Re: non-cisco IP phones with Cisco Call Manager [7:59446]
Yes, callmanager supports SIP, there are also ip phones that function as sccp endpoints. Colin ""chinmay chinmaylolienkar"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > Is is possible to integrate Non-cisco IP phones with Cisco call Manager. > > Regards > Chinmay Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59511&t=59446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 6:37 PM + 12/18/02, Mic shoeps wrote: > >Hello > > > >I've been arguing with a collegue of mine which one would be tougher to > >achieve. I told him that it would be much more harder to have a computer > >science or a networking degree (you have to take the GRE and complete 2 or 3 > >years of school works) than a CCIE, but my collegue think other wise. He > >literally believes that having a CCIE is equivalent of having a Ph.d in > >Networking. I'd like to hear your thought. > > Well, let's look at some especially important PhD dissertations: > >Radia Perlman: > http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-429.pdf >Steve Deering: > http://www.tux.org/pub/net/ftp.ee.lbl.gov/sigcomm/sigcomm.ps >Vern Paxson: http://citeseer.nj.nec.com/paxson97measurements.html > > The content of many protocol RFCs is at a level that might be > associated with PhD level research, although some of the most > productive people with both operational and theoretical knowledge are > college dropouts. Look through the list of RFCs and see how many > that someone with a CCIE, and no theoretical* training could write. > > For example, we have fairly strong data that the path vector approach > of BGP will not continue to scale as the Internet becomes more highly > interconnected and there is more churn/flap. It's not directly a > problem of the number of routes, but their interaction. A reasonable > dissertation would propose the theory of a protocol to replace BGP, > with some experimental backup. > time for the old paradigm shift, eh, Howard? BTW - do you know why it only took God 6 days to create the universe? ;-> > > -- > *By theoretical, I don't mean as is often used on the list: "how the > protocol works and what are its messages." I mean WHY the protocol > is designed the way it is, what alternatives were rejected, the > problems it solves, etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59510&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Acceptable Amount of CRC Errors [7:59477]
I would also reset the counters on hourly intervals when I'm tracking a big ish problem this way and keep track of the statistics. You might find that errors peak at certain times of the day. Counters that are very old is not really very useful. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 18 December 2002 22:35 To: [EMAIL PROTECTED] Subject: RE: Acceptable Amount of CRC Errors [7:59477] On shared Ethernet, CRC errors are often the result of a collision. Let's leave that aside, however, and assume that you are referring to CRC errors on full-duplex Ethernet or serial links. CRC errors are caused by noise, signal reflections, impedance mismatches, improperly installed demarcs, faulty hardware, and other bad things that really shouldn't happen. The number should be really low. That's helpful, eh? :-) CRC errors should be less on fiber-optic cabling compared to copper cabling. According to industry standards, fiber-optic cabling should not experience more than one bit error per 10^11 bits. Copper cabling should not experience more than one bit error per 10^6 bits. Some documents from Cisco and other vendors specify a threshold of one bad frame per megabyte of data. In other words, an interface should not experience more than one CRC error per megabyte of data received. (The "megabyte of data" threshold comes from the industry standards that state that copper cables should not have a bit error rate that exceeds 1 in 10^6.) This method is better than simply calculating a percentage of bad frames compared to good frames, which does not account for the variable size of frames. (If you have a constant flow of 64-byte frames, for example, and a percentage of them is getting damaged, that probably represents a more serious problem than the same percentage of 1500-byte frames getting damaged. So, it's better to use a total number of bytes rather than a total number of frames in the calculation.) When troubleshooting at the Data Link Layer, which deals with frames rather than bits, you can't actually determine a bit error rate, but you can at least get a rough estimate by considering the number of CRC errors compared to the number of megabytes received. Some Cisco documentation simply states that a problem exists if input errors are in excess of 1 percent of total interface traffic. This is easier to remember, but it's actually just as hard to comprehend. The documents don't specify whether you should compare the input errors to the number of frames or the number of bytes received. If they means frames, then we have the problem already mentioned (no accounting for variable frame sizes). If they mean bytes, then 1 percent is very high. On a loaded network, 1 percent of total bytes represents a very high bit-error rate. You may want to use a number less than 1 percent. When troubleshooting input errors, you should also consider a timeframe and whether there's been a burst of errors and how long the burst has lasted. The telco practice is to report total errors along with errored seconds, for example. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Lupi, Guy wrote: > > I remember looking at a link on Cisco's web site that stated an > acceptable > threshold for CRC errors on an interface. I believe it was > something like > CRCs could not exceed .001% of the total input packets on the > interface. > Has anyone else seen this link, or one like it? I am trying to > determine > the threshold for an alarm notification when polling for > iferrors. > > Guy H. Lupi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59509&t=59477 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
At 6:37 PM + 12/18/02, Mic shoeps wrote: >Hello > >I've been arguing with a collegue of mine which one would be tougher to >achieve. I told him that it would be much more harder to have a computer >science or a networking degree (you have to take the GRE and complete 2 or 3 >years of school works) than a CCIE, but my collegue think other wise. He >literally believes that having a CCIE is equivalent of having a Ph.d in >Networking. I'd like to hear your thought. Well, let's look at some especially important PhD dissertations: Radia Perlman: http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-429.pdf Steve Deering: http://www.tux.org/pub/net/ftp.ee.lbl.gov/sigcomm/sigcomm.ps Vern Paxson: http://citeseer.nj.nec.com/paxson97measurements.html The content of many protocol RFCs is at a level that might be associated with PhD level research, although some of the most productive people with both operational and theoretical knowledge are college dropouts. Look through the list of RFCs and see how many that someone with a CCIE, and no theoretical* training could write. For example, we have fairly strong data that the path vector approach of BGP will not continue to scale as the Internet becomes more highly interconnected and there is more churn/flap. It's not directly a problem of the number of routes, but their interaction. A reasonable dissertation would propose the theory of a protocol to replace BGP, with some experimental backup. -- *By theoretical, I don't mean as is often used on the list: "how the protocol works and what are its messages." I mean WHY the protocol is designed the way it is, what alternatives were rejected, the problems it solves, etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59508&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 525 norandomseq?? [7:59471]
Arnold, If traffic is passing through both of these pixes, this rule will apply to your case. I have seen some financial companies setup where they have web tier accessible through frontline pix and backend accesssible through second pix(although generally they use other vendor firewall as 2nd firewall, if they have two firewalls, but for the sake of argument let's say pix). Data on the backend is only accessible by web tier and not outside world. In that case, it is not necessary to use norandomseq. -Keyur Shah- CCIE# 4799 (Security; R/S) CISSP,ccsa,css1,scsa,scna,mct,mcse,cni,mcne Hello Computers "Say Hello to Your Future!" http://www.hellocomputers.com Toll-Free: 1.877.794.3556 -Original Message- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 8:21 AM To: [EMAIL PROTECTED] Subject: PIX 525 norandomseq?? [7:59471] Cisco states that the norandomseq comand should be not used when you have a pix "inline" with another pix. Does "inline" mean directly connected? I have a 525 at the edge and a few 500 series Pixs in other places in the network behind a 6500 and or a 5500 router(s). Do I have to worry about this in my situation on the statics? Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59507&t=59471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
At 6:37 PM + 12/18/02, Mic shoeps wrote: >Hello > >I've been arguing with a collegue of mine which one would be tougher to >achieve. I told him that it would be much more harder to have a computer >science or a networking degree (you have to take the GRE and complete 2 or 3 >years of school works) than a CCIE, but my collegue think other wise. He >literally believes that having a CCIE is equivalent of having a Ph.d in >Networking. I'd like to hear your thought. Offhand, I know of two joint PhD/CCIEs, Dima Krioukov and Pete Welcher. I'm sure there are more. Perhaps they are monitoring and could comment. But let's look at some especially important PhD dissertations, and compare them to CCIE: Radia Perlman: http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-429.pdf Steve Deering: http://www.tux.org/pub/net/ftp.ee.lbl.gov/sigcomm/sigcomm.ps Vern Paxson: http://citeseer.nj.nec.com/paxson97measurements.html The content of many protocol RFCs is at a level that might be associated with PhD level research, although some of the most productive people with both operational and theoretical knowledge are college dropouts. Look through the list of RFCs and see how many that someone with a CCIE, and no theoretical* training could write. For example, we have fairly strong data that the path vector approach of BGP will not continue to scale as the Internet becomes more highly interconnected and there is more churn/flap. It's not directly a problem of the number of routes, but their interaction. A reasonable dissertation would propose the theory of a protocol to replace BGP, with some experimental backup. -- *By theoretical, I don't mean as is often used on the list: "how the protocol works and what are its messages." I mean WHY the protocol is designed the way it is, what alternatives were rejected, the problems it solves, etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59506&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2514 serial port flipping between up and down, [7:59501]
It's probably misconfigured. What is the config of this router and the other router? Wei Zhu wrote: > > I also tried "debug serial interface", only see myseq , other > side are always 0, also the "show interface serial" shows the > number interface resets and carrier transition are increasing > all the time. > > Thanks > > - Original Message - > From: "Wei Zhu" > To: "Leo Song" ; > Sent: Wednesday, December 18, 2002 6:37 PM > Subject: Re: 2514 serial port flipping between up and down, hel > [7:59426] > > > > Actually I am using DCE/DTE back to back connecting to > another router(which is tested good), the line protocol is up > and down continuously and count for interface resets is > increasing all the time, does that mean the serial ports are bad? > > > > Thanks > > > > - Original Message - > > From: "Leo Song" > > To: "'Wei Zhu'" ; > > Sent: Wednesday, December 18, 2002 11:50 AM > > Subject: RE: 2514 serial port flipping between up and down, > hel [7:59426] > > > > > > > Did you try to replace the v.35 cable? > > > > > > Leo > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > On Behalf Of > > > Wei Zhu > > > Sent: Wednesday, December 18, 2002 9:45 AM > > > To: [EMAIL PROTECTED] > > > Subject: 2514 serial port flipping between up and down, hel > [7:59426] > > > > > > Just got one from eBay, the AUI is OK, but could not get > the serials > > > work, > > > tried different speed, sometime at 56000 worked but not > stable, other > > > speed > > > didn't work at all. Any suggestion? > > > > > > Thanks > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59503&t=59501 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
Oh, please. At 06:37 PM 12/18/2002 +, Mic shoeps wrote: >Hello > >I've been arguing with a collegue of mine which one would be tougher to >achieve. I told him that it would be much more harder to have a computer >science or a networking degree (you have to take the GRE and complete 2 or 3 >years of school works) than a CCIE, but my collegue think other wise. He >literally believes that having a CCIE is equivalent of having a Ph.d in >Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59505&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1750/1760 [7:59502]
Has anyone used either of these routers in a VPN w/ EIGRP environment? How is the performance? Any other experiences? Please email me directly. Thanks, Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59502&t=59502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2514 serial port flipping between up and down, [7:59501]
I also tried "debug serial interface", only see myseq , other side are always 0, also the "show interface serial" shows the number interface resets and carrier transition are increasing all the time. Thanks - Original Message - From: "Wei Zhu" To: "Leo Song" ; Sent: Wednesday, December 18, 2002 6:37 PM Subject: Re: 2514 serial port flipping between up and down, hel [7:59426] > Actually I am using DCE/DTE back to back connecting to another router(which is tested good), the line protocol is up and down continuously and count for interface resets is increasing all the time, does that mean the serial ports are bad? > > Thanks > > - Original Message - > From: "Leo Song" > To: "'Wei Zhu'" ; > Sent: Wednesday, December 18, 2002 11:50 AM > Subject: RE: 2514 serial port flipping between up and down, hel [7:59426] > > > > Did you try to replace the v.35 cable? > > > > Leo > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > > Wei Zhu > > Sent: Wednesday, December 18, 2002 9:45 AM > > To: [EMAIL PROTECTED] > > Subject: 2514 serial port flipping between up and down, hel [7:59426] > > > > Just got one from eBay, the AUI is OK, but could not get the serials > > work, > > tried different speed, sometime at 56000 worked but not stable, other > > speed > > didn't work at all. Any suggestion? > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59501&t=59501 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2514 serial port flipping between up and down, [7:59500]
Actually I am using DCE/DTE back to back connecting to another router(which is tested good), the line protocol is up and down continuously and count for interface resets is increasing all the time, does that mean the serial ports are bad? Thanks - Original Message - From: "Leo Song" To: "'Wei Zhu'" ; Sent: Wednesday, December 18, 2002 11:50 AM Subject: RE: 2514 serial port flipping between up and down, hel [7:59426] > Did you try to replace the v.35 cable? > > Leo > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Wei Zhu > Sent: Wednesday, December 18, 2002 9:45 AM > To: [EMAIL PROTECTED] > Subject: 2514 serial port flipping between up and down, hel [7:59426] > > Just got one from eBay, the AUI is OK, but could not get the serials > work, > tried different speed, sometime at 56000 worked but not stable, other > speed > didn't work at all. Any suggestion? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59500&t=59500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2514 serial port flipping between up and down, [7:59426]
What is the serial port connected to? What's the config? We need more info to help. Wei Zhu wrote: > > Just got one from eBay, the AUI is OK, but could not get the > serials work, tried different speed, sometime at 56000 worked > but not stable, other speed didn't work at all. Any suggestion? > > Thanks > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59498&t=59426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2514 serial port flipping between up and down, [7:59473]
Did you try to replace the v.35 cable? Leo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Wei Zhu Sent: Wednesday, December 18, 2002 9:45 AM To: [EMAIL PROTECTED] Subject: 2514 serial port flipping between up and down, hel [7:59426] Just got one from eBay, the AUI is OK, but could not get the serials work, tried different speed, sometime at 56000 worked but not stable, other speed didn't work at all. Any suggestion? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59473&t=59473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Post failure on 2912, how to repair? [7:59329]
Thanks for the reply. Can you retrospectively purchase smartnet? Symon -Original Message- From: Brad [mailto:[EMAIL PROTECTED]] Sent: 18 December 2002 14:45 To: [EMAIL PROTECTED] Subject: Re: Post failure on 2912, how to repair? [7:59329] ooo...that's bad. I think the controller is soldered on, isnt it? For a cat2912, I think smartnet is pretty cheap. That is probably the best way to go. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.ccbootcamp.com (cisco training) ""Symon Thurlow"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi guys, > > I searched the archives about this, but couldn't find anything. > > I have a Cat 2912 switch, that has 4 faulty ports. It fails post, here > is a snippet: > > C2900xl POST: System Board Test: Passed > C2900xl POST: Daughter Card Test: Passed > C2900xl POST: CPU Buffer Test: Passed > C2900xl POST: CPU Notify RAM Test: Passed > C2900xl POST: CPU Interface Test: Passed > C2900xl POST: Testing Switch Core: Passed > C2900xl POST: Testing Buffer Table: Passed > C2900xl POST: Data Buffer Test: Passed > C2900xl POST: Configuring Switch Parameters: Passed > C2900xl POST: Ethernet Controller Test: Passed > C2900xl POST FAILURE: front-end post: FastEthernet0/9: C2900xl POST > FAILURE: looped-back packet not received C2900xl POST FAILURE: > front-end post: FastEthernet0/10: C2900xl POST FAILURE: looped-back > packet not received C2900xl POST FAILURE: front-end post: > FastEthernet0/11: C2900xl POST FAILURE: looped-back packet not > received C2900xl POST FAILURE: front-end post: FastEthernet0/12: > C2900xl POST FAILURE: looped-back packet not received > C2900xl POST: MII Test: Passed > cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with > 8192K/1024K bytes of memory. > Last reset from power-on > > Processor is running Enterprise Edition Software > Cluster command switch capable > Cluster member switch capable > 8 FastEthernet/IEEE 802.3 interface(s) > > You can see it only recognises 8 ports. > > I searched CCO, and found a bknown bug where ESD can fry the > controllers. Each controller operates 4 ports. > > Is there a way to get it reapired? Can you buy the controller from > somewhere and replace it? > > Any help greatly appreciateed, > > Symon = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59492&t=59329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: O/T: Follow-up to TCP Rcv Window [7:59487]
And in fairness to Ethereal... I upgraded from 0.9.6 to 0.9.8 today (just released a week or so ago). Now, when the handshake takes place, instead of just showing you the hex value for scale, Ethereal tells you to (multiply by x), where x is whatever decimal value being offered/requested. Also, some of you probably caught me in a lie. MSS is four bytes and SACK permitted is 2. I'll shut up now. s vermill wrote: > > Group: > > Thanks again for all of the additional input. I owe you this > follow-up because I had some things wrong last night. Here, I > hope, is much better information: > > On the drive home last night, it began to bother me that > Ethereal was only showing 4 bytes of options in my outgoing > syns (1 byte MSS, 2 bytes NOP, and 1 byte SACK Permitted). It > seemed that the developers would have had to have gone to great > trouble to strip out the RFC1323 options in the capture and > still have the checksum pass. Why bother? Hmmm... > > I recaptured a download test from pcpitstop. Sure enough, the > web server was having my machine report its value for > MaxTcpWindowSize so that the web server could turn right back > around and plug it into the "results" being displayed on my > machine. Alas, I was not actually opening an rcv window above > 65535. It was all smoke and mirrors. > > I had read several times that RFC1323 window scaling was > enabled by default in W2k and newer OSes. Turns out, it will > accept offers by default, but not make any of its own. That > is, until you create the DWORD value Tcp1323Opts under the > \tcpip\parameters key and set it appropriately (url to follow). > > Furthermore, TcpWindowSize is still intended to be mainly used > as a per-interface parameter. GlobalMaxTcpWindowSize enforces > a global limit that no interface can exceed. So, setting the > two at the same value under \tcpip\parameters, or just > TcpWindowSize alone under the same, along with Tcp1323Opts set > appropriately, actually enables window scaling. > > Sure enough, my Ethereal capture now reflects 28 bytes of > options, including an offer to window scale. The scale value > offered tracks exactly what I would expect based on my various > TcpWindowSize experiments. So, although Ethereal doesn't > "support" window scaling in that it still reflects the 16-bit > value in the "normal" (non-handshake) data segments, you can > track back to the original "syn, syn-ack, ack" handshake in the > trace file and do the math yourself (assuming, of course, that > the distant-end accepted the offer to scale!). > > And here is more about the MS TCP stack for W2k than you ever > wanted to know (Appendix A has all the relevant DWORDS and > their valid ranges): > > http://www.microsoft.com/windows2000/docs/tcpip2000.doc > > You can even enable MTU discovery on your W2k box?! > > Regards all, > > Scott > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59499&t=59487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay congestion control [7:59478]
The bits are set by the equipment in the FR cloud. | | R1--|--Ra-RbRc-|-R2 | | FR boundry FR boundry In a simplified drawing like this if the link from router Rb to Rc was becoming congested Rb would notify Ra of the congestion and Ra would notify R1 that there is FORWARD CONGESTION and to slow down data the transmission rate. On Wed, 18 Dec 2002, Deepak Achar wrote: > Hi all > I have very basic doubt regarding the frame-relay congestion control. > > I have two routers which are connected thro' FR network.This is as follows > > > R1---FR cloud---FR cloud--R2 > > Now suppose the congestion is occuring in the path R1 to R2 and there is no > congestion in the path from R2 to R1. >According to theory, FR network will set the FECN bit to a 1 in those > frames that r going form R1 to R2. The FR network will set the BECN bit to a > 1 in those frames that r going from R2 to R1. > My thinking is if the network is already congested, would the frames be > discarded before they reach the other end. If this is true, how will the > other end router would come to know that the congestion is happening in the > path. > If the its not true, then how will those frames, with FECN and BECN bit > set to 1, reach the FR routers at the end, even though there is congestion > in the path. > I am confused regarding this. Please can anyone helpme out in this regard. > > Regards > Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59497&t=59478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is this Accesslist Vulnerable [7:59443]
Munit Singla wrote: > > Hi Brian, > what abt the port numbers in case of rip. You're already taking care of the port number with the keyword "rip." > should that be taken care. > Munit > > > Brian wrote: > > > I would limit source addresses and use authentication for > routing uodate > > exchanges. Absolutely! You're letting just anyone send you RIP, EIGRP, and OSPF data. That's risky. Also, you better permit some other traffic too! Why bother allowing routing updates if you aren't going to let any other traffic in. ;-)Don't forget the implicit deny all at the end of the list. Priscilla > > > > Bri > > > > On Wed, 18 Dec 2002, Munit Singla wrote: > > > > > Hi All, > > > Is their any type of vulnerability in this access kist > > > access-list permit udp any any eq rip > > > access-list permit ospf any any > > > access-list permit eigrp any any > > > This access list is applied to the wan iterface in the > inbound > > > direction. > > > Or should it be according to the multicast addreses the > specific routing > > > > > > protocol uses except Ripv1. > > > another thing for ripv 1& 2 we can specify source port > instead of any > > > .can anybody suggest me that with the above access list > what could be > > > Implications. > > > Thanx in Advance > > > Regards, > > > Munit > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59496&t=59443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
I remember telling one of my professors that I am currently pursueing CCIE written...not even the lab. This was a few months ago. His response (he is a PH.d in electrical eng) said, " OH, why aren't you in the master of engineering program "? I looked at him funny:) -Original Message- From: Steve Dispensa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 3:37 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Vs. BS or MS dergree [7:59481] > I've been arguing with a collegue of mine which one would be tougher to > achieve. I told him that it would be much more harder to have a computer > science or a networking degree (you have to take the GRE and complete 2 or 3 > years of school works) than a CCIE, but my collegue think other wise. He > literally believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. I have a BA and have been blocked for a number of years on my MS in comp sci. The CCIE cert has meant much more to my career than any of the school-related stuff, in a direct sense: it allows me to get jobs/engagements/etc, and none of the jobs i'm interested in have required completion of the MS. If you were more interested in theoretical work, or perhaps with some employers (with dubious ability to evaluate a candidate), the degrees would be much more important. This *only* applies in the field of computer networking, though. If you want to do anything else, the CCIE is pretty worthless. Even in the networking world, the thought leadership doesn't much care about certs - witness IETF, NANOG, etc - nobody there mentions or cares about CCIE. Also, i have found in my career that many CCIEs (to say nothing of the rest) don't have a sound theoretical grounding at all. Things you learn in CS school really are important - queuing theory, optimization problems, statistics, problem complexity, and even (in particular) programming. You don't truly understand network protocols until you've done network programming IMHO. CCIE is a certification for people who like to get their hands dirty with routers. CCIEs are the best in the world at fixing broken networks, setting up new ones, and so on. They're *not* necessarily any good at anything else. This is a big difference from a Ph.D. or MS, which imply a solid, broad theoretical base in addition to an area of expertise. -sd (CCIE #5444) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59495&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
> I've been arguing with a collegue of mine which one would be tougher to > achieve. I told him that it would be much more harder to have a computer > science or a networking degree (you have to take the GRE and complete 2 or 3 > years of school works) than a CCIE, but my collegue think other wise. He > literally believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. I have a BA and have been blocked for a number of years on my MS in comp sci. The CCIE cert has meant much more to my career than any of the school-related stuff, in a direct sense: it allows me to get jobs/engagements/etc, and none of the jobs i'm interested in have required completion of the MS. If you were more interested in theoretical work, or perhaps with some employers (with dubious ability to evaluate a candidate), the degrees would be much more important. This *only* applies in the field of computer networking, though. If you want to do anything else, the CCIE is pretty worthless. Even in the networking world, the thought leadership doesn't much care about certs - witness IETF, NANOG, etc - nobody there mentions or cares about CCIE. Also, i have found in my career that many CCIEs (to say nothing of the rest) don't have a sound theoretical grounding at all. Things you learn in CS school really are important - queuing theory, optimization problems, statistics, problem complexity, and even (in particular) programming. You don't truly understand network protocols until you've done network programming IMHO. CCIE is a certification for people who like to get their hands dirty with routers. CCIEs are the best in the world at fixing broken networks, setting up new ones, and so on. They're *not* necessarily any good at anything else. This is a big difference from a Ph.D. or MS, which imply a solid, broad theoretical base in addition to an area of expertise. -sd (CCIE #5444) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59494&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Acceptable Amount of CRC Errors [7:59477]
On shared Ethernet, CRC errors are often the result of a collision. Let's leave that aside, however, and assume that you are referring to CRC errors on full-duplex Ethernet or serial links. CRC errors are caused by noise, signal reflections, impedance mismatches, improperly installed demarcs, faulty hardware, and other bad things that really shouldn't happen. The number should be really low. That's helpful, eh? :-) CRC errors should be less on fiber-optic cabling compared to copper cabling. According to industry standards, fiber-optic cabling should not experience more than one bit error per 10^11 bits. Copper cabling should not experience more than one bit error per 10^6 bits. Some documents from Cisco and other vendors specify a threshold of one bad frame per megabyte of data. In other words, an interface should not experience more than one CRC error per megabyte of data received. (The "megabyte of data" threshold comes from the industry standards that state that copper cables should not have a bit error rate that exceeds 1 in 10^6.) This method is better than simply calculating a percentage of bad frames compared to good frames, which does not account for the variable size of frames. (If you have a constant flow of 64-byte frames, for example, and a percentage of them is getting damaged, that probably represents a more serious problem than the same percentage of 1500-byte frames getting damaged. So, it's better to use a total number of bytes rather than a total number of frames in the calculation.) When troubleshooting at the Data Link Layer, which deals with frames rather than bits, you can't actually determine a bit error rate, but you can at least get a rough estimate by considering the number of CRC errors compared to the number of megabytes received. Some Cisco documentation simply states that a problem exists if input errors are in excess of 1 percent of total interface traffic. This is easier to remember, but it's actually just as hard to comprehend. The documents don't specify whether you should compare the input errors to the number of frames or the number of bytes received. If they means frames, then we have the problem already mentioned (no accounting for variable frame sizes). If they mean bytes, then 1 percent is very high. On a loaded network, 1 percent of total bytes represents a very high bit-error rate. You may want to use a number less than 1 percent. When troubleshooting input errors, you should also consider a timeframe and whether there's been a burst of errors and how long the burst has lasted. The telco practice is to report total errors along with errored seconds, for example. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Lupi, Guy wrote: > > I remember looking at a link on Cisco's web site that stated an > acceptable > threshold for CRC errors on an interface. I believe it was > something like > CRCs could not exceed .001% of the total input packets on the > interface. > Has anyone else seen this link, or one like it? I am trying to > determine > the threshold for an alarm notification when polling for > iferrors. > > Guy H. Lupi > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59493&t=59477 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DSL/Cable Load Balancer [7:59306]
Here are the 2 devices that will do what you are looking for. But what these devices do is load balance seesions outbound from the local lan. So if you have like 5 pc's on the lan and 2 pc's started internet explorer at the same time one pc will go out over one connection the other pc will go out over the 2nd connection. The nexland product works great if you have any questions on that product contact me offline away from the list. http://www.nexland.com/turbo.cfm http://www.bulletrouter.com.tw/product/e5600.htm Elijah http://www.digitalrage.org For your one stop of technical news and HowTo's -Original Message- From: Robert Raver [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 1:56 PM To: [EMAIL PROTECTED] Subject: DSL/Cable Load Balancer [7:59306] Hey, This is a little off topic, but I have been searching for hours with no results. There was a device featured in a magazine (Maximum or T3) that you could plug in both Cable and DSL lines and load balance in between both. Now I need this device and cannot find it. Does anybody know of it? I want a simple solution to this problem. Any help would be appreciated. Thanks, Robert Raver Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59491&t=59306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
"at equal rate"; as Socrates would put it. Aristotle as opposed to Socrates... my bad.. knew something was off about that.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59490&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
Degree is safer. Especially now. - Original Message - From: "timothy" To: Sent: Wednesday, December 18, 2002 1:11 PM Subject: RE: CCIE Vs. BS or MS dergree [7:59481] > This is a great question. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 12:38 PM > To: [EMAIL PROTECTED] > Subject: CCIE Vs. BS or MS dergree [7:59481] > > Hello > > I've been arguing with a collegue of mine which one would be tougher to > achieve. I told him that it would be much more harder to have a computer > science or a networking degree (you have to take the GRE and complete 2 or 3 > years of school works) than a CCIE, but my collegue think other wise. He > literally believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.427 / Virus Database: 240 - Release Date: 12/6/2002 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59489&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
MS- or PhD-level coursework is more difficult than what you'll run into studying for the CCIE, but they don't really cover the same subject matter so it's really apples and oranges. I personally don't even have a BS--which I regret--but it wouldn't help much in my current position anyway, except possibly for promotions or raises, which is important, but it wouldn't help me do my job any better. IMO, someone who pursues an MS or PhD is not planning on remaining a network technician for long; they probably have loftier goals. A CCIE with no degree, on the other hand, likely enjoys the technical side of things. I often heard it lamented that many CCIEs who are loving life as senior engineers end up being placed into management positions that they hate. Just because someone is advanced in a technical area does not necessarily make them management material. OTOH, someone with an MS or PhD is quite often management material, but not necessarily the first person you'd call with a general networking question. That depends on their area of emphasis, of course. So, my opinion? You're compairing apples to oranges, but an MS or PhD is tougher than CCIE if you're going to a reputable school. Regards, John >>> "Black Jack" 12/18/02 12:05:01 PM >>> I suppose a CCIE is sort of a Ph.D. of networking. Studying for and taking the written is the equivalent of coursework, then doing hands-on to prepare for the lab is like research for your dissertation, the the lab test represents the oral exam. But I wouldn't stretch the analogy too far. For one thing the quality and difficulty of computer science graduate schools varies greatly. Just getting into one of the top programs is probably harder than CCIE. And for another the two programs don't really test the same skills, do they? (Though they surely overlap) Mic shoeps wrote: > > Hello > > I've been arguing with a collegue of mine which one would be > tougher to achieve. I told him that it would be much more > harder to have a computer science or a networking degree (you > have to take the GRE and complete 2 or 3 years of school works) > than a CCIE, but my collegue think other wise. He literally > believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59488&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
O/T: Follow-up to TCP Rcv Window [7:59487]
Thanks again for all of the additional input. I owe you this follow-up because I had some things wrong last night. Here, I hope, is much better information: On the drive home last night, it began to bother me that Ethereal was only showing 4 bytes of options in my outgoing syns (1 byte MSS, 2 bytes NOP, and 1 byte SACK Permitted). It seemed that the developers would have had to have gone to great trouble to strip out the RFC1323 options in the capture and still have the checksum pass. Why bother? Hmmm... I recaptured a download test from pcpitstop. Sure enough, the web server was having my machine report its value for MaxTcpWindowSize so that the web server could turn right back around and plug it into the "results" being displayed on my machine. Alas, I was not actually opening an rcv window above 65535. It was all smoke and mirrors. I had read several times that RFC1323 window scaling was enabled by default in W2k and newer OSes. Turns out, it will accept offers by default, but not make any of its own. That is, until you create the DWORD value Tcp1323Opts under the \tcpip\parameters key and set it appropriately (url to follow). Furthermore, TcpWindowSize is still intended to be mainly used as a per-interface parameter. GlobalMaxTcpWindowSize enforces a global limit that no interface can exceed. So, setting the two at the same value under \tcpip\parameters, or just TcpWindowSize alone under the same, along with Tcp1323Opts set appropriately, actually enables window scaling. Sure enough, my Ethereal capture now reflects 28 bytes of options, including an offer to window scale. The scale value offered tracks exactly what I would expect based on my various TcpWindowSize experiments. So, although Ethereal doesn't "support" window scaling in that it still reflects the 16-bit value in the "normal" (non-handshake) data segments, you can track back to the original "syn, syn-ack, ack" handshake in the trace file and do the math yourself (assuming, of course, that the distant-end accepted the offer to scale!). And here is more about the MS TCP stack for W2k than you ever wanted to know (Appendix A has all the relevant DWORDS and their valid ranges): http://www.microsoft.com/windows2000/docs/tcpip2000.doc You can even enable MTU discovery on your W2k box?! Regards all, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59487&t=59487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
Four to six years ago I would have highly agreed with your friend in saying that the CCIE is much more difficult to obtain than most if not all degrees. However, with the developments over the recent years and popularity of the CCIE it has been commoditized. This cert use to be of a nature that represented a greater value and higher standard for those of us in this industry. I am not speaking for everyone. I have not ran across a CCIE (with the exception of a very few) in the past three to four years that could hold their ground "at equal rate"; as Socrates would put it. I can only imagine the extent of backlash of comments from people on this list. I encourage all those who wish to pursue the CCIE whether it be for their own personal reasons or for the monetary value. There is a great deal of credibility to obtaining a CCIE cert but it has become much easier to obtain in recent years. If I have offended anyone for my comments I wish to extend my apologies now as it was not my intent to do so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59486&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BRAS 7206 problem with ATM [7:59485]
Hi fellows, We have a BRAS 7206 router this is connected to the DSLA ASAM alcatel 7200 and that is connected to CPE (alcatel).CPE supports PPPoMux,PPPoLLC and PPPoNone.interface shows up but at the routers atm subinterface I am not able to get the input packets. Setup is like this. Cisco 7206--DSLA--Alcatel CPEPPPoE Client any idea where the problems is?? thanks Da' _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59485&t=59485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
This is a great question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: CCIE Vs. BS or MS dergree [7:59481] Hello I've been arguing with a collegue of mine which one would be tougher to achieve. I told him that it would be much more harder to have a computer science or a networking degree (you have to take the GRE and complete 2 or 3 years of school works) than a CCIE, but my collegue think other wise. He literally believes that having a CCIE is equivalent of having a Ph.d in Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59484&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
I suppose a CCIE is sort of a Ph.D. of networking. Studying for and taking the written is the equivalent of coursework, then doing hands-on to prepare for the lab is like research for your dissertation, the the lab test represents the oral exam. But I wouldn't stretch the analogy too far. For one thing the quality and difficulty of computer science graduate schools varies greatly. Just getting into one of the top programs is probably harder than CCIE. And for another the two programs don't really test the same skills, do they? (Though they surely overlap) Mic shoeps wrote: > > Hello > > I've been arguing with a collegue of mine which one would be > tougher to achieve. I told him that it would be much more > harder to have a computer science or a networking degree (you > have to take the GRE and complete 2 or 3 years of school works) > than a CCIE, but my collegue think other wise. He literally > believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59483&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client+IOS [7:59283]
Check the statistics for in and out Bayts on the client side: if the OUT is increasing without increasing in IN the problem would be either in routing or access-lists. ""JM"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello > I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. > On Cisco router I have: > Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 > Router has 4 interfaces: > serial 0/1 - Internet here I gave cryptomap > fasteth 0/1 -DMZ > fasteth 0/0 -LAN ( here I want to be tgrough VPN) > I have the same configuration like in TAC help : > http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html > VPN Client can login inside router, and I have ipaddress from router, > but I don't see anything. I can't ping. > I have question ? > Where am Im inside the router ? I am in, but I don't see anything. > When I will have : ip access-list out on fast0/0 (LAN) what should I > enable ? I have nat inside on fast 0/0 and outside on ser 0/1 > Regards > JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59482&t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Vs. BS or MS dergree [7:59481]
Hello I've been arguing with a collegue of mine which one would be tougher to achieve. I told him that it would be much more harder to have a computer science or a networking degree (you have to take the GRE and complete 2 or 3 years of school works) than a CCIE, but my collegue think other wise. He literally believes that having a CCIE is equivalent of having a Ph.d in Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59481&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Acceptable Amount of CRC Errors [7:59477]
I found the following paragraph at http://www.cisco.com/en/US/customer/tech/tk39/tk48/technologies_tech_note09186a00800c93ef.shtml "Note: The input errors counter tracks the total number of CRCs, "no buffers", runts, giants, frames, overruns, ignored, aborts and other input-related errors. The input errors counter is therefore either the same as, or higher than, the CRC counter. The occurence of errors and the input and output difference should not exceed one percent (1.0 %) of traffic on the interface." Hope this helps. Andrew -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 12:28 PM To: [EMAIL PROTECTED] Subject: Acceptable Amount of CRC Errors [7:59477] I remember looking at a link on Cisco's web site that stated an acceptable threshold for CRC errors on an interface. I believe it was something like CRCs could not exceed .001% of the total input packets on the interface. Has anyone else seen this link, or one like it? I am trying to determine the threshold for an alarm notification when polling for iferrors. Guy H. Lupi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59480&t=59477 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What would be most valuable [7:59475]
On Wed, 2002-12-18 at 11:11, Loechel, Michelle wrote: > I am working on an IT degree and have a requirement of either C++ or JAVA > programming. C++, hands down. It's more complicated but a heck of a lot more valuable. Java is basically limited to enterprise apps and some web-related content. C++ is used for *everything*. With .NET looming, I'd be reluctant to pour time into Java until I saw where C# is going. It may make a huge dent in the enterprise app space. Also, as someone who runs a commercial software development team, i have no need for Java and unlimited need for C/C++. My $0.02, anyway. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59479&t=59475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay congestion control [7:59478]
Hi all I have very basic doubt regarding the frame-relay congestion control. I have two routers which are connected thro' FR network.This is as follows R1---FR cloud---FR cloud--R2 Now suppose the congestion is occuring in the path R1 to R2 and there is no congestion in the path from R2 to R1. According to theory, FR network will set the FECN bit to a 1 in those frames that r going form R1 to R2. The FR network will set the BECN bit to a 1 in those frames that r going from R2 to R1. My thinking is if the network is already congested, would the frames be discarded before they reach the other end. If this is true, how will the other end router would come to know that the congestion is happening in the path. If the its not true, then how will those frames, with FECN and BECN bit set to 1, reach the FR routers at the end, even though there is congestion in the path. I am confused regarding this. Please can anyone helpme out in this regard. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59478&t=59478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Acceptable Amount of CRC Errors [7:59477]
I remember looking at a link on Cisco's web site that stated an acceptable threshold for CRC errors on an interface. I believe it was something like CRCs could not exceed .001% of the total input packets on the interface. Has anyone else seen this link, or one like it? I am trying to determine the threshold for an alarm notification when polling for iferrors. Guy H. Lupi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59477&t=59477 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN/Access List Problem - Need to allows IPSEC tunnels to [7:59476]
Hello everyone, I usually try not to use this as my personal tech support forum, but since TAC can't get off their but and provide the solution I thought I'd drop it and see. I have a remote site that connects to our central site via a VPN tunnel. The remote router is a Cisco 1710. We have it setup so remote traffic goes straight to the internet instead of back to us. Becuase of this we're using inspect and have tried to lock it down. However, we have an application running on all the machines inside that require an IPSEC tunnel to be built to them. However it doesn't seem to work even thought I have natting straight through and open the port with the access list, any suggestions? Attached is the config minus any public IPs etc. The latest thing TAC had me do was remove access list 160 from the E0 interface and is reflected in the config below. When the access list was applied, I wasn't getting any hits on the lines in the 160 access list relating to IPSEC. Any suggestions? Thanks in Advance version 12.2 no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname bb-mia-rt1 ! logging buffered 12880 debugging aaa new-model ! ! aaa authentication login default local aaa session-id common ! memory-size iomem 25 clock timezone EST -5 clock summer-time EST recurring ip subnet-zero ! ! ip tcp synwait-time 10 no ip domain-lookup ip domain-name .com ip dhcp excluded-address 10.7.2.1 10.7.2.50 ip dhcp excluded-address 10.7.2.150 10.7.2.254 ! ip dhcp pool bb-mia network 10.7.2.0 255.255.255.0 domain-name .com dns-server 172.28.1.240 netbios-name-server 172.28.1.232 172.28.1.234 netbios-node-type h-node default-router 10.7.2.1 lease 3 ! no ip bootp server ip inspect name masfw tcp ip inspect name masfw udp ip inspect name masfw ftp ip inspect name masfw realaudio ip inspect name masfw smtp ip inspect name masfw streamworks ip inspect name masfw vdolive ip inspect name masfw tftp ip inspect name masfw rcmd ip inspect name masfw http ip audit notify log ip audit po max-events 100 ip ssh time-out 60 ip ssh authentication-retries 3 modemcap entry usrmodem:MSC=&FS0=1&C1&D3&H1&R2&B1 ! crypto isakmp policy 1 authentication pre-share crypto isakmp key yaright address 12.X.X.30 ! ! crypto ipsec transform-set strong ah-md5-hmac esp-3des ! crypto map vpn 200 ipsec-isakmp set peer 12.X.X.30 set transform-set strong match address 120 ! ! ! ! interface Tunnel0 description GRE tunnel to the Corporate LAN bandwidth 1544 ip address 10.200.200.66 255.255.255.252 no ip redirects no ip proxy-arp no keepalive tunnel source 67.X.X.66 tunnel destination 12.X.X.30 crypto map vpn ! interface Ethernet0 description Ethernet interface to Internet ip address 67.X.X.66 255.255.255.240 no ip redirects no ip proxy-arp ip nat outside ip inspect masfw out no ip route-cache no ip mroute-cache full-duplex no cdp enable crypto map vpn ! interface FastEthernet0 description Ethernet connection to local LAN ip address 10.7.2.1 255.255.255.0 no ip redirects no ip proxy-arp ip nat inside speed 10 half-duplex ! router eigrp 100 network 10.0.0.0 network 172.28.0.0 no auto-summary no eigrp log-neighbor-changes ! ip nat pool bb-mia 67.X.X.67 67.X.X.79 netmask 255.255.255.240 ip nat inside source route-map nonat pool bb-mia ip classless ip route 0.0.0.0 0.0.0.0 67.104.169.65 ip route 12.X.X.30 255.255.255.255 67.X.X.65 no ip http server ip pim bidir-enable ! ! access-list 10 permit 12.X.X.0 0.0.0.255 access-list 10 permit 172.28.0.0 0.0.255.255 access-list 10 permit 10.0.0.0 0.255.255.255 access-list 10 deny any log access-list 30 permit 172.28.1.0 0.0.0.255 access-list 120 permit gre host 68.X.X.226 host 12.X.X.30 access-list 120 permit gre host 67.X.X.66 host 12.X.X.30 access-list 130 deny ip 10.7.2.0 0.0.0.255 172.28.0.0 0.0.255.255 access-list 130 deny ip 10.7.2.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 130 permit ip 10.7.2.0 0.0.0.255 any access-list 160 deny ip 10.7.2.0 0.0.0.255 any access-list 160 permit gre host 12.X.X.30 host 67.X.X.66 access-list 160 permit ahp host 12.X.X.30 host 67.X.X.66 access-list 160 permit esp host 12.X.X.30 any access-list 160 permit udp host 12.X.X.30 eq isakmp any access-list 160 permit udp any eq isakmp any access-list 160 permit tcp 12.X.X.0 0.0.0.255 host 67.X.X.66 eq telnet access-list 160 permit icmp 12.X.X.0 0.0.0.255 any access-list 160 permit icmp 172.28.0.0 0.0.0.255 any access-list 160 permit icmp any any echo-reply access-list 160 permit icmp any 10.7.2.0 0.0.0.255 time-exceeded access-list 160 permit icmp any 10.7.2.0 0.0.0.255 packet-too-big access-list 160 permit icmp any 10.7.2.0 0.0.0.255 traceroute access-list 160 permit icmp any 10.7.2.0 0.0.0.255 unreachable access-list 160 permit esp any 67.X.X.64 0.0.0.15 access-list 160 permit udp any 67.X.X.64 0.0.0.15 eq isakmp access-list 160 deny ip any any ! route-map nonat permit 10 match ip address 130 e
What would be most valuable [7:59475]
I am working on an IT degree and have a requirement of either C++ or JAVA programming. Past experience in C and Unix shell scripting. Are there tools and utilities that are best suited to either language? I am a network person by trade and truly hate programming anything more than a batch file ;-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59475&t=59475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing Firewalls [7:59183]
On the 3600's, for ethernets connecting the PIX and the routers use HSRP. Give the Pix's the default gateway of the HSRP adress. Then use BGP on the serial interfaces of 3600's to peer with your provider. ""Brian Zeitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > OK I figured this one out with some help :) I just need to get the 4 > Port DMZ card and designate two of the interfaces as IN using security > levels. The failover has a DMZ card too, so I can failover all 4 > interfaces in an emergency. Plus 1 Port for the failover. > > Thanks to the people helping me offline, these scenarios are getting > really complex. My next task is figuring how to take two T1s and make > them act as a single unit while providing redundancy. > > Thanks :) > > -Original Message- > From: Brian Zeitz > Sent: Friday, December 13, 2002 2:02 PM > To: [EMAIL PROTECTED] > Subject: RE: Load Balancing Firewalls [7:59183] > > Actually, management change the diagram on me :( > > T1--->3640--->515UR with failover > T1--->3640--->^ > > Both T1s going into a single 515UR with a standby unit. > > I figured out the first scenario, I just thought of it as it as being in > different locations and use global load balancing on the LBs. > > This second scenario I don't know if it is possible, I would have 2 IPs > coming from the e0/0 on the router, into only 1 Pix interface which I > don't know if it is possible > > > -Original Message- > From: Brian Zeitz > Sent: Friday, December 13, 2002 12:03 PM > To: [EMAIL PROTECTED] > Subject: Load Balancing Firewalls [7:59183] > > I have just been given the task of setting up a website with load > balancing. > > > > > > T1 ---> 3640>Pix 515 UR+4E-->Load balancer > > T1 ---> 3640--->Pix 515 UR+4E>Load balancer > > > > The Pix 515 are separate full units, I got another on because I know you > cannot use the failover as an active unit. > > > > My load balancers are not active/active. But if I use them separately, > they can run independently. > > > > I need to run just one website like www.mydomain.com > > > > > My managers would like both T1s to be used, but can also act as a > failover. > > > > Can anyone give me any pointers or tell me of any pitfalls before I dive > into this task? > > > > I thought about HSRP, would this work if I had redundant firewalls? Can > you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59474&t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Test for MCast...Any?? [7:58269]
Hi Phil, I came across this link and thought it might be useful to you. http://www.videolan.org/ rgds Marc Cisco Nuts wrote: > > Hello,Is there a way to test/practise MCast configs. on the Internet? I > have a cable-modem connected to a 2514 router and would like to configure > MCast on it as well as my Lab routers behind that for PIM-SM. I have a > laptop connected as a client to one of the routers. How can I verify that > MCast is working on the laptop? I mean, is there a freeware/shareware > application that I can install on my laptop to test (since I cannot > obviously have IP/TV client on my laptop).Or is there any other way to do > it in the Lab routers themselves.Any basic configs/examples provided is > greatfully appreciated.Thank you for your help.Sincerely,CN > > > > MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59472&t=58269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 525 norandomseq?? [7:59471]
Cisco states that the norandomseq comand should be not used when you have a pix "inline" with another pix. Does "inline" mean directly connected? I have a 525 at the edge and a few 500 series Pixs in other places in the network behind a 6500 and or a 5500 router(s). Do I have to worry about this in my situation on the statics? Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59471&t=59471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Exam [7:59332]
Good info here, http://www.cisco.com/en/US/learning/le3/le2/le23/le7/learning_certification_ type_home.html, a blueprint link is near the top. This is assuming routing&switching ccie is your target. Bri - Original Message - From: To: Sent: Wednesday, December 18, 2002 4:44 AM Subject: Re: CCIE Written Exam [7:59332] > > > > > Munit Singla em 17/12/2002 10:57:50 > > Favor responder a [EMAIL PROTECTED] > > Para: "[EMAIL PROTECTED]" > cc: > > Assunto:Re: CCIE Written Exam [7:59332] > > > Hi, > Which BLUE print u are reffering and how to get that as I also want to go > for the same > Thanx in advance > Munit > > "[EMAIL PROTECTED]" wrote: Hi, > > I would recommend: > > Read the BluePrint (really read it, if you don4t want to take the exam and > discover by yourself that it is important), > > The CCIE Cisco Press book by Anthony Bruno ( it was not that good as I was > expecting, but it is a good start) > > Routing TCP/IP by Doyle, CCIE Practical Studies by Solie (yes, for the > written) > > Other books recommended by the group guys. > > Good Luck > > "Thuveshen Cooppan" @groupstudy.com em > 16/12/2002 21:33:30 > > Favor responder a "Thuveshen Cooppan" > > Enviado Por: [EMAIL PROTECTED] > > Para: [EMAIL PROTECTED] > cc: > > Assunto:CCIE Written Exam [7:59332] > > Hi All > > Can anybody shed some experineces or information on how long it takes to > study for the CCIE Written exam? What study material is good ? Methods > for > studying for the CCIE Written Exam? > > Thanks > > Thuveshen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59470&t=59332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Perhaps O/T: Window TCP Rcv Window [7:59400]
To all, There is a freeware program called Dr. TCP Win for Windows 2000/XP that allows you to change both the MTU and TCP Window size--requires a reboot, though, after the change. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. ""Steve Dispensa"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > So one wild idea would be to remove memory from the host. Or maybe you > could > > get it to use up a chunk of memory by opening lots of large docs and/or > > using a RAM disk!? > > In practice, you'd have to really restrict the amount of RAM to a level > that the OS wouldn't function. You're talking about an 8K buffer > here... squeezing 8K out of a 256MB machine is usually pretty easy. :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59469&t=59400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - R&S networking [7:59390]
This reminds me of a quote I heard once "The only people who can afford to hire a plumber, are electricians." Maybe we should unionize like them. "The international brotherhood of it workers?" Jarett ""nrf"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ""Aaron Ajello"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > IMHO, comparing COBOL and mainframes to networking as a valuable, > marketable > > skill set doesn't follow. COBOL was replaced by VB, C++, ASP and other > > languages. Mainframes were replaced by things like Windows, UNIX and > > Linux. I don't know of something that will replace networking. I'm not > > saying it's impossible, but the comparison doesn't seem right. Cisco > could > > get replaced, but how is networking going to be replaced? Even if > > everything goes wireless, it's still all networked, no? > > Networking will be 'replaced' in the sense that it will fade into the > background. Eventually, networking will be just as reliable as, say, > electric power in your building. It will be just another utility. But when > that happens, you really don't need engineers very much. You just plug > something into a wall socket and it works. OK, if you wanna rewire a > building or something, yeah you gotta call an electrician. But how many > times does that happen? > > > > > > Several people have said R/S isn't such a valuable skill set anymore > because > > people aren't building networks anymore. Maybe that's true, but it > reminds > > me of what someone said when the machine gun was invented. He said it was > > so powerful and destructive that it would bring an end to war. also, > didn't > > bill gates say one time that no one would ever need a hard drive bigger > than > > 16meg, or something like that? > > I don't follow. If people aren't building networks anymore (and they are > not for the total number of networks is actually decreasing now, mostly due > to bankrupt providers getting liquidated), then that necessarily means less > demand for network people. And even if the number of networks remained the > same, that still implies less demand compared to a few years ago when > networks were being built out. Let's face it. You need more people and > more expertise to build a network than to maintain it. That's not to say > that you don't need any expertise to maintain a network, because you > obviously do, but you need less of it. > > And again, I would point to the fact that the many, dare I say the majority > of predictions, actually turn true. Would you tell your kid today to > pursue a career in, say, steel? I didn't think so. But, hey, you could use > the same arguments to say that nobody can predict the future with certainty, > therefore steel might be a great career, etc. etc. And indeed it might be a > great career. But, really now, what are the odds? > > > > > It seems like every time I pick up a tech magazine it's talking about ip > > telephony, internet connected toasters, high speed web enabled cell > phones, > > etc. yeah, yeah, yeah, I know what someone is going to say- "the > > infrastructure is already in place to connect your toaster to the > > internet." But won't more and more internet connected devices necessitate > > more people who know how to connect those things and make them work > together > > quickly, reliably and smoothly? > > Not necessarily - not if everything is truly plug+play and reliable. Ease > of use and reliability implies less need for expertise. Let's be perfectly > honest. The fact that IP networks are still somewhat difficult to configure > and also somewhat unreliable is actually kind of a good thing, because it > means that companies need to keep network guys around. While we may say > that we want a super-reliable and easy to use network, the fact is, we don't > really want that. > > For example, consider this. The latest IT boom implied a massive increase > in the use of electricity. But did that imply a giant boom for > electricians? Hardly. The reason is simple. Electricity is, for the most > part, plug and play, and reliable. You take all your new-fangled systems, > plug them into the wall, and they work. OK, true, there was some increase > in demand for electricians, especially for datacenters and whatnot, but the > increase was mild. > > > Now, don't get me wrong, I'm certainly not trying to bag on electricians. I > have several friends who are electricians, and I respect their profession > and their skill. I'm just using them as an example of the way I think > things are eventually going to go in networking. There will still be jobs, > but not as many as there are today, and the jobs that will be out there will > be for higher-end people, with limited for the novices. Just like the way > electricians are today. > > > > > > > I think at this point in the evolution of info systems, the internet and > > networking it's premature to say anything has reached i
Re: Off Topic but interesting - R&S networking future? [7:59467]
I would have to disagree with you on some of your points. More often than not predictions turn out to be wrong. Take Wall street for a bad example. There's no doubt in my mind that major changes will occur in the IT industry. Of the dozens of new technologies that become available each year, some of them will most certainly mature. Most of them will fail, and if you could tell me exactly which ones would succeed then there's no point in working at all. Just invest in the successful ones, rake in the money, and do IT work for free because you love it. I agree with you on some points though. In the US, I doubt there's going to be a buildout boom anytime soon, and R&S skills may not be as profitable now as they were just a few years ago. But by no means do I think that the skills are not valuable. For the next couple of years I believe that in order to prosper you'll need to develop other skills (as with every industry, but especially with IT) . The skillset that Doctors and Lawyers possessed 20 years ago is all but obsolete now; Which is why they are required to continue their education with continuing education courses. Remember that most of the world is still underdeveloped. Take China for instance. if just 1% china went out and bought a computer and hoped to connect to the internet, those R&S skills would be heavily in demand, throw in all the developing former Iron Curtain nations, and the continents of Africa and much of South America, and you have plenty of R&S job openings. I have full faith in the power of capitalism, I'm certain that eventually the undeveloped countries will develop, and they are going to need qualified, experienced people to help them out. Security is hot this year, and next year it could be something else. Working in the IT industry means that you will need to rebuild you entire skillset every few years. I believe that Cisco realizes that, which is why recertification is so important. It won't surprise me at all if the CCIE tracks appear to converge a bit more in the next 3 to 6 years. Gone are the days when you started your career and retired with the same skillsets, and I wouldn't want it any other way. Jarett ""nrf"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ""Marc Thach Xuan Ky"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > A few points: > > When I was fresh in the IT industry (over 20 years ago) the old-timers > > who had been working maybe four years already would tell me that there > > was no future in programming, after all they said, who uses a chauffeur > > now that cars are so easy to drive? > > Cars need very little maintenance now, there are still plenty of > > mechanics because there are more cars. > > Phone companies still employ a lot of telephone engineers, large > > corporates often have on-site telephone staff. There are more phone > > companies now. Voice is a commodity. > > Here in London during the 80's property boom, electricians and plumbers > > on the large contracts were being paid a lot more than any network > > engineer I heard of at the time. > > I would just add that many times (actually, more often than not, predictions > actually turn out to be correct). For example, decades ago, people > predicted a decline in the number of jobs in farming. And indeed the number > of jobs in farming declined substantially. People also predicted a huge > decline in the number of jobs in old-school manufacturing - steel, mining, > etc. And indeed that came to pass. And even for those jobs that didn't > decline, there was significant change in what they did. Mechanics can't > just know how to fix carburetors, now they have to understand > fuel-injection. > > IT has always been an industry of change. What was hot at one point of time > may not be hot at another. IBM mainframe skill was in big demand back in > the 70's, and it has been on a slow decline ever since. COBOL was also huge > back then, and enjoyed a brief resurgence due to y2k, but is now declining. > I believe R/S skill will fade into the background because quite simply not > as many organizations are building out new networks anymore, nor do they > really need to. The networks are built with most likely only incremental > buildouts in the near-future, and so now the question is what are you going > to do with the network. That is what is going to get you jobs. For those > of you who are still waiting for another huge network buildout boom, well, > sorry to tell you, but that train has left the station. > > > > > rgds > > Marc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59467&t=59467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPsec basics?? [7:59358]
i am sorry in fact my question is not the actual one .. the original Rames's question : *** Folks, Would appreciate if anyone can explain the basics of VPN(Ipsec). >I got a Ipsec running between two pix.What really happens > > when a packet arrives at the interface?I need the entire process... Cheers i solve my quetion ..thanks.. ** now 2 router can talk each other ipsec from lan interface my error is router 1(right before): crypto isakmp key zisco address 192.168.2.70 (the peer ip) router 2 wrong before : crypto isakmp key zisco address 192.168.2.70 (the peer ip) router2 right now : crypto isakmp key zisco address 192.168.2.69 (the peer ip) ramesh c wrote: >Oops,Guess we deviated from the actual question.Would appreciate if anyone >could anwser the same. > >Cheers >-- > >On Tue, 17 Dec 2002 18:04:44 > Daniel Cotts wrote: > > >>You are providing a config that shows the "WAN" link that connects the two >>routers. Do you also have a "LAN" side to each of those routers? That is >>where your host computers would reside. The addresses for the "LAN" are what >>is expected in access-list 100. Sort of FastEthernet 0/1 ip address >>172.16.1.1 etc. Maybe use 172.16.2.1 on the other router's LAN. >>access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 >>If you do a test ping to open the VPN tunnel use an extended ping with the >>source address of your "LAN" interface. More fun to use PCs on each end. >>HTH >> >> >> >>>-Original Message- >>>From: Selcuk Kardes [mailto:[EMAIL PROTECTED]] >>>Sent: Tuesday, December 17, 2002 11:09 AM >>>To: [EMAIL PROTECTED] >>>Subject: Re: IPsec basics?? [7:59358] >>> >>> >>>Hi Alaerte, >>> >>>http://www.cisco.com/warp/public/707/17.html#Sec3.1 >>>this link and your suggested configuration and also my >>>confuguration are >>>all same ... >>>but my confuguration doesn't work . >>>i am working >>> >>>thanks for help... >>>Selcuk >>> >>>my configuration is: >>> >>>Current configuration: >>>! >>>version 12.1 >>>hostname test >>>crypto isakmp policy 1 >>> authentication pre-share >>> lifetime 3000 >>>crypto isakmp key cisco address 192.168.2.70 >>>! >>>! >>>crypto ipsec transform-set mytransform esp-des esp-md5-hmac >>>! >>>crypto map mycrypto 10 ipsec-isakmp >>> set peer 192.168.2.70 >>> set transform-set mytransform >>> match address 100 >>>! >>>interface FastEthernet0/0 >>> ip address 192.168.2.69 255.255.255.192 >>> duplex auto >>> speed auto >>> crypto map mycrypto >>>! >>>ip classless >>>ip route 0.0.0.0 0.0.0.0 192.168.2.97 >>>no ip http server >>>! >>>access-list 100 permit ip host 192.168.2.69 host 192.168.2.70 >>> >>> >>>[EMAIL PROTECTED] wrote: >>> >>> >>> Hi, Here is an example: crypto isakmp policy 1 authentication pre-share lifetime 3000 crypto isakmp key cisco address 192.168.14.2 ! crypto ipsec transform-set mytransform esp-des esp-md5-hmac ! crypto map mycrypto local-address Serial0.14 crypto map mycrypto 10 ipsec-isakmp set peer 192.168.14.2 set transform-set mytransform match address 100 ! interface Loopback1 ip address 1.1.1.1 255.255.255.0 ! interface Serial0.14 point-to-point ip address 192.168.14.1 255.255.255.0 frame-relay interface-dlci 114 crypto map mycrypto ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ip http server ! access-list 100 permit icmp host 1.1.1.1 host 4.4.4.4 Regards, Alaerte "Selcuk Kardes" @groupstudy.com em 17/12/2002 08:11:51 Favor responder a "Selcuk Kardes" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Re: IPsec basics?? [7:59358] hi, i am trying now to run ipsec between two router is there anybody have basic running konfigurasyon now i am looking cisco's ipsec pages but yet i can't accomplisht this issue ramesh c wrote: >Folks, >Would appreciate if anyone can explain the basics of VPN(Ipsec). > >I got a Ipsec running between two pix.What really happens > > >>>when a packet >>> >>> >arrives at the interface?I need the entire process... > >Cheers > > >_ >Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. >http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus > > > > Virus taramasi Is Net tarafindan yapilmistir. This e-mail is checked by Is Net against all known types of viruses. Is Net'in YILBASI HEDIYE kampanyasini duymus muydunuz? http://www.isnet.net.tr/hediyesepeti/ind
Re: Post failure on 2912, how to repair? [7:59329]
ooo...that's bad. I think the controller is soldered on, isnt it? For a cat2912, I think smartnet is pretty cheap. That is probably the best way to go. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.ccbootcamp.com (cisco training) ""Symon Thurlow"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi guys, > > I searched the archives about this, but couldn't find anything. > > I have a Cat 2912 switch, that has 4 faulty ports. It fails post, here > is a snippet: > > C2900xl POST: System Board Test: Passed > C2900xl POST: Daughter Card Test: Passed > C2900xl POST: CPU Buffer Test: Passed > C2900xl POST: CPU Notify RAM Test: Passed > C2900xl POST: CPU Interface Test: Passed > C2900xl POST: Testing Switch Core: Passed > C2900xl POST: Testing Buffer Table: Passed > C2900xl POST: Data Buffer Test: Passed > C2900xl POST: Configuring Switch Parameters: Passed > C2900xl POST: Ethernet Controller Test: Passed > C2900xl POST FAILURE: front-end post: FastEthernet0/9: > C2900xl POST FAILURE: looped-back packet not received > C2900xl POST FAILURE: front-end post: FastEthernet0/10: > C2900xl POST FAILURE: looped-back packet not received > C2900xl POST FAILURE: front-end post: FastEthernet0/11: > C2900xl POST FAILURE: looped-back packet not received > C2900xl POST FAILURE: front-end post: FastEthernet0/12: > C2900xl POST FAILURE: looped-back packet not received > C2900xl POST: MII Test: Passed > cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with > 8192K/1024K bytes of memory. > Last reset from power-on > > Processor is running Enterprise Edition Software > Cluster command switch capable > Cluster member switch capable > 8 FastEthernet/IEEE 802.3 interface(s) > > You can see it only recognises 8 ports. > > I searched CCO, and found a bknown bug where ESD can fry the > controllers. Each controller operates 4 ports. > > Is there a way to get it reapired? Can you buy the controller from > somewhere and replace it? > > Any help greatly appreciateed, > > Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59340&t=59329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2514 serial port flipping between up and down, hel [7:59426]
Just got one from eBay, the AUI is OK, but could not get the serials work, tried different speed, sometime at 56000 worked but not stable, other speed didn't work at all. Any suggestion? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59426&t=59426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written & Lab Exam [7:59332]
Start with the bible TCP/IP Jeff Doyale Volume 1. Find the list of books for both written & Las here below. It depends on how much time you can spend for your studies each day. Cisco recently introduced the new topic like Multicasting and VoIP. Otherthan that in my experience its the same stuff also include some simulations and drag-n-drops. The following books are the ones I used for my CCIE written as well as my labs. CCIE. Practical Studies, Volume I by Karl Solie Routing TCP/IP Volume I (CCIE Professional Development) by Jeff Doyle Routing TCP/IP, Volume II (CCIE Professional Development) by Jeff Doyle, Jennifer DeHaven Carroll Building Cisco Multilayer Switched Networks by Karen Webb Building Scalable Cisco Networks by Diane Teare, Catherine Paquet Managing Cisco Network Security by Michael Wenstrom Building Cisco Remote Access Networks by Catherine Paquet Cisco OSPF Command and Configuration Handbook by William Parkhurst Cisco BGP-4 Command and Configuration Handbook by William Parkhurst Internet Routing Architectures by Sam Halabi Troubleshooting IP Routing Protocols (CCIE Professional Development Series) by Zaheer Aziz, Johnson Liu, Abe Martey, Faraz Shamim Routing & Switching, Desktop protocols DLSw+ by Tam Neekee, McGrawHill Routing, Switching & Bridging by Bruce Caslow, Prantice Hill Publishers. thanks Suresh PatrickcB.S.(Eng), M.S.(Eng), CCIE # CCNA,CCNP,CSS1,CVoice,CNE,MCSE,CCSA,CCSE,SCSA,CLP. http://www.sureshhomepage.com A homepage on network certs! >From: "Thuveshen Cooppan" >Reply-To: "Thuveshen Cooppan" >To: [EMAIL PROTECTED] >Subject: CCIE Written Exam [7:59332] >Date: Tue, 17 Dec 2002 00:33:30 GMT > >Hi All > >Can anybody shed some experineces or information on how long it takes to >study for the CCIE Written exam? What study material is good ? Methods for >studying for the CCIE Written Exam? > > >Thanks > >Thuveshen > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tired of spam? Get advanced junk mail protection with MSN 8. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59351&t=59332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco tools for pocket pc 2002 [7:59465]
Hello all, I was wondering if anyone had come accross any useful tools for the pocket pc that are cisco related. Thanks in advance, Frank W. Dagenhardt [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Frank W. Dagenhardt (E-mail).vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59465&t=59465 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2000 Problems [7:59338]
yes .. you need the version 2 IDU ,this will update the RME/CW2000 server part so they can see these switches , this is the link ... also whcih version are you running of CM .. hint goto server configurations about the server applications and versions here`s the link.there is no wrap http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-campus HTH steve - Original Message - From: "Han Chuan Alex Ang" To: Sent: Tuesday, December 17, 2002 2:42 AM Subject: Cisco 2000 Problems [7:59338] > I have some problems with the Cisco 2000, > > here is the scenario, I have add in all the necessary Cisco device and > checked their attributes to be correct > > however , when I try a topology services in Campus Manager , I am only able > to see the cisco 6006 and cisco 3548 switches , not a single 3524 and 3512 > switches that are supposed to be detected , any patches need to done ? and > how do I go about doing it . thank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59464&t=59338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3550 study strategy - ANY ?? [7:59000]
You are absolutely right my friend...! FREE is a dirty word.! As you say: there ain't no such thing as a free lunch! But you add: or maybe there is! :-) >From: "The Long and Winding Road" >Reply-To: "The Long and Winding Road" >To: [EMAIL PROTECTED] >Subject: Re: 3550 study strategy - ANY ?? [7:59000] >Date: Tue, 17 Dec 2002 15:35:21 GMT > >so can you title this post something other than "study strategy" since this >is a commercial endeavor? > >hey - NRF - the real issue is the number of people unwilling to buy the cow >because they can get free milk at the study group food and network design >bank :-> >( reference to another thread ) > >-- >TANSTAAFL >"there ain't no such thing as a free lunch" >or maybe there is! > > > >""Brian Zeitz"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Sorry I have been really busy. Actually I need both 3550 switches in > > production because we have to deploy our app. I am designing (with some > > help) an e-commerce site. The site consists of two T1 lines, Pix > > firewall, both switches and Load balancers. Someone from the group is > > helping me with the design and setup. The one thing I was told about is > > Round Robin Routing which will be used on the 3550. The challenge was to > > use bandwidth of both T1s and have them redundant, but to re-route the > > traffic if any device (besides the router or T1) should fail, it should misconduct and Nondisclosure violations to [EMAIL PROTECTED] Add photos to your messages with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59463&t=59000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console port to console port daisy chain [7:59419]
Normally you'll go from the aux port on one device to the console port on another to get out of band access rather than console to console. JR -- Johnny Routin ""Mossburg, Geoff (MAN-Corporate)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone ever heard of daisy chaining Catalyst switches using the console > ports? Someone was asking about it and I told him that there is no such > animal, but I may be wrong... > Thanks! > GM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59461&t=59419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Exam [7:59332]
Munit Singla em 17/12/2002 10:57:50 Favor responder a [EMAIL PROTECTED] Para: "[EMAIL PROTECTED]" cc: Assunto:Re: CCIE Written Exam [7:59332] Hi, Which BLUE print u are reffering and how to get that as I also want to go for the same Thanx in advance Munit "[EMAIL PROTECTED]" wrote: Hi, I would recommend: Read the BluePrint (really read it, if you don4t want to take the exam and discover by yourself that it is important), The CCIE Cisco Press book by Anthony Bruno ( it was not that good as I was expecting, but it is a good start) Routing TCP/IP by Doyle, CCIE Practical Studies by Solie (yes, for the written) Other books recommended by the group guys. Good Luck "Thuveshen Cooppan" @groupstudy.com em 16/12/2002 21:33:30 Favor responder a "Thuveshen Cooppan" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:CCIE Written Exam [7:59332] Hi All Can anybody shed some experineces or information on how long it takes to study for the CCIE Written exam? What study material is good ? Methods for studying for the CCIE Written Exam? Thanks Thuveshen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59462&t=59332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - R&S networking [7:59390]
""Aaron Ajello"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > IMHO, comparing COBOL and mainframes to networking as a valuable, marketable > skill set doesn't follow. COBOL was replaced by VB, C++, ASP and other > languages. Mainframes were replaced by things like Windows, UNIX and > Linux. I don't know of something that will replace networking. I'm not > saying it's impossible, but the comparison doesn't seem right. Cisco could > get replaced, but how is networking going to be replaced? Even if > everything goes wireless, it's still all networked, no? Networking will be 'replaced' in the sense that it will fade into the background. Eventually, networking will be just as reliable as, say, electric power in your building. It will be just another utility. But when that happens, you really don't need engineers very much. You just plug something into a wall socket and it works. OK, if you wanna rewire a building or something, yeah you gotta call an electrician. But how many times does that happen? > > Several people have said R/S isn't such a valuable skill set anymore because > people aren't building networks anymore. Maybe that's true, but it reminds > me of what someone said when the machine gun was invented. He said it was > so powerful and destructive that it would bring an end to war. also, didn't > bill gates say one time that no one would ever need a hard drive bigger than > 16meg, or something like that? I don't follow. If people aren't building networks anymore (and they are not for the total number of networks is actually decreasing now, mostly due to bankrupt providers getting liquidated), then that necessarily means less demand for network people. And even if the number of networks remained the same, that still implies less demand compared to a few years ago when networks were being built out. Let's face it. You need more people and more expertise to build a network than to maintain it. That's not to say that you don't need any expertise to maintain a network, because you obviously do, but you need less of it. And again, I would point to the fact that the many, dare I say the majority of predictions, actually turn true. Would you tell your kid today to pursue a career in, say, steel? I didn't think so. But, hey, you could use the same arguments to say that nobody can predict the future with certainty, therefore steel might be a great career, etc. etc. And indeed it might be a great career. But, really now, what are the odds? > > It seems like every time I pick up a tech magazine it's talking about ip > telephony, internet connected toasters, high speed web enabled cell phones, > etc. yeah, yeah, yeah, I know what someone is going to say- "the > infrastructure is already in place to connect your toaster to the > internet." But won't more and more internet connected devices necessitate > more people who know how to connect those things and make them work together > quickly, reliably and smoothly? Not necessarily - not if everything is truly plug+play and reliable. Ease of use and reliability implies less need for expertise. Let's be perfectly honest. The fact that IP networks are still somewhat difficult to configure and also somewhat unreliable is actually kind of a good thing, because it means that companies need to keep network guys around. While we may say that we want a super-reliable and easy to use network, the fact is, we don't really want that. For example, consider this. The latest IT boom implied a massive increase in the use of electricity. But did that imply a giant boom for electricians? Hardly. The reason is simple. Electricity is, for the most part, plug and play, and reliable. You take all your new-fangled systems, plug them into the wall, and they work. OK, true, there was some increase in demand for electricians, especially for datacenters and whatnot, but the increase was mild. Now, don't get me wrong, I'm certainly not trying to bag on electricians. I have several friends who are electricians, and I respect their profession and their skill. I'm just using them as an example of the way I think things are eventually going to go in networking. There will still be jobs, but not as many as there are today, and the jobs that will be out there will be for higher-end people, with limited for the novices. Just like the way electricians are today. > > I think at this point in the evolution of info systems, the internet and > networking it's premature to say anything has reached it's peak and is > mature. Think of all the homes out there not connected to the internet. > Think of all the companies out there still not using networks and info > systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59460&t=59390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations t
Re: Off Topic but interesting - R&S networking future? [7:59459]
> Definitely. Janitors now use vacuum-cleaners as well as brooms. > Telephone operators now use keyboards, not patchcords. Networkers will > need to know more than just layers 2 and 3. But there will be a > continued demand for R/S as part of the networkers job. I think you just said the key word right there, the word "part" - it will just be part of a job. Not like today or the recent past where R/S was a job all in itself. > > Another point is that bandwidth is not necessarily cheap all over the > world, Europe is more expensive than the US, and Asia even worse, so > engineering is required, in fact surely "traffic engineering" is all the > rage at the moment. Europe may be more expensive than the US, but European providers still have far too much bandwidth than the market demands. After all, look at what happened to KPNQwest. Actually I find traffic-engineering to be of little importance in today's market as a whole, except in certain pockets like in Asia. Most providers in the world just shrug their shoulders at traffic-engineering. > > I guess what I want to say is that when an economy is booming, people > unrealistically believe it's forever and they will be millionaires by > next June. Conversely when the economy is in a trough then people get > gloomy and believe that they'll never pay off their credit card bills. > Neither view is realistic. R/S is not dead, it's sleeping and will wake > up. Granted there will not be the insane rush into network builds that > we saw a few years ago but the wireless boom is around the corner Is that the same wireless boom that has basically bankrupted every European telco? > > rgds > Marc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59459&t=59459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPsec basics?? [7:59358]
Oops,Guess we deviated from the actual question.Would appreciate if anyone could anwser the same. Cheers -- On Tue, 17 Dec 2002 18:04:44 Daniel Cotts wrote: >You are providing a config that shows the "WAN" link that connects the two >routers. Do you also have a "LAN" side to each of those routers? That is >where your host computers would reside. The addresses for the "LAN" are what >is expected in access-list 100. Sort of FastEthernet 0/1 ip address >172.16.1.1 etc. Maybe use 172.16.2.1 on the other router's LAN. >access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 >If you do a test ping to open the VPN tunnel use an extended ping with the >source address of your "LAN" interface. More fun to use PCs on each end. >HTH > >> -Original Message- >> From: Selcuk Kardes [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, December 17, 2002 11:09 AM >> To: [EMAIL PROTECTED] >> Subject: Re: IPsec basics?? [7:59358] >> >> >> Hi Alaerte, >> >> http://www.cisco.com/warp/public/707/17.html#Sec3.1 >> this link and your suggested configuration and also my >> confuguration are >> all same ... >> but my confuguration doesn't work . >> i am working >> >> thanks for help... >> Selcuk >> >> my configuration is: >> >> Current configuration: >> ! >> version 12.1 >> hostname test >> crypto isakmp policy 1 >> authentication pre-share >> lifetime 3000 >> crypto isakmp key cisco address 192.168.2.70 >> ! >> ! >> crypto ipsec transform-set mytransform esp-des esp-md5-hmac >> ! >> crypto map mycrypto 10 ipsec-isakmp >> set peer 192.168.2.70 >> set transform-set mytransform >> match address 100 >> ! >> interface FastEthernet0/0 >> ip address 192.168.2.69 255.255.255.192 >> duplex auto >> speed auto >> crypto map mycrypto >> ! >> ip classless >> ip route 0.0.0.0 0.0.0.0 192.168.2.97 >> no ip http server >> ! >> access-list 100 permit ip host 192.168.2.69 host 192.168.2.70 >> >> >> [EMAIL PROTECTED] wrote: >> >> >Hi, >> > >> >Here is an example: >> > >> >crypto isakmp policy 1 >> > authentication pre-share >> > lifetime 3000 >> >crypto isakmp key cisco address 192.168.14.2 >> >! >> >crypto ipsec transform-set mytransform esp-des esp-md5-hmac >> >! >> >crypto map mycrypto local-address Serial0.14 >> >crypto map mycrypto 10 ipsec-isakmp >> > set peer 192.168.14.2 >> > set transform-set mytransform >> > match address 100 >> >! >> >interface Loopback1 >> > ip address 1.1.1.1 255.255.255.0 >> >! >> >interface Serial0.14 point-to-point >> > ip address 192.168.14.1 255.255.255.0 >> > frame-relay interface-dlci 114 >> > crypto map mycrypto >> >! >> >router ospf 1 >> > log-adjacency-changes >> > network 0.0.0.0 255.255.255.255 area 0 >> >! >> >ip classless >> >ip http server >> >! >> >access-list 100 permit icmp host 1.1.1.1 host 4.4.4.4 >> > >> > >> >Regards, >> > >> >Alaerte >> > >> > >> > >> > >> > >> > >> > >> >"Selcuk Kardes" @groupstudy.com em 17/12/2002 >> >08:11:51 >> > >> >Favor responder a "Selcuk Kardes" >> > >> >Enviado Por: [EMAIL PROTECTED] >> > >> > >> >Para: [EMAIL PROTECTED] >> >cc: >> > >> >Assunto:Re: IPsec basics?? [7:59358] >> > >> > >> >hi, >> >i am trying now to run ipsec between two router >> >is there anybody have basic running konfigurasyon >> >now i am looking cisco's ipsec pages >> >but yet i can't accomplisht this issue >> > >> > >> >ramesh c wrote: >> > >> > >> > >> >>Folks, >> >>Would appreciate if anyone can explain the basics of VPN(Ipsec). >> >> >> >>I got a Ipsec running between two pix.What really happens >> when a packet >> >>arrives at the interface?I need the entire process... >> >> >> >>Cheers >> >> >> >> >> >>_ >> >>Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. >> >>http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus >> >> >> >> >> >Virus taramasi Is Net tarafindan yapilmistir. >> >This e-mail is checked by Is Net against all known types of viruses. >> >Is Net'in YILBASI HEDIYE kampanyasini duymus muydunuz? >> >http://www.isnet.net.tr/hediyesepeti/index2.html _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59458&t=59358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE [7:59456]
Jeff Doyle VOl-1 Jeff Doyle VOL-2 Internet Routing Archetacture VOl -2 By Bassam halabi IP Routing trouble shooting by Faraz Shamim BGP-4 Command and Configuration Handbook (CCIE Professional Development) By William R. Parkhurst Cisco® OSPF Command and Configuration Handbook (CCIE Professional Development)By William R. Parkhurst Bridges Routers & switches By Bruce caslow (Old but still usefull for new CCIE exam) Above are recommneded by many CCIE's and most rated books, plus wait for CCIE practical volume-2 by Karl Solie, I think it will published in may 2003 the best source for lab. Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59457&t=59456 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE [7:59455]
Can somebody tell me some good books for CCIE Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59455&t=59455 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE [7:59456]
Can somebody tell me some good books for CCIE Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59456&t=59456 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE [7:59454]
Can somebody tell me some good books for CCIE Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59454&t=59454 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ot: ospf humor [7:59364]
Dont be silly - its easy... O - Hold your hands into a circle above your head S - Side on, bend your knees and angle yourself forward sticking your bum out P - both arms out to the side, joining both hands F - P without joing hands :) Now whos up for doing it at Networkers 2003 ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59453&t=59364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hi [7:59452]
hi all Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59452&t=59452 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Isdn callback problem [7:59451]
John, On R2, the client, set your enable-timeout to about 5 seconds, and on R5, the server, add "dialer wait-for-carrier" of 10 or 11 seconds (at least double the client's enable-timeout. HTH, Kym >From: "John Tafasi" >Reply-To: "John Tafasi" >To: "Cisco Group Study" ,"ccielab" > >Subject: Isdn callback problem >Date: Wed, 18 Dec 2002 00:54:27 -0700 > >Hi group, > >I have r2 which is configured to request callback from r5. The problem is >that r2 does not wait for r5 to callback and will repeat the calling r5 and >request callback. However r5 will eventually succeed and callback r2. My >question is how can you prevent r2 from repeating the call to r5? I have >pasted below the configuration for both routers and the output of "debug >isdn q931" and "debug ppp authentication" on r2. > > >r2#show run > ! >version 11.3 > ! >hostname r2 >! > username r5 password 7 13061E010803 >ip subnet-zero >no ip domain-lookup >isdn switch-type basic-ni1 >! > ! >interface BRI0 > no ip address > no ip directed-broadcast > encapsulation ppp > dialer pool-member 1 > isdn spid1 0835866101 > isdn spid2 0835866301 > ppp callback request >! >interface Dialer1 > ip address 10.10.10.1 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer remote-name r5 > dialer enable-timeout 1000 > dialer string 8358662 > dialer hold-queue 100 timeout 30 > dialer pool 1 > dialer-group 1 > ntp broadcast > pulse-time 0 > ppp authentication chap >! > ! >map-class dialer eng >access-list 1 deny any >access-list 100 permit tcp any any eq telnet >access-list 100 permit icmp any any >dialer-list 1 protocol ip list 100 >! >line con 0 > exec-timeout 0 0 > logging synchronous > transport input none >line aux 0 >line vty 0 4 > exec-timeout 0 0 > password 7 06101B38 > login > telnet break-on-ip > telnet ip-on-break >! >ntp clock-period 17179853 >end > >r2# > >= > >r5#show run > version 12.2 >! >hostname r5 > username r2 password 7 045802150C2E > no ip domain-lookup >! > isdn switch-type basic-ni >! >! >! >! > ! >interface BRI0 > ip address 10.10.10.2 255.255.255.0 > encapsulation ppp > dialer callback-secure > dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 > dialer-group 1 > isdn switch-type basic-ni > isdn spid1 0835866201 > isdn spid2 0835866401 > cdapi buffers regular 0 > cdapi buffers raw 0 > cdapi buffers large 0 > ppp callback accept > ppp authentication chap > ppp chap hostname r5 >! > ! >map-class dialer eng > dialer callback-server username > access-list 100 permit tcp any any eq telnet >access-list 100 permit icmp any any >dialer-list 1 protocol ip list 100 >! >! >line con 0 > exec-timeout 0 0 > logging synchronous > transport input none >line aux 0 >line vty 0 4 > password 7 045802150C2E > login > autocommand access-enable host timeout 5 >! >ntp clock-period 17179628 >ntp master 4 >ntp peer 10.10.110.16 >end > >r5# > >== >r2#show debug >ISDN: > ISDN Q931 packets debugging is on >r2#debu ppp authen >PPP authentication debugging is on >r2# >r2#ping 10.10.10.2 > >Type escape sequence to abort. >Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: >. >Success rate is 0 percent (0/5) >r2# >.Mar 2 11:01:03.477: ISDN BR0: TX -> SETUP pd = 8 callref = 0x04 >.Mar 2 11:01:03.481: Bearer Capability i = 0x8890 >.Mar 2 11:01:03.485: Channel ID i = 0x83 >.Mar 2 11:01:03.485: Keypad Facility i = '8358662' >.Mar 2 11:01:03.529: ISDN BR0: RX .Mar 2 11:01:03.529: Channel ID i = 0x89 >.Mar 2 11:01:03.681: ISDN BR0: RX .Mar 2 11:01:03.693: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up >.Mar 2 11:01:03.721: %DIALER-6-BIND: Interface BRI0:1 bound to profile >Dialer1 >.Mar 2 11:01:03.733: BR0:1 PPP: Treating connection as a callout >.Mar 2 11:01:03.733: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x04 >.Mar 2 11:01:05.797: BR0:1 PPP: Phase is AUTHENTICATING, by the peer >.Mar 2 11:01:07.653: BR0:1 PPP: Phase is AUTHENTICATING, by the peer >.Mar 2 11:01:07.673: BR0:1 CHAP: I CHALLENGE id 195 len 23 from "r5" >.Mar 2 11:01:07.681: BR0:1 CHAP: O RESPONSE id 195 len 23 from "r2" >.Mar 2 11:01:07.705: BR0:1 CHAP: I SUCCESS id 195 len 4 >.Mar 2 11:01:07.769: %LINEPROTO-5-UPDOWN: Line protocol on Interface >BRI0:1, changed state to up >.Mar 2 11:01:07.777: ISDN BR0: RX .Mar 2 11:01:07.777: Cause i = 0x8090 - Normal call clearing >.Mar 2 11:01:07.797: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected >from 8358662 , call lasted 4 seconds >.Mar 2 11:01:07.801: %LINK-3-UPDOWN: Interface BRI0:1, changed state to >down >.Mar 2 11:01:07.833: %DIALER-6-UNBIND: Interface BRI0:1 unbound from >profile Dialer1 >.Mar 2 11:01:07.837: ISDN BR0: TX -> RELEASE pd = 8 callref = 0x04 >.Mar 2 11:01:07.857: ISDN BR0: RX .Mar 2 11:01:08.773: %LINEPROTO-5-UPDOWN: Line protocol on Interface >BRI0:1, changed state to down >.Mar 2 11:01:09.477: ISDN BR0: TX ->
Re: is this Accesslist Vulnerable [7:59443]
Thanx for the reply Brian wrote: > I would limit source addresses and use authentication for routing uodate > exchanges. > > Bri > > On Wed, 18 Dec 2002, Munit Singla wrote: > > > Hi All, > > Is their any type of vulnerability in this access kist > > access-list permit udp any any eq rip > > access-list permit ospf any any > > access-list permit eigrp any any > > This access list is applied to the wan iterface in the inbound > > direction. > > Or should it be according to the multicast addreses the specific routing > > > > protocol uses except Ripv1. > > another thing for ripv 1& 2 we can specify source port instead of any > > .can anybody suggest me that with the above access list what could be > > Implications. > > Thanx in Advance > > Regards, > > Munit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59449&t=59443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is this Accesslist Vulnerable [7:59443]
Hi Brian, what abt the port numbers in case of rip. should that be taken care. Munit Brian wrote: > I would limit source addresses and use authentication for routing uodate > exchanges. > > Bri > > On Wed, 18 Dec 2002, Munit Singla wrote: > > > Hi All, > > Is their any type of vulnerability in this access kist > > access-list permit udp any any eq rip > > access-list permit ospf any any > > access-list permit eigrp any any > > This access list is applied to the wan iterface in the inbound > > direction. > > Or should it be according to the multicast addreses the specific routing > > > > protocol uses except Ripv1. > > another thing for ripv 1& 2 we can specify source port instead of any > > .can anybody suggest me that with the above access list what could be > > Implications. > > Thanx in Advance > > Regards, > > Munit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59450&t=59443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is this Accesslist Vulnerable [7:59443]
I would limit source addresses and use authentication for routing uodate exchanges. Bri On Wed, 18 Dec 2002, Munit Singla wrote: > Hi All, > Is their any type of vulnerability in this access kist > access-list permit udp any any eq rip > access-list permit ospf any any > access-list permit eigrp any any > This access list is applied to the wan iterface in the inbound > direction. > Or should it be according to the multicast addreses the specific routing > > protocol uses except Ripv1. > another thing for ripv 1& 2 we can specify source port instead of any > .can anybody suggest me that with the above access list what could be > Implications. > Thanx in Advance > Regards, > Munit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59448&t=59443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the passing grade for BSCI exam? [7:59445]
> I'm taking 640-901 pretty soon, but I can't seem to find what the passing > grade is. Could anyone help? > Thanks. 700 points good luck.. i wasnt on BSCI, but my friend yesterday was... 3 labs :) -- Marcin Tadeusz Strzyzewski Agora SA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59447&t=59445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
non-cisco IP phones with Cisco Call Manager [7:59446]
Hello, Is is possible to integrate Non-cisco IP phones with Cisco call Manager. Regards Chinmay Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59446&t=59446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What is the passing grade for BSCI exam? [7:59445]
Hi everyone. I'm taking 640-901 pretty soon, but I can't seem to find what the passing grade is. Could anyone help? Thanks. -Jiin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59445&t=59445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Isdn callback problem [7:59444]
Hi group, I have r2 which is configured to request callback from r5. The problem is that r2 does not wait for r5 to callback and will repeat the calling r5 and request callback. However r5 will eventually succeed and callback r2. My question is how can you prevent r2 from repeating the call to r5? I have pasted below the configuration for both routers and the output of "debug isdn q931" and "debug ppp authentication" on r2. r2#show run ! version 11.3 ! hostname r2 ! username r5 password 7 13061E010803 ip subnet-zero no ip domain-lookup isdn switch-type basic-ni1 ! ! interface BRI0 no ip address no ip directed-broadcast encapsulation ppp dialer pool-member 1 isdn spid1 0835866101 isdn spid2 0835866301 ppp callback request ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer enable-timeout 1000 dialer string 8358662 dialer hold-queue 100 timeout 30 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp authentication chap ! ! map-class dialer eng access-list 1 deny any access-list 100 permit tcp any any eq telnet access-list 100 permit icmp any any dialer-list 1 protocol ip list 100 ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 exec-timeout 0 0 password 7 06101B38 login telnet break-on-ip telnet ip-on-break ! ntp clock-period 17179853 end r2# = r5#show run version 12.2 ! hostname r5 username r2 password 7 045802150C2E no ip domain-lookup ! isdn switch-type basic-ni ! ! ! ! ! interface BRI0 ip address 10.10.10.2 255.255.255.0 encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ! ! map-class dialer eng dialer callback-server username access-list 100 permit tcp any any eq telnet access-list 100 permit icmp any any dialer-list 1 protocol ip list 100 ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 password 7 045802150C2E login autocommand access-enable host timeout 5 ! ntp clock-period 17179628 ntp master 4 ntp peer 10.10.110.16 end r5# == r2#show debug ISDN: ISDN Q931 packets debugging is on r2#debu ppp authen PPP authentication debugging is on r2# r2#ping 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: . Success rate is 0 percent (0/5) r2# .Mar 2 11:01:03.477: ISDN BR0: TX -> SETUP pd = 8 callref = 0x04 .Mar 2 11:01:03.481: Bearer Capability i = 0x8890 .Mar 2 11:01:03.485: Channel ID i = 0x83 .Mar 2 11:01:03.485: Keypad Facility i = '8358662' .Mar 2 11:01:03.529: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x04 .Mar 2 11:01:05.797: BR0:1 PPP: Phase is AUTHENTICATING, by the peer .Mar 2 11:01:07.653: BR0:1 PPP: Phase is AUTHENTICATING, by the peer .Mar 2 11:01:07.673: BR0:1 CHAP: I CHALLENGE id 195 len 23 from "r5" .Mar 2 11:01:07.681: BR0:1 CHAP: O RESPONSE id 195 len 23 from "r2" .Mar 2 11:01:07.705: BR0:1 CHAP: I SUCCESS id 195 len 4 .Mar 2 11:01:07.769: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up .Mar 2 11:01:07.777: ISDN BR0: RX RELEASE pd = 8 callref = 0x04 .Mar 2 11:01:07.857: ISDN BR0: RX SETUP pd = 8 callref = 0x05 .Mar 2 11:01:09.481: Bearer Capability i = 0x8890 .Mar 2 11:01:09.481: Channel ID i = 0x83 .Mar 2 11:01:09.485: Keypad Facility i = '8358662' .Mar 2 11:01:09.525: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x05 .Mar 2 11:01:11.809: BR0:1 PPP: Phase is AUTHENTICATING, by the peer .Mar 2 11:01:13.657: BR0:1 PPP: Phase is AUTHENTICATING, by the peer .Mar 2 11:01:13.681: BR0:1 CHAP: I CHALLENGE id 196 len 23 from "r5" .Mar 2 11:01:13.689: BR0:1 CHAP: O RESPONSE id 196 len 23 from "r2" .Mar 2 11:01:13.709: BR0:1 CHAP: I SUCCESS id 196 len 4 .Mar 2 11:01:13.773: ISDN BR0: RX RELEASE pd = 8 callref = 0x05 .Mar 2 11:01:13.853: ISDN BR0: RX CONNECT pd = 8 callref = 0x8E .Mar 2 11:01:22.853: Channel ID i = 0x89 .Mar 2 11:01:22.961: ISDN BR0: RX <- CONNECT_ACK pd = 8 callref = 0x0E r2# .Mar 2 11:01:26.889: BR0:1 PPP: Phase is AUTHENTICATING, by the peer .Mar 2 11:01:26.901: BR0:1 CHAP: I CHALLENGE id 197 len 23 from "r5" .Mar 2 11:01:26.909: BR0:1 CHAP: O RESPONSE id 197 len 23 from "r2" .Mar 2 11:01:26.933: BR0:1 CHAP: I SUCCESS id 197 len 4 r2# .Mar 2 11:01:27.865: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up r2# .Mar 2 11:01:28.837: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662 8358662 r2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59444&t=59444 --
