]

Ken,

If memory serves, I dont think you can combine the PCMCIA flash (I could be
wrong, it's been a while).  I think you'll either

a) need to get a 16MB PCMCIA card
or
b) get another 8mb double-sided flash for the system board (assuming you
have a single 8mb double-sided flash in there already)

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Ken Corkins""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a 3620 with the following flash configuration;
>
> 8192K bytes of processor board System flash (Read/Write)
> 8192K bytes of processor board PCMCIA Slot0 flash (Read/Write)
> 8192K bytes of processor board PCMCIA Slot1 flash (Read/Write)
>
>
> Can I combine the two PCMCIA slots into 1 partition so that I can install
a
> 16M IOS image?
>
> Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51368&t=51366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

[Rajesh Kumar]

Hi all,

I was trying to setup this network in fig 12-9.  I got stuck in one
particular route.  I am not able to view the route 172.16.10.0/24 on the

router "peter" which is running RIP and got to see this route as
redistributed one.

The question is in which router do I need to  give  the  "area range "
command in order to see this route appear on router "peter".

I tried several options of giving in the router "john" which is ABR -as
this "area 10 range 172.16.10.0 255.255.255.0", but this summarised
route is not advertised back to the same area for the ASBR router ( mark

) to redistribute to RIP.

Any workaround to overcome this?


PS :  Sample output of "sh ip route" for router peter shows this route,
but my setup doesn't = So I am trying to get some idea of how to make
available this route.

Thanks,
Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51369&t=51369
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3620 Flash question [7:51366]

[MADMAN]

No

  Dave

Ken Corkins wrote:
> 
> I have a 3620 with the following flash configuration;
> 
> 8192K bytes of processor board System flash (Read/Write)
> 8192K bytes of processor board PCMCIA Slot0 flash (Read/Write)
> 8192K bytes of processor board PCMCIA Slot1 flash (Read/Write)
> 
> Can I combine the two PCMCIA slots into 1 partition so that I can install a
> 16M IOS image?
> 
> Thanks in advance.
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51371&t=51366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP 50x Exam objectives [7:51370]

[Karl Thrasher]

Does anyone, by any chance, still have a copy of the CCNP 50x exam
objectives? I would like to make a line-by-line comparison of those to the
CCNP 60x exam objectives.

Thanks,

Karl.
[EMAIL PROTECTED] 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51370&t=51370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

[K.T.]

Rajesh,

It sounds like you have an ASBR on your hand.  You should probably use
"summary-address 172.16.10.0 255.255.255.0" instead.  Give it a try.

K.T.
""Rajesh Kumar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I was trying to setup this network in fig 12-9.  I got stuck in one
> particular route.  I am not able to view the route 172.16.10.0/24 on the
>
> router "peter" which is running RIP and got to see this route as
> redistributed one.
>
> The question is in which router do I need to  give  the  "area range "
> command in order to see this route appear on router "peter".
>
> I tried several options of giving in the router "john" which is ABR -as
> this "area 10 range 172.16.10.0 255.255.255.0", but this summarised
> route is not advertised back to the same area for the ASBR router ( mark
>
> ) to redistribute to RIP.
>
> Any workaround to overcome this?
>
>
> PS :  Sample output of "sh ip route" for router peter shows this route,
> but my setup doesn't = So I am trying to get some idea of how to make
> available this route.
>
> Thanks,
> Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51372&t=51369
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP 50x Exam objectives [7:51370]

[Brian Zeitz]

Usually I would suggest to look in your 50x books, they usually have
outlines there. Here is a link that has 50x if you look. I think they
still use the 50x for the foundation.

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_
exams/640-509.html


-Original Message-
From: Karl Thrasher [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 12:31 PM
To: [EMAIL PROTECTED]
Subject: CCNP 50x Exam objectives [7:51370]

Does anyone, by any chance, still have a copy of the CCNP 50x exam
objectives? I would like to make a line-by-line comparison of those to
the
CCNP 60x exam objectives.

Thanks,

Karl.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51373&t=51370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP 50x Exam objectives [7:51370]

[Brian Zeitz]

If you have not figured out how to get the 506, it is here. I simply
replaced 503, with 506.

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_
exams/640-506.html

-Original Message-
From: Karl Thrasher [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 12:31 PM
To: [EMAIL PROTECTED]
Subject: CCNP 50x Exam objectives [7:51370]

Does anyone, by any chance, still have a copy of the CCNP 50x exam
objectives? I would like to make a line-by-line comparison of those to
the
CCNP 60x exam objectives.

Thanks,

Karl.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51374&t=51370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX & Novell [7:51303]

[Priscilla Oppenheimer]

Brian Zeitz wrote:
> 
> He may need to encapsulate the IPX into TCP/IP. Cisco only
> supports IP
> on the VPN3000 concentrator. Maybe a good test question for us
> taking
> the CSS1 exams. The VPN 5000 will support IPX.
> 
> 

It might be a good design question to see if the test-taker can analyze user
requirements.

He didn't say anything about having a VPN concentrator. In fact, he's not
trying to do a VPN, I don't think. He's just trying to get ordinary
client/server traffic to work through the PIX 525. Also, he's using IP, not
IPX.

On the other hand, I have to somewhat agree with some of your other message
about NetWare being overly complex and requiring too much tinkering to get
it working.

I tried to find an answer to the actual question on the Novell Web site and
the servers were excruciatingly slow to start with and there was nothing
useful on the particular question (of getting NetWare client to talk to
NetWare 5.1 server with IP as the preferred method across a PIX firewall).

The original poster said that the client talks to a Directory Agent (DA)
first. This implies that Service Location Protocol (SLP) is in use, but that
multicasts are not required for finding services. A DA minimizes the
requirement for multicasts. SLP user and service agents can find the DA via
multicast, (if they don't hear from it first), but once they do find the DA,
they can send unicasts directly to the DA. It sounds like the client is
finding the DA fine and the DA is giving the client a server to use, but
then the failure occurs.

Is there a way for him to avoid SLP and specify the actual server? Can't he
just do this with an IP address (or name assuming DNS is working?)

I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-)

Thanks

Priscilla






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51375&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

New Cisco Optical Specialist Cert [7:51377]

[dre]

Anyone taking any interest in this?  Does anyone even use any of the Cisco
optical products?
PAD
PAD
PAD
http://www.cisco.com/warp/public/10/wwtraining/whats_new/
http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/optical/
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/9E0-611.html

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51377&t=51377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

New CCIE Written [7:51378]

[Michael Penney]

Has anyone taken the new CCIE written exam (started August 7th) I was
wondering what the differences were over the previous exam.

mike


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51378&t=51378
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX & Novell [7:51303]

[Christopher Dumais]

We have done some testing through this same concentrator. If you do not have
SLP implemented on your NW5.x environment, you need to put the IP address of
your logon server in the preferred server filed of the client. Your client
need to be set up for IP/IPX or just IP for this to work. IP only works
faster. We were able to successfully logon, access files, and print through
the concentrator. Hope this helps!

Chris Dumais, CCNP, CNA
Sr. Network Administrator
NSS Customer and Desktop Services Team
Maine Medical Center
(207)871-6940
[EMAIL PROTECTED]

>>> "Priscilla Oppenheimer"  8/14/02 1:37:17 PM >>>
Brian Zeitz wrote:
> 
> He may need to encapsulate the IPX into TCP/IP. Cisco only
> supports IP
> on the VPN3000 concentrator. Maybe a good test question for us
> taking
> the CSS1 exams. The VPN 5000 will support IPX.
> 
> 

It might be a good design question to see if the test-taker can analyze user
requirements.

He didn't say anything about having a VPN concentrator. In fact, he's not
trying to do a VPN, I don't think. He's just trying to get ordinary
client/server traffic to work through the PIX 525. Also, he's using IP, not
IPX.

On the other hand, I have to somewhat agree with some of your other message
about NetWare being overly complex and requiring too much tinkering to get
it working.

I tried to find an answer to the actual question on the Novell Web site and
the servers were excruciatingly slow to start with and there was nothing
useful on the particular question (of getting NetWare client to talk to
NetWare 5.1 server with IP as the preferred method across a PIX firewall).

The original poster said that the client talks to a Directory Agent (DA)
first. This implies that Service Location Protocol (SLP) is in use, but that
multicasts are not required for finding services. A DA minimizes the
requirement for multicasts. SLP user and service agents can find the DA via
multicast, (if they don't hear from it first), but once they do find the DA,
they can send unicasts directly to the DA. It sounds like the client is
finding the DA fine and the DA is giving the client a server to use, but
then the failure occurs.

Is there a way for him to avoid SLP and specify the actual server? Can't he
just do this with an IP address (or name assuming DNS is working?)

I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-)

Thanks

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51379&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP 50x Exam objectives [7:51370]

[Dan Penn]

Easy, just replace the 60x in the url with 50x, they are still on CCO.

For example:

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_
exams/640-504.html

watch the wrp

Dan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Karl Thrasher
Sent: Wednesday, August 14, 2002 10:31 AM
To: [EMAIL PROTECTED]
Subject: CCNP 50x Exam objectives [7:51370]

Does anyone, by any chance, still have a copy of the CCNP 50x exam
objectives? I would like to make a line-by-line comparison of those to
the
CCNP 60x exam objectives.

Thanks,

Karl.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51380&t=51370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Nanog thread - Routing Protocol Security [7:51335]

[Priscilla Oppenheimer]

Jeff Doyle is allowed to ask questions too. ;-)

Serisouly, what was the gist of the responses? Are NANOG types concerned
about routing protocol security vulnerabilities? I know that that there's a
lot of academic work going on in this area. If you search on "routing
protocol security" in Google, for example, you'll come accross lots of
references to academic work, IEEE papers, a DAPRA-sponsored Internet
Infrastructure Protection project, etc.

There's also an IETF Working Group for this topic, the Routing Protocol
Security Requiremetns group or soemthing of that sort (rpsec for short). But
I couldn't find any Internet drafts from them!? (just e-mail threads that
didn't sound any more sophisticated than the wrangles we get into here! ;-)

On a philosophical note, we have to realize that the bad guys aren't going
to do the expected things, and if they do, we will have already designed
protection for them. I heard Paul Kocher (one of the creators of SSL I think
and a security luminary) say at a recent conference, somewhat sarcastically,
that the real adversaries lack the propriety to limit themselves to tidy
attacks such as brute force, factoring, and differential cryptanalysis
(the things we tend to protect against with huge keys, etc.)

Priscilla

Nigel Taylor wrote:
> 
> All,
> I was doing my usual reading of the nanog mailing list and
> came across one
> of the more recent threads - "Routing Protocol Security".
> What I found interesting was the name of the original poster,
> which noted,
> Jeff Doyle!  Now, I'm sure there are quite a number of "Jeff
> Doyle's"
> on the planet, however this name does mean a lot to those of us
> who has had
> the privilege of owning Routing TCP/IP.
> 
> Basically, I thought folks on the list would be interested in
> the question as
> it relates to the possible global affects based on current
> Internet routing
> policies, or lack thereof on "Private-to-Private",  IXP peering
> or external
> peering in general.
> 
> As a side note after reading the recently presented
> paper(nanog0202 mtg) "ISP
> Essentials Supp" by Barry Raveendran Greene and Philip Smith,
> http://www.nanog.org/mtg-0206/ppt/barry.pdf  I must say that
> BGPv4, the
> protocol has made great strides in it's operational
> enhancements.
> Possible vulnerabilities like the one noted in rfc1948, or the
> points raised
> by Tim Newsham's paper called "The Problem With Random
> Increments"
> are for the most part no longer valid/relevant possibilities.
> 
> Furthermore, with the implementation of MD5 support and the
> possibility of BGP
> over IPSec the future looks bright for the security of global
> routing. Of
> course with the growing use of mostly layer 2 peering(between
> IXP peers) and
> MPLS/VPNs the need to implement even greater security within
> BGP the protocol itself might become a NON-issue.
> 
> Thoughts anyone
> 
> Nigel
> 
> 
> >HI,
> 
> >Can any of you cite cases where an attack has been carried out
> against a
> network's routing protocol (BGP or OSPF in particular)? My
> apologies if this
> question is too >far off-topic, but if anyone knows of such
> incidents it would
> be the members of this group.
> 
>  >Jeff Doyle
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51381&t=51335
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

coursebooks IP Telephony Support Specialist exams [7:51382]

[Tom Scott]

I'm preparing for the Cisco IP Telephony Support Specialist exams in parallel
with the CCIE written, as there is an overlap of topics such as Diffserv, QoS
and multiservice. The three telephony support exams are:

* 9E0-402 Cisco IP Telephony (CIPT)
   Coursebook: Cisco IP Telephony

* 9E0-423 Cisco Voice Over Frame Relay, ATM, and IP (CVOICE)
   Coursebook: Cisco Voice over Frame Relay, ATM, and IP

* 9E0-601 Deploying QoS for Enterprise Networks (DQoS)
   Coursebook: ?

The book that looks closest to the DQoS exam is "IP Quality of Service" by
Srinivas Vegesna. I'd appreciate if someone who is studying for the DQoS
exam or
passed it (or the CIPT and CVOICE) would tell me which book they're using to
prepare.

-- TIA, TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51382&t=51382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX & Novell [7:51303]

[Brian Zeitz]

My point about the VPN concentrator was in a different email. I was
mentioning the VPN concentrator for those taking the CSVPN test for the
CSS1. Maybe I should have changed the heading, to make it politically
correct. I am sure people going for the VPN test will appreciate this if
they see it on their exam. I was trying to get this conversation back on
what we are all here for, Cisco related products.

Your point about analyzing user requirements is mute. There was not
enough detail to perform an evaluation. That would be the answer to this
question. I was just taking a shot in the dark, just like everyone else.
This would be a bad example to see if someone could analyze network
requirements. If it was a credible question, this would apply.

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 1:37 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX & Novell [7:51303]

Brian Zeitz wrote:
> 
> He may need to encapsulate the IPX into TCP/IP. Cisco only
> supports IP
> on the VPN3000 concentrator. Maybe a good test question for us
> taking
> the CSS1 exams. The VPN 5000 will support IPX.
> 
> 

It might be a good design question to see if the test-taker can analyze
user
requirements.

He didn't say anything about having a VPN concentrator. In fact, he's
not
trying to do a VPN, I don't think. He's just trying to get ordinary
client/server traffic to work through the PIX 525. Also, he's using IP,
not
IPX.

On the other hand, I have to somewhat agree with some of your other
message
about NetWare being overly complex and requiring too much tinkering to
get
it working.

I tried to find an answer to the actual question on the Novell Web site
and
the servers were excruciatingly slow to start with and there was nothing
useful on the particular question (of getting NetWare client to talk to
NetWare 5.1 server with IP as the preferred method across a PIX
firewall).

The original poster said that the client talks to a Directory Agent (DA)
first. This implies that Service Location Protocol (SLP) is in use, but
that
multicasts are not required for finding services. A DA minimizes the
requirement for multicasts. SLP user and service agents can find the DA
via
multicast, (if they don't hear from it first), but once they do find the
DA,
they can send unicasts directly to the DA. It sounds like the client is
finding the DA fine and the DA is giving the client a server to use, but
then the failure occurs.

Is there a way for him to avoid SLP and specify the actual server? Can't
he
just do this with an IP address (or name assuming DNS is working?)

I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-)

Thanks

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51383&t=51303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Concentrators & Novell [7:51384]

[Brian Zeitz]

Which concentrator are you referring to? The 3000? Cisco says the 3000
doesn't support IPX.

-Original Message-
From: Christopher Dumais [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 2:03 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX & Novell [7:51303]

We have done some testing through this same concentrator. If you do not
have
SLP implemented on your NW5.x environment, you need to put the IP
address of
your logon server in the preferred server filed of the client. Your
client
need to be set up for IP/IPX or just IP for this to work. IP only works
faster. We were able to successfully logon, access files, and print
through
the concentrator. Hope this helps!

Chris Dumais, CCNP, CNA
Sr. Network Administrator
NSS Customer and Desktop Services Team
Maine Medical Center
(207)871-6940
[EMAIL PROTECTED]

>>> "Priscilla Oppenheimer"  8/14/02 1:37:17 PM >>>
Brian Zeitz wrote:
> 
> He may need to encapsulate the IPX into TCP/IP. Cisco only
> supports IP
> on the VPN3000 concentrator. Maybe a good test question for us
> taking
> the CSS1 exams. The VPN 5000 will support IPX.
> 
> 

It might be a good design question to see if the test-taker can analyze
user
requirements.

He didn't say anything about having a VPN concentrator. In fact, he's
not
trying to do a VPN, I don't think. He's just trying to get ordinary
client/server traffic to work through the PIX 525. Also, he's using IP,
not
IPX.

On the other hand, I have to somewhat agree with some of your other
message
about NetWare being overly complex and requiring too much tinkering to
get
it working.

I tried to find an answer to the actual question on the Novell Web site
and
the servers were excruciatingly slow to start with and there was nothing
useful on the particular question (of getting NetWare client to talk to
NetWare 5.1 server with IP as the preferred method across a PIX
firewall).

The original poster said that the client talks to a Directory Agent (DA)
first. This implies that Service Location Protocol (SLP) is in use, but
that
multicasts are not required for finding services. A DA minimizes the
requirement for multicasts. SLP user and service agents can find the DA
via
multicast, (if they don't hear from it first), but once they do find the
DA,
they can send unicasts directly to the DA. It sounds like the client is
finding the DA fine and the DA is giving the client a server to use, but
then the failure occurs.

Is there a way for him to avoid SLP and specify the actual server? Can't
he
just do this with an IP address (or name assuming DNS is working?)

I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-)

Thanks

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51384&t=51384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New Cisco Optical Specialist Cert [7:51377]

[Brian Zeitz]

Yes, and No. I would be very interested in optical switching, but the
cert I am not sure of. I would be interested in taking some free beta
exams for this maybe. I have also asked Cisco press for a book on
optical networking, and content switching. I am more concerned about
learning the material then the exams. All these specialist exams, with a
2 year expiration, it's going to be hard to keep up eventually. CCNP is
every 3 years, CSS1 is every 2 years, Content Switching 2 years, Optical
2 years, Internet Specialist 2 years. I would be spending all my time at
the testing center in the future. I will find a way to prove I know what
I am talking about rather then doing the carrot and stick routine with
the certifications. And recently Cisco raised the price of the exams to
$125. They should have lowered the price on the ones you need to
recertify in 2 years. I think CCNP should be 5 years, not 3 years, not
that I can't pass the exams again easily, its just the point. I don't
think the foundation exam is free either, at least Microsoft gave me a
free voucher to upgrade my MCSE to 2K.

I want to learn optical switching, and keep on top of it. I looked at
other optical switching books, but I am not sure which ones relate to
Cisco. Can anyone recommend a good thick optical switching book that
would be available now? 

-Original Message-
From: dre [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 1:48 PM
To: [EMAIL PROTECTED]
Subject: New Cisco Optical Specialist Cert [7:51377]

Anyone taking any interest in this?  Does anyone even use any of the
Cisco
optical products?
PAD
PAD
PAD
http://www.cisco.com/warp/public/10/wwtraining/whats_new/
http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/optical/
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_
exam
s/9E0-611.html

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51386&t=51377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: First thing I would do... [7:51304]

[Chuck's Long Road]

throwing money is the obvious and easy thing to do. OTOH, lots of businesses
seem to have extra money, recession of no. Besides, what do you expect as a
solution from the telcos? ;->

A comment of two below

--
coming soon:

www.chuckslongroad.info


""Chris Charlebois""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is look at the traffic and figure out what it is and if it's necessary.  3
> mbs is some serious bandwidth for one spoke site.  Is it database lookups
on
> some apps?  Perhaps it makes sense to put a database in the remote site
and
> synchronize.  Voice/video traffic?  make sure your QoS infrastructure is
up
> to date.  Is it internet traffic? Perhaps some policies would help, or
> perhaps the third T1 should go from the remote site directly to an ISP.
Is
> it garbage (i.e. SAP, DHCP, DNS, routing protocols, proxied arp, etc)?
Then
> cut that B (as in b) S (as in s) out.

CL: In the book "Advanced IP Routing in Cisco Networks" Slattery and Burton
discuss a bandwidth analysis in the TCP/IP Overview chapter. This gets back
to the original studies regarding TCP windowing done by Van Jacobson and
reported in RFC 1323

CL: it has been a while since I have done it, but Optsys has an application
that allows one to simulate a data netowrk and do some what-if's with
bandwidth. I can recall looking at a test network with a 128K link, and the
simulation showing that traffic was chiking the link. doubling that link to
a simulated 256K ended the congestion ( according to the simulation ) Of
course, the folks running the study - a telco - were pushing the T1 solution
because "more is better"

CL: which gets me to ask - ever wonder why telcos offer Fractional T's, and
Frame and ATM CIR's in the increments they do? most of them do not offer
increments of 64K ( one channel ) they have increments of 56K, 128K, 384K,
768K and full T1, as an example. Why? One answer might be to maximize their
revenues ;->


>
> Anyone can throw more money at a problem.  As professionals, we need to
> throw brains first.

CL: using brains takes time. throwing hardware / bandwidth at the problem is
faster and easier. and for us overworked net engineers and sales engineers
may not have the luxury of doing so. ;->




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51385&t=51304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3620 Flash question [7:51366]

[Ken Corkins]

Thanks. I was afraid of that. 


Brad Ellis wrote:
> 
> Ken,
> 
> If memory serves, I dont think you can combine the PCMCIA flash
> (I could be
> wrong, it's been a while).  I think you'll either
> 
> a) need to get a 16MB PCMCIA card
> or
> b) get another 8mb double-sided flash for the system board
> (assuming you
> have a single 8mb double-sided flash in there already)
> 
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)
> Network Learning Inc
> [EMAIL PROTECTED]
> www.optsys.net (Cisco hardware)
> 
> ""Ken Corkins""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a 3620 with the following flash configuration;
> >
> > 8192K bytes of processor board System flash (Read/Write)
> > 8192K bytes of processor board PCMCIA Slot0 flash (Read/Write)
> > 8192K bytes of processor board PCMCIA Slot1 flash (Read/Write)
> >
> >
> > Can I combine the two PCMCIA slots into 1 partition so that I
> can install
> a
> > 16M IOS image?
> >
> > Thanks in advance.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51376&t=51366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2502 Memory/Flash [7:51387]

[Robert D. Cluett]

All, am I reading this right?  Does this state that there is 8MB Flash and
2MB of DRAM?  If so, what do I need to do to get it to the latest version of
IOS that Cisco uses for the tests?  Help would be more than appreciated!

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 06992214, with hardware revision 
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51387&t=51387
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New Cisco Optical Specialist Cert [7:51377]

[dre]

""Brian Zeitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I want to learn optical switching, and keep on top of it. I looked at
> other optical switching books, but I am not sure which ones relate to
> Cisco. Can anyone recommend a good thick optical switching book that
> would be available now?

http://www.mkp.com/books_catalog/catalog.asp?ISBN=1-55860-655-6
http://vig.pearsoned.com/store/product/1,3498,store-562_isbn-013028226X,00.h
tml

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51388&t=51377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2502 Memory/Flash [7:51387]

[Patrick Bass]

you need another 8mb flash stick, and a 16mb dram.  try e-bay.  you may need
to upgade your bootroms too search the archives for info.


""Robert D. Cluett""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> All, am I reading this right?  Does this state that there is 8MB Flash and
> 2MB of DRAM?  If so, what do I need to do to get it to the latest version
of
> IOS that Cisco uses for the tests?  Help would be more than appreciated!
>
> cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of
memory.
> Processor board ID 06992214, with hardware revision 
> Bridging software.
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
> 1 Token Ring/IEEE 802.5 interface(s)
> 2 Serial network interface(s)
> 32K bytes of non-volatile configuration memory.
> 8192K bytes of processor board System flash (Read ONLY)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51389&t=51387
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: coursebooks IP Telephony Support Specialist exams [7:51382]

[Davis, Scott [ISE/RAC]]

Tom,

I am doing the same thing for the same reason you are. I am currently
preparing for DQoS and I am using the IP Quality of Service book. It seems
to cover everything, but in my opinion is a bit jumbled. Vegesna covers some
topics seemingly out of order and assumes some knowledge of concepts and
acronyms (of which there are MANY) early in the book that are not covered
until much later or not all. Much of what is in the book is almost word for
word what is on CCO but this puts it all in one place.

Scott

-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 14, 2002 1:44 PM
To: [EMAIL PROTECTED]
Subject: coursebooks IP Telephony Support Specialist exams [7:51382]


I'm preparing for the Cisco IP Telephony Support Specialist exams in
parallel
with the CCIE written, as there is an overlap of topics such as Diffserv,
QoS
and multiservice. The three telephony support exams are:

* 9E0-402 Cisco IP Telephony (CIPT)
   Coursebook: Cisco IP Telephony

* 9E0-423 Cisco Voice Over Frame Relay, ATM, and IP (CVOICE)
   Coursebook: Cisco Voice over Frame Relay, ATM, and IP

* 9E0-601 Deploying QoS for Enterprise Networks (DQoS)
   Coursebook: ?

The book that looks closest to the DQoS exam is "IP Quality of Service" by
Srinivas Vegesna. I'd appreciate if someone who is studying for the DQoS
exam or
passed it (or the CIPT and CVOICE) would tell me which book they're using to
prepare.

-- TIA, TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51390&t=51382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2502 Memory/Flash [7:51387]

[Stephane LITKOWSKI]

You're nearly right ...
Your router has 8 MB of FLASH but 4 MB of DRAM (2 MB are used for main
memory and 2 MB for I/O shared memory) -> maybe a 2 MB SIMM and 2 MB of
onboard DRAM.
Please check this link for more details :
http://www.cisco.com/warp/public/63/arch_2500_5750.shtml

Hope it helps.

--
Stephane LITKOWSKI
Student in a French computer science school
EPITA Telecom & Network specialization (Paris, FRANCE)
CCNA + CCNP
EMail : [EMAIL PROTECTED]


""Robert D. Cluett""  a icrit dans le message de news:
[EMAIL PROTECTED]
> All, am I reading this right?  Does this state that there is 8MB Flash and
> 2MB of DRAM?  If so, what do I need to do to get it to the latest version
of
> IOS that Cisco uses for the tests?  Help would be more than appreciated!
>
> cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of
memory.
> Processor board ID 06992214, with hardware revision 
> Bridging software.
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
> 1 Token Ring/IEEE 802.5 interface(s)
> 2 Serial network interface(s)
> 32K bytes of non-volatile configuration memory.
> 8192K bytes of processor board System flash (Read ONLY)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51392&t=51387
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MAC ACL [7:51393]

[Leo Song]

Hi, there.

What is the lowest model of Cisco Switch that could support MAC ACL?
Thanks.

Leo Song
System Engineer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51393&t=51393
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bgp prefix number [7:51354]

[Stephane LITKOWSKI]

sh ip bgp neighbors

RR_LDCOM#sh ip bgp neighbors
BGP neighbor is 10.0.0.1,  remote AS 254, external link
(...)
For address family: IPv4 Unicast
  BGP table version 6, neighbor version 0
  Index 1, Offset 0, Mask 0x2
  0 accepted prefixes consume 0 bytes
->  Prefix advertised 0, suppressed 0, withdrawn 0
  Number of NLRIs in the update sent: max 0, min 0

or sh ip bgp neighbors x.x.x.x advertised-routes

""So PaulDong""  a icrit dans le message de news:
[EMAIL PROTECTED]
> Hi all,
>
> What command can I use to find out how many prefixes I am advertising via
> bgp?
>
> Thanks in advance
>
> Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51395&t=51354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Concentrators & Novell [7:51384]

[Christopher Dumais]

Sorry if I was not clear. The concentrator only supports IP. The client
setting of IP/IPX uses IP if IPX is not available. That is why the IP only
client works faster, it does not have to wait for any IPX timeouts.

Chris Dumais, CCNP, CNA
Sr. Network Administrator
NSS Customer and Desktop Services Team
Maine Medical Center
(207)871-6940
[EMAIL PROTECTED]

>>> "Brian Zeitz"  8/14/02 2:51:41 PM >>>
Which concentrator are you referring to? The 3000? Cisco says the 3000
doesn't support IPX.

-Original Message-
From: Christopher Dumais [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, August 14, 2002 2:03 PM
To: [EMAIL PROTECTED] 
Subject: RE: Cisco PIX & Novell [7:51303]

We have done some testing through this same concentrator. If you do not
have
SLP implemented on your NW5.x environment, you need to put the IP
address of
your logon server in the preferred server filed of the client. Your
client
need to be set up for IP/IPX or just IP for this to work. IP only works
faster. We were able to successfully logon, access files, and print
through
the concentrator. Hope this helps!

Chris Dumais, CCNP, CNA
Sr. Network Administrator
NSS Customer and Desktop Services Team
Maine Medical Center
(207)871-6940
[EMAIL PROTECTED] 

>>> "Priscilla Oppenheimer"  8/14/02 1:37:17 PM >>>
Brian Zeitz wrote:
> 
> He may need to encapsulate the IPX into TCP/IP. Cisco only
> supports IP
> on the VPN3000 concentrator. Maybe a good test question for us
> taking
> the CSS1 exams. The VPN 5000 will support IPX.
> 
> 

It might be a good design question to see if the test-taker can analyze
user
requirements.

He didn't say anything about having a VPN concentrator. In fact, he's
not
trying to do a VPN, I don't think. He's just trying to get ordinary
client/server traffic to work through the PIX 525. Also, he's using IP,
not
IPX.

On the other hand, I have to somewhat agree with some of your other
message
about NetWare being overly complex and requiring too much tinkering to
get
it working.

I tried to find an answer to the actual question on the Novell Web site
and
the servers were excruciatingly slow to start with and there was nothing
useful on the particular question (of getting NetWare client to talk to
NetWare 5.1 server with IP as the preferred method across a PIX
firewall).

The original poster said that the client talks to a Directory Agent (DA)
first. This implies that Service Location Protocol (SLP) is in use, but
that
multicasts are not required for finding services. A DA minimizes the
requirement for multicasts. SLP user and service agents can find the DA
via
multicast, (if they don't hear from it first), but once they do find the
DA,
they can send unicasts directly to the DA. It sounds like the client is
finding the DA fine and the DA is giving the client a server to use, but
then the failure occurs.

Is there a way for him to avoid SLP and specify the actual server? Can't
he
just do this with an IP address (or name assuming DNS is working?)

I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-)

Thanks

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51396&t=51384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2502 Memory/Flash [7:51387]

[Robert D. Cluett]

Cool, I am thinking I will grab some from Kg2.com, but just want to make
sure I get what I need.  So I can add (1) 8MB flash simm and (1) 16MB DRAM
Simm?  Tell me more about the boot ROMS...please

""Patrick Bass""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> you need another 8mb flash stick, and a 16mb dram.  try e-bay.  you may
need
> to upgade your bootroms too search the archives for info.
>
>
> ""Robert D. Cluett""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > All, am I reading this right?  Does this state that there is 8MB Flash
and
> > 2MB of DRAM?  If so, what do I need to do to get it to the latest
version
> of
> > IOS that Cisco uses for the tests?  Help would be more than appreciated!
> >
> > cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of
> memory.
> > Processor board ID 06992214, with hardware revision 
> > Bridging software.
> > X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
> > 1 Token Ring/IEEE 802.5 interface(s)
> > 2 Serial network interface(s)
> > 32K bytes of non-volatile configuration memory.
> > 8192K bytes of processor board System flash (Read ONLY)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51397&t=51387
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Security Labbooks recommendations [7:51394]

[Larry Melson]

Anyone have any comments on the Security lab preparation books that are
available? Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51394&t=51394
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2502 Memory/Flash [7:51387]

[Shawn Heisey]

Actually it says you've got 8MB of flash and 4MB of RAM.

The 2500 series is one of the routers that has a single pool of RAM that
gets split at boot time into Processor memory and I/O memory.  On these
platforms, you add up the two numbers to get the total RAM.

A few models (particularly the AS5xxx series and XL switches) have
separate memory chips for I/O (packet) memory.  On these, only the first
number counts towards IOS requirements.

Thanks,
Shawn

"Robert D. Cluett" wrote:
> 
> All, am I reading this right?  Does this state that there is 8MB Flash and
> 2MB of DRAM?  If so, what do I need to do to get it to the latest version
of
> IOS that Cisco uses for the tests?  Help would be more than appreciated!
> 
> cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
> Processor board ID 06992214, with hardware revision 
> Bridging software.
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
> 1 Token Ring/IEEE 802.5 interface(s)
> 2 Serial network interface(s)
> 32K bytes of non-volatile configuration memory.
> 8192K bytes of processor board System flash (Read ONLY)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51398&t=51387
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: add a 3rd T1 [7:51304]

[Doan Nguyen]

I'm not sure what your question is aiming at.  Is it to find a solution to
support a bigger bandwidth pipe? Or is it to optimize your bandwidth?  If
you're approaching max cap with 2 T1s, you might want to change out the 2621
into a 3600 series or higher and add a channelize DS3.  If you're looking to
optimize your bandwidth then perhaps turn on ip accounting and find out the
culprite that's hogging up your bandwidth and put a cork on it.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51399&t=51304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco "Franken" Pix Firewall (original author) [7:51401]

[Don Hickey]

Here ya go

Here is some more info.

Intel SE440BX-2 motherboard (check the revision, the news revs of the board
seem to work better)
2 or 3 Intel 82577 Pro100/B NIC
Cisco 16MB PIX Flash card (part number: PIX-FLASH-16MB) (or the Cisco 2 meg
Pix flash card)
3 1/2" Floppy drive
Case/power supply (I bought a 3U rackmounted case from CDW)
128MB DRAM (PC100 Dimm)
350MHZ Processor w/ 512K cache ( I am running a P3-550 CPU)

I took this info from a post on @!#$.com

There is also a website out there with more info...I am not sure of the
link

Don
- Original Message -
From: "patrick ramsey" 
To: "Andrew Benhase" ; "'Scott Morris'"
; "'Sabertech Networks'" ;
; 
Sent: Wednesday, August 14, 2002 2:30 PM
Subject: Cisco "Franken" Pix Firewall (original author)


> Guys/Gals,
> I've been swamped with emails asking on how to build a "Franken"
> Pix firewall.  All I can say is that "anyone" with a little brain can
> figure out how to build a "franken" pix firewall.  If you don't believe
> me, do a "show version" on a Pix 520 and all the informations are
> there for you to build a "franken" pix firewall with PC parts.  I am
> NOT going to help anyone on how to build a "franken" pix firewall
> because these information is already available in the public
> domain.
> I guess I don't want to get into trouble with Cisco for selling the
> Flash card.  Therefore, I am going to keep these "franken" pix
> firewalls for my personal use.  I am going to use it for my home
> firewall.  I have to say without these "franken" pix firewall, I wouldn't
> be able to get a 100k/year job as a security engineer.  I just recently
graduated
> with a Master degree from a University but no one would hire me because
> I don't have much experiences in the security areas.  Therefore, the only
that
> I can prove myself to the employers is to show them that I can build a
"franken"
> pix firewall with PC parts.  After several interviews, I was hired by a IT
security
> service firm because they figure if someone is dedicated to build a
"franken"
> pix firewall to learn, that person must do it because he/she loves it and
not
> doing it for the money.
> Anyway, I always recommend Pix firewalls as a "first line of defense" for
> customers because Pix products lines has faster processor and more
> memory than a Cisco router.  By the way, one of my "franken" pix firewalls
> is running on a PIII850MHz with 512MB of RAM.  That's equivalent to almost
> a PIX535 (PIII 1GHz and 1GB of RAM).  I don't need a box to be that
powerful
> but it can be done.
> I think this is both benefical to both myself and to Cisco because I get
more
> familiar with the Pix product lines and Cisco can sell more ot its gear.
> Again, all the information you need is in "show version".
> Patrick
>  Andrew Benhase wrote:Guys- I really love this thread, it crops up every
few weeks or so, and
> I'm sure to copy the PIX team on the really funny ones. I can say that
> most people (besides Corporate Counsel) find this thread very, very
> amusing. And many consider it quite a compliment that hard core security
> folks here on this list are that intent on using the PIX OS. Keep up the
> interest levels...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51401&t=51401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: coursebooks IP Telephony Support Specialist exams [7:51382]

[Tom Scott]

Davis, Scott [ISE/RAC] wrote:

> I am doing the same thing for the same reason you are.


Thanks for the reality check. I'm going to order the books today. They'll
give
me and my lab partner something concrete to work with for chapter 11
and 12 of the Bruno book.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51402&t=51382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE R&S Lab-books [7:51403]

[Juan Blanco]

Team,
Do you happen to know any new book for the lab which already cover the 3550
switch on full detail and not the 5000.
Thanks,

Juan Blanco

The greatest glory in living lies not in never falling,
 but in rising every time we fall ."
 -- Nelson Mandela





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51403&t=51403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: coursebooks IP Telephony Support Specialist exams [7:51382]

I have a few comments on this.

1) CIPT

At least in my case, the CIPT book wasnt enough 
for me to pass the exam (failed by less than 1%, 
but failed is failed). You may want to look into 
the Cisco Press - Call manager fundamentals book 
for supplementary study.

2) DQOS

The IP Quality of Service book is not sufficient 
for this exam. DQOS is not just about QOS, but 
also about the tools available for deploying it.  
Have a good reread of the Blueprint for the exam 
(and preferably more than a few days before the 
exam - like I did). The information you need to 
know is all available on CCO (Tutorials, overviews, 
demos of the tools), but you have to do some
searching.

In terms of covering CCIE material you may want 
to look at the MCAST+QOS exam blueprint.  This 
has significantly more core QOS material in the 
blueprint than DQOS. (in my opinion)

Regards

Peter Walker
CISSP, CSS1, CCIP, CCNP, etc

PS. I really should get around to retaking the CIPT exam.
PPS. YMMV

Tom Scott wrote:
> 
> I'm preparing for the Cisco IP Telephony Support Specialist exams in
parallel
> with the CCIE written, as there is an overlap of topics such as Diffserv,
QoS
> and multiservice. The three telephony support exams are:
> 
> * 9E0-402 Cisco IP Telephony (CIPT)
>Coursebook: Cisco IP Telephony
> 
> * 9E0-423 Cisco Voice Over Frame Relay, ATM, and IP (CVOICE)
>Coursebook: Cisco Voice over Frame Relay, ATM, and IP
> 
> * 9E0-601 Deploying QoS for Enterprise Networks (DQoS)
>Coursebook: ?
> 
> The book that looks closest to the DQoS exam is "IP Quality of Service" by
> Srinivas Vegesna. I'd appreciate if someone who is studying for the DQoS
> exam or
> passed it (or the CIPT and CVOICE) would tell me which book they're using
to
> prepare.
> 
> -- TIA, TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51404&t=51382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to get the Cisco Doc CD [7:51164]

[Jose Luis De Abreu]

I do not know if the solutions was shown on this
mailing list, but you can get access again by editing
the url set the home.htm or home.html at the end
replacing the file called expire or expiring...


--- Cisco Study  wrote:
> I got one for free, as I have CCO login. This CD
> worked only temporarily and
> now it says License expired.  I never told the 
> license is temporary while
> installing. Has any one experienced this?.
> Thanks 
> &NBS;"M.C. van den Bovenkamp" wrote:
> [EMAIL PROTECTED] wrote:
> 
> > can the cisco DOC Cd can be download or is thete a
> way to get the CD?
> 
> Yes, you can buy one (don't know what it costs,
> offhand). Or you can 
> just buy any Cisco product; it'll have a copy of it
> delivered with it.
> 
> > How frequently it gets updated.
> 
> Every month.
> 
> > I can read this if I am travelling.Is there a
> technical Documentation CD
> > also for all the Cisco products.
> 
> Not that I am aware of.
> 
> Regards,
> 
> Marco.
> Do You Yahoo!?
> HotJobs, a Yahoo! service - Search Thousands of New
> Jobs
[EMAIL PROTECTED]


__ 
Post your ad for free now! http://personals.yahoo.ca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51405&t=51164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Setting up Appletalk on router for CIT [7:51406]

[Harold Monroe]

I'm getting ready for my CIT test for CCNP. I've heard there may be some
Appletalk on the test. I'm trying to experiment with the Appletalk show &
debug commands. Since this is the first time I've even seen Appletalk I
can't seem to get it to work.

The department with the Macs doesn't know anything about their settings so
I've tried using a packet sniffer/protocol analyzer. The analyzer sees ATP
and Appletalk phase 2, but doesn't give any information about the cable
range, nor zone. I set the appletalk cable-range 0-0 (as mentioned on CCO).
CCO says you need a seed router, but unless one of the Macs is supplying
that service we don't have one.

Although the FastEthernet interface is up/up and AARP is working none of the
show appletalk commands like show appletalk zone, traffic, globals, nor
debug appletalk display any information. I do have "appletalk routing" in my
config

#sh run

appletalk routing
interface FastEthernet0/1
 ip address 192.168.1.10 255.255.255.0
 no ip directed-broadcast
 appletalk cable-range 0-0 65347.122
 appletalk discovery

#sh ap int f0/1

FastEthernet0/1 is up, line protocol is up
  AppleTalk port disabled, Acquiring port net information
  AppleTalk cable range is not known.
  AppleTalk address is 65347.122, Valid
  AppleTalk zone is not set.
  AppleTalk discovery mode is enabled
  AppleTalk address gleaning is disabled
  AppleTalk route cache is not initialized

AARP is working
#sh apple arp
4.4  1  Dynamic   0030.65c8.5cc8.  SNAP
FastEthernet0/1
5.5  1  Dynamic   0030.65d2.c17c.  SNAP
FastEthernet0/1
6.3  0  Dynamic   0030.6583.da6c.  SNAP
FastEthernet0/1
65281.1115  Dynamic   0010.83f5.32cb.  SNAP
FastEthernet0/1
65319.8227  Dynamic   00c0.7587.3cc7.  SNAP
FastEthernet0/1
65347.122-  Hardware  0030.1946.1f21.  SNAP
FastEthernet0/1
65406.1370  Dynamic   0030.65ca.ef78.  SNAP
FastEthernet0/1
65507.224  161  Dynamic   00c0.755e.c59d.  SNAP
FastEthernet0/1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51406&t=51406
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BW Limit. [7:51407]

[Jose Tomás Pinal Salvador]

Hello Group.

Currently, I have a router Cisco 7513 with 7 WAN interfaces, 2 Fast ethernet 
and 2 Giga ethernet. I can limit the BW genered by the 2 Fast Ethernet with 
a Packetshaper machine but I am not allow to control the traffic in the 2 
Giga Ethernet interface with the Packetshaper(the equipment doesn4t support 
this interface type) so I would like to make this work in the router with 
any command like traffic shaping or rate limit. Could anybody help me?

Note:I need to control all the total traffic across the giga interface.
Sorry for my bad english. It is not my native language.




_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51407&t=51407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R&S Lab-books [7:51403]

[Chuck's Long Road]

yes - there are two of them - the Configuration Guide, and the Command
Reference. They can be obtained for free from the Cisco web site.

seeing as the switches have not yet been introduced into the Lab, it is
unlikely that anyone has any clue as to what the new topology will look
like.

you may want to subscribe to Cert Zone. I have reason to believe there will
be some good information forthcoming via that avenue. ;->

Chuck


--
coming soon:

www.chuckslongroad.info



""Juan Blanco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Team,
> Do you happen to know any new book for the lab which already cover the
3550
> switch on full detail and not the 5000.
> Thanks,
>
> Juan Blanco
> 
> The greatest glory in living lies not in never falling,
>  but in rising every time we fall ."
>  -- Nelson Mandela
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51408&t=51403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco "Franken" Pix Firewall (original a [7:51391]

[patrick ramsey]

Guys/Gals,
I've been swamped with emails asking on how to build a "Franken"
Pix firewall.  All I can say is that "anyone" with a little brain can 
figure out how to build a "franken" pix firewall.  If you don't believe
me, do a "show version" on a Pix 520 and all the informations are 
there for you to build a "franken" pix firewall with PC parts.  I am 
NOT going to help anyone on how to build a "franken" pix firewall
because these information is already available in the public 
domain.  
I guess I don't want to get into trouble with Cisco for selling the 
Flash card.  Therefore, I am going to keep these "franken" pix
firewalls for my personal use.  I am going to use it for my home 
firewall.  I have to say without these "franken" pix firewall, I wouldn't
be able to get a 100k/year job as a security engineer.  I just recently
graduated
with a Master degree from a University but no one would hire me because 
I don't have much experiences in the security areas.  Therefore, the only
that
I can prove myself to the employers is to show them that I can build a
"franken"
pix firewall with PC parts.  After several interviews, I was hired by a IT
security
service firm because they figure if someone is dedicated to build a
"franken"
pix firewall to learn, that person must do it because he/she loves it and not
doing it for the money.  
Anyway, I always recommend Pix firewalls as a "first line of defense" for 
customers because Pix products lines has faster processor and more 
memory than a Cisco router.  By the way, one of my "franken" pix firewalls
is running on a PIII850MHz with 512MB of RAM.  That's equivalent to almost
a PIX535 (PIII 1GHz and 1GB of RAM).  I don't need a box to be that powerful
but it can be done.
I think this is both benefical to both myself and to Cisco because I get more
familiar with the Pix product lines and Cisco can sell more ot its gear.
Again, all the information you need is in "show version".
Patrick
 Andrew Benhase wrote:Guys- I really love this thread, it crops up every few
weeks or so, and
I'm sure to copy the PIX team on the really funny ones. I can say that
most people (besides Corporate Counsel) find this thread very, very
amusing. And many consider it quite a compliment that hard core security
folks here on this list are that intent on using the PIX OS. Keep up the
interest levels...

Does it break the license and does Cisco have domain over what you do
with our code? Clearly yes.

Is Cisco going to come pound down your door and have the local
authorities remove your Franken-PIX from your home lab. Seems very
unlikely.

While I'm not condoning illegal activities with respect to Cisco, I can
say that large scale operations will only insure tighter security
restrictions in the future to counteract this type of scenario. If
you're doing something you shouldn't be doing, keep it to yourself- and
for Gods' sake don't email a very public alias about what you're up
to...

-Andrew

Andrew Benhase .. .. Phone: 321-235-8026
Federal Operations || || Cell: 321-427-1584
Consulting SE || || Pager: 800-365-4578
12000 Research Pkwy   E-Mail:[EMAIL PROTECTED]
Orlando, FL 32826 .:||:..:||:. web: http://www.cisco.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Scott Morris
Sent: Friday, August 09, 2002 10:18 PM
To: 'Sabertech Networks'; 'patrick ramsey'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Cisco "Franken" Pix Firewall


This is why McDonald's builds in the self-destructing bacteria in case
you choose to use your burger for a paperweight. Not only will it exude
grease 'n' stuff all over your papers, but will become quite ripe in
short order. 

Cisco hasn't quite figured out how to put those protections in their
equipment yet!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Sabertech Networks
Sent: Friday, August 09, 2002 12:22 PM
To: [EMAIL PROTECTED]; 'patrick ramsey'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Cisco "Franken" Pix Firewall


Scott,
Thanks for setting me straight, I forgot about the legal concept of
"intention and design". When I buy a hamburger at McDonalds, they
intended that I eat it, it was designed for that purpose, if use it as a
paper weight, I'm according to you, committing a crime.

That part about the prison really scared me though, I guess
I'd better stop all this independent thinking and rejoin
the herd.

Party on...Richard


-Original Message-
From: Scott Morris [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 09, 2002 9:05 AM
To: 'Sabertech Networks'; 'patrick ramsey'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Cisco "Franken" Pix Firewall


And you believe it's smart to box with Cisco's lawyers why?

If you tried to sell your Franken Benz as something that "performs
exactly like a Mercedes Benz and runs the same software and commands and
everything else but the outer shell", then I'd be willing to bet
Mercedes

Re: Home Lab [7:51302]

[Brad Ellis]

Roly,

Here's the lab kit Im recommending/selling to tackle the new CCIE R&S Lab
Exam:

Three Cisco 2501 routers
Two Cisco 2503 routers (ISDN)
One Cisco 2511 router (Access Server)
One Cisco 2522 router (FR switch)
One 2620 router (voice/isl trunking)
One 2610 router (voice)
Catalyst 3550
ISDN Simulator
misc cables, xcvrs, etc

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)
Voice: 702-968-5100
FAX: 702-968-5104

""Roly A""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> All,
>
> I am new to studygroup.  I recently the CCIE written, and I am looking for
> some suggestions as to what equipment would be optimal to set up a home
lab
> (keeping in mind a restricted budget).
>
> Thanks to all,
>
> RA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51400&t=51302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BW Limit. [7:51407]

[Chuck's Long Road]

no problemo. your English is far better than any language you speak
natively, I guarantee it!

in any case, I've sanitized this one, but it is a working config at a live
customer site:

there is some good QoS documentation to be found on CCO, particualrly in the
3550 switch Configuration Guide, which will explain what all the numbers
mean. Cisco can be a bit unclear, because some of the numbers are Bytes, and
others are bits.

HTH


interface FastEthernet0/1
 description Connected to WAN
 ip address x.y.z.1 255.255.255.0
 no ip directed-broadcast
 rate-limit input access-group 101 1544000 289500 579000 conform-action
transmit exceed-action drop
 rate-limit input access-group 102 384000 72000 144000 conform-action
transmit exceed-action drop
 rate-limit input access-group 103 384000 72000 144000 conform-action
transmit exceed-action drop
 rate-limit input access-group 104 384000 72000 144000 conform-action
transmit exceed-action drop
 rate-limit output access-group 101 1544000 289500 579000 conform-action
transmit exceed-action drop
 rate-limit output access-group 102 384000 72000 144000 conform-action
transmitexceed-action drop
 rate-limit output access-group 103 128000 24000 24000 conform-action
transmit exceed-action drop
 rate-limit output access-group 104 384000 72000 144000 conform-action
transmitexceed-action drop
 speed 100
 full-duplex
 no cdp enable
!
interface Serial0/1
 description Connected to Verio
 ip address a.b.c.d w.x.y.z
 no ip directed-broadcast
 ip load-sharing per-packet
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 Serial0/1
no ip http server
!
access-list 101 permit ip host x.y.z.100 any
access-list 101 permit ip host x.y.z.150 any
access-list 101 permit ip host x.y.z.151 any
access-list 101 permit ip host x.y.z.152 any
access-list 101 permit ip host x.y.z.153 any
access-list 101 permit ip host x.y.z.154 any
access-list 101 permit ip host x.y.z.101 any
access-list 101 permit ip host x.y.z.102 any
access-list 101 permit ip host x.y.z.103 any
access-list 101 permit ip host x.y.z.104 any
access-list 101 permit ip any host x.y.z.100
access-list 101 permit ip any host x.y.z.101
access-list 101 permit ip any host x.y.z.102
access-list 101 permit ip any host x.y.z.103
access-list 101 permit ip any host x.y.z.104
access-list 101 permit ip any host x.y.z.150
access-list 101 permit ip any host x.y.z.151
access-list 101 permit ip any host x.y.z.152
access-list 101 permit ip any host x.y.z.153
access-list 101 permit ip any host x.y.z.154
access-list 102 permit ip host x.y.z.113 any
access-list 102 permit ip any host x.y.z.113
access-list 103 permit ip host x.y.z.111 any
access-list 103 permit ip any host x.y.z.111
access-list 104 permit ip host x.y.z.105 any
access-list 104 permit ip host x.y.z.106 any
access-list 104 permit ip host x.y.z.107 any
access-list 104 permit ip host x.y.z.108 any
access-list 104 permit ip host x.y.z.109 any
access-list 104 permit ip any host x.y.z.105
access-list 104 permit ip any host x.y.z.106
access-list 104 permit ip any host x.y.z.107
access-list 104 permit ip any host x.y.z.108
access-list 104 permit ip any host x.y.z.109


--
coming soon:

www.chuckslongroad.info
""Jose Tomas Pinal Salvador""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Group.
>
> Currently, I have a router Cisco 7513 with 7 WAN interfaces, 2 Fast
ethernet
> and 2 Giga ethernet. I can limit the BW genered by the 2 Fast Ethernet
with
> a Packetshaper machine but I am not allow to control the traffic in the 2
> Giga Ethernet interface with the Packetshaper(the equipment doesn4t
support
> this interface type) so I would like to make this work in the router with
> any command like traffic shaping or rate limit. Could anybody help me?
>
> Note:I need to control all the total traffic across the giga interface.
> Sorry for my bad english. It is not my native language.
>
>
>
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51410&t=51407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cabling techniques between 4006 & 2550 [7:51411]

[John Brandis]

Hi All,

Am building a new network and have some questions to answer, before I get
cabling quotes. I have placed an order for a Cat 4006 at my core, and some
20 2550 switch's at my distribution layer. Running a pretty simple network.

MY question is:

1). To run between the 3 floors in my building, what type of fibre would be
best used


2). What type of termination points of the fibre,, are required, so i can
cnonnect to the 4006 and 2550 respectively.

Thanks all for your answers last night about the VPN. I got it going after
some pre-shared key spelling mistakes, and a bug in the VPN concentrator
software was found.

John
Sydney, Australia


**

visit http://www.solution6.com
visit http://www.eccountancy.com - everything for accountants.

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51411&t=51411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cabling techniques between 4006 & 2550 [7:51411]

[Chuck's Long Road]

2950 switches?

all Cisco GBIC's ( and in fact all GBIC's in general ) are SC connectors.
there are such thing as SC-ST patch cables, in case your contractor
terminates the fiber as ST.

Multimode fiber has a distance limitation of 1800 feet or so. You can use LX
GBIC's in conjunction with mode conditioning patch cables at both ends over
multimode fiber, and extend that distance quite a bit.

Or you can go with single mode.  I am not certain, but I "think" I read
someplace that single mode fiber on short runs requires an attenuation patch
cable at both ends

The GBIC's don't care much what kind of fiber you use, but you do need to be
aware of the "gotcha's"

I don't have the Cisco link hand, but a search on "GBIC" and "distance"
should get you to a couple of good guides on CCO.

HTH

--
coming soon:

www.chuckslongroad.info
""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Am building a new network and have some questions to answer, before I get
> cabling quotes. I have placed an order for a Cat 4006 at my core, and some
> 20 2550 switch's at my distribution layer. Running a pretty simple
network.
>
> MY question is:
>
> 1). To run between the 3 floors in my building, what type of fibre would
be
> best used
>
>
> 2). What type of termination points of the fibre,, are required, so i can
> cnonnect to the 4006 and 2550 respectively.
>
> Thanks all for your answers last night about the VPN. I got it going after
> some pre-shared key spelling mistakes, and a bug in the VPN concentrator
> software was found.
>
> John
> Sydney, Australia
>
>
> **
>
> visit http://www.solution6.com
> visit http://www.eccountancy.com - everything for accountants.
>
> UK Customers - http://www.solution6.co.uk
>
> *
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51413&t=51411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: coursebooks IP Telephony Support Specialist exams [7:51382]

[Tom Scott]

Peter Walker : [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], TISCA wrote:

> The IP Quality of Service book is not sufficient 
> for this exam. DQOS is not just about QOS, but 
> also about the tools available for deploying it.  
> Have a good reread of the Blueprint for the exam 
> (and preferably more than a few days before the 
> exam - like I did). The information you need to 
> know is all available on CCO (Tutorials, overviews, 
> demos of the tools), but you have to do some
> searching.


Good advice. If you have a list of the URLs, please post. I'll also post in a
couple of days (this weekend) after I look aroudn.

Regarding the tools, I saw this list on the DQOS Blueprint:

* QoS Device Manager
* QoS Policy Manager
* Cisco Service Assurance Agent
* IPM
* SMS

Are there others you'd recommend?


One more question (probably should start a new thread but what the heck):
Have you or anyone else "turned the corner" from IP telephony to full-blown
multimedia / multiservice or even just to videoconferencing? What does it
take
to add even just one more service, specifically videoconferencing, to one's
bag
of skills after learning CIPT, CVOICE and DQOS material? And the big
question,
Are the tools and application endsystems for video going to be expensive?

-- TIA, TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51414&t=51382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BW Limit. [7:51407]

[Chuck's Long Road]

for that matter, your English is better than mine. I can't tell the
difference between "you" and "I" below.

I meant to say your English is far better than any second language "I"
speak.

sorry - did not mean to denigrate.

Chuck

--
coming soon:

www.chuckslongroad.info
""Chuck's Long Road""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> no problemo. your English is far better than any language you speak
> natively, I guarantee it!
>
> in any case, I've sanitized this one, but it is a working config at a live
> customer site:
>
> there is some good QoS documentation to be found on CCO, particualrly in
the
> 3550 switch Configuration Guide, which will explain what all the numbers
> mean. Cisco can be a bit unclear, because some of the numbers are Bytes,
and
> others are bits.
>
> HTH
>
>
> interface FastEthernet0/1
>  description Connected to WAN
>  ip address x.y.z.1 255.255.255.0
>  no ip directed-broadcast
>  rate-limit input access-group 101 1544000 289500 579000 conform-action
> transmit exceed-action drop
>  rate-limit input access-group 102 384000 72000 144000 conform-action
> transmit exceed-action drop
>  rate-limit input access-group 103 384000 72000 144000 conform-action
> transmit exceed-action drop
>  rate-limit input access-group 104 384000 72000 144000 conform-action
> transmit exceed-action drop
>  rate-limit output access-group 101 1544000 289500 579000 conform-action
> transmit exceed-action drop
>  rate-limit output access-group 102 384000 72000 144000 conform-action
> transmitexceed-action drop
>  rate-limit output access-group 103 128000 24000 24000 conform-action
> transmit exceed-action drop
>  rate-limit output access-group 104 384000 72000 144000 conform-action
> transmitexceed-action drop
>  speed 100
>  full-duplex
>  no cdp enable
> !
> interface Serial0/1
>  description Connected to Verio
>  ip address a.b.c.d w.x.y.z
>  no ip directed-broadcast
>  ip load-sharing per-packet
>  no fair-queue
>  service-module t1 timeslots 1-24
>  no cdp enable
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0/0
> ip route 0.0.0.0 0.0.0.0 Serial0/1
> no ip http server
> !
> access-list 101 permit ip host x.y.z.100 any
> access-list 101 permit ip host x.y.z.150 any
> access-list 101 permit ip host x.y.z.151 any
> access-list 101 permit ip host x.y.z.152 any
> access-list 101 permit ip host x.y.z.153 any
> access-list 101 permit ip host x.y.z.154 any
> access-list 101 permit ip host x.y.z.101 any
> access-list 101 permit ip host x.y.z.102 any
> access-list 101 permit ip host x.y.z.103 any
> access-list 101 permit ip host x.y.z.104 any
> access-list 101 permit ip any host x.y.z.100
> access-list 101 permit ip any host x.y.z.101
> access-list 101 permit ip any host x.y.z.102
> access-list 101 permit ip any host x.y.z.103
> access-list 101 permit ip any host x.y.z.104
> access-list 101 permit ip any host x.y.z.150
> access-list 101 permit ip any host x.y.z.151
> access-list 101 permit ip any host x.y.z.152
> access-list 101 permit ip any host x.y.z.153
> access-list 101 permit ip any host x.y.z.154
> access-list 102 permit ip host x.y.z.113 any
> access-list 102 permit ip any host x.y.z.113
> access-list 103 permit ip host x.y.z.111 any
> access-list 103 permit ip any host x.y.z.111
> access-list 104 permit ip host x.y.z.105 any
> access-list 104 permit ip host x.y.z.106 any
> access-list 104 permit ip host x.y.z.107 any
> access-list 104 permit ip host x.y.z.108 any
> access-list 104 permit ip host x.y.z.109 any
> access-list 104 permit ip any host x.y.z.105
> access-list 104 permit ip any host x.y.z.106
> access-list 104 permit ip any host x.y.z.107
> access-list 104 permit ip any host x.y.z.108
> access-list 104 permit ip any host x.y.z.109
>
>
> --
> coming soon:
>
> www.chuckslongroad.info
> ""Jose Tomas Pinal Salvador""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello Group.
> >
> > Currently, I have a router Cisco 7513 with 7 WAN interfaces, 2 Fast
> ethernet
> > and 2 Giga ethernet. I can limit the BW genered by the 2 Fast Ethernet
> with
> > a Packetshaper machine but I am not allow to control the traffic in the
2
> > Giga Ethernet interface with the Packetshaper(the equipment doesn4t
> support
> > this interface type) so I would like to make this work in the router
with
> > any command like traffic shaping or rate limit. Could anybody help me?
> >
> > Note:I need to control all the total traffic across the giga interface.
> > Sorry for my bad english. It is not my native language.
> >
> >
> >
> >
> > _
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51415&t=51407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco "Franken" Pix Firewall [7:51412]

[Chuck's Long Road]

First of all, congratulations on your parlaying your experiment into a
paying job. That's great!!

Second of all naw I think I'll skip the "second of all" . I doubt
that anyone wants to go down that "mine is better than yours" road again.

Hope your story serves as an inspiration to job seekers and career changers
everywhere.



""patrick ramsey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Guys/Gals,
> I've been swamped with emails asking on how to build a "Franken"
> Pix firewall.  All I can say is that "anyone" with a little brain can
> figure out how to build a "franken" pix firewall.  If you don't believe
> me, do a "show version" on a Pix 520 and all the informations are
> there for you to build a "franken" pix firewall with PC parts.  I am
> NOT going to help anyone on how to build a "franken" pix firewall
> because these information is already available in the public
> domain.
> I guess I don't want to get into trouble with Cisco for selling the
> Flash card.  Therefore, I am going to keep these "franken" pix
> firewalls for my personal use.  I am going to use it for my home
> firewall.  I have to say without these "franken" pix firewall, I wouldn't
> be able to get a 100k/year job as a security engineer.  I just recently
> graduated
> with a Master degree from a University but no one would hire me because
> I don't have much experiences in the security areas.  Therefore, the only
> that
> I can prove myself to the employers is to show them that I can build a
> "franken"
> pix firewall with PC parts.  After several interviews, I was hired by a IT
> security
> service firm because they figure if someone is dedicated to build a
> "franken"
> pix firewall to learn, that person must do it because he/she loves it and
not
> doing it for the money.
> Anyway, I always recommend Pix firewalls as a "first line of defense" for
> customers because Pix products lines has faster processor and more
> memory than a Cisco router.  By the way, one of my "franken" pix firewalls
> is running on a PIII850MHz with 512MB of RAM.  That's equivalent to almost
> a PIX535 (PIII 1GHz and 1GB of RAM).  I don't need a box to be that
powerful
> but it can be done.
> I think this is both benefical to both myself and to Cisco because I get
more
> familiar with the Pix product lines and Cisco can sell more ot its gear.
> Again, all the information you need is in "show version".
> Patrick
>  Andrew Benhase wrote:Guys- I really love this thread, it crops up every
few
> weeks or so, and
> I'm sure to copy the PIX team on the really funny ones. I can say that
> most people (besides Corporate Counsel) find this thread very, very
> amusing. And many consider it quite a compliment that hard core security
> folks here on this list are that intent on using the PIX OS. Keep up the
> interest levels...
>
> Does it break the license and does Cisco have domain over what you do
> with our code? Clearly yes.
>
> Is Cisco going to come pound down your door and have the local
> authorities remove your Franken-PIX from your home lab. Seems very
> unlikely.
>
> While I'm not condoning illegal activities with respect to Cisco, I can
> say that large scale operations will only insure tighter security
> restrictions in the future to counteract this type of scenario. If
> you're doing something you shouldn't be doing, keep it to yourself- and
> for Gods' sake don't email a very public alias about what you're up
> to...
>
> -Andrew
>
> Andrew Benhase .. .. Phone: 321-235-8026
> Federal Operations || || Cell: 321-427-1584
> Consulting SE || || Pager: 800-365-4578
> 12000 Research Pkwy   E-Mail:[EMAIL PROTECTED]
> Orlando, FL 32826 .:||:..:||:. web: http://www.cisco.com
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Scott Morris
> Sent: Friday, August 09, 2002 10:18 PM
> To: 'Sabertech Networks'; 'patrick ramsey'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: Cisco "Franken" Pix Firewall
>
>
> This is why McDonald's builds in the self-destructing bacteria in case
> you choose to use your burger for a paperweight. Not only will it exude
> grease 'n' stuff all over your papers, but will become quite ripe in
> short order.
>
> Cisco hasn't quite figured out how to put those protections in their
> equipment yet!
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Sabertech Networks
> Sent: Friday, August 09, 2002 12:22 PM
> To: [EMAIL PROTECTED]; 'patrick ramsey'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: Cisco "Franken" Pix Firewall
>
>
> Scott,
> Thanks for setting me straight, I forgot about the legal concept of
> "intention and design". When I buy a hamburger at McDonalds, they
> intended that I eat it, it was designed for that purpose, if use it as a
> paper weight, I'm according to you, committing a crime.
>
> That part about the prison really scared me though, I guess
> I'd better sto

Re: Cisco PIX & Novell [7:51303]

[Don Queen]

I understand your point. As  I stated they were behind on Internet
connectivity. I wouldn't recommend trying to run IPX over any WAN link,
ADSL, Frame-relay,etc. However the problem that I see is that clients will
not upgrade their NetWare servers to the latest version and use IP instead
of IPX. As I stated before, if the servers are running IP, than the Pix
should not have a problem with allowing connections through it to the
server.

As for your VPN issues, have you attempted to access a NT 4.0 server with
Microsoft's VPN client running on Windows 95 or 98? It's very difficult to
do. However making a VPN connection with  a W2K server with W2K pro or XP is
a whole lot easier.

If the server you were attempting to connect to was not running IP and using
BorderManager, than yes it's nearly impossible to make this work do due to
the Novell client problems with PPPoE.

I'm certified in both Microsoft and Novell, so I try to be as unbiased as
possible since both platforms have their advantages and disadvantages.


Donald R. Queen CCNP,CCA,CNE5, MCSE
Baker Robbins & Company
Technology Consultants
Knowledge, Solutions, Partnership

- Original Message -
From: "Brian Zeitz" 
To: 
Sent: Wednesday, August 14, 2002 10:56 AM
Subject: RE: Cisco PIX & Novell [7:51303]


> If you believe any of this, you can spend $1.50 and own some of the
> Novell Company (stock market). About the cost of a candy bar? My
> experience with Novell you need to spend a lot of effort to get anything
> to work, and there support is non-existant. I have heard of even
> hardcore Novell shops switch to a different OS, after trying Novell 5
> with horror stories. Everything about Novell works with broadcasts that
> flood the network. They are considered a step up from Apple networks
> though, in the unnecessary traffic they create. Recently, I was told I
> needed to make a VPN connection to another company using ADSL, the
> problem is that Novell Client will not work with ADSL. It may work now
> in Novell 6 client. There was a long laundry list of "work arounds", and
> modifications you had to do to get it running. I really don't have this
> kind of patience, so I think they dropped the idea of getting a VPN
> connection into Novell. Some of the fixes were playing games with the
> MTU size to get it to work. The problem with that, is the rest of my
> network is using the ADSL line.
>
> I think you will find issues with using Pix Firewall with Novell. Novell
> requires so many modifications to make it work, that you will compromise
> performance and security (i.e. "compatability mode), if you can get it
> to work at all. With major security Vulnerabilities like "Denial of
> Service" issues with the Novell VPN.
>
> I find a lot of people like Novell (and other obsolete OS's) because
> they have good memories of running the 3.xx box on a 386. Maybe back
> then it was worth mentioning. Now, it is full of security holes, and
> bugs that are in the Novell OS which no one bothers to fix. At this
> point, they are just struggling to keep the lights on at Novell.
>
> Novell got IPX from Xerox anyway, not so innovating at all.
>
>
>
>
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 13, 2002 7:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Cisco PIX & Novell [7:51303]
>
> Not junk at all. :-) I think it's impressive that Novell continues to
> innovate. Comments below:
>
> Don Queen wrote:
> >
> > What version of Netware are you running on the server? If it 5
> > or 6, it's
> > native IP, so basically you're sending IP traffic out of the
> > Pix, which
> > should work. It sound as if your problem may be with the packet
> > actually
> > coming back into the Pix. Do you have any rules that may be
> > preventing the
> > server from responding back to the client? Here is the
> > information from
> > Novell's website listing the port that Novell uses
> >
> > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for
> > Pure IP
> > connectivity. The following ports are used for communication.
> >
> > TCP 524 - NCP Requests - Source port will be a high port
> > (1024-65535)
> > UDP 524 - NCP for time synchronization - Source port will be a
> > high port
> > UDP 123 - NTP for time synchronization - Source port will be
> > the same
> > UDP 427 - SLP Requests - Source port will be the same (427)
> > TCP 427 - SLP Requests - Source port will be the same (427)
> > TCP 2302 - CMD - Source port will be a high port
> > UDP 2645 - CMD - Source port will be the same (2645)
>
> I thought I would add to this the decoding of the acronyms:
>
> NCP sort of obviously NetWare Core Protocol, the classic client/server
> protocol that Novell has used for almost 20 years.
>
> SLP is for Service Location Protocol, a protocol for finding services
> that
> may catch on, although admittedly it is mostly Novell and Apple making a
> big
> deal of it. RFC 2608 defines the current version of SLP, version 2. I
> think
> I r

Re: CCIE R&S Lab-books [7:51403]

[Thomas Larus]

I know the IPEXPERT folks are coming out with a new Workbook in about a week
that incorporates the 3550.

Tom Larus
""Juan Blanco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Team,
> Do you happen to know any new book for the lab which already cover the
3550
> switch on full detail and not the 5000.
> Thanks,
>
> Juan Blanco
> 
> The greatest glory in living lies not in never falling,
>  but in rising every time we fall ."
>  -- Nelson Mandela
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51416&t=51403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Last stretch to CID on Friday [7:51344]

[Colin Lim]

Hi,

I am taking CID next week, and so far for my preparation, I have been
studying for SNA and Appletalk as well. From my understanding, both topics
are included.
anyway, good luck for your exam, and do let me know if SNA and Appletalk are
excluded.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51417&t=51344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Security Labbooks recommendations [7:51394]

[Dain Deutschman]

Security Lab Workbook from www.hellocomputers.com. 16 Labs with remote
access to lab equipment. If you have your own lab...CCIE Lab Practice Kit
( McGraw Hill )However, I'm not a CCIE so take what I say with a grain
of salt. Dain.

""Larry Melson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Anyone have any comments on the Security lab preparation books that are
> available? Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51418&t=51394
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 2950 CRC Errors [7:51419]

[Dain Deutschman]

Hello Everyone,

I have a Cat2950 in a small office throwing up thousands of CRCs, input
errors and several runts on the port connected to the server. Clients are
getting disconnected and database on server is constantly having to be
repaired. The errors always follow the server no matter which port I move it
to. Have replaced NIC in server and a few key Wkst. Have also updated the
NIC drivers. ( Win2000 w/3C905C-TX-M Nics ). I have forced speed and duplex
settings and disabled spanning-tree. I'm suspecting dirty power...but it is
connected to a UPS ( that only has limited EMI/RFI Filtering ). I connect a
3Com unmanaged 8 port switch to the key clients and the server...no more
problems. Any ideas?!? It's driving me nuts! Thanks in advance...
--
Dain Deutschman
CNA, MCP, CCNA
Data Communications Manager
New Star Sales and Service, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51419&t=51419
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up Appletalk on router for CIT [7:51406]

[Daniel Cotts]

I'll try this from memory. The concept of a "seed router" was to eliminate
configuration mistakes. Config one router and let the others learn from it.
Sounds nice but isn't necessary. Might be useful in a backbone with scores
or routers hanging off one wire.

AppleTalk Phase 1 is long obsolete so Phase 2 is expected.
Configure a cable range. Each network number is equal to about 250 hosts. So
a range of 23-23 would be one network. 23-24 would double that ... etc.
Remember that Macs choose their node address and then advertise it to see if
anyone else is using it. If it is being used, they pick a new address. Best
to have quite a few more addresses than computers. Less time is wasted in
booting. (A Mac will attempt to reuse the last address it had.)
The router interface also picks an address unless hard coded.
appletalk cable-range 23-24 23.1 gives you about 500 nodes and sets the
interface address. It's useful to pick an addressing scheme that follows
your ip addressing scheme.

You must specify appletalk zones. If you only configure one zone the Mac's
Chooser doesn't display it. Why bother when there's only one. So I often
configure two zones. The Mac will use the first as it's default zone unless
told otherwise. Case sensitive.
appletalk zone testzone1
appletalk zone testzone2
I've never used the appletalk discovery command. Is it used to find a config
from the seed router?

HTH

> -Original Message-
> From: Harold Monroe [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 14, 2002 5:41 PM
> To: [EMAIL PROTECTED]
> Subject: Setting up Appletalk on router for CIT [7:51406]
> 
> 
> I'm getting ready for my CIT test for CCNP. I've heard there 
> may be some
> Appletalk on the test. I'm trying to experiment with the 
> Appletalk show &
> debug commands. Since this is the first time I've even seen 
> Appletalk I
> can't seem to get it to work.
> 
> The department with the Macs doesn't know anything about 
> their settings so
> I've tried using a packet sniffer/protocol analyzer. The 
> analyzer sees ATP
> and Appletalk phase 2, but doesn't give any information about 
> the cable
> range, nor zone. I set the appletalk cable-range 0-0 (as 
> mentioned on CCO).
> CCO says you need a seed router, but unless one of the Macs 
> is supplying
> that service we don't have one.
> 
> Although the FastEthernet interface is up/up and AARP is 
> working none of the
> show appletalk commands like show appletalk zone, traffic, 
> globals, nor
> debug appletalk display any information. I do have "appletalk 
> routing" in my
> config
> 
> #sh run
> 
> appletalk routing
> interface FastEthernet0/1
>  ip address 192.168.1.10 255.255.255.0
>  no ip directed-broadcast
>  appletalk cable-range 0-0 65347.122
>  appletalk discovery
> 
> #sh ap int f0/1
> 
> FastEthernet0/1 is up, line protocol is up
>   AppleTalk port disabled, Acquiring port net information
>   AppleTalk cable range is not known.
>   AppleTalk address is 65347.122, Valid
>   AppleTalk zone is not set.
>   AppleTalk discovery mode is enabled
>   AppleTalk address gleaning is disabled
>   AppleTalk route cache is not initialized
> 
> AARP is working
> #sh apple arp
> 4.4  1  Dynamic   0030.65c8.5cc8.  SNAP
> FastEthernet0/1
> 5.5  1  Dynamic   0030.65d2.c17c.  SNAP
> FastEthernet0/1
> 6.3  0  Dynamic   0030.6583.da6c.  SNAP
> FastEthernet0/1
> 65281.1115  Dynamic   0010.83f5.32cb.  SNAP
> FastEthernet0/1
> 65319.8227  Dynamic   00c0.7587.3cc7.  SNAP
> FastEthernet0/1
> 65347.122-  Hardware  0030.1946.1f21.  SNAP
> FastEthernet0/1
> 65406.1370  Dynamic   0030.65ca.ef78.  SNAP
> FastEthernet0/1
> 65507.224  161  Dynamic   00c0.755e.c59d.  SNAP
> FastEthernet0/1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51420&t=51406
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cabling techniques between 4006 & 2550 [7:51411]

[Jeffrey Reed]

John, I would recommend installing both some multimode fiber and single mode
fiber. Most cable vendors can provide a single sheathed set of cables that
includes both types of fiber. The distance for typical multimode fiber on SX
GBICS is at least 220 meters, some Cisco sources will say their optics are
better quality and will run 500M. I would stay away from mode conditioning
cables if at all possible; they are very difficult to dress up neatly which
reduces overall long term reliability. The multimode fiber GBICs are rather
inexpensive so you can save some money by using multimode only. In fact, if
you really need to save money, don't terminate the single mode because it's
very expensive to put the ends on the cable. Save the single mode for 10G in
a few years. Once you move into LX GBICs on single mode you can go something
like 5k meters away with a minimum distance of 2 meters.

Have fun!!


Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Chuck's Long Road
Sent: Wednesday, August 14, 2002 7:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Cabling techniques between 4006 & 2550 [7:51411]

2950 switches?

all Cisco GBIC's ( and in fact all GBIC's in general ) are SC connectors.
there are such thing as SC-ST patch cables, in case your contractor
terminates the fiber as ST.

Multimode fiber has a distance limitation of 1800 feet or so. You can use LX
GBIC's in conjunction with mode conditioning patch cables at both ends over
multimode fiber, and extend that distance quite a bit.

Or you can go with single mode.  I am not certain, but I "think" I read
someplace that single mode fiber on short runs requires an attenuation patch
cable at both ends

The GBIC's don't care much what kind of fiber you use, but you do need to be
aware of the "gotcha's"

I don't have the Cisco link hand, but a search on "GBIC" and "distance"
should get you to a couple of good guides on CCO.

HTH

--
coming soon:

www.chuckslongroad.info
""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Am building a new network and have some questions to answer, before I get
> cabling quotes. I have placed an order for a Cat 4006 at my core, and some
> 20 2550 switch's at my distribution layer. Running a pretty simple
network.
>
> MY question is:
>
> 1). To run between the 3 floors in my building, what type of fibre would
be
> best used
>
>
> 2). What type of termination points of the fibre,, are required, so i can
> cnonnect to the 4006 and 2550 respectively.
>
> Thanks all for your answers last night about the VPN. I got it going after
> some pre-shared key spelling mistakes, and a bug in the VPN concentrator
> software was found.
>
> John
> Sydney, Australia
>
>
> **
>
> visit http://www.solution6.com
> visit http://www.eccountancy.com - everything for accountants.
>
> UK Customers - http://www.solution6.co.uk
>
> *
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51421&t=51411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ARP Problem? [7:51422]

[Leo Song]

Hi, there

We met such a problem, while two Cisco 1720 routers and one 3Com router
are interconnected via a share HUB, in a single collision L2 as well as
L3 domain, the problem is somehow we can't PING the 3Com router from any
of Cisco 1720 routers, but the two Cisco 1720 router can PING each
other, and we check the ARP table in the two Cisco 1720 routers and they
does show up the correct APP entry for that 3Com router, and we have no
access to that 3Com router (so we can't check its ARP table), the only
thing about the 3Com router is it is correctly configured with IP
address.

And after we clear the ARP table in the Cisco 1720 router, then the PING
to 3Com router is working but, after some time the PING connectivity
between the Cisco 1720 routers and 3Com router was lost, I suspect that
is due the ARP problem, (incorrect ARP overwritten, in my mind). Would
you give me any hits on this problem without access to that 3Com
routers, and solution? I thought to place another Cisco router to
replace that share HUB would be able to solve this problem and it'll not
be cost effective. Thanks.

Best Regards.
Leo
System Engineer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51422&t=51422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ARP Problem? [7:51422]

[Jagan Krishnaraj]

Hi Leo 

Use no ip proxy-arp in the Cisco 1720 routers ethernet interfaces.

And try is that fine.

thanks & regards
jagan



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51423&t=51422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cabling techniques between 4006 & 2550 [7:51411]

[Jarvis Steven C A1C 18 CS/SCBT]

The only GBIC that doesn't care whether or not you use MM or SM is the LX/LH
GBIC. There are two other types that might benifit your situation. The SX
GBIC is cheaper and is only compatabile w/ MM. I have seen instances where
I've caught link off of SM but only from a 3 meter patch cord. The distance
limitation of SX GBIC's is relevant to what micron core you have and the
modal frequencies of the fiber. The range of 62.5 micron and 160 MHz/km
frequency is 722 ft (220 m) and 50.0 micron and 500 MHz/km freq is 1804 ft
(550 m). Also there is the ZX model which is the nicest, it uses SM and can
shoot up to 62.1 miles (100 km). Depending on the size of the building I
would recommend using the SX cards. In most cases everything across the
board is cheaper, and (although I'm unsure of your situation) there doesn't
seem to be the need for the greater distance features of the other cards.
Hope this helps.

Steve Jarvis 

-Original Message-
From: Chuck's Long Road [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 8:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Cabling techniques between 4006 & 2550 [7:51411]


2950 switches?

all Cisco GBIC's ( and in fact all GBIC's in general ) are SC connectors.
there are such thing as SC-ST patch cables, in case your contractor
terminates the fiber as ST.

Multimode fiber has a distance limitation of 1800 feet or so. You can use LX
GBIC's in conjunction with mode conditioning patch cables at both ends over
multimode fiber, and extend that distance quite a bit.

Or you can go with single mode.  I am not certain, but I "think" I read
someplace that single mode fiber on short runs requires an attenuation patch
cable at both ends

The GBIC's don't care much what kind of fiber you use, but you do need to be
aware of the "gotcha's"

I don't have the Cisco link hand, but a search on "GBIC" and "distance"
should get you to a couple of good guides on CCO.

HTH

--
coming soon:

www.chuckslongroad.info
""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Am building a new network and have some questions to answer, before I get
> cabling quotes. I have placed an order for a Cat 4006 at my core, and some
> 20 2550 switch's at my distribution layer. Running a pretty simple
network.
>
> MY question is:
>
> 1). To run between the 3 floors in my building, what type of fibre would
be
> best used
>
>
> 2). What type of termination points of the fibre,, are required, so i can
> cnonnect to the 4006 and 2550 respectively.
>
> Thanks all for your answers last night about the VPN. I got it going after
> some pre-shared key spelling mistakes, and a bug in the VPN concentrator
> software was found.
>
> John
> Sydney, Australia
>
>
> **
>
> visit http://www.solution6.com
> visit http://www.eccountancy.com - everything for accountants.
>
> UK Customers - http://www.solution6.co.uk
>
> *
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51424&t=51411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Reverse Telnet on Cisco [7:51218]

[Router Man]

>From a Unix machine you would type "Ctrl ]"  (Hold the Ctrl key down and the
right bracket).  At the prompt type "send break" or "send brk" .  If you are
using a windows program, do a search on google to find out how to send a
"break" from that application.  The break must be done within 60secs after a
reboot

""RAJESH.V.S""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> I have a scenario like this.
> one 2509 is acting as the console access server for several routers. each
of
> these router's console is connected to a tty line of 2509, and from 2509 I
> can access any routers console using reverse telnet.
> Now my problem is that I want send break command to these reverse telnet
> accessible console, so that I can break the booting of these routers and
> force them enter ROMMON.
>
> Is it possible to send break via reverse telnet ? If yes how ?
> Thanks in advance.
>
> regards
> Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51425&t=51218
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 2950 CRC Errors [7:51419]

[Dain Deutschman]

Also...I have tested the wiring(basic tester...no NEXT/FEXT or other
factors...but lengths of cable are under 50ft) and replaced patch
cables...still no luck. Dain.

""Dain Deutschman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Everyone,
>
> I have a Cat2950 in a small office throwing up thousands of CRCs, input
> errors and several runts on the port connected to the server. Clients are
> getting disconnected and database on server is constantly having to be
> repaired. The errors always follow the server no matter which port I move
it
> to. Have replaced NIC in server and a few key Wkst. Have also updated the
> NIC drivers. ( Win2000 w/3C905C-TX-M Nics ). I have forced speed and
duplex
> settings and disabled spanning-tree. I'm suspecting dirty power...but it
is
> connected to a UPS ( that only has limited EMI/RFI Filtering ). I connect
a
> 3Com unmanaged 8 port switch to the key clients and the server...no more
> problems. Any ideas?!? It's driving me nuts! Thanks in advance...
> --
> Dain Deutschman
> CNA, MCP, CCNA
> Data Communications Manager
> New Star Sales and Service, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51426&t=51419
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MTU size in DSLAMS [7:51428]

[[EMAIL PROTECTED]]

Hi,

I have a DSLAM in which I have an MTU size variable.As far as I know,
DSLAM's are atm devices which sends 53 bcells on to the network.So what is
the implication of a MTU variable in the DSLAM?

If so, what is the best size in which we can set.In the DSLAM which I have ,
the default is 1500.

Thanks,

Jay


__
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51428&t=51428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF External Summarization Problem [7:50260]

[Router Man]

Why can't you use the summary-address on the ASBRs.  Is there some
restriction?

""Jay Greenberg""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello group,
>
> I seem to have a problem with OSPF external LSA summarization.  I have
> an Ethernet segment in area 4.  There are 2 ASBRs (RAS Gear), and 1 ABR
> (the router connected to my backbone).   Suppose for now, that ASBR1 is
> injecting 192.168.0.1/32 into OSPF as an E2 LSA, and ASBR2 is injecting
> 192.168.0.128/25 into OSPF as an E2 LSA.  I would like the other areas
> to just understand that 192.168.0.0/24 is reachable via the area 4 ABR,
> however,  #area 4 range 192.168.0.0 255.255.255.0 will not work, because
> it will not summarize external routes, and I cannot use summary-address
> (or can I?) on the ABR, because it is only supposed to be used by
> ASBRs.
>
> My question is: How can I get the ABR to summarise the /24?
>
> Jay Greenberg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51429&t=50260
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up Appletalk on router for CIT [7:51406]

[Priscilla Oppenheimer]

Oh, AppleTalk, my favorite subject! ;-) See comments inline:

Harold Monroe wrote:
> 
> I'm getting ready for my CIT test for CCNP. I've heard there
> may be some
> Appletalk on the test. I'm trying to experiment with the
> Appletalk show &
> debug commands. Since this is the first time I've even seen
> Appletalk I
> can't seem to get it to work.
> 
> The department with the Macs doesn't know anything about their
> settings so
> I've tried using a packet sniffer/protocol analyzer. The
> analyzer sees ATP
> and Appletalk phase 2, but doesn't give any information about
> the cable
> range, nor zone.

The packets won't show you zone names unless you have one of the Macs pull
up the Chooser or whatever it's called on recent Mac OSs. The zones are only
relevant during "resource discovery." But the packets should definitely tell
you the network number(s). Just like an IP packet has source and destination
network-layer IP addresses, an AppleTalk packet has source and destination
DDP addresses.  For AppleTalk, look for source and destination network,
node, socket.

My first thought was that maybe you aren't seeing DDP addresses because the
Macs are using the Apple Filing Protocol application-layer protocol on top
of TCP/IP. But that doesn't use ATP. It uses a new protocol called Data
Stream Interface (DSI) which runs above TCP.

More comments below.

 I set the appletalk cable-range 0-0 (as
> mentioned on CCO).
> CCO says you need a seed router, but unless one of the Macs is
> supplying
> that service we don't have one.

Macs used to be able to act as routers by running Apple's Internet Router
software (which did AppleTalk, not IP!) But that hasn't been updated in
years. Only a device that's acting as a router can define network number(s)
and zone names and act as a seed router.

> 
> Although the FastEthernet interface is up/up and AARP is
> working none of the
> show appletalk commands like show appletalk zone, traffic,
> globals, nor
> debug appletalk display any information. I do have "appletalk
> routing" in my
> config
> 
> #sh run
> 
> appletalk routing
> interface FastEthernet0/1
>  ip address 192.168.1.10 255.255.255.0
>  no ip directed-broadcast
>  appletalk cable-range 0-0 65347.122
>  appletalk discovery

This probably won't work, as you have discovered, because there probably
isn't another router out there.

> 
> #sh ap int f0/1
> 
> FastEthernet0/1 is up, line protocol is up
>   AppleTalk port disabled, Acquiring port net information
>   AppleTalk cable range is not known.
>   AppleTalk address is 65347.122, Valid

If a device decides that its network number is in the 65,280-65,534 range,
it means the device kept a network number from the startup range because it
never got a response to its ZIPGetNetInfo packet to find a router. More
evidence that there is no router on your network.

By the way, can you do an AppleTalk ping? You have an address so
theoretically you should be able to ping the devices in your AARP table, but
it might not work since it says "AppleTalk port disabled."

>   AppleTalk zone is not set.
>   AppleTalk discovery mode is enabled
>   AppleTalk address gleaning is disabled
>   AppleTalk route cache is not initialized
> 
> AARP is working
> #sh apple arp
> 4.4  1  Dynamic   0030.65c8.5cc8.  SNAP
> FastEthernet0/1
> 5.5  1  Dynamic   0030.65d2.c17c.  SNAP
> FastEthernet0/1
> 6.3  0  Dynamic   0030.6583.da6c.  SNAP
> FastEthernet0/1
> 65281.1115  Dynamic   0010.83f5.32cb.  SNAP
> FastEthernet0/1
> 65319.8227  Dynamic   00c0.7587.3cc7.  SNAP
> FastEthernet0/1
> 65347.122-  Hardware  0030.1946.1f21.  SNAP
> FastEthernet0/1
> 65406.1370  Dynamic   0030.65ca.ef78.  SNAP
> FastEthernet0/1
> 65507.224  161  Dynamic   00c0.755e.c59d.  SNAP
> FastEthernet0/1
> 
> 

Yes, this is consistent with there being no router. All the devices have
chosen network numbers in the startup range. It's OK that their network
numbers don't match. That still works.

So, this is good news actually. You wouldn't want to configure a new router
in the situation where you don't know the network number and zone names.
Well, you could use discovery mode, I guess and then you would be OK
hopefully.

So, the bottom line (finally! ;-) is that you should assign a cable range
and zone name. Be careful, though. Although the Macintoshes shouldn't have a
problem with this change as the protocols do deal with a router coming up
after the clients, it could get ugly nontheless. Is this a mission-critical
network? Probably not or it wouldn't still be AppleTalk!?

There's much more info on this and other CIT topics in my new book,
Troubleshooting Campus Networks, by the way. ;-)

Good luck!

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51430&t=51406
--
FAQ, list archives, and subscription info: http://www.group

Re: Cisco Certification Digest V2 #2214 [7:51431]

[michael liu]

Anyone know Cisco CCIE study group in Bay area?



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51431&t=51431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Last stretch to CID on Friday [7:51344]

[Kris Keen]

SNA and Apple are not present in the exam, I did this exam about 2months ago.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51432&t=51344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ARP Problem? [7:51422]

[Priscilla Oppenheimer]

Leo Song wrote:
> 
> Hi, there
> 
> We met such a problem, while two Cisco 1720 routers and one
> 3Com router
> are interconnected via a share HUB, in a single collision L2 as
> well as
> L3 domain, the problem is somehow we can't PING the 3Com router
> from any
> of Cisco 1720 routers, 

Is the 3Com router working correctly in every other way? Maybe the 3Com
software rate-limits ping replies.

> but the two Cisco 1720 router can PING
> each
> other, and we check the ARP table in the two Cisco 1720 routers
> and they
> does show up the correct APP entry for that 3Com router, and we
> have no
> access to that 3Com router (so we can't check its ARP table),
> the only
> thing about the 3Com router is it is correctly configured with
> IP
> address.

Try an extended ping and make sure that the source address used by the Cisco
router is the one for the shared Ethernet subnet that the 3Com is also on.
Maybe the Cisco router is using a different address that the 3Com doesn't
have a route back to.

Is the Ethernet healthy? Are there lots of errors or other symptoms? Does
show interface ethernet have any other clues? Can you put an anzlyer on the
hub and check for errors as well as check the actual packets?

> 
> And after we clear the ARP table in the Cisco 1720 router, then
> the PING
> to 3Com router is working but, after some time the PING
> connectivity
> between the Cisco 1720 routers and 3Com router was lost,

That's very strange. But maybe sending the ARP restarts the rate limiting so
it works for a while and then you reach the threshold again.

> I
> suspect that
> is due the ARP problem, (incorrect ARP overwritten, in my
> mind). 

Why do suspect that? Does it not show the MAC address that you expect for
the 3Com router?

> Would
> you give me any hits on this problem without access to that 3Com
> routers, and solution? I thought to place another Cisco router
> to
> replace that share HUB would be able to solve this problem and
> it'll not
> be cost effective. Thanks.

If you replace a hub with a router, you'll have to redo your addressing. A
router connects different L3 networks whereas a hub connects a single
network usually.  Well, I guess you could do bridging with the router
instead of routing, and then you wouldn't have to change the addressing, but
that would be an expensive "fix."

Priscilla

> 
> Best Regards.
> Leo
> System Engineer.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51433&t=51422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ARP Problem? [7:51422]

[Priscilla Oppenheimer]

How could proxy ARP be relevant to his problem

Jagan Krishnaraj wrote:
> 
> Hi Leo 
> 
> Use no ip proxy-arp in the Cisco 1720 routers ethernet
> interfaces.
> 
> And try is that fine.
> 
> thanks & regards
> jagan
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51434&t=51422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Last stretch to CID on Friday [7:51344]

[[EMAIL PROTECTED]]

I'd like to start studying for the CID Exam.

I have the CID book from a friend. I have looked at the objectives on the
cisco website, and SNA and Apple are not listed there. But they are in the
CID book. The objectives also don't list anything more (to replace SNA and
Apple). So my question is that can I study using the CID with more focus on
the other chapters, and just read over SNA + Apple. 

Am I missing something ... Sorry ... Went for two operations in the last
month ... I think the anasthetic is still in me :}

Thanks
Manish



-Original Message-
From: Kris Keen [mailto:[EMAIL PROTECTED]] 
Sent: 15 August 2002 06:21 
To: [EMAIL PROTECTED]
Subject: RE: Last stretch to CID on Friday [7:51344]


SNA and Apple are not present in the exam, I did this exam about 2months
ago.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51435&t=51344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Nanog thread - Routing Protocol Security [7:51335]

[Nigel Taylor]

Priscilla,
comments inline...

- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Wednesday, August 14, 2002 2:40 PM
Subject: RE: OT: Nanog thread - Routing Protocol Security [7:51335]


> Jeff Doyle is allowed to ask questions too. ;-)

NT:  I do beileve I've seen him ask questions.. if I'm not mistaken I think
they were rehorical in nature..;-)

>
> Serisouly, what was the gist of the responses? Are NANOG types concerned
> about routing protocol security vulnerabilities? I know that that there's
a
> lot of academic work going on in this area. If you search on "routing
> protocol security" in Google, for example, you'll come accross lots of
> references to academic work, IEEE papers, a DAPRA-sponsored Internet
> Infrastructure Protection project, etc.

NT:  I believe the concern stems from a number of different issues which
relates to
the overall problem of global routing failures.  There is mention of using
IGPs and it's
services(http://www.phenoelit.de/irpas/index.html) to stage an attack on
external
protocols.  I think the biggest issue is lack of standardization on
authenticated routing
information throughout the internet.  There area number of papers that
address the lack of these mechanisms(MD5)
IR verification, secure route servers)  being used and by major
players(within the Default Free Zone).
As noted by another avid "nanog poster" Sean Donelan, there are a number of
various things
currently being used
(http://www.merit.edu/mail.archives/nanog/msg02502.html) to prevent the
likes of AS7007 from being repeated.   however, I was also unable to find
anything along the lines
of progress made by the "rpsec" WG.

>
> There's also an IETF Working Group for this topic, the Routing Protocol
> Security Requiremetns group or soemthing of that sort (rpsec for short).
But
> I couldn't find any Internet drafts from them!? (just e-mail threads that
> didn't sound any more sophisticated than the wrangles we get into here!
;-)
>
> On a philosophical note, we have to realize that the bad guys aren't going
> to do the expected things, and if they do, we will have already designed
> protection for them. I heard Paul Kocher (one of the creators of SSL I
think
> and a security luminary) say at a recent conference, somewhat
sarcastically,
> that the real adversaries lack the propriety to limit themselves to tidy
> attacks such as brute force, factoring, and differential cryptanalysis
> (the things we tend to protect against with huge keys, etc.)

NT: Yes, this does raise a good point, however I must mention that there are
flaws
in the methods used to ensure routing information being propagated globally
as having been
verified and/or authenticated.  Nonetheless, with implementations like
BGP/VPNs, PPVPNs
and the constant growth of ISPs, W B Norton's papers - "Internet Service
Providers
and Peering and The Art of Peering", suggest that with the exception of
existing "transit" peering
relationships, more and more providers will endeavor to enhance their
services and attractiveness
in an attempt to form direct peering relationships.  This minimizes the
access of predators intent
on proving their ability to hack, crack and or assimilate (Resistance is
Futile ;-)..)

Nigel


>
> Priscilla
>
> Nigel Taylor wrote:
> >
> > All,
> > I was doing my usual reading of the nanog mailing list and
> > came across one
> > of the more recent threads - "Routing Protocol Security".
> > What I found interesting was the name of the original poster,
> > which noted,
> > Jeff Doyle!  Now, I'm sure there are quite a number of "Jeff
> > Doyle's"
> > on the planet, however this name does mean a lot to those of us
> > who has had
> > the privilege of owning Routing TCP/IP.
> >
> > Basically, I thought folks on the list would be interested in
> > the question as
> > it relates to the possible global affects based on current
> > Internet routing
> > policies, or lack thereof on "Private-to-Private",  IXP peering
> > or external
> > peering in general.
> >
> > As a side note after reading the recently presented
> > paper(nanog0202 mtg) "ISP
> > Essentials Supp" by Barry Raveendran Greene and Philip Smith,
> > http://www.nanog.org/mtg-0206/ppt/barry.pdf  I must say that
> > BGPv4, the
> > protocol has made great strides in it's operational
> > enhancements.
> > Possible vulnerabilities like the one noted in rfc1948, or the
> > points raised
> > by Tim Newsham's paper called "The Problem With Random
> > Increments"
> > are for the most part no longer valid/relevant possibilities.
> >
> > Furthermore, with the implementation of MD5 support and the
> > possibility of BGP
> > over IPSec the future looks bright for the security of global
> > routing. Of
> > course with the growing use of mostly layer 2 peering(between
> > IXP peers) and
> > MPLS/VPNs the need to implement even greater security within
> > BGP the protocol itself might become a NON-issue.
> >
> > Thoughts anyone
> >
> > Nigel
> >
> >
> > >HI,
> >
> > 

RE: 2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

[cebuano]

Raj,
You can't summarize 172.16.10.0/29 into the RIP domain because Mark will
always prefer the longest match in his table. Therefore you can't do
"area 10 range" on John to summarize a network in the same Area 10. I
believe this is why Solie changed Mathew to Area 20 so this network can
be summarized into Mark's Area 10 who will then send the 172.16.10.0/24
into RIP.
You also can't do "summary-address" on Mark since this is to summarize
EXTERNAL networks coming into Area 10.
I notice your doing Solie now. Let's exchange notes as this book has
more errors than what's on the errata pages.

Elmer 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
K.T.
Sent: Wednesday, August 14, 2002 12:40 PM
To: [EMAIL PROTECTED]
Subject: Re: 2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

Rajesh,

It sounds like you have an ASBR on your hand.  You should probably use
"summary-address 172.16.10.0 255.255.255.0" instead.  Give it a try.

K.T.
""Rajesh Kumar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I was trying to setup this network in fig 12-9.  I got stuck in one
> particular route.  I am not able to view the route 172.16.10.0/24 on
the
>
> router "peter" which is running RIP and got to see this route as
> redistributed one.
>
> The question is in which router do I need to  give  the  "area range "
> command in order to see this route appear on router "peter".
>
> I tried several options of giving in the router "john" which is ABR
-as
> this "area 10 range 172.16.10.0 255.255.255.0", but this summarised
> route is not advertised back to the same area for the ASBR router (
mark
>
> ) to redistribute to RIP.
>
> Any workaround to overcome this?
>
>
> PS :  Sample output of "sh ip route" for router peter shows this
route,
> but my setup doesn't = So I am trying to get some idea of how to make
> available this route.
>
> Thanks,
> Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51438&t=51369
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

[cebuano]

Raj,
One very small but IMPORTANT detail and I'm not sure if the author(s)
just didn't pay attention to when they copy/paste things into the book.
If you check Mathew's route table on page 790, his route to the directly
connected Ethernet is 172.16.10.0/24 (not /29 as the Lab IP
configuration says!!!).
Oh well, nice for troubleshooting in Day 2...
Oops, no more Day 2...

Elmer
Call me offline.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Rajesh Kumar
Sent: Wednesday, August 14, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: 2nd try : OSPF Q in CCIE prac. studies pg 786 [7:51369]

Hi all,

I was trying to setup this network in fig 12-9.  I got stuck in one
particular route.  I am not able to view the route 172.16.10.0/24 on the

router "peter" which is running RIP and got to see this route as
redistributed one.

The question is in which router do I need to  give  the  "area range "
command in order to see this route appear on router "peter".

I tried several options of giving in the router "john" which is ABR -as
this "area 10 range 172.16.10.0 255.255.255.0", but this summarised
route is not advertised back to the same area for the ASBR router ( mark

) to redistribute to RIP.

Any workaround to overcome this?


PS :  Sample output of "sh ip route" for router peter shows this route,
but my setup doesn't = So I am trying to get some idea of how to make
available this route.

Thanks,
Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51439&t=51369
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]