Pix question [7:57869]
Configuration nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 interface ethernet0 10baset interface ethernet1 10baset interface ethernet0 100basetx ip address outside 209.165.201.2 255.255.255.248 ip address inside 192.168.7.0 255.255.255.0 ip address dmz 172.16.1.0 255.255.255.0 hostname pixfirewall arp timeout 14400 no failover names pager lines 24 logging buffered debugging access-list acl_out permit tcp any host 209.165.201.19 access-group acl_out in interface outside route outside 0.0.0.0 0.0.0.0 209.165.201.1 1 access-list ping_acl permit icmp any any access-group ping_acl in interface inside access-group ping_acl in interface dmz access-list acl_out permit icmp any any timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 My question is ,can my systems from inside initiate connection to dmz with the above configuration?.meaning can the Pix act as a router?Since i read inside can initiate connection to dmz or outside by default _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57869&t=57869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Souce Quench to a device from an MSFC [7:57870]
Cat 6509 (SW 5.5(16)) with MSFC (Version 12.1(1)E). The MSFC has over 15 vlans. The vlan in question has over 60 active devices. There is one device that when pinged (datagram size does not change the result) it produces a source quench. All other devices on the vlan respond to pings ok. >From the command prompt on my desktop the result is the same. >From a unix server the ping results are normal. >From the switch the ping results are normal. Specifications of the server are unknown. The port that the device connects to is set to 100/full and has no errors. The MSFC and switch resources are fine The vlan interface does not have any errors. The switch and router module are both heavily used and it appears this issue is only happening to the one device. Can anyone tell me why this is happening? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57870&t=57870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix question [7:57869]
gotta put static or nat translation statements for ANY traffic. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of ramesh c Sent: Friday, November 22, 2002 1:48 AM To: [EMAIL PROTECTED] Subject: Pix question [7:57869] Configuration nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 interface ethernet0 10baset interface ethernet1 10baset interface ethernet0 100basetx ip address outside 209.165.201.2 255.255.255.248 ip address inside 192.168.7.0 255.255.255.0 ip address dmz 172.16.1.0 255.255.255.0 hostname pixfirewall arp timeout 14400 no failover names pager lines 24 logging buffered debugging access-list acl_out permit tcp any host 209.165.201.19 access-group acl_out in interface outside route outside 0.0.0.0 0.0.0.0 209.165.201.1 1 access-list ping_acl permit icmp any any access-group ping_acl in interface inside access-group ping_acl in interface dmz access-list acl_out permit icmp any any timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 My question is ,can my systems from inside initiate connection to dmz with the above configuration?.meaning can the Pix act as a router?Since i read inside can initiate connection to dmz or outside by default _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57871&t=57869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE on Cisco routers [7:57836]
Ok Eric, I just have the impression that something was wrong because my name was just after what you wrote. Thanks and Best Regards, Alaerte Eric Polin em 11/21/2002 07:31:59 PM Para: "'[EMAIL PROTECTED]'" cc: Assunto:RE: GRE on Cisco routers [7:57836] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alaerte- Sorry, i am a bit confused as to what you are saying. What you have quoted was what i had written.. thanks, Eric - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 4:28 PM To: Eric Polin Subject: RE: GRE on Cisco routers [7:57836] Hi Eric, Could you tell me where did you get the message in you email: "Hello everyone, i am new to the list, and have been studying cisco for a month now, i thought this list would be a great way of getting to know/understand the community, and would also be a great resource for me. alaerte - I have been using freebsd for a while now, and have used vpn for a little" Thanks Eric Polin em 11/21/2002 02:36:28 PM Para: "'[EMAIL PROTECTED]'" , [EMAIL PROTECTED] cc: Assunto:RE: GRE on Cisco routers [7:57836] - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> *** So instead of getting the EIGRP routes via Tunnel 0 inteface, I'm >> getting it via the outgoing interface (serial 0), & the IPSec still works. So what am I >> missing, and how does it make a difference if I use GRE over IPSec? I also tested >> RIPv2 & getting similar results. Hello everyone, i am new to the list, and have been studying cisco for a month now, i thought this list would be a great way of getting to know/understand the community, and would also be a great resource for me. alaerte - I have been using freebsd for a while now, and have used vpn for a little while as well. In *bsd there are a couple packages which have worked well with our cisco (3600x). For bsd i have been using racoon/zebra. Well, as i started to get into zebra, which does rip/ospf/bgp/foo.. i noticed that for a ipsec vpn, it would not take broadcast/multicast traffic over the tunnel. I then layered gre into the tunnel, and whalla, the broadcast and multicast messages were dropping over to the other side of the tunnel. I am not sure why gre takes it and ipsec doesnt. Remember, i am very new to cisco, so i am not sure how that side works. But try to use that approach, and maybe it will help you. cheers- Eric - -BEGIN PGP SIGNATURE- Version: PGP 8.0 (Build 349) Beta iQA/AwUBPd0aMaUUXFhoQKvpEQLNTACfcG61THlR7HSVwFeu0gUwAb12aLUAn1Y0 FO7h6YYILpNWB20T/Yrjr1TA =vDsv - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: PGP 8.0 (Build 349) Beta iQA/AwUBPd1feaUUXFhoQKvpEQL1TQCeN2RSGaVPzjUdryCkzfCmRC7guPoAoN1y THQmxYJEEsgE3VcUrBoMrvWv =LzKl -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57872&t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPNv4 implemenation on backbone using BGP [7:57873]
Hi All, Can anyone of you pls provide me with a link which explains the behaviour/functionality of P router (w.r.t. BGP and handling of communities , where P acts as a route-reflector) in detail. I am having this kind of topology CE--PE---P---PE--CE Thanks, Vinay DISCLAIMER: This message is proprietary to Hughes Software Systems Limited (HSS) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. HSS accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57873&t=57873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Home Lab Materials and Equipments [7:57810]
You will be tested on Catalyst 3550 not 5000. ""Godswill HO"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group, > > I want to get it right the first time. I intend > setting up my CCIE lab at home. I will appreciate if > someone that have taken the lab or preparing for it, > tell me what Switches, Routers, materials I need to > buy. > > Also information about the various needed blades on > the switches is important, cables, cards, modules, > etc. > > I currently have a cable connection and also a dialup > connection from home to the internet, are these enough > or do I need to get a second cable connection? > > I curently have the following books: > 1. CCIE Fundametals Network Design and Case Studies > 2nd Edition by Cisco Press. > > 2. Routing TCP/IP, volume 1 by Cisco Press (Jeff > Doyle) > > also > 1. Cisco router 1601 > 2. Cisco router 2502 > 3. cisco router 3000 > > I intend buying Cisco Catalyst Switch 5000 within a > few days, but I need your assistance. > > > Please I will appreciate an answer for my big brothers > & sisters CCIEs and those who are currently working > towards it. > > Thanks in advance. > Godswill Oletu > CCNP, CCDP, CSS1. > > __ > Do you Yahoo!? > Yahoo! Web Hosting - Let the expert host your site > http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57874&t=57810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router forwarding directed broadcasts [7:57780]
[demime could not interpret encoding binary - treating as plain text] I think that if you send a capture of the config(, obtaineed by typing sh run at the enable mode) a solution to your problem might be found. Of coure, in interests of security, please feel free to change names and passwords. -Nakul >Date: Thu, 21 Nov 2002 18:29:44 GMT > "Priscilla Oppenheimer" [EMAIL PROTECTED] Re: Router forwarding directed broadcasts [7:57780]Reply-To: "Priscilla Oppenheimer" > >[EMAIL PROTECTED] wrote: >> >> I'm sure they will, but my routers still forwarding subnet >> broadcasts >> even with this line in a sh ip int output:- >> Directed broadcast forwarding is disabled > >Why don't you send us a config and some discussion of the situation and your >methods of testing. > >This group can be helpful, despite the numerous silly answers, but we can't >output a solution to your problem with no useful input. Troublehsooting >requires data. If you can give us data, perhaps we can help you. The end >result could be that everyone benefits. > >Also, please use a meaningful title on your messages. Thanks > >___ > >Priscilla Oppenheimer >www.troubleshootingnetworks.com >www.priscilla.com > >> >> Thanks >> -P >> >> > 5 games of cricket Between Australia and England have just >> commenced... >> > Australia won the first game very convincingly >> > >> > Australia should go a clean sweep >> > >> > -- >> > Regards, >> > >> > Peter Kingston >> > Telstra BigPond Direct >> > Freecall 1800 066 594 >> > ""Priscilla Oppenheimer"" wrote in message >> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > > Well you better explain this to us Yankees. Our baseball >> season is over >> > > unfortunatley, and now all we have is football (ugh). Well >> we have hockey >> > > and basketball too, I guess, and they're a litte better! :-) >> > > >> > > Priscilla >> > > >> > > Peter Kingston wrote: >> > > > >> > > > I just as a little bit of friendly rivalry, >> > > > >> > > > I believe there is more than yourself confused in London, >> > > > naming your >> > > > cricketers 5 zips looks like a fair chance >> > > > >> > > > -- >> > > > Regards, >> > > > >> > > > Peter Kingston >> > > > Telstra BigPond Direct >> > > > Freecall 1800 066 594 >> > > > wrote in message >> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > > > > Someone asked me a question which confused me:- >> > > > > If i ping a network broadcast from a host on a different >> > > > network, which >> > > > > passes through a cisco router why do i get replies from >> > > > certain devices. >> > > > > >> > > > > The router has directed broadcast forwarding disabled. >> > > > > I thought the router would therefore drop the packet >> > > > > >> > > > > Any thoughts >> > > > > Thanks >> > > > > -P NAKUL MALIK H-342 New Rajendra Nagar New Delhi-110060 India Ph: +91-11-582-3488 Cell: +91-9811424477 Fax: +91-11-575-7334 Mail-on-cell: [EMAIL PROTECTED] - Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57875&t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confused from London [7:57780]
We beat the Ozzies at rugby and we'll do the same at soccer in Febuary. As for the cricket, well its not over yet.. ""Peter Kingston"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 5 games of cricket Between Australia and England have just commenced... > Australia won the first game very convincingly > > Australia should go a clean sweep > > -- > Regards, > > Peter Kingston > Telstra BigPond Direct > Freecall 1800 066 594 > ""Priscilla Oppenheimer"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well you better explain this to us Yankees. Our baseball season is over > > unfortunatley, and now all we have is football (ugh). Well we have hockey > > and basketball too, I guess, and they're a litte better! :-) > > > > Priscilla > > > > Peter Kingston wrote: > > > > > > I just as a little bit of friendly rivalry, > > > > > > I believe there is more than yourself confused in London, > > > naming your > > > cricketers 5 zips looks like a fair chance > > > > > > -- > > > Regards, > > > > > > Peter Kingston > > > Telstra BigPond Direct > > > Freecall 1800 066 594 > > > wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Someone asked me a question which confused me:- > > > > If i ping a network broadcast from a host on a different > > > network, which > > > > passes through a cisco router why do i get replies from > > > certain devices. > > > > > > > > The router has directed broadcast forwarding disabled. > > > > I thought the router would therefore drop the packet > > > > > > > > Any thoughts > > > > Thanks > > > > -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57876&t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Serial CrossOver Cable [7:57877]
Hi everyone! Does anyone know the pinout for a Cisco Serial Crossover Cable (for interconnection of the routers via the serial ports) Thanks in advance Ernesto Diaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57877&t=57877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Souce Quench to a device from an MSFC [7:57870]
hi, some real stupid question... what is the default gateway for all the device`s... the source-quench should only come from the device that is bieng pinged...(ie the server itself ),these errors would not show up on the switch as the packets are getting through ok and it is the server that is not aaccepting them (source-quench=go away i am to busy) BUT if you are not getting the message from the switch and unix server and these are using a different VLan as default gateway (as i susupect you server and WKs is ) then the problem could be an overworked vlan int... check the amount of packets per sec of each int .any that are between 4-10,000 packets are bieng bashed majorly ... HTH steve - Original Message - From: "Hale Nick" To: Sent: Friday, November 22, 2002 10:20 AM Subject: Souce Quench to a device from an MSFC [7:57870] > Cat 6509 (SW 5.5(16)) with MSFC (Version 12.1(1)E). > The MSFC has over 15 vlans. > The vlan in question has over 60 active devices. > There is one device that when pinged (datagram size does not change the > result) it produces a source quench. > All other devices on the vlan respond to pings ok. > From the command prompt on my desktop the result is the same. > From a unix server the ping results are normal. > From the switch the ping results are normal. > Specifications of the server are unknown. > The port that the device connects to is set to 100/full and has no errors. > The MSFC and switch resources are fine > The vlan interface does not have any errors. > The switch and router module are both heavily used and it appears this issue > is only happening to the one device. > > > Can anyone tell me why this is happening? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57878&t=57870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Absolute minumum Lab setup [7:57879]
Dear all. What would be the absuolute minimum lab equipment setup for the CCIE R&S lab without sacrifying crucial key elements? Some say I only need three 2501s and a 3550. Others say I would need five 2521s, two 2620s, and one 3550. There are so many types of 2500 & 2600 series that I really don't know which one to choose from. Lastly, now that Token ring is out of the lab exam, do I still need a router capable of it? Friend of mine is trying to sell me four 2502s. These days you can fetch 2502 cheaper than 2501. But I heard it has no place in CCIE lab setup. Is this true? Instead, would I be better off with couple 2501s or anything higher than 2504? Thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57879&t=57879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VoIP over IP-VPN [7:57880]
Hi All - I am wondering if anyone here has VoIP working well over IPSec tunnels? Cisco said this could be done, but I am not sure how this approach works in a practical internet enviroment? Thanks! TN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57880&t=57880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPNs Cisco vs. Microsoft [7:57881]
Can anyone shed some light on what you feel are some pros & cons between the Microsoft Server VPN and VPNs through a 3005. I know one is L2TP/IPSec Microsoft will not do Tunnel Mode. Thanks, Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57881&t=57881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Serial CrossOver Cable [7:57877]
DTE DCE If you want to make your own look up the specs in the hardware manual on line. Dave Ernesto Diaz wrote: > > Hi everyone! > > Does anyone know the pinout for a Cisco Serial Crossover Cable (for > interconnection of the routers via the serial ports) > > Thanks in advance > > > > Ernesto Diaz -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57882&t=57877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Serial CrossOver Cable [7:57877]
Here is a situation, I have a Cisco 4000 router connected to a 2500 router back to back with a DTE, DCE cable (4000 50 pin serial and 2500 60 pin serial.) At this time the cable side that is connected to the 4000 is DCE and the 2500 side is DTE. Does any body know how to swap that around (change the pin configuration)and make the the 2500 side DCE?. Thanks Reza ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > DTE DCE > > > If you want to make your own look up the specs in the hardware manual > on line. > >Dave > > Ernesto Diaz wrote: > > > > Hi everyone! > > > > Does anyone know the pinout for a Cisco Serial Crossover Cable (for > > interconnection of the routers via the serial ports) > > > > Thanks in advance > > > > > > > > Ernesto Diaz > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57883&t=57877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPNs Cisco vs. Microsoft [7:57881]
Cisco support ipsec over tcp, very hany for remote access vpn through firewalls. it also easy to set up CA for certificate authentication, secureID ect. In short the Cisco VPN product is very easy to use, set up, and it works pretty well. Having said that I don't have a lot of MS vpn experience, but the one I did have was unpleasant. -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 22/11/02 15:39 Subject: VPNs Cisco vs. Microsoft [7:57881] Can anyone shed some light on what you feel are some pros & cons between the Microsoft Server VPN and VPNs through a 3005. I know one is L2TP/IPSec Microsoft will not do Tunnel Mode. Thanks, Chuck ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57884&t=57881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Serial CrossOver Cable [7:57877]
Go to http://www.kg2.com/cables.html The cables are around $15.00 each if you need them. -Original Message- From: Ernesto Diaz [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 9:00 AM To: [EMAIL PROTECTED] Subject: Cisco Serial CrossOver Cable [7:57877] Hi everyone! Does anyone know the pinout for a Cisco Serial Crossover Cable (for interconnection of the routers via the serial ports) Thanks in advance Ernesto Diaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57886&t=57877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VoIP over IP-VPN [7:57880]
I am using a Cisco 3002 hardware client with a 3000 series gateway from NY to Malaysia... True VPN / IPsec between the 2 sites... We put VoIP across this VPN, and it works unbelievably well. So much better than we even hoped it would. We have an E1 on the Malaysian end and a T1 on the NY end... So there is good bandwidth... The VoIP hardware and software we are using is really old. It is called an ITSE server. Internet Telephony Server... Basically, the servers have NT installed, and have this ITSE software installed. They are directly connected to our switch and given a phone extension on each side of the tunnel. All we have to do is dial that extension, and it gives us a dial tone on the switch on the other side of the tunnel. There are times when it doesn't connect right away, but if you just hang up and call again, it normally works fine. I would say about 95% of the time the call sounds like a perfect international phone call. The other 5% there is too much noise and delay, but IMO that is a small price to pay for free international phone calls to literally the other side of the world. We saved $6000 a month by getting rid of the frame-relay and installing this VPN, and couldn't be happier :-) GOOD LUCK! -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 9:57 AM To: [EMAIL PROTECTED] Subject: VoIP over IP-VPN [7:57880] Hi All - I am wondering if anyone here has VoIP working well over IPSec tunnels? Cisco said this could be done, but I am not sure how this approach works in a practical internet enviroment? Thanks! TN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57887&t=57880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cisco 3005 VPN concentrator issues. [7:57495]
What is the limitation of a PIX with a VPN Accerator card? > > From: "lounelson" > Date: 2002/11/21 Thu PM 08:59:22 EST > To: [EMAIL PROTECTED] > Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] > > I note you said 200 users > The 3005 is limited to 100 simultaneous user > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar > ison.html > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Umar Ahmed > Sent: Friday, November 15, 2002 3:00 AM > To: [EMAIL PROTECTED] > Subject: Cisco 3005 VPN concentrator issues. [7:57495] > > Hi all, > > Ive got a customer who has a 3005 concentrator connected to our network. > He > has setup a vpn connection which he accesses from home over the public > internet. The problem he and the other 200 users are having is that they > are > loosing connectivity to the box intermittently throughtout the day. When > he > has loss of service, I can ping the vpn box directly connected to my > network, whats even more strange, is that I can ping other customer > hosts on > the same subnet . Any ideas ?? > > Regards, > > Umar. Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57888&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Souce Quench to a device from an MSFC [7:57870]
Hale Nick wrote: > > Scenario: > Cat 6509 (SW 5.5(16)) with MSFC (Version 12.1(1)E). > The MSFC has over 15 vlans. > The vlan in question has over 60 active devices. > There is one device that when pinged (datagram size does not > change the result) it produces a source quench. Source quench comes from the host (end device) that you're pinging. That device is probably just too busy to respond to pings. This isn't necessarily a problem. The definition of "too busy" is operating system and version-dependent. In the olden days, routers used to send source quench. That was determined to be a useless feature. Per RFC 1812, "Requirements for IP Version 4 Routers," a router should not originate source quench messages. A host may send source quench messages, however, per RFC 1122, "Requirements for Internet Hosts." What is the device that you're pinging? What's the operating system? What version? Some operating systems send source quench almost immediately after just a couple pings. For example, Mac OS used to do this. I can't remember which version, but it's pre-Mac OS X, e.g. pre-UNIX. > All other devices on the vlan respond to pings ok. > From the command prompt on my desktop the result is the same. > From a unix server the ping results are normal. Are you saying that when you ping from a UNIX server to the device in question, you don't get a source quench? That seems weird. But it could happen if the UNIX ping sends less frequently and so doesn't trigger the recipient to go into quenching mode. > From the switch the ping results are normal. Pinging from the switch doesn't result in source quench either? Is it just when you ping from the command prompt on your desktop? That ping must send more quickly. Try telling the ping to let more time elapse between each ping. If it's the DOS ping, you can't do this, though. The -w option is only a timeout between unsuccessful pings, unfortunately. > Specifications of the server are unknown. What server? If you mean specifications of the ping recipient are unknown, then the reason you're seeing this result will be unknown also. :-) > The port that the device connects to is set to 100/full and has > no errors. > The MSFC and switch resources are fine > The vlan interface does not have any errors. > The switch and router module are both heavily used and it > appears this issue is only happening to the one device. Yes, it would be device-dependent. Source quench comes from the recipient. It just means it's busy, as I mentioned. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > > Can anyone tell me why this is happening? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57889&t=57870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: V.92 debugging [7:57890]
(sorry for the OT) folks, I am trying to find out why I am unable to establish a V.92 connection to a AS5300 with IOS 12.2(11)T. What debug command can I use to see why it does not get V.92? Thank you, Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57890&t=57890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Souce Quench to a device from an MSFC [7:57870]
Priscilla Oppenheimer wrote: > > Hale Nick wrote: > > > > Scenario: > > Cat 6509 (SW 5.5(16)) with MSFC (Version 12.1(1)E). > > The MSFC has over 15 vlans. > > The vlan in question has over 60 active devices. > > There is one device that when pinged (datagram size does not > > change the result) it produces a source quench. > > Source quench comes from the host (end device) that you're > pinging. That device is probably just too busy to respond to > pings. This isn't necessarily a problem. The definition of "too > busy" is operating system and version-dependent. That's interesting. I always thought a source quench was reserved for scenarios where the receiver was getting hammered (maybe a server on an FE port drowning a PC on a 10 Mbps port). I would think it would be just as costly to generate a source quench response as it would be to generate an ICMP echo reply. Or is the pinging device supposed to immediately stop repeated pings altogether, thereby ensuring that the receiver was only going to need to send one response vs. possibly many? If so, does that really happen in practice? > > In the olden days, routers used to send source quench. That was > determined to be a useless feature. Per RFC 1812, "Requirements > for IP Version 4 Routers," a router should not originate source > quench messages. A host may send source quench messages, > however, per RFC 1122, "Requirements for Internet Hosts." > > What is the device that you're pinging? What's the operating > system? What version? Some operating systems send source quench > almost immediately after just a couple pings. For example, Mac > OS used to do this. I can't remember which version, but it's > pre-Mac OS X, e.g. pre-UNIX. > > > All other devices on the vlan respond to pings ok. > > From the command prompt on my desktop the result is the same. > > From a unix server the ping results are normal. > > Are you saying that when you ping from a UNIX server to the > device in question, you don't get a source quench? That seems > weird. But it could happen if the UNIX ping sends less > frequently and so doesn't trigger the recipient to go into > quenching mode. > > > From the switch the ping results are normal. > > Pinging from the switch doesn't result in source quench either? > Is it just when you ping from the command prompt on your > desktop? That ping must send more quickly. Try telling the ping > to let more time elapse between each ping. If it's the DOS > ping, you can't do this, though. The -w option is only a > timeout between unsuccessful pings, unfortunately. > > > Specifications of the server are unknown. > > What server? If you mean specifications of the ping recipient > are unknown, then the reason you're seeing this result will be > unknown also. :-) > > > The port that the device connects to is set to 100/full and > has > > no errors. > > The MSFC and switch resources are fine > > The vlan interface does not have any errors. > > The switch and router module are both heavily used and it > > appears this issue is only happening to the one device. > > Yes, it would be device-dependent. Source quench comes from the > recipient. It just means it's busy, as I mentioned. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > > > Can anyone tell me why this is happening? > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57891&t=57870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Souce Quench to a device from an MSFC [7:57870]
s vermill wrote: > > Priscilla Oppenheimer wrote: > > > > Hale Nick wrote: > > > > > > Scenario: > > > Cat 6509 (SW 5.5(16)) with MSFC (Version 12.1(1)E). > > > The MSFC has over 15 vlans. > > > The vlan in question has over 60 active devices. > > > There is one device that when pinged (datagram size does not > > > change the result) it produces a source quench. > > > > Source quench comes from the host (end device) that you're > > pinging. That device is probably just too busy to respond to > > pings. This isn't necessarily a problem. The definition of > "too > > busy" is operating system and version-dependent. > > That's interesting. I always thought a source quench was > reserved for scenarios where the receiver was getting hammered > (maybe a server on an FE port drowning a PC on a 10 Mbps > port). I would think it would be just as costly to generate a > source quench response as it would be to generate an ICMP echo > reply. Or is the pinging device supposed to immediately stop > repeated pings altogether, thereby ensuring that the receiver > was only going to need to send one response vs. possibly many? Yes, the sender should quench itself. That reduces the load on the recipient. > If so, does that really happen in practice? Do you mean does the sender really quench itself? It should, but I wouldn't be surprised if some applications don't stop or don't stop right away anyway. RFC 1122 says this: "If a Source Quench message is received, the IP layer MUST report it to the transport layer (or ICMP processing). In general, the transport or application layer SHOULD implement a mechanism to respond to Source Quench for any protocol that can send a sequence of datagrams to the same destination and which can reasonably be expected to maintain enough state information to make this feasible." Source quench is hardly ever used by anything. I hope the original poster can tell use what was sending it. The other responder implied that a router or switch might be sending it. I highly doubt that. As mentioned earlier, per RFC 1812, published in 1995, routers shouldn't send it. Layer 3 switches shouldn't send it either. Layer 2 switches, of course, wouldn't send it anyway. They don't do Layer 3 stuff. Priscilla > > > > > In the olden days, routers used to send source quench. That > was > > determined to be a useless feature. Per RFC 1812, > "Requirements > > for IP Version 4 Routers," a router should not originate > source > > quench messages. A host may send source quench messages, > > however, per RFC 1122, "Requirements for Internet Hosts." > > > > What is the device that you're pinging? What's the operating > > system? What version? Some operating systems send source > quench > > almost immediately after just a couple pings. For example, Mac > > OS used to do this. I can't remember which version, but it's > > pre-Mac OS X, e.g. pre-UNIX. > > > > > All other devices on the vlan respond to pings ok. > > > From the command prompt on my desktop the result is the > same. > > > From a unix server the ping results are normal. > > > > Are you saying that when you ping from a UNIX server to the > > device in question, you don't get a source quench? That seems > > weird. But it could happen if the UNIX ping sends less > > frequently and so doesn't trigger the recipient to go into > > quenching mode. > > > > > From the switch the ping results are normal. > > > > Pinging from the switch doesn't result in source quench > either? > > Is it just when you ping from the command prompt on your > > desktop? That ping must send more quickly. Try telling the > ping > > to let more time elapse between each ping. If it's the DOS > > ping, you can't do this, though. The -w option is only a > > timeout between unsuccessful pings, unfortunately. > > > > > Specifications of the server are unknown. > > > > What server? If you mean specifications of the ping recipient > > are unknown, then the reason you're seeing this result will be > > unknown also. :-) > > > > > The port that the device connects to is set to 100/full and > > has > > > no errors. > > > The MSFC and switch resources are fine > > > The vlan interface does not have any errors. > > > The switch and router module are both heavily used and it > > > appears this issue is only happening to the one device. > > > > Yes, it would be device-dependent. Source quench comes from > the > > recipient. It just means it's busy, as I mentioned. > > > > ___ > > > > Priscilla Oppenheimer > > www.troubleshootingnetworks.com > > www.priscilla.com > > > > > > > > > > > Can anyone tell me why this is happening? > > > > > > > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57892&t=57870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Firewall Question [7:57893]
I have a friend that has a T1 going into his 1700 series cisco router. His ISp has stated that someone has hacked into his Win2k server and that he must put a firewall in place. Do you reccomend a software or hardware based firewall and what type. The network consist of 1 server, 1 switch, ans 10 workstations. Thanks [GroupStudy.com removed an attachment of type text/x-vcard which had a name of james.gruggett.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57893&t=57893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 515 and HP Openview [7:57894]
I have a HP open view server on inside interface of my pix 515, to check the status of Firewall Outside Interface, HP OV send icmp to outside interface of the firewall, the issue is we are not getting reply from outside interface of the FW, although i have permiting icmp echo and echo reply via ICMP command and also ICMP ports are open on access list on outside interface. -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57894&t=57894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall Question [7:57893]
money no object, hardware based money an object, CBAC works well no moe money, ACLs Dave James Gruggett wrote: > > I have a friend that has a T1 going into his 1700 series cisco router. > His ISp has stated that someone has hacked into his Win2k server and > that he must put a firewall in place. > > Do you reccomend a software or hardware based firewall and what type. > > The network consist of 1 server, 1 switch, ans 10 workstations. > > Thanks > > [GroupStudy.com removed an attachment of type text/x-vcard which had a name > of james.gruggett.vcf] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57895&t=57893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hsrp & isl trunking [7:57896]
In my Cisco Academy class, we are doing an lab with a lot of different topics rolled into one lab. We have 2 routers set up with hsrp and has a virtual ip address. Now a 4000 switch has 4 vlans configured on it and to use isl trunking to the hsrp routers. These routers have 4 subinterfaces on the fastethernet port going to the switch (one subinterface per vlan on each router). On the 4000 switch we set up a default gateway to the hsrp virtual ip address. But on the hsrp routers when we set up the subinterfaces and enter the standby command for the virtual ip address, I thought that we use the hsrp virtual ip address but the instructor says no. She says we need to put in the vlan number as part of the virtual ip address. Example: subinterface number for vlan 20...Fa0/0.20, ip address...10.200.20.2, standby ip address...10.200.20.1. And for vlan 30 it would be 10.200.30.1 for the virtual ip address. I thought that all subinterfaces would use the same hsrp virtual ip address. I tried to find more info on the Cisco site, but could not. Is this actually correct?? Why would the virtual ip address be different for each vlan?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57896&t=57896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPNs Cisco vs. Microsoft [7:57881]
One the flip side of things I would say microsoft over cisco. I think the real question to answer is are you authenticating location to location like a tunnel mode (then cisco is best), or are you authenticating remote users (then microsoft is best). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57897&t=57881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall Question [7:57893]
Spend no money and do this, read my how to here http://www.homenethelp.com/openbsd/bsd-firewall.asp This box can then be also used for a IDS so you can track the hacking I have had plenty of people email me saying it works great it is simple and written so boneheads like me can understand it. So if I can do it I know you can to. This makes your isp happy and also you happy because it keeps money in your pocket. Elijah Come ride the rage http://www.digitalrage.org -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 5:07 PM To: [EMAIL PROTECTED] Subject: Re: Firewall Question [7:57893] money no object, hardware based money an object, CBAC works well no moe money, ACLs Dave James Gruggett wrote: > > I have a friend that has a T1 going into his 1700 series cisco router. > His ISp has stated that someone has hacked into his Win2k server and > that he must put a firewall in place. > > Do you reccomend a software or hardware based firewall and what type. > > The network consist of 1 server, 1 switch, ans 10 workstations. > > Thanks > > [GroupStudy.com removed an attachment of type text/x-vcard which had a > name of james.gruggett.vcf] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57898&t=57893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bandwidth vs. latency [7:57899]
does anyone have a good reference (e.g., white paper) on the nature of bandwidth vs latency & the distinction bet/ the two? Timur Mirza Principal Network Engineer Network Planning & Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57899&t=57899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Host your site for just 20$/year [7:57900]
[TABLE NOT SHOWN] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57900&t=57900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EBGP and ip unnumbered [7:57901]
Folks, Anyone have any sample configs of 2 peers doing EBGP with both interfaces using ip unnumbered and pointing to loopback addresses? I don't even know if this can be done. Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57901&t=57901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EBGP and ip unnumbered [7:57901]
lucky you. I have my routers set up and this was an easy Q&D yes it can be done. you need: the proper interface configurations the proper bgp configurations the proper static routes, since the BGP peer addresses are not directly connected. in a way, this is much like the "bgp practice labs over the internet" things I do once in a while. example ( one side only ) router bgp 1 bgp log-neighbor-changes neighbor 222.222.222.8 remote-as 1 neighbor 222.222.222.8 ebgp-multihop 3 ip route 222.222.222.8 255.255.255.255 Serial0 interface Loopback1001 ip address 222.222.222.9 255.255.255.255 interface Serial0 ip unnumbered Loopback1001 the ebgp-multihop is required since the neighbor ip addresses are not on directly connected interfaces. the static route is required because otherwise, the router has no clue where to send packets destined for the BGP neighbor. ( I've been told that you can use a default-route, but in the past I have not had success that way ). HTH Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" ""Daren Presbitero"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Folks, > > Anyone have any sample configs of 2 peers doing EBGP with both interfaces > using ip unnumbered and pointing to loopback addresses? I don't even know > if this can be done. > > Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57902&t=57901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bootflash on an msfc [7:57903]
I'm having real problems booting an msfc on a 6509 Whenevere it boots and i do a show version it only displays the ROM: software loaded For all intents and purposes it seems fine, you can create vlan interfaces, you can create access lists and it routes fine, however it doesn't dispay the bootflash: VERSION etc etc etc when you do a show version Catalyst is running CATOs 6.3.(5) MSFC is running 12.1.2.E Anyone else seen this Thanks -Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57903&t=57903 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall Question [7:57893]
MADMAN wrote: > > money no object, hardware based > > money an object, CBAC works well > > no moe money, ACLs > > Dave With such a small site, personal firewall software on each of the computers might be a good option too. That could work out to be pretty cost-effective and certainly easy to install and configure. For additional security, combine the personal firewalls with access-control lists (ACLs) on the router or the Context-Based Access Control (CBAC) firewall feature set for the router. Elijah's BSD firewall looks like a good option too, especially considering it's an intrusion detection system (IDS) too. If the customer knows some UNIX and doesn't have money to spend, this would be a great choice. And James, please give your friend a bit of a talking to. ;-) Not using firewalls in this day and age is shockingly unwise. Please have him check all the computers for worms or Trojan horses that are busy attacking the rest of us. Thanks. Priscilla > > James Gruggett wrote: > > > > I have a friend that has a T1 going into his 1700 series > cisco router. > > His ISp has stated that someone has hacked into his Win2k > server and > > that he must put a firewall in place. > > > > Do you reccomend a software or hardware based firewall and > what type. > > > > The network consist of 1 server, 1 switch, ans 10 > workstations. > > > > Thanks > > > > [GroupStudy.com removed an attachment of type text/x-vcard > which had a name > > of james.gruggett.vcf] > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." > --Winston > Churchill > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57904&t=57893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Absolute minumum Lab setup [7:57879]
Mic, Here's the basics of what you need: Three Cisco 2501 routers Two Cisco 2503 routers One Cisco 2511 router One Cisco 2522 router One 2620 router One 2610 router Catalyst 3550 ISDN Simulator + misc. cables, modules, etc. Add a little ATM rack time, and you're good to go. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""Mic shoeps"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear all. > > What would be the absuolute minimum lab equipment setup for the CCIE R&S lab > without sacrifying crucial key elements? Some say I only need three 2501s > and a 3550. Others say I would need five 2521s, two 2620s, and one 3550. > There are so many types of 2500 & 2600 series that I really don't know which > one to choose from. > > Lastly, now that Token ring is out of the lab exam, do I still need a router > capable of it? Friend of mine is trying to sell me four 2502s. These days > you can fetch 2502 cheaper than 2501. But I heard it has no place in CCIE > lab setup. Is this true? Instead, would I be better off with couple 2501s > or anything higher than 2504? > > > Thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57885&t=57879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stateful NAT Failover [7:57857]
I've seen some stuff on Cisco, but it has only been for the 7500, 1, and 12000 series routers. I haven't read too closely, but it may only be for failover for RPs within the same chassis. It also seems to require the 12.0(22)S code, I'm not sure where that train was rolled into the 12.1 or 12.2 trains. Here is the only link I've seen so far that gives config commands: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 limit/120s/120s22/sso120s.htm#xtocid29 - Original Message - From: "Howard C. Berkowitz" To: Sent: Thursday, November 21, 2002 4:29 PM Subject: Stateful NAT Failover [7:57857] > I've been hunting for specific technical documentation on stateful > failover between NAT instances in two routers, or even PIX. I can > find lots of marketing references in the description of the Cisco > GRIP architecture, and details of stateful IPsec failover. No > details of NAT failover. > > On assorted search engines (Cisco and non-Cisco), it keeps coming > back to stateful packet inspection, but not NAT per se. > > By stateful NAT failover, assume the following scenario: > > R1 is primary and R2 is backup. R1 knows its mappings from outside > address/port to inside address/port. It shares this information with > R2, which remains passive. Presumably, inside routers use HSRP to > find the active NAT, which is on the DMZ. HSRP on the DMZ can tell > the Internet access routers which NAT is active. > > Does anyone know where this is documented, or is it simply considered > a subset of stateful packet inspection at the implementation, not > marketing, level? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57905&t=57857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bandwidth vs. latency [7:57899]
Mirza, Timur wrote: > > does anyone have a good reference (e.g., white paper) on the > nature of > bandwidth vs latency & the distinction bet/ the two? Well, the distinction is easy. They don't mean the same thing at all. A good site is Merriam Webster's online dictionary. The 2nd definition for bandwidth is: Bandwidth: the capacity for data transfer of an electronic communications system Latency, on the other hand, means delay. Websters isn't too helpful in this case, but might help you understand the origin of the word, which is related to dormancy. Cisco's Terms and Acronyms document has a couple definitions of latency, which are somewhat helpful: 1. Delay between the time a device requests access to a network and the time it is granted permission to transmit. 2. Delay between the time a device receives a frame and the time that frame is forwarded out the destination port. Those definitions allude to the many contributors to delay (latency) on a network: * media access time * queuing time at internetworking devices * processing time at internetworking devices and at the sender and receiver * serialization delay to send and receive bits at the rate specified by the bandwidth of the sending and receiving interfaces * propagation delay which is distance dependent and to a certain extent medium dependent, although most media support about 2/3 the speed of light Testing latency is reasonably easy. Just do some pings. Predicting, modeling, and simulating delay is advanced engineering. A few books cover it at a very basic level, including Top-Down Network Design by Oppenheimer, and Data Network Design by Spohn. Howard Berkowitz has written some RFCs that discuss performance measurement, if I recall. There are graduate level computer science classes that cover performance measurement in computer networks at many universities. And, finally, you can get some info from white papers written by vendors who sell modelling software. For example, try http://www.netpredict.com/ and http://www.opnet.com/. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > Timur Mirza > Principal Network Engineer > Network Planning & Engineering, West Region > 15505-B Sand Canyon Avenue > Irvine, California 92618 > Verizon Wireless > 949.286.6623 (o) > 949.697.7964 (c) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57906&t=57899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Is it worth it to pursue CCIE R&S and CCIE Security [7:57908]
Hi Everyone, My CCIE R&S lab is scheduled for December 2002 and Security is scheduled for January 2003. As the exam is approaching fast, I am beginning to wonder whether it is worth it to pursue the certification for several reasons. Let me explain 1) I just graduate with a Master degree in Computer Engineering at a university in the East Coast. I've been in the networking field for the past 20 months. I am currently working for a fortune 500 company as a network engineer. The pay is OK; however, the company is looking to downsize within the next couple of months. I think I will be out of work in the next couple of months. I've been looking for work for the past three months. At the moment, the job market is not that great and I've been having problem finding work. Last week I get an a job offer as an Oracle 9i DBA (I learn Oracle9i when I have free time and manage to get certified in 9i). I don't hate Oracle but networking is my first choice. If I can't find anything within the next few weeks, I would have no choice but to accept this position (it pays the bill). I know two colleagues that I am working with. They both have CCIEs (in the 5xxx #) and both are having problem finding work. None of them have been able to land new jobs for the past four months. They told me that the market is "flooded" with networking people and it is definitely an "employers" market. Both of these guys have at least 10 years of networking experience and it amazes me that they are having problem find work. To make the matter worse, even my own brother is a CCIE and he also is having problem find work. Granted that he only has two years of networking experience. Nevertheless, he has been looking for work for the past 5 months and no job offer. He is telling me the same thing that the market is "saturated" with networking folks. He has to compete with many qualified "unemployed" folks out there. That makes me question myself whether if it is worth it to pursue the CCIE R&S and CCIE Security given the market condition. These guys have years of experiences and "certified" and are without jobs. I would have virtually no chance with people like them even if I am CCIE certified. They are certified too. I know that it is too late to cancel the lab; however, this is just my personal feeling. I am wondering if anyone out there is feeling the same way. I would like to hear your take on this. Thanks. Adrian - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57908&t=57908 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mpls ios files /special [7:57910]
I'm unable to find the original posting on the location of the mpls files for the 25xx series @ cisco.com I remember someone posting them on here but the original post is not in the groupstudy.archives had a search in the specials dir on cisco.com but to no avail.. does anyone know the location to these files? ps. i'm not after dennis.laganiere's site - although it is a good one :-) cheers, mark. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57910&t=57910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Is it worth it to pursue CCIE R&S and CCIE Security [7:57911]
Adrian, Plz do not occupy yourself with these thoughts. You are about to go for ur labs, just go and pass them. You have lot of thime to think afterwards what is right and wrong. Dont forget that ur Double CCIE plus Oracle 9i certified staus gives u incredible edge over any candidate. So shred all these thoughts and go for ur labs. Good Luck Let us know when u get ur numbers! Good Luck again Shahid adrian jones wrote:Hi Everyone, My CCIE R&S lab is scheduled for December 2002 and Security is scheduled for January 2003. As the exam is approaching fast, I am beginning to wonder whether it is worth it to pursue the certification for several reasons. Let me explain 1) I just graduate with a Master degree in Computer Engineering at a university in the East Coast. I've been in the networking field for the past 20 months. I am currently working for a fortune 500 company as a network engineer. The pay is OK; however, the company is looking to downsize within the next couple of months. I think I will be out of work in the next couple of months. I've been looking for work for the past three months. At the moment, the job market is not that great and I've been having problem finding work. Last week I get an a job offer as an Oracle 9i DBA (I learn Oracle9i when I have free time and manage to get certified in 9i). I don't hate Oracle but networking is my first choice. If I can't find anything within the next few weeks, I would have no choice but to accept this position (it pays the bill). I know two colleagues that I am working with. They both have CCIEs (in the 5xxx #) and both are having problem finding work. None of them have been able to land new jobs for the past four months. They told me that the market is "flooded" with networking people and it is definitely an "employers" market. Both of these guys have at least 10 years of networking experience and it amazes me that they are having problem find work. To make the matter worse, even my own brother is a CCIE and he also is having problem find work. Granted that he only has two years of networking experience. Nevertheless, he has been looking for work for the past 5 months and no job offer. He is telling me the same thing that the market is "saturated" with networking folks. He has to compete with many qualified "unemployed" folks out there. That makes me question myself whether if it is worth it to pursue the CCIE R&S and CCIE Security given the market condition. These guys have years of experiences and "certified" and are without jobs. I would have virtually no chance with people like them even if I am CCIE certified. They are certified too. I know that it is too late to cancel the lab; however, this is just my personal feeling. I am wondering if anyone out there is feeling the same way. I would like to hear your take on this. Thanks. Adrian - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Shahid Muhammad Shafi "Every man dies; not every man really lives" remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57911&t=57911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300 Configuration Problem [7:57828]
you probably want to test with a ppp client like windows DUN client. ""Mamoon Dawood"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All, > > =20 > > I'm doing my first AS5300 installation, after configuration, I did the > first connection test by using my notebook and open a Hyper terminal > session then dial the AS5300,=20 > > The AS5300 software configuration guide says that after dialling from > the Hyper I must get The username & password prompt, but this is not > what I get, as I only see Connect 50660 then there is a rubbish on the > screen for around 30 seconds, then the line disconnects, > > Can anyone help me solve the problem, knowing that I teried with my > hyper and AS5300 speed settings with no luck, > > Thanks in advance, > > =20 > > [GroupStudy.com removed an attachment of type image/gif which had a name of > Blank Bkgrd.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57912&t=57828 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is it worth it to pursue CCIE R&S and CCIE Security [7:57913]
IMHO, it is certainly worth it to continue on your path. This economic condition will not last forever. Sooner or later solid technical people will again be in demand. Maybe not like it was during the boom, but for sure an environment where well-trained, decent people will easily be able to find jobs. I think deep down inside you know this to be true. Keep going, and if you need more encouragement, I do not doubt that this list is full of some very good individuals who can give it. Good hunting! -Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of adrian jones Sent: Friday, November 22, 2002 6:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: OT: Is it worth it to pursue CCIE R&S and CCIE Security Hi Everyone, My CCIE R&S lab is scheduled for December 2002 and Security is scheduled for January 2003. As the exam is approaching fast, I am beginning to wonder whether it is worth it to pursue the certification for several reasons. Let me explain 1) I just graduate with a Master degree in Computer Engineering at a university in the East Coast. I've been in the networking field for the past 20 months. I am currently working for a fortune 500 company as a network engineer. The pay is OK; however, the company is looking to downsize within the next couple of months. I think I will be out of work in the next couple of months. I've been looking for work for the past three months. At the moment, the job market is not that great and I've been having problem finding work. Last week I get an a job offer as an Oracle 9i DBA (I learn Oracle9i when I have free time and manage to get certified in 9i). I don't hate Oracle but networking is my first choice. If I can't find anything within the next few weeks, I would have no choice but to accept this position (it pays the bill). I know two colleagues that I am working with. They both have CCIEs (in the 5xxx #) and both are having problem finding work. None of them have been able to land new jobs for the past four months. They told me that the market is "flooded" with networking people and it is definitely an "employers" market. Both of these guys have at least 10 years of networking experience and it amazes me that they are having problem find work. To make the matter worse, even my own brother is a CCIE and he also is having problem find work. Granted that he only has two years of networking experience. Nevertheless, he has been looking for work for the past 5 months and no job offer. He is telling me the same thing that the market is "saturated" with networking folks. He has to compete with many qualified "unemployed" folks out there. That makes me question myself whether if it is worth it to pursue the CCIE R&S and CCIE Security given the market condition. These guys have years of experiences and "certified" and are without jobs. I would have virtually no chance with people like them even if I am CCIE certified. They are certified too. I know that it is too late to cancel the lab; however, this is just my personal feeling. I am wondering if anyone out there is feeling the same way. I would like to hear your take on this. Thanks. Adrian - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57913&t=57913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN PRI and CCIE lab [7:57868]
You dont need PRI for the CCIE R&S nor CCIE Security labs. For the C&S lab, I think it does have a PRI in it, but Im not sure. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Voice: 702-968-5100 FAX: 702-968-5104 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57907&t=57868 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Absolute minumum Lab setup [7:57879]
At 2:30 PM + 11/22/02, Mic shoeps wrote: >Dear all. > >What would be the absuolute minimum lab equipment setup for the CCIE R&S lab >without sacrifying crucial key elements? Some say I only need three 2501s >and a 3550. Others say I would need five 2521s, two 2620s, and one 3550. >There are so many types of 2500 & 2600 series that I really don't know which >one to choose from. I'd be inclined to say you need a second switch, or, minimally, a switch with dual Fast Ethernet interfaces so you can practice Fast EtherChannel, switch handling of VLANs, etc. That switch need not be a 3550. Six routers are pretty much the minimum to try out what the general wisdom says are adequately complex scenarios, especially since the two 3550s in the new lab have routing capability. A seventh router, which can be as simple as a 2501/2, adds a great deal of flexibility in generating test routes, etc. Depending on your UNIX skill level, a PC or two running Zebra might be just as, or more useful. Having two PCs for source and destination is really helpful for QoS practice, since you can only generate a limited range of traffic on the routers. Potentially, the PC can have a multiple serial card and handle the reverse telnet server function. You'd have to compare costs on what you have available. > >Lastly, now that Token ring is out of the lab exam, do I still need a router >capable of it? Friend of mine is trying to sell me four 2502s. These days >you can fetch 2502 cheaper than 2501. But I heard it has no place in CCIE >lab setup. As long as you are not dealing with VLANs, the difference between TR and Ethernet, for purposes of interconnecting routers, is trivial. You should have some Ethernet interfaces to be compatible with the switch, >Is this true? Instead, would I be better off with couple 2501s >or anything higher than 2504? Depends in part whether you feel you need to have your own facilities to practice ISDN, ATM, FastEthernet & VLANs, etc. You might decide these are things for which you'd want to rent rack time. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57914&t=57879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Weird MC3810-VCM6 error [7:57916]
Hi group. I'd like to know if anyone else has seen this strange error in MC3810 with VCM6. Basically, if I load an IOS that has no Voice feature, the card is detected as. 1 6-DSP(slot2) Voice Compression Module(v01.K0) and the router boots fine. If I load any image with Voice, the card is detected as. 1 6-DSP(slot2) High Performance Compression Module(v01.K0) and the router loops with this error. c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57916&t=57916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed cit. that's a wrap on ccnp [7:57741]
sorry, i was out of town the past few days in sunny detroit. sounds like we agree - the answer is "it depends." thanks all. - Original Message - From: "Elwood P. Suggins" To: Sent: Thursday, November 21, 2002 6:00 PM Subject: RE: passed cit. that's a wrap on ccnp [7:57741] > huh.. i guess that all depends on what kind of experience you have. Routing > is the hardest, support, remote access, switching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57915&t=57741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird MC3810-VCM6 error [7:57916]
This is just a hunch, but could you possibly have a high performance VCM in a non-V3 MC3810 (i.e., MC3810 or MC3810-V)? It will say on the back of the chassis what type it is. Only the V3 model supports the high performance VCM, so using one in a non-V3 might cause that error... James Willard [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of cebuano Sent: Friday, November 22, 2002 11:29 PM To: [EMAIL PROTECTED] Subject: Weird MC3810-VCM6 error [7:57916] Hi group. I'd like to know if anyone else has seen this strange error in MC3810 with VCM6. Basically, if I load an IOS that has no Voice feature, the card is detected as. 1 6-DSP(slot2) Voice Compression Module(v01.K0) and the router boots fine. If I load any image with Voice, the card is detected as. 1 6-DSP(slot2) High Performance Compression Module(v01.K0) and the router loops with this error. c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57917&t=57916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ppp multilink problem [7:57918]
Hi Group, As the ouput of the show dialer command shows it, my ISDN router r2 has successfully established an ISDN connection to r5 and the ppp multilink is working fine. The problem is that i am receiving a cryptic console message every few seconds and it looks like an error message. Can some one tell me what that is ? Thanks r2-2516#show dial BRI0 - dialer type = ISDN Rotary group 1, priority = 0 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is multilink member Dial reason: ip (s=12.0.0.2, d=10.10.10.2) Connected to 8358664 (r5) BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is multilink member Connected to 8358664 (r5) Dialer1 - dialer type = IN-BAND SYNC NO-PARITY Load threshold for dialing additional calls is 70 Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dial String Successes FailuresLast called Last status 8358664 2 000:04:54 successful r2-2516# Mar 1 00:30:04.099: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:30:34.107: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:31:04.219: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:31:34.239: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:32:04.343: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:32:34.371: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57918&t=57918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ppp multilink problem [7:57919]
Hi Group, As the output of the show dialer command shows it, my ISDN router r2 has successfully established an ISDN connection to r5 and the ppp multilink is working fine. The problem is that i am receiving a cryptic console message every few seconds and it looks like an error message. Can some one tell me what that is ? Thanks r2-2516#show dial BRI0 - dialer type = ISDN Rotary group 1, priority = 0 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is multilink member Dial reason: ip (s=12.0.0.2, d=10.10.10.2) Connected to 8358664 (r5) BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is multilink member Connected to 8358664 (r5) Dialer1 - dialer type = IN-BAND SYNC NO-PARITY Load threshold for dialing additional calls is 70 Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dial String Successes FailuresLast called Last status 8358664 2 000:04:54 successful r2-2516# Mar 1 00:30:04.099: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:30:34.107: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:31:04.219: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:31:34.239: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:32:04.343: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Mar 1 00:32:34.371: %LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Virtual-Access1 -Process= "Multilink PPP out", ipl= 0, pid= 48 -Traceback= 1560E8 2B4FBC 2B5596 159E0A 2AD488 r2-2516# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57919&t=57919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is it worth it to pursue CCIE R&S and CCIE Security [7:57920]
> > > > That makes me question myself whether if it is worth it to pursue > > the CCIE R&S and CCIE Security given the market condition. These > > guys have years of experiences and "certified" and are without jobs. > > I would have virtually no chance with people like them even if I am > > CCIE certified. They are certified too. > > > > I know that it is too late to cancel the lab; however, this is just my > > personal feeling. I am wondering if anyone out there is feeling the > > same way. I would like to hear your take on this. I am going to differ from the other respondents to your question and answer your question this way. The only person who can truly say whether something is worth doing or not is you. Nobody else can make that decision for you. However, what I can do is offer you a framework upon you can base your decision whether it is worth it or not. *What does it mean by be 'worth it'? The notion of something being 'worth it' is essentially a calculation of whether the money and resources you would need to spend to do that thing could or could not be better spent doing something else. Instead of spending your time studying for the R/S lab, for example, would it be better for you to spend that time studying some other technology? Maybe. It depends on a host of factors - what you like to do, what technologies you have access to, and that kind of thing. However, this exposes some of the responses I've seen here as being overly simplistic. Many people are going to respond by telling you to continue your pursuit of the labs because doing so will do nothing but help you. Well, of course it will help. Everything helps. But that's not the point. Getting a MBA, JD, PhD, MD, MFA, and every other degree out there will help you too. But does that mean you should go and pursue all of them? Or, to give you an extreme example, should a lawyer spend time studying for a medical degree? Probably not. Let's face it - nobody just grabs designations and certifications just for fun, they do it because they are trying to advance their career. It's a return-on-investment kind of thing. Businesses don't invest resources just for the hell of it, they do it because they want to get a return on their investment, and they want to invest their resources into whatever will get them the greatest return. The same is true of you - you want to put your time and money into doing something that will net you the best return. * Saturation Let's face it - there are a lot of people who know networking out there, and due to the death spiral of the telcos, not much demand for for that kind of knowledge. Knowledge of complex networking is simply not as important as it was just a few years ago. By learning Cisco routing/switching and/or Cisco security, let's be honest here, you're not really distinguishing yourself from the crowd, because a lot of other people know it too. On the other hand, there are many aspects of networking that not that many people know. IP telephony, for example, is still very much a black-art. Storage switch technology like stuff from Brocade, McData, and (soon) Cisco is almost certainly going to be another. "True" security knowledge (of a level many many times deeper than the CCIE-Security could ever be) is yet another. The point is that you simply can't count on expertise of plain-vanilla networking to land you a job anymore. *The power of experience I've always been of the opinion that lab-study should always be something you do on the side to accompany a real networking job. Lab-study should never be used in place of a real job, for a number of reasons, not least of which is that you meet many more people through a real job than through studying in a lab. Let's face it, when it comes to finding work, it's really not what you know, it's who you know. Looking at this from the lens of being 'worth it', I would argue that instead of a person constantly studying in a lab for his exam, perhaps that person could better spend that time working at a job, even as a volunteer. Otherwise, consider the case of the lab-guy passing the lab and still not being able to find work whereas the guy who instead took whatever odd jobs he could find gets hooked up for employment through somebody he met. *Conclusion Again, none of this is to say that you shouldn't spend your time studying for the exams. Maybe you should, maybe you shouldn't. That is a choice that only you are qualified to make. But what you should do is take a look at all the alternatives available to you and make a decision accordingly. Lab preparation takes time and money (especially time), and time and money are the 2 most valuable resources in life. You should use your resources wisely. > > > > Thanks. > > Adrian > > > > > > > > - > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57920&t=57920
RE: Weird MC3810-VCM6 error [7:57916]
Well, I know I don't have the V model, but I didn't know that a high performance VCM shows up as a regular VCM unless a V model and a VOIP image are used. If someone can confirm this, then I'd rather keep this card because at the price I paid it is a bargain. Thanks. -Original Message- From: James Willard [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 11:53 PM To: 'cebuano'; [EMAIL PROTECTED] Subject: RE: Weird MC3810-VCM6 error [7:57916] This is just a hunch, but could you possibly have a high performance VCM in a non-V3 MC3810 (i.e., MC3810 or MC3810-V)? It will say on the back of the chassis what type it is. Only the V3 model supports the high performance VCM, so using one in a non-V3 might cause that error... James Willard [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of cebuano Sent: Friday, November 22, 2002 11:29 PM To: [EMAIL PROTECTED] Subject: Weird MC3810-VCM6 error [7:57916] Hi group. I'd like to know if anyone else has seen this strange error in MC3810 with VCM6. Basically, if I load an IOS that has no Voice feature, the card is detected as. 1 6-DSP(slot2) Voice Compression Module(v01.K0) and the router boots fine. If I load any image with Voice, the card is detected as. 1 6-DSP(slot2) High Performance Compression Module(v01.K0) and the router loops with this error. c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 c54x_state_readyWARNING: DSP type unknown & defaulted to C542 Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57921&t=57916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Apparent packet loss... [7:57922]
I need to trouble shoot some apparent packet loss on a 7206VXR with a NSE-1. Weve had some folks downstream of us say that doing traceroutes to their network through us that packets are dropping on our router. I'd like to find a way to actually see if this is the case. I'm kind of concerned that it handling too much traffic for the backplane. It has 6 Faste connections, one of which is going to our upstream that handles on avg about 15 Megs out and about 18 Megs in. One item of note is this router is connected to our upstream providers router via faste connection to their 7204vxr which handles a radio based DS3 for our primary connectivity. They have told us to config our ethernet port to half duplex so packets will be retransmitted if they get lost in their ATM cloud so we have a fairly high collison rate on this port. I dont know enough about ATM to say if this is good or bad...? We policy route and use ip route-cache policy on each interface. Main interfaces show no drops on the input side on the two busiest faste ports: Output queue 0/40, 0 drops; input queue 0/75, 0 drops Output queue 0/40, 1466359 drops; input queue 0/75, 0 drops Output side here we rate-limit outgoing P2P stuff a bit. CPU usage is about 20-25% on avg depending on time of day. Been hunting on CCO about the NSE-1 to find out what it can handle PPS wise but nothing so far except stuff on PXF and CEF and how great the NSE-1 is. Anyone know PPS for this device? CEF is not turned on but wondering if it would make a diff? Customer is doing traceroutes from http://visualroute.visualware.com and doing our own it does indeed show packet loss starting at our router. Though I'm not one to take that at face value. Anyway to acutally tell for certain if the router is dropping packets? thanks for any input. Keith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57922&t=57922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is it worth it to pursue CCIE R&S and CCIE Security [7:57923]
I think it is one of those certs that people go, "Wow, how hard was that". That is, if the person has any clue about IT. All the cert does is allow a potential employer some idea of what you can do. By passing the CCIE you show that you understand Cisco products, you can think/reason quickly and you are able to learn. Remember no matter how smart (or dumb) a CCIE is, they don't know everything. Since, you have only been in networking for 20 months, which might be the reason for low pay even with the masters. But, if you have been in IT for longer you probably are underpaid. This is a bad time for IT because every hiring manager is hearing that there is glut of IT workers out there. That also could be why you can't find a job. Personally, I think a lot of the fat has been cut in companies that hired too many people to begin.with (ex. The Lotus Notes guy that won't do any other task then Notes). Or it could be that you don't live near a major city that needs your skills. I think next year IT managers will realize they need smart people that will work after they trim all of the fat. Also, remember that to make more money you generally need to move to a different company. Why do you think you will be out of work? Also, your friends might not be looking in the right places. My job was never listed in any paper or website. It was only listed to a staffing company that was a respected company and they don't take money for there service. The company that hired me paid them. The CCIE is the best cert out there. Because of recognition and the work involved getting it. It shows that you are capable of understanding difficult concepts. If you decide to stay in IT it won't hurt to have it on your resume. - Original Message - From: "adrian jones" To: ; Sent: Friday, November 22, 2002 9:52 PM Subject: OT: Is it worth it to pursue CCIE R&S and CCIE Security > Hi Everyone, > > My CCIE R&S lab is scheduled for December 2002 and Security is scheduled > > for January 2003. As the exam is approaching fast, I am beginning to wonder > > whether it is worth it to pursue the certification for several reasons. Let me > > explain > > 1) I just graduate with a Master degree in Computer Engineering at a > > university in the East Coast. I've been in the networking field for the past > > 20 months. I am currently working for a fortune 500 company as a > > network engineer. The pay is OK; however, the company is looking > > to downsize within the next couple of months. I think I will be > > out of work in the next couple of months. I've been looking for work > > for the past three months. At the moment, the job market is not that great > > and I've been having problem finding work. Last week I get an a job > > offer as an Oracle 9i DBA (I learn Oracle9i when I have free time and > > manage to get certified in 9i). I don't hate Oracle but networking is > > my first choice. If I can't find anything within the next few weeks, I > > would have no choice but to accept this position (it pays the bill). > > I know two colleagues that I am working with. They both have CCIEs > > (in the 5xxx #) and both are having problem finding work. None of them > > have been able to land new jobs for the past four months. They told > > me that the market is "flooded" with networking people and it is > > definitely an "employers" market. Both of these guys have at least > > 10 years of networking experience and it amazes me that they are > > having problem find work. > > > > To make the matter worse, even my own brother is a CCIE and he > > also is having problem find work. Granted that he only has two years > > of networking experience. Nevertheless, he has been looking for > > work for the past 5 months and no job offer. He is telling me the same > > thing that the market is "saturated" with networking folks. He has to > > compete with many qualified "unemployed" folks out there. > > > > That makes me question myself whether if it is worth it to pursue > > the CCIE R&S and CCIE Security given the market condition. These > > guys have years of experiences and "certified" and are without jobs. > > I would have virtually no chance with people like them even if I am > > CCIE certified. They are certified too. > > > > I know that it is too late to cancel the lab; however, this is just my > > personal feeling. I am wondering if anyone out there is feeling the > > same way. I would like to hear your take on this. > > > > Thanks. > > Adrian > > > > > > > > - > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57923&t=57923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
i need simple vpn connection [7:57924]
I have a dsl modem at my office and my wife uses a cable modem at home. I would like to network the two computers (one at each location)with VPN. Can anyone give me a very basic and simple way of connecting using either a software ( vpn-dial in ) or inexpensive hardware ? _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57924&t=57924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
