CSPFA Passing Score Number of Questions [7:52514]
Hi Everyone, Can someone please tell me, what is the passing score for CSPFA and the number of questions asked in the examination. Thanks. Faisal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52514t=52514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPFA Passing Score Number of Questions [7:52515]
Hi Everyone, Can someone please tell me, what is the passing score for CSPFA and the number of questions asked in the examination. Thanks. Faisal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52515t=52515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please confirm (conf#933c2c94d133d61e52d66686c674c962) [7:52517]
Hi, You have tried to post to GroupStudy.com's Professional mailing list. Because the server does not recognize you as a confirmed poster, you will be required to authenticate that you are using a valid e-mail address and are not a spammer. By confirming this e-mail you certify that you are not sending Unsolicited Bulk Email (UBE). PLEASE DO NOT SEND YOUR ORIGINAL MESSAGE AGAIN! BY CONFIRMING THIS EMAIL YOUR ORIGINAL MESSAGE (WHICH IS NOW QUEUED IN THE SERVER) WILL BE POSTED. By confirming this e-mail you also certify the following: 1. The message does NOT break Cisco's Non-Disclosure requirements. 2. The message is NOT designed to advertise a commercial product. 3. You understand all postings become property of GroupStudy.com 4. You have searched the archives prior to posting. 5. The message is NOT inflammatory. 6. The message is NOT a test message. To confirm, simply reply to this message. No editing is necessary. Once confirmed, you will be able to post without additional confirmations. Welcome to GroupStudy.com! --ORIGINAL MESSAGE- From [EMAIL PROTECTED] Mon Sep 2 06:34:23 2002 Received: from isb.comsats.net.pk (comsats.net.pk [210.56.8.10]) by groupstudy.com (8.9.3/8.9.3) with ESMTP id GAA24805 GroupStudy Mailer; Mon, 2 Sep 2002 06:34:21 GMT Received: from faisal ([210.56.9.236]) by isb.comsats.net.pk (8.12.3/8.12.3) with SMTP id g827Yu0j015815 for ; Mon, 2 Sep 2002 12:34:56 +0500 (PKT) Message-ID: From: Faisal Iftikhar Khan To: Subject: CSPFA - Passing Score Number of Questions Date: Mon, 2 Sep 2002 12:39:45 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0012_01C2527D.D12BE660 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462. Disposition-Notification-To: Faisal Iftikhar Khan X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462. This is a multi-part message in MIME format. --=_NextPart_000_0012_01C2527D.D12BE660 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi Everyone, Can someone please tell me, what is the passing score for CSPFA and the = number of questions asked in the examination. Thanks. Faisal --=_NextPart_000_0012_01C2527D.D12BE660 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi Everyone, nbsp; Can someone please tell me, what is the = passing=20 score for CSPFA and the number of questions asked in the=20 examination. nbsp; Thanks.Faisal --=_NextPart_000_0012_01C2527D.D12BE660-- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52517t=52517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPFA - Passing Score Number of Questions [7:52516]
Hi Everyone, Can someone please tell me, what is the passing score for CSPFA and the number of questions asked in the examination. Thanks. Faisal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52516t=52516 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router IOS Upgrade bug in 12.1 images [7:52489]
I have had the same porblems here - definately IOS related. All though I have to manually erase the flash first, it works fine on the routers where the flash is stored in DRAM - haven't ried it on a 2500. This is fixed is ver 12.2 IOS. Andrew -Original Message- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: 02 September 2002 01:09 To: [EMAIL PROTECTED] Subject: Re: Router IOS Upgrade bug in 12.1 images [7:52489] painful process. I'm more concerned that a technique that I've used successfully many times on these routers suddenly stops working. This is a by the book technique that I haven't had problems with before, and is supposed to work. Given that I have better things to do ( going to the config(boot) mode and working through is pretty time consuming ) The fact that neither RSL or the manual process works correctly tells me this might have more serious ramifications So thanks for the suggestions. this one does work. But I think I'll make Cisco take some responsibility here. Folks will be back to work Tuesday and I'll get the inform I need to pursue this ticket. Chuck -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment z Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did you try booting directly to rommon and erasing the flash manually first? Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck's Long Road Sent: Sunday, September 01, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Router IOS Upgrade bug in 12.1 images [7:52489] I've done this before, and it's not like it's real tough, but. I am trying to upgrade my IOS images. Neither the Router Software Loader, not the good old copy tftp: flash: is working. RSL gives me some odd message the copy function never asks if I want to erase the current image on the flash - it just starts to copy, then stops, with a message that there is not enough rook on the destination device. sample output of my process: Router_7#copy tftp flash: NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] Address or name of remote host []? 192.168.1.49 Source filename []? c2500-js56i-l.121-5.T10.bin Destination filename [c2500-js56i-l.121-5.T10.bin]? %FR-5-DLCICHANGE: Interface Serial0 - DLCI 201 state changed to DELETED %FR-5-DLCICHANGE: Interface Serial0 - DLCI 202 state changed to DELETED %FLH: c2500-js56i-l.121-5.T10.bin from 192.168.1.49 to flash ... System flash directory: File Length Name/status 1 16294768 c2500-jos56i-l.121-11.bin [16294832 bytes used, 482384 available, 16777216 total] Accessing file 'c2500-js56i-l.121-5.T10.bin' on 192.168.1.49... Loading c2500-js56i-l.from 192.168.1.49 (via Ethernet0): ! [OK] %Error: Image size exceeds free space %FLH: Flash download failed F3: 16002988+291748+1049272 at 0x360 As you can see - no asking to erase. I suspect this is a problem with the particular image. I had no problem upgrading a different router with a different image. Unfortunately, just about all my routers have this identical image in place. Anyone seen this? got a fix? CCO searches have not been regarding. TAC won't talk to me even though I work for a major partner. Apparently my management made some procedural changes, and I can't locate anyone internally who can help me out. They apparently have lives :- thanks much -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52518t=52489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Undeliverable mail--(16047 bytes) [7:52519]
The following mail can't be sent to [EMAIL PROTECTED]: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: (16047 bytes) The attachment is the original mail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52519t=52519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hidden Commands... [7:52463]
You will find the undocumented commands here - HTH Dom Stocqueler. robert 2140 cc: Sent by: Subject: Hidden Commands... [7:52463] nobody@groupstud y.com 01/09/2002 07:42 AM Please respond to robert 2140 Hi, I remember sometime back on this forum someone was talking about the rotuer hidden commands are available somewhere on the net for download or in a book format? Can someone scratch their brain and post me? I found the autocommand access-enable option is available in the username I am for the labs next month...do you people think that I should aware of any such important hidden commands? Ref: I found one refferred in Karl Solie Pg1007. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52520t=52463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hidden Commands... [7:52463]
OK, once again with feeling! You will find the undocumented commands here - http://www.boerland.com/dotu/ HTH Dom Stocqueler. robert 2140 cc: Sent by: Subject: Hidden Commands... [7:52463] nobody@groupstud y.com 01/09/2002 07:42 AM Please respond to robert 2140 Hi, I remember sometime back on this forum someone was talking about the rotuer hidden commands are available somewhere on the net for download or in a book format? Can someone scratch their brain and post me? I found the autocommand access-enable option is available in the username I am for the labs next month...do you people think that I should aware of any such important hidden commands? Ref: I found one refferred in Karl Solie Pg1007. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52521t=52463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traffic shapping and rate-limit [7:52468]
There is a very good article on CCO entitled Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting which can be found at - http://www.cisco.com/warp/public/105/policevsshape.html HTH Dom Stocqueler Mohamed Saro cc: Sent by: Subject: traffic shapping and rate-limit [7:52468] nobody@groupstud y.com 01/09/2002 08:54 AM Please respond to Mohamed Saro what is the difference and the direction of rate-limit and traffic shapping [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52523t=52468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hidden Commands... [7:52463]
Dom, what is HTH? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52522t=52463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hidden Commands... [7:52463]
Hope This Helps! HTH Dom Stocqueler Robert Mac cc: Sent by: Subject: Re: Hidden Commands... [7:52463] nobody@groupstud y.com 02/09/2002 08:43 AM Please respond to Robert Mac Dom, what is HTH? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52524t=52463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ref: Serial interface capture [7:52513]
The following configuration should work 1- ip ftp source-interface -source address through which you will go to the ftp server. 2- ip ftp username 3- ip ftp password 4- exception core-file 5- exception protocol ftp-protocol to be used for dumping. 6- exception dump ip address of the ftp server. 7- Then create an FTP account on the ftp server you want to collect traffic on. Regards, Yasser Dear ALL, Anybody can tell how to capture the all the data traffic over specific serial interface (cisco router) to syslog server as tcpdump. Regards MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52525t=52513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ref: CISCO COMMAND CALLED Tunnel [7:52526]
Dear ALL, I was looking for help on cisco router using the ? command, i found a command called tunnel, anybody explain the using of that command by an examples. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52526t=52526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52527]
Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52527t=52527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52528]
I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52528t=52528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52530]
Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52530t=52530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Saving the configuration of Catalyst 4006 [7:52531]
Hello group, I' am saving the configuration of a Catalyst 3548 on a management station using the command : copy running to net via SNMP. The Catalyst 3548 is running : Version 12.0(5.4)WC(1) I tried to save the configuration of a Catalyst 4006 using the same command but it did not work. The CatOS version on the switch is : Version NmpSW: 6.3(1) Is it possible to send a specific command from the management station using SNMP in order to save the configuration ? If so can you please give the specific command. Any other help is welcome. Thank's in advance. Rock BASSOLE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52531t=52531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52532]
If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52532t=52532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52533]
Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52533t=52533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52534]
Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52534t=52534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
inbound vty [7:52535]
I am trying to create an access-list rule on a router, to deny telnet access from a router to anywhere except another particular routers IP address. using the following access-list 1 permit 10.10.10.1 line vty 0 4 access-class out 1 However it doesnt seem to work. I have tryed inbound filters and they seem to work fine, restricting incoming connections fromspecif addresses. Is it something I am doing incorrect. Anyone any idea's Kind regards. paul. Paul Casey O2 Ireland Core Network Eng'g Team 76 Lower Baggot Street, Dublin 2. * Mob : +353 86 8143310 E-mail: [EMAIL PROTECTED] PLEASE NOTE THAT THE ABOVE IS CONFIDENTIAL INFORMATION I See what you can do www.o2.ie This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52535t=52535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Saving the configuration of Catalyst 4006 [7:52531]
Andrew, Thank you for the information. But I do not want to write the configuration to flash. I want the save the configuration on my management station. I want to send a command using SNMP from my management station to the switch and retrieve the configuration back to the management station. Is it possible for the 4006 ? Is there a special command that I can send form the management station to the Catalyst in order to retrieve the configuration back on the management station ? Any information is welcome. Thank you. -Message d'origine- De : Andrew Larkins [mailto:[EMAIL PROTECTED]] Envoyi : lundi 2 septembre 2002 14:44 @ : BASSOLE Rock Objet : RE: Saving the configuration of Catalyst 4006 [7:52531] you need to save using the write mem command to save to flash. Cat4000 (enable) write ? memory Write to NV memory networkWrite to network terminal Write to terminal tech-support Write tech-support IP address or hostname -Original Message- From: BASSOLE Rock [mailto:[EMAIL PROTECTED]] Sent: 02 September 2002 13:49 To: [EMAIL PROTECTED] Subject: Saving the configuration of Catalyst 4006 [7:52531] Hello group, I' am saving the configuration of a Catalyst 3548 on a management station using the command : copy running to net via SNMP. The Catalyst 3548 is running : Version 12.0(5.4)WC(1) I tried to save the configuration of a Catalyst 4006 using the same command but it did not work. The CatOS version on the switch is : Version NmpSW: 6.3(1) Is it possible to send a specific command from the management station using SNMP in order to save the configuration ? If so can you please give the specific command. Any other help is welcome. Thank's in advance. Rock BASSOLE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52536t=52531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
where to go next? [7:52537]
Hello, I purchased my CCNA last year, and since that I have been doing MCSE but I only have about a year experience with router configuration etc. I am rather interested in taking the Cisco Security Specialist 1 exams as I would like to specialize more within security. Anyone has experience with this? I have noticed that some people do CCNP before going for this. Seems like I can expand the CCSP1 to CCIP as well. So then I again wonder CCNP vs CCIP, will one be more worth than the other in the job marked? Appreciate any good advice Ken... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52537t=52537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
regarding CCIP [7:52538]
HI Is any one from India, Mumbai, passed CCIP? Paper BSCI is easy or dificult? Kindly suggest me links where I can get help on the same. Thanks and regards Mukesh CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52538t=52538 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 150 site, site-to-site VPN [7:42661]
I think you're tlking about pre-shared keys, the other option is to use public and private keys with either an outside thrid party or a certificate authority yourself. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, I have a global financial company that is upgrading their core data infrastructure (bunch of 7200's and 6509's, etc), opening up 150 remote locations over the next few years, going all IP telephony with Call Mangers and now wants to encrypt ALL traffic to all sites. I know site-to -site VPN's can be achieved with key's configured in the crypto maps in IOS, but what if someone compromises the key on the IOS. I, or my client, if we even knew the key was stolen, would have to update all the routers across the network. What options do you recommend for using certificate servers to distribute keys instead? What problems have you encountered with this? Would it be easier to just have the client update the key's once a month via CiscoWorks? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52539t=42661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP verification(long)(real world)(access available) [7:52540]
Peter, Your response was dead on for what I need - comments inline. To begin with, keep in mind that bgp routers only reflect best paths. Hence, all your prepend stuff will generally not be visible on This had escaped me - I never noticed it working from a single AS perspective, even though its in Halabi - something I found in that book only after I'd been bitten by it. distant route servers which should only see the optimal paths. If you are doing primary/secondary type prepending, you'll only see the primary in most cases (except those where a looking glass happens to be far enough away from one side that the primary and secondary end up with equal length as-paths and the route server posts both). This explains why I only see a couple of prepend paths in an entire show ip bgp from a major carrier - just a few of them getting lucky and being the same length. Anyway, the short answer is that it is tough to see prepended announcements beyond looking at your rib outs. It is further tougher to see what gets prepended as cisco has this nasty habit of showing you a pre policy rib-out (via show ip bgp neigh x/x advertised-routes) This (show ip bg ne advertised-routes) is also something I had never used - I just always trusted the route servers for that sort of information. Makes things much clearer. Route server wise, route-server.ip.att.net I'm sure you've found. 701 does not maintain one and I am pretty sure sprint doesn't either. It would be really nice if they did :) Lost of ppl have told them this. I found 7018's route server, Sprint and UUNet must be pestered each time you want to know what is going on inside them, and another fellow from this list told me about this thing - its *very* handy - kind of like what ATT provides only with views to a large (100+) number of ASes. --- IMPORTANT --- telnet route-views.oregon-ix.net --- IMPORTANT --- Troubleshooting wise, I have been bitten by ATT's policy of matching distribute-lists in's (routes accepted via whatever cisco means they chose) with ip access-group ins. In some cases, they'll take the route, but not the traffic. This can be a major pain to find until you get used to their doing that (source verification for dos/ddos prevention) I found this one early on in the game. I love how accessible their tech support is, too - I have enable on one of their peers, the peer has me entered as an official maintainer, and they're still nearly useless. I must say that they don't suck as badly as XO/Concentric's support, but its close. Solution wise, I would tend to be destructive during a maint window to ensure that both control and forwarding work, and beyond that, ping your transit providers for shots of their rib-in from you, along with a shot of your routes as they see them. You likely did this already and are troubled that you read this much only to find out that you did it all already :) I am thinking a spare Cisco 1750 somewhere on net, peered with both ASes using ebgp multihop and a private AS might just be a good solution - apply same policies to it that I apply at the borders of the other networks and see what comes from it. At 12:17 AM 9/2/2002 +, Neal Rauhauser wrote: I'll start this out by saying that I'm frustrated enough with the final verification of this thing to publish the running configs of all relevant routers, provide shell access to production boxes, and to set up an open 48 meg 1750 inside AS 25943 with IBGP sessions to all routers involved. I *think* its running as intended - I'm having trouble with verification of my policies - this is my first 'carrier class' network. BGP layout is like so - I own 25943 and I have admin control of the 20333 routers: AS701AS20333AS25943AS25943AS25943AS1239 AS7018--^ AS20333 (Exanium) gets service from ATT(AS7018) and UUNet(AS701) on a 128 meg Cisco box taking full routes. The AS25943/AS1239 connecting point is also a 128 meg box taking full routes. The internal routers in AS25943 are all 64 meg 26xx, including the machine at the AS20333/AS25943 peering point. The diagram is somewhat simplified - I show one purely internal AS25943 router when there are actually two now and another two being commissioned within the next thirty days. These other boxes are actually leaf nodes from the internal AS25943 box pictured - it sits at the center of a star topology. Geographically it is somewhat complex also - the AS20333 router and its AS25943 peer are within 12' of each other, that router and the central AS25943 router are about three miles apart, and the central router and the AS25943/AS1239 peering point are about 2.5 miles apart - so no rearranging of cables for a simpler topology will be allowed as a solution :-) One of the IBGP remotes is actually multihomed with a link to the central router and a link to another undepicted 64 meg 26xx aggregation box in the same rack as the
PIM-BSR: bootstrap on non-RPF path [7:52541]
Hello, When I do debug on Multicasting I get the following message: PIM-BSR: bootstrap on non-RPF path Does anybody know what it means? regards Tarig Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52541t=52541 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: inbound vty [7:52535]
Note that standard acl defines source ip addresses, if 10.10.10.1 is the destination that you want to allow you must use extended acl: access-list 101 permit tcp any host 10.10.10.1 eq telnet line vty 0 4 access-class out 101 Regards Rafa -Mensaje original- De: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] Enviado el: lunes 2 de septiembre de 2002 15:17 Para: [EMAIL PROTECTED] Asunto: inbound vty [7:52535] I am trying to create an access-list rule on a router, to deny telnet access from a router to anywhere except another particular routers IP address. using the following access-list 1 permit 10.10.10.1 line vty 0 4 access-class out 1 However it doesnt seem to work. I have tryed inbound filters and they seem to work fine, restricting incoming connections fromspecif addresses. Is it something I am doing incorrect. Anyone any idea's Kind regards. paul. Paul Casey O2 Ireland Core Network Eng'g Team 76 Lower Baggot Street, Dublin 2. * Mob : +353 86 8143310 E-mail: [EMAIL PROTECTED] PLEASE NOTE THAT THE ABOVE IS CONFIDENTIAL INFORMATION I See what you can do www.o2.ie This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * ** Noticia legal Este mensaje electrsnico contiene informacisn de BT Ignite Espaqa S.A.U. que es privada y confidencial, siendo para el uso exclusivo de la persona (s) o entidades arriba mencionadas. Si usted no es el destinatario seqalado, le informamos que cualquier divulgacisn, copia, distribucisn o uso de los contenidos esta prohibida. Si usted ha recibido este mensaje por error, por favor borre su contenido lo antes posible. Gracias. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52542t=52535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: where to go next? [7:52537]
You might want to think about a more Generic Security background and not limit yourself to Cisco. I have my CCNP, MCSE, and MCNS certs and am am doing some Network Security courses at the local Community college and to get a broader background. With Network Security there is a so much to know and to limit yourself to Cisco can be self defeating. Just my 2 cents, Good luck Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52543t=52537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Staic Routes on 1605 Router [7:52340]
A few things to try. 1. In EXEC mode type: sh ip int brief. confirm both ethernet interfaces are Up Up. If line is down check cabling 2. type debug ip packet and do a ping from a host on one subnet to a host on the other subnet. You should get a good idea form the output where the problem is. 3. If this doesn't work paste your config here for us all to see, would be easier to troubleshoot that way. One final thought, make sure your router interfaces are set to the correct speed/duplex on your hubs, take off auto-sensing if need be HTH Lee Craig Robertson wrote: Hi guys, I am having a problem with routing on a Cisco1605 router. Ethernet0 is set to 10.1.1.17 255.255.255.0 and ethernet1 is set to 10.128.52.1 255.255.255.0 My problem is: From the 10.1.1.0 network i can ping 10.1.1.17 (ethernet0) From the 10.1.1.0 network i can ping 10.128.52.1 (ethernet1) From the 10.1.1.0 network I can NOT ping 10.258.52.101 (pc on subnet) I have enabled ip routing on the router, however, nothing has changed. Can anyone please advise of the command(s) for a static route, if indeed this is the problem. Any suggestions would be appreciated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52544t=52340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52545]
This is probably a silly question but how do the users logout/disconnect. It could be you need a idle-timeout setting to be applied to the users' group. Also what version of acs are you running? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52545t=52545 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network management [7:52546]
Can anyone please give me reference to what SNMP Manager's they use?. I'm trying to successfuly setup a Network Management Console (Using Fluke's Network Inspector and Microsoft SMS Server) So far the SMS Server has proved to be more real time and proactive. Any help would be appreciated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52546t=52546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE-Written Books? [7:52547]
I got Routing and Switching Prep kit by QUE' and CCIE-Study Guide by John Swartz Todd Lammle, What else do i need to read or what books can you guys recommend? Do i need to have routing TCP/IP by Jeff Doyle? I dunno where to focus?! PLS HELP! Many Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52547t=52547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 150 site, site-to-site VPN [7:42661]
I total agree with you, to many sites, to many worries, to many configurations..CA will be your answer Juan Blanco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Sent: Monday, September 02, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: Re: 150 site, site-to-site VPN [7:42661] I think you're tlking about pre-shared keys, the other option is to use public and private keys with either an outside thrid party or a certificate authority yourself. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, I have a global financial company that is upgrading their core data infrastructure (bunch of 7200's and 6509's, etc), opening up 150 remote locations over the next few years, going all IP telephony with Call Mangers and now wants to encrypt ALL traffic to all sites. I know site-to -site VPN's can be achieved with key's configured in the crypto maps in IOS, but what if someone compromises the key on the IOS. I, or my client, if we even knew the key was stolen, would have to update all the routers across the network. What options do you recommend for using certificate servers to distribute keys instead? What problems have you encountered with this? Would it be easier to just have the client update the key's once a month via CiscoWorks? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52548t=42661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ICQ and blocking the thing-PIX [7:52285]
100% agree with all your points. I was more trying to make a point that If given a correct set of circumstances, anything can be blocked. Thanks Larry -Original Message- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:20 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] In a complex organization ( complex not meaning size or number of departments, but in the way people need to work ) one might consider third party applications such as Web Sense. A couple of comments below: -- TANSTAAFL there ain't no such thing as a free lunch Roberts, Larry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try my approach.. Tell people no and put it in your security policy. They violate the policy they get fired.. CL: that assumes that 1) the policy will be acceptable to management 2) the policy will be enforced by management and 3) you have the luxury of being able to fire people for whatever reason you deem fit, trivial or otherwise. Even in today's bad economy, companies may not have this luxury. Oh wait a minute, I think that goes along with cut-off desktop internet access I guess. CL: like it or not, internet access at the desktop has become one of those intangible fringe benefits, right up there with using the photocopier for personal business, using the telephone for personal business, using the fax machine for personal business. When was the last time someone got fired for making persoanl phone calls at work? Or photocopying their tax returns at work? Its is a VERY effective deterrent though don't you think CL: sure - IF management enforces it, or even agrees to it Or I guess you could also just route your home subnet ( not just your single home IP ) to Null0. I have found that effective of blocking sites when I don't have the ability to walk around and see what people are doing... Trust me, for every way you can find out, I can find a way to block it. We may play cat and mouse for a while, but I never tire of it... CL: works really well until the person you block is some Senior vice President, or one of the top sales people ( read - revenue producers ) in the company, and makes the claim that the service is absolutely necessary for success on the job. That's why this stuff has to work at a policy level, and cannot nor should be considered a matter for firewall administrators to deal with. CL You gots to know your organization. Thanks Larry -Original Message- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:18 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] If port 80 is open for outbound, I can change the ssh port on my linux firewall to listen on port 80 as well As I've said before, the only to stop me from IM is to cut off Internet access to my desktop completely. Isn't Unix a wonderful thing? Creighton Bill-BCREIGH1 wrote:There is no way for you to stop me because unless you cut off Internet access on my desktop completely. Or until SSH port 22 is closed on the firewall Bill Creighton CCNP Senior System Engineer Motorola iDEN CNRC Packet Data -Original Message- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 7:50 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: From work, I Secure Shell (SSH) back to my Linux Firewall. On my work desktop, I am running X-server (X-Win32 or Xceed) and just tunnel the SSH encryption from my Linux firewall back to the corporate desktop. I can fire up any X application to my heart desire (Netscape, AIM, Yahoo) that supports on Linux platform. I can pretty much do whatever I want without being spied by anyone at work because the SSH tunnel is encrypted. I can go online shopping, chat with my friends without having to worry about having my conversation being recorded. There is no way for you to stop me because unless you cut off Internet access on my desktop completely. Mears, Rob wrote:Hi Cisco gods, I have successfully blocked all chat services at the PIX firewall, I think. As I walk around and find people using MSN or Messenger I find that public proxy they are using and kill it too. BUT, I am having a hell of a time with ICQ. I do have all the ports UDP and TCP blocked so it does not work UNLESS they use port 80. This is where I am stuck, I cant block port 80 as you know so how do I kill this monster? Has any one had luck with this and has anyone found a way to stop the public proxy usage? I really feel as if I am fighting a losing battle, cuss for every block I am countered with a way around it. My inside ACL in the pix is quite impressive and all just for blocking this crap, if anyone would like it for theirs I will provide as it is proven and works,
Xyplex Terminal Server to Cisco Console port .... HOW? [7:52551]
I am trying to connect a Xyplex 1620 terminal server to the Console port on a number of Cisco routers.I have it running (sort of) but I lose a few characters under heavy load. This is odd, since 9600 baud is hardly heavy compared to the Xyplex's capacity of 115K per port... Hardware handshaking would help. BUT ... the Xyplex doesn't use DTR/DSR pins, and the Cisco Console ports don't have RTS / CTS connected. So hardware handshaking is out. Is there some configuration options that will keep this setup from losing data? Has anyone used a Xyplex with Cisco console ports successfully? Bill Mohat [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52551t=52551 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Log files - spoofing from private 10 adddress [7:52552]
My log files show that 10.78.0.1 address is attempting to get through my permimeter router . Would anyone know if this is someone really trying to spoof me or what? And is there any way or tool I can use to determine the real public source address this entity is coming from ? Does any one know if that is a port number (67) beside the IP address and (68) besides that 32 bit host mask? thx Randy 1w3d: %SYS-5-CONFIG_I: Configured from console by console 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 1 packet 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 7 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 4 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 6 packets Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52552t=52552 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passing Score for MCAST+QOS [7:52470]
for me it's been the other way round ;) mcast+qos was blood, sweat and tears. but one big difference between ccnp and ccip is that ccip seems much more advanced. -bis Larkin, Richard wrote: I found it challenging, but certainly not as difficult as the MPLS exam which has a much higher pass mark and I have failed twice to date. For the QoS+Multicast exam, I didn't read the Multicast Cisco Press book, only the IP QoS book, plus some whitepapers/documentation - and I struggled - so I would recommend both books. Richard Larkin -Original Message- From: bi.s [mailto:[EMAIL PROTECTED]] Sent: Sunday, 1 September 2002 5:41 PM To: [EMAIL PROTECTED] Subject: Re: Passing Score for MCAST+QOS [7:52470] YASSER ALY wrote: What is the passing score for MCAST+QOS (640-905) ? For those who managed to pass it do you consider a tough or easy going one. Regards,Yasser hi, as far as i remember the passing score was 720. the answer to your second question depends i would say. i found it one of the most difficult exams i had so far. but you can make it. be prepared for deep questions and troubleshooting. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52553t=52470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: inbound vty [7:52535]
Casey, Paul (6822) wrote: I am trying to create an access-list rule on a router, to deny telnet access from a router to anywhere except another particular routers IP address. using the following access-list 1 permit 10.10.10.1 line vty 0 4 access-class out 1 However it doesnt seem to work. I have tryed inbound filters and they seem to work fine, restricting incoming connections fromspecif addresses. Is it something I am doing incorrect. Anyone any idea's hi, if i remember correctly there was something like traffic originating from the router are not access controlled by acls. have to check, its been a while. hth -birgit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52554t=52535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: inbound vty [7:52535]
re, checked it: http://www.systemtoolbox.com/article.php?articles_id=93 6. Access lists do not apply to traffic originating from the router. They only apply to traffic passing through the router. hth -birgit Casey, Paul (6822) wrote: I am trying to create an access-list rule on a router, to deny telnet access from a router to anywhere except another particular routers IP address. using the following access-list 1 permit 10.10.10.1 line vty 0 4 access-class out 1 However it doesnt seem to work. I have tryed inbound filters and they seem to work fine, restricting incoming connections fromspecif addresses. Is it something I am doing incorrect. Anyone any idea's Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52555t=52535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE-Written Books? [7:52547]
I believe all the books that are currently out there are based on the old blueprint (except perhaps the Cisco Press book, which I have not seen yet). Earlier today I posted a free update to my own book (the NLI study guide) that should be applicable to any of the last generation texts. You'll find it at www.laganiere.net. I hope you find it useful... Thanks... --- Dennis - Original Message - From: sisco To: Sent: Monday, September 02, 2002 7:49 AM Subject: CCIE-Written Books? [7:52547] I got Routing and Switching Prep kit by QUE' and CCIE-Study Guide by John Swartz Todd Lammle, What else do i need to read or what books can you guys recommend? Do i need to have routing TCP/IP by Jeff Doyle? I dunno where to focus?! PLS HELP! Many Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52556t=52547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52557]
Dear Majdy, How are you? Hope every thing is OK with you? Did you check that the accounting working well, since if you have a problem in accounting it may cause some like these bugs. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52557t=52557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52558]
To be more clear, if you have a problem in accounting may be due to low in memory the user is recorded when he logging in, but not recorded when he logging out, so he still appear on line to the AS, which prevent him in next login where you have configured max number of sessions . Regards Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52558t=52558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP verification(long)(real world)(access available) [7:52559]
Hey Neal, This (show ip bg ne advertised-routes) is also something I had never used - I just always trusted the route servers for that sort of information. Makes things much clearer. This command and it's peer, show ip bgp neighbor x/x received-routes are very helpful and show the rib-out and rib-in respectively. Especially when doing policy, it is critical to verify that you are sending what you think you are sending. Keep in mind however, the much of the route modification outbound is not show by cisco (prepends for example don't show up) which can make things a little more vague. Route server wise, route-server.ip.att.net I'm sure you've found. 701 does not maintain one and I am pretty sure sprint doesn't either. It would be really nice if they did :) Lost of ppl have told them this. There are a bunch of these out there. route-server.exodus.net still works, and there are a few more out there. A little google poking around should help. I found 7018's route server, Sprint and UUNet must be pestered each time you want to know what is going on inside them, and another fellow from this list told me about this thing - its *very* handy - kind of like what ATT provides only with views to a large (100+) number of ASes. --- IMPORTANT --- telnet route-views.oregon-ix.net --- IMPORTANT --- Troubleshooting wise, I have been bitten by ATT's policy of matching distribute-lists in's (routes accepted via whatever cisco means they chose) with ip access-group ins. In some cases, they'll take the route, but not the traffic. This can be a major pain to find until you get used to their doing that (source verification for dos/ddos prevention) I found this one early on in the game. I love how accessible their tech support is, too - I have enable on one of their peers, the peer has me entered as an official maintainer, and they're still nearly useless. I must say that they don't suck as badly as XO/Concentric's support, but its close. Solution wise, I would tend to be destructive during a maint window to ensure that both control and forwarding work, and beyond that, ping your transit providers for shots of their rib-in from you, along with a shot of your routes as they see them. You likely did this already and are troubled that you read this much only to find out that you did it all already :) I am thinking a spare Cisco 1750 somewhere on net, peered with both ASes using ebgp multihop and a private AS might just be a good solution - apply same policies to it that I apply at the borders of the other networks and see what comes from it. This is not a bad idea at all. At 12:17 AM 9/2/2002 +, Neal Rauhauser wrote: I'll start this out by saying that I'm frustrated enough with the final verification of this thing to publish the running configs of all relevant routers, provide shell access to production boxes, and to set up an open 48 meg 1750 inside AS 25943 with IBGP sessions to all routers involved. I *think* its running as intended - I'm having trouble with verification of my policies - this is my first 'carrier class' network. BGP layout is like so - I own 25943 and I have admin control of the 20333 routers: AS701AS20333AS25943AS25943AS25943AS1239 AS7018--^ AS20333 (Exanium) gets service from ATT(AS7018) and UUNet(AS701) on a 128 meg Cisco box taking full routes. The AS25943/AS1239 connecting point is also a 128 meg box taking full routes. The internal routers in AS25943 are all 64 meg 26xx, including the machine at the AS20333/AS25943 peering point. The diagram is somewhat simplified - I show one purely internal AS25943 router when there are actually two now and another two being commissioned within the next thirty days. These other boxes are actually leaf nodes from the internal AS25943 box pictured - it sits at the center of a star topology. Geographically it is somewhat complex also - the AS20333 router and its AS25943 peer are within 12' of each other, that router and the central AS25943 router are about three miles apart, and the central router and the AS25943/AS1239 peering point are about 2.5 miles apart - so no rearranging of cables for a simpler topology will be allowed as a solution :-) One of the IBGP remotes is actually multihomed with a link to the central router and a link to another undepicted 64 meg 26xx aggregation box in the same rack as the AS25943/AS1239 peering point. IP wise the following blocks are involved: 12.36.200.0/23, 12.36.210.0/23, and 12.108.204.0/22 originating from the AS20333 router. They're anchored with static routes to null0 and the owner of AS20333 is happy with the behavior as is. 63.170.237.0/24, 63.170.238.0/23, 12.108.206.0/24, and 12.108.207.0/24 are all allocated to AS25943 via Sprint or allocated to AS25943 via Exanium. The AS25943 IP allocations are deployed as individual
which image for IS-IS? [7:52560]
I just did a quick look around my network and 'clns routing' doesn't seem to work on any of the routers (16xx, 17xx, 26xx) I have in operation. Is there a particular image train one needs to run or some trick to getting ISIS working? -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52560t=52560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
wanted: old school IPv6 beta images [7:52561]
There are some old IPv6 beta images running around out there that have crazy stuff like OSPF/BGP in the image for the Cisco 1000 series routers - anyone got this stuff lying around? I just dusted off a 1003 and I'd like it to do more than just access duty in the lab. -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52561t=52561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: network management [7:52546]
Frederick, The usual question comes next: What are you wanting to accomplish? Do you want something that flashes telling you a router is down? Do you want bandwidth statistics? Do you have a budget? Adam Frederick 09/02/02 07:48AM Can anyone please give me reference to what SNMP Manager's they use?. I'm trying to successfuly setup a Network Management Console (Using Fluke's Network Inspector and Microsoft SMS Server) So far the SMS Server has proved to be more real time and proactive. Any help would be appreciated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52562t=52546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which image for IS-IS? [7:52560]
At 04:52 PM 9/2/2002 +, Neal Rauhauser wrote: I just did a quick look around my network and 'clns routing' doesn't seem to work on any of the routers (16xx, 17xx, 26xx) I have in operation. Is there a particular image train one needs to run or some trick to getting ISIS working? Usually a service provider 12.0 build will work fine. ie S or ST train. I expect enterprise includes it as well, though I'm not aware of the particulars. -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52563t=52560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed Lab 8/23 in RTP, selling much equipment, 2621, 2610, [7:52564]
Teltone ISDN Demonstrator (U interfaces only) in original box with floppy disk. (probably not original power cord, though, as they are generally fungible) $1,200 plus $15 flat shipping for FEDEX 2nd Day Shipping to continental US. 2x NM-1V plus 2x VIC-2FXS. Original owner and original packaging, anti-static wrist strap, manuals. $1,200 for all plus $20 flat shipping for Fedex Ground (will probably be two separate parcels). Cisco 2621 router loaded with 64 megs RAM and 16 megs Flash, a WIC-1T, and a WIC-1BU. No plastic face plate. Comes with rack mount ears. Look at commercial practice labs and see how useful this particular configuration is. $1,350 plus $10 flat shipping for FEDEX Ground. Package of TWO (2) routers for one good price: Cisco 2610 router loaded with 48 megs RAM, 16 megs flash, a WIC-1T, and a WIC-1BU. No blank plate for the NM slot. A very useful configuration. PLUS a Cisco 2501 Ethernet router with 16 megs Flash and 16 megs RAM. The 2610 comes with rackmount ears. The 2500 comes with an AUI-10BT transceiver. $900 for both plus $15 flat shipping (for both together) for Fedex Ground to Continental US. Cisco 2613 router with 48 megs RAM, and 16 megs Flash, and an included NM-4A/S with handle (so it can serve as a frame switch, but it would be kind of expensive to use it just for that all the time). Token ring router, unfortunately, but it holds network modules just as well as any other 2600 series (BTW, be careful that you check out which NMs can go in a 2600. Some only go in 3600s.). Also comes with rackmount ears. Missing one small filler plate where a WIC goes. $645 plus $10 flat shipping shipping for Fedex Ground to Continental US. Cisco 2514 dual ethernet router with 16 megs Flash and 16 megs RAM. $350 plus $10 flat shipping for FEDEX GROUND to continental US. Cisco 2504 token ring and ISDN router, 16 megs Flash, 16 megs RAM. $200 plus $10 flat rate shipping for FEDEX GROUND to continental US. Cisco 2504 token ring and ISDN router, 16 megs Flash, 16 megs RAM. $200 plus $10 flat rate shipping for FEDEX GROUND shipping to continental US. Cisco 2501 router with 16 megs flash and 16 megs RAM. $250 plus $10 flat shipping for FEDEX GROUND shipping to continental US. ATT NT1. Small, and does not require a power supply, which makes it very convenient. $30 plus $5 fixed shipping. Adtran ACE NT1, in original box with manual and power supply. $30 plus $5 fixed shipping. One NM-4A/S. $325 plus flat $7 shipping. Paypal welcomed. Checks are also welcome but will slow things down a bit. Software licensing is the responsibility of the purchaser. All equipment is guaranteed non-DOA. I plan to only ship to continental US. Thomas P. Larus CCIE # 10,014 540-368-2601 Fredericksburg, VA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52564t=52564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need help in Designing Nework [7:52565]
1. Can someone help me in designing the internet network. I have the following equipments 1. Cisco Pix Firewall 525 with (3) three interface 2. IDS 4220 3. Sun Cobalt - for DNS 4. AS500 with 120 lines (four (4) E1's) 5. Radius Cisco Secure running on Windows 2000 6. 2511 with 16 lines 7. TACACS running on Sun Solaris 8. Web Server running on Windows 2000 9. SQL Server - ASP 10. Exchange 2000/Sendmail 11. Two (2) IBM AS/400 with 11 remote sites (ADSL WAN network with private Ips) 2. I have two full C class IP address and I am using NAT for local users - the problem is I cannot monitor the users with IP accounting command Is there any solution to know which user is using full bandwidth ? 3. Shall I go for Microsoft Exchange 2000 or shall I use Sun Cobalt built-in email system Sendmail. My users need to access their email thru web browser. My current email is sendmail on sun solaris due to hardware limitation I need to move to new system. 4. Is it a good idea to have two separate authentication system for Dialup users. I have two access routers, and Radius Cisco secure for windows tacacs on Sun Solaris. One as standby access router. 5. I have two (2) ADSL links of 1MB uplink and 2 MB downlink each, at present I am using only one links and the other link is standby if the primary link fail, then I have to manual remove the primary cable and plug the secondary cable. The two ADSL routers are 800 series. Can someone give me a solution, I need to utilizes both the links. My ISP is telling me it's not possible. What are the advantages disadvantages of ADSL technology and lease line. 6. Is it safe to have ADSL WAN Network ? thanks ashok braganza Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52565t=52565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NBAR filter [7:52566]
Dear Group, I want to filter Nimda Virus, which spread mainly through the email exchange. My question is : Can I use NBAR to filter the SMTP POP3 content like HTTP? If not, is there any other way to do that ? Thanks -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52566t=52566 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NBAR filter [7:52566]
Yes you can http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 limit/121e/121e2/nbar2e.htm Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Group, I want to filter Nimda Virus, which spread mainly through the email exchange. My question is : Can I use NBAR to filter the SMTP POP3 content like HTTP? If not, is there any other way to do that ? Thanks -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52567t=52566 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2503 PPPoE/DHCP Client (DSL)/NAT [7:52568]
Has anyone successfuly implemented a 2500 series router acting as a PPPoE DHCP Client in an DSL environment. I'd like to remove my Linksys entirely from my network since it provides too little functionality and control. If anyone has done so I would be interested in seeing how they configured this and under what IOS image. Thanks in advance. Robert D. Cluett Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52568t=52568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2503 PPPoE/DHCP Client (DSL)/NAT [7:52568]
As far as I know, 2500 series router cannot act as a PPPoE client. The function of PPPoE client are bundled only to 800, 1600, 1700, 2600, 3600 series (incomplete list), but not 2500. To verify, goto http://www.cisco.com/go/fn and perform a feature search for pppoe client. Then you can see which platforms/IOS versions do support PPPoE client. As for DHCP client and NAT, 2500 series support both of the functions. hktco - Original Message - From: Robert Cluett To: Sent: Tuesday, September 03, 2002 5:17 AM Subject: 2503 PPPoE/DHCP Client (DSL)/NAT [7:52568] Has anyone successfuly implemented a 2500 series router acting as a PPPoE DHCP Client in an DSL environment. I'd like to remove my Linksys entirely from my network since it provides too little functionality and control. If anyone has done so I would be interested in seeing how they configured this and under what IOS image. Thanks in advance. Robert D. Cluett Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52569t=52568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2503 PPPoE/DHCP Client (DSL)/NAT [7:52568]
You are correct...the latest 2500 IOS version c2500-js-l.122-10b.bin does not support PPPoE. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52570t=52568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCMSN study material [7:52501]
Thanx Shawn, I was planning for a fast reference so as to work on 4000 series and 6000 series switches and simultaneously take the exams. I hope BCMSN should help me out. Anyone aware of the WAN switching exams, books (IGX 8400 platform). Plz advice. Regs. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52571t=52501 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which PIX to buy [7:52572]
I'm wondering which PIX I need. I need something that will work with OC12 155Mbps when saturated. Right now we have a T3 line and will eventually get an OC3. I would need redundant PIXs. Can anyone recommend a company that leases them? Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52572t=52572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Virtual Tokenring interface [7:52573]
What is it and where do we really use it I mean in what circumstances? Can someone pour some light on it? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52573t=52573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Log files - spoofing from private 10 adddress [7:52552]
Randy, This appears to be a DHCP server querying its clients. This is pretty common on a cable modem network. Yes, that is UDP port 67, and as you can see, it's a broadcast. I wouldn't think it's a hacker, because of the fact that it's a broadcast. It's probably just someone running a DHCP server on their home network. Eddie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of McHugh Randy Sent: Monday, September 02, 2002 11:34 AM To: [EMAIL PROTECTED] Subject: Log files - spoofing from private 10 adddress [7:52552] My log files show that 10.78.0.1 address is attempting to get through my permimeter router . Would anyone know if this is someone really trying to spoof me or what? And is there any way or tool I can use to determine the real public source address this entity is coming from ? Does any one know if that is a port number (67) beside the IP address and (68) besides that 32 bit host mask? thx Randy 1w3d: %SYS-5-CONFIG_I: Configured from console by console 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 1 packet 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 7 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 4 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) - 255.255.255.255(68), 6 packets Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52575t=52552 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCI - are boson.com exams good? [7:52574]
I used nothing but Boson.com exams when I was getting my CCNP two years ago. Now I have started to work on the BSCI exam towards my CCIP and I don't see a lot different in the BSCI pretest from what was needed for BSCN. Can someone who has passed the BSCI comment on this? I've studied less than twenty hours in the last month, after two years of ignoring all BSCI issues except BGP/OSPF which I use for work, and I'm surprised that these tests are telling me I'm nearly ready to go. -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52574t=52574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: network management [7:52546]
Adam, Take a look at Cisco Info Center. http://www.cisco.com/go/cic Clayton Dukes CCNA, CCDA, CCDP, CCNP, NCC -=]-Original Message- -=]From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of -=]Adam Frederick -=]Sent: Monday, September 02, 2002 10:49 AM -=]To: [EMAIL PROTECTED] -=]Subject: network management [7:52546] -=] -=]Can anyone please give me reference to what SNMP Manager's they use?. -=]I'm -=]trying to successfuly setup a Network Management Console (Using Fluke's -=]Network Inspector and Microsoft SMS Server) So far the SMS Server has -=]proved -=]to be more real time and proactive. Any help would be appreciated. -=] -=]Thanks -=] -=] -=] -=] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52550t=52546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: priscilla WAN audio ..cool [7:52529]
Hi That was a brialliant attempt by priscilla. I hope we can get somehing this to prep for ccie. Bunmi Isinkaye Cisco Certification Digest wrote: Cisco Certification Digest Friday, August 30 2002 Volume 02 : Number 2232 In this issue of the Cisco Certification Mailing List Digest: Re: Staic Routes on 1605 Router [7:52340] Re: Staic Routes on 1605 Router [7:52340] Re: Staic Routes on 1605 Router [7:52340] Tonight's Homily - Other Important Things [7:52347] RE: unidentified cisco cable [7:52296] OT: Las Vegas Cisco users group [7:52341] switch over fax [7:52350] Re: Gatekeeper not completing calls [7:52315] Re: unidentified cisco cable [7:52296] new examine CCIE RS [7:52355] Re: FXS and Key System connection [7:52288] Re: Staic Routes on 1605 Router [7:52340] Cisco Netacad for 640-603 [7:52358] Boston Cisco Users Group? [7:52359] RE: ICQ and blocking the thing-PIX [7:52285] RE: Cisco Netacad for 640-603 [7:52358] Re: 2500 Memory Question. [7:52097] Re: Looking for Memory [7:52033] Re: unidentified cisco cable [7:52296] Re: routing problem? [7:52054] Build your own PIX [7:52364] Re: Cisco Netacad for 640-603 [7:52358] RE: CCIE qualification Exam, misconception? Longi [7:52235] Re: Staic Routes on 1605 Router [7:52340] Re: unidentified cisco cable [7:52296] RE: what to put [7:51574] Re: Staic Routes on 1605 Router [7:52340] Re: Cisco Netacad for 640-603 [7:52358] CCIE Written study partner wanted!! [7:52373] RE: Looking for Memory [7:52033] OT - testng spam filter - please ignore [7:52375] Re: Syslog server for Whatsup Gold [7:52269] EIGRP default route distribution. [7:52377] RE: Boston Cisco Users Group? [7:52359] RE: EIGRP default route distribution. [7:52377] Reloading VIP [7:52380] RE: EIGRP default route distribution. [7:52377] Re: Reloading VIP [7:52380] RE: EIGRP default route distribution. [7:52377] Re: Reloading VIP [7:52380] RE: Reloading VIP [7:52380] RE: ICQ and blocking the thing-PIX [7:52285] RE: CCIE qualification Exam, misconception? Longi [7:52235] ACS Single SignOn (Cisco 5350/VPN3060/RADIUS) [7:52387] RE: EIGRP default route distribution. [7:52377] Re: Reloading VIP [7:52380] RE: ICQ and blocking the thing-PIX [7:52285] Re: Cisco Netacad for 640-603 [7:52358] RE: new examine CCIE RS [7:52355] RE: Boston Cisco Users Group? [7:52359] RE: ICQ and blocking the thing-PIX [7:52285] Re: ICQ and blocking the thing-PIX [7:52285] Re: Reloading VIP [7:52380] RE: ICQ and blocking the thing-PIX [7:52285] RE: ICQ and blocking the thing-PIX [7:52285] Lab Swap in SJ [7:52400] Re: ICQ and blocking the thing-PIX [7:52285] RE: EIGRP default route distribution. [7:52377] RE: 3550 and 3524 [7:52286] RE: CCIE qualification Exam, misconception? Longi [7:52235] -- Date: Fri, 30 Aug 2002 04:46:50 GMT From: Erick B. Subject: Re: Staic Routes on 1605 Router [7:52340] Where does the 10.258.52.x network reside in your network? I'm guessing it also uses a 255.255.255.0 mask. If there is a PC or PC's on one of the 1605 ethernet segments with a 10.258.52.x address then you will need to add a secondary IP address to the interface those devices are off of. This is also called a multinetted interface. interface e0 ip address 10.258.52.x 255.255.255.0 secondary If the 10.258.52.x is on another router in your network then you add a static route or enable a dynamic routing protocol between the routers. The static route next hop will be an adjancent router off one of the 1605 interfaces. Example: ip route 10.258.52.0 255.255.255.0 10.1.1.1.x where x is the other router on the 10.1.1.x/24 network. That router would also need routes back to the 1605 networks. HTH, Erick - --- Craig Robertson wrote: Hi guys, I am having a problem with routing on a Cisco1605 router. Ethernet0 is set to 10.1.1.17 255.255.255.0 and ethernet1 is set to 10.128.52.1 255.255.255.0 My problem is: From the 10.1.1.0 network i can ping 10.1.1.17 (ethernet0) From the 10.1.1.0 network i can ping 10.128.52.1 (ethernet1) From the 10.1.1.0 network I can NOT ping 10.258.52.101 (pc on subnet) I have enabled ip routing on the router, however, nothing has changed. Can anyone please advise of the command(s) for a static route, if indeed this is the problem. Any suggestions would be appreciated. Thanks __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Date: Fri, 30 Aug 2002 04:51:48 GMT From: Craig Robertson Subject: Re: Staic Routes on 1605 Router [7:52340] Sorry guys, the address of the PC is 10.128.52.101, not 258. Nice typo hey :-) Thanks Vance Krier wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is the PC really 10.258.52.101..? V-- Craig Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys, I am having a problem with routing on a Cisco1605 router. Ethernet0 is set to 10.1.1.17 255.255.255.0 and
Re: Router IOS Upgrade bug in 12.1 images [7:52489]
Is your flash read-only? If so just change the config reg and reboot. Marc Russell Chuck's Long Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've done this before, and it's not like it's real tough, but. I am trying to upgrade my IOS images. Neither the Router Software Loader, not the good old copy tftp: flash: is working. RSL gives me some odd message the copy function never asks if I want to erase the current image on the flash - it just starts to copy, then stops, with a message that there is not enough rook on the destination device. sample output of my process: Router_7#copy tftp flash: NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] Address or name of remote host []? 192.168.1.49 Source filename []? c2500-js56i-l.121-5.T10.bin Destination filename [c2500-js56i-l.121-5.T10.bin]? %FR-5-DLCICHANGE: Interface Serial0 - DLCI 201 state changed to DELETED %FR-5-DLCICHANGE: Interface Serial0 - DLCI 202 state changed to DELETED %FLH: c2500-js56i-l.121-5.T10.bin from 192.168.1.49 to flash ... System flash directory: File Length Name/status 1 16294768 c2500-jos56i-l.121-11.bin [16294832 bytes used, 482384 available, 16777216 total] Accessing file 'c2500-js56i-l.121-5.T10.bin' on 192.168.1.49... Loading c2500-js56i-l.from 192.168.1.49 (via Ethernet0): ! [OK] %Error: Image size exceeds free space %FLH: Flash download failed F3: 16002988+291748+1049272 at 0x360 As you can see - no asking to erase. I suspect this is a problem with the particular image. I had no problem upgrading a different router with a different image. Unfortunately, just about all my routers have this identical image in place. Anyone seen this? got a fix? CCO searches have not been regarding. TAC won't talk to me even though I work for a major partner. Apparently my management made some procedural changes, and I can't locate anyone internally who can help me out. They apparently have lives :- thanks much -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment z Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52506t=52489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCMSN study material [7:52501]
I finished BCMSN 12/2000 and I used almost nothing but the Cisco Press BCMSN book. I did have hands on with cat1900/2900/5500 in large operations though, but only L2 features in 5500. I found the Boson exams to be an excellent gauge of my readiness - http://www.boson.com puro prasad wrote: Hi, I am using cisco press BCMSN coursebook authored by Karen Webb. how good is this book? do i need to go for anything else other than this one so as to get through the switching exam? Also I would like to know about any WAN switching exams (IGX platform) offered by cisco currently. Thanx -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52503t=52501 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Sims [7:52452]
I am testing my ability to post. I sent one earlier that did not get through. What are the general thoughts regarding router sims. I have looked at the demo for Boson's product, and I know that Sybex has one also. I thought the Syex CCNA vLab was very useful. Thanks for the help. -Bobby Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52452t=52452 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What IOS version tested in CCIE [7:52256]
Brad Ellis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 12.1(5)T9 enterprise at the moment. CL: I just finished a bit of research on CCO regarding IOS versions in general. Very interesting. It might be a good idea to check out the capabilities and make a detemination for yourselves about this. Personally, I find Brad's advice always worth considering. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Tribavan Raina wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys, ..The CCIE web site says Specific features new to IOS version 12.1 can appear on CCIE lab exams starting on this date. Candidates should note that this change primarily affects the CCIE Routing and Switching and CCIE Security exams Does this mean we don't need to worry about features in 12.2 And which image is usually used mean GD or ED.. Cheers Tribavan Raina Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52449t=52256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE qualification Exam, misconception? Longi [7:52235]
Hi Dennis, I was planning to buy the Boson Test 3. Now I will wait for your updated version. Will I able to receive the info from boson.com as soon as it is released? regards Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52431t=52235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Sims [7:52439]
What are the prevailing thoughts on Router Sims. I need something for CCNP practice and don't have resources for building a lab or or getting rack time elsewhere. I looked at the Boson sim. It looks pretty cool, but the demo doesn't allow config mode so you just look in the window. ---Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52439t=52439 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO COMMAND CALLED Tunnel [7:52526]
check out the following: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial _r/drdrtrvi.htm#1020188 watch the wrap interesting. thanks for pointing it out. Chuck -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment z Eng. ABDALLAH QUQAS wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear ALL, I was looking for help on cisco router using the ? command, i found a command called tunnel, anybody explain the using of that command by an examples. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52576t=52526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which PIX to buy [7:52572]
On Mon, Sep 02, 2002 at 11:50:17PM +, John Chang wrote: I'm wondering which PIX I need. I need something that will work with OC12 155Mbps when saturated. Right now we have a T3 line and will eventually get an OC3. I would need redundant PIXs. Can anyone recommend a company that leases them? 155 Mbps is OC3, not OC12 - (3 X 45 Mbps) For that you can try PIX 535, which can scale up until gigabit ethernet (1000 Mbps). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52577t=52572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which image for IS-IS? [7:52560]
I did a quick search using Cisco TAC's Software Advisor: http://www.cisco.com/kobayashi/support/tac/t_index.shtml requires CCO login and found no IS-IS on the lower end ( 16xx and 17xx ) that you mention on the 26xx series you need an Enterprise version or a Service Provider version, so far as I can tell. HTH -- www.chuckslongroad.info like my web site? take the survey! Neal Rauhauser wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just did a quick look around my network and 'clns routing' doesn't seem to work on any of the routers (16xx, 17xx, 26xx) I have in operation. Is there a particular image train one needs to run or some trick to getting ISIS working? -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52579t=52560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tonight's Homily - QoS Study and Reflections [7:52582]
All in all a reasonably productive long weekend. Hope everyone's was similar. I've managed to get through quite a bit of the Cisco 12.1 IOS QoS configuration guide - 250 pages of well, that's tonight's homily. 250 pages of what exactly? Repetition. I wish I had a dollar for every time the docs states that the default bandwidth available to various QoS mechanisms is 75% of the interface bandwidth. Frustration. Not with the quality in general, but with stupid little configuration details and explanations that are obviously in error. For example, if you were to look at the following command, what would you conclude about the PVC? frame-relay map ip 110.1.1.1 16 broadcast probably not the same thing that the documentation states, I'll wager. OK. That's fine. We all know by now that one must view any reference and study materials with a skeptical eye. Surprise. Pleasant surprise Once I started reading, I was pleasantly surprised at how understandable most of this stuff is. Sure there is the bits versus Bytes in the various command lines. But even that is overcome once you get into the mindset. Test Psyching. I can't say it enough - one should never bet on what they think may or may not be testing in the CCIE Lab. But after a while, one cannot help but notice statements like SBM is not supported currently on Token Ring LANs and wonder - is this a hint that one might expect to configure this on an ethernet LAN device? Nothing in the 3550 Command Reference or Config Guide regarding RSVP or SBM. But I don't see the most recent documentation on CCO either - just the new image release. Irregardless of the CCIE Lab, I can see where SBM would be of interest in certain client networks. Questions. Lots of questions. The Guide I'm reading is recent. But throughout it talks about using the ToS bits. I may be mistaken - I've read quite a bit of this stuff since Friday, but isn't it the DiffServ field now? Yes it's supposed to be somewhat backwards compatible, but not if you start using all 63 of the possible DiffServ values, or even just Assured Forwarding, which has only 12 possible values. I might be misreading the packet here. DSCP uses bits 0-5 of the old ToS field, with bits 6 and 7 reserved for future use, and looking like they will become the EC bits. This merits further consideration. I'll make a note to carefully examine the QoS configs and commands as I study. It may make no difference whatsoever on the CCIE Lab, but it never hurts to know. Feeling good. Yes, feeling good after a long weekend where I could put in some book time and also spend some time with the family. Takes some of the strain off during these final weeks of preparation. Can't wait to power up the routers and try out some of this stuff. Cool breezes. Still waters. Hot weather, with the hint of autumn. Goodnight, everyone. -- www.chuckslongroad.info like my web site? take the survey! PS - 19 straight! Take that, Mariners, Angels, and Red Sox! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52582t=52582 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Modifying debug output [7:52583]
Hi folks, I wonder if this is possible. I have our Dialin Cisco Router logging to a syslog server. Now the debug output is always in the same format but I was wondering if it can be changed. Begin paste--- 3204: Sep 3 06:37:19: %CALLRECORD-3-MICA_TERSE_CALL_FAILED_REC: DS0 slot/contr/chan=1/0/20, slot/port=0/4, call_id=266, calling=(n/a), called=0837, time=18, finl-state=TRAINUP, disc(modem)=6001 Condition occurred during call setup/Other/host issued SOFTWARE_RESET cmd End paste- As you can see, the calling parameter is (n/a) since we do not have CLI (calling line identification) activated The called number = 0837 which to me is the last four digits of the number that this user dialed. Is it possible to tell the cisco router to put the full number dialled in the log e.g. 555-0837 ? I am also going to ask our telecoms provider to activate CLI so that I can figure out who's dialing our network ... most of them seem to be done in error, but you never know! Thanks Manish Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52583t=52583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT :Cheet-Sheets.com Owner Pleads Guilty; May Face Jail Time [7:52584]
Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52584t=52584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ref: SPOOFING [7:52585]
Dear ALL, How i can see if somebody is spoofing the access list applied on router, or how i can test it, if the spoofing the access list can be done. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52585t=52585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]