MPLS images for 7200? 2500? [7:60284]
Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60284t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problems while acessing Ciscoworks 2000 [7:60285]
Hi all I have windows2000 suite of NMS.I have installed CD1 with version 4 .Now that I can acess the same locally ,while When I am trying to acess ciscoview through web using port 1741 on other pC,I am getting the error Please grant the permission to acess Ciscoview.I wonder whether where should I grant the permisiion.Request all to help me. Piyush Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60285t=60285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
For the record, I studied and practiced hard, and passed the CCIE lab with precious little industry experience. I found a great job in a great company within two months of passing the CCIE Lab, and I had a few other interested folks contact me for interviews. The demagoguery of this whole thread aside, my experience was much the same as Mr. Larus'. I had little industry experience and also found exactly the job I wanted in exactly the place I wanted for exactly the money that I asked for within two and a half months. I also had three other offers and a series of five interviews with a prominent multinational whose only concern was my lack of customer facing time as I was interviewing for a pre-sales role. As I am a high school dropout with only a couple years of university to my credit, you can more clearly see the effect of the CCIE on my career than on Mr. Larus' as he was a lawyer in his previous incarnation and hence brings allot to the table outside of the CCIE even without much industry experience. Every one of the CCIEs that I know is working aside from one that is dedicating more time to flying RC gliders off a cliff in San Francisco than job searching:) If you want to get a good job in the networking field, the CCIE is a great path to take. If you would rather rise to the top management of Cisco or some other Fortune 500 company you are better off with a degree... or perhaps even better, many hours in the garden watching some rapacious slug devour and assimilate everything in its path. Keep in mind that business (like government and unlike fish) is curious in that the bottomfeeders congregate at the top. YMMV and gas is about to get more expensive, Geoff Zinderdine CCIE #10410 P.S. Tom, is your career recapitulating phylogeny? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60286t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DTE/DCE [7:60240]
Thank you Scott. You have given me exactly what I am looking for and have made it a lot clearer. For completeness I have found another URL that is immensly helpfull (http://home.tiscali.be/tim.vloeberghs/network/modem.html). Duncan s vermill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Duncan wrote: Hi I am busy studying for the CCNP Remote Access exam and am really stuck on the modem signalling bits. I think that the key to my problem is that I don't understand the definitions of a DCE DTE properly and how they relate to the EIA/TIA-232 cabling pinouts. (which for some unknown reason you must learn) I hate learning anything parrot fashion, I would rather understand it. I have looked through the archives and there are some pretty useful pointers but I am still not all the way there. Does any one have a comprehensive description that they can point me to, preferably with examples of set-ups and how it all relates to the OSI model. Thanks Duncan I forgot to address you question about how it all relates to the OSI model. I've always thought of specs such as 232, 422, etc. as being entirely physical-layer specs (max p-t-p voltage, impedance, connector body, etc). However, given the interaction that takes place over the signals that we just discussed, I suppose an argument could be made that there is some layer 2 taking place. To a limited extent, I guess you could say that there is some arbitration for the circuit taking place. I wonder if any of the group's big brains will weigh in on that... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60287t=60240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is a Virus or Hacker attack?? [7:60114]
to bring this back into the Cisco realm, Cisco NBAR ( network based application recognition ) I believe was intended to provide another dimension to the QoS classification process. now it can also be used as a filter against certain virus / macro virus attacks. NBAR thus far does a poor job of what products like Radware and Fortigate do very well. Network-based virus screening implemented in ASIC is a very exciting development, in my opinion. Fortinet can do it fast enough on some of their boxes for the provider edge. NBAR is perhaps better than nothing, but it is neither sophisticated enough nor granular enough to do much. I really hope more providers start adopting these technologies. It will save us all allot of grief. Geoff Zinderdine CCIE #10410 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60288t=60114 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6xxx switches and 2 firewall in clust [7:60235]
Pls see inline text for answers. regds Hitesh -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 4:02 AM To: [EMAIL PROTECTED] Subject: Re: Catalyst 6xxx switches and 2 firewall in clust [7:60235] Can you help us understand the situation better? Thanks. See some questions inline. l0stbyte wrote: Hitesh Pathak R wrote: Dear Group, Need your help in setting up the following :- SETUP :- There are 2 core switches SW1 Sw2 (connected back to back with both the SUP GE ports Fiber uplink (Channeld and trunk). On one of the switch (SW1) I have 2 firewalls connected in cluster mode. For this clustered firewall I have bind the multicast mac address on the switch SW1 as the recommended method by the firewall vendor by the command (set cam permanent ). On SW1, you have a permanent cam entry for the multicast address used by the firewall cluster? Why? How is that permanent entry used and why is it necessary? Sorry if this is a stupid question, but I think it will help us understand what you are trying to accomplish. Ans :- I don't have much idea about the firewall config but what I was told by the firewall guy that When you configure the dual firewall is HA mode (High availability) it generates a common MAC address for both the firewall so that both can be reached via single mac address (something similar to HSRP ). The actual mac address on that port is not getting learned by the switch. Also one static ARP entry is added on MSFC for mapping this MAC and the virtual firewall IP address. Now the problem faced here is since they have only bind the mac address to 2 ports on SW1 (switch one ONLY) there seems to be some multicast packets flooding on my second core switch SW2 for that multicast address. Switches flood multicasts by default. So it makes sense that the multicast is flowing over to SW2 also. The customer wants to stop this broadcast from hapening on 2nd switch SW2 and hence wants to bind the same multicast mac address on the 2nd Switch with the trunk ports going to SW1 from SW2. The multicast will come across the trunk, so you should be able to put a permanent cam entry mapping the multicast address to the trunk port. But what problem will that solve? Are you trying to stop the multicast from flowing out the other ports on SW2? How does a permanent cam entry help with that? ANS :- At present the servers connected to my 2nd core switch are not able to reach to that multicast mac address and so as the broadcast. I even looked in to the cam table on the 2nd switch to see if that shows the cam entry but couldn't find it. Maybe you should look into CGMP or IGMP snooping. They can stop multicasts on switches, if the applications send IGMP joins. Anyone else have any suggestions or understand his situation? Priscilla Has anybody faced similar situation ?? Is this configuration supported. Can I bind the cam entry to my trunk port on the SW2 as well with the same multicast mac address?? Many thanks in advance. Thanks Hitesh DISCLAIMER: Information contained and transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail notify us immediately at [EMAIL PROTECTED] is it a checkpoint FWs cluster? DISCLAIMER: Information contained and transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail notify us immediately at [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60289t=60235
RE: MPLS images for 7200? 2500? [7:60284]
I know you can grab the mpls images for the 25xx series here: ftp-eng.cisco.com (anonymous) /rraszuk/specials c2500-js-l.20oct2001 c2500-p-l.20oct2001 c2500-p-l.tag Dennis L of course has his site http://home.attbi.com/~blaga/ Can't help you out specific for 72xx sorry.. cheers, Mark. -Original Message- From: neal r [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 11:54 PM To: [EMAIL PROTECTED] Subject: MPLS images for 7200? 2500? [7:60284] Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60290t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 515E NAT/PAT [7:60291]
I have been assigned to install and configure the PIX firewall 515E in my company, VPN clients will access our network through dialup connection, we have only two free IP addresses, one of those IP addresses will be assigned to the outside interface of firewall, the other one will be used with PAT so that inside users will be able to access the internet. The question is do I need more Registered IP address to configure as NAT instead of PAT! Or the VPN has nothing with more or less registered IP addresses? Thanks Ismail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60291t=60291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS process scheduler algorithm [7:60206]
Nope - From step 34 in the book. There are no counters for critical and high priority queues either. The 'failsafe' for servicing the medium priority is when all the processes in the critical and high ready queues have been executed or when a medium priority instance is found when servicing the low priority queue (intervleave) - all the medium processes will be executed. The scheduler will not service the low priority queue within 15 times of skipping the low queue - and even then, if the scheduler is executing low priority instances it will still service a medium (or critical or high) process if one is found in the ready queue. hth, Mark. -Original Message- From: Marc Thach Xuan Ky [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 6:21 AM To: [EMAIL PROTECTED] Subject: IOS process scheduler algorithm [7:60206] Hi all, I am reading Cisco Press Inside Cisco IOS Software Architecture and have some outstanding questions about the scheduler, maybe somebody can help me. The text describes how the low priority queue is only skipped 15 times before it is serviced even when there are processes queuing at higher priorities. Does this count up to 15 include the times that both medium and low priority queues are skipped? There seems to be no similar counter for the medium queue, am I correct then in assuming that the only failsafe servicing of the medium priority queue is acheived via the interleaving occuring during failsafe servicing of the low priority queue, which would imply the answer to the first question? rgds Marc Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60292t=60206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: revisited: OSPF stub/stub no-summary O*IA routing table [7:60293]
I tried serial back-to-back instead of frame relay, but got same result, the show ip ospf nei resulted the same as yours. Instead of assigning ip directly to s0 and s1, I put on loopback 1 and 2, then on s0 and s1, do ip unumber loopback 1 and 2 (although for ospf, it's not supposed to put one end unnumbered but the other end not), and I got the result!!! Tow O*N2 entries. I also tried the following senario: R1(ASBR) | (Area 0) | R2(ABR) / \ (Area 1) /\ R3R4 \/ \ / R5 With normal configuration, I only can see one O*N2 entry on R5, but with ip unnumbered with serail ports on R2, I can see both O*N2 0.0.0.0/0 using R3 and R4. I am really confused. With regular ospf area, stubby, totally stubby, it works fine, just doesn't like the NSSA. I checked RFC 2328, the differece between unnumbered and ip assigned point-to point is the Link Data info in LSA, is that which causes the problem? Chuck, thank you very much for you help, BTW, can you give me your IOS version? (Hopefully I am not tired yet of another try) Wei - Original Message - From: The Long and Winding Road To: Sent: Friday, January 03, 2003 11:30 PM Subject: Re: revisited: OSPF stub/stub no-summary O*IA routing table [7:60278] Wei Zhu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Chuck, I tried point-to-point instead of frame relay and still could not get through.(Everything is fine except nssa) In my understanding, the External type LSA (E1 or E2) will flood everywhere, while for NSSA area, it change from type 5 to type 7. I'm not sure, but I believe that for routes INTO an NSSA, type 5's are blocked, not changed to type 7. The ABR will change type 7's to type 5's OUT of the NSSA ( into the rest of OSPF ) yeah - looking at the RFC, that's what it states - external type-5's are not imported into the NSSA When I tried show ip ospf database external on R2, I could see the LSA with forward address 0.0.0.0, but on R5, the forward address changed to 192.168.1.33(or 192.168.1.17). How did this happen? I think that's the reason why I only can see on O*N2 entry insteady of 2. I am using 2500 serial routers. For this experiment, I used 2500 routers as well. when you do the show ip ospf neighbors, do you see neighbor relationships over both links? Router_8#o nei Neighbor ID Pri State Dead Time Address Interface 222.222.222.9 1 FULL/ -00:00:36192.168.1.34Serial1 222.222.222.9 1 FULL/ -00:00:36192.168.1.18Serial0 Router_8# the relevant results from my show ip ospf database: Router 9 ( area border router ) Router_9#o data OSPF Router with ID (222.222.222.9) (Process ID 200) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 222.222.222.9 222.222.222.9 15950x8011 0xAF01 1 222.222.222.10 222.222.222.10 18730x800E 0x941F 1 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.1.1222.222.222.10 18730x800D 0xE14C Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.16222.222.222.9 595 0x8010 0x1BC1 192.168.1.32222.222.222.9 595 0x8010 0x7A52 192.168.1.48222.222.222.9 15950x800C 0xEBD3 192.168.1.64222.222.222.9 15950x800C 0x4B64 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 222.222.222.8 222.222.222.8 14680x8013 0x6FB2 6 222.222.222.9 222.222.222.9 15980x801A 0x2E31 4 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.0.0222.222.222.9 15980x8010 0xCBA1 Type-7 AS External Link States (Area 1) Link ID ADV Router Age Seq# Checksum Tag 0.0.0.0 222.222.222.9 15980x800C 0xDB25 0 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.10.0 222.222.222.10 627 0x800E 0xB86D 0 172.16.11.0 222.222.222.10 627 0x800E 0xAD77 0 Router_9# AND from router 8 ( the router that is NSSA only ) Router_8#o data OSPF Router with ID (222.222.222.8) (Process ID 200) Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 222.222.222.8 222.222.222.8 16660x8013 0x6FB2 6 222.222.222.9 222.222.222.9 17950x801A 0x2E31 4 Summary Net Link States (Area 1) Link ID
Re: Is a Virus or Hacker attack?? [7:60114]
Geoff Zinderdine wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... to bring this back into the Cisco realm, Cisco NBAR ( network based application recognition ) I believe was intended to provide another dimension to the QoS classification process. now it can also be used as a filter against certain virus / macro virus attacks. NBAR thus far does a poor job of what products like Radware and Fortigate do very well. Network-based virus screening implemented in ASIC is a very exciting development, in my opinion. Fortinet can do it fast enough on some of their boxes for the provider edge. NBAR is perhaps better than nothing, but it is neither sophisticated enough nor granular enough to do much. I really hope more providers start adopting these technologies. It will save us all allot of grief. you know Geoff, you are absolutely right. this is true with many technologies. I work in sales, and I see product announcements and attend various vendor educational webcasts regularly. Then I think about questions on this newsgroup - how do I get my PIX to do this, how do I get my router to do that, and all I can think is that there are many vender alternatives that are far superior to trying to make a Cisco router or a Cisco PIX do any number of things that slow down the processing and then do the job less effectively anyway. Products like QoSWorks and NetVMG are first rate. Unfortunately, the small to medium city, county, school district, and medical organizations I cover usually cannot afford many of these products. Plus the telco I work for believes ( like any telco ) that we should be pushing more bandwidth. Programs like e-rate seem to have changed a lot of the dynamic as well. And the Cisco account teams are very good at getting into these places and convincing staff IT people ( who are not necessarily the best and the brightest in the markets I cover - not with what they are paid ) that the Cisco product line is the answer to every problem. Can't complain, though. I make a decent living selling Cisco too. :- Geoff Zinderdine CCIE #10410 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60294t=60114 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problems while acessing Ciscoworks 2000 [7:60285]
Piyush Check the permissions for the user you logged on with to the ciscoworks And check the java settings in the web browser too I have passed with this kind of problem but it was solved by this way as it's mainly related with the browser Amr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mr piyush shah Sent: Saturday, January 04, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: Re: problems while acessing Ciscoworks 2000 [7:60285] Hi all I have windows2000 suite of NMS.I have installed CD1 with version 4 .Now that I can acess the same locally ,while When I am trying to acess ciscoview through web using port 1741 on other pC,I am getting the error Please grant the permission to acess Ciscoview.I wonder whether where should I grant the permisiion.Request all to help me. Piyush Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60295t=60285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problems while acessing Ciscoworks 2000 [7:60285]
Piyush Check the permissions for the user you logged on with to the ciscoworks And check the java settings in the web browser too I have passed with this kind of problem but it was solved by this way as it's mainly related with the browser Amr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mr piyush shah Sent: Saturday, January 04, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: Re: problems while acessing Ciscoworks 2000 [7:60285] Hi all I have windows2000 suite of NMS.I have installed CD1 with version 4 .Now that I can acess the same locally ,while When I am trying to acess ciscoview through web using port 1741 on other pC,I am getting the error Please grant the permission to acess Ciscoview.I wonder whether where should I grant the permisiion.Request all to help me. Piyush Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60296t=60285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS images for 7200? 2500? [7:60284]
neal r wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. This comes up in my job occasionally, so just to refresh my memory, I dug around a little bit with the IOS Software Advisor. I came up with a general impression that on the 72xx you need an enterprise release, usually ( not always ) in the T train. SA also states clearly that YMMV You might also try a service provider image SA came up with a number of these, mostly requiring 128 DRAM there was a 12.1.9A image that required only 64 DRAM. SA claims that MPLS is not available on the 25xx platform. SA also claims that Service Provider images are not available on the 25xx platform. However, the IOS upgrade planner shows any number of SP images for the 25xx. for example c2500-p-l.121-18.bin However, when checking the features of that image on SA, it shows no MPLS. So I will have to yield to those who have pointed to other places to get such a feature set for the 25xx. I've been told by other sources that MPLS is available of the 25xx. just can't locate it using the Cisco tools at my disposal. HTH *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60297t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 515E NAT/PAT [7:60291]
Searching CCO's public web access will yield a wealth of information if you check it out. http://www.cisco.com/warp/public/707/29.html ... and to answer indirectly, VPN Clients will terminate (attach) their VPN tunnels to the PIX... so the outside interface address is what you would use for the VPN Clients. This means, that if you don't plan on hosting anything else behind the PIX for the world to access without a VPN connection, i.e., a web server for the public, you will automatically be doing PAT for all users behind the PIX accessing the Internet. Hence, you will only need one Public/Registered IP Address to support VPN Clients AND PAT. VPN does have something to do with the Registered IP Address, as you suspected. :) Do some reading up and get back to us if you are still confused/stuck. -Original Message- From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 7:46 AM To: [EMAIL PROTECTED] Subject: PIX 515E NAT/PAT [7:60291] I have been assigned to install and configure the PIX firewall 515E in my company, VPN clients will access our network through dialup connection, we have only two free IP addresses, one of those IP addresses will be assigned to the outside interface of firewall, the other one will be used with PAT so that inside users will be able to access the internet. The question is do I need more Registered IP address to configure as NAT instead of PAT! Or the VPN has nothing with more or less registered IP addresses? Thanks Ismail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60298t=60291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - More Bitching about Cisco's New Web Site [7:60299]
Is it just me? More broken links? Harder to find the everyday tools? lower - a LOT slower - navigating around? Seems like just about every day I'm filling out one of those feedback forms to report a problem. assuming I've found the basic page I'm looking for anyway. For example - check out the links on this page. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r /iprprt2/index.htm watch the wrap and whatever happened to the tool index? It was no fun searching for the Software Advisor and the IOS Upgrade Planner this morning. grumble grumble grumble -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60299t=60299 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS images for 7200? 2500? [7:60284]
hey, Mark, thanks for the tip. I read Dennis' pdf, and checked out both the web sites mentioned. looks like this software has not been updated in quite a while. obviously it is unsupported. Chuck TANSTAAFL there ain't no such thing as a free lunch Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know you can grab the mpls images for the 25xx series here: ftp-eng.cisco.com (anonymous) /rraszuk/specials c2500-js-l.20oct2001 c2500-p-l.20oct2001 c2500-p-l.tag Dennis L of course has his site http://home.attbi.com/~blaga/ Can't help you out specific for 72xx sorry.. cheers, Mark. -Original Message- From: neal r [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 11:54 PM To: [EMAIL PROTECTED] Subject: MPLS images for 7200? 2500? [7:60284] Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60300t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS images for 7200? 2500? [7:60284]
not exactly what you want but... the 12.2.12a enterprise plus image works on the 3620's have you tried using cisco's feature navigator (www.cisco.com/go/fn) a colleague mentioned it to me when I was struggling with the new 'software advisor' I hope that helps! if you do find a working image for the 2500's please let us know! thanks neal r wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60302t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Geoff Zinderdine wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... For the record, I studied and practiced hard, and passed the CCIE lab with precious little industry experience. I found a great job in a great company within two months of passing the CCIE Lab, and I had a few other interested folks contact me for interviews. The demagoguery of this whole thread aside, my experience was much the same as Mr. Larus'. I had little industry experience and also found exactly the job I wanted in exactly the place I wanted for exactly the money that I asked for within two and a half months. I also had three other offers and a series of five interviews with a prominent multinational whose only concern was my lack of customer facing time as I was interviewing for a pre-sales role. As I am a high school dropout with only a couple years of university to my credit, you can more clearly see the effect of the CCIE on my career than on Mr. Larus' as he was a lawyer in his previous incarnation and hence brings allot to the table outside of the CCIE even without much industry experience. Every one of the CCIEs that I know is working aside from one that is dedicating more time to flying RC gliders off a cliff in San Francisco than job searching:) Geez, ever go to the jobs NG? It's absolutely filled with jobless CCIE's. If you want to get a good job in the networking field, the CCIE is a great path to take. Just bear in mind that the CCIE guarantees nothing. There are plenty of unemployed CCIE's out there. If you would rather rise to the top management of Cisco or some other Fortune 500 company you are better off with a degree... or perhaps even better, many hours in the garden watching some rapacious slug devour and assimilate everything in its path. Keep in mind that business (like government and unlike fish) is curious in that the bottomfeeders congregate at the top. Uh, sounds curiously like a case of sour grapes. Guys who are at the top of the business world make more money in a week than we make in a year. More to the point, in my experience, it's always better to be the one giving orders than to be the one taking them. Why do you think the comic strip Dilbert is so popular? Sure, the pointy-haired boss might not know anything, but at the end of the day, he's still the one giving orders. YMMV and gas is about to get more expensive, Geoff Zinderdine CCIE #10410 P.S. Tom, is your career recapitulating phylogeny? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60303t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Uh, sounds curiously like a case of sour grapes. Guys who are at the top of the business world make more money in a week than we make in a year. More to the point, in my experience, it's always better to be the one giving orders than to be the one taking them. Why do you think the comic strip Dilbert is so popular? Sure, the pointy-haired boss might not know anything, but at the end of the day, he's still the one giving orders. You seem to suffer from that curious American disease of equating money with career fulfilment and happiness. There is no sour grapes at all, and throughout my various career paths I have chosen what made me happy over what made me rich. This is not to say that I want to work for free, but I am quite happy making what I do in a year. I have no desire to do a job I loathe to make more money. I couldn't care less who gives orders. There is far more nobility in serving well than in managing poorly. I have never been interested in corporate culture... and the revelations of the wrongdoings of American business over the past few years point to exactly why I am not. It is far better to be ethical and content than to try to devour the world with one's greed. Regards, Geoff Zinderdine CCIE #10410 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60304t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Geoff Zinderdine wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Uh, sounds curiously like a case of sour grapes. Guys who are at the top of the business world make more money in a week than we make in a year. More to the point, in my experience, it's always better to be the one giving orders than to be the one taking them. Why do you think the comic strip Dilbert is so popular? Sure, the pointy-haired boss might not know anything, but at the end of the day, he's still the one giving orders. You seem to suffer from that curious American disease of equating money with career fulfilment and happiness. There is no sour grapes at all, and throughout my various career paths I have chosen what made me happy over what made me rich. This is not to say that I want to work for free, but I am quite happy making what I do in a year. I have no desire to do a job I loathe to make more money. I couldn't care less who gives orders. There is far more nobility in serving well than in managing poorly. Hey, if you're cool with that, then that's cool.That's always been my point - if you're happy being the technical guy who's taking orders from other people, then God bless you, everything that I say doesn't apply to you. But on the other hand, even you agree that there are a lot of people (not just Americans, but a lot of people in the world) who want money. For some of these people, it is precisely money that brings them happiness. And who's to say that you can't have a happy career that also happens to produce a lot of money? I don't see it as an either-or choice. Sure, some rich people are unhappy. But go to the bad, poverty-stricken part of town, and you'll see some REALLY unhappy people. I volunteer for various charities, and I spent the holidays providing toys for needy people who couldn't afford to buy simple gifts for their children. I was happy to help out, but that's some real misery I was looking at. I have never been interested in corporate culture... and the revelations of the wrongdoings of American business over the past few years point to exactly why I am not. It is far better to be ethical and content than to try to devour the world with one's greed. Like I said, if you're happy with your lot, then God bless you. But again, I don't see that business success and ethics is necessarily an either-or choice. You can be successful and ethical. And besides, I don't know that ethics has anything to do with this argument. CCIE's can be just as unethical as anybody else. Regards, Geoff Zinderdine CCIE #10410 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60305t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
But on the other hand, even you agree that there are a lot of people (not just Americans, but a lot of people in the world) who want money. For some of these people, it is precisely money that brings them happiness. And who's to say that you can't have a happy career that also happens to produce a lot of money? I don't see it as an either-or choice. You can, and I do. I also don't see it as an either or choice. I just don't equate reaching the top management of a big company and having their astronomical salaries as the summum bonum of existence. Sure, some rich people are unhappy. But go to the bad, poverty-stricken part of town, and you'll see some REALLY unhappy people. I volunteer for various charities, and I spent the holidays providing toys for needy people who couldn't afford to buy simple gifts for their children. I was happy to help out, but that's some real misery I was looking at. These aren't the only two options. The vast middle ground between misery and misery is where I want to live. I have learned more from my defeats than from my successes and I have lived in those neighborhoods for much of my life. They are a fertile ground. Like I said, if you're happy with your lot, then God bless you. But again, I don't see that business success and ethics is necessarily an either-or choice. You can be successful and ethical. And besides, I don't know that ethics has anything to do with this argument. CCIE's can be just as unethical as anybody else. Yes of course they can, but that isn't the issue. The issue is what kind of life you have in the upper echelons of management. Like in politics however, you have to give up certain principles and worldviews in order to succeed in most if not all corporate cultures. I value the principles that I have which have more to do with working for the good of others over one's own selfish needs more than I value the uncompromising pursuit of self interest that is intrinsic in the corporate world. The pursuit of outrageous wealth is full of compromises I am unwilling to make. That said, are there those that have kept true to their principles and become wealthy? Of course. They have generally done it by *owning* companies, not managing them. All of this discussion speaks again to people having to decide on a path which fulfils them rather than merely applying statistical probability to very important decisions. :) Geoff Zinderdine CCIE #10410 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60306t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX behind DSL router [7:60307]
I'm trying to configure a PIX to sit behind a Cisco 675 DSL router (or is it a modem in this case) and I'm not having much luck. NAT is functioning on the router but I can't get from the LAN through the PIX and router to the Internet. This is a double-NAT scenario. Is this possible? I have tried adding all the usual static routes for the router and PIX with no success. Any first-hand experience or ideas? 10.0.0.0---PIX---192.168.1.0---router---Internet Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60307t=60307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - More Bitching about Cisco's New Web Site [7:60308]
Well I thought the site was very slow - until I realised I'd stuck a clock rate 64000 on my frameswitch router so that I could see some queueing :-) I now go straight for the search button, but there are some horrors in there. There seem to be more pdfs as well which is good, but then sometimes there is only a pdf. Theres a bit under technologies where I burrowed down through QoS, congestion management, through queuing and then to WFQ to find a short paragraph telling me what it was. I'd really wanted a white paper detailing algorithms! I'm sure I'll crack it sometime. rgds Marc The Long and Winding Road wrote: Is it just me? More broken links? Harder to find the everyday tools? lower - a LOT slower - navigating around? Seems like just about every day I'm filling out one of those feedback forms to report a problem. assuming I've found the basic page I'm looking for anyway. For example - check out the links on this page. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r /iprprt2/index.htm watch the wrap and whatever happened to the tool index? It was no fun searching for the Software Advisor and the IOS Upgrade Planner this morning. grumble grumble grumble -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60308t=60308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS images for 7200? 2500? [7:60284]
Unfortunately doesn't look like it. But it is great to be able to run it on the 25xx series even if it is only 12.0 code :-) You will need full memory though Chuck 18/16 (2mg shared not counted with 16mg dram) to run c2500-js-l.20oct2001. Haven't tried the other 2 smaller image sized releases to be honest. cheers, M -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 10:48 AM To: [EMAIL PROTECTED] Subject: Re: MPLS images for 7200? 2500? [7:60284] hey, Mark, thanks for the tip. I read Dennis' pdf, and checked out both the web sites mentioned. looks like this software has not been updated in quite a while. obviously it is unsupported. Chuck TANSTAAFL there ain't no such thing as a free lunch Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know you can grab the mpls images for the 25xx series here: ftp-eng.cisco.com (anonymous) /rraszuk/specials c2500-js-l.20oct2001 c2500-p-l.20oct2001 c2500-p-l.tag Dennis L of course has his site http://home.attbi.com/~blaga/ Can't help you out specific for 72xx sorry.. cheers, Mark. -Original Message- From: neal r [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 11:54 PM To: [EMAIL PROTECTED] Subject: MPLS images for 7200? 2500? [7:60284] Thanks to the fellows at http://www.optimumdata.com I'm going to have a lab with a mix of 72xx and 25xx available for the next week or two for MPLS playtime with an eye on finishing that portion of my CCIP. I've wrestled today with 12.2.4T3 on the 25xx, got utterly frustrated with 12.2T(anything) on an older 7206, went back to 12.0.21ST, and still didn't come up with a complete working system which might be related to finicky old hardware. If anyone has words of wisdom on which images would be appropriate for an MPLS lab I'd sure love to hear it. *IF* I get a good answer on this I'll take the time to make this lab available to others after I've had my fill, but I don't imagine it'll stay up for long unless the president gets a stream of thank you notes from groupstudiers - any chance of this happening? If I'm the only guy pursuing CCIP that doesn't already have an uberlab I guess I wouldn't be that surprised ... email me and prove me wrong :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60309t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX behind DSL router [7:60307]
pix is a nat box, curious why youre doing that on the router?? double nat can work, havent heard of it with this combo though. Bri - Original Message - From: Andy Barkl To: Sent: Saturday, January 04, 2003 2:45 PM Subject: PIX behind DSL router [7:60307] I'm trying to configure a PIX to sit behind a Cisco 675 DSL router (or is it a modem in this case) and I'm not having much luck. NAT is functioning on the router but I can't get from the LAN through the PIX and router to the Internet. This is a double-NAT scenario. Is this possible? I have tried adding all the usual static routes for the router and PIX with no success. Any first-hand experience or ideas? 10.0.0.0---PIX---192.168.1.0---router---Internet Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60310t=60307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Geoff Zinderdine wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... But on the other hand, even you agree that there are a lot of people (not just Americans, but a lot of people in the world) who want money. For some of these people, it is precisely money that brings them happiness. And who's to say that you can't have a happy career that also happens to produce a lot of money? I don't see it as an either-or choice. You can, and I do. I also don't see it as an either or choice. I just don't equate reaching the top management of a big company and having their astronomical salaries as the summum bonum of existence. Fine, like I said, if my arguments don't apply to you, then so be it. My point was that for quite a few people, reaching the top of the summit really is their sine-qua-non. Again, I would state the question again for anybody who's still reading this (not you, Geoff). Be honest with yourself. Be completely and totally honest with yourself. Will you be happy just being the technical box-slinger for a long time, and perhaps for the rest of your life? If the answer really is 'yes', then you can probably safely forgo the degree. But if you have even the slightest shred of doubt, I would counsel you to cover your bases.Again, this doesn't apply to you, Geoff, cuz I know what your answer is going to be. This applies to anybody else out there. Sure, some rich people are unhappy. But go to the bad, poverty-stricken part of town, and you'll see some REALLY unhappy people. I volunteer for various charities, and I spent the holidays providing toys for needy people who couldn't afford to buy simple gifts for their children. I was happy to help out, but that's some real misery I was looking at. These aren't the only two options. The vast middle ground between misery and misery is where I want to live. I have learned more from my defeats than from my successes and I have lived in those neighborhoods for much of my life. They are a fertile ground. Actually, most studies have shown that the more money people get the happier they tend to be. Sure, the dh/d$ (where h = happiness) decreases over time, but it is still a positive number. Again, that's not to say that all rich people are happy, but they tend to be more happy on average than people who are not as rich, and much more happy than people who are poor. Don't get me wrong. I'm not counseling that people should drop everything to make more money. Obviously there is more to happiness than just money. But money does play a role. Like I said, if you're happy with your lot, then God bless you. But again, I don't see that business success and ethics is necessarily an either-or choice. You can be successful and ethical. And besides, I don't know that ethics has anything to do with this argument. CCIE's can be just as unethical as anybody else. Yes of course they can, but that isn't the issue. The issue is what kind of life you have in the upper echelons of management. Like in politics however, you have to give up certain principles and worldviews in order to succeed in most if not all corporate cultures. I value the principles that I have which have more to do with working for the good of others over one's own selfish needs more than I value the uncompromising pursuit of self interest that is intrinsic in the corporate world. I would argue that if this is really a concern, then one excellent way to alleviate this problem (if it is a problem) is the higher up you go, the more charity work you do. Not that I'm trying to pat myself on the back, but that's exactly what I've done. Sure, you might be a tough bastard from 9-5, but after hours, with the extra money you've made, you're giving back to the community. If you say that working for the good of others is truly the goal here, then by being more successful and making more money, you have more to give to others. The pursuit of outrageous wealth is full of compromises I am unwilling to make. That said, are there those that have kept true to their principles and become wealthy? Of course. They have generally done it by *owning* companies, not managing them. All of this discussion speaks again to people having to decide on a path which fulfils them rather than merely applying statistical probability to very important decisions. Forget about a strict adherance to principles. Let's talk about overall net good. Andrew Carnegie was an unbelievably tough businessman. But when he died, he gave all his money to public causes - i.e. Carnegie-Mellon University, much of the American public library system, etc. The net good that Carnegie gave to the world was, I believe, highly positive. John Rockefeller - also a rough and tumble businessman, maybe the roughest of all, but also founded Rockefeller University, the University of Chicago (one of the most elite colleges in the world), and the Rockefeller
Re: PIX behind DSL router [7:60307]
Brian wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... pix is a nat box, curious why youre doing that on the router?? double nat can work, havent heard of it with this combo though. in general, there is no reason that double nat will NOT work. I have a customer network or two doing just that. I'm not familiar with the 675, and you are correct - I would want to know more about the configurations as well. Maybe an issue doing double PAT? as opposed to true double NAT or NAT to PAT ( which is the case with my customers ) Bri - Original Message - From: Andy Barkl To: Sent: Saturday, January 04, 2003 2:45 PM Subject: PIX behind DSL router [7:60307] I'm trying to configure a PIX to sit behind a Cisco 675 DSL router (or is it a modem in this case) and I'm not having much luck. NAT is functioning on the router but I can't get from the LAN through the PIX and router to the Internet. This is a double-NAT scenario. Is this possible? I have tried adding all the usual static routes for the router and PIX with no success. Any first-hand experience or ideas? 10.0.0.0---PIX---192.168.1.0---router---Internet Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60312t=60307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problems while acessing Ciscoworks 2000 [7:60285]
What about *very* slow access to CiscoWorks? We're running it from a new Dell 2550, 2 processors, 1gb or ram and the box does nothing but run CW. Accessing it from a workstation takes literally minutes to load the initial page and then another 3-4 minutes to load the device manager. Is this common? Thanks Imagination is more important than knowledge Albert Einstein -Original Message- From: Amr Essam [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 1:07 PM To: [EMAIL PROTECTED] Subject: RE: problems while acessing Ciscoworks 2000 [7:60285] Piyush Check the permissions for the user you logged on with to the ciscoworks And check the java settings in the web browser too I have passed with this kind of problem but it was solved by this way as it's mainly related with the browser Amr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mr piyush shah Sent: Saturday, January 04, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: Re: problems while acessing Ciscoworks 2000 [7:60285] Hi all I have windows2000 suite of NMS.I have installed CD1 with version 4 .Now that I can acess the same locally ,while When I am trying to acess ciscoview through web using port 1741 on other pC,I am getting the error Please grant the permission to acess Ciscoview.I wonder whether where should I grant the permisiion.Request all to help me. Piyush Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60313t=60285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Revisited - OSPF Authentication - WAS : Tonight's Homily - OSPF [7:60314]
I got to thinking about this a little bit further. Warning - what follows is more metaphysical, and less technical. I believe it does adequately explain the thought process that resulted in the original homily. It comes down to Augustinian and anti-Augustinian thought. According to Augustine of Hippo, evil is not a thing in an of itself. Evil is merely the absence of good. Same as darkness is merely the absence of light. This good and evil, day and night, are not opposites. I suppose one might then argue that a vacuum is merely the absence of air. In this Augustinian viewpoint, when no area authentication is configured then what you have is nothing. Which leaves the mystery of interface authentication and it's purpose. However, if one takes an anti-Augustinian view, which it appears that the Cisco developers did, then when you read the documentation that states that the default area authentication is null, one must then agree that null authentication is a thing in and of itself. If no area authentication is configured, then in reality null authentication is configured. The area does indeed have authentication configured. The interface authentication, then, is doing what the docs say - overriding the area configuration with a specific authentication that applied to the interface only. The proof of this is that when specific area authentication is configured, one can override it with the interface configuration of null, which is a kind of authentication. It is fair to say that now there are three kinds of OSPF authentication. clear text, md5, and null. One of those types MUST be configured under the ospf process. The default is null ( not none ) One of those types must be configured on each ospf interface. the default is null except when an area authentication is configured under the ospf process ( had to include this one or else the flow of logic fails ) The happy accident that results from this is that area authentication need not be configured on routers on both sides of the link. Only on one side. Well, maybe not really an accident. After all, the other side ospf process has the default authentication set to null. The interface authentication overrides for just that interface. This explains the result I documented below. So how'd I do, Howard? :- footnote: I realize that in terms of router code, there is probably a register with certain bit positions indicating authentication in place. for example: = area authentication = null, interface authentication = null 0001 = area authentication = null, interface authentication = clear text 0010 = area authentication = null, interface authentication = md5 0011 = area authentication = clear text, interface authentication = null 0100 = area authentication = clear text, interface configuration = clear text 0101 = area authentication = clear text, interface authentication = md5 0110 = area authentication = md5, interface authentication = null 0111 = area authentication = md5, interface authentication = clear text 1000 = area authentication = md5, interface authentication = md5 1011 = area authentication required but interface not configured = area authentication = null, interface authentication configuration not required ( the absence of good ) these would be pointers to the appropriate subroutine process for handling OSPF packets received or sent on an interface. sorry for the boring lecture. Chuck -- TANSTAAFL there ain't no such thing as a free lunch The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As many of you know, I've been reading Parkhurst's OSPF book for a number of reasons. So I'm fooling around in the chapter on interface commands, when something hits me over the head. authentication can be done on an interface by interface basis! one of those things that I just never noticed before. Maybe because all the practice labs always instruct you to use area authentication. Maybe cause I'm just a Homer Simpson kind of guy. So check this out. Topology will look strange, because I'm doing this over a vlan tunnel. router-vlan tunnel-router each router has 4 subinterfaces, making four point-to-point links FrameSwitch#o nei Neighbor ID Pri State Dead Time Address Interface 222.222.222.141 FULL/DR 00:00:33122.1.4.1 Ethernet0/1.4 222.222.222.141 FULL/DR 00:00:36122.1.3.1 Ethernet0/1.3 222.222.222.141 FULL/DR 00:00:36122.1.2.1 Ethernet0/1.2 222.222.222.141 FULL/DR 00:00:33122.1.1.1 Ethernet0/1.1 FrameSwitch# FrameSwitch#ir os O197.32.44.0/24 [110/11] via 122.1.4.1, 00:01:21, Ethernet0/1.4 [110/11] via 122.1.1.1, 00:01:21, Ethernet0/1.1 [110/11] via 122.1.2.1, 00:01:21, Ethernet0/1.2 [110/11] via 122.1.3.1, 00:01:21, Ethernet0/1.3 O195.100.3.0/24 [110/11] via 122.1.4.1, 00:01:21,
MBA/CPA/JD vs CCIE Vs. BS or MS degree vs Heisman Trophy vs [7:60315]
I've done a bit of thread title correction to put it on the direction that nrf seems to be indicating At 10:07 PM + 1/4/03, nrf wrote: Geoff Zinderdine wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Uh, sounds curiously like a case of sour grapes. Guys who are at the top of the business world make more money in a week than we make in a year. So? Oprah Winfrey does even better. Indeed, some of the wealthiest in the business world are not particularly corporate leaders, but arbitrageurs and the like. Boesky and his ilk aside, financial manipulation can be legal. More to the point, in my experience, it's always better to be the one giving orders than to be the one taking them. Why do you think the comic strip Dilbert is so popular? Sure, the pointy-haired boss might not know anything, but at the end of the day, he's still the one giving orders. You seem to suffer from that curious American disease of equating money with career fulfilment and happiness. There is no sour grapes at all, and throughout my various career paths I have chosen what made me happy over what made me rich. This is not to say that I want to work for free, but I am quite happy making what I do in a year. I have no desire to do a job I loathe to make more money. I couldn't care less who gives orders. There is far more nobility in serving well than in managing poorly. Hey, if you're cool with that, then that's cool.That's always been my point - if you're happy being the technical guy who's taking orders from other people, then God bless you, everything that I say doesn't apply to you. There are lots of technical people that give orders as well -- to other technical people. There are also lots of technical people that may not give orders per se, but act as leaders and mentors in directing development and support. I think an agenda is emerging here, nrf. This thread seemed, at least to me, to deal with the merits of academia, certification, or combinations to move into technical jobs. In your last few posts, however, I'm only confused whether the thrust of your arguments is to maximize monetary return, or to reach the top ranks of general corporate management. Now, if you had a screen name of NFL, I'd suggest you have more monetary potential than most corporate executives. If you can give a creditable impression of Christina Aguilara, that also offers significant potential. The latter, however, might require an unacceptable level of surgery. Not that I have met you personally, but I know several people in the business that have much better genetics for that mission, including, indeed, at least one top executive that has been mentioned. But to my mind, your utopia has relatively little to do with networking. Personally, I don't agonize about not making a seven-figure plus income when I can make six figures doing things I love. Now, yes. I want enough product management authority, including PL justification, that I can see my best ideas come to fruition -- and those are not one-person projects. I still believe, for example, I have an architecture in mind that could give orders of magnitude improvement in certain aspects of router performance. Perhaps some day I will land a slot as technology VP of a startup, make that happen, cash out, and mix my interests in network research and medicine. There is no question, however, I could be making much more right now in the networking industry had I chosen to go into sales. I'm an excellent verbal and written communicator, can make business cases, etc., but I don't like playing corporate politics. That, incidentally, is quite different than participating in general politics -- throughout my adult life, I've been involved in issue lobbying. But on the other hand, even you agree that there are a lot of people (not just Americans, but a lot of people in the world) who want money. For some of these people, it is precisely money that brings them happiness. And who's to say that you can't have a happy career that also happens to produce a lot of money? I don't see it as an either-or choice. Sure, some rich people are unhappy. But go to the bad, poverty-stricken part of town, and you'll see some REALLY unhappy people. I volunteer for various charities, and I spent the holidays providing toys for needy people who couldn't afford to buy simple gifts for their children. I was happy to help out, but that's some real misery I was looking at. Like I said, if you're happy with your lot, then God bless you. But again, I don't see that business success and ethics is necessarily an either-or choice. You can be successful and ethical. I can't help but interpret the above as an appeal to get out of technology as soon as possible. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60315t=60315 -- FAQ, list archives, and
Re: CCIE Vs. BS or MS degree [7:59481]
At 11:12 PM + 1/4/03, nrf wrote: So if it's doing public good that concerns you, then the more successful you are, the more you have to give. Let's face it - it's not going to be easy to create a charitable foundation that helps millions of people the way the Rockefeller Foundation did if you're working for minimum wage. Did I miss something about Mother Teresa's pay scale? I never said she wasn't tough. Anyone who pays a visit to the hospital bed of the then-Mayor of New York (Ed Koch) recovering from a heart attack, blesses him, and then hits on him for more reserved parking places for her missions is TOUGH. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60316t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Way to filter out the Emotional emails [7:60267]
Daren Presbitero wrote: Hey folks, I'm sure someone has some hints on how to better keep the good technical emails from this study group in my INBOX, and filtering out the overly emotional emails that people send on a daily basis. That stuff clutters my inbox and I end up wasting precious time reading them. Please send any useful utilities/information to me on how to do this. Nuff said, sorry for adding to the clutter. -D- ! interface groupstudy0 ip access-group 101 in ! access-list 101 deny ip any eq emotional any access-list 101 permit ip any any ! Alternatively, you can specify certain well-known handles in your access list to further enhance control. There are also stateful firewalls on the market but I can't afford them so I don't have any specific recommendations to make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60317t=60267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT taxonomy (was Re: PIX behind DSL router [7:60318]
At 11:21 PM + 1/4/03, The Long and Winding Road wrote: Brian wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... pix is a nat box, curious why youre doing that on the router?? double nat can work, havent heard of it with this combo though. in general, there is no reason that double nat will NOT work. I have a customer network or two doing just that. I'm not familiar with the 675, and you are correct - I would want to know more about the configurations as well. Maybe an issue doing double PAT? as opposed to true double NAT or NAT to PAT ( which is the case with my customers ) As Chuck points out, terminology often needs to be very precise in describing what kind of NAT you are doing, without even getting into higher-layer proxies and the like. Various NAT WG RFCs discuss taxonomies. Here's one taxonomy from Chapter 5 of my WAN Survival Guide (hopefully I can get the formatting halfway reasonable): three address spaces, Inside (I), DMZ (D) and Outside (O). The DMZ is not always present. The Outside space is further divided into Outside Local (OL) and Outside Remote (OR) for certain architectures. OL is the usual case, where the outside address space is under the control of the administrator of the local NAT device. This address space may or may not be registered and globally routable, but it is unique among the outsides of all NAT devices that use it. The special case is part of Realm Specific IP, where the local and remote NAT devices negotiate an address space to use. An address mapping I-O means that an inside address i maps to an outside address o. n(I) is the number of inside addresses and n(O) is the number of outside addresses Table 5-4: Mappings between Logical and Transmission Levels NAT TypeTranslationsInside sends to Other Basic NAT I-O Default gateway [1] n(I) = n(O) Basic NATP I(p)-O(p) Default gateway [1] n(I) n(O) Bidirectional I-O Default gateway [1] n(I) = (O) Twice I-O O-IDefault gateway [1] n(I) = n(O) DNS ALG needed Double I-D D-O Default gateway [1] Multihomed Any Default gateway [1] Must retain state among all NAT devices, or use static translations Realm-Specific I- OR if clientDefault gateway [1] Load-SharingO-IInside sends to default route, preferably of virtual server Load-Sharing with Port translation O(p)-I(p) Inside sends to default route, preferably of virtual server [1] If hosts are routing-aware, they can send to a router with a more-specific route than the default. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60318t=60318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MBA/CPA/JD vs CCIE Vs. BS or MS degree vs Heisman Trophy vs [7:60319]
I think an agenda is emerging here, nrf. This thread seemed, at least to me, to deal with the merits of academia, certification, or combinations to move into technical jobs. I completely disagree with the insinuation that I have solely been moving the discussion in any direction. If anything, I am only moving where others are taking me. People want to invoke things like ethics and happiness (which as far as I can tell had nothing to do with the initial argument) into the argument, and I am only too happy to oblige. But I don't see you jumping all over them - why not? I too thought we were just talking about degrees vs. certs, but other people want to go to other places. In your last few posts, however, I'm only confused whether the thrust of your arguments is to maximize monetary return, or to reach the top ranks of general corporate management. Now, if you had a screen name of NFL, I'd suggest you have more monetary potential than most corporate executives. If you can give a creditable impression of Christina Aguilara, that also offers significant potential. The latter, however, might require an unacceptable level of surgery. Not that I have met you personally, but I know several people in the business that have much better genetics for that mission, including, indeed, at least one top executive that has been mentioned. What I am doing it attempting to counter the notion that certifications are the only thing that matters - something that often times seems to be the prevailing paradigm on this particular newsgroup. Certs have their use, don't get me wrong. But it is a tremendously reckless strategy to dismiss the value of the degree categorically. By electing not to get your degree, you are closing opportunities off to yourself. Simple as that. That's my point. Now, everybody should make the calculation that perhaps getting the degree is not worth its cost in terms of time and money, and that's a perfectly valid calculation to make. Or you might respond that those opportunities that you are closing are not, and will never be, of interest to you, and that is yet another perfectly valid observation to make. What is not valid is to delude oneself into thinking that you are not closing off any opportunities. But to my mind, your utopia has relatively little to do with networking. Personally, I don't agonize about not making a seven-figure plus income when I can make six figures doing things I love. Now, yes. I want enough product management authority, including PL justification, that I can see my best ideas come to fruition -- and those are not one-person projects. I still believe, for example, I have an architecture in mind that could give orders of magnitude improvement in certain aspects of router performance. Perhaps some day I will land a slot as technology VP of a startup, make that happen, cash out, and mix my interests in network research and medicine. Heh heh, so I see you want money too. That's my point. A lot of people want to do what they really want to do - but they cannot because they don't have financial security. That's not to say that everybody should believe that money is the most important thing in the world, for it is not. But it can certainly enable happiness. There is no question, however, I could be making much more right now in the networking industry had I chosen to go into sales. I'm an excellent verbal and written communicator, can make business cases, etc., but I don't like playing corporate politics. That, incidentally, is quite different than participating in general politics -- throughout my adult life, I've been involved in issue lobbying. But on the other hand, even you agree that there are a lot of people (not just Americans, but a lot of people in the world) who want money. For some of these people, it is precisely money that brings them happiness. And who's to say that you can't have a happy career that also happens to produce a lot of money? I don't see it as an either-or choice. Sure, some rich people are unhappy. But go to the bad, poverty-stricken part of town, and you'll see some REALLY unhappy people. I volunteer for various charities, and I spent the holidays providing toys for needy people who couldn't afford to buy simple gifts for their children. I was happy to help out, but that's some real misery I was looking at. Like I said, if you're happy with your lot, then God bless you. But again, I don't see that business success and ethics is necessarily an either-or choice. You can be successful and ethical. I can't help but interpret the above as an appeal to get out of technology as soon as possible. Hardly so. A certain Mr. Gates never left technology and I'm sure he doesn't have any complaints. But what I'm saying is that success in the technical realm is rarely determined by technical skills alone. Business savvy matters. What matters it not that you know
RE: PIX behind DSL router [7:60307]
The DSL router is required to terminate the line and the PIX is needed by the customer. With only one Internet IP tied the outside of the router, I see this as a very common scenario. -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 4:08 PM To: [EMAIL PROTECTED] Subject: Re: PIX behind DSL router [7:60307] pix is a nat box, curious why youre doing that on the router?? double nat can work, havent heard of it with this combo though. Bri - Original Message - From: Andy Barkl To: Sent: Saturday, January 04, 2003 2:45 PM Subject: PIX behind DSL router [7:60307] I'm trying to configure a PIX to sit behind a Cisco 675 DSL router (or is it a modem in this case) and I'm not having much luck. NAT is functioning on the router but I can't get from the LAN through the PIX and router to the Internet. This is a double-NAT scenario. Is this possible? I have tried adding all the usual static routes for the router and PIX with no success. Any first-hand experience or ideas? 10.0.0.0---PIX---192.168.1.0---router---Internet Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60320t=60307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Revisited - OSPF Authentication - WAS : Tonight's Homily - [7:60321]
Chuck theologized, I got to thinking about this a little bit further. Warning - what follows is more metaphysical, and less technical. I believe it does adequately explain the thought process that resulted in the original homily. It comes down to Augustinian and anti-Augustinian thought. According to Augustine of Hippo, evil is not a thing in an of itself. Evil is merely the absence of good. Same as darkness is merely the absence of light. This good and evil, day and night, are not opposites. I suppose one might then argue that a vacuum is merely the absence of air. In this Augustinian viewpoint, when no area authentication is configured then what you have is nothing. Which leaves the mystery of interface authentication and it's purpose. Have you considered, then, the theological significance of the null interface? However, if one takes an anti-Augustinian view, which it appears that the Cisco developers did, then when you read the documentation that states that the default area authentication is null, one must then agree that null authentication is a thing in and of itself. If no area authentication is configured, then in reality null authentication is configured. The area does indeed have authentication configured. The interface authentication, then, is doing what the docs say - overriding the area configuration with a specific authentication that applied to the interface only. The proof of this is that when specific area authentication is configured, one can override it with the interface configuration of null, which is a kind of authentication. It is fair to say that now there are three kinds of OSPF authentication. clear text, md5, and null. One of those types MUST be configured under the ospf process. The default is null ( not none ) One of those types must be configured on each ospf interface. the default is null except when an area authentication is configured under the ospf process ( had to include this one or else the flow of logic fails ) If a man speaks in an empty forest, where there is no woman to hear him, is he still wrong? If a woman speaks in an empty forest, where there is no man to hear her, is she still nagging? If only one side of an interface is authenticated, but if it will not form a neighbor relationship if the other end doesn't care, is the relationship scure? The happy accident that results from this is that area authentication need not be configured on routers on both sides of the link. Only on one side. Well, maybe not really an accident. After all, the other side ospf process has the default authentication set to null. The interface authentication overrides for just that interface. This explains the result I documented below. So how'd I do, Howard? :- I quote Augustine of Hippo's response to one who asked him What was God doing before he created the universe? Creating a Hell for those who have the impertinence to ask such questions. footnote: I realize that in terms of router code, there is probably a register with certain bit positions indicating authentication in place. for example: = area authentication = null, interface authentication = null 0001 = area authentication = null, interface authentication = clear text 0010 = area authentication = null, interface authentication = md5 0011 = area authentication = clear text, interface authentication = null 0100 = area authentication = clear text, interface configuration = clear text 0101 = area authentication = clear text, interface authentication = md5 0110 = area authentication = md5, interface authentication = null 0111 = area authentication = md5, interface authentication = clear text 1000 = area authentication = md5, interface authentication = md5 1011 = area authentication required but interface not configured = area authentication = null, interface authentication configuration not required ( the absence of good ) these would be pointers to the appropriate subroutine process for handling OSPF packets received or sent on an interface. sorry for the boring lecture. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60321t=60321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 11:12 PM + 1/4/03, nrf wrote: So if it's doing public good that concerns you, then the more successful you are, the more you have to give. Let's face it - it's not going to be easy to create a charitable foundation that helps millions of people the way the Rockefeller Foundation did if you're working for minimum wage. Did I miss something about Mother Teresa's pay scale? I never said she wasn't tough. Anyone who pays a visit to the hospital bed of the then-Mayor of New York (Ed Koch) recovering from a heart attack, blesses him, and then hits on him for more reserved parking places for her missions is TOUGH. Touche, but the point I was trying to make was this. I don't want this to come off as a low-blow, and I'm certainly not accusing anybody here of being two-faced. But I've heard the argument before from people who say that they don't want to enter the business world, or climb the corporate ladder because they think that Corporate America is corrupt and they are more concerned with being ethical and doing good for the community. Yet many of these same people (not all, but many) do little if anything for the community that they claim to care for. Which begs the question that if you choose not to follow the rules of Big Business because you think it's evil and you are concerned with doing and being good, then why aren't you doing good works? Hmmm. Now, let me reiterate. The above paragraph might be construed as an attempt by me to take a shot at certain people here. Not at all. I'm just stating a phenomenom that I have seen from some people not on this NG. By the way, while Mother Teresa may not have personally had a lot of money, her practice obviously got money from somewhere. You can't feed and care for thousands without some kind of financial backing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60322t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MBA/CPA/JD vs CCIE Vs. BS or MS degree vs Heisman Trophy vs [7:60323]
I think an agenda is emerging here, nrf. This thread seemed, at least to me, to deal with the merits of academia, certification, or combinations to move into technical jobs. I completely disagree with the insinuation that I have solely been moving the discussion in any direction. If anything, I am only moving where others are taking me. People want to invoke things like ethics and happiness (which as far as I can tell had nothing to do with the initial argument) into the argument, and I am only too happy to oblige. But I don't see you jumping all over them - why not? I too thought we were just talking about degrees vs. certs, but other people want to go to other places. Because, offhand, I have only seen you bringing up the issue of people bringing up general management and tying it to power and money. Tradeoffs in the technical area of the value of certifications vs. academic training, especially early in one's career, seemed to be the scope of the original discussion. To the best of my knowledge, this list has never emphasized how to use technical skills to springboard into general management. In your last few posts, however, I'm only confused whether the thrust of your arguments is to maximize monetary return, or to reach the top ranks of general corporate management. Now, if you had a screen name of NFL, I'd suggest you have more monetary potential than most corporate executives. If you can give a creditable impression of Christina Aguilara, that also offers significant potential. The latter, however, might require an unacceptable level of surgery. Not that I have met you personally, but I know several people in the business that have much better genetics for that mission, including, indeed, at least one top executive that has been mentioned. What I am doing it attempting to counter the notion that certifications are the only thing that matters - something that often times seems to be the prevailing paradigm on this particular newsgroup. Certs have their use, don't get me wrong. But it is a tremendously reckless strategy to dismiss the value of the degree categorically. I don't disagree with that in the slightest, in the technical realm. But I question the relevance of even discussing whether it closes off general management opportuntities, which may not even be in networking. By electing not to get your degree, you are closing opportunities off to yourself. Simple as that. That's my point. Now, everybody should make the calculation that perhaps getting the degree is not worth its cost in terms of time and money, and that's a perfectly valid calculation to make. Or you might respond that those opportunities that you are closing are not, and will never be, of interest to you, and that is yet another perfectly valid observation to make. What is not valid is to delude oneself into thinking that you are not closing off any opportunities. But to my mind, your utopia has relatively little to do with networking. Personally, I don't agonize about not making a seven-figure plus income when I can make six figures doing things I love. Now, yes. I want enough product management authority, including PL justification, that I can see my best ideas come to fruition -- and those are not one-person projects. I still believe, for example, I have an architecture in mind that could give orders of magnitude improvement in certain aspects of router performance. Perhaps some day I will land a slot as technology VP of a startup, make that happen, cash out, and mix my interests in network research and medicine. Heh heh, so I see you want money too. I emphasize perhaps. I mostly do things I like now. I don't feel driven to get an MBA -- but, believe me, I can do a financial presentation to a VC. That's something I've chosen to learn how to do on my own. There is no question, however, I could be making much more right now in the networking industry had I chosen to go into sales. And to go back to your earlier point, there is no question that I'd be making more money had I done so. That seems to counter your heh heh. I can't help but interpret the above as an appeal to get out of technology as soon as possible. Hardly so. A certain Mr. Gates never left technology and I'm sure he doesn't have any complaints. But what I'm saying is that success in the technical realm is rarely determined by technical skills alone. Business savvy matters. What matters it not that you know this-and-that technology but that you know how that technology translates into dollars. Not necessarily. I can think of a fair number of very highly sought-after design engineers who have extremely limited involvement in presenting business cases. They have typically teamed with compatible marketing folk, and rely on their track record of building salable products. True marketing, as opposed to sales, people can provide useful information on
Re: MBA/CPA/JD vs CCIE Vs. BS or MS degree vs Heisman Trophy vs [7:60324]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think an agenda is emerging here, nrf. This thread seemed, at least to me, to deal with the merits of academia, certification, or combinations to move into technical jobs. I completely disagree with the insinuation that I have solely been moving the discussion in any direction. If anything, I am only moving where others are taking me. People want to invoke things like ethics and happiness (which as far as I can tell had nothing to do with the initial argument) into the argument, and I am only too happy to oblige. But I don't see you jumping all over them - why not? I too thought we were just talking about degrees vs. certs, but other people want to go to other places. Because, offhand, I have only seen you bringing up the issue of people bringing up general management and tying it to power and money. Tradeoffs in the technical area of the value of certifications vs. academic training, especially early in one's career, seemed to be the scope of the original discussion. To the best of my knowledge, this list has never emphasized how to use technical skills to springboard into general management. Ah, but I think that my point is best made by emphasizing one of the more important virtues of the degree - that it can serve as a springboard into general management and/or into other aspects of business besides technology. I believe you cannot fairly assess the value of the degree without bringing in this specific point. It's like asking somebody what the value of a diamond ring is - without the diamond. And why do I harp on power and money? Simple. Let's be brutally honest here. Why are most people even interested in the CCIE at all?Although nobody wants to say it, we all know the truth. Most people are interested in the CCIE because it might increase their power and/or earning potential. We all know that's the truth. Now - don't get me wrong - I didn't say all people. And I also didn't say that those were the only reasons people do it. But we would be most naive to believe that money and power didn't have a lot to do with it. To my detractors who probably want to jump down my throat for saying so - I would just say that you know in your heart that it's true - that money and power have a lot to do with the interest in the CCIE program. So if that's the real and honest battlefield that I'm fighting on, I don't think it at all inappropriate to apply the same criteria to the degree as well. You're looking at the CCIE because of (to be honest) money and power? Well, the degree can also bring you money and power, just in a different way. For example the degree can help you get into high management, which brings with it, money and power. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60324t=60324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MBA/CPA/JD vs CCIE Vs. BS or MS degree vs Heisman Trophy vs [7:60325]
Money is helpful, but the only power I want is some power over my own destiny, which is asking quite a lot as it is. With the CCIE, it sometimes possible to find a job that involves studying network technologies, experimenting with cool equipment in the lab, teaching other folks what you have learned, consulting with folks about network issues, doing some installation work, some troubleshooting work, and talking to prospective customers about neat cutting edge network security devices. It is pretty fun work, and most of the time (in my company, anyway) it involves considerably less stress and pressure than some of the more high-flying corporate jobs that nrf is thinking of. I am not saying that this is the experience of anyone else, but it is my life now. I love it, and learning what I needed to learn to pass the CCIE lab made it possible. Tom Larus nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think an agenda is emerging here, nrf. This thread seemed, at least to me, to deal with the merits of academia, certification, or combinations to move into technical jobs. I completely disagree with the insinuation that I have solely been moving the discussion in any direction. If anything, I am only moving where others are taking me. People want to invoke things like ethics and happiness (which as far as I can tell had nothing to do with the initial argument) into the argument, and I am only too happy to oblige. But I don't see you jumping all over them - why not? I too thought we were just talking about degrees vs. certs, but other people want to go to other places. Because, offhand, I have only seen you bringing up the issue of people bringing up general management and tying it to power and money. Tradeoffs in the technical area of the value of certifications vs. academic training, especially early in one's career, seemed to be the scope of the original discussion. To the best of my knowledge, this list has never emphasized how to use technical skills to springboard into general management. Ah, but I think that my point is best made by emphasizing one of the more important virtues of the degree - that it can serve as a springboard into general management and/or into other aspects of business besides technology. I believe you cannot fairly assess the value of the degree without bringing in this specific point. It's like asking somebody what the value of a diamond ring is - without the diamond. And why do I harp on power and money? Simple. Let's be brutally honest here. Why are most people even interested in the CCIE at all?Although nobody wants to say it, we all know the truth. Most people are interested in the CCIE because it might increase their power and/or earning potential. We all know that's the truth. Now - don't get me wrong - I didn't say all people. And I also didn't say that those were the only reasons people do it. But we would be most naive to believe that money and power didn't have a lot to do with it. To my detractors who probably want to jump down my throat for saying so - I would just say that you know in your heart that it's true - that money and power have a lot to do with the interest in the CCIE program. So if that's the real and honest battlefield that I'm fighting on, I don't think it at all inappropriate to apply the same criteria to the degree as well. You're looking at the CCIE because of (to be honest) money and power? Well, the degree can also bring you money and power, just in a different way. For example the degree can help you get into high management, which brings with it, money and power. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60325t=60325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Motivations for Certifications [7:60326]
changing the focus of the offshoot of the thread that refuses to die.. nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... And why do I harp on power and money? Simple. Let's be brutally honest here. Why are most people even interested in the CCIE at all?Although nobody wants to say it, we all know the truth. Most people are interested in the CCIE because it might increase their power and/or earning potential. We all know that's the truth. Now - don't get me wrong - I didn't say all people. And I also didn't say that those were the only reasons people do it. But we would be most naive to believe that money and power didn't have a lot to do with it. To my detractors who probably want to jump down my throat for saying so - I would just say that you know in your heart that it's true - that money and power have a lot to do with the interest in the CCIE program. as my old economics perfesser used to say, everyone is motivated by his / her perceived best self interest. Some of us may be unclear in our expression of our motivations. We may be unaware or rather unattuned. It may be that what we express is not what is really happening on a subconscious level. someone else I knew long ago used to say that at the root of all matter was our sex drive. we act in the manner which we perceive will get us regular physical contact and satisfaction. So if that's the real and honest battlefield that I'm fighting on, nope - that's the perceived battlefield. you perceive that it is in your best self interest to continue this discussion, to further your points, to take your position and defend it against all comers. see above :- I don't think it at all inappropriate to apply the same criteria to the degree as well. You're looking at the CCIE because of (to be honest) money and power? Well, the degree can also bring you money and power, just in a different way. For example the degree can help you get into high management, which brings with it, money and power. this thread continues to be an interesting diversion. I have read most of the posts. as always, nrf, the points you make are worth considering, even if I don't necessarily agree with your conclusions. now that I've finished writing the post that I perceive is in my own best self interest, I will do what I perceive is in my own best self interest and post it. Posting it makes me feel good, content, and better able to lay my plans to obtain what is at the root of all matter. ;- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60326t=60326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Your advise pls! [7:60327]
Hello Group, I finished NP/DA in Oct 2000. Since then, I have been looking for job in networking. I know my drawback for being unsuccessful. It is my past experience {as Accountant} and real world experience with Cisco routers. In order to get some experience, I had setup 5 router home lab and gained little experience by practicing / solving lab exercise from Satterlee book. Even that did not help me to get entry level positions. The job market in Toronto is so bad that, I am unable to find Tech support job too. Now it is time for me to recertify {Oct}. What should, I do? I have already spent a lot of money on books/routers. I cannot spend any more on books/routers. Any advise appreciated. / RamG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60327t=60327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
At 1:21 AM + 1/5/03, nrf wrote: Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 11:12 PM + 1/4/03, nrf wrote: So if it's doing public good that concerns you, then the more successful you are, the more you have to give. Let's face it - it's not going to be easy to create a charitable foundation that helps millions of people the way the Rockefeller Foundation did if you're working for minimum wage. Did I miss something about Mother Teresa's pay scale? I never said she wasn't tough. Anyone who pays a visit to the hospital bed of the then-Mayor of New York (Ed Koch) recovering from a heart attack, blesses him, and then hits on him for more reserved parking places for her missions is TOUGH. Touche, but the point I was trying to make was this. I don't want this to come off as a low-blow, and I'm certainly not accusing anybody here of being two-faced. But I've heard the argument before from people who say that they don't want to enter the business world, or climb the corporate ladder because they think that Corporate America is corrupt and they are more concerned with being ethical and doing good for the community. Yet many of these same people (not all, but many) do little if anything for the community that they claim to care for. Which begs the question that if you choose not to follow the rules of Big Business because you think it's evil and you are concerned with doing and being good, then why aren't you doing good works? Hmmm. I can speak only for myself here. I've not been interested in going into corporate top management because I don't enjoy the things even very good, very ethical top managers need to do. Yes, I'll wander around exchanging ideas with colleagues and keep track of what my developers are doing, but I have no interest in coming up with the latest optimization for shareholder value, for mergers and acquisitions, for untangling turf battles, etc. But I am in the business world. I know I need to do budgets and funding justifications for my own projects, and monitor schedules for my own people. I'd rather not spend all my time doing that. I enjoy individual technical mentoring. I won't say I'm quite like Steve Wozniak, who made his pile from pure engineering, and now mostly does elementary school teaching because he enjoys kids. Personally, I'm a pedophobe. At the same time, I can't ever see retiring because I have too much fun doing what I do. My community service, if you will, tends to be at a policy level -- I'm involved in privacy policy, information technology in county government, sexual rights, interdisciplinary stuff between medicine and computing. I've been a road warrior enough that I'd far rather try to grow a new herb in my garden than take a grand tour to Paris. Bad example. I've never had a good experience in Paris. London, Tokyo, or Amsterdam, maybe, but my first priority would be who takes care of the cats (Cat 1's, not 6500's. Single tail circuit, four sets of connectors, null male or female interfaces). Now, let me reiterate. The above paragraph might be construed as an attempt by me to take a shot at certain people here. Not at all. I'm just stating a phenomenom that I have seen from some people not on this NG. By the way, while Mother Teresa may not have personally had a lot of money, her practice obviously got money from somewhere. You can't feed and care for thousands without some kind of financial backing. Of course not. But she didn't have to demonstrate MBA-type skills to a corporate hierarchy to get there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60328t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Motivations for Certifications [7:60326]
At 2:39 AM + 1/5/03, The Long and Winding Road wrote: now that I've finished writing the post that I perceive is in my own best self interest, I will do what I perceive is in my own best self interest and post it. Posting it makes me feel good, content, and better able to lay my plans to obtain what is at the root of all matter. ;- Were you thinking of sex or chocolate? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60329t=60326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Your advise pls! [7:60327]
At 3:15 AM + 1/5/03, RamG wrote: Hello Group, I finished NP/DA in Oct 2000. Since then, I have been looking for job in networking. I know my drawback for being unsuccessful. It is my past experience {as Accountant} and real world experience with Cisco routers. In order to get some experience, I had setup 5 router home lab and gained little experience by practicing / solving lab exercise from Satterlee book. Even that did not help me to get entry level positions. The job market in Toronto is so bad that, I am unable to find Tech support job too. Now it is time for me to recertify {Oct}. What should, I do? I have already spent a lot of money on books/routers. I cannot spend any more on books/routers. Any advise appreciated. / RamG If I might, let me suggest an alternate job seeking strategy. Focus on what you know about high availability and security, and think about how your accounting and audit knowledge relates to it. Potentially, you have a great advantage, if you present it properly, of going to financial people and showing how they can improve their specific network security issues. The concerns for terrorism and hacking are causing organizations not otherwise hiring to be looking for employees and consultants that can help them be resistant and resilient (two distinct things) to attack. There are at least some interesting information security policy documents on the Canadian Security Intelligence Website. The RCMP is very active in security, and if you happen to know anyone there, they might help you find something (here, again, I recommend books like What Color Is Your Parachute -- how to do job networking rather than data networking). Good luck. Toronto is a great city, but I know some very good people there that are out of work. The ones I know (including CCIEs) that feel most secure, I think, are those that work in high availability. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60330t=60327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX behind DSL router [7:60307]
On Sun, 5 Jan 2003, Andy Barkl wrote: This is a double-NAT scenario. Is this possible? I have tried adding all the usual static routes for the router and PIX with no success. Any first-hand experience or ideas? 10.0.0.0---PIX---192.168.1.0---router---Internet Why do the double NAT? That's just unneeded overhead. Why not just place the PIX on two subnets and allow it to route between them? Then use the NAT on the router. I do a similar setup for my wireless behind a NAT device and an ethernet drop from the school. 192.168.100.x --- PIX --- 192.168.1.x --- router --- Internet Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60331t=60307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 515E NAT/PAT [7:60291]
Okay Mark Thanks , I will dig out with what you sent me and I will be back soon :) Ismail Al-Shelh -Original Message- From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 9:20 PM To: [EMAIL PROTECTED] Subject: RE: PIX 515E NAT/PAT [7:60291] Searching CCO's public web access will yield a wealth of information if you check it out. http://www.cisco.com/warp/public/707/29.html ... and to answer indirectly, VPN Clients will terminate (attach) their VPN tunnels to the PIX... so the outside interface address is what you would use for the VPN Clients. This means, that if you don't plan on hosting anything else behind the PIX for the world to access without a VPN connection, i.e., a web server for the public, you will automatically be doing PAT for all users behind the PIX accessing the Internet. Hence, you will only need one Public/Registered IP Address to support VPN Clients AND PAT. VPN does have something to do with the Registered IP Address, as you suspected. :) Do some reading up and get back to us if you are still confused/stuck. -Original Message- From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 7:46 AM To: [EMAIL PROTECTED] Subject: PIX 515E NAT/PAT [7:60291] I have been assigned to install and configure the PIX firewall 515E in my company, VPN clients will access our network through dialup connection, we have only two free IP addresses, one of those IP addresses will be assigned to the outside interface of firewall, the other one will be used with PAT so that inside users will be able to access the internet. The question is do I need more Registered IP address to configure as NAT instead of PAT! Or the VPN has nothing with more or less registered IP addresses? Thanks Ismail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60332t=60291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
BTW, wasn't Mother Teresa also a CCIE?! ;) From: Howard C. Berkowitz Reply-To: Howard C. Berkowitz To: [EMAIL PROTECTED] Subject: Re: CCIE Vs. BS or MS degree [7:59481] Date: Sun, 5 Jan 2003 04:33:23 GMT At 1:21 AM + 1/5/03, nrf wrote: Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 11:12 PM + 1/4/03, nrf wrote: So if it's doing public good that concerns you, then the more successful you are, the more you have to give. Let's face it - it's not going to be easy to create a charitable foundation that helps millions of people the way the Rockefeller Foundation did if you're working for minimum wage. Did I miss something about Mother Teresa's pay scale? I never said she wasn't tough. Anyone who pays a visit to the hospital bed of the then-Mayor of New York (Ed Koch) recovering from a heart attack, blesses him, and then hits on him for more reserved parking places for her missions is TOUGH.Touche, but the point I was trying to make was this.I don't want this to come off as a low-blow, and I'm certainly not accusing anybody here of being two-faced. But I've heard the argument before from people who say that they don't want to enter the business world, or climb the corporate ladder because they think that Corporate America is corrupt and they are more concerned with being ethical and doing good for the community. Yet many of these same people (not all, but many) do little if anything for the community that they claim to care for. Which begs the question that if you choose not to follow the rules of Big Business because you think it's evil and you are concerned with doing and being good, then why aren't you doing good works? Hmmm. I can speak only for myself here. I've not been interested in going into corporate top management because I don't enjoy the things even very good, very ethical top managers need to do. Yes, I'll wander around exchanging ideas with colleagues and keep track of what my developers are doing, but I have no interest in coming up with the latest optimization for shareholder value, for mergers and acquisitions, for untangling turf battles, etc. But I am in the business world. I know I need to do budgets and funding justifications for my own projects, and monitor schedules for my own people. I'd rather not spend all my time doing that. I enjoy individual technical mentoring. I won't say I'm quite like Steve Wozniak, who made his pile from pure engineering, and now mostly does elementary school teaching because he enjoys kids. Personally, I'm a pedophobe. At the same time, I can't ever see retiring because I have too much fun doing what I do. My community service, if you will, tends to be at a policy level -- I'm involved in privacy policy, information technology in county government, sexual rights, interdisciplinary stuff between medicine and computing. I've been a road warrior enough that I'd far rather try to grow a new herb in my garden than take a grand tour to Paris. Bad example. I've never had a good experience in Paris. London, Tokyo, or Amsterdam, maybe, but my first priority would be who takes care of the cats (Cat 1's, not 6500's. Single tail circuit, four sets of connectors, null male or female interfaces). Now, let me reiterate. The above paragraph might be construed as an attempt by me to take a shot at certain people here. Not at all. I'm just stating a phenomenom that I have seen from some people not on this NG.By the way, while Mother Teresa may not have personally had a lot of money, her practice obviously got money from somewhere. You can't feed and care for thousands without some kind of financial backing. Of course not. But she didn't have to demonstrate MBA-type skills to a corporate hierarchy to get there. misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60333t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Your advise pls! [7:60327]
First, send me all your routers. :-) In all seriousness, the tech job market pretty much sucks everywhere right now because it is over-saturated (in my opinion) and companies are really cutting staff to help their bottom line. I take it that you're still working as an accountant, so you still have money coming in. If you really enjoy networking and eventually want to work in this field, then by all means recertify. If you're interested, contact me offline and I'll send you some free study materials from one of the certification companies that I do work for (it's legal because I'm a co-owner of the company). Good luck! Shawn K. -Original Message- From: RamG [SMTP:[EMAIL PROTECTED]] Sent: Saturday, January 04, 2003 10:16 PM To: [EMAIL PROTECTED] Subject: Your advise pls! [7:60327] Hello Group, I finished NP/DA in Oct 2000. Since then, I have been looking for job in networking. I know my drawback for being unsuccessful. It is my past experience {as Accountant} and real world experience with Cisco routers. In order to get some experience, I had setup 5 router home lab and gained little experience by practicing / solving lab exercise from Satterlee book. Even that did not help me to get entry level positions. The job market in Toronto is so bad that, I am unable to find Tech support job too. Now it is time for me to recertify {Oct}. What should, I do? I have already spent a lot of money on books/routers. I cannot spend any more on books/routers. Any advise appreciated. / RamG -- -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60334t=60327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Motivations for Certifications [7:60326]
Chuck wrote: someone else I knew long ago used to say that at the root of all matter was our sex drive. we act in the manner which we perceive will get us regular physical contact and satisfaction. nrf wrote: So if that's the real and honest battlefield that I'm fighting on, Chuck counters: nope - that's the perceived battlefield. you perceive that it is in your best self interest to continue this discussion, to further your points, to take your position and defend it against all comers. My question is that if nrf continues this thread, I fail to see how it will get him laid. :-) Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60335t=60326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Motivations for Certifications [7:60326]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 2:39 AM + 1/5/03, The Long and Winding Road wrote: now that I've finished writing the post that I perceive is in my own best self interest, I will do what I perceive is in my own best self interest and post it. Posting it makes me feel good, content, and better able to lay my plans to obtain what is at the root of all matter. ;- Were you thinking of sex or chocolate? She Who Must Be Obeyed tells me the former is most probable with generous gifts of the latter ;- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60336t=60326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]