1720 ISDN problem [7:53616]

[Stuart Laubstein]

I am having a curious problem with a 1720. When I enable the BRI the router
reloads ist config and locks me out of telnet as well. I changed the config
and saved but when I stuck the isdn cable in it reset the config to the old
one. Any ideas on what I can try here?

thanks

stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53616&t=53616
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to make real player from outside to contact real [7:53617]

[LeBrun, Tim]

I am assuming that you only have this one service behind the PIX or do you
have multiple servers behind the PIX?  I would like to see a config of
multiple servers behind a PIX - utilizing only "1" external IP address.

Tim

-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 9:52 PM
To: [EMAIL PROTECTED]
Subject: Re: How to make real player from outside to contact real
[7:53586]


Ok, the solution is very simple one.  I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall.  The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the DMZ interface on the
PIX).
The 192.168.1.100 is NATed to the public with 199.0.56.293 
On the pix firewall: 
static (inside,dmz) 199.0.56.293 192.168.1.100 
access-list 100 permit tcp any host 199.0.56.293 eq 8080 (if http is running
on here)
access-list 100 permit tcp any host 199.0.56.293 eq 7070 
access-list 100 permit udp any host 199.0.56.293 eq 554

access-list 100 permit tcp any host 199.0.56.293 eq 9090 (monitor only)

access-group 100 in interface outside

Now, since the actual streaming server is behind the Pix firewall, you will
have to

modify the streaming server configuration file to make it work.  Add the
following

line to the rmserver.cfg file:



Restart the streaming server.  Now from one of the workstation on the
outside Pix

firewall, fireup RealPlayer and put the following in the URL:

rtsp://199.0.56.293:554/sex.mpg

It will work You can make it work from clicking the link in the web
browser;

however, I don't have to go over it here.

Enjoy

Now, this is something a CCIE doesn't know how to fix.

Mike

 "Magdy H. Ibrahim" wrote:Hi All,

I have a client wants to create Real server behind Pix firewall and I am
trying to make the outside real player to contact the inside server but I
failed..
Is there any extra commands more than the following commands on the PIX to
allow the ourside clients to communicate with the inside server??
Please advise help me

the PIX configuration.
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
no fixup protocol skinny 2000
fixup protocol rtsp 554
fixup protocol rtsp 8554
names
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


-
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53617&t=53617
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Serials and Theft [7:53574]

[Daniel Cotts]

If you register the equipment for a Smartnet Service Contract, (in the past
you could do it by phone) they will let you know who was the previous owner
(assuming that the previous owner also had it on Smartnet.) 
Maybe someone has the tel# for the Smartnet registration.

> -Original Message-
> From: John Wright [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 18, 2002 5:34 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco Serials and Theft [7:53574]
> 
> 
> Hi guys,
 is there any way to check the serials on the equipment to see if its
stolen?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53619&t=53574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Windows and Net Behavior Tracking [7:53620]

[John Neiberger]

I now, that's a bizarre subject line.  I couldn't think of a better one
this early in the morning.  :-)  Here are the details...

Let's say I went to a website and downloaded a specific file, then I
subsequently cleared my cache.  Once that is done, is there any way to
reasonably prove where I got that file?  If I'm claiming to have gotten
that file from a particular site at a particular time, is there some
other record on the computer that might still be intact that would show
where and when I got it?

Assume this is IE on Windows XP.

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53620&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TACACS/RADIUS on CISCO Router [7:53621]

[exchange]

Hey,

is there a possibility to set up a router acting
as a  radius or tacacs server with local authentication
without external server ?

Please let me know

best regards

Michael




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53621&t=53621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 802 Sample config. [7:53622]

[John Hutchison]

Does anyone have, by chance, a sample of a full config of an 802 isdn? I
looked at cisco and the other resources I have but can't find just sample
configs. I need to verify a couple of things I'm doing. Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53622&t=53622
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Serials and Theft [7:53574]

[Craig Columbus]

There's a huge market for used Cisco gear and the prices on the used market 
are WELL below listI wouldn't worry about the equipment being stolen 
unless the prices are well below the standard used price range.  Go to ebay 
and do a search of closed auctions for the items he's selling and compare 
the average prices there to what he's offering.

Craig

At 10:34 PM 9/18/2002 +, you wrote:
>Hi guys,
>
>Just found this group and it looks like a great resource for Cisco
>certification misc. questions. I'm CCNP and have passed CCIE written.
>
>My question is this: an aquaintance has offered me some really good
>equipment that I could really use to study for the CCIE, at really low
prices.
>
>I don't know the guy very well, he seems legit, but is there any way to
>check the serials on the equipment to see if its stolen? I don't want to
>possess stolen equipment, and I definitely don't want to find that out
>when/if I sell it after I pass the Lab. Thanks for any and all advice--
>
>John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53618&t=53574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Weird connection issue [7:53583]

[[EMAIL PROTECTED]]

I'm experiencing some strange connection issues when surfing the web through
a couple of our PIX firewalls, but not through our Checkpoints.

Seems while surfing some websites the pix decides to close the connection
before the last acknowledgement packet from the pc.  Thus the pc resends the
packet over and over.  But the PIX has closed the connection.  I can ping
the site just fine, but the port 80 traffic gets cutoff.  Funniest part, it
only happens on some websites.  Anyone experience the same issues?  It
seems I'm missing some important config?

PIX Version 6.2(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 
passwd 
hostname kangchenjunga
domain-name abnamrousa.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no names
access-list 1 permit icmp any any echo-reply 
access-list 1 permit icmp any any time-exceeded 
access-list 1 permit icmp any any unreachable 
pager lines 24
logging on
logging trap notifications
logging host inside 10.10.250.249
interface ethernet0 100full
interface ethernet1 100full
icmp deny any echo-reply outside
mtu outside 1500
mtu inside 1500
ip address outside y.y.y.y 255.255.255.240
ip address inside 10.10.200.1 255.255.0.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm drop
pdm location 10.10.65.71 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.10.0.0 255.255.0.0 0 0
access-group 1 in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.z 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server RADIUS protocol radius 
aaa-server LOCAL protocol local 
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt noproxyarp inside
no sysopt route dnat
telnet timeout 1
ssh 10.10.65.71 255.255.255.255 inside
ssh timeout 5
: end

Cheers,
MKJ


~~~
Michael Jablonski
ABN AMRO Asset Management Holdings, Inc.
161 North Clark St.
9th Flr
Chicago, IL  60601-2468
PH: 312.884.2996 
FAX: 312.278.5550
~~~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53583&t=53583
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Serials and Theft [7:53574]

[Brad Ellis]

Get the serial #'s and call TAC.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)
Voice: 702-968-5100
FAX: 702-968-5104

""John Wright""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi guys,
>
> Just found this group and it looks like a great resource for Cisco
> certification misc. questions. I'm CCNP and have passed CCIE written.
>
> My question is this: an aquaintance has offered me some really good
> equipment that I could really use to study for the CCIE, at really low
prices.
>
> I don't know the guy very well, he seems legit, but is there any way to
> check the serials on the equipment to see if its stolen? I don't want to
> possess stolen equipment, and I definitely don't want to find that out
> when/if I sell it after I pass the Lab. Thanks for any and all advice--
>
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53579&t=53574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can't map before ping first? [7:53599]

[Daniel Cotts]

When pinging to a device for the first time the first ping times out while
the last network device (router) arps for the hardware address of the host
(server). (I'm assuming that the server is at a remote location from you.)
The router should then maintain the ip to MAC translation in its arp table
for a specified time. The arp table timeout (due to inactivity) on Cisco
routers is four hours. I think that we can assume that the server is busy
enough that it should maintain its entry in the routers arp cache. The
router seems ok because it works fine with other servers - hopefully on the
same subnet. That points to the server. I believe that you posted this
question the other day and indicated then that the problem had just started
happening. The question then is "Who messed with the server recently?" and
"What did they do?" What configuration problem on a host computer can
disallow a router from maintaining its entry in an arp cache - even though
the host is active? I can't state a definitive answer for that -- but I'd
sure want to check the subnet mask and default gateway values on that
server.
Please post your solution to the list.

> -Original Message-
> From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 12:46 AM
> To: [EMAIL PROTECTED]
> Subject: can't map before ping first? [7:53599]
> 
> 
> I have a server which always has problem mapping to other PC 
> across the WAN
> (other branch network).  But it works after I ping to 
> overseas PC (as shown
> below).  Do you know what might be the problem.  My other 
> server don't have
> this problem and it is still the same after I switch it to 
> another switch
> port.
> 
>  
> 
> C:\>net use * \\w2k01\c$
> 
> System error 53 has occurred.
> 
>  
> 
> The network path was not found.
> 
>  
> 
>  
> 
> C:\>net use * \\100.100.100.19\c$
> 
> System error 53 has occurred.
> 
>  
> 
> The network path was not found.
> 
>  
> 
>  
> 
> C:\>ping w2k01
> 
>  
> 
> Pinging w2k01 [100.100.100.19] with 32 bytes of data:
> 
>  
> 
> Request timed out.
> 
> Reply from 100.100.100.19: bytes=32 time=109ms TTL=124
> 
> Reply from 100.100.100.19: bytes=32 time=110ms TTL=124
> 
> Reply from 100.100.100.19: bytes=32 time=110ms TTL=124
> 
>  
> 
> C:\>net use * \\100.100.100.19\c$
> 
> Drive G: is now connected to \\100.100.100.19\c$.
> 
>  
> 
> The command completed successfully.
> 
> 
> ==
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ==
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
> ==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53623&t=53599
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1720 ISDN problem [7:53616]

[Mark W. Odette II]

Stuart-
Boot up in ROMMON and tftp a newer version of IOS.  Short of that, Call
TAC for a replacement ISDN WIC or a replacement Router.

My reason for booting up in ROMMON is to insure the code for the WIC
doesn't get loaded, ensuring no interruptions while trying to upload the
new IOS.

What version of IOS are you running?

I had a 1720 recently (was brand new) that kept having problems with
bonding both channels in a MPPP setup to the ISP.  Turned out the IOS
was the problem, which if I recall, was something like 12.2.4.  I
upgraded to 12.2.8T5, and the problem went away.

-Mark
-Original Message-
From: Stuart Laubstein [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:53 AM
To: [EMAIL PROTECTED]
Subject: 1720 ISDN problem [7:53616]

I am having a curious problem with a 1720. When I enable the BRI the
router
reloads ist config and locks me out of telnet as well. I changed the
config
and saved but when I stuck the isdn cable in it reset the config to the
old
one. Any ideas on what I can try here?

thanks

stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53624&t=53616
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[CTM CTM]

Daniel Cotts wrote:
> 
> You have a static NAT translation for 192.168.100.20 on both
> routers. I'd
> suggest removing it from the Mexican router.
> 
> You haven't said whether or not you are doing standard or
> extended pings.
> Whether you are pinging from a host or the routers.
> Do a traceroute when the pings are fast and when they are slow.
> See where
> the packets are going. You might want to do a "sh ip route" in
> each
> condition.
> Some small housekeeping:
> Mexican router:
> I see no need for the "ip nat inside" on the Serial0/0:0.300
> subinterface.
> Nothing from that interface meets the conditions of access-list
> 101.
> You can remove the "ip policy route-map nonat from
> subinterfaces 0/0:0.300
> and 0/0:0.301 . There is no route-map in the config.
> You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have
> 192.168.100.0
> on F0/1 in SC-SAN. You still have a NAT static in Mexico for the
> 192.168.100.20 host. Might be good to remove that static
> mapping and remove
> the unused address completely from the interface to avoid
> confusion.
> "ip http server" can be a security hole.
> 
> SC-SAN router:
> VPN connection to 172.29.30.0 uses access list 100 to define
> allowed
> traffic. I don't understand the first line of that list. Does
> it refer to
> the NAT pool of addresses? If so, how do they work inside? If
> not, who are
> they? Who is really allowed access to 172.29.30.0?
> Again the ip policy and route-map statements aren't doing
> anything. There is
> an issue that could use a route-map. The users in 172.29.30.0
> can't reach
> the statically NATed servers 192.168.100.20 & 135 over the VPN.
> There is a
> way to solve that problem (if it is a problem.)
> Keep us posted on your progress. I would like to know the
> solution.
> 
> > -Original Message-
> > From: Sammi Dog [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, September 13, 2002 5:23 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266]
> > 
> > 
> > I would appreciate any and all comments.
> 
> > > >From: "Chris McNally" > >Hi all, > >We have one router in 
> > the U.S. and
> > > one in Mexico. They are connected to each >other via frame 
> > relay and they
> > > each have their own internet portal. >When the Mexico
> router is
> > > disconnected from its internet interface the ping >returns 
> > between U.S.
> > > are averaging 70ms but when they plug in their internet 
> > >side the ping
> > > returns shoot above 500ms and often hit 800.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53626&t=53266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[CTM CTM]

Daniel Cotts wrote:
> 
> You have a static NAT translation for 192.168.100.20 on both
> routers. I'd
> suggest removing it from the Mexican router.
> 
> You haven't said whether or not you are doing standard or
> extended pings.
> Whether you are pinging from a host or the routers.
> Do a traceroute when the pings are fast and when they are slow.
> See where
> the packets are going. You might want to do a "sh ip route" in
> each
> condition.
> Some small housekeeping:
> Mexican router:
> I see no need for the "ip nat inside" on the Serial0/0:0.300
> subinterface.
> Nothing from that interface meets the conditions of access-list
> 101.
> You can remove the "ip policy route-map nonat from
> subinterfaces 0/0:0.300
> and 0/0:0.301 . There is no route-map in the config.
> You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have
> 192.168.100.0
> on F0/1 in SC-SAN. You still have a NAT static in Mexico for the
> 192.168.100.20 host. Might be good to remove that static
> mapping and remove
> the unused address completely from the interface to avoid
> confusion.
> "ip http server" can be a security hole.
> 
> SC-SAN router:
> VPN connection to 172.29.30.0 uses access list 100 to define
> allowed
> traffic. I don't understand the first line of that list. Does
> it refer to
> the NAT pool of addresses? If so, how do they work inside? If
> not, who are
> they? Who is really allowed access to 172.29.30.0?
> Again the ip policy and route-map statements aren't doing
> anything. There is
> an issue that could use a route-map. The users in 172.29.30.0
> can't reach
> the statically NATed servers 192.168.100.20 & 135 over the VPN.
> There is a
> way to solve that problem (if it is a problem.)
> Keep us posted on your progress. I would like to know the
> solution.
> 
> > -Original Message-
> > From: Sammi Dog [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, September 13, 2002 5:23 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266]
> > 
> > 
> > I would appreciate any and all comments.
> 
> > > >From: "Chris McNally" > >Hi all, > >We have one router in 
> > the U.S. and
> > > one in Mexico. They are connected to each >other via frame 
> > relay and they
> > > each have their own internet portal. >When the Mexico
> router is
> > > disconnected from its internet interface the ping >returns 
> > between U.S.
> > > are averaging 70ms but when they plug in their internet 
> > >side the ping
> > > returns shoot above 500ms and often hit 800.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53625&t=53266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows and Net Behavior Tracking [7:53620]

[Daniel Cotts]

How about the syslogs from the firewall or Internet gateway router?

> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 9:30 AM
> To: [EMAIL PROTECTED]
> Subject: OT: Windows and Net Behavior Tracking [7:53620]
> 
> 
> I now, that's a bizarre subject line.  I couldn't think of a 
> better one
> this early in the morning.  :-)  Here are the details...
> 
> Let's say I went to a website and downloaded a specific file, then I
> subsequently cleared my cache.  Once that is done, is there any way to
> reasonably prove where I got that file?  If I'm claiming to 
> have gotten
> that file from a particular site at a particular time, is there some
> other record on the computer that might still be intact that 
> would show
> where and when I got it?
> 
> Assume this is IE on Windows XP.
> 
> Thanks,
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53627&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[CTM CTM]

Hi,

I removed the "ip http server" from all routers.
I also removed the "ip nat inside" from the first Mexico router.
So far so good.
But when I did a "no ip route 192.168.100.0 255.255.255.0 Serial0/0:0.300" I
immediatly lost connection to the router and am now trying to reach someone
down there to reboot it
not good, as it should have been issued for 192.168.100.20

So still working on clean up for that box.

In Amsterdam:
I could really, really use a VPN connection between 172.29.30.0 and
172.29.10.0 subnets so will look at that while I wait for the Mexico router
to be rebooted.

(yes, somewhat over my head here, but shall persevere)


Daniel Cotts wrote:
> 
> You have a static NAT translation for 192.168.100.20 on both
> routers. I'd
> suggest removing it from the Mexican router.
> 
> You haven't said whether or not you are doing standard or
> extended pings.
> Whether you are pinging from a host or the routers.
> Do a traceroute when the pings are fast and when they are slow.
> See where
> the packets are going. You might want to do a "sh ip route" in
> each
> condition.
> Some small housekeeping:
> Mexican router:
> I see no need for the "ip nat inside" on the Serial0/0:0.300
> subinterface.
> Nothing from that interface meets the conditions of access-list
> 101.
> You can remove the "ip policy route-map nonat from
> subinterfaces 0/0:0.300
> and 0/0:0.301 . There is no route-map in the config.
> You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have
> 192.168.100.0
> on F0/1 in SC-SAN. You still have a NAT static in Mexico for the
> 192.168.100.20 host. Might be good to remove that static
> mapping and remove
> the unused address completely from the interface to avoid
> confusion.
> "ip http server" can be a security hole.
> 
> SC-SAN router:
> VPN connection to 172.29.30.0 uses access list 100 to define
> allowed
> traffic. I don't understand the first line of that list. Does
> it refer to
> the NAT pool of addresses? If so, how do they work inside? If
> not, who are
> they? Who is really allowed access to 172.29.30.0?
> Again the ip policy and route-map statements aren't doing
> anything. There is
> an issue that could use a route-map. The users in 172.29.30.0
> can't reach
> the statically NATed servers 192.168.100.20 & 135 over the VPN.
> There is a
> way to solve that problem (if it is a problem.)
> Keep us posted on your progress. I would like to know the
> solution.
> 
> > -Original Message-
> > From: Sammi Dog [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, September 13, 2002 5:23 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266]
> > 
> > 
> > I would appreciate any and all comments.
> 
> > > >From: "Chris McNally" > >Hi all, > >We have one router in 
> > the U.S. and
> > > one in Mexico. They are connected to each >other via frame 
> > relay and they
> > > each have their own internet portal. >When the Mexico
> router is
> > > disconnected from its internet interface the ping >returns 
> > between U.S.
> > > are averaging 70ms but when they plug in their internet 
> > >side the ping
> > > returns shoot above 500ms and often hit 800.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53628&t=53266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows and Net Behavior Tracking [7:53620]

[John Neiberger]

That might be an option.  I'll have to see if this guys firewall logs
that sort of thing. If he uses a firewall like mine, it won't log
'allowed' traffic.

Thanks!
John

>>> Daniel Cotts  9/19/02 9:12:35 AM >>>
How about the syslogs from the firewall or Internet gateway router?

> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 19, 2002 9:30 AM
> To: [EMAIL PROTECTED] 
> Subject: OT: Windows and Net Behavior Tracking [7:53620]
> 
> 
> I now, that's a bizarre subject line.  I couldn't think of a 
> better one
> this early in the morning.  :-)  Here are the details...
> 
> Let's say I went to a website and downloaded a specific file, then I
> subsequently cleared my cache.  Once that is done, is there any way
to
> reasonably prove where I got that file?  If I'm claiming to 
> have gotten
> that file from a particular site at a particular time, is there some
> other record on the computer that might still be intact that 
> would show
> where and when I got it?
> 
> Assume this is IE on Windows XP.
> 
> Thanks,
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53629&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 802 Sample config. [7:53622]

[MADMAN]

Here is my 804 from home:

  Dave


dave804#sh conf
Using 1143 out of 8065 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dave804
!
enable password cisco
!
username as5200in password 0 madman
!
ip subnet-zero
!
ip dhcp pool dave
   network 10.0.0.0 255.255.255.0
   dns-server 172.28.2.217 172.28.2.10
   default-router 10.0.0.1
!
no ip domain-lookup
ip name-server 172.28.2.217
ip name-server 172.28.2.10
!
!
!
interface Ethernet0
 ip address 10.0.0.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 ip address negotiated
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 bandwidth 64
 dialer string 6644100
 dialer load-threshold 15 either
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 xx
 isdn spid2 xx
 no cdp enable
 ppp authentication chap
 ppp multilink
 hold-queue 75 in
!
ip nat inside source list 1 interface BRI0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 BRI0
!
access-list 1 permit 10.0.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 transport input none
 stopbits 1
line vty 0 4
 password cisco
 login
!
end


John Hutchison wrote:
> 
> Does anyone have, by chance, a sample of a full config of an 802 isdn? I
> looked at cisco and the other resources I have but can't find just sample
> configs. I need to verify a couple of things I'm doing. Thanks in advance.
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53630&t=53622
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Security document [7:53596]

[Daniel Cotts]

Here are some documents that are useful. "Cisco ISP Essentials"  is also now
in book form from Cisco Press. ISBN 1587050412

Secure IOS Template by Rob Thomas
www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
Extremely good. Know what you are doing before using. You'll want to get:
www.iana.org/assignments/ipv4-address-space to understand his access-lists
and route to null statements.

Cisco ISP Essentials
I don't have a URL. I believe that you have to read the router security
sections on CCO and from one of the articles there is a link to this
document. The concepts are useful to all. Quite long.

Router Security Configuration Guide - from the United States National
Security Agency
http://nsa2.www.conxion.com/cisco/download.htm
This is book length.

www.sans.org Go to the reading room.

Hope that you have lots of bandwidth and a fast printer.

> -Original Message-
> From: Smart Student [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 12:08 AM
> To: [EMAIL PROTECTED]
> Subject: Security document [7:53596]
> 
> 
> Can Anybody please refer to me to some good documents about 
> implementing
> security on routers.?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53631&t=53596
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Addendem: Windows and Net Tracking [7:53632]

[John Neiberger]

Regarding my previous post, also assume that for whatever reason the
History files are inconclusive or that they've been cleared out, as
well.  So, the question boils down to this:  Is there a way to verify
where a file came from and when it was downloaded via IE if the cache
and history have been cleared?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53632&t=53632
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCRAN (700 series routers) [7:53634]

[Avnish Bhardwaj]

I am planning to take BCRAN exam next week. I had a question regarding
700 series routers. Do they still have question related to 700 series
routers on exam ?

Thanks
Avnish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53634&t=53634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Serials and Theft [7:53574]

[Neal Rauhauser]

Let me firmly advise you against talking to Cisco about stolen
equipment.

  There is a huge theft ring operating in the Bay area right now -
mostly they defraud honest broker/dealers with dumpster grade gear but
they have previously been involved in a variety of corruption - drugs
for hot equipment from janitorial staff, cash under the table to Cisco
employees at the Brennan(sp?) facility, faulty  unserialized gear
leaking from destruction facilties, and big time freight theft - 53'
trailers & associated semis just vanishing from Cisco storage lots.

  There was a $5 * MEG freight theft from Netro last year which led to
the breakup of the Roohparvar brothers money laundering operation in San
Jose and a variety of other scumbags going on extended state sponsored
vacations. I see the names Buompenserio, Bochinni, etc on the detailed
criminal complaint in connection with the Netro freight theft and
freight capers are usually mafia territory ...




  I advise you to *not* talk to Cisco because I made this mistake in
1999 after purchashing a piece of equipment from one of the little
weasels out there. I called the FBI on them after a $9700 loss but I
contacted  the authorities three days after they'd nabbed the guy
responsible for one of the semi thefts. I knew I wasn't getting my money
back but I'd hoped to at least see the perp punished - instead I got
implicated in their shenanigans.


 If your source isn't in the Bay area itself, and the prices are near
what is being charged on ebay, and you know they guy, you're probably
OK. If you want to talk in private that is cool also - I'll share names
of known losers you should avoid :-)



John Wright wrote:
> 
> Hi guys,
> 
> Just found this group and it looks like a great resource for Cisco
> certification misc. questions. I'm CCNP and have passed CCIE written.
> 
> My question is this: an aquaintance has offered me some really good
> equipment that I could really use to study for the CCIE, at really low
prices.
> 
> I don't know the guy very well, he seems legit, but is there any way to
> check the serials on the equipment to see if its stolen? I don't want to
> possess stolen equipment, and I definitely don't want to find that out
> when/if I sell it after I pass the Lab. Thanks for any and all advice--
> 
> John
-- 
Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
mailto:[EMAIL PROTECTED] fcc  : k0bsd
"I've seen the angels wearing their disguise,
ordinary people leading ordinary lives" - Tracy Chapman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53633&t=53574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Addendem: Windows and Net Tracking [7:53632]

[\"\"B.J. Wilson\"\"]

According to a couple of co-workers who are more knowledgeable about Windows
than I am, it would not be possible to find out from the desktop itself once
the history and Temporary Internet Files have been cleared (they note that
the
information *may* be stored in a cookie, but it's not likely).

>From the server side of things, the firewall and/or proxy server *might*
contain the information about the file, but you'd need to turn on pretty
detailed logging to get that sort of information.  You'd also need to know
the
name of the file to search for, unless you feel like looking through hundreds
and hundreds of log entries.

HTH,

BJ



On Thu, 19 Sep 2002 15:44:40 GMT John Neiberger
 wrote:

> Regarding my previous post, also assume that
> for whatever reason the
> History files are inconclusive or that they've
> been cleared out, as
> well.  So, the question boils down to this:  Is
> there a way to verify
> where a file came from and when it was
> downloaded via IE if the cache
> and history have been cleared?
> 
> Thanks,
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53635&t=53632
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BCRAN (700 series routers) [7:53634]

[Claudia Walter]

Hi Avnish,

I have asked the same question a while ago. Looks like they are not too keen
on wanting to know all the commands but put more emphasis on the
understanding of the different profiles and what features are supported. The
ExamCram book says the same btw, so don't get your head burning with all
those crazy commands ;-)

Claudia

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Avnish Bhardwaj
Sent: 19 September 2002 16:58
To: [EMAIL PROTECTED]
Subject: BCRAN (700 series routers) [7:53634]


I am planning to take BCRAN exam next week. I had a question regarding
700 series routers. Do they still have question related to 700 series
routers on exam ?

Thanks
Avnish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53636&t=53634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[Daniel Cotts]

You absolutely need that route statement in the Mexican router. What I was
suggesting is that you remove that ip address from the FastEthernet 0/1
interface of the Mexico router. It is no longer used in that router and
might cause confusion.
Most likely your local workstation is on the 192.168.100.0 subnet in SC-SAN.
Now that Mexico doesn't have a route back to you - you are disconnected. Can
you move to a workstation in the 172.29.10.0 subnet? Telnet to the Mexico
router should work from there.

I may have time to look at the  configs of your other routers this weekend. 

> -Original Message-
> From: CTM CTM [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 10:17 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Two Interfaces = Extremely Slow Ping [7:53266]
> 
> 
> Hi,
> 
> I removed the "ip http server" from all routers.
> I also removed the "ip nat inside" from the first Mexico router.
> So far so good.
> But when I did a "no ip route 192.168.100.0 255.255.255.0 
> Serial0/0:0.300" I
> immediatly lost connection to the router and am now trying to 
> reach someone
> down there to reboot it
> not good, as it should have been issued for 192.168.100.20
> 
> So still working on clean up for that box.
> 
> In Amsterdam:
> I could really, really use a VPN connection between 172.29.30.0 and
> 172.29.10.0 subnets so will look at that while I wait for the 
> Mexico router
> to be rebooted.
> 
> (yes, somewhat over my head here, but shall persevere)
> 
> 
> Daniel Cotts wrote:
> > 
> > You have a static NAT translation for 192.168.100.20 on both
> > routers. I'd
> > suggest removing it from the Mexican router.
> > 
> > You haven't said whether or not you are doing standard or
> > extended pings.
> > Whether you are pinging from a host or the routers.
> > Do a traceroute when the pings are fast and when they are slow.
> > See where
> > the packets are going. You might want to do a "sh ip route" in
> > each
> > condition.
> > Some small housekeeping:
> > Mexican router:
> > I see no need for the "ip nat inside" on the Serial0/0:0.300
> > subinterface.
> > Nothing from that interface meets the conditions of access-list
> > 101.
> > You can remove the "ip policy route-map nonat from
> > subinterfaces 0/0:0.300
> > and 0/0:0.301 . There is no route-map in the config.
> > You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have
> > 192.168.100.0
> > on F0/1 in SC-SAN. You still have a NAT static in Mexico for the
> > 192.168.100.20 host. Might be good to remove that static
> > mapping and remove
> > the unused address completely from the interface to avoid
> > confusion.
> > "ip http server" can be a security hole.
> > 
> > SC-SAN router:
> > VPN connection to 172.29.30.0 uses access list 100 to define
> > allowed
> > traffic. I don't understand the first line of that list. Does
> > it refer to
> > the NAT pool of addresses? If so, how do they work inside? If
> > not, who are
> > they? Who is really allowed access to 172.29.30.0?
> > Again the ip policy and route-map statements aren't doing
> > anything. There is
> > an issue that could use a route-map. The users in 172.29.30.0
> > can't reach
> > the statically NATed servers 192.168.100.20 & 135 over the VPN.
> > There is a
> > way to solve that problem (if it is a problem.)
> > Keep us posted on your progress. I would like to know the
> > solution.
> > 
> > > -Original Message-
> > > From: Sammi Dog [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, September 13, 2002 5:23 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266]
> > > 
> > > 
> > > I would appreciate any and all comments.
> > 
> > > > >From: "Chris McNally" > >Hi all, > >We have one router in 
> > > the U.S. and
> > > > one in Mexico. They are connected to each >other via frame 
> > > relay and they
> > > > each have their own internet portal. >When the Mexico
> > router is
> > > > disconnected from its internet interface the ping >returns 
> > > between U.S.
> > > > are averaging 70ms but when they plug in their internet 
> > > >side the ping
> > > > returns shoot above 500ms and often hit 800.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53637&t=53266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX SMTP Fixup slow perfromance [7:53638]

[Symon Thurlow]

Hi all,
 
Whilst testing SMTP NAT through a PIX 515e with SMTP fixup enabled, the
performance is unusable. If I turn of SMTP fixup it is really fast.
 
I can;t find anything about this being an issue in 6.22, anyone seen this
problem?
 
Cheers,
 
Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53638&t=53638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[CTM CTM]

Thank you, moving to the other subnet allowed me to get back in to the
router.
Ok, now for another crack at it ;-)

Very much appreciated!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53639&t=53266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to make real player from outside to contact real [7:53640]

[mike greenberg]

The solution is also a simple one. Behind the Pix firewall, I am running
a "linux"
load-balancer (i.e. virtual IP address).  I have 4 streaming servers 
(192.168.1.101-192.168.1.104) and they use the 192.168.1.100 VIP address
The linux load-balancer handles the load-balancing part  Again, I don't
use
Winblows  because it sucks Therefore,  I static NAT this 192.168.1.100 to
an external address.  It works great
Mike
 
 "LeBrun, Tim" wrote:I am assuming that you only have this one service
behind the PIX or do you
have multiple servers behind the PIX? I would like to see a config of
multiple servers behind a PIX - utilizing only "1" external IP address.

Tim

-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 9:52 PM
To: [EMAIL PROTECTED]
Subject: Re: How to make real player from outside to contact real
[7:53586]


Ok, the solution is very simple one. I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall. The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the DMZ interface on the
PIX).
The 192.168.1.100 is NATed to the public with 199.0.56.293 
On the pix firewall: 
static (inside,dmz) 199.0.56.293 192.168.1.100 
access-list 100 permit tcp any host 199.0.56.293 eq 8080 (if http is running
on here)
access-list 100 permit tcp any host 199.0.56.293 eq 7070 
access-list 100 permit udp any host 199.0.56.293 eq 554

access-list 100 permit tcp any host 199.0.56.293 eq 9090 (monitor only)

access-group 100 in interface outside

Now, since the actual streaming server is behind the Pix firewall, you will
have to

modify the streaming server configuration file to make it work. Add the
following

line to the rmserver.cfg file:



Restart the streaming server. Now from one of the workstation on the
outside Pix

firewall, fireup RealPlayer and put the following in the URL:

rtsp://199.0.56.293:554/sex.mpg

It will work You can make it work from clicking the link in the web
browser;

however, I don't have to go over it here.

Enjoy

Now, this is something a CCIE doesn't know how to fix.

Mike

"Magdy H. Ibrahim" wrote:Hi All,

I have a client wants to create Real server behind Pix firewall and I am
trying to make the outside real player to contact the inside server but I
failed..
Is there any extra commands more than the following commands on the PIX to
allow the ourside clients to communicate with the inside server??
Please advise help me

the PIX configuration.
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
no fixup protocol skinny 2000
fixup protocol rtsp 554
fixup protocol rtsp 8554
names
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


-
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53640&t=53640
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Windows and Net Behavior Tracking [7:53620]

[mike greenberg]

The answer is yes Your company may be running transparent proxying so
that
everything that you do and places that you visit will be "cache" at the
proxy server.
Where I work, we use "squid" to cache Internet traffic and maintain a log of
what
and where "internal" users visit... Internal users can NOT tell because it is
"transparent"
 John Neiberger wrote:I now, that's a bizarre subject line. I couldn't think
of a better one
this early in the morning. :-) Here are the details...

Let's say I went to a website and downloaded a specific file, then I
subsequently cleared my cache. Once that is done, is there any way to
reasonably prove where I got that file? If I'm claiming to have gotten
that file from a particular site at a particular time, is there some
other record on the computer that might still be intact that would show
where and when I got it?

Assume this is IE on Windows XP.

Thanks,
John
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53641&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CAT 3550 : IPX and AT support? [7:53642]

[Diego Rissone]

Does anybody know if the ios of the 3550's  supports or will support ipx ?
and at?

thanks  

Diego Rissone
CCIP,CCDP,CCNP,MSCE+I

TECHINT GROUP -ARGENTINA



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53642&t=53642
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT 3550 : IPX and AT support? [7:53642]

[Robert Edmonds]

Diego,
I don't think the 3550 supports IPX at all.  I have checked Cisco's web
site, plus I have a 3550-12G on my network and I can't find any IPX
commands.
""Diego Rissone""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anybody know if the ios of the 3550's  supports or will support ipx ?
> and at?
>
> thanks
>
> Diego Rissone
> CCIP,CCDP,CCNP,MSCE+I
>
> TECHINT GROUP -ARGENTINA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53643&t=53642
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TACACS/RADIUS on CISCO Router [7:53621]

[Robert Edmonds]

I'm not an expert on this, but it seems to me that if you don't have a local
database or an external server, you don't have any user names to
authenticate against.  I think you'll need something else.
""exchange""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hey,
>
> is there a possibility to set up a router acting
> as a  radius or tacacs server with local authentication
> without external server ?
>
> Please let me know
>
> best regards
>
> Michael




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53644&t=53621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security for router connected to Cable Service [7:43322]

[Robert Edmonds]

If I understand your question correctly, you just need to enable NAT for the
server in question and allow FTP traffic through on that address.  For
example, Server1 is the FTP server you want to allow people on the outside
to access.  It's private IP address is 10.10.10.10 and the outside address
you want the internet users to access is 64.64.64.65.  So, your
configuration might look a little like this if Server1 was hanging off the
Ethernet1 interface.  (NOTE:  The frame relay configuration is not
important, it is just thrown in for the completeness of the configuration
example.)


interface ethernet1
  description FTP Server
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
interface serial0
  no ip address
  encapsulation frame-relay IETF
  service-module t1 timeslots 1-24
  service-module t1 remote-alarm-enable
interface serial0.1 point-to-point
  description Frame Relay Connection to ISP
  ip address 64.64.64.66 255.255.255.248
  ip nat outside
  frame-relay interface-dlci 123

ip nat inside source static 10.10.10.10 64.64.64.65
ip route 64.64.64.65 255.255.255.255 ethernet1



""Wesley J""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, have you come up w/ a solution to allow connections into your
> network, say to an ftp server from the outside, through a router using the
> IOS Firewall Feature Set? I could use some input or any ideas on how to
> configure that.
>  Thanx for any suggestions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53645&t=43322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet session traversing PIX are timingout [7:53490]

[Caballero, Eddie]

KR,

The resolution for the VPN MTU size is usually pretty simple.  There should
be an option within the VPN to lower the MTU size of the VPN encrypted
packet.
This can either be in the form of a VPN client used to connect, or within a
Point to Point Tunnel endpoint configuration.
You just need to lower the MTU size of the VPN enough so that it no longer
gets dropped by any routers along the path. 
I don't know of any write ups on this particular issue, but I haven't really
looked either.  

Eddie



-Original Message-
From: KM Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 6:07 PM
To: [EMAIL PROTECTED]
Subject: RE: Telnet session traversing PIX are timingout [7:53490]


Eddie,

There is no VPN involved. I don't think its a MTU problem.  I am trying to 
find a similar command to the IOS Firewall's "ip inspect name ..." 
(Inspection rule for CBAC) for the PIX.  I need to increase the idle timeout

for the telnet application.

However, I found your MTU explaination very informative.  Someone mentioned 
to me about a VPN/MTU problem but did not go deeper into the cause.  How did

you resolve this MTU problem?  Is there any writeups on this problem?

KR


>From: "Caballero, Eddie" 
>To: 'KM Reynolds' , [EMAIL PROTECTED]
>Subject: RE: Telnet session traversing PIX are timingout [7:53490]
>Date: Tue, 17 Sep 2002 11:26:07 -0700
>
>I've seen this issue before with SSH timing out over a perfectly good
>connection without packet loss.  The problem was with the MTU size being 
>too
>small and the packet was getting dropped.
>The packet was going through a VPN tunnel through the network to a VPN
>concentrator.
>Here's an example.
>The telnet packet was  1435 bytes in size including all the headers.
>The Router maximum MTU was  1456 for example.
>So far so good... Looks like it should get through, correct ports are open
>etc..
>Now the VPN encryption adds an extra  25 bytes for example ( I don't have
>exact numbers).
>Now you have a packet that is Encapsulated with encryption for a total size
>of 1460 bytes.
>Oh and what also happens is the VPN will put a DO NOT Fragment flag on the
>packet, because of the encryption.
>Whats going to happen once that packet hits the router with an MTU size of
>1456?
>It gets dropped because the packet is too large.   What happens to the
>telnet or SSH session, is it starts dropping packets and then times out.  
>It
>doesn't receive and ACK's from the other end and thinks it is timing out.
>
>So A.  Is there VPN involved?  If so, could be MTU issue.
>B.  Check the MTU size.Send some large sized pings over 1400 bytes 
>in
>size with the Do not Fragment Flag.  Find out if and where the MTU is set
>too low.
>C.  Of course check for packet loss or extreme latency.
>
>
>Welp hopefully this helps from my experiences with this type of issue.
>
>
>Eddie
>Corio Inc.
>
>
>
>
>-Original Message-
>From: KM Reynolds [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, September 17, 2002 8:33 AM
>To: [EMAIL PROTECTED]
>Subject: Telnet session traversing PIX are timingout [7:53490]
>
>
>Hi,
>
>I have telnet sessions that orginate on the internal side of a PIX to a
>server on the external side that are timing out (after 60 seconds).  Is
>there a command to increase the timeout period for telnet? If there is what
>is the max?
>
>TIA
>KR
>
>
>
>_
>Join the worlds largest e-mail service with MSN Hotmail.
>http://www.hotmail.com
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53646&t=53490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE (R&S) written [7:53647]

[Brad daniels]

question regarding the written ccie exam:

the test changed to 150 questions, and is significantly different from the
old blueprint.  I was wondering if the blueprint actually reflects the test,
as I have been told the test has no new material, just more questions.  (my
company won't reimbuse for books, so I don't want to spend 120 to 140.00 for
newer books unless I have to).  Routing is routing, so I am not too worried,
just curious if the test really changed or not.  NOT looking for anyone to
break the confidentiality agreement, just looking to save myself some money..


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53647&t=53647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Windows and Net Behavior Tracking [7:53620]

[John Neiberger]

That's a good point.  In the real-life version of the story this user is
on Road Runner broadband and I don't think they're using proxies.  If
they are, that might be a good place to start but it would probably be
difficult to get that information from them.

Thanks,
John

>>> "mike greenberg"  9/19/02 11:29:40 AM >>>
The answer is yes Your company may be running transparent proxying
so
that
everything that you do and places that you visit will be "cache" at
the
proxy server.
Where I work, we use "squid" to cache Internet traffic and maintain a
log of
what
and where "internal" users visit... Internal users can NOT tell because
it is
"transparent"
 John Neiberger wrote:I now, that's a bizarre subject line. I couldn't
think
of a better one
this early in the morning. :-) Here are the details...

Let's say I went to a website and downloaded a specific file, then I
subsequently cleared my cache. Once that is done, is there any way to
reasonably prove where I got that file? If I'm claiming to have gotten
that file from a particular site at a particular time, is there some
other record on the computer that might still be intact that would
show
where and when I got it?

Assume this is IE on Windows XP.

Thanks,
John
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53648&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT 3550 : IPX and AT support? [7:53642]

[MADMAN]

The 3550 doesn't support desktop currently and I reasonably sure there
are no plans for their support but then again the cat4000 was not
originally going to support IPX but no it does, kinda!!

  Dave

Robert Edmonds wrote:
> 
> Diego,
> I don't think the 3550 supports IPX at all.  I have checked Cisco's web
> site, plus I have a 3550-12G on my network and I can't find any IPX
> commands.
> ""Diego Rissone""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does anybody know if the ios of the 3550's  supports or will support ipx
?
> > and at?
> >
> > thanks
> >
> > Diego Rissone
> > CCIP,CCDP,CCNP,MSCE+I
> >
> > TECHINT GROUP -ARGENTINA
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53649&t=53642
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BCRAN (700 series routers) [7:53634]

[Kaminski, Shawn G]

Especially know the 766 router and what ports are included on it . Also,
since the 700 series has been discontinued, you may want to look over the
800 series, which are taking the place of the 700 series. Know the 1600
series routers, as well. Don't forget product positioning (700/800 - SOHO
and Telecommuter, 1600 - Small/Medium business and small branch office,
etc.) You can find more info on Cisco's website.

Shawn K.

> -Original Message-
> From: Claudia Walter [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 12:28 PM
> To:   [EMAIL PROTECTED]
> Subject:  RE: BCRAN (700 series routers) [7:53634]
> 
> Hi Avnish,
> 
> I have asked the same question a while ago. Looks like they are not too
> keen
> on wanting to know all the commands but put more emphasis on the
> understanding of the different profiles and what features are supported.
> The
> ExamCram book says the same btw, so don't get your head burning with all
> those crazy commands ;-)
> 
> Claudia
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Avnish Bhardwaj
> Sent: 19 September 2002 16:58
> To: [EMAIL PROTECTED]
> Subject: BCRAN (700 series routers) [7:53634]
> 
> 
> I am planning to take BCRAN exam next week. I had a question regarding
> 700 series routers. Do they still have question related to 700 series
> routers on exam ?
> 
> Thanks
> Avnish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53650&t=53634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Good webhosting company [7:53651]

[sam sneed]

I know its off topic but hopefully someone on this list could help.
I'm looking to host 5-10 sites with someone. My problem is that webhsoting
companies go bankrupt overnite lately.
Even the decent size ones, XO for example. Does anyone know of a decent one
that will be in business longer than a year?
All I need are the basics, FTP access, CGI and Perl5, web statistics and a
couple POP3 boxes and don't want to pay more than $15 month.

Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53651&t=53651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE (R&S) written [7:53647]

[Kaminski, Shawn G]

There is new material (for example, two new topics that are covered heavily
now are MPLS and QoS). The test is very different from the old exam. While
there are a lot of similarities between the old blueprint and the new
blueprint, new questions have been written. I can't recommend any updated
books that cover the new exam at this time, but go to the following link for
some links that are a good starting point (if you haven't already been
there):

http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html 

If you want some information on updated study materials for this exam, email
me offline.

Shawn K.

> -Original Message-
> From: Brad daniels [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 3:44 PM
> To:   [EMAIL PROTECTED]
> Subject:  CCIE (R&S) written [7:53647]
> 
> question regarding the written ccie exam:
> 
> the test changed to 150 questions, and is significantly different from the
> old blueprint.  I was wondering if the blueprint actually reflects the
> test,
> as I have been told the test has no new material, just more questions.
> (my
> company won't reimbuse for books, so I don't want to spend 120 to 140.00
> for
> newer books unless I have to).  Routing is routing, so I am not too
> worried,
> just curious if the test really changed or not.  NOT looking for anyone to
> break the confidentiality agreement, just looking to save myself some
> money..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53652&t=53647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two Interfaces = Extremely Slow Ping [7:53266]

[CTM CTM]

I have closed the security and done some clean up. I'm investigating the
performance to Mexico but pings have been well today. Coincedence? Probably
but they've never been consistently low as they have been today. Tomorrow I
have some available to pull the suspected trouble connection and I'll log
some performances.
Meanwhile I need to investigate the Europe - U.S. connection. The connection
is terribly slow, and in fact I currently have Europe using VPN through
their outside IP, into our network via our outside IP, then retrieve email
through a Citrix connection. Terribly cumbersome and, seeing as we have a
frame relay connection, shouldn't be necessary. If I could get them talking
reliably through our dedicated connection it would make many people happy.


I have done some housekeeping on the Mexico router thusly:

int S0/0.300 – no ip nat inside

 

#no ip nat inside source static 192.168.100.20 x.x.x.x

Static entry in use, do you want to delete child entries? [no]: y   <-
wasn't sure about this one, was tempted to take default "no"

 

Int f0/1 - #no ip address 192.168.100.21 255.255.255.0

 

ii-nau-rtr-01(config)#int s0/0:0.300

ii-nau-rtr-01(config-subif)#no ip policy route-map nonat

ii-nau-rtr-01(config-subif)#end

ii-nau-rtr-01(config)#int s0/0:0.301

ii-nau-rtr-01(config-subif)#no ip policy route-map nonat

ii-nau-rtr-01(config-subif)#end

ii-nau-rtr-01#wr mem



~~~





Here is the current config:




ii-nau-rtr-01#sh config
Using 2515 out of 29688 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ii-nau-rtr-01
!
boot system flash 1:c2600-ik9o3s-mz.122-2.T.bin
logging rate-limit console 10 except errors
enable password 
!
!
!
memory-size iomem 10
ip subnet-zero
!
!
ip name-server x.x.x.x
ip name-server x.x.x.x
ip name-server x.x.x.x
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
isdn voice-call-failure 0
call rsvp-sync

!
controller E1 0/0
 framing NO-CRC4 
 channel-group 0 timeslots 1-31
!
!
interface FastEthernet0/0
ip address 172.29.20.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0:0
 no ip address
 encapsulation frame-relay IETF
 no ip route-cache
 frame-relay lmi-type ansi
!
interface Serial0/0:0.1 point-to-point
 description Connection to Internet
 ip address x.x.x.x x.x.x.x
 ip nat outside
 no ip route-cache
 no arp frame-relay
 frame-relay interface-dlci 500 IETF   
!
interface Serial0/0:0.300 point-to-point
 description Connection to San Diego - DLCI 300
 ip unnumbered FastEthernet0/0
 no ip route-cache
frame-relay interface-dlci 300   
!
interface Serial0/0:0.301 point-to-point
 description connect to lerma ' dlci 301
 ip unnumbered FastEthernet0/0
 ip nat inside
 no ip route-cache
 frame-relay interface-dlci 301   
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip nat pool IINAU-natpool-1 x.x.x.x x.x.x.x netmask 255.255.255.240
ip nat inside source list 101 pool IINAU-natpool-1 overload
ip nat inside source static 172.29.20.20 200.33.155.23
ip nat inside source static 172.29.20.24 200.33.155.24
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0:0.1
ip route 172.29.10.0 255.255.255.0 Serial0/0:0.300
ip route 172.29.30.0 255.255.255.0 Serial0/0:0.300
ip route 172.29.40.0 255.255.255.0 Serial0/0:0.301
ip route 192.168.100.0 255.255.255.0 Serial0/0:0.300
no ip http server
!
access-list 101 permit ip 172.29.20.0 0.0.0.255 any
access-list 101 permit ip 172.29.40.0 0.0.0.255 any
!
!
snmp-server community naucalpan RW
snmp-server community public RO
snmp-server location Industrias Ideal, Naucalpan, Mexico
snmp-server manager
!
dial-peer cor custom
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 --More--  password xx
 login
line vty 5 15
 login
!
!
end


ii-nau-rtr-01#sh int
FastEthernet0/0 is up, line protocol is up 
  Hardware is AmdFE, address is 0007.0e84.f540 (bia 0007.0e84.f540)
  Internet address is 172.29.20.1/24
  MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, 
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 215507 drops
  5 minute input rate 26000 bits/sec, 33 packets/sec
  5 minute output rate 172000 bits/sec, 35 packets/sec
 3645866 packets input, 447007005 bytes
 Received 62805 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 3626239 packets output, 1487065

Caslow Book [7:53654]

[Ben W]

Does anybody know if Caslow's book Cisco Certification: Bridges, Routers and
Switches for CCIE's is going to be updated for new CCIE topics in a 3rd
edition?  And if so when it will come out?  Is the 2nd edition good enough?



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53654&t=53654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Good webhosting company [7:53651]

[Brunner Joseph]

personally i swear by service www.internetconnection.net

they have always had great pipes, with lowpings, and I have hosted
two adult sites there since 1999.

I am currently moving my new site, www.networkedfilms.com there by the end
of the month, from register.com.

They offer all the features you require


Joseph Brunner
ASN 21572
MortgageIT MITLending
(212) 651-7695 Voice
(347) 489-6441 Cell


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53655&t=53651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

traceroute blocked port [7:53657]

[Osama Kamal]

I am having a problem with a blocked port somewhere on the internet down to
my router, my ISP is denying any blocking from their side, is there is any
way to know where exactly the port is blocked?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53657&t=53657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Caslow Book [7:53654]

[Kaminski, Shawn G]

I don't know if there will be a 3rd edition. However, the 2nd edition is
still an excellent book for many of the topics covered on the old and on the
new CCIE Written 350-001 exam, which are also covered in the lab. It is
worth picking up for your library.

Shawn K.

> -Original Message-
> From: Ben W [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 4:48 PM
> To:   [EMAIL PROTECTED]
> Subject:  Caslow Book [7:53654]
> 
> Does anybody know if Caslow's book Cisco Certification: Bridges, Routers
> and
> Switches for CCIE's is going to be updated for new CCIE topics in a 3rd
> edition?  And if so when it will come out?  Is the 2nd edition good
> enough?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53658&t=53654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: traceroute blocked port [7:53657]

[Henry D.]

I guess you'd need to have someone from outside claiming that the traceroute
is blocked
to actually send you the output of the trace, it should show there :-)

On the other hand, you might want to try it yourself from other networks.
Go to www.traceroute.org, pick a route server/looking glass and try from
there.

""Osama Kamal""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am having a problem with a blocked port somewhere on the internet down
to
> my router, my ISP is denying any blocking from their side, is there is any
> way to know where exactly the port is blocked?
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53659&t=53657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exec Shell + Console [7:53661]

[Newell Ryan D SrA 18 CS/SCBT]

Evening group,

What I have a TACACS server and the setup we are trying to achieve goes as
follows:
I want the LAN admins to have minimal control on there switches in there
area. We have
accomplished that one the vty ports. Here is the config:

Server
user=test 
password=test12
service-shell 
set priv-level=15
service=shell 
default cmd=(permit/deny)And the commands we want are here.
prohibit cmd=x
cmd=y{

Switch

aaa new-model
aaa authentication login telnet group tacacs+ line none
aaa authorization exec privilege group tacacs+ none
aaa authorization commands 15 cmd group tacacs+ none
line con 0
 exec-timeout 5 0
 password 7 x
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet

It works great for vty but not for console. I read somewhere about a hidden
authorization command for console but it is not working. Here is a debug.
xxx#debug aaa authorization
*Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
*Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
port=0 channel=0
*Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
*Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
*Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
Failed attempts for console
*Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
*Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0
port=2 channel=0
*Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
list='privilege' service=EXEC
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list "privilege"
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
(tacacs+)
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
PASS_ADD
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
Passed attempts for console
I think my understanding of exec shell is what's hurting me. Any comments or
advice would be greatly appreciated.






Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53661&t=53661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

simulations questions [7:53662]

[Paulo Roque]

How many simulation questions are there in the exams 640-60X ?
Are they (simalation questions)  always present ?


--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53662&t=53662
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Good webhosting company [7:53651]

[trammer]

I use www.readyhosting.com for a couple of my sites for the last 2 years.

Site is fast, lots of features, mail server lags once in a while but other
than that seem pretty decent.

$100/year which isn't bad either.


Check out www.cnet.com for web hosting comparison charts too.


cheers


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I know its off topic but hopefully someone on this list could help.
> I'm looking to host 5-10 sites with someone. My problem is that webhsoting
> companies go bankrupt overnite lately.
> Even the decent size ones, XO for example. Does anyone know of a decent
one
> that will be in business longer than a year?
> All I need are the basics, FTP access, CGI and Perl5, web statistics and a
> couple POP3 boxes and don't want to pay more than $15 month.
>
> Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53663&t=53651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Please help!!! [7:53664]

[L]

Hello,

I oftern see on selling posts that some routers comes with 1E2W module.  Is
this referring to the on-borad built in interfaces?? With the 1E2W, would I
need any extra modules (like WIC-1T or WIC-2T) to use the 2W, or can it be
used for connecting serial cables striaght away?

Sorry for my stupid question.

Best Regards,
L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53664&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Good webhosting company [7:53651]

[Elijah Savage III]

I would not use these guys for hosting because of their mail servers.
Their mail servers are listed on the dns black mail list. For those who
may not know this means that their mail servers were used as open relays
at one time and I have discovered from time to time it happens to them
so they can't be removed from the black list. So anyone using any type
of spam message filtering against the blacklist you will not be able to
send mail to them from this hoster. I had them for 3 days and tried
sending mail to like my office and the mail would get bounced back to me
because of this. I actually called them and spoke with tech support and
told them about the spam list their domain was on and the guy had no
clue what dnsbl(spam blacklist) was. Then I asked how they have it setup
and the guy with tons of confidence just about gave me their network
design over the phone. They actually use exchange servers connected
directly to the net off of a router not behind a firewall in a dmz or
anything. He told me it is setup this way to maximize throughput because
a firewall would cause bottlenecks in the traffic. After hearing this I
cancelled and they actually returned my money and I decided to just host
my own from my home mail/dns/web everything. It is not a business site
so I do not have a ton of traffic. Obviously you are looking for
something more than this. I do not want to offend anoyne's intelligence
here on the list but if anyone needs clarification on dnsbl (spam
blacklist) let me know.

Anyone who cares and wants to post articles and such for my site or just
want to keep up on techie related stuff feel free to visit
www.digitalrage.org by signing up you can post or write your own news
articles or anything you wish to write about, mostly technical of
course. No popups no spam or anything. I HATE SPAM and SPAMMERS alike.

-Original Message-
From: trammer [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:27 PM
To: [EMAIL PROTECTED]
Subject: Re: Good webhosting company [7:53651]


I use www.readyhosting.com for a couple of my sites for the last 2
years.

Site is fast, lots of features, mail server lags once in a while but
other than that seem pretty decent.

$100/year which isn't bad either.


Check out www.cnet.com for web hosting comparison charts too.


cheers


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I know its off topic but hopefully someone on this list could help. 
> I'm looking to host 5-10 sites with someone. My problem is that 
> webhsoting companies go bankrupt overnite lately. Even the decent size

> ones, XO for example. Does anyone know of a decent
one
> that will be in business longer than a year?
> All I need are the basics, FTP access, CGI and Perl5, web statistics 
> and a couple POP3 boxes and don't want to pay more than $15 month.
>
> Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53665&t=53651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Certificatiom [7:53666]

[Han Chuan Alex Ang]

hi, everyone , is there any way to verify if it is true if a person claimed
he has a CCNP or CCIE certification ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53666&t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP exam [7:53668]

[Han Chuan Alex Ang]

hi, I am currently preparing for my CCNP module , however , the course that
I took which is Building Cisco Multilayer Switched Networks (BCMSN) was
quote as 640-504 and the exam I am taking now is
640-604, can any body tell me if there is any significant different between
the two. thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53668&t=53668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Steve Boer]

1e2w's would be for use in 3600 series routers, and are NOT compatible in
2600's. They include 1 ethernet port and 2 wic slots. In these WIC slots,
you can use any of the wics that are out there (wic-1t wic-1dsu-t1 wic-1b,
etc etc), but are blank until populated with modules.

hope this helps


(check out http://www.cisco.com/go/module/ to see the different modules for
the different technologies)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of L
Sent: Thursday, September 19, 2002 9:09 PM
To: [EMAIL PROTECTED]
Subject: Please help!!! [7:53664]


Hello,

I oftern see on selling posts that some routers comes with 1E2W module.  Is
this referring to the on-borad built in interfaces?? With the 1E2W, would I
need any extra modules (like WIC-1T or WIC-2T) to use the 2W, or can it be
used for connecting serial cables striaght away?

Sorry for my stupid question.

Best Regards,
L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53669&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Vicuna, Mark]

Here is a good starting point to read up on..

http://www.cisco.com/warp/public/107/nm-e2w.shtml

NM-1E2W has an 'onboard' 10BaseT interface..  also, you have 2 WIC
options so you could install a WIC-1T or WIC-2T or a combination of
both..

hth,
Mark.


> -Original Message-
> From: L [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 20 September 2002 11:09
> To: [EMAIL PROTECTED]
> Subject: Please help!!! [7:53664]
> 
> 
> Hello,
> 
> I oftern see on selling posts that some routers comes with 
> 1E2W module.  Is
> this referring to the on-borad built in interfaces?? With the 
> 1E2W, would I
> need any extra modules (like WIC-1T or WIC-2T) to use the 2W, 
> or can it be
> used for connecting serial cables striaght away?
> 
> Sorry for my stupid question.
> 
> Best Regards,
> L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53670&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Certificatiom [7:53666]

[Kaminski, Shawn G]

Yes. The Cisco website has a section that allows you to check CCIE status.
You need the person's name and their CCIE # to verify it.  As for the CCNP,
I haven't heard of anything to check this status.

Shawn K.

> -Original Message-
> From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 9:41 PM
> To:   [EMAIL PROTECTED]
> Subject:  Certificatiom [7:53666]
> 
> hi, everyone , is there any way to verify if it is true if a person
> claimed
> he has a CCNP or CCIE certification ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53671&t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Exec Shell + Console [7:53661]

[nettable_walker]

9/19/2002   9:40pm  Thursday

You could just tell your LAN admins not to change anything on the switches.


""Newell Ryan D SrA 18 CS/SCBT""  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Evening group,
>
> What I have a TACACS server and the setup we are trying to achieve goes as
> follows:
> I want the LAN admins to have minimal control on there switches in there
> area. We have
> accomplished that one the vty ports. Here is the config:
>
> Server
> user=test
> password=test12
> service-shell
> set priv-level=15
> service=shell
> default cmd=(permit/deny)And the commands we want are here.
> prohibit cmd=x
> cmd=y{
>
> Switch
>
> aaa new-model
> aaa authentication login telnet group tacacs+ line none
> aaa authorization exec privilege group tacacs+ none
> aaa authorization commands 15 cmd group tacacs+ none
> line con 0
>  exec-timeout 5 0
>  password 7 x
>  authorization commands 15 cmd
>  authorization exec privilege
>  login authentication telnet
>  transport input telnet
>  stopbits 1
> line vty 0 4
>  exec-timeout 5 0
>  authorization commands 15 cmd
>  authorization exec privilege
>  login authentication telnet
>  transport input telnet
>
> It works great for vty but not for console. I read somewhere about a
hidden
> authorization command for console but it is not working. Here is a debug.
> xxx#debug aaa authorization
> *Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
> *Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0
> port=0 channel=0
> *Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
> *Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
> *Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
> Failed attempts for console
> *Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
> *Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0
adapter=0
> port=2 channel=0
> *Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
> port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
> list='privilege' service=EXEC
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list
"privilege"
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
> (tacacs+)
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
> *Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
> PASS_ADD
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
> Passed attempts for console
> I think my understanding of exec shell is what's hurting me. Any comments
or
> advice would be greatly appreciated.
>
>
>
>
>
>
> Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53672&t=53661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Mark W. Odette II]

The 1E2W Module refers to a NM-1E2W Slot module that fits into the
2600/3600 series routers... and it has an 10BaseT port integrated.  The
2W refers to the fact that you could put 2 WICs (WAN Interface Cards)
into it, and if I'm not mistaken, you could put 2 WIC-2Ts into that
NM-1E2W Module.

It will not have the WICs already installed, unless specified by the
seller of the module.

... Never a stupid question... we all start somewhere. :)

Regards,
Mark

-Original Message-
From: L [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:09 PM
To: [EMAIL PROTECTED]
Subject: Please help!!! [7:53664]

Hello,

I oftern see on selling posts that some routers comes with 1E2W module.
Is
this referring to the on-borad built in interfaces?? With the 1E2W,
would I
need any extra modules (like WIC-1T or WIC-2T) to use the 2W, or can it
be
used for connecting serial cables striaght away?

Sorry for my stupid question.

Best Regards,
L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53673&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Good webhosting company [7:53651]

[Wow]

AT&T

http://www.business.att.com/products/productdetails.jsp?productId=ehs


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I know its off topic but hopefully someone on this list could help.
> I'm looking to host 5-10 sites with someone. My problem is that webhsoting
> companies go bankrupt overnite lately.
> Even the decent size ones, XO for example. Does anyone know of a decent
one
> that will be in business longer than a year?
> All I need are the basics, FTP access, CGI and Perl5, web statistics and a
> couple POP3 boxes and don't want to pay more than $15 month.
>
> Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53674&t=53651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Serials and Theft [7:53574]

[John Wright]

hey guys, thanks for all the great replies.

I called cisco a couple days ago, the woman I talked to was clueless.

The only info she said she could reveal if given a serial # is if the
warranty is still valid. She couldn't reveal the original purchasers for
confidentiality reasons. When I asked if there was any DB of stolen
equipment serials, she said no. so it seems that short of large scale theft
investigations by the police, the serials hold little value as a VIN does to
a car. They only work for warranty info apparently.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53667&t=53574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed CCIP [7:53549]

[Link Teo]

Thanks for your valuable advice!

Did you use MPLS and VPN Architecture (CCIP Edition) by Cisco press to
prepare for your MPLS exam?? If the answer is YES, Do you think the material
of this book is related to the actual exam?

Thanks.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53675&t=53549
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Ian Henderson]

On Fri, 20 Sep 2002, Steve Boer wrote:

> 1e2w's would be for use in 3600 series routers, and are NOT compatible in
> 2600's. They include 1 ethernet port and 2 wic slots. In these WIC slots,
> you can use any of the wics that are out there (wic-1t wic-1dsu-t1 wic-1b,
> etc etc), but are blank until populated with modules.

Note that not all WICs work in the older NM's. For example, to use a
WIC-1ADSL in an NM, it must be a model that has a FastEthernet port (newer
revision, provides the voltage the aDSL card needs).

Rgds,




- I.

--
Ian Henderson CCNA, CCNP
Senior Network Engineer, Chime Communications




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53676&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ftp access... [7:53677]

[Wesley J]

I'm trying to provide access from the internet through a router to an ftp
server on a private network... this is part of the config I have so far:

ip nat inside source static tcp 192.168.6.2 21 interface Ethernet0 21

Ethernet0 has the global address and 192.168.6.2 is the ftp server on the
private side. I also have the following;

ip nat inside source list 5 pool global overload
! Tells which addresses to "nat" using pool named "global" for outbound
connections
 
Am I creating problems having 2 'ip nat' statments? Do I need to apply
access lists as well? I need some help, TIA...



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53677&t=53677
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT 3550 : IPX and AT support? [7:53642]

[Erick B.]

YOu need to bridge IPX and AT. They call it fallback
bridging but it's configured the same as regular
bridging was...

--- Robert Edmonds 
wrote:
> Diego,
> I don't think the 3550 supports IPX at all.  I have
> checked Cisco's web
> site, plus I have a 3550-12G on my network and I
> can't find any IPX
> commands.
> ""Diego Rissone""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does anybody know if the ios of the 3550's 
> supports or will support ipx ?
> > and at?
> >
> > thanks
> >
> > Diego Rissone
> > CCIP,CCDP,CCNP,MSCE+I
> >
> > TECHINT GROUP -ARGENTINA
[EMAIL PROTECTED]


=
"Those who are willing to trade freedom for security deserve neither freedom
nor security." -- Benjamin Franklin

__
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53678&t=53642
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Mark W. Odette II]

As Steve pointed out, I had a brain-fart.  The NM-1E2W does not work
with the 2600 series.

You can, however, get a NM-1E, or an NM-4E 10BaseT module for the 2600,
and then use its (the 2600) other WIC slots above the built-in
Ethernet/FastEthernet interfaces for WAN connectivity.

My apologies for my misinformation.

Mark

-Original Message-
From: L [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:09 PM
To: [EMAIL PROTECTED]
Subject: Please help!!! [7:53664]

Hello,

I oftern see on selling posts that some routers comes with 1E2W module.
Is
this referring to the on-borad built in interfaces?? With the 1E2W,
would I
need any extra modules (like WIC-1T or WIC-2T) to use the 2W, or can it
be
used for connecting serial cables striaght away?

Sorry for my stupid question.

Best Regards,
L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53679&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help!!! [7:53664]

[Steve Boer]

one last thing to note, is that mixed mode nm's (ie: have both wan and lan
capabilities) are NOT supported on the 2600's

-Original Message-
From: Ian Henderson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:18 PM
To: Steve Boer
Cc: [EMAIL PROTECTED]
Subject: RE: Please help!!! [7:53664]


On Fri, 20 Sep 2002, Steve Boer wrote:

> 1e2w's would be for use in 3600 series routers, and are NOT compatible in
> 2600's. They include 1 ethernet port and 2 wic slots. In these WIC slots,
> you can use any of the wics that are out there (wic-1t wic-1dsu-t1 wic-1b,
> etc etc), but are blank until populated with modules.

Note that not all WICs work in the older NM's. For example, to use a
WIC-1ADSL in an NM, it must be a model that has a FastEthernet port (newer
revision, provides the voltage the aDSL card needs).

Rgds,




- I.

--
Ian Henderson CCNA, CCNP
Senior Network Engineer, Chime Communications




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53680&t=53664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Windows and Net Behavior Tracking [7:53620]

[Erick B.]

Not that I know of. The timestamp of the file but it
might not be accurate. You could set up a proxy on
your PC that logs HTTP traffic I guess. You could also
sniff HTTP, etc all the time... be really out of
control but...

It seems like internet access is becoming more like a
police/big-brother thing. Extra applications on PCs
chewing up resources, people watching people and the
watchers don't know what the people do. Result is
employees are less productive because they are
constantly in fear of doing something that will raise
flags, etc when they are actually doing productive
work and busting their butt for the company. 

--- John Neiberger 
wrote:
> I now, that's a bizarre subject line.  I couldn't
> think of a better one
> this early in the morning.  :-)  Here are the
> details...
> 
> Let's say I went to a website and downloaded a
> specific file, then I
> subsequently cleared my cache.  Once that is done,
> is there any way to
> reasonably prove where I got that file?  If I'm
> claiming to have gotten
> that file from a particular site at a particular
> time, is there some
> other record on the computer that might still be
> intact that would show
> where and when I got it?
> 
> Assume this is IE on Windows XP.
> 
> Thanks,
> John
[EMAIL PROTECTED]


__
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53681&t=53620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

interface vlan 1 --> no shut [7:53682]

[John Brandis]

HI All,
 
Got a strange problem on a 3524xl switch.
 
Problem: Need to create 2 VLANS . I  issue the statements 
 
interface vlan 1
ip address 10.64.18.250 255.255.255.0
no shut
 
interface vlan 2
ip address 10.64.19.25 255.255.255.0
no shut
 
However, when I run "sh ip interfaces" ,  I see that only interface vlan 1
is up. I go into int vlan 1 and issue a shutdown, then I notice that VLAN 2
interface comes up...
 
Can any one help with this please, or is this just how it works ?
 

John Brandis
Network & Security Engineer  
[EMAIL PROTECTED] Phone: +61 2 9278 0629 Helpdesk: +61 2 9278 0486 


Level 20, THH
456 Kent St, Sydney
 
 
 


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53682&t=53682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exam [7:53668]

[Kaminski, Shawn G]

You'll be OK. The old 640-504 exam and the new 640-604 exam cover the same
topics. The only difference that I know of is that new, more difficult,
questions were written for the new 640-604 exam. Same topics, just more
difficult questions. Just make sure you know the material.

Shawn K.

> -Original Message-
> From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 19, 2002 10:02 PM
> To:   [EMAIL PROTECTED]
> Subject:  CCNP exam [7:53668]
> 
> hi, I am currently preparing for my CCNP module , however , the course
> that
> I took which is Building Cisco Multilayer Switched Networks (BCMSN) was
> quote as 640-504 and the exam I am taking now is
> 640-604, can any body tell me if there is any significant different
> between
> the two. thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53683&t=53668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Exec Shell + Console [7:53661]

[Newell Ryan D SrA 18 CS/SCBT]

That would be nice but we have over 400 switches any several LAN admins who
could t'shoot hubs
but know they need minimal configuration control for t'shooting.

-Original Message-
From: nettable_walker [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Exec Shell + Console [7:53661]


9/19/2002   9:40pm  Thursday

You could just tell your LAN admins not to change anything on the switches.


""Newell Ryan D SrA 18 CS/SCBT""  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Evening group,
>
> What I have a TACACS server and the setup we are trying to achieve goes as
> follows:
> I want the LAN admins to have minimal control on there switches in there
> area. We have
> accomplished that one the vty ports. Here is the config:
>
> Server
> user=test
> password=test12
> service-shell
> set priv-level=15
> service=shell
> default cmd=(permit/deny)And the commands we want are here.
> prohibit cmd=x
> cmd=y{
>
> Switch
>
> aaa new-model
> aaa authentication login telnet group tacacs+ line none
> aaa authorization exec privilege group tacacs+ none
> aaa authorization commands 15 cmd group tacacs+ none
> line con 0
>  exec-timeout 5 0
>  password 7 x
>  authorization commands 15 cmd
>  authorization exec privilege
>  login authentication telnet
>  transport input telnet
>  stopbits 1
> line vty 0 4
>  exec-timeout 5 0
>  authorization commands 15 cmd
>  authorization exec privilege
>  login authentication telnet
>  transport input telnet
>
> It works great for vty but not for console. I read somewhere about a
hidden
> authorization command for console but it is not working. Here is a debug.
> xxx#debug aaa authorization
> *Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
> *Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0
> port=0 channel=0
> *Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
> *Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
> *Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
> port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
> Failed attempts for console
> *Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
> *Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0
adapter=0
> port=2 channel=0
> *Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
> port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
> list='privilege' service=EXEC
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list
"privilege"
> *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
> (tacacs+)
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
> *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
> *Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
> PASS_ADD
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
> *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
> Passed attempts for console
> I think my understanding of exec shell is what's hurting me. Any comments
or
> advice would be greatly appreciated.
>
>
>
>
>
>
> Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53684&t=53661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed CCIP [7:53549]

[Larkin, Richard]

I used the book you are referring too and have failed twice. I have now gone
out and bought the Sybex MPLS book and will have another go once my collegue
has finished with it. The answer is definitely no - the book is not enough -
it only takes a handful of questions to get wrong and you're a goner!

Richard Larkin


-Original Message-
From: Link Teo [mailto:[EMAIL PROTECTED]] 
Sent: Friday, 20 September 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed CCIP [7:53549]


Thanks for your valuable advice!

Did you use MPLS and VPN Architecture (CCIP Edition) by Cisco press to
prepare for your MPLS exam?? If the answer is YES, Do you think the material
of this book is related to the actual exam?

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53685&t=53549
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: interface vlan 1 --> no shut [7:53682]

[Erick B.]

Hi John,

The VLAN Interfaces on the 3500/2900 XL series are
management VLANs only and there can only be one up at
a time. 

--- John Brandis  wrote:
> HI All,
>  
> Got a strange problem on a 3524xl switch.
>  
> Problem: Need to create 2 VLANS . I  issue the
> statements 
>  
> interface vlan 1
> ip address 10.64.18.250 255.255.255.0
> no shut
>  
> interface vlan 2
> ip address 10.64.19.25 255.255.255.0
> no shut
>  
> However, when I run "sh ip interfaces" ,  I see that
> only interface vlan 1
> is up. I go into int vlan 1 and issue a shutdown,
> then I notice that VLAN 2
> interface comes up...
>  
> Can any one help with this please, or is this just
> how it works ?
> 
> Level 20, THH
> 456 Kent St, Sydney
>  
>  
>  
> 
> 
>
**
> 
> visit http://www.solution6.com
> 
> UK Customers - http://www.solution6.co.uk
> 
>
*
> This email message (and attachments) may contain
> information that is
> confidential to Solution 6. If you are not the
> intended recipient you cannot
> use, distribute or copy the message or attachments. 
> In such a case, please
> notify the sender by return email immediately and
> erase all copies of the
> message and attachments.  Opinions, conclusions and
> other information in
> this message and attachments that do not relate to
> the official business of
> Solution 6 are neither given nor endorsed by it.
>
*
[EMAIL PROTECTED]


__
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53686&t=53682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: interface vlan 1 --> no shut [7:53682]

[Roberts, Larry]

Only the management interface on a 35xx ( or 29xx ) can be active.
Remember this switch doesn't have true layer 3 capabilities, it just has a
layer 3 address for management purposes.
To switch management interfaces, which is the switch's active vlan , go into
the VLAN and type Management.


Thanks

Larry
 

-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 10:58 PM
To: [EMAIL PROTECTED]
Subject: interface vlan 1 --> no shut [7:53682]


HI All,
 
Got a strange problem on a 3524xl switch.
 
Problem: Need to create 2 VLANS . I  issue the statements 
 
interface vlan 1
ip address 10.64.18.250 255.255.255.0
no shut
 
interface vlan 2
ip address 10.64.19.25 255.255.255.0
no shut
 
However, when I run "sh ip interfaces" ,  I see that only interface vlan 1
is up. I go into int vlan 1 and issue a shutdown, then I notice that VLAN 2
interface comes up...
 
Can any one help with this please, or is this just how it works ?
 

John Brandis
Network & Security Engineer  
[EMAIL PROTECTED] Phone: +61 2 9278 0629 Helpdesk: +61 2 9278 0486 


Level 20, THH
456 Kent St, Sydney
 
 
 


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53687&t=53682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed CCIP [7:53549]

[Link Teo]

Since the MPLS and VPN Architecture book is not good, which book do you
think is good for this MPLS exam? How about Advanced MPLS Design and
Implementation by Cisco Press??

Thanks.





Larkin, Richard wrote:
> 
> I used the book you are referring too and have failed twice. I
> have now gone
> out and bought the Sybex MPLS book and will have another go
> once my collegue
> has finished with it. The answer is definitely no - the book is
> not enough -
> it only takes a handful of questions to get wrong and you're a
> goner!
> 
> Richard Larkin





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53688&t=53549
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: interface vlan 1 --> no shut [7:53682]

[Tom Lisa]

If the 3524 is like the 2950 then you just assign the interfaces to the
VLAN's directly.

For example:
Sw(config)# int fa0/5
Sw(config-if)# switchport access vlan 10
Sw(config-if)#int fa0/6
Sw(config-if)# switchport access vlan 10
and so on.

You don't create the vlans separately.
BTW, when you created the vlan separately,
did you find yourself in sub-int mode?
You were actually creating another mgt vlan
and only one can function at a time.

HTH,
Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy
 

John Brandis wrote:

  HI All,

  Got a strange problem on a 3524xl switch.

  Problem: Need to create 2 VLANS . I  issue the statements

  interface vlan 1
  ip address 10.64.18.250 255.255.255.0
  no shut

  interface vlan 2
  ip address 10.64.19.25 255.255.255.0
  no shut

  However, when I run "sh ip interfaces" ,  I see that only interface
  vlan 1
  is up. I go into int vlan 1 and issue a shutdown, then I notice that
  VLAN 2
  interface comes up...

  Can any one help with this please, or is this just how it works ?

  
  John Brandis
  Network & Security Engineer
  [EMAIL PROTECTED] Phone: +61 2 9278 0629 Helpdesk: +61 2
  9278 0486
   

  Level 20, THH
  456 Kent St, Sydney
   
   
   

  **

  visit http://www.solution6.com

  UK Customers - http://www.solution6.co.uk

  *
  This email message (and attachments) may contain information that is
  confidential to Solution 6. If you are not the intended recipient you
  cannot
  use, distribute or copy the message or attachments.  In such a case,
  please
  notify the sender by return email immediately and erase all copies of
  the
  message and attachments.  Opinions, conclusions and other information
  in
  this message and attachments that do not relate to the official
  business of
  Solution 6 are neither given nor endorsed by it.
  *
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53689&t=53682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can't map before ping first? [7:53599]

[Vance Krier]

> "What configuration problem on a host computer can disallow a router from
> maintaining its entry in an arp cache - even though the host is active?"
***Strange problem.  Two things come to mind.  Duplicate IP of the router on
the 100.100.100.x network.  The server is arping for the router and gets a
response from the duplicate, therefore has the wrong arp entry and won't be
able to initiate traffic for remote networks.  When the ping goes across,
the router arps the server, causing the server to update its arp cache with
the correct entry, and now it can work properly.  I doubt that's the case
becuase the 'net use' statements shouldn't have done anything different then
the ping from that perspective.

 Secondly, I saw a really strange problem with a wireless bridge (breezecom)
one time.  Layout was print server ---6509(L3)bridgejetdirect.   For
some reason, the bridge would lose the arp entry (or something) and stop
forwarding requests to the jetdirect if it was inactive for more than about
10-15 minutes.  Since the MSFC was caching the arp entries for 4 hours, it
didn't arp the jetdirect 30 minutes later when a print job came through.
You could not ping the jetdirect from the msfc.  But, if you dropped a
machine on the other side of the bridge (from the jetdirect) but inside the
msfc, you could ping it (because it initiated an arp) and then everything
else would start working since the bridge was 'woke' back up.  I sniffed the
connections and when we pinged it from the msfc, I could see the icmp echo
go into the bridge, it just never came out the other side...until a fresh
arp.  I never did resolve the underlying problem, just lowered the msfc arp
cache aging time to 10 minutes.

Weird stuff.

Good luck,
Vance




""Daniel Cotts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> When pinging to a device for the first time the first ping times out while
> the last network device (router) arps for the hardware address of the host
> (server). (I'm assuming that the server is at a remote location from you.)
> The router should then maintain the ip to MAC translation in its arp table
> for a specified time. The arp table timeout (due to inactivity) on Cisco
> routers is four hours. I think that we can assume that the server is busy
> enough that it should maintain its entry in the routers arp cache. The
> router seems ok because it works fine with other servers - hopefully on
the
> same subnet. That points to the server. I believe that you posted this
> question the other day and indicated then that the problem had just
started
> happening. The question then is "Who messed with the server recently?" and
> "What did they do?" What configuration problem on a host computer can
> disallow a router from maintaining its entry in an arp cache - even though
> the host is active? I can't state a definitive answer for that -- but I'd
> sure want to check the subnet mask and default gateway values on that
> server.
> Please post your solution to the list.
>
> > -Original Message-
> > From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, September 19, 2002 12:46 AM
> > To: [EMAIL PROTECTED]
> > Subject: can't map before ping first? [7:53599]
> >
> >
> > I have a server which always has problem mapping to other PC
> > across the WAN
> > (other branch network).  But it works after I ping to
> > overseas PC (as shown
> > below).  Do you know what might be the problem.  My other
> > server don't have
> > this problem and it is still the same after I switch it to
> > another switch
> > port.
> >
> >
> >
> > C:\>net use * \\w2k01\c$
> >
> > System error 53 has occurred.
> >
> >
> >
> > The network path was not found.
> >
> >
> >
> >
> >
> > C:\>net use * \\100.100.100.19\c$
> >
> > System error 53 has occurred.
> >
> >
> >
> > The network path was not found.
> >
> >
> >
> >
> >
> > C:\>ping w2k01
> >
> >
> >
> > Pinging w2k01 [100.100.100.19] with 32 bytes of data:
> >
> >
> >
> > Request timed out.
> >
> > Reply from 100.100.100.19: bytes=32 time=109ms TTL=124
> >
> > Reply from 100.100.100.19: bytes=32 time=110ms TTL=124
> >
> > Reply from 100.100.100.19: bytes=32 time=110ms TTL=124
> >
> >
> >
> > C:\>net use * \\100.100.100.19\c$
> >
> > Drive G: is now connected to \\100.100.100.19\c$.
> >
> >
> >
> > The command completed successfully.
> >
> >
> > ==
> > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> > de afzender direct te informeren door het bericht te retourneren.
> > ==
> > The information contained in this message may be confidential
> > and is intended to be exclusively for the addressee. Should you
> > receive this message unintentionally, please do not use the contents
> > her

how to log the AS2509-RJ's dial in user name [7:53691]

[Sim, CT (Chee Tong)]

Hi..  I have set up the access server AS2509-RJ for remote dial in and I had
configured username for authentication (as shown below).  But the logging
only show the access server had been accessed but not showing who had
accessed it.  What command should I use to turn it on?  

 

cisco AS2509-RJ (68030) processor (revision K) with 6144K/2048K bytes of
memory.

Processor board ID 20478542, with hardware revision 

!

username tong password 7 

username keong password 7 XXX

username kong password 7 X

 

29w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state
to up

29w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state
to down

29w4d: %LINK-5-CHANGED: Interface Async1, changed state to reset

29w4d: %LINK-3-UPDOWN: Interface Async1, changed state to down

29w4d: %LINK-3-UPDOWN: Interface Async1, changed state to up

29w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state
to up

29w4d: %LINK-5-CHANGED: Interface Async1, changed state to reset

29w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state
to do

 

 


==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53691&t=53691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

difference btw sh process and sh memory?? [7:53693]

[Kenny Smith]

Hi.. May I know what is difference between sh process and sh memory? My 
vendor told me my router is short of memory due to high usage.  Then I tried 
to use sh memory and sh process to check it.  Which one is correct.  Why sh 
memory show that memory usage is quite high but sh process show that the CPU 
utilization is so low 0%-1%.  What will make the CPU utilisation high?

RT02#sh memory
HeadTotal(b) Used(b) Free(b)   Lowest(b)  
Largest(b)
Processor   808772E8 3706136 2806352  899784  843040  
867348
  I/O C0 4194304 1803224 2391080 2371084 
2375868

JKT02#sh process
CPU utilization for five seconds: 1%/0%; one minute: 0%; five minutes: 0%
PID QTy   PC Runtime (ms)Invoked   uSecsStacks TTY Process
   1 Csp 8013F3140   3365   0 2644/3000   0 Load Meter
   2 ME  804079B0  936   4291 218 8296/9000   0 OSPF Hello
   3 Lst 80128A6C14864   22826513 5756/6000   0 Check heaps

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53693&t=53693
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

USB Console.... ??? [7:53694]

[Amnuay Mekchompu]

Hi all,
 
Anyone have an idea for USB Console??? As you know a new
model of Notebook PC already cut Serial Interface out. What are we going
to do without Serial? Anyone have an idea? Or Cisco will put a new USB
console port on there Equipments? (^-^) Wanna get yours idea..
 
Cheers
 
Amnuay Mekchompu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53694&t=53694
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]