date:20021215

Re: problem with reflexive access list [7:59232]

2002-12-15 Thread John Tafasi

Thank you Brian that was why it did not work. Now it is working .

- Original Message -
From: "Brian Dennis" 
To: "'John Tafasi'" ; "'Cisco Group Study'"
; "'ccielab'" 
Sent: Saturday, December 14, 2002 12:35 PM
Subject: RE: problem with reflexive access list


> You also misspelled "outboundfilter" when you applied it to Ethernet 0.
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
>
> -Original Message-
> From: John Tafasi [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 13, 2002 11:43 PM
> To: Brian Dennis; 'Cisco Group Study'; 'ccielab'
> Subject: Re: problem with reflexive access list
>
> I tried that too and it did not work.
> - Original Message -
> From: "Brian Dennis" 
> To: "'John Tafasi'" ; "'Cisco Group Study'"
> ; "'ccielab'" 
> Sent: Friday, December 13, 2002 11:56 PM
> Subject: RE: problem with reflexive access list
>
>
> > John,
> > By default packets sourced by the router will not be affected by an
> > outbound ACL. Since the outbound ACL does not "see" the telnet traffic
> > sourced by the router, the router does not add an entry to the inbound
> > ACL to allow the traffic to return. Try telneting from behind R5.
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
> Of
> > John Tafasi
> > Sent: Friday, December 13, 2002 4:32 PM
> > To: Cisco Group Study; ccielab
> > Subject: problem with reflexive access list
> >
> > Hello,
> >
> > I have a problem telneting from r5 to r2 when reflexive ip access list
> > is
> > configured. Without the reflexive access list, the telnet will work
> > fine.
> > The two routers are directly connect via their ethernet 0 interfaces.
> > Could
> > some one find out what is wrong with my configuration. Both routers
> are
> > using their ethernet ip addresses for source and destination of the
> > telnet
> > traffic.
> >
> >
> > hostname r5
> > !
> > ip reflexive-list timeout 1000
> > !
> > ip access-list extended inboundfilter
> >  permit igrp any any
> >  evaluate tcptraffic
> > ip access-list extended outboundfilter
> >  permit tcp any any reflect tcptraffic timeout 5000
> > !
> > interface Ethernet0
> >  ip address 10.10.110.3 255.255.255.0
> >  ip access-group inboundfilter in
> >  ip access-group outboundfiler out
> >  ntp disable
> >
> > 
> >
> > hostname r2
> > !
> > interface Ethernet0
> >  ip address 10.10.110.16 255.255.255.0
> > .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59232&t=59232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

All doors are closed.. [7:59233]

2002-12-15 Thread ciscoGo2002

Hello folks,

A friend of mine have a serius problem with a Cisco 
1720 router. This router has the console port broken,
it doesn't work. He usually get into the router using 
the aux port in order to configure the device.They
tried to download a new config using Cisco Config
Maker and downloading it by de aux port. The result is
that now the aux port is closed and the Ethernet port
doesn't respond anymore. We don't know what happened
with Cisco Config Maker, the real important thing is 
that we need to recover the access to the router. We
cannot use the console port because it is broken, the 
aux port is closed (I guess that Cisco Config Maker
closed it by default), and the ethernet is not
responding (maybe Cisco Works put it in shut??). All 
the doors are closed!!! There is no time, we need to
install this box this week!!! Help!
We have read the cisco cco and the 1720 has a dimm
memory and a miniflash memory, (please correct us if
we are wrong). We suppose that the miniflash memory
stores the config (it works like nvram too?) and if we
can open the box and replace this mini-flash with
another one maybe it will work again...
We really appreciate your help, and my friend will pay
one beer if you can send us any idea...

Very important: Please send your reply with a copy to
these address: [EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED] because we have a
problem with our mail...

Thanks a lot!



___
Yahoo! Sorteos
Consulta si tu nzmero ha sido premiado en
Yahoo! Sorteos http://loteria.yahoo.es




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59233&t=59233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: you American need to think [7:38323]

2002-12-15 Thread MikeS

You know that brothers always fight among themselves until the chips are
down.

We've helped each other back and forth over the years and not just in the
published accounts. There is much more in the black world that will never be
published.

We also have fought a war between us and  had countless snipping and
chestbeating.  Some of it I think is we are too much alike at times. Its
always easier to see your own faults in someone else then yourself.

MikeS

""geek""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Gaz""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> >We're probably more on the same side than ever before and we still can't
> get
> > on.
>
>
> Sure we can Gaz, that was a great reply  :^)
>
> we are all one huge family, it's a sin how we fight amongst each other...
> but what's even worse is the things we fight about...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59235&t=38323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WIC-1t Compatibility [7:59223]

2002-12-15 Thread Phil Lorenz

I have a 2620 here @ the house and I purchased a new WIC-1T, with the
semi annoying thin blade connector, off of Ebay.  I installed the
interface and it is not recognized by the router.  I replaced this
module with a known good WIC-2T and everything worked perfectly.

 

Any advice here?

 

Thanks

Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59223&t=59223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCRAN 640-605 test [7:59234]

2002-12-15 Thread Ravi Annadanam

Hello all,

planning to take Remote Access test soon. I know from Cisco Blueprint that
there are simulations in the BCRAN test. are they based on 700 series or
regular IOS ?

also the Boson simulation does not seem to have labs on BCRAN. (atleast the
one I downloaded?. any input is appreciated. thanks,

Ravi.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59234&t=59234
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mac network [7:58945]

2002-12-15 Thread mjans001

Always harcode L2 speeds with mac, especially on the switch and server.

Martijn

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Dwayne
Saunders
Verzonden: woensdag 11 december 2002 17:32
Aan: [EMAIL PROTECTED]
Onderwerp: Mac network [7:58945]


Hi all Mac users
I have a small problem with a network that I was asked to look
at there is 6 end user machines and 1 server all connected via a switch
the problem is that when connected to the switch network transfers to
and from the server are very slow i.e. 100meg file take approx 18
minutes 
Now I have swapped the cheap $100 switch out and replaced it with a
another one from the supplier still the same problem I then replaced the
switch with a hub and now everything flies along The Mac's are running
9.2 os and from what I can see without doing a network capture there is
speed and duplex conflict these settings cant be changed on this os.

So any help with this would be greatly appreciated.

Regards

D'Wayne Saunders
Data Network Administrator

Phone:  +61 8 8950 7742
Mobile: +61 412 832 322
Fax:  +61 8 8952 1112

www.lasseters.com.au
  
World's First Government Licensed and Regulated Online Casino...



***
This email message (and attachments) may contain information that is
confidential to Lasseters Online. If you are not the intended recipient
you cannot use, distribute or copy the message or attachments. In such a
case, please notify the sender  by return email immediately and erase
all copies of the message and attachments. Opinions, conclusions and
other information in this message and attachments that do not relate to
the official business of Lasseters Online are neither given nor endorsed
by it.


***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59228&t=58945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

dialer remote name/ppp chap hostname [7:59224]

2002-12-15 Thread Keith Steller

Hi all-

I have a question regarding chap. I configured a dialer profile and used
chap, I then specified the "dialer remote name" and then set the password on
the remote peer. Then I added the "ppp chap hostname" and ppp chap password"
on each side with passwords. Although I did see both sides authenticating
successfully via debug ppp neg, the link didnt come up. I had to remove the
"dialer remote name" on both sides. I assume the dialer remote name takes
some precedence over the ppp chap hostname command. Anyone have any input on
this one for me? Here are my configs.

r3
!
interface Dialer15
 ip address 155.100.31.3 255.255.255.0
 encapsulation ppp
 ip ospf cost 
 ip ospf demand-circuit
 dialer pool 15
 dialer idle-timeout 25
 dialer wait-for-carrier-time 60
 dialer string 5551234
 dialer string 5551235
 dialer hold-queue 10
 dialer load-threshold 2 either
 dialer-group 1
 ppp max-bad-auth 5
 ppp chap hostname router3
 ppp chap password 7 070C22454B
 ppp multilink
!

r1
!
!
interface Dialer15
 ip address 155.100.31.1 255.255.255.0
 encapsulation ppp
 ip ospf cost 
 ip ospf demand-circuit
 dialer pool 15
 dialer idle-timeout 25
 dialer string 5554000
 dialer string 5554001
 dialer hold-queue 10
 dialer load-threshold 2 either
 dialer-group 1
 ppp max-bad-auth 5
 ppp chap hostname router1
 ppp chap password 7 1511080501
 ppp multilink
!

03:22:54: BR0/0:1 LCP: State is Open
03:22:54: BR0/0:1 PPP: Phase is AUTHENTICATING, by both
03:22:54: BR0/0:1 CHAP: Using alternate hostname router3
03:22:54: BR0/0:1 CHAP: O CHALLENGE id 74 len 28 from "router3"
03:22:54: BR0/0:1 CHAP: I CHALLENGE id 79 len 28 from "router1"
03:22:54: BR0/0:1 CHAP: Using alternate hostname router3
03:22:54: BR0/0:1 CHAP: O RESPONSE id 79 len 28 from "router3"
03:22:54: BR0/0:1 CHAP: I SUCCESS id 79 len 4
03:22:54: BR0/0:1 CHAP: I RESPONSE id 74 len 28 from "router1"
03:22:54: BR0/0:1 CHAP: O SUCCESS id 74 len 4
03:22:54: BR0/0:1 PPP: Phase is VIRTUALIZED
03:22:54: Di15 PPP: Phase is UP


When I add the dialer remote names on both sides.


03:25:08: BR0/0:1 LCP: State is Open
03:25:08: BR0/0:1 PPP: Phase is AUTHENTICATING, by both
03:25:08: BR0/0:1 CHAP: Using alternate hostname router3
03:25:08: BR0/0:1 CHAP: O CHALLENGE id 82 len 28 from "router3"
03:25:08: BR0/0:1 CHAP: I CHALLENGE id 87 len 28 from "router1"
03:25:08: BR0/0:1 CHAP: Using alternate hostname router3
03:25:08: BR0/0:1 CHAP: O RESPONSE id 87 len 28 from "router3"
03:25:08: BR0/0:1 CHAP: I SUCCESS id 87 len 4
03:25:36529013660: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to
5551234 router1


I guess the reason I am confused, is both routers seem to know the other
peers correct hostname and password and they authenticate successfully. Why
wont the call proceed? They seem to reach my max-auth of 5 and stop.

Thanks in advance,

K




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59224&t=59224
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Totlly Completely Off Topic - cynical humor [7:59236]

2002-12-15 Thread The Long and Winding Road

For some reason I woke up cynical this morning. Probably because I have to
work today troubleshooting a customer site that someone else designed and
sold. :-<


Calvin: I've decided that everyone has his price. Anyone can be bought if
the price is right.

Hobbes: What's your price?

Calvin: Two bucks, cold hard cash!

Hobbes: What's sad is not that we can be bought, but that the price is so
low.



--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59236&t=59236
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WIC-1t Compatibility [7:59223]

2002-12-15 Thread The Long and Winding Road

first thing that always comes to my mind is IOS version. My quick check on
CCO did not reveal anything that jumped out at me, but you never can tell.
What IOS are you using?

( as an aside, I notice that images for the 2600 series routers have become
really bloated lately. some of the newer stuff requires a lot more flash
than is possible in the older 26xx lines )

BTW, for everyone who's interested, here is a link to the Cisco public
configuration tool. Does not give pricing, but can be useful in figuring out
what you need, assuming you can put up with the slow speed.


http://www.cisco.com/appcontent/apollo/configureHomeGuest.html

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Phil Lorenz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a 2620 here @ the house and I purchased a new WIC-1T, with the
> semi annoying thin blade connector, off of Ebay.  I installed the
> interface and it is not recognized by the router.  I replaced this
> module with a known good WIC-2T and everything worked perfectly.
>
>
>
> Any advice here?
>
>
>
> Thanks
>
> Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59237&t=59223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bandwidth control ? [7:59238]

2002-12-15 Thread Mohannad Khuffash

Hello,

How I can limit the bandwidth to specific value for some type of traffic
while keeping the other traffic's bandwidth unlimited, of course this is at
the same link?

Thanks in advance



Mohannad Khuffash


--







Mohannad  Khuffash
Network Administrator
Palestine Telecom
Tel: 00970-9-2390509
Mobile:00970-59-579528




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59238&t=59238
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem with Ping [7:59239]

2002-12-15 Thread Deepak Achar

Hi all
   I am facing problem in pinging. I am attaching the running configuration
of the two routers. From the router central i have defined a default route
to my backbone. i can access the internet through this. I have defined the
ethernet interface in the same network as backbone network. i am able to
ping to the external network.
  The second router remote, i have connected through adsl to central.i am
able to reach the last point in the router central, that is, the ethernet
interface in central. But i can not ping to the external network. I can not
ping to the default gateway also. i have defined a default route through the
interface atm0.
  when i give debug ip packet, i am able to see the icmp request from the
router remote. but sometimes i receive the icmp type 8 and code 0 output
from the router central.
  please could some body help me out in this.


Thanks and regards
Deepak


Remote router

Building configuration...

Current configuration : 762 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname remote
!
memory-size iomem 25
!
ip subnet-zero
!
!
!
!
!
interface Ethernet0
 ip address 172.16.10.11 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 dsl power-cutback 0
!
interface ATM0.1 point-to-point
 ip address 192.168.10.11 255.255.255.0
 pvc 16/100
  protocol ip 192.168.10.1
  encapsulation aal5mux ip
 !
!
router rip
 network 172.16.0.0
 network 192.168.10.0
!
ip classless
ip route 10.0.0.0 255.0.0.0 ATM0
ip http server
!
no cdp run
!
line con 0
 no modem enable
 stopbits 1
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

remote#debug ip pa
IP packet debugging is on
remote#ping 10.77.152.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.77.152.129, timeout is 2 seconds:

*Mar  1 03:03:19.975: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:03:21.975: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:03:23.975: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:03:25.975: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:03:27.975: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
Success rate is 0 percent (0/5)
remote#



remote#ping 10.77.152.219

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.77.152.219, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/28 ms
remote#
*Mar  1 03:05:16.579: IP: s=192.168.10.11 (local), d=10.77.152.219 (ATM0.1),
len 100, sending
*Mar  1 03:05:16.603: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
(ATM0.1), len 100, rcvd 3
*Mar  1 03:05:16.603: IP: s=192.168.10.11 (local), d=10.77.152.219 (ATM0.1),
len 100, sending
*Mar  1 03:05:16.623: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
(ATM0.1), len 100, rcvd 3
*Mar  1 03:05:16.623: IP: s=192.168.10.11 (local), d=10.77.152.219 (ATM0.1),
len 100, sending
*Mar  1 03:05:16.643: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
(ATM0.1), len 100, rcvd 3
*Mar  1 03:05:16.647: IP: s=192.168.10.11 (local), d=10.77.152.219 (ATM0.1),
len 100, sending
*Mar  1 03:05:16.667: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
(ATM0.1), len 100, rcvd 3
*Mar  1 03:05:16.671: IP: s=192.168.10.11 (local), d=10.77.152.219 (ATM0.1),
len 100, sending
*Mar  1 03:05:16.695: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
(ATM0.1), len 100, rcvd 3





remote#ping 10.77.152.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.77.152.129, timeout is 2 seconds:

*Mar  1 03:07:29.547: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:07:31.547: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:07:33.547: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:07:35.547: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
*Mar  1 03:07:37.547: IP: s=192.168.10.11 (local), d=10.77.152.129 (ATM0.1),
len 100, sending.
Success rate is 0 percent (0/5)






Central router

Current configuration : 882 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname central
!
!
ip subnet-zero
ip name-server 192.122.173.131
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
interface Ethernet0
 ip address 10.77.152.219 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 ip address 192.168.10.1 255.255.255.0
 pvc 15/100
  protocol ip 255.255.255.255 broadcast
  encapsulation aal5mux ip
 !
!
router rip
 network 10.0.0.0
 network 192.168.10.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.77.152.129
ip route 172.16.10.0 255.255.255.0 ATM0

Off Topic but interesting - R&S networking future? [7:59241]

2002-12-15 Thread The Long and Winding Road

right up NRF's alley. Certainly for those considering their futures,
something worth considering as part of the mix.

http://cookreport.com/11.10.shtml

Can't afford the un-snipped version right now, but since I work for a telco,
and I recognize the issues described, and have read all the top corporate
executive e-mails that are doled out to us worker bees, I enjoyed the
counter arguments presented here.

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59241&t=59241
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem with Ping [7:59239]

2002-12-15 Thread The Long and Winding Road

on your central router - where is 10.77.152.129? I don't see it as an
attached interface in your configuration.

what does your "show ip route" reveal? on both routers?

also, I don't see a default route on your remote - just the router to the
10. network, which actually should be unnecessary, given that your central
router should be advertising the 10 network to the remote.

can you provide the complete outputs of show ip interface brief and show ip
route from the central router?

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Deepak Achar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all
>I am facing problem in pinging. I am attaching the running
configuration
> of the two routers. From the router central i have defined a default route
> to my backbone. i can access the internet through this. I have defined the
> ethernet interface in the same network as backbone network. i am able to
> ping to the external network.
>   The second router remote, i have connected through adsl to central.i am
> able to reach the last point in the router central, that is, the ethernet
> interface in central. But i can not ping to the external network. I can
not
> ping to the default gateway also. i have defined a default route through
the
> interface atm0.
>   when i give debug ip packet, i am able to see the icmp request from the
> router remote. but sometimes i receive the icmp type 8 and code 0 output
> from the router central.
>   please could some body help me out in this.
>
>
> Thanks and regards
> Deepak
>
>
> Remote router
>
> Building configuration...
>
> Current configuration : 762 bytes
> !
> version 12.2
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname remote
> !
> memory-size iomem 25
> !
> ip subnet-zero
> !
> !
> !
> !
> !
> interface Ethernet0
>  ip address 172.16.10.11 255.255.255.0
>  hold-queue 100 out
> !
> interface ATM0
>  no ip address
>  no atm ilmi-keepalive
>  dsl operating-mode auto
>  dsl power-cutback 0
> !
> interface ATM0.1 point-to-point
>  ip address 192.168.10.11 255.255.255.0
>  pvc 16/100
>   protocol ip 192.168.10.1
>   encapsulation aal5mux ip
>  !
> !
> router rip
>  network 172.16.0.0
>  network 192.168.10.0
> !
> ip classless
> ip route 10.0.0.0 255.0.0.0 ATM0
> ip http server
> !
> no cdp run
> !
> line con 0
>  no modem enable
>  stopbits 1
> line aux 0
> line vty 0 4
> !
> scheduler max-task-time 5000
> end
>
> remote#debug ip pa
> IP packet debugging is on
> remote#ping 10.77.152.129
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.77.152.129, timeout is 2 seconds:
>
> *Mar  1 03:03:19.975: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:03:21.975: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:03:23.975: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:03:25.975: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:03:27.975: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> Success rate is 0 percent (0/5)
> remote#
>
>
>
> remote#ping 10.77.152.219
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.77.152.219, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/28 ms
> remote#
> *Mar  1 03:05:16.579: IP: s=192.168.10.11 (local), d=10.77.152.219
(ATM0.1),
> len 100, sending
> *Mar  1 03:05:16.603: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
> (ATM0.1), len 100, rcvd 3
> *Mar  1 03:05:16.603: IP: s=192.168.10.11 (local), d=10.77.152.219
(ATM0.1),
> len 100, sending
> *Mar  1 03:05:16.623: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
> (ATM0.1), len 100, rcvd 3
> *Mar  1 03:05:16.623: IP: s=192.168.10.11 (local), d=10.77.152.219
(ATM0.1),
> len 100, sending
> *Mar  1 03:05:16.643: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
> (ATM0.1), len 100, rcvd 3
> *Mar  1 03:05:16.647: IP: s=192.168.10.11 (local), d=10.77.152.219
(ATM0.1),
> len 100, sending
> *Mar  1 03:05:16.667: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
> (ATM0.1), len 100, rcvd 3
> *Mar  1 03:05:16.671: IP: s=192.168.10.11 (local), d=10.77.152.219
(ATM0.1),
> len 100, sending
> *Mar  1 03:05:16.695: IP: s=10.77.152.219 (ATM0.1), d=192.168.10.11
> (ATM0.1), len 100, rcvd 3
>
>
>
>
>
> remote#ping 10.77.152.129
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.77.152.129, timeout is 2 seconds:
>
> *Mar  1 03:07:29.547: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:07:31.547: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:07:33.547: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending.
> *Mar  1 03:07:35.547: IP: s=192.168.10.11 (local), d=10.77.152.129
(ATM0.1),
> len 100, sending

Re: Problem with Ping [7:59239]

2002-12-15 Thread Deepak Achar

Hi
  Thanks.
  I tried with the default route on the router remote. that also didnt work.
so i gave more specific route.
 The 10.77.152.129 ip address is the default gateway for the router central.
this is in the backbone network. i am connecting to it through the ethernet
interface. ethernet ip address is 10.77.152.219 which is in the same network
as the backbone.
And here are the outputs of show ip int brief and sh ip rou


central#sh ip int brief
Interface  IP-Address  OK? Method Status   
Protocol
ATM0   unassigned  YES unset  up   
up
ATM0.1 192.168.10.1YES manual up   
up
Ethernet0  10.77.152.219   YES manual up   
up
central#


central#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is 10.77.152.129 to network 0.0.0.0

C192.168.10.0/24 is directly connected, ATM0.1
R172.16.0.0/16 [120/1] via 192.168.10.11, 00:00:13, ATM0.1
 10.0.0.0/24 is subnetted, 1 subnets
C   10.77.152.0 is directly connected, Ethernet0
S*   0.0.0.0/0 [1/0] via 10.77.152.129





remote#sh ip int brief
Interface  IP-Address  OK? Method Status   
Protocol
Ethernet0  172.16.10.11YES manual up   
up
ATM0   unassigned  YES unset  up   
up
ATM0.1 192.168.10.11   YES manual up   
up


remote#sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
   * - candidate default, U - per-user static route, o - ODR
   P - periodic downloaded static route

Gateway of last resort is not set

C192.168.10.0/24 is directly connected, ATM0.1
 172.16.0.0/24 is subnetted, 1 subnets
C   172.16.10.0 is directly connected, Ethernet0
R10.0.0.0/8 [120/1] via 192.168.10.1, 00:00:03, ATM0.1


Thanks and regards
Deepak


The Long and Winding Road wrote:
> 
> on your central router - where is 10.77.152.129? I don't see it
> as an
> attached interface in your configuration.
> 
> what does your "show ip route" reveal? on both routers?
> 
> also, I don't see a default route on your remote - just the
> router to the
> 10. network, which actually should be unnecessary, given that
> your central
> router should be advertising the 10 network to the remote.
> 
> can you provide the complete outputs of show ip interface brief
> and show ip
> route from the central router?
> 
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
> 
> 
> 
> 
> ""Deepak Achar""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all
> >I am facing problem in pinging. I am attaching the running
> configuration
> > of the two routers. From the router central i have defined a
> default route
> > to my backbone. i can access the internet through this. I
> have defined the
> > ethernet interface in the same network as backbone network. i
> am able to
> > ping to the external network.
> >   The second router remote, i have connected through adsl to
> central.i am
> > able to reach the last point in the router central, that is,
> the ethernet
> > interface in central. But i can not ping to the external
> network. I can
> not
> > ping to the default gateway also. i have defined a default
> route through
> the
> > interface atm0.
> >   when i give debug ip packet, i am able to see the icmp
> request from the
> > router remote. but sometimes i receive the icmp type 8 and
> code 0 output
> > from the router central.
> >   please could some body help me out in this.
> >
> >
> > Thanks and regards
> > Deepak
> >
> >
> > Remote router
> >
> > Building configuration...
> >
> > Current configuration : 762 bytes
> > !
> > version 12.2
> > no service pad
> > service timestamps debug datetime msec
> > service timestamps log datetime msec
> > no service password-encryption
> > !
> > hostname remote
> > !
> > memory-size iomem 25
> > !
> > ip subnet-zero
> > !
> > !
> > !
> > !
> > !
> > interface Ethernet0
> >  ip address 172.16.10.11 255.255.255.0
> >  hold-queue 100 out
> > !
> > interface ATM0
> >  no ip address
> >  no atm ilmi-keepalive
> >  dsl operating-mode auto
> >  dsl power-cutback 0
> > !
> > interface

RE: Hello (long response) [7:59244]

2002-12-15 Thread Scott Morris

Wow, spoken like a true person who believes they know a lot more than
they really do!

Elping's assessment of CheckPoint is pretty much right on there.  And
your response to it shows many things, including your areas of weakness
beyond the marketing fluff that Checkpoint likes everyone to believe.
You concede about the support though, which there's no arguing against!

Shifting your point from "God Save CheckPoint" to "CCIE's aren't all
that" isn't necessarily a bright thing to do in a Cisco mailing list.
(WHY are you here again?)  

I'm happy you know how to do the nmap utility and it's features.  I
don't memorize that, nor would I care to.  Perhaps your CCIE's were
looking to gain your "valuable" insight on running that.  Being a CCIE
does not mean that you know everything.  It means you can solve some
complex problems, and have experience on Cisco gear.  Solving problems
may mean referencing the right people/items to solve a problem.  Shame
on them for looking to you for assistance only to get stabbed in the
back by it.

As a side note, you mention working for a Linux shop and being amazed
by the CCIE's lack of knowledge.  I assume they weren't hired for their
unix-specific knowledge.  How much do you know about OSPF in detail?
Would you need to ask anyone for help (remember, they may fire you later
because you were incompetent)?  Many unix folks I know can modify the
kernel to levels far beyond what I have ever cared to know, but they
can't subnet to save their lives?  

So your four CCIEs at $130k a year were sucking your budget dry, but you
at $100k a year weren't?  That's pretty selective budgeting!

So I'll turn your initial statement back towards yourself...  Until you
really know what you're talking about, do NOT make any statements
regarding Cisco, CCIEs or the PIX vs. Checkpoint without knowing all the
facts.  It is pretty obvious that your focus (and thought-process) is
single-threaded and limited in nature.

Worse, you have wasted my time and bandwidth with this message.

*sigh*

Scott

PS.  Unix is a "general purpose operating system" as well. :)  And Nokia
is routinely 2-3 months behind in updates due to testing it's software
configurations with its hardware.

-Original Message-
--- adrian jones  wrote:
> Elping,
> Please do NOT make any statements regarding
> CheckPoint Firewall without 
> knowing all the facts.  I've been working with both
> Checkpoint and Pix firewalls.  I 
> even build a few "franken" pix firewalls so that I
> can learn as much as I can about 
> Cisco Pix firewalls.  The "franken" pix firewall
> actually help me landed my current job 
> that pays 100k/year.  Both CheckPoint and Pix
> firewalls have its strength and 
> weaknesses.  I agree that Cisco TAC is much superior
> than CheckPoint support. 
> The "no text configuration" that you refer to in
> CheckPoint, you must be refered to 
> running CheckPoint on Winblows platforms.  NEVER RUN
> FIREWALL ON A 
> GENERAL PURPOSE OPERATING SYSTEM.  If you worry
> about cost, check out 
> CheckPoint SecurePlatform.  If you are "unix"
> literate, does the term "tcpdump" 
> mean anything to you?  That's how you troubleshoot
> my friend. 
> Now if you are talking about cost, Cisco Pix will
> beat CheckPoint by a long shot in 
> term of performance for your $.  However, for a
> small/medium business, Checkpoint 
> does come with a lot of features such as URL
> filtering (native), http load balancing, 
> etc which Pix doesn't have (without 3rd party
> products).  For enterprise environment, 
> CheckPoint does come with ClusterXL (aka,
> load-sharing or Active/Active Firewall), 
> which again, Pix doesn't support.  Last but not
> least, CheckPoint does have 
> a very nice Management piece called "provider-1"
> that Cisco Pix doesn't have. 
> I do have to say that the price for CP products is
> totally "outrageous"; however, CP 
> is a good product. 
> In terms of hardware product, you can run CheckPoint
> on Nokia Platforms which is 
> very stable and proven product.  New version of
> Nokia firewalls do come with 
> Flash instead of hard-drive so that the reliability
> is very high.  Nokia is a big partner 
> with CP.  You can get CP support if you purchase
> Nokia firewalls from Nokia.  Nokia 
> TAC is just as good as Cisco TAC. 
> I've completed my first week at my new job as a
> Security Engineer and I am amazed 
> at the # of Cisco Certified folks at my company that
> are completely incompetent and 
> downright clueless at what they can do.  We are a
> consulting company and being in 
> the consulting business, you are forced to know
> pretty much about everything. 
> I have a couple of CCIEs in the office came to me
> and ask me how to restart 
> sendmail and postfix (we are a linux shop) in linux.
>  Another CCIE asked me how to 
> use "nmap" in unix.  The last one is down right
> funny, one CCIE asked how to start 
> Apache in Solaris.  It just seems to me like R&S are
> all they know and nothing else. 
> We also do R&

Re: Off Topic but interesting - R&S networking future? [7:59245]

2002-12-15 Thread nrf

""The Long and Winding Road""  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> right up NRF's alley. Certainly for those considering their futures,
> something worth considering as part of the mix.
>
> http://cookreport.com/11.10.shtml
>
> Can't afford the un-snipped version right now, but since I work for a
telco,
> and I recognize the issues described, and have read all the top corporate
> executive e-mails that are doled out to us worker bees, I enjoyed the
> counter arguments presented here.

There are two parts to this report that I think bear mentioning.  One is the
future of VoIP.  The other is the value (or lack thereof) of present
broadband rollouts.

VoIP is certainly transforming the way that the PSTN will operate, if slowly
(very very slowly).  Note, I didn't say voice over the Internet, but rather
voice over IP.  I believe, for numerous reasons, telcos will choose not to
merge their phone services to the Internet, but will rather build out an IP
network through which they will deliver services.  Stick a telephony feature
server on top of a functioning IP network (again, not the Internet, but a
private IP network), and you now have a phone system.

But that further speaks to the commoditization of IP skills in general and
R/S skills specifically.  IP networks will simply become a utility, like
electric power.  How many electric power engineers does a typical company
have?  Unless you're the electric company, probably zero - electricity is
just something that reliably comes out of the wall socket and you use it to
plug in your refrigerator.  The value-add (ergo the jobs) will go to the
people who understand the services that can be layered on top.  That's not
to say that there will be no jobs for people who know R/S (and only R/S),
only that there will be less of them and they will be less pay for them.  I
do not see a bright future for R/S skills as the IP network becomes more and
more commoditized.

About broadband - it is absolutely true that the telcos have basically
provided something that consumers do not want.  Yet I disagree with the idea
that the telcos simply need to provide a more symmetric offering to entice
consumers.  In my experience, consumers do not want broadband regardless of
whether it is assymetric or symmetric or whatever.  The 2 problems with
broadband?  Price and reliability.  Let's face it, dial is reliable, whereas
broadband can and does goes down for weeks at a time (happened to me a bunch
of times).  Furthermore, the Hart/Winston study showed that most people
think that $40-50 a month is too much money to pay.  No wonder that despite
the fact that broadband is now available at over 80% of households,  the
take rate for broadband is less than 15% where it is available.

Here is the Hart/Winston study.  Yes, it's a year old, but not a whole lot
has changed in a year.  The most damning quote:  "Forty-eight percent have
no interest regardless of price and another 21 percent are willing to pay at
most $20 per month..."

http://www.comptel.org/press/nov29_2001_voices.html

The biggest problem with broadband?  Simple.  There is no mass-market app
that actually requires broadband.  Most people are perfectly happy with
dial.  After all, what do they do on the Internet - surf a few pages, send a
few emails, do some instant messaging - all low-impact apps.  Most regular
people (who are mostly nontechnical) simply don't see why they should pay
more and put up with a less reliable technology in order to do the things
they do a little faster.  And again, it's not because they don't know what
it means to have a fast connection.  A lot of these people work in offices
that have good connections, and yet they still don't want it for themselves.
Essentially all of the technical people (the geeks) who want broadband have
already gotten it, the trick now is to somehow convince all the nontechnical
people that broadband is worth it.  I hope somebody will finally invent
something that will actually convince the masses that broadband is good, for
otherwise the telco depression will go on and on.



>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59245&t=59245
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hello (long response) [7:59246]

2002-12-15 Thread Walter Rogowski

Adrian, 

I agree that you have to know more than just R&S in the current job
market. I am a CCIE but also work with and embrace any other non-Cisco
skill or product that suits best the needs of any of our clients. I also
do a fair amount of security related work in mixed platform
environments, so yes; I am a firm believer that you need to be a jack of
all trades in addition to being master of one.

And for all I know you are a very nice and likeable person, but your
e-mail reflects a lack of some personal characteristics that define the
best in members of our profession - the willingness to share knowledge
with others whilst being personally humble and also respectful and
considerate to others. For despite the fact that we work with
technology, this is still a people business as they say.

And then finally, whilst modern technology makes it easy and relatively
risk free to say what we want to a vast number of people without being
face to face, this also means that what we mail out is permanently
recorded and may come back to haunt us, for this is truly a small world
and ours is an even smaller community.

-Original Message-
From: Scott Polano [mailto:[EMAIL PROTECTED]] 
Sent: 15 December 2002 18:47
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Hello (long response)

Ouch ! Adrian, are you having trouble walking? Maybe Scott will use
vaseline 
next time ! Way to go Scott, you said it better than I could have.

Scott P
(hoping to become a CCIE soon!)


>From: "Scott Morris" 
>Reply-To: "Scott Morris" 
>To: "'adrian jones'" ,"'elping'"  
>,"'Louis Young'" , 
>,
>CC: "'Chuck Church'" 
>Subject: RE: Hello (long response)
>Date: Sun, 15 Dec 2002 13:07:07 -0500
>
>Wow, spoken like a true person who believes they know a lot more than
>they really do!
>
>Elping's assessment of CheckPoint is pretty much right on there.  And
>your response to it shows many things, including your areas of weakness
>beyond the marketing fluff that Checkpoint likes everyone to believe.
>You concede about the support though, which there's no arguing against!
>
>Shifting your point from "God Save CheckPoint" to "CCIE's aren't all
>that" isn't necessarily a bright thing to do in a Cisco mailing list.
>(WHY are you here again?)
>
>I'm happy you know how to do the nmap utility and it's features.  I
>don't memorize that, nor would I care to.  Perhaps your CCIE's were
>looking to gain your "valuable" insight on running that.  Being a CCIE
>does not mean that you know everything.  It means you can solve some
>complex problems, and have experience on Cisco gear.  Solving problems
>may mean referencing the right people/items to solve a problem.  Shame
>on them for looking to you for assistance only to get stabbed in the
>back by it.
>
>As a side note, you mention working for a Linux shop and being amazed
>by the CCIE's lack of knowledge.  I assume they weren't hired for their
>unix-specific knowledge.  How much do you know about OSPF in detail?
>Would you need to ask anyone for help (remember, they may fire you
later
>because you were incompetent)?  Many unix folks I know can modify the
>kernel to levels far beyond what I have ever cared to know, but they
>can't subnet to save their lives?
>
>So your four CCIEs at $130k a year were sucking your budget dry, but
you
>at $100k a year weren't?  That's pretty selective budgeting!
>
>So I'll turn your initial statement back towards yourself...  Until you
>really know what you're talking about, do NOT make any statements
>regarding Cisco, CCIEs or the PIX vs. Checkpoint without knowing all
the
>facts.  It is pretty obvious that your focus (and thought-process) is
>single-threaded and limited in nature.
>
>Worse, you have wasted my time and bandwidth with this message.
>
>*sigh*
>
>Scott
>
>PS.  Unix is a "general purpose operating system" as well. :)  And
Nokia
>is routinely 2-3 months behind in updates due to testing it's software
>configurations with its hardware.
>
>-Original Message-
>--- adrian jones  wrote:
> > Elping,
> > Please do NOT make any statements regarding
> > CheckPoint Firewall without
> > knowing all the facts.  I've been working with both
> > Checkpoint and Pix firewalls.  I
> > even build a few "franken" pix firewalls so that I
> > can learn as much as I can about
> > Cisco Pix firewalls.  The "franken" pix firewall
> > actually help me landed my current job
> > that pays 100k/year.  Both CheckPoint and Pix
> > firewalls have its strength and
> > weaknesses.  I agree that Cisco TAC is much superior
> > than CheckPoint support.
> > The "no text configuration" that you refer to in
> > CheckPoint, you must be refered to
> > running CheckPoint on Winblows platforms.  NEVER RUN
> > FIREWALL ON A
> > GENERAL PURPOSE OPERATING SYSTEM.  If you worry
> > about cost, check out
> > CheckPoint SecurePlatform.  If you are "unix"
> > literate, does the term "tcpdump"
> > mean anything to you?  That's how you troubleshoot
> > my friend.
> > Now if y

Re: bandwidth control ? [7:59238]

2002-12-15 Thread Brian

First if you want to limit one application type, rate limiting via CAR may
be a good option.  Alternatively Cisco offers several queueing types.

Bri

- Original Message -
From: "Mohannad Khuffash" 
To: 
Sent: Sunday, December 15, 2002 8:41 AM
Subject: bandwidth control ? [7:59238]


> Hello,
>
> How I can limit the bandwidth to specific value for some type of traffic
> while keeping the other traffic's bandwidth unlimited, of course this is
at
> the same link?
>
> Thanks in advance
>
>
>
> Mohannad Khuffash
>
>
> --
>
>
>
>
>
>
>
> Mohannad  Khuffash
> Network Administrator
> Palestine Telecom
> Tel: 00970-9-2390509
> Mobile:00970-59-579528




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59247&t=59238
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hello (long response) [7:59246]

2002-12-15 Thread Munit Singla

Hi Adrian,
I was just wondering about these long mails and suddently I made my mind of
reading
it.See Really your words in the mail were hurting every cisco professional
or anyone in
general too.Thats true that we should try look out of our domain but we cant
compare
like that anything.Everyone is not expert like that in everything.See I am
now preparing
for CCIE just so that I have good concepts,so that I have mind to look into
poblems this
doesnot mean I will know everything.
Ok lets break this issue and start discussing about technology for what this
group was
made for.
Enjoy
Regards,
Munit

Walter Rogowski wrote:

> Adrian,
>
> I agree that you have to know more than just R&S in the current job
> market. I am a CCIE but also work with and embrace any other non-Cisco
> skill or product that suits best the needs of any of our clients. I also
> do a fair amount of security related work in mixed platform
> environments, so yes; I am a firm believer that you need to be a jack of
> all trades in addition to being master of one.
>
> And for all I know you are a very nice and likeable person, but your
> e-mail reflects a lack of some personal characteristics that define the
> best in members of our profession - the willingness to share knowledge
> with others whilst being personally humble and also respectful and
> considerate to others. For despite the fact that we work with
> technology, this is still a people business as they say.
>
> And then finally, whilst modern technology makes it easy and relatively
> risk free to say what we want to a vast number of people without being
> face to face, this also means that what we mail out is permanently
> recorded and may come back to haunt us, for this is truly a small world
> and ours is an even smaller community.
>
> -Original Message-
> From: Scott Polano [mailto:[EMAIL PROTECTED]]
> Sent: 15 December 2002 18:47
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Hello (long response)
>
> Ouch ! Adrian, are you having trouble walking? Maybe Scott will use
> vaseline
> next time ! Way to go Scott, you said it better than I could have.
>
> Scott P
> (hoping to become a CCIE soon!)
>
> >From: "Scott Morris"
> >Reply-To: "Scott Morris"
> >To: "'adrian jones'" ,"'elping'"
> >,"'Louis Young'" ,
> >,
> >CC: "'Chuck Church'"
> >Subject: RE: Hello (long response)
> >Date: Sun, 15 Dec 2002 13:07:07 -0500
> >
> >Wow, spoken like a true person who believes they know a lot more than
> >they really do!
> >
> >Elping's assessment of CheckPoint is pretty much right on there.  And
> >your response to it shows many things, including your areas of weakness
> >beyond the marketing fluff that Checkpoint likes everyone to believe.
> >You concede about the support though, which there's no arguing against!
> >
> >Shifting your point from "God Save CheckPoint" to "CCIE's aren't all
> >that" isn't necessarily a bright thing to do in a Cisco mailing list.
> >(WHY are you here again?)
> >
> >I'm happy you know how to do the nmap utility and it's features.  I
> >don't memorize that, nor would I care to.  Perhaps your CCIE's were
> >looking to gain your "valuable" insight on running that.  Being a CCIE
> >does not mean that you know everything.  It means you can solve some
> >complex problems, and have experience on Cisco gear.  Solving problems
> >may mean referencing the right people/items to solve a problem.  Shame
> >on them for looking to you for assistance only to get stabbed in the
> >back by it.
> >
> >As a side note, you mention working for a Linux shop and being amazed
> >by the CCIE's lack of knowledge.  I assume they weren't hired for their
> >unix-specific knowledge.  How much do you know about OSPF in detail?
> >Would you need to ask anyone for help (remember, they may fire you
> later
> >because you were incompetent)?  Many unix folks I know can modify the
> >kernel to levels far beyond what I have ever cared to know, but they
> >can't subnet to save their lives?
> >
> >So your four CCIEs at $130k a year were sucking your budget dry, but
> you
> >at $100k a year weren't?  That's pretty selective budgeting!
> >
> >So I'll turn your initial statement back towards yourself...  Until you
> >really know what you're talking about, do NOT make any statements
> >regarding Cisco, CCIEs or the PIX vs. Checkpoint without knowing all
> the
> >facts.  It is pretty obvious that your focus (and thought-process) is
> >single-threaded and limited in nature.
> >
> >Worse, you have wasted my time and bandwidth with this message.
> >
> >*sigh*
> >
> >Scott
> >
> >PS.  Unix is a "general purpose operating system" as well. :)  And
> Nokia
> >is routinely 2-3 months behind in updates due to testing it's software
> >configurations with its hardware.
> >
> >-Original Message-
> >--- adrian jones  wrote:
> > > Elping,
> > > Please do NOT make any statements regarding
> > > CheckPoint Firewall without
> > > knowing all the facts.  I've been working with both
> > > C

Re: CCIE Written Exam [7:58947]

2002-12-15 Thread Leonardo FUK

I would like to join you guys, concerning this exam.

Thanks

Leonardo

""J M""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> send an email here.
>
> [EMAIL PROTECTED]
>
>
> they will tell you what the questions are.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59249&t=58947
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Looking for CCIE partner [7:59056]

2002-12-15 Thread Leonardo FUK

Hi,

I am also preparing myself to the Lab. I have my own set of routers and
switches (10 devices total). Let me know if we can share something good.

--
Leonardo Furtado
Network Engineering and Security Architecture


""YAO NING""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Guys,
>
> I'm looking for CCIE partner for R&S Lab in Houston,TX. So we can
> communicate each other to talking about question.
>
> Thanks
>
> Ning




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59251&t=59056
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2 x 3550 in new CCIE lab ? [7:59166]

2002-12-15 Thread Leonardo FUK

I think that it is true. And both might be running EMI.

--
Leonardo Furtado
Network Engineering and Security Architecture


""Thomas Muller""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hallo,
>
> I've heard rumors that there are now 2 x 3550 in the new (post Nov 4,
2002)
> CCIE lab.
>
> Can anyone confirm this ?
>
> Thomas M|ller
>
> [EMAIL PROTECTED]
>
> --
> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
> NEU: Mit GMX ins Internet. Rund um die Uhr f|r 1 ct/ Min. surfen!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59252&t=59166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Work 2000 Manual user guide [7:58959]

2002-12-15 Thread Leonardo FUK

You may try these links:

Documentation:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm

Self-paced CBT
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=2079712034&category=11225

Leonardo

""Han Chuan Alex Ang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hi, Anybody have ideas on book or site that reveal good information on how
> to install, configure and use Cisco Work 2000,  thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59250&t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why can't copy flash from TFTP? [7:34603]

2002-12-15 Thread MikeS

I will make a stab at what you are really asking here.. but I could be
wrong.

The file comes in what is lovingly referred to as a *tarball* by the Unix
geeks. It's a something akin to a ZIP file but based in Unix. When you use
the command 'tar /x tftp://server_ip..blah..blah' you are telling the switch
(which runs a form of Unix..BSD???) to get the file X.tar via TFTP and then
run the TAR command with the /x argument. This whole thing will grab the
file, download it and then extract each piece of the tarball into the proper
file/directory.

The tarball doesnt care about the TFTP server as long as it supports long
file names. So you have an NT box running an NT TFTP server.. no big deal.
Everything works just fine since the TAR command runs on the switch and not
on the NT box.

I hope that is what you were asking about or I seriously misunderstood the
question :)

MikeS

--
Tutorials - Whitepapers - Security -  Wireless- News
Find me at www-dot-packetattack-dot-com

""Sharon Kantan""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..Gaz and dear all.. I had read the document but I was confused by a
> statement shown as below. The file that I download is the binary. *.bin
and
> the TFTP server is NT.  tftp://IP/ seems like a UNIX format.  What should
> the format of the command for the winNT. Mine is not a tar file.
>
>
> Step 15 Use the tar command to copy the combined .tar file to the switch.
DO
> NOT copy the HTML .tar file in this procedure as the  .tar file combines
> both the image and the HTML files into a single compressed file.
>
> Switch#tar /x tftp://server_ip_address//path/filename.tar flash:
> Loading /path/filename.tar from server_ip_address (via VLAN1):!)
> extracting info (111 bytes)
> extracting filename.bin (1557286 bytes)
> html/ (directory)
> extracting html/Detective.html.gz (1139 bytes)!
> extracting html/ieGraph.html.gz (553 bytes)
> extracting html/DrawGraph.html.gz (787 bytes)!
> . . .(output Suppressed)
>
> 
>
>
> Besides,  I found when I type sh flash on my switch there is no output.
> Why?  What is the difference between sh flash and dir flash:
>
> Cat29-L8-7#sh flash
>^
> % Invalid input detected at '^' marker.
>
> Cat29-L8-7#dir flash:
> Directory of flash:
>
>   2  -rwx 1077215   Mar 01 1993 00:02:14  c2900XL-hs-mz-112.8-SA5.bin
>   3  -rwx   81898   Nov 24 1998 05:03:59  c2900XL-diag-mz-112.8-SA4
>   4  drwx   11072   Mar 01 1993 00:11:10  html
> 178  -rwx1859   May 23 1993 03:00:22  config.text
> 177  -rwx 270   Jan 01 1970 00:03:16  env_vars
>
> 3612672 bytes total (2010624 bytes free)
>
>
>
> >From: "Gaz"
> >Reply-To: "Gaz"
> >To: [EMAIL PROTECTED]
> >Subject: Re: why can't copy flash from TFTP? [7:34603]
> >Date: Wed, 6 Feb 2002 07:54:01 -0500
> >
> >Sharon,
> >
> >Have a look at the following URL:
> >
> >http://www.cisco.com/warp/public/473/36.shtml#CommonTftp
> >
> >Cheers,
> >
> >Gaz
> >
> >
> >""Sharon Kantan""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi..  I tried to upgrade my switch IOS?  But it seems fail. Please
tell
> >me
> > > why?  Config attached.
> > >
> > > Cat29-L8-2#copy tftp flash
> > > copy to or from flash not implemented
> > >
> > > Cat29-L8-2#sh run
> > > Building configuration...
> > >
> > > Current configuration:
> > > !
> > > version 11.2
> > > no service pad
> > > no service udp-small-servers
> > > no service tcp-small-servers
> > > !
> > > hostname Cat29-L8-2
> > > !
> > > enable secret XX
> > > !
> > > !
> > > !
> > > interface VLAN1
> > > ip address 50.100.165.241 255.255.254.0
> > > no ip route-cache
> > > !
> > > interface FastEthernet0/1
> > > duplex full
> > > !
> > > interface FastEthernet0/2
> > > duplex full
> > > spanning-tree vlan 1 cost 50
> > > !
> > > interface FastEthernet0/3
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/4
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/5
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/6
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/7
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/8
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/9
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/10
> > > speed 100
> > > duplex full
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/11
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/12
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/13
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/14
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/15
> > > description Boss's port
> > > speed 100
> > > duplex full
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/16
> > > spanning-tree portfast
> > > !
> > > interface FastEthernet0/17
> > >

Optical Specialist [7:59254]

2002-12-15 Thread Gustavo Samarco

Hi,

Is anyone studying for the Cisco Optical Specialist
(or METRO elective for CCIP)certification that could
help me out finding some studying material for it ?

Thanks,

Gus

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59254&t=59254
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question for designers (WLAN) [7:59216]

2002-12-15 Thread MikeS

The only app on the palms that seems to have staying power is the writing of
perscriptions and then sending it via wireless to be distributed. It's a
godsend given how badly some of the Docs write.

MikeS

""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 9:41 AM + 12/14/02, David j wrote:
> >Hello friends, I have to advice what kind of wireless device we are going
to
> >buy for a hospital. If money was not a big problem what Aironet would you
> >buy? I thought about 1200 series, but it isn't approved for using 802.11a
in
> >my country (only 802.11b) so I think it hasn't got many benefits over
1100
> >series (these are cheaper).
> >What do you think? someone has implemented a wireless network in a big
> >hospital (1200 beds)?
> >Any feedback would be helpful, thanks in advance.
>
> I'm going to answer generally with considerations about wireless in
> hospitals, rather than on the specific devices.  First, there's a
> brief review of the US privacy regulations at
> http://www.medscape.com/viewarticle/445787_print. You may need to
> register (it's free) for Medscape, which I use daily as a source of
> primarily pure medical information.
>
> Now, we probably haven't installed one in 12-18 months, and had bad
> interference problems with handheld devices that operated over a
> large area.  Handhelds to a bed monitor, or even in a ward, tended to
> work reasonably well, but, as has been pointed out, there are LOTS of
> interfering devices.
>
> I am not aware of safety studies of wireless transmission in units
> where conductors go through the skin.  Also remember that some
> instrument rooms will be electromagnetically shielded.
>
> During the process of installation, be sure to have plenty of
> Ethernet docking stations available that are compatible with
> handhelds.
>
> Our experience with PDAs is they are simply too limited for any
> serious medical application other than electronic reference books.
> We've tended to use handheld or tablet PCs, depending on display size
> and input requirements.
>
> For support reasons, we've tried to emphasize LINUX for these
> handhelds, if for no other reason that if they are running Windows,
> doctors (especially) will put games, stock quote, etc., applications
> on them, to the point that we don't know the software environment of
> the potentially life-critical devices we are trying to support.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59256&t=59216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Darth Reid R1 Access-list [7:58644]

2002-12-15 Thread Joshua Vince

Ted,

Did you ever get any feedback on this?  I have never heard of the frp
keyword in an access-list command.

Josh

-Original Message-
From: Ted Marinich [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 07, 2002 5:47 PM
To: [EMAIL PROTECTED]
Subject: Re: Darth Reid R1 Access-list [7:58644]


OK,

The question is deny FTP and HTTP for these addresses:

131.24.194.x, 131.25.194.x, 135.152.1.1, 131.24.195.x, 131.24.193.x

Use least amount of lines in your ACL.

To match EXACTLY what the question asks with the minimum ACL, I come up with
this:

access-list 101 deny tcp host 135.152.1.1 eq ftp any
access-list 101 deny tcp host 135.152.1.1 eq http any
access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq ftp any
access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq http any
access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq ftp any
access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq http any
access-list 102 permit tcp any any

Cisco's answer is:

access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq frp any
access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq frp any
access-list 102 permit tcp any any

Cisco's answer the first Octet Match these IPs
 129, 131, 133, 135, 161, 163, 165, 167, 193, 195, 197, 199, 225,
 227, 229, 231
 
So, address 161.24.194.1 will be denied as well, which is not one of the
requirements.  My question is when taking the lab, and asked a simlilar
question, which answer is correct

Hope this is not as muddy as my first question...

Please correct me if I'm wrong - I no access-list expert.  Just my attempt
at it. :)

Ted




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59257&t=58644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Traffic Shaping and Queuing [7:59258]

2002-12-15 Thread Larkin, Richard

I want to be able to allocate min guaranteed bandwidth per application as
well as use priority queuing for Voice on an edge router.

Shall I use Custom queuing, which assigns min bandwidth per application, or
CBWFQ (with Traffic Shaping if necessary)? I understand that LLQ (PQ+CBWFQ)
is the best choice.

I understand Custom Queuing and how it provides min bandwidth, but am not
sure how traffic shaping and CBWFQ interacts - ie, do I need traffic shaping
and if so, does the shaping occur before or after the queuing?

Can anyone shed some light on this matter before I go back to what the ref
books say?

Rik




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59258&t=59258
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

internals of frame relay connections [7:59259]

2002-12-15 Thread Cable Guy

Caslow p.90.
"When you have a frame relay configured on sub-interfaces, you remove the
need for manual
mapping statements for NBMA PVC connections. PtoP remove the need for
mapping since only
one destination at the other end." Ok, this makes sense and sounds like
normal ppp serial
connection definition as well. No mapping needed because router assumes
single connection
on each end of link.

How does this impact what layer 2 and layer 3 address info is included in
each outgoing
frame on each end? What about source addresses? So, IOS and the interface
include or not
include addresses in frame relay packets differently depending on whether it
is main
interface or sub-interface?

Also, from same page "Dedicated PtoP connections,no need for mapping
procedureswhatever the network layer address is on the local PtoP
interface, the
remote network layer address must match". Usually not something to dwell on,
but the line
about
the network layer address "must" match got me thinking. What exactly does
this mean? The
remote IP address must be "match" in the sense that both IPs and both masks
"match" the
same subnet?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59259&t=59259
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Darth Reid R1 Access-list [7:58644]

2002-12-15 Thread Ted Marinich

Josh,

No I never have. frp is a typo - should be FTP. 

access-list 101 deny tcp host 135.152.1.1 eq ftp any 
access-list 101 deny tcp host 135.152.1.1 eq http any 
access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq ftp any 
access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq http any 
access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq ftp any 
access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq http any 
access-list 102 permit tcp any any 

Also, "access-list 102 permit tcp any any" should be "access-list 101 permit
tcp any any"

Sorry, for the confusion.  Cisco's focus seems to be centered on the ACL
size. I am focused on a practical solution.  I want clearification so I know
what to practise for.

Cisco's answer is: 

access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq http any 
access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq ftp any 
access-list 102 permit tcp any any 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59260&t=58644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - R&S networking future? [7:59261]

2002-12-15 Thread Henry D.

Since we're just throwing out our thoughts here...

I tend to disagree, following your logic, if the IP network
becomes such a commodity, I think this would just create more
jobs for people like us, I mean R/S guys. You seem to think that once the IP
network
is used for the services such as Voice, the Voice people
will have taken the jobs. This may be so to some degree. But from the
last few years of my experience, I doubt there will be a data network
acting as reliably as PSTN any time soon - as you mention about
broadband. For this reason, I think R/S folks with few extra skills
will still be in demand for the telcos, someone has to keep on making
this thing work, fixing, upgrading, estimating, reporting, understanding
data networks, etc.

I agree that VOIP on the Net will not change how the telcos work.
It's one thing to have a customer use the Internet for placing calls,
the customer's expectations are already set low, knowing the Quality will
not be as great. But when you pick up the receiver at home, you expect
current quality, no delays, no noise, no whatever. Internet is simply too
unpredictable for Carrier class Voice.



""nrf""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""The Long and Winding Road""  wrote in
> message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > right up NRF's alley. Certainly for those considering their futures,
> > something worth considering as part of the mix.
> >
> > http://cookreport.com/11.10.shtml
> >
> > Can't afford the un-snipped version right now, but since I work for a
> telco,
> > and I recognize the issues described, and have read all the top
corporate
> > executive e-mails that are doled out to us worker bees, I enjoyed the
> > counter arguments presented here.
>
> There are two parts to this report that I think bear mentioning.  One is
the
> future of VoIP.  The other is the value (or lack thereof) of present
> broadband rollouts.
>
> VoIP is certainly transforming the way that the PSTN will operate, if
slowly
> (very very slowly).  Note, I didn't say voice over the Internet, but
rather
> voice over IP.  I believe, for numerous reasons, telcos will choose not to
> merge their phone services to the Internet, but will rather build out an
IP
> network through which they will deliver services.  Stick a telephony
feature
> server on top of a functioning IP network (again, not the Internet, but a
> private IP network), and you now have a phone system.
>
> But that further speaks to the commoditization of IP skills in general and
> R/S skills specifically.  IP networks will simply become a utility, like
> electric power.  How many electric power engineers does a typical company
> have?  Unless you're the electric company, probably zero - electricity is
> just something that reliably comes out of the wall socket and you use it
to
> plug in your refrigerator.  The value-add (ergo the jobs) will go to the
> people who understand the services that can be layered on top.  That's not
> to say that there will be no jobs for people who know R/S (and only R/S),
> only that there will be less of them and they will be less pay for them.
I
> do not see a bright future for R/S skills as the IP network becomes more
and
> more commoditized.
>
> About broadband - it is absolutely true that the telcos have basically
> provided something that consumers do not want.  Yet I disagree with the
idea
> that the telcos simply need to provide a more symmetric offering to entice
> consumers.  In my experience, consumers do not want broadband regardless
of
> whether it is assymetric or symmetric or whatever.  The 2 problems with
> broadband?  Price and reliability.  Let's face it, dial is reliable,
whereas
> broadband can and does goes down for weeks at a time (happened to me a
bunch
> of times).  Furthermore, the Hart/Winston study showed that most people
> think that $40-50 a month is too much money to pay.  No wonder that
despite
> the fact that broadband is now available at over 80% of households,  the
> take rate for broadband is less than 15% where it is available.
>
> Here is the Hart/Winston study.  Yes, it's a year old, but not a whole lot
> has changed in a year.  The most damning quote:  "Forty-eight percent have
> no interest regardless of price and another 21 percent are willing to pay
at
> most $20 per month..."
>
> http://www.comptel.org/press/nov29_2001_voices.html
>
> The biggest problem with broadband?  Simple.  There is no mass-market app
> that actually requires broadband.  Most people are perfectly happy with
> dial.  After all, what do they do on the Internet - surf a few pages, send
a
> few emails, do some instant messaging - all low-impact apps.  Most regular
> people (who are mostly nontechnical) simply don't see why they should pay
> more and put up with a less reliable technology in order to do the things
> they do a little faster.  And again, it's not because they don't know what
> it means to have a fast connection.  A lot of these people wo

Re: Off Topic but interesting - R&S networking future? [7:59262]

2002-12-15 Thread nrf

""Henry D.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Since we're just throwing out our thoughts here...
>
> I tend to disagree, following your logic, if the IP network
> becomes such a commodity, I think this would just create more
> jobs for people like us, I mean R/S guys.

Hardly.  The total jobs in a commoditized world would be much less.  That's
not to say there will be zero jobs, just less.   Again, consider the case of
electric power.  Or water.  How many companies, unless they're huge, have an
electrician or a plumber on staff?   OK, every once in awhile the company's
toilet will back up and you gotta bring somebody in.  But for the most part,
electricity and water just work.  You plug something in a wall socket and it
works.  You flush the toilet and it works.  You certainly don't need to keep
somebody on staff to take care of electricity and water, unless maybe you're
really really big and you can amortize the guy's salary over lots and lots
of facilities.  Net effect - less demand for R/S skills.

Consider the new initiatives that Cisco is trying to retrench themselves
into the service-provider environment (again).  Things like NSF, GRIP, and
things like that to increase reliability of gear.  Hey, that's real good for
Cisco, but that ultimately means that as IP networks become more reliable,
they just fade into the background and become a commodity, just like
electricity.   Let's be perfectly honest.  A network that is super-reliable
and super-redundant is a network that doesn't really need you around to
babysit it.   Ok, they might need to bring in a consultant whenever they
want to make changes.  But again, the net effect is less overall R/S jobs.

>You seem to think that once the IP
> network
> is used for the services such as Voice, the Voice people
> will have taken the jobs.

Either the existing voice people or other people who add VoX to their
skillset.

>This may be so to some degree. But from the
> last few years of my experience, I doubt there will be a data network
> acting as reliably as PSTN any time soon - as you mention about
> broadband.

Naturally not anytime soon.  But the long-term trend is clear.  IP networks
will become more and more reliable, which ultimately means that they will
fade more and more into the background.

>For this reason, I think R/S folks with few extra skills
> will still be in demand for the telcos, someone has to keep on making
> this thing work, fixing, upgrading, estimating, reporting, understanding
> data networks, etc.

Again, I never said there will be zero demand.  But there will be less.
Right now, R/S skill demand is unusually heightened because the fact is that
IP networks are still pretty flaky, and so you need a bunch of guys around
just to keep the darn thing up.  The less flaky it is, the less people you
need to babysit it.

>
> I agree that VOIP on the Net will not change how the telcos work.
> It's one thing to have a customer use the Internet for placing calls,
> the customer's expectations are already set low, knowing the Quality will
> not be as great. But when you pick up the receiver at home, you expect
> current quality, no delays, no noise, no whatever. Internet is simply too
> unpredictable for Carrier class Voice.

Yes, and so I expect private IP networks to take over.  Convergence upon the
Internet is most likely a red herring






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59262&t=59262
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP to ATM QoS [7:58784]

2002-12-15 Thread Ivan Yip

Thanks wanabe, would you mind sending me email address as I have another QoS
question (on FR)? I want to have your advice too.
[EMAIL PROTECTED]



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59263&t=58784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP to ATM QoS [7:58784]

2002-12-15 Thread wanabe ccie

ok. email me at [EMAIL PROTECTED]


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59265&t=58784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS command question, pls help [7:59266]

2002-12-15 Thread 2000 mpls

Hi,

I am sorry I am a newbie in this area. I have some trouble and would be very
grateful if you are able to help me.

I need to know the meaning and purpose for the following Cisco IOS command.
I already searched the cisco website and google.com and I hardly found
anything useful.

1) clns routing
2) mpls traffic-eng tunnel
3) ip router isis
4) clns router isis

Can someone please tell me the meaning and purpose of the above commands, or
please tell the exact URL which has the information.

Thank you very much and hav a nice day.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59266&t=59266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Work 2000 Manual user guide [7:58959]

2002-12-15 Thread Mark Smith

How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared
more to sales folks and, from what I gather, not too technical. Is this one
for folks that acutally install/configure/use the product or a 500 feet high
overview that highlights the strong points from a selling prespective?
Thanks.


Quoting Leonardo FUK :

> You may try these links:
> 
> Documentation:
> http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm
> 
> Self-paced CBT
> http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item 79712034&category225
> 
> Leonardo
> 
> ""Han Chuan Alex Ang""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > hi, Anybody have ideas on book or site that reveal
> good information on how
> > to install, configure and use Cisco Work 2000, 
> thanks
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59264&t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What Terminal Emulator is used in the CCIE lab? [7:59267]

2002-12-15 Thread McAllister Paul

What Terminal Emulator is used in the CCIE lab?
Can you have multiple sessions (screens) open?
Also, I assume it's a workstation with a keyboard, not a nasty laptop.

Any info?

Thanks
Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59267&t=59267
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Darth Reid R1 Access-list [7:58644]

2002-12-15 Thread The Long and Winding Road

""Ted Marinich""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Josh,
>
> No I never have. frp is a typo - should be FTP.


CL: I believe I gave a good pointer and a good start in my earlier reply.



>
> access-list 101 deny tcp host 135.152.1.1 eq ftp any
> access-list 101 deny tcp host 135.152.1.1 eq http any
> access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq ftp any
> access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq http any
> access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq ftp any
> access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq http any
> access-list 102 permit tcp any any
>
> Also, "access-list 102 permit tcp any any" should be "access-list 101
permit
> tcp any any"
>
> Sorry, for the confusion.  Cisco's focus seems to be centered on the ACL
> size. I am focused on a practical solution.  I want clearification so I
know
> what to practise for.


CL: consider the possibility that the Cisco answer in your study source is
wrong.

CL: at the risk of being considered a jerk, I believe I demonstrated how to
figure this stuff out in an earlier reply - write it out in binary and
determine your "care" and "don't care" bits. I believe by my demonstration I
determined that for the first octet, at least, the Cisco answer was not
correct, and I showed what the correct answer was, for the first octet. I
left it to you to do the rest.

CL: Cisco's focus, based on what you have presented, is to determine whether
or not you know how the masks work when filtering addresses. Look - you took
the first step. You went to B--O--S--O--N and used their wildcard mask
calculator  to discover that the Cisco answer permitted more networks than
required. So you know how to use the tool. But you have to take the next
step yourself.

CL: sorry to be acting righteous here, but when you're sitting in a Cisco
test, be it CCNA or CCIE Lab, and all you have is a pencil and paper, there
is only one way to do it. Believe me, proper wildcard masking comes up
everywhere. whether you are doing opsf network masks, eigrp network masks
( neat feature! ) distibute-lists, route-maps, or whatever.



>
> Cisco's answer is:
>
> access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq http any
> access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq ftp any
> access-list 102 permit tcp any any




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59268&t=58644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Rainy Days, Sundays, and OSPF [7:59269]

2002-12-15 Thread The Long and Winding Road

always get me down.

I had to cover for someone who is out on vacation. Simple customer network,
hub and 6 spokes over frame relay. no biggie, except the installation people
couldn't get it to work, so they had to call in the designer or the poor
fool covering for him.

hub site uses a single subinterface, and manual frame mapping. each spoke
uses the physical interface.

don't get me started. I would have done multiple point-to-point
subinterfaces, and I would have knee jerked to EIGRP, but that's another
story. Besides, the customer was probably a cheapskate, and didn't want to
pay the few extra bucks a month for more PVC's at the hub.

In any case, the configs looked good to me and I was able to mock something
up in my home lab. ospf network type point-to-multipoint on all interfaces
and the hub site subinterface. works like a charm.

however, in the customer network, two of the spoke sites just would not come
up or form ospf neighbor relationships. all the frame mappings were ok. I
could ping from any router to any other router. so what gives? when I
checked the debugs on the spoke sites that were failing, I could see an
error about the link going down every time I put an ospf network
point-to-multipoint command on the interface. as soon as I changed the ospf
network type to broadcast, the link came up and adjacencies formed.

I checked CCO and did not find anything in particular. There is a bug listed
for ospf point-to-multipoint and unnumbered interfaces. I called TAC, but no
help there.

this got me to wondering if anyone has run into anything like this before?

Chuck


--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59269&t=59269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dialer remote name/ppp chap hostname [7:59224]

2002-12-15 Thread test test

You could try another approach on this as opposed to performing
authentication commands on the individual interfaces.

set up AAA authentication globaly on the routers 
this prevents intensive interface configuration 
allows you to focus purely on the authentication problem
you can establish radius, tacacs+, or local authentication
which is what you are trying to do.

there are several debug commands you may try at the head end.

something like: debug ppp authentication chap

sorry it's been a while...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59270&t=59224
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - R&S networking future? [7:59271]

2002-12-15 Thread dre

""nrf""  wrote in message ...
> The biggest problem with broadband?  Simple.  There is no mass-market
> app that actually requires broadband.  Most people are perfectly
> happy with dial.  After all, what do they do on the Internet -
> surf a few pages, send a few emails, do some instant messaging -
> all low-impact apps.  Most regular people (who are mostly
> nontechnical) simply don't see why they should pay more and put
> up with a less reliable technology in order to do the things they
> do a little faster.  And again, it's not because they don't know
> what it means to have a fast connection.  A lot of these people
> work in offices that have good connections, and yet they still
> don't want it for themselves.  Essentially all of the technical
> people (the geeks) who want broadband have already gotten it, the
> trick now is to somehow convince all the nontechnical people that
> broadband is worth it.  I hope somebody will finally invent something
> that will actually convince the masses that broadband is good, for
> otherwise the telco depression will go on and on.

Wow nrf, you were totally dead-on correct until the last paragraph.
Need for R/S skills is gone, and basically is not coming back - that's a
fact.

However, broadband is going to continue to have strange offerings
with different apps all the time.  Sure, most poeple only use email,
surfing, and maybe IM today (for which dial works fine).  But you
are seemingly waiting for something to be invented.  It's already
invented.  SIP, IM, Presence - these things exist today (and yes,
I'm aware that maybe it's best if they don't work over the Internet
and instead on private IP networks).  But why can't more and more
broadband connections actually be private IP networks (as well as
maybe Internet access)?  Why aren't people utilizing MPEG-4 in the
way that some (college students at least) are using MP3?  I don't
own cable, but I can easily download all the episodes of Soprano
to my home computer over my broadband connection.  Why do I need
cable or satellite now?  Do I need a VCR, PVR, DVR, DVD, etc?  Do
I need a receiver?  Do I even need a television?  Do I even need a
telephone?

This isn't your standard plumbing.  You don't load new bits into
the bottom of your sink and instantly upgrade your plumbing to
faster, more converged services.  It doesn't work like that.
Broadband does.

So you keep waiting for things that are already invented (SIP,
MPEG-4, 3G, Bluetooth, IEEE 1394, P2P, etc) to catch on.  The rest
of us will be paying less money and simplifying our lives.  The
trick isn't to invent a new technology, but it's to get the average
person to be able to embrace the technology that's already out
there.

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59271&t=59271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Rainy Days, Sundays, and OSPF [7:59269]

2002-12-15 Thread Eric Rogers

Well then let's involve the Service Provider...Is there a common SP
involved??? What's there take??? How I've had my days of "OUR network is
fine" it's "Your problem"...LOL...Why do issue's seem to disappear after the
SP inquiry??? I change SP's and "MY Problem" never returns!!! :-) Go
figure...


- Original Message -
From: "The Long and Winding Road" 
To: 
Sent: Sunday, December 15, 2002 9:23 PM
Subject: Rainy Days, Sundays, and OSPF [7:59269]


> always get me down.
>
> I had to cover for someone who is out on vacation. Simple customer
network,
> hub and 6 spokes over frame relay. no biggie, except the installation
people
> couldn't get it to work, so they had to call in the designer or the poor
> fool covering for him.
>
> hub site uses a single subinterface, and manual frame mapping. each spoke
> uses the physical interface.
>
> don't get me started. I would have done multiple point-to-point
> subinterfaces, and I would have knee jerked to EIGRP, but that's another
> story. Besides, the customer was probably a cheapskate, and didn't want to
> pay the few extra bucks a month for more PVC's at the hub.
>
> In any case, the configs looked good to me and I was able to mock
something
> up in my home lab. ospf network type point-to-multipoint on all interfaces
> and the hub site subinterface. works like a charm.
>
> however, in the customer network, two of the spoke sites just would not
come
> up or form ospf neighbor relationships. all the frame mappings were ok. I
> could ping from any router to any other router. so what gives? when I
> checked the debugs on the spoke sites that were failing, I could see an
> error about the link going down every time I put an ospf network
> point-to-multipoint command on the interface. as soon as I changed the
ospf
> network type to broadcast, the link came up and adjacencies formed.
>
> I checked CCO and did not find anything in particular. There is a bug
listed
> for ospf point-to-multipoint and unnumbered interfaces. I called TAC, but
no
> help there.
>
> this got me to wondering if anyone has run into anything like this before?
>
> Chuck
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59272&t=59269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Mcaster Download [7:59273]

2002-12-15 Thread NKP

Hello ,
   Does anyone know where to download MCASTER  from , it was previously
available  for free download at :
www.hugewave.com/blackbook , but it seems that it is no longer there .

 thanks,

Navin Parwal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59273&t=59273
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco IP Telephony Certification.... [7:59274]

2002-12-15 Thread Quek, Steven

Hi,

I believe this has been posted before, I wish to pursue
the Cisco IP Telephony track. Like to check which Cisco Press book must I get
hold to read up for the tests.

>From the Cisco URL they have revised and named it as "Enterprise Voice Over
Data Design".
& "Deploying QoS For Enterprise Network". These 2 tests you must passed to
get Specialized.

Hopefully you can let me know the passing marks and time needed for the
tests.

Appreciate anyone out there can provide me other valuable information so
that I can
work on it.

Thanks again & have a Merry Christmas.

With regards
Steven Quek




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59274&t=59274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - R&S networking future? [7:59275]

2002-12-15 Thread nrf

""dre""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""nrf""  wrote in message ...
> > The biggest problem with broadband?  Simple.  There is no mass-market
> > app that actually requires broadband.  Most people are perfectly
> > happy with dial.  After all, what do they do on the Internet -
> > surf a few pages, send a few emails, do some instant messaging -
> > all low-impact apps.  Most regular people (who are mostly
> > nontechnical) simply don't see why they should pay more and put
> > up with a less reliable technology in order to do the things they
> > do a little faster.  And again, it's not because they don't know
> > what it means to have a fast connection.  A lot of these people
> > work in offices that have good connections, and yet they still
> > don't want it for themselves.  Essentially all of the technical
> > people (the geeks) who want broadband have already gotten it, the
> > trick now is to somehow convince all the nontechnical people that
> > broadband is worth it.  I hope somebody will finally invent something
> > that will actually convince the masses that broadband is good, for
> > otherwise the telco depression will go on and on.
>
> Wow nrf, you were totally dead-on correct until the last paragraph.
> Need for R/S skills is gone, and basically is not coming back - that's a
> fact.
>
> However, broadband is going to continue to have strange offerings
> with different apps all the time.  Sure, most poeple only use email,
> surfing, and maybe IM today (for which dial works fine).  But you
> are seemingly waiting for something to be invented.  It's already
> invented.  SIP, IM, Presence - these things exist today (and yes,
> I'm aware that maybe it's best if they don't work over the Internet
> and instead on private IP networks).  But why can't more and more
> broadband connections actually be private IP networks (as well as
> maybe Internet access)?  Why aren't people utilizing MPEG-4 in the
> way that some (college students at least) are using MP3?  I don't
> own cable, but I can easily download all the episodes of Soprano
> to my home computer over my broadband connection.  Why do I need
> cable or satellite now?  Do I need a VCR, PVR, DVR, DVD, etc?  Do
> I need a receiver?  Do I even need a television?  Do I even need a
> telephone?
>
> This isn't your standard plumbing.  You don't load new bits into
> the bottom of your sink and instantly upgrade your plumbing to
> faster, more converged services.  It doesn't work like that.
> Broadband does.
>
> So you keep waiting for things that are already invented (SIP,
> MPEG-4, 3G, Bluetooth, IEEE 1394, P2P, etc) to catch on.  The rest
> of us will be paying less money and simplifying our lives.  The
> trick isn't to invent a new technology, but it's to get the average
> person to be able to embrace the technology that's already out
> there.


I am hardly waiting for somebody to invent something.  I am well aware that
there are many cool and killer things out there that are served very well by
broadband.

But you hit it right on the head - it's all about getting people to embrace
that technology, which is by no means inevitable.  The road to technology
nirvana is littered with cast-off inventions that were technically wonderful
but for some reason never garnered a mass audience.  There is certainly
nothing inevitable about the masses adopting some new technology no matter
how cool it is.

And even if it is ultimately adopted, another relevant question is whether
it will be adopted quickly enough to justify the capital investments that
were made?  Because if not, then the telco depression is going to linger for
even longer than it already will.  Telcos don't just build out broadband
infrastructure just 'for fun', they do it because they are banking their
business on garnering a rate of return in a reasonable amount of time.  When
the payoff period gets pushed further and further out, then that makes the
original investment less and less appealing.  At some point (which I think
we have reached and probably surpassed), the investment is unprofitable.
Broadband penetration is nowhere near the levels needed to make it
profitable.

This not only damages existing telcos/MSO's even further than they are
already, this discourages further investment into broadband.  I know if I
was a telco exec I would be leery about investing in broadband, simply
because I see all my competitors going to the broadband poorhouse and I
don't want that to happen to me.

It all comes down to money.  Businesses invest in things that make money and
disinvest in things that lose money.  Until somebody can actually come up
with a broadband business model that actually works, broadband will be a
white elephant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59275&t=59275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondi

45 matches

Mail list logo