OT: CSCO stock [7:54957]

[Eric R]

Just curious if anyone else noticed that Cisco is below $10 and Lucent is a
now penny stock!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54957&t=54957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE: Cisco 3550 [7:54958]

[John Tafasi]

Do you guys no when the Catalyst 3550 will replace the 5000 series switches
in the lab exam?

Do you any online lab that gives good scenarios related to this new switch?

Thanks
Omer Shommo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54958&t=54958
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: CSCO stock [7:54957]

[Erick B.]

As well as plenty of other stocks... 

--- Eric R  wrote:
> Just curious if anyone else noticed that Cisco is
> below $10 and Lucent is a
> now penny stock!


__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54959&t=54957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst ATM blade to Marconi ASX-200WG [7:54948]

[Nigel Taylor]

nettable_walker,
   here's a link that should shed some light on what
you're trying to accomplish.

http://www.cisco.com/en/US/tech/tk39/tk42/technologies_configuration_example
09186a0080093d65.shtml
watch the line wrap...

Since you have a Dual-PHY LANE module, you should identify the MAC address
of ports(A/B) for the various LANE elements on your Cat5k.  The command
"show lane default" should get you this information.  All you need from the
output is the last 7 bytes
which should be the devices MAC address and byte selector)  This can be done
by simply connecting to each port on the LANE module while they're
active(issue the command "preferred phy a/b", while connected to the LANE
module).  Once you have this information you should be able to follow the
link in constructing the LANE(LECS) database as well as the sub-interfaces
and vlan to ELAN bindings...

A really good book on the topic called - Cisco ATM Solutions,  authored by
Galina Diker Pildush, ISBN 1578702135.

HTH

Nigel




- Original Message -
From: "nettable_walker" 
To: 
Sent: Saturday, October 05, 2002 10:45 PM
Subject: Catalyst ATM blade to Marconi ASX-200WG [7:54948]


> 10/5/2002   9:50pm  Saturday
>
>
> I would like to connect the ATM blade on my Catalyst 5505 to a
Marconi/FORE
> ASX-200WG
>
> Can anyone guide me thru setting it up ?
>
>
>
>
>
>
>
> RLP_5505 (enable) sho module
> Mod Slot Ports Module-Type   Model   Sub Status
> ---  - - --- --- 
> 1   12 1000BaseX Supervisor IIIG WS-X5550no  ok
> 2   22 MM OC-3 Dual-Phy ATM  WS-X5158no  ok
> 3   32410/100BaseTX Ethernet WS-X5224no  ok
> 4   42410/100BaseTX Ethernet WS-X5224no  ok
> 5   52410/100BaseTX Ethernet WS-X5224no  ok
>
> Mod MAC-Address(es)Hw Fw Sw
> --- -- -- -- -
--
> --
> 1   00-90-bf-23-ac-00 to 00-90-bf-23-af-ff 1.25.1(1) 6.3(9)
> 2   00-10-7b-42-b3-d6  2.11.3
12.0(22)W5(25)
> 3   00-10-7b-49-07-20 to 00-10-7b-49-07-37 1.43.1(1) 6.3(9)
> 4   00-10-7b-94-fb-30 to 00-10-7b-94-fb-47 1.43.1(1) 6.3(9)
> 5   00-10-7b-94-fc-20 to 00-10-7b-94-fc-37 1.43.1(1) 6.3(9)
> RLP_5505 (enable)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54960&t=54948
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Nanog Post: redistribute bgp considered harmful [7:54961]

[Nigel Taylor]

All,
   This was a recent post on the Nanog list which I thought could get
some interest on the list.  Basically, the poster is questioning the
relevance or real world requirements/need for certain commands, in this case
it's the "redistribute bgp" command.

Here's the original post...

Sean Donelan wrote:

 Should the Service Provider version of routing software include the
  redistribute bgp command?  Other than CCIE labs, I haven't seen a
  real-world use for redistributing the BGP route table into any IGP.

  If the command was removed (or included a Are your sure? question) what
  would the affect be on ISPs, other than improving reliability by
  stopping network engineers from fubaring a backbone?


Thoughts!

Nigel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54961&t=54961
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

[irfan siddiqui]

By default a port can learn 132 mac addresses on most switches. This can be 
restricted by the "Port Secure Max-mac-count (1-132)" command. If this is 
set to 1 it will not accept any additional Macs on the port.


>From: "JohnZ" 
>Reply-To: "JohnZ" 
>To: [EMAIL PROTECTED]
>Subject: Re: How to restrict hubs in a LAN [7:54937]
>Date: Sun, 6 Oct 2002 06:52:05 GMT
>
>Well, when I wrote the orginal post I knew I will have these questions.
>Basically the first layer of support or help desk if you will have more PCs
>then the drops in their cubes. This is an old building not meant for an IS
>staff so there is some frustration on their part. I am not going to 
>question
>if there is a legit need for folks to have 5 PCs when there is infact a
>seperate staging area to set up and test pcs for users. Any ways they know
>enough to be dangerous and there is no standard on hubs and I have seen
>where folks have created loops. Now with Windows XP I have seen some 
>configs
>where 2 nics have been bridged via software I am not sure with what intent.
>Although it's been made clear many times not to use hubs but this is never
>enforced and I did not want to spend my time daily trying to hunt down the
>lawless. So that's when I thought if I could config the switch this will
>discourage the hub usage or bridging within pcs. I hope that answers most 
>of
>the questions here.
>""David j""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > See inline..
> > Chuck's Long Road wrote:
> > >
> > > as much of a rulemeister as I am, I still have to look at this
> > > from the user
> > > standpoint. Why are users throwing their own hubs onto the
> > > network? Is there
> > > a business case to be made? Is facilities too slow getting
> > > requested cable
> > > pulls done?
> > >
> > > what is the concern with a user plugging a hub in at the desk
> > > and then
> > > connected a couple of extra PC's? if the problem is one of dual
> > > homing by
> > > accident or otherwise, I can see the issue with spanning tree
> > > recalculations. But in a single home situation,  what do you
> > > see as the
> > > issues?
> > >
> >
> > I see one issue: collisions, if you have a switched network you don't 
>want
> > to deal with collisions that hubs normally produce. I have to recognize,
> > though, that hubs sometimes are very convenient and I'm the first on 
>using
> > them.
> >
> > > when you say that "politically, it's a mess" what does that
> > > mean? high
> > > powered sales people throwing their weight around? management
> > > does not
> > > respect your input or concerns? something bad is happening, and
> > > it's rolling
> > > downhill?
> > >
> > In some environments it's politically unacceptable, I know some 
>hospitals
>in
> > which you have to fill in a lot papers before being allowed to use a PC,
>so
> > in that environments this could perfectly be part of the policy.
> >
> > > I'm not questioning the wisdom or the necessity for doing what
> > > others have
> > > suggested. I'm just wondering why it is necessary for the
> > > network manager /
> > > network staff to unilaterally cut off user access.
> > >
> > >
> > >
> > >
> > > ""John Zaggat""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Thanks guys that's pretty good information, but do you think
> > > in your
> > > opinion
> > > > is that good approach to deal with this problem. Do you see
> > > any caveats
> > > and
> > > > are there any other ways this can be dealt with.
> > > > ""Kevin Wigle""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > take a look into Port Security.
> > > > >
> > > > >
> > > >
> > >
> >
>http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration
> > > > > _guide_chapter09186a008007f2dd.html
> > > > >
> > > > > In the event of a security violation, you can configure the
> > > port to go
> > > > into
> > > > > shutdown mode or restrictive mode. The shutdown mode option
> > > allows you
> > > to
> > > > > specify whether the port is permanently disabled or
> > > disabled for only a
> > > > > specified time. The default is for the port to shut down
> > > permanently.
> > > The
> > > > > restrictive mode allows you to configure the port to remain
> > > enabled
> > > during
> > > > a
> > > > > security violation and drop only packets that are coming in
> > > from
> > > insecure
> > > > > hosts.
> > > > >
> > > > > Kevin Wigle
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > From: "John Zaggat"
> > > > > To:
> > > > > Sent: Saturday, October 05, 2002 5:01 PM
> > > > > Subject: How to restrict hubs in a LAN [7:54937]
> > > > >
> > > > >
> > > > > > I am just trying to think of how to restrict Hubs from
> > > being used in
> > > the
> > > > > > LAN. Politically it's a mess and despite a lot of
> > > discussions certain
> > > > > people
> > > > > > are able to add hubs at will where ever they want. So I
> > > was trying to
> > > > > think
> > > > > > 

Cisco Voice Exams. [7:54963]

[[EMAIL PROTECTED]]

Dear all,

Kindly suggest me the books need to get voice certified with cisco for self
study.


Thanks,
Murali




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54963&t=54963
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: LightStream 100 atm switch [7:54953]

[Chuck's Long Road]

""John Tafasi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a LightStream atm switch is it enough for practicing for the CCIE
lab
>

CL: according to the blueprint on CCO, in the Lab you will not be tested on
configuring the ATM switch.

CL: one would hope uoi have a couple of routers with ATM interfaces so you
can practice the things you might see in the Lab.

http://www.cisco.com/warp/public/625/ccie/certifications/ATM_FAQs.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54964&t=54953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3550 [7:54958]

[Chuck's Long Road]

as always, the first place to check is CCO

http://www.cisco.com/en/US/learning/le3/le2/le23/le7/learning_certification_
type_home.html#4
watch the wrap

all your questions are answered there

--

www.chuckslongroad.info
like my web site?
take the survey!



""John Tafasi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Do you guys no when the Catalyst 3550 will replace the 5000 series
switches
> in the lab exam?
>
> Do you any online lab that gives good scenarios related to this new
switch?
>
> Thanks
> Omer Shommo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54965&t=54958
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off topic - Cisco's jazzy web site [7:54966]

[Chuck's Long Road]

Apparently the elves were busy last night. CCO has a new look.

www.cisco.com



--

www.chuckslongroad.info
like my web site?
take the survey!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54966&t=54966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: CSCO stock [7:54957]

[Chuck's Long Road]

yes the whole tech industry is suffering. why? maybe because the prices of
early 2000 were way too high?


Cisco at it's high was trading at somewhere around 200 times earnings. Today
it is trading at 37 times earnings. That is still pretty high, given that
historically a solid reliable company might be expected to trade at 20 times
earnings.

Some of this is based on comparative yields for treasuries. One year
treasuries are yielding 1.72%. Cisco doesn't pay dividends ( it's a growth
stock, you know :-> ) So what are you buying when you buy Cisco stock? The
hope that the stock price will grow.

Add to that the economic slowdown. Cisco's major customers are cutting back.
As are any other equipment manufacturer's customers. There is little
prospect for growth. Reality has hit Cisco, not to mention the economy as a
whole. What - you thought 200 times earnings was normal? You thought 20%
annual growth rates were normal? Not to mention sustainable? The result.
Cisco stock is way down, and to be truthful, there is little reason to think
it ( or the market in general ) will break out of this malaise any time
soon.

As long as the Fed continues in it's present course, and refuses to take
direct action to increase money supply ( and not just lower the discount
rate ) the economy will continue to perform poorly.

As for Cisco - there is a LOT of used Cisco gear on the market. Many
companies, carriers, providers overbought in 2000 and 2001. They don't
really need to buy more. Cisco is fighting hard to convince customers that
they need to upgrade. What has YOUR Cisco sales team been telling you
lately? To trade out your 2924's for 3550-24's? To trade out your 5xxx'x for
65xx's? To replace your PBX with AVVID? Oh and by the way, to buy all new
switched as long as you're at it?

Sorry to be so pessimistic. NRF - got anything to add?



""Erick B.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> As well as plenty of other stocks...
>
> --- Eric R  wrote:
> > Just curious if anyone else noticed that Cisco is
> > below $10 and Lucent is a
> > now penny stock!
>
>
> __
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54967&t=54957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Nanog Post: redistribute bgp considered harmful [7:54961]

[Chuck's Long Road]

my first thought is how you gonna convince Cisco that it's worth their time
and effort to do the work necessary to remove the command? Don't they have
better things to do, like bug fixing? ;->

Chuck


""Nigel Taylor""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> All,
>This was a recent post on the Nanog list which I thought could get
> some interest on the list.  Basically, the poster is questioning the
> relevance or real world requirements/need for certain commands, in this
case
> it's the "redistribute bgp" command.
>
> Here's the original post...
>
> Sean Donelan wrote:
>
>  Should the Service Provider version of routing software include the
>   redistribute bgp command?  Other than CCIE labs, I haven't seen a
>   real-world use for redistributing the BGP route table into any IGP.
>
>   If the command was removed (or included a Are your sure? question) what
>   would the affect be on ISPs, other than improving reliability by
>   stopping network engineers from fubaring a backbone?
>
>
> Thoughts!
>
> Nigel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54968&t=54961
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF dead-interval to hello-interval relation? [7:54969]

[Cisco Nuts]

Hello,

Couple of questions on OSPF hello and dead interval...(that's driving me 
NUTS)  :-)

1. Why does OSPF NOT change the hello-interval when you first configure the 
dead-interval. Ex. I changed the dead-interval to 60 but the hello-interval 
still showed up as 10.

R1-RTD(config-subif)#ip os dead-interval 60

R1-RTD#sh ip os int s0/0.2
Timer intervals configured, Hello 10, Dead 60, Wait 60, Retransmit 10

I was assuming that the hello interval would get bumped to 15 but looks like 
that's not how it works!!

--

2. So I changed the hello interval next to 20 thinking that it would bump 
the dead interval to 80. But lo! behold! It does NOT change it to 80. Why is 
this??

R1-RTD(config-subif)#ip os hello-interval 20

R1-RTD#sh ip os int s0/0.2
Timer intervals configured, Hello 20, Dead 60, Wait 60, Retransmit 10

--

3. Next, I set the hello interval back to it's default of 10 but still the 
dead interval does not get set back to 40. Why??

R1-RTD(config-subif)#ip os hello-interval 10

R1-RTD#sh ip os int s0/0.2
Timer intervals configured, Hello 10, Dead 60, Wait 60, Retransmit 10

--

4. So, I changed the dead interval back to 40 manually.

Next, I changed the hello interval to 20 and this time, OSPF set the dead 
interval to 80.

R1-RTD(config-subif)#ip ospf hello-interval 20

R1-RTD#sh ip os int s0/0.2
Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 10

5. Ok, Finally I set the hello interval to 10 and this time OSPF worked at 
the way is should work.

R1-RTD(config-subif)#ip ospf hello-interval 10

R1-RTD#sh ip os int s0/0.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 10


Anybody have any real good explanations for this or is it just a BUG? OR is 
this the way Cisco OSPF works!!

Running ver.
R1-RTD#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-D-M), Version 12.1(2), RELEASE SOFTWARE (fc1)

Thank you.

Sincerely.




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54969&t=54969
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF dead-interval to hello-interval relation? [7:54969]

[Chuck's Long Road]

well, shiver me timbers, I can duplicate -

I'm using 12.1.5T10  how about you?

This is apparently a new behaviour.

Oh joy, more Cisco "improvements"



--

www.chuckslongroad.info
like my web site?
take the survey!



""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> Couple of questions on OSPF hello and dead interval...(that's driving me
> NUTS)  :-)
>
> 1. Why does OSPF NOT change the hello-interval when you first configure
the
> dead-interval. Ex. I changed the dead-interval to 60 but the
hello-interval
> still showed up as 10.
>
> R1-RTD(config-subif)#ip os dead-interval 60
>
> R1-RTD#sh ip os int s0/0.2
> Timer intervals configured, Hello 10, Dead 60, Wait 60, Retransmit 10
>
> I was assuming that the hello interval would get bumped to 15 but looks
like
> that's not how it works!!
>
> --
>
> 2. So I changed the hello interval next to 20 thinking that it would bump
> the dead interval to 80. But lo! behold! It does NOT change it to 80. Why
is
> this??
>
> R1-RTD(config-subif)#ip os hello-interval 20
>
> R1-RTD#sh ip os int s0/0.2
> Timer intervals configured, Hello 20, Dead 60, Wait 60, Retransmit 10
>
> --
>
> 3. Next, I set the hello interval back to it's default of 10 but still the
> dead interval does not get set back to 40. Why??
>
> R1-RTD(config-subif)#ip os hello-interval 10
>
> R1-RTD#sh ip os int s0/0.2
> Timer intervals configured, Hello 10, Dead 60, Wait 60, Retransmit 10
>
> --
>
> 4. So, I changed the dead interval back to 40 manually.
>
> Next, I changed the hello interval to 20 and this time, OSPF set the dead
> interval to 80.
>
> R1-RTD(config-subif)#ip ospf hello-interval 20
>
> R1-RTD#sh ip os int s0/0.2
> Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 10
>
> 5. Ok, Finally I set the hello interval to 10 and this time OSPF worked at
> the way is should work.
>
> R1-RTD(config-subif)#ip ospf hello-interval 10
>
> R1-RTD#sh ip os int s0/0.2
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 10
>
>
> Anybody have any real good explanations for this or is it just a BUG? OR
is
> this the way Cisco OSPF works!!
>
> Running ver.
> R1-RTD#sh ver
> Cisco Internetwork Operating System Software
> IOS (tm) C2600 Software (C2600-D-M), Version 12.1(2), RELEASE SOFTWARE
(fc1)
>
> Thank you.
>
> Sincerely.
>
>
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54970&t=54969
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Security Specialist 1: To self-study or [7:54767]

[MikeS]

The frankenpix is very doable and easy to set up.. once you have the flash
:)  I have a 501 and a FP in my lab.

Go to www.packetattack.com/tutorials.html and choose frankenpix tutorial

MikeS


""Doug Oh""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Clearly, you cannot do DMZ scenarios, or get a real feel for multiple
> security levels.  Also hot standby is not allowed.  However, that said, it
> is completely compatible with the larger units' IOS, allowing you to use
the
> current version and get hands-on feel for how it differs from the
> conventional IOS (and how it is evolving to minimize those differences,
for
> that matter).  It also supports VPN, the standard gui config tool and
other
> goodies.  It was enough for me.
>
> Another option might be the FrankenPIX, although I have never personally
> attempted that.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54971&t=54767
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Anyone know how to tell the difference? [7:54972]

[Daren Presbitero]

Group Studiers,

Anyone know how to tell the difference between a 1720 and 1721
router?  Will it show up on a "show ver" that it is a 1721 vice 1720?
Is there something different as far as visually?

Thanks in advance,
Daren




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54972&t=54972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off topic - Cisco's jazzy web site [7:54966]

[Nigel Taylor]

Hey Chuck,
Yep, I noticed this as well.  The greatest addition to
the new site is the button/link(image) that read "Go to the old Site".
After mastering where all the information is on CCO, it's going to take
sometime to fimilarize myself with the new layout..

Nigel

- Original Message -
From: "Chuck's Long Road" 
To: 
Sent: Sunday, October 06, 2002 10:46 AM
Subject: Off topic - Cisco's jazzy web site [7:54966]


> Apparently the elves were busy last night. CCO has a new look.
>
> www.cisco.com
>
>
>
> --
>
> www.chuckslongroad.info
> like my web site?
> take the survey!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54973&t=54966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

[Greg Reaume]

John,

If WindowsXP is bridging two NICs it actually runs spanning-tree. It is a
very nice feature for L1 redundancy. Though in your scenario I don't really
see why they think that's necessary. I'm planning to use this functionality
in the upcoming Windows.NET server to multihome all my servers, as long as
it supports the concept of a loopback or virtual interface for L3
connectivity, to two different switches to protect against 48 servers
failing because a switch burns out. I just wish MS had an add-on for
Windows2K Server with this functionality so I don't have to wait.

Check out these links:

http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
ableguy/cg0102.asp



Correct me if I'm wrong but, from what I gather in your previous postings,
loops seem to be your main concern. You say that it may very well be
justified that these users need up to 5 PCs in their cube, or that you don't
really want to get into that fight (whichever way you want to put it). You
also say that it is very hard to run new drops. Why don't you take the
approach of supporting them then, and instead of going through the work of
running new drops, provide them with a small switch that runs spanning-tree.

A 1548M (8-port desktop chassis) would do nicely for around $1K list. It
allows for up to 4 local VLANs so the techs can do whatever they want on
their own little switch. It also runs CDP so you can keep track of where
they are through management tools like CiscoWorks, etc. If they want to clog
up their link to the rest of the network with 5 PCs doing whatever, why not
let them (as long as they do it safely)?

Check here for more info on the 1548M:
http://www.cisco.com/en/US/products/hw/switches/ps211/index.html

HTH

Greg Reaume



""JohnZ""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Well, when I wrote the orginal post I knew I will have these questions.
Basically the first layer of support or help desk if you will have more PCs
then the drops in their cubes. This is an old building not meant for an IS
staff so there is some frustration on their part. I am not going to question
if there is a legit need for folks to have 5 PCs when there is infact a
seperate staging area to set up and test pcs for users. Any ways they know
enough to be dangerous and there is no standard on hubs and I have seen
where folks have created loops. Now with Windows XP I have seen some configs
where 2 nics have been bridged via software I am not sure with what intent.
Although it's been made clear many times not to use hubs but this is never
enforced and I did not want to spend my time daily trying to hunt down the
lawless. So that's when I thought if I could config the switch this will
discourage the hub usage or bridging within pcs. I hope that answers most of
the questions here.
""David j""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> See inline..
> Chuck's Long Road wrote:
> >
> > as much of a rulemeister as I am, I still have to look at this
> > from the user
> > standpoint. Why are users throwing their own hubs onto the
> > network? Is there
> > a business case to be made? Is facilities too slow getting
> > requested cable
> > pulls done?
> >
> > what is the concern with a user plugging a hub in at the desk
> > and then
> > connected a couple of extra PC's? if the problem is one of dual
> > homing by
> > accident or otherwise, I can see the issue with spanning tree
> > recalculations. But in a single home situation,  what do you
> > see as the
> > issues?
> >
>
> I see one issue: collisions, if you have a switched network you don't want
> to deal with collisions that hubs normally produce. I have to recognize,
> though, that hubs sometimes are very convenient and I'm the first on using
> them.
>
> > when you say that "politically, it's a mess" what does that
> > mean? high
> > powered sales people throwing their weight around? management
> > does not
> > respect your input or concerns? something bad is happening, and
> > it's rolling
> > downhill?
> >
> In some environments it's politically unacceptable, I know some hospitals
in
> which you have to fill in a lot papers before being allowed to use a PC,
so
> in that environments this could perfectly be part of the policy.
>
> > I'm not questioning the wisdom or the necessity for doing what
> > others have
> > suggested. I'm just wondering why it is necessary for the
> > network manager /
> > network staff to unilaterally cut off user access.
> >
> >
> >
> >
> > ""John Zaggat""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Thanks guys that's pretty good information, but do you think
> > in your
> > opinion
> > > is that good approach to deal with this problem. Do you see
> > any caveats
> > and
> > > are there any other ways this can be dealt with.
> > > ""Kevin Wigle""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMA

Re: Route-map question (urgent) [7:54910]

[Greg Reaume]

Yasser,

Be careful here...  you don't know if the only segment for which he wants
HTTP redirected is the one connected via fa2/0, there may be more.  Offering
a solution without knowing all his requirements will just lead him into
deeper confusion.


Nabil,

The best way to find your answer is to go and learn this thoroughly for
yourself.  And as always, never put yourself in a position where you are
urgently required to do something you've never done without a lifeline setup
prior to your need.  No manager that I have worked with has ever blamed
someone for saying, "I've never done that before and I'd feel more
comfortable taking some time to understand it".  If the need is that urgent
that there is no time to spare, you should be able to call TAC under your
service contract, right?  :)

Good luck.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
No, you need to do the follwoing

access-list 101 permit tcp any any eq 80

route-map http_traffic permit 10

match ip address 101

set next-hop 10.10.10.141

route-map nttp_traffic permit 20

!

int fa2/0

ip policy route-map http_traffic



>From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a
route-map question. I need to force all http traffic >to go to
10.10.10.141 address, does my config below allow me to do just >that? > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80
>access-list extended 101 permit ip any any > >route-map http_traffic
permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
behind this interface) >ip policy route-map http_traffic >
>Thanks...Nabil > >"I have never let my schooling interfere
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54975&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Study partner in Jacksonville, FLorida [7:54976]

[LOON]

Is there anyone in the Jacksonville, FL area currently preparing for
the CCIE written exam?
I want to start a study group, I currently have 6 routers and 2 switches
to practice on.
I interested hit me back with an  email.

Laterzzz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54976&t=54976
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off topic - Cisco's jazzy web site [7:54966]

[Gaz]

In article , 
[EMAIL PROTECTED] says...
> Hey Chuck,
> Yep, I noticed this as well.  The greatest addition to
> the new site is the button/link(image) that read "Go to the old Site".
> After mastering where all the information is on CCO, it's going to take
> sometime to fimilarize myself with the new layout..
> 
> Nigel
> 
> - Original Message -
> From: "Chuck's Long Road" 
> To: 
> Sent: Sunday, October 06, 2002 10:46 AM
> Subject: Off topic - Cisco's jazzy web site [7:54966]
> 
> 
> > Apparently the elves were busy last night. CCO has a new look.
> >
> > www.cisco.com
> >
> >
> >
> > --
> >
> > www.chuckslongroad.info
> > like my web site?
> > take the survey!
We went to a Cisco presentation to introduce the new web site. It has 
been developed from customer feedback apparently.
I'm sure most customers would say leave the bloody thing alone for a bit 
:-)

Myself and 2 CCIE's went to the two hour presentation, and had to 
chuckle as we walked out and our summary was "Same shit - different 
place"

Can't knock it really though. I have worked with masses of different 
products over the years, and in my view, one of the best things about 
Cisco is the availability and quality of information on their web site.


Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54977&t=54966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

[Erick B.]

Greg,

Windows XP does this by default in some situations. If
you have a PC with a Ethernet NIC and firewire
adapter, it will bridge the 2 interfaces together and
create a logical L3 interface that the protocols are
bound to all by default.

--- Greg Reaume  wrote:
> John,
> 
> If WindowsXP is bridging two NICs it actually runs
> spanning-tree. It is a
> very nice feature for L1 redundancy. Though in your
> scenario I don't really
> see why they think that's necessary. I'm planning to
> use this functionality
> in the upcoming Windows.NET server to multihome all
> my servers, as long as
> it supports the concept of a loopback or virtual
> interface for L3
> connectivity, to two different switches to protect
> against 48 servers
> failing because a switch burns out. I just wish MS
> had an add-on for
> Windows2K Server with this functionality so I don't
> have to wait.
> 
> Check out these links:
> 
>
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
> /default.asp
> 
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
> ableguy/cg0102.asp
> 
> 
> 
> Correct me if I'm wrong but, from what I gather in
> your previous postings,
> loops seem to be your main concern. You say that it
> may very well be
> justified that these users need up to 5 PCs in their
> cube, or that you don't
> really want to get into that fight (whichever way
> you want to put it). You
> also say that it is very hard to run new drops. Why
> don't you take the
> approach of supporting them then, and instead of
> going through the work of
> running new drops, provide them with a small switch
> that runs spanning-tree.
> 
> A 1548M (8-port desktop chassis) would do nicely for
> around $1K list. It
> allows for up to 4 local VLANs so the techs can do
> whatever they want on
> their own little switch. It also runs CDP so you can
> keep track of where
> they are through management tools like CiscoWorks,
> etc. If they want to clog
> up their link to the rest of the network with 5 PCs
> doing whatever, why not
> let them (as long as they do it safely)?
> 
> Check here for more info on the 1548M:
>
http://www.cisco.com/en/US/products/hw/switches/ps211/index.html
> 
> HTH
> 
> Greg Reaume
> 
> 
> 
> ""JohnZ""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, when I wrote the orginal post I knew I will
> have these questions.
> Basically the first layer of support or help desk if
> you will have more PCs
> then the drops in their cubes. This is an old
> building not meant for an IS
> staff so there is some frustration on their part. I
> am not going to question
> if there is a legit need for folks to have 5 PCs
> when there is infact a
> seperate staging area to set up and test pcs for
> users. Any ways they know
> enough to be dangerous and there is no standard on
> hubs and I have seen
> where folks have created loops. Now with Windows XP
> I have seen some configs
> where 2 nics have been bridged via software I am not
> sure with what intent.
> Although it's been made clear many times not to use
> hubs but this is never
> enforced and I did not want to spend my time daily
> trying to hunt down the
> lawless. So that's when I thought if I could config
> the switch this will
> discourage the hub usage or bridging within pcs. I
> hope that answers most of
> the questions here.
> ""David j""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > See inline..
> > Chuck's Long Road wrote:
> > >
> > > as much of a rulemeister as I am, I still have
> to look at this
> > > from the user
> > > standpoint. Why are users throwing their own
> hubs onto the
> > > network? Is there
> > > a business case to be made? Is facilities too
> slow getting
> > > requested cable
> > > pulls done?
> > >
> > > what is the concern with a user plugging a hub
> in at the desk
> > > and then
> > > connected a couple of extra PC's? if the problem
> is one of dual
> > > homing by
> > > accident or otherwise, I can see the issue with
> spanning tree
> > > recalculations. But in a single home situation, 
> what do you
> > > see as the
> > > issues?
> > >
> >
> > I see one issue: collisions, if you have a
> switched network you don't want
> > to deal with collisions that hubs normally
> produce. I have to recognize,
> > though, that hubs sometimes are very convenient
> and I'm the first on using
> > them.
> >
> > > when you say that "politically, it's a mess"
> what does that
> > > mean? high
> > > powered sales people throwing their weight
> around? management
> > > does not
> > > respect your input or concerns? something bad is
> happening, and
> > > it's rolling
> > > downhill?
> > >
> > In some environments it's politically
> unacceptable, I know some hospitals
> in
> > which you have to fill in a lot papers before
> being allowed to use a PC,
> so
> > in that environments this could perfectly be part
> of the policy.
> >
> > > I'm not questioning the wisdom or the necessity
> for doing

Re: Route-map question (urgent) [7:54910]

[YASSER ALY]

Greg,

  Thank you for what you have said. My suggestions were based on the
scenario that Nabil mentioned. Being the fact that his real life scenario
is different that what he said fall under his attention to consider. It's
just something to give some light for him but you do have a point that he
should read more before considering doing something he never did before.

BTW, is it normal that somebody's postings to the list not to be sent to
his e-mail. Eachtime I send to the list either a question or a reply I
don't get a clue that it has been received until someone like you replies
quoting what I have said,

Regards,

Yasser

>From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the
only segment for which he wants >HTTP redirected is the one connected via
fa2/0, there may be more. Offering >a solution without knowing all his
requirements will just lead him into >deeper confusion. > > >Nabil, >
>The best way to find your answer is to go and learn this thoroughly for
>yourself. And as always, never put yourself in a position where you are
>urgently required to do something you've never done without a lifeline
setup >prior to your need. No manager that I have worked with has ever
blamed >someone for saying, "I've never done that before and I'd feel
more >comfortable taking some time to understand it". If the need is that
urgent >that there is no time to spare, you should be able to call TAC
under your >service contract, right? :) > >Good luck. > >Greg Reaume > >
>""YASSER ALY"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the
follwoing > >access-list 101 permit tcp any any eq 80 > >route-map
http_traffic permit 10 > >match ip address 101 > >set next-hop
10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip
policy route-map http_traffic > > > > >From:
"[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map
question. I need to force all http traffic >to go to >10.10.10.141
address, does my config below allow me to do just >that? > > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >
>access-list extended 101 permit ip any any > >route-map http_traffic
>permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
>behind this interface) >ip policy route-map http_traffic > >
>Thanks...Nabil > >"I have never let my schooling interfere
>misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>
> >Join the worlds largest e-mail service with MSN Hotmail. Click Here >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54979&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

[Greg Reaume]

Great!  Just what I needed.  Thanks for the clarification.

Now that I think about it, the ability to set TCP/IP properties on the
'Network Bridge' item is a dead giveaway.  :)

Greg Reaume


""Erick B.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Greg,

Windows XP does this by default in some situations. If
you have a PC with a Ethernet NIC and firewire
adapter, it will bridge the 2 interfaces together and
create a logical L3 interface that the protocols are
bound to all by default.

--- Greg Reaume  wrote:
> John,
>
> If WindowsXP is bridging two NICs it actually runs
> spanning-tree. It is a
> very nice feature for L1 redundancy. Though in your
> scenario I don't really
> see why they think that's necessary. I'm planning to
> use this functionality
> in the upcoming Windows.NET server to multihome all
> my servers, as long as
> it supports the concept of a loopback or virtual
> interface for L3
> connectivity, to two different switches to protect
> against 48 servers
> failing because a switch burns out. I just wish MS
> had an add-on for
> Windows2K Server with this functionality so I don't
> have to wait.
>
> Check out these links:
>
>
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
> /default.asp
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
> ableguy/cg0102.asp
>
>
>
> Correct me if I'm wrong but, from what I gather in
> your previous postings,
> loops seem to be your main concern. You say that it
> may very well be
> justified that these users need up to 5 PCs in their
> cube, or that you don't
> really want to get into that fight (whichever way
> you want to put it). You
> also say that it is very hard to run new drops. Why
> don't you take the
> approach of supporting them then, and instead of
> going through the work of
> running new drops, provide them with a small switch
> that runs spanning-tree.
>
> A 1548M (8-port desktop chassis) would do nicely for
> around $1K list. It
> allows for up to 4 local VLANs so the techs can do
> whatever they want on
> their own little switch. It also runs CDP so you can
> keep track of where
> they are through management tools like CiscoWorks,
> etc. If they want to clog
> up their link to the rest of the network with 5 PCs
> doing whatever, why not
> let them (as long as they do it safely)?
>
> Check here for more info on the 1548M:
>
http://www.cisco.com/en/US/products/hw/switches/ps211/index.html
>
> HTH
>
> Greg Reaume
>
>
>
> ""JohnZ""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, when I wrote the orginal post I knew I will
> have these questions.
> Basically the first layer of support or help desk if
> you will have more PCs
> then the drops in their cubes. This is an old
> building not meant for an IS
> staff so there is some frustration on their part. I
> am not going to question
> if there is a legit need for folks to have 5 PCs
> when there is infact a
> seperate staging area to set up and test pcs for
> users. Any ways they know
> enough to be dangerous and there is no standard on
> hubs and I have seen
> where folks have created loops. Now with Windows XP
> I have seen some configs
> where 2 nics have been bridged via software I am not
> sure with what intent.
> Although it's been made clear many times not to use
> hubs but this is never
> enforced and I did not want to spend my time daily
> trying to hunt down the
> lawless. So that's when I thought if I could config
> the switch this will
> discourage the hub usage or bridging within pcs. I
> hope that answers most of
> the questions here.
> ""David j""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > See inline..
> > Chuck's Long Road wrote:
> > >
> > > as much of a rulemeister as I am, I still have
> to look at this
> > > from the user
> > > standpoint. Why are users throwing their own
> hubs onto the
> > > network? Is there
> > > a business case to be made? Is facilities too
> slow getting
> > > requested cable
> > > pulls done?
> > >
> > > what is the concern with a user plugging a hub
> in at the desk
> > > and then
> > > connected a couple of extra PC's? if the problem
> is one of dual
> > > homing by
> > > accident or otherwise, I can see the issue with
> spanning tree
> > > recalculations. But in a single home situation,
> what do you
> > > see as the
> > > issues?
> > >
> >
> > I see one issue: collisions, if you have a
> switched network you don't want
> > to deal with collisions that hubs normally
> produce. I have to recognize,
> > though, that hubs sometimes are very convenient
> and I'm the first on using
> > them.
> >
> > > when you say that "politically, it's a mess"
> what does that
> > > mean? high
> > > powered sales people throwing their weight
> around? management
> > > does not
> > > respect your input or concerns? something bad is
> happening, and
> > > it's rolling
> > > downhill?
> > >
> > In some environments it's politically
> unacceptable

Re: Route-map question (urgent) [7:54910]

[Greg Reaume]

Yasser,

I agree, everyone should be conscious that any advice received through a
source such as this, although quite skilled, can only be advice given based
on the information one has provided.  This advice is only as accurate and
comprehensive as one's presented question or scenario.

About the postings, I know that I use Outlook Express through Outlook (news
button), and I do see the postings that I make in each thread.  However, I
can only choose to either post to thread, or reply directly to sender.  If I
want to do both I must manually add the destinations to the message.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Greg,

  Thank you for what you have said. My suggestions were based on the
scenario that Nabil mentioned. Being the fact that his real life scenario
is different that what he said fall under his attention to consider. It's
just something to give some light for him but you do have a point that he
should read more before considering doing something he never did before.

BTW, is it normal that somebody's postings to the list not to be sent to
his e-mail. Eachtime I send to the list either a question or a reply I
don't get a clue that it has been received until someone like you replies
quoting what I have said,

Regards,

Yasser

>From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the
only segment for which he wants >HTTP redirected is the one connected via
fa2/0, there may be more. Offering >a solution without knowing all his
requirements will just lead him into >deeper confusion. > > >Nabil, >
>The best way to find your answer is to go and learn this thoroughly for
>yourself. And as always, never put yourself in a position where you are
>urgently required to do something you've never done without a lifeline
setup >prior to your need. No manager that I have worked with has ever
blamed >someone for saying, "I've never done that before and I'd feel
more >comfortable taking some time to understand it". If the need is that
urgent >that there is no time to spare, you should be able to call TAC
under your >service contract, right? :) > >Good luck. > >Greg Reaume > >
>""YASSER ALY"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the
follwoing > >access-list 101 permit tcp any any eq 80 > >route-map
http_traffic permit 10 > >match ip address 101 > >set next-hop
10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip
policy route-map http_traffic > > > > >From:
"[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map
question. I need to force all http traffic >to go to >10.10.10.141
address, does my config below allow me to do just >that? > > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >
>access-list extended 101 permit ip any any > >route-map http_traffic
>permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
>behind this interface) >ip policy route-map http_traffic > >
>Thanks...Nabil > >"I have never let my schooling interfere
>misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>
> >Join the worlds largest e-mail service with MSN Hotmail. Click Here >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54981&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3550 [7:54958]

[Ben W]

3550 already has replaced the 5000.  They will only test you on what the
3550 and 5000 have in common until Nov. 4, however Nov. 4 they will start
testing anything on 3550.

Chuck's Long Road wrote:
> 
> as always, the first place to check is CCO
> 
>
http://www.cisco.com/en/US/learning/le3/le2/le23/le7/learning_certification_
> type_home.html#4
> watch the wrap
> 
> all your questions are answered there
> 
> --
> 
> www.chuckslongroad.info
> like my web site?
> take the survey!
> 
> 
> 
> ""John Tafasi""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Do you guys no when the Catalyst 3550 will replace the 5000
> series
> switches
> > in the lab exam?
> >
> > Do you any online lab that gives good scenarios related to
> this new
> switch?
> >
> > Thanks
> > Omer Shommo
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54982&t=54958
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

[John Zaggat]

Thanks for all the advice, I will try to work this with the managers see
what we can come up with. As I said before this is a political mess because
there are too many chiefs and few indians and unfortunately I don't have a
power in the final decisions which is why things are not optimum. This was a
good discussion and I will use your suggestions. Thank you all for your time
""Greg Reaume""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Great!  Just what I needed.  Thanks for the clarification.
>
> Now that I think about it, the ability to set TCP/IP properties on the
> 'Network Bridge' item is a dead giveaway.  :)
>
> Greg Reaume
>
>
> ""Erick B.""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Greg,
>
> Windows XP does this by default in some situations. If
> you have a PC with a Ethernet NIC and firewire
> adapter, it will bridge the 2 interfaces together and
> create a logical L3 interface that the protocols are
> bound to all by default.
>
> --- Greg Reaume  wrote:
> > John,
> >
> > If WindowsXP is bridging two NICs it actually runs
> > spanning-tree. It is a
> > very nice feature for L1 redundancy. Though in your
> > scenario I don't really
> > see why they think that's necessary. I'm planning to
> > use this functionality
> > in the upcoming Windows.NET server to multihome all
> > my servers, as long as
> > it supports the concept of a loopback or virtual
> > interface for L3
> > connectivity, to two different switches to protect
> > against 48 servers
> > failing because a switch burns out. I just wish MS
> > had an add-on for
> > Windows2K Server with this functionality so I don't
> > have to wait.
> >
> > Check out these links:
> >
> >
>
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
> > /default.asp
> >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
> > ableguy/cg0102.asp
> >
> >
> >
> > Correct me if I'm wrong but, from what I gather in
> > your previous postings,
> > loops seem to be your main concern. You say that it
> > may very well be
> > justified that these users need up to 5 PCs in their
> > cube, or that you don't
> > really want to get into that fight (whichever way
> > you want to put it). You
> > also say that it is very hard to run new drops. Why
> > don't you take the
> > approach of supporting them then, and instead of
> > going through the work of
> > running new drops, provide them with a small switch
> > that runs spanning-tree.
> >
> > A 1548M (8-port desktop chassis) would do nicely for
> > around $1K list. It
> > allows for up to 4 local VLANs so the techs can do
> > whatever they want on
> > their own little switch. It also runs CDP so you can
> > keep track of where
> > they are through management tools like CiscoWorks,
> > etc. If they want to clog
> > up their link to the rest of the network with 5 PCs
> > doing whatever, why not
> > let them (as long as they do it safely)?
> >
> > Check here for more info on the 1548M:
> >
> http://www.cisco.com/en/US/products/hw/switches/ps211/index.html
> >
> > HTH
> >
> > Greg Reaume
> >
> >
> >
> > ""JohnZ""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Well, when I wrote the orginal post I knew I will
> > have these questions.
> > Basically the first layer of support or help desk if
> > you will have more PCs
> > then the drops in their cubes. This is an old
> > building not meant for an IS
> > staff so there is some frustration on their part. I
> > am not going to question
> > if there is a legit need for folks to have 5 PCs
> > when there is infact a
> > seperate staging area to set up and test pcs for
> > users. Any ways they know
> > enough to be dangerous and there is no standard on
> > hubs and I have seen
> > where folks have created loops. Now with Windows XP
> > I have seen some configs
> > where 2 nics have been bridged via software I am not
> > sure with what intent.
> > Although it's been made clear many times not to use
> > hubs but this is never
> > enforced and I did not want to spend my time daily
> > trying to hunt down the
> > lawless. So that's when I thought if I could config
> > the switch this will
> > discourage the hub usage or bridging within pcs. I
> > hope that answers most of
> > the questions here.
> > ""David j""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > See inline..
> > > Chuck's Long Road wrote:
> > > >
> > > > as much of a rulemeister as I am, I still have
> > to look at this
> > > > from the user
> > > > standpoint. Why are users throwing their own
> > hubs onto the
> > > > network? Is there
> > > > a business case to be made? Is facilities too
> > slow getting
> > > > requested cable
> > > > pulls done?
> > > >
> > > > what is the concern with a user plugging a hub
> > in at the desk
> > > > and then
> > > > connected a couple of extra PC's? if the problem
> > is one of dual
> > > > homing by
> > > > accident or otherwise, I can see the i

RE: Access List Change [7:54901]

[Charles D Hammonds]

>The first 0.0.0.0 means all networks. The second 0.0.0.0 means
>all hosts.

Huh???

router1(config)#ip route ?
  A.B.C.D  Destination prefix

router1(config)#ip route 0.0.0.0 ?
  A.B.C.D  Destination prefix mask

while together, they could be construed as 'all networks' and 'all hosts'
(in the absense of more specific routes), your statement would not be
accurate as seperately they are meaningless.


charles


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Daniel Cotts
Sent: Friday, October 04, 2002 7:39 PM
To: [EMAIL PROTECTED]
Subject: RE: Access List Change [7:54901]


I just lost a major reply that I had composed due to a computer lockup. So
shorter reply this time.
The static route that your European router has is correct as it is. It takes
all traffic for which it doesn't have an explicit route and passes it out to
the Internet. I'm assuming that the ip address 1.2.3.4 is a valid address of
an interface on your European ISPs router. So all traffic to the Internet
from your European office goes to their local European ISP.
Look at the syntax of a static route.
Destination network, netmask to determine what bits identify the network,
egress port. The first 0.0.0.0 means all networks. The second 0.0.0.0 means
all hosts. 1.2.3.4 seems to be your European ISP. ip route 0.0.0.0 0.0.0.0
1.2.3.4 is a good default route.
If you were to use 172.29.30.0 255.255.255.0 1.2.3.4 you would be telling
your router to find its LAN network out on the Internet. The router knows
better. It already has that network shown as directly connected. Do a "show
ip route" to verify.
Your statement that "However, it has been configured for all Europe internet
traffic to be routed through U.S. office ..." doesn't agree with the
configuration. Access-list 100 would have to send all traffic over the VPN.
It doesn't.

To verify that, check the path that traffic to the Internet takes from your
remote office. From the DOS Prompt of a European PC ping a web site such as
Cisco. ping cisco.com. You should get a reply like 198.133.219.25. Again
from the DOS Prompt do a tracert to that address. It should display the
intermediate routers. I'll bet that traffic from Europe goes out that router
to the local ISP.

No time to repeat my lost sermon on named access-lists.
Access-list 100 defines traffic that is allowed to traverse the VPN.
Access-list 101 specifies that traffic bound for the VPN tunnel should not
be NATed. All other traffic (to the ip nat outside interface (usually
Internet)) should be NATed.
For every permit statement in 100 there should be a corresponding deny in
101. 101 in addition then permits all other destinations.

Here's a tutorial on access-lists http://www.nwc.com/907/907ws1.html

Be extremely careful about changing access-lists in the European router. If
you edit 100 you will take the VPN down. Not good if you are connected via
that VPN. Telnet to the 217.x.x.x interface of the European router from your
local router.
Consider using the "reload in" command. I've mentioned it previously. Look
it up in the Cisco documentation on www.cisco.com

The Firewall feature set can be used on a router with NAT and with VPNs. Not
trivial.

It would be good to remove the "ip http server" line.

Let us know your progress.

May I suggest that you purchase a few books. You may only need a small bit
of it; but "Routing TCP/IP Vol 1" by Jeff Doyle is a classic. "Cisco Access
Lists Field Guide" by Held and Hundley is quite good. It's also all on CCO -
you just have to find it. Start under Service and Support and go to the TAC
page. Look under each major area. Drill down just to see what's there.

> -Original Message-
> From: CTM CTM [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 04, 2002 3:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Access List Change [7:54901]
>
>
> Hi,
>
> The router was purchased along with the Cisco firewall
> software license. I
> figured to implement that? Otherwise I could put ISA on the
> server out there.
>
> The security concerns are duly noted, and I won't leave the
> office on public
> until addressed. That being said; to get them to use their
> own internet
> portal direct I would do a:
>
> ip route 172.29.30.0 255.255.255.0 1.2.3.4
>
> and do a:
>
> no ip route  0.0.0.0 0.0.0.0
>
> is that correct?
>
> BTW, and don't laugh, I put in that last route chasing down a CPU
> utilization issue. The router was typically at 34%
> utilization. Doing some
> research and I found that maybe packets to unclaimed
> addressed were looping
> between internal network and ISP, and that line would throw
> them in the bit
> bucket. So that was way out in left field wasn't it. I did solve the
> utilization issue; there was an unused ADSL module, when I
> had that pulled
> it went down to normal.
>
> Chuck's Long Road wrote:
> >
> > just a quick comment or two.
> >
> > you are writing as if you need to do something on your routers
> > other than
> > change the gateway of last 

Which PIX to buy [7:54985]

[Andrew Unuigbe]

Pix 535 is the perfect device for what you want to accomplish but it will
cost you about $110,000.00 with the failover unit and it is very scalable.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54985&t=54985
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: traceroute blocked port [7:53657]

[Song, Minsuk]

sam sneed wrote:
> There is no simple tool to do this Osama. Try connecting to 1720 on some
> servers on other networks. While you do this do use a sniffer. You should
> get a connectrion refused (RST) from the server. Verify this with packets
> captured by sniffer. If you simply see syn packets going out and no
> connection refused message, that means a firewall is dropping them
silently.
> Some FW's will send the reject message themselves Osama. You will also be
> able to see this in the packet dump. These problems take a lot of trial and
> error and cooperation of your ISP to resolve but are not impossible to
> troubleshoot.
> 
> 
> ""Osama Kamal""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> 
>>I am having a problem with a blocked port somewhere on the internet down
> 
> to
> 
>>my router, my ISP is denying any blocking from their side, is there is any
>>way to know where exactly the port is blocked?
>>
>>Thanks
use 'hping' with -T option. it works most unix machine.

following is a test output.
tcp/514 is filtered at 61.42.0.234.

% hping -n -S -p 514 -T xxx.yyy.zzz
HPING xxx.yyy.zzz (hme0 a.b.c.d): S set, 40 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=211.174.57.2
hop=1 hoprtt=0.9 ms
hop=2 TTL 0 during transit from ip=203.248.248.201
hop=2 hoprtt=0.6 ms
hop=3 TTL 0 during transit from ip=211.32.118.125
hop=3 hoprtt=0.7 ms
hop=4 TTL 0 during transit from ip=211.233.55.65
hop=4 hoprtt=0.7 ms
hop=5 TTL 0 during transit from ip=210.92.194.209
hop=5 hoprtt=0.7 ms
hop=6 TTL 0 during transit from ip=210.120.61.37
hop=6 hoprtt=1.2 ms
hop=7 TTL 0 during transit from ip=210.120.244.34
hop=7 hoprtt=1.5 ms
hop=8 TTL 0 during transit from ip=210.120.104.158
hop=8 hoprtt=1.7 ms
hop=9 TTL 0 during transit from ip=210.120.104.174
hop=9 hoprtt=1.7 ms
ICMP Packet filtered from ip=61.42.0.234
ICMP Packet filtered from ip=61.42.0.234
ICMP Packet filtered from ip=61.42.0.234
^C
--- xxx.yyy.zzz hping statistic ---
35 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.6/1.1/1.7 ms




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54986&t=53657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]