Re: MAC Address [7:62251]
Larry Letterman wrote: > > In most cases you will only re-write the source mac address > when traversing > across a L3 device. I don't think that's so. A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. > If you go across a layer 2 network, all > the mac address's > would typically be part of the same broadcast domain and not > need to be changed. > > If you go across a T1 or Frame it will still be mapped to or > have an assigned IP Address > that constitutes a layer 3 hop and write its mac address in > the frame. > > However if I am wrong here, Priscilla or Howard or Chuck > will let me know...:) > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: "Cisco Newbie" > To: > Sent: Friday, January 31, 2003 11:42 AM > Subject: RE: MAC Address [7:62251] > > > > First, thanks for all that responded. One clarification > that I need address > > is the following: > > > > If I cross a L3 router and the outgoing interface is > something other than > > Ethernet, will the L2 frame show a new MAC address? In > other words, if my > > outgoing interface is say T1 PPP or even a dial-up, should > I be seeing a new > > MAC address? > > > > Is it only when I cross a L3 device AND my outgoing > interface is a share > > medium like Ethernet that a new MAC address will be placed > on the frame? > > > > Thanks. > > > > > > > > - > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now > [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62354&t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
difference between Connection trunk, Connection Tie-Line [7:62355]
Hi Folks, Can anyone please explain the difference between using Connection Trunk and Connection Tie-Line as applied to a FXO to FXS connection between two routers.Any good Cisco Links explaining the differences will be great. Thanks, Neil I. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62355&t=62355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aux port to Console, Console to Aux [7:62356]
Is it possible to setup a Auxiliary to Console port or Console to Auxiliary port configuration? Thanx, mkj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62356&t=62356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Self-Employment [7:62357]
Any CCIEs on the list in business for themselves? What's the money like, what sort of companies do you work for? Do you do short-term or long term contracts? Hourly work? Thanks, -- Jason Greenberg, CCIE #11021 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62357&t=62357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3640 and 2 NM-2FE-2W? [7:62346]
Try 12.2T releases, maybe that can solve your problem. These kind of things can always happen when dealing with new IOS releases, new softwares always mean new bugs. "MADMAN" cc: (bcc: NECATI ERTUGRUL/FINANSBANK) Sent by: Subject: Re: 3640 and 2 NM-2FE-2W? [7:62346] nobody@groupst udy.com 03.02.2003 17:39 Please respond to "MADMAN" According to this table you should be able to install 4! http://www.cisco.com/en/US/customer/products/hw/routers/ps274/products_data_sheet09186a00800921cb.html Dave Ben Hockenhull wrote: > I've got a 3640 running 12.2.x software and currently have one NM-2FE-2W > installed, with 2 WICs in it. I tried to install another NM-2FE-2W and > use the WIC slots in that NM as well, but none of the interfaces show up. > > I can't find any documentation one way or another about support for > multiple NM2-FE-2Ws in a 3640. Anyone know if this is supported? > > I'm not concerned about overutilizing the backplane with 4 FE interfaces, > as I won't use all 4. > > Ben > > -- > Ben Hockenhull > [EMAIL PROTECTED] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62359&t=62346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Gateway and Firewall [7:62358]
Hi all, A have a Checkpoint FW-1 and a VPN concentrator in a new design. Where is the best place to put the VPN concentrator related to firewall? a) before the firewall (in the outside network) b) after the firewall(in the inside network) c) in parallel with the firewall d) in a separated firewall interface Paulo -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62358&t=62358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Gateway and Firewall [7:62358]
Inside the firewall. I haven;t worked with the concentrators before, but have used Cisco rotuer for RAS VPN. All it needs is one interface for this fucntion, real nice. Putting it behind FW ensures only stateful TCP sessions are used and protects it from outsiders. ""Paulo Roque"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > > > A have a Checkpoint FW-1 and a VPN concentrator in a new design. > > Where is the best place to put the VPN concentrator related to firewall? > > > > a) before the firewall (in the outside network) > > b) after the firewall(in the inside network) > > c) in parallel with the firewall > > d) in a separated firewall interface > > > > > > Paulo > > > -- > Eng. Paulo Roque > Network Engineer > Cisco Certified Network Associate > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62360&t=62358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Gateway and Firewall [7:62358]
You may want to consider the concentrator in a dual DMZ scenario. The benefit of putting it in a dual DMZ scenario is not only can you control the outside access, you can also control the resources a remote can see in the inside once a tunnel is established. If you place it behind the firewall, once the remote has a tunnel they have complete access to your inside network. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62363&t=62358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bridging over WAN link [7:62362]
Lets say I have 1 office that I will be connecting to another via t1 link. I want to use only 1 subnet so basically I want the 2 offices to behave as if they are switched not routed. Is this possible with Cisco routers? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62362&t=62362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Thanks Gary [7:62364]
In case anyone didn't hear yet, Gary's gonna be out of the office for another week. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62364&t=62364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bridging over WAN link [7:62362]
Sam Sneed wrote: > Lets say I have 1 office that I will be connecting to another via t1 link. I > want to use only 1 subnet so basically I want the 2 offices to behave as if > they are switched not routed. Is this possible with Cisco routers? Sure. Look at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.htm (Transparent Bridging). Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62365&t=62362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
List Problem [7:62366]
On groupstudy.com I can post via the website but not via email or a newsreader. Even when I send a directed email to Paul or any other address @grouptudy.com, I get an access denied message. Paul, if you see this can you tell me why? Richard Burdette Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62366&t=62366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS5300 Error Message [7:62361]
I'm configuring an AS5300 and receiving the following message: 02:00:35: %SHELF-3-DISCOVER_SOCKET_OPEN: socket open failed -Process= "Shelf Hello Proc", ipl= 0, pid= 35 -Traceback= 607D4C2C 602D4374 602D4360 Cisco's website states: %SHELF-3-DISCOVER_SOCKET_OPEN: socket open failed Explanation: An internal software error has occurred. Recommended Action: Copy the error message exactly as it appears on the console or in the system log, contact your Cisco technical support representative, and provide the representative with the gathered information. I have initiated a TAC case with Cisco, but was wondering if any of you have received this message before and what you found out. Thanks, Shawn G. Kaminski EDS - GTO Capability Center Dow Chemical Test Facilities - Network Support Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62361&t=62361 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
s vermill wrote: > > Larry Letterman wrote: > > > > In most cases you will only re-write the source mac address > > when traversing > > across a L3 device. > > I don't think that's so. Did you misplace your comment? I think his first comment is correct, but then a following one is strangely worded. See below. > A host will have an ARP cache entry > for its gateway. That would be the destination MAC. The > source MAC would be that of the sending host itself. Using its > own ARP cache, the gateway would re-write both the source and > destination MAC if the destination was, in fact, directly > attached to (or reachable via) another Ethernet interface. > If > not, and the packet needed to cross some serial WAN link, both > MACs would simply be stripped off. Every L3 device strips off > source and dest. MAC at ingress. Whether or not a new source > and dest. MAC is encapsulated around the IP packet depends on > whether or not the destination is reachable via another > Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) > > > If you go across a layer 2 network, all > > the mac address's > > would typically be part of the same broadcast domain and not > > need to be changed. > > > > If you go across a T1 or Frame it will still be mapped to or > > have an assigned IP Address > > that constitutes a layer 3 hop and write its mac address in > > the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared "in the cloud." The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla > > > > However if I am wrong here, Priscilla or Howard or Chuck > > will let me know...:) > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > > > > > - Original Message - > > From: "Cisco Newbie" > > To: > > Sent: Friday, January 31, 2003 11:42 AM > > Subject: RE: MAC Address [7:62251] > > > > > > > First, thanks for all that responded. One clarification > > that I need address > > > is the following: > > > > > > If I cross a L3 router and the outgoing interface is > > something other than > > > Ethernet, will the L2 frame show a new MAC address? In > > other words, if my > > > outgoing interface is say T1 PPP or even a dial-up, should > > I be seeing a new > > > MAC address? > > > > > > Is it only when I cross a L3 device AND my outgoing > > interface is a share > > > medium like Ethernet that a new MAC address will be placed > > on the frame? > > > > > > Thanks. > > > > > > > > > > > > - > > > Do you Yahoo!? > > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now > > [EMAIL PROTECTED] > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62368&t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: CCIE Self-Employment [7:62367]
Yes. Money will depend on your skill level with both Cisco and other products as well, such as Unix, NW, MS, etc. It could be $30/hour, could be $100. Location is probably almost as important. NYC pays pretty well, but it cost's $50 to park a car for 4 hours! The thing about consulting like this is you need be a salesperson at times. Personally, I hate salespeople, and therefore don't make a good one myself. There's also more responsibility, as far as finding your own insurance, paying taxes, etc. If you can find a headhunter who will place you as a 1099 employee, that's usually pretty good, but I haven't heard from my headhunter in months :(I was on an indefinite project for a year, but that ended when they outsourced. Since then it's all been small projects, mostly complicated installs involving layer 3 switching. It's a tough market, and getting a name for yourself can be difficult. Personally, I'm looking for a full time position now. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: "Jay Greenberg" To: ; Sent: Monday, February 03, 2003 12:14 PM Subject: CCIE Self-Employment > Any CCIEs on the list in business for themselves? What's the money > like, what sort of companies do you work for? Do you do short-term or > long term contracts? Hourly work? > > Thanks, > > -- > Jason Greenberg, CCIE #11021 > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62367&t=62367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
specific MIBs on Cat 6509 [7:62370]
I am looking for some snmp OIDs or MIBs that I can incorporate into my network management that will give me specific port counters - errors, overall throughput per port and things like that. I have tried Cisco's site but cannot seem to find them. Any ideas? Thanks. Jeff _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62370&t=62370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Self-Employment [7:62367]
The 1099 is an easy way to go but you lose out on a lot of tax breaks. I'm a 1099 now and am kicking myself in the ass for not setting up as small business. I'm working in NYC now. $6 just to take the bridge into NYC from jersey and $25 day parking. Never mind 40 minutes each way traffic to commute 10 miles. If you're set up as a small business you have more flexiblity in writing off expenses like these. ""Chuck Church"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes. Money will depend on your skill level with both Cisco and other > products as well, such as Unix, NW, MS, etc. It could be $30/hour, could be > $100. Location is probably almost as important. NYC pays pretty well, but > it cost's $50 to park a car for 4 hours! The thing about consulting like > this is you need be a salesperson at times. Personally, I hate salespeople, > and therefore don't make a good one myself. There's also more > responsibility, as far as finding your own insurance, paying taxes, etc. If > you can find a headhunter who will place you as a 1099 employee, that's > usually pretty good, but I haven't heard from my headhunter in months > :(I was on an indefinite project for a year, but that ended when they > outsourced. Since then it's all been small projects, mostly complicated > installs involving layer 3 switching. It's a tough market, and getting a > name for yourself can be difficult. Personally, I'm looking for a full time > position now. > > Chuck Church > CCIE #8776, MCNE, MCSE > > > - Original Message - > From: "Jay Greenberg" > To: ; > Sent: Monday, February 03, 2003 12:14 PM > Subject: CCIE Self-Employment > > > > Any CCIEs on the list in business for themselves? What's the money > > like, what sort of companies do you work for? Do you do short-term or > > long term contracts? Hourly work? > > > > Thanks, > > > > -- > > Jason Greenberg, CCIE #11021 > > > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62371&t=62367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
Priscilla Oppenheimer wrote: > > s vermill wrote: > > > > Larry Letterman wrote: > > > > > > In most cases you will only re-write the source mac address > > > when traversing > > > across a L3 device. > > > > I don't think that's so. > > Did you misplace your comment? No. I disagree that a source MAC re-write would be all that takes place when crossing a L3 device. Host A, sending to an off-subnet Host B, would use its own MAC as the source and the L3 device interface MAC as the destination. The L3 device strips both at ingress. If, in fact, the destination is on a directly attached shared medium, the source MAC is re-writen to that of the egress interface. The destination MAC is whatever the L3 device has in the ARP cache for Host B. Both source and destination MACs change when crossing a L3 device. Doesn't it sound like Larry is saying that the source MAC is all that changes and not the destination MAC? Or maybe I just took that wrong? I think his first comment is > correct, but then a following one is strangely worded. See below > > > A host will have an ARP cache entry > > for its gateway. That would be the destination MAC. The > > source MAC would be that of the sending host itself. Using > its > > own ARP cache, the gateway would re-write both the source and > > destination MAC if the destination was, in fact, directly > > attached to (or reachable via) another Ethernet interface. > > If > > not, and the packet needed to cross some serial WAN link, both > > MACs would simply be stripped off. Every L3 device strips off > > source and dest. MAC at ingress. Whether or not a new source > > and dest. MAC is encapsulated around the IP packet depends on > > whether or not the destination is reachable via another > > Ethernet interface. > > Or Token Ring, FDDI, LocalTalk. :-) > > > > > > If you go across a layer 2 network, all > > > the mac address's > > > would typically be part of the same broadcast domain and not > > > need to be changed. > > > > > > If you go across a T1 or Frame it will still be mapped to or > > > have an assigned IP Address > > > that constitutes a layer 3 hop and write its mac address in > > > the frame. > > Here's where he went astray. As I mentioned earlier, a serial > interface doesn't have a MAC address and the data-link-layer > protocols used across serial interfaces don't have MAC > addresses in them. > > The sentence isn't parsable, (sorry Larry!) but may indicate > some additional misunderstanding. The fact that the next hop > has a Layer 3 address isn't of major significance when talking > about forwarding traffic and the addresses that end up in the > forwarded packet. The IP addresses don't change end-to-end. MAC > addresses on LANs change, hop by hop. WANs don't have MAC > addresses. > > Yes, routing protocols exchange next hop info using IP > addresses. So, if we're considering Ethernet, at some point the > source router must have found out the MAC address of the > destination router using ARP. The router will put its own MAC > address in the source field and the destination (next hop) > router's MAC address in the destination field. > > In the case of a T1 point-to-point link, a MAC address isn't > necessary since it's not a shared medium and there's no need to > identify which station should receive the frame. There is only > one other station! > > Now, Frame Relay is shared "in the cloud." The DLCI would help > the L2 switches in the cloud forward the frame correctly. > Inverse ARP would help the router map a L3 next hop address to > a DLCI, if I understand it correctly. > > Priscilla > > > > > > > > > However if I am wrong here, Priscilla or Howard or Chuck > > > will let me know...:) > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > > > > > > - Original Message - > > > From: "Cisco Newbie" > > > To: > > > Sent: Friday, January 31, 2003 11:42 AM > > > Subject: RE: MAC Address [7:62251] > > > > > > > > > > First, thanks for all that responded. One clarification > > > that I need address > > > > is the following: > > > > > > > > If I cross a L3 router and the outgoing interface is > > > something other than > > > > Ethernet, will the L2 frame show a new MAC address? In > > > other words, if my > > > > outgoing interface is say T1 PPP or even a dial-up, should > > > I be seeing a new > > > > MAC address? > > > > > > > > Is it only when I cross a L3 device AND my outgoing > > > interface is a share > > > > medium like Ethernet that a new MAC address will be placed > > > on the frame? > > > > > > > > Thanks. > > > > > > > > > > > > > > > > - > > > > Do you Yahoo!? > > > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now > > > [EMAIL PROTECTED] > > > > > > > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62372&t=62251 -- FAQ, list archives, and subscription info: http:
Cisco IPSec Tunnel Lifetime [7:62374]
Hi, Is it possible to configure the IPSec tunnel never expired on Cisco PIX? A little bit weird, and we got such interesting request. Thanks. Leo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62374&t=62374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Possibly duable with NAT? [7:62373]
I would like to know if is possible to do the following: I have a router that is currently doing NAT. I have a client who is trying to access an inside routable IP address of x.x.x.80 on a specific port. I need to be able to redirect the clients request to a different IP that sits behind a firewall on my LAN. Is this possible via NAT? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62373&t=62373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
s vermill wrote: > > Priscilla Oppenheimer wrote: > > > > s vermill wrote: > > > > > > Larry Letterman wrote: > > > > > > > > In most cases you will only re-write the source mac > address > > > > when traversing > > > > across a L3 device. > > > > > > I don't think that's so. > > > > Did you misplace your comment? > > No. I disagree that a source MAC re-write would be all that > takes place when crossing a L3 device. Host A, sending to an > off-subnet Host B, would use its own MAC as the source and the > L3 device interface MAC as the destination. The L3 device > strips both at ingress. If, in fact, the destination is on a > directly attached shared medium, the source MAC is re-writen to > that of the egress interface. The destination MAC is whatever > the L3 device has in the ARP cache for Host B. Both source and > destination MACs change when crossing a L3 device. Doesn't it > sound like Larry is saying that the source MAC is all that > changes and not the destination MAC? Or maybe I just took that > wrong? I think that maybe Larry was saying that the only time it would be *necessary* to change the source MAC is when traversing a L3 device. He isn't necessarily saying that only the source MAC would change when crossing one. Sorry Larry. I think that was a mis-read on my part. > > I think his first comment is > > correct, but then a following one is strangely worded. See > below > > > > > A host will have an ARP cache entry > > > for its gateway. That would be the destination MAC. The > > > source MAC would be that of the sending host itself. Using > > its > > > own ARP cache, the gateway would re-write both the source > and > > > destination MAC if the destination was, in fact, directly > > > attached to (or reachable via) another Ethernet interface. > > > If > > > not, and the packet needed to cross some serial WAN link, > both > > > MACs would simply be stripped off. Every L3 device strips > off > > > source and dest. MAC at ingress. Whether or not a new > source > > > and dest. MAC is encapsulated around the IP packet depends > on > > > whether or not the destination is reachable via another > > > Ethernet interface. > > > > Or Token Ring, FDDI, LocalTalk. :-) > > > > > > > > > If you go across a layer 2 network, all > > > > the mac address's > > > > would typically be part of the same broadcast domain and > not > > > > need to be changed. > > > > > > > > If you go across a T1 or Frame it will still be mapped to > or > > > > have an assigned IP Address > > > > that constitutes a layer 3 hop and write its mac address > in > > > > the frame. > > > > Here's where he went astray. As I mentioned earlier, a serial > > interface doesn't have a MAC address and the data-link-layer > > protocols used across serial interfaces don't have MAC > > addresses in them. > > > > The sentence isn't parsable, (sorry Larry!) but may indicate > > some additional misunderstanding. The fact that the next hop > > has a Layer 3 address isn't of major significance when talking > > about forwarding traffic and the addresses that end up in the > > forwarded packet. The IP addresses don't change end-to-end. > MAC > > addresses on LANs change, hop by hop. WANs don't have MAC > > addresses. > > > > Yes, routing protocols exchange next hop info using IP > > addresses. So, if we're considering Ethernet, at some point > the > > source router must have found out the MAC address of the > > destination router using ARP. The router will put its own MAC > > address in the source field and the destination (next hop) > > router's MAC address in the destination field. > > > > In the case of a T1 point-to-point link, a MAC address isn't > > necessary since it's not a shared medium and there's no need > to > > identify which station should receive the frame. There is only > > one other station! > > > > Now, Frame Relay is shared "in the cloud." The DLCI would help > > the L2 switches in the cloud forward the frame correctly. > > Inverse ARP would help the router map a L3 next hop address to > > a DLCI, if I understand it correctly. > > > > Priscilla > > > > > > > > > > > > > > However if I am wrong here, Priscilla or Howard or Chuck > > > > will let me know...:) > > > > > > > > Larry Letterman > > > > Network Engineer > > > > Cisco Systems > > > > > > > > > > > > - Original Message - > > > > From: "Cisco Newbie" > > > > To: > > > > Sent: Friday, January 31, 2003 11:42 AM > > > > Subject: RE: MAC Address [7:62251] > > > > > > > > > > > > > First, thanks for all that responded. One clarification > > > > that I need address > > > > > is the following: > > > > > > > > > > If I cross a L3 router and the outgoing interface is > > > > something other than > > > > > Ethernet, will the L2 frame show a new MAC address? In > > > > other words, if my > > > > > outgoing interface is say T1 PPP or even a dial-up, > should > > > > I be seeing a new > > > > > MAC address? > > > > > > > > > > Is it o
Re: specific MIBs on Cat 6509 [7:62370]
In mail.net.groupstudy.pro, you wrote: > I am looking for some snmp OIDs or MIBs that I can incorporate into my > network management that will give me specific port counters - errors, > overall throughput per port and things like that. I have tried Cisco's site > but cannot seem to find them. Any ideas? Thanks. You'll find what's supported at . Walk around in ../oid and ../v2 to get a look at the schemas and the oids. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62377&t=62370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
kismet [7:62376]
Sitting in a class. It would be very cool if someone answered this before the class got out!? :-) Is it really true that Kismet can sniff packets on an 802.11 wireless network, even if you have the access point set up to require login/authentication. (assume the hacker doesn't know a login) >From what I know about access points, the hacker would fail to associate with the access point, and hence could not see traffic. Thanks, Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62376&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
s vermill wrote: > > s vermill wrote: > > > > Priscilla Oppenheimer wrote: > > > > > > s vermill wrote: > > > > > > > > Larry Letterman wrote: > > > > > > > > > > In most cases you will only re-write the source mac > > address > > > > > when traversing > > > > > across a L3 device. > > > > > > > > I don't think that's so. > > > > > > Did you misplace your comment? > > > > No. I disagree that a source MAC re-write would be all that > > takes place when crossing a L3 device. Host A, sending to an > > off-subnet Host B, would use its own MAC as the source and the > > L3 device interface MAC as the destination. The L3 device > > strips both at ingress. If, in fact, the destination is on a > > directly attached shared medium, the source MAC is re-writen > to > > that of the egress interface. The destination MAC is whatever > > the L3 device has in the ARP cache for Host B. Both source > and > > destination MACs change when crossing a L3 device. Doesn't it > > sound like Larry is saying that the source MAC is all that > > changes and not the destination MAC? Or maybe I just took > that > > wrong? > > I think that maybe Larry was saying that the only time it would > be *necessary* to change the source MAC is when traversing a L3 > device. That's how I read it. (He was comparing it to a L2 device.) The word "only" is an evil word that editors hate. :-) P. > He isn't necessarily saying that only the source MAC > would change when crossing one. Sorry Larry. I think that was > a mis-read on my part. > > > > > I think his first comment is > > > correct, but then a following one is strangely worded. See > > below > > > > > > > A host will have an ARP cache entry > > > > for its gateway. That would be the destination MAC. The > > > > source MAC would be that of the sending host itself. > Using > > > its > > > > own ARP cache, the gateway would re-write both the source > > and > > > > destination MAC if the destination was, in fact, directly > > > > attached to (or reachable via) another Ethernet > interface. > > > > If > > > > not, and the packet needed to cross some serial WAN link, > > both > > > > MACs would simply be stripped off. Every L3 device strips > > off > > > > source and dest. MAC at ingress. Whether or not a new > > source > > > > and dest. MAC is encapsulated around the IP packet depends > > on > > > > whether or not the destination is reachable via another > > > > Ethernet interface. > > > > > > Or Token Ring, FDDI, LocalTalk. :-) > > > > > > > > > > > > If you go across a layer 2 network, all > > > > > the mac address's > > > > > would typically be part of the same broadcast domain and > > not > > > > > need to be changed. > > > > > > > > > > If you go across a T1 or Frame it will still be mapped > to > > or > > > > > have an assigned IP Address > > > > > that constitutes a layer 3 hop and write its mac address > > in > > > > > the frame. > > > > > > Here's where he went astray. As I mentioned earlier, a > serial > > > interface doesn't have a MAC address and the data-link-layer > > > protocols used across serial interfaces don't have MAC > > > addresses in them. > > > > > > The sentence isn't parsable, (sorry Larry!) but may indicate > > > some additional misunderstanding. The fact that the next > hop > > > has a Layer 3 address isn't of major significance when > talking > > > about forwarding traffic and the addresses that end up in > the > > > forwarded packet. The IP addresses don't change end-to-end. > > MAC > > > addresses on LANs change, hop by hop. WANs don't have MAC > > > addresses. > > > > > > Yes, routing protocols exchange next hop info using IP > > > addresses. So, if we're considering Ethernet, at some point > > the > > > source router must have found out the MAC address of the > > > destination router using ARP. The router will put its own > MAC > > > address in the source field and the destination (next hop) > > > router's MAC address in the destination field. > > > > > > In the case of a T1 point-to-point link, a MAC address isn't > > > necessary since it's not a shared medium and there's no need > > to > > > identify which station should receive the frame. There is > only > > > one other station! > > > > > > Now, Frame Relay is shared "in the cloud." The DLCI would > help > > > the L2 switches in the cloud forward the frame correctly. > > > Inverse ARP would help the router map a L3 next hop address > to > > > a DLCI, if I understand it correctly. > > > > > > Priscilla > > > > > > > > > > > > > > > > > > > However if I am wrong here, Priscilla or Howard or Chuck > > > > > will let me know...:) > > > > > > > > > > Larry Letterman > > > > > Network Engineer > > > > > Cisco Systems > > > > > > > > > > > > > > > - Original Message - > > > > > From: "Cisco Newbie" > > > > > To: > > > > > Sent: Friday, January 31, 2003 11:42 AM > > > > > Subject: RE: MAC Address [7:62251] > > > > > > > > > > > > > > > > First, thanks for all
Nat question [7:62379]
Hi all, I have the following config and want to know if there will be a problem since two route-maps point to the same pool? If I get a successful FTP connection and then try the HTTP connection the router drops the packet. Can a pool only be used by one nat statement? ip nat pool to-home 208.248.24.37 208.248.24.37 prefix-length 24 ip nat inside source route-map map1 pool to-home overload ip nat inside source route-map map2 pool to-home overload access-list 108 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq ftp access-list 125 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq www route-map map1 permit 10 match ip address 108 ! route-map map2 permit 10 match ip address 125 *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | -- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62379&t=62379 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IPSec Tunnel Lifetime [7:62374]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The isakmp policy 10 lifetime XXX lifetime seconds Specify how many seconds each security association should exist before expiring. Use an integer from 120 to 86,400 seconds (one day). Acording to doccd Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Leo Song Verzonden: maandag 3 februari 2003 21:33 Aan: [EMAIL PROTECTED] Onderwerp: Cisco IPSec Tunnel Lifetime [7:62374] Hi, Is it possible to configure the IPSec tunnel never expired on Cisco PIX? A little bit weird, and we got such interesting request. Thanks. Leo Version: PGP 8.0 iQA/AwUBPj7YiXdq56XWk+VyEQJTlwCghOjRztt137gVr2diEvactz4VikkAoKsa HVpC4aQ7MX3chuIc7xPxIGqB =OHQt -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62380&t=62374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kismet [7:62376]
Priscilla Oppenheimer wrote: > > Sitting in a class. It would be very cool if someone answered > this before the class got out!? :-) > > Is it really true that Kismet can sniff packets on an 802.11 > wireless network, even if you have the access point set up to > require login/authentication. (assume the hacker doesn't know a > login) > > From what I know about access points, the hacker would fail to > associate with the access point, and hence could not see traffic. > > Thanks, > > Priscilla If I understand the question, I don't see why a wireless sniffer would need to associate to an AP. It's pulling data off the airways similar to a NIC in promiscuous mode on a hard-wired network. Unless the data is encrypted, it's available to any wireless sniffer. Sort of like a police scanner. But I sense there is more to the question... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62381&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Possibly duable with NAT? [7:62373]
See my old post. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does not work. Pls state the tcp port you want map per internal ip As in (off the top of m hat) ip nat inside source static tcp 10.22.5.4 25 209.10.248.134 25 ip nat inside source static tcp 10.22.5.5 80 209.10.248.134 80 Can also use interface ethernet1 or dialer1 as in ip nat inside source static tcp 10.22.5.4 25 interface dialer1 25 Ofcourse introduced after somewhere 11.2??? Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Router Kid Verzonden: zaterdag 1 februari 2003 15:47 Aan: [EMAIL PROTECTED] Onderwerp: NAT QUESTION [7:62313] Please can someone tell me if multiple Private Static IPs can be NAT'ed to one Public IP address. when i try to did that it gave me an error " Router(config)#ip nat inside source static 10.22.5.5 209.10.248.x % 209.10.248.x already mapped (10.22.5.4 -> 209.10.248.x) - -- This is what i am trying to acheive. ip nat inside source static 10.22.5.4 209.10.248.134 ip nat inside source static 10.22.5.5 209.10.248.134 (want to add this entry) Thanks in Advance! Version: PGP 8.0 iQA/AwUBPjvvE3dq56XWk+VyEQIltgCeO+LWICqQGRAqYS0ZADucixLEURMAoKvo 0pzzIySMB3sPOly/XK+nwhB2 =u8LN -END PGP SIGNATURE- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Cisco Newbie Verzonden: maandag 3 februari 2003 21:27 Aan: [EMAIL PROTECTED] Onderwerp: Possibly duable with NAT? [7:62373] I would like to know if is possible to do the following: I have a router that is currently doing NAT. I have a client who is trying to access an inside routable IP address of x.x.x.80 on a specific port. I need to be able to redirect the clients request to a different IP that sits behind a firewall on my LAN. Is this possible via NAT? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62382&t=62373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and Trunk [7:62383]
Hi all, Does PIX support VLAN trunk? Paulo -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62383&t=62383 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and Trunk [7:62383]
No, PIX doesn't support subinterfaces or secondary interfaces either. Subinterfaces are required for trunking on routers. ""Paulo Roque"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Does PIX support VLAN trunk? > > Paulo > > > -- > Eng. Paulo Roque > Network Engineer > Cisco Certified Network Associate > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62384&t=62383 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Self-Employment [7:62367]
I found links below helpful in considering forms of self-employment. The Contract Employee's Handbook http://www.cehandbook.com/ P.A.C.E. - Professional Association of Contract Employees, http://www.pacepros.com/ -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "Sam Sneed" To: Sent: Monday, February 03, 2003 3:07 PM Subject: Re: CCIE Self-Employment [7:62367] > The 1099 is an easy way to go but you lose out on a lot of tax breaks. I'm a > 1099 now and am kicking myself in the ass for not setting up as small > business. > I'm working in NYC now. $6 just to take the bridge into NYC from jersey and > $25 day parking. Never mind 40 minutes each way traffic to commute 10 miles. > If you're set up as a small business you have more flexiblity in writing off > expenses like these. > > ""Chuck Church"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Yes. Money will depend on your skill level with both Cisco and other > > products as well, such as Unix, NW, MS, etc. It could be $30/hour, could > be > > $100. Location is probably almost as important. NYC pays pretty well, > but > > it cost's $50 to park a car for 4 hours! The thing about consulting like > > this is you need be a salesperson at times. Personally, I hate > salespeople, > > and therefore don't make a good one myself. There's also more > > responsibility, as far as finding your own insurance, paying taxes, etc. > If > > you can find a headhunter who will place you as a 1099 employee, that's > > usually pretty good, but I haven't heard from my headhunter in months > > :(I was on an indefinite project for a year, but that ended when they > > outsourced. Since then it's all been small projects, mostly complicated > > installs involving layer 3 switching. It's a tough market, and getting a > > name for yourself can be difficult. Personally, I'm looking for a full > time > > position now. > > > > Chuck Church > > CCIE #8776, MCNE, MCSE > > > > > > - Original Message - > > From: "Jay Greenberg" > > To: ; > > Sent: Monday, February 03, 2003 12:14 PM > > Subject: CCIE Self-Employment > > > > > > > Any CCIEs on the list in business for themselves? What's the money > > > like, what sort of companies do you work for? Do you do short-term or > > > long term contracts? Hourly work? > > > > > > Thanks, > > > > > > -- > > > Jason Greenberg, CCIE #11021 > > > > > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62385&t=62367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VLAN Help-Group Study [7:62293]
Emile, Since a trunk link carries multiple VLANs, each packet needs to be tagged with the VLAN it originates from. You need to tell the switch which form of encapsulation you're using so that it can tag the packets before sending them to the router over the trunk link. Also, when the router sends the packets back to the switch it will tag them with their destination VLAN so that the switch knows which VLAN they should go to. Since both ends of the link need to understand which form of encapsulation is being used, both ends need to be configured with that info. The native VLAN of a trunk port is the VLAN that it reverts to when trunking goes down. Its usually a good idea to set this to whatever VLAN you need to use to get to the switch remotely if that happens (generally the management VLAN). Otherwise you have to hook up to the console port to troubleshoot the switch. Basically, that that means you should be able to connect to the switch's IP address via telnet without having to go through a router since the trunk link can't pass traffic from any other VLAN except the native one if trunking is down. One last thing, its not a good idea to enable Portfast on any port that you KNOW connects to a router, another switch, or a hub. Enable it only on a port that connects to an end node. Portfast bypasses the usual spanning tree stuff to speed up the initial connection. Normally, any link to a router, switch, or hub will be up all the time so spanning tree isn't a problem. Portfast is designed to overcome the problem that computers have with connecting when the port is blocked due to spanning tree going through its paces. I hope that this helps. Let me know if there's anything else I can help with. Karen *** REPLY SEPARATOR *** On 2/3/2003 at 12:04 AM Emile Harding wrote: >Ok Karen,Let me make sure I understand you correctly.thank you for your >help >in advanced > >This config is what I have on the switch,I have no VLAN attached to it. >I understand all your point except your second one.I thought ISL was >programmed on the router end and not in the switch.I do have trunking >enabled on the switch.Could you please correct any configs I may have in >the >switch and the router and let me know what they are > >I am assuming the following command lets me know I am using VLAN 3.correct > >switchport trunk native 3 > > >interface FastEthernet0/16 >>switchport mode trunk >>spanning-tree portfast > > > > > > > >>From: "Karen E Young" >>Reply-To: [EMAIL PROTECTED] >>To: "Emile Harding" >>CC: [EMAIL PROTECTED] >>Subject: Re: Cisco VLAN Help-Group Study [7:62293] >>Date: Fri, 31 Jan 2003 18:45:00 -0800 >>MIME-Version: 1.0 >>Received: from mclean.mail.mindspring.net ([207.69.200.57]) by >>mc5-f13.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 31 >Jan >>2003 18:45:57 -0800 >>Received: from user-2ini8mv.dialup.mindspring.com ([165.121.34.223] >>helo=sparky)by mclean.mail.mindspring.net with esmtp (Exim 3.33 #1)id >>18enfE-0002R9-00; Fri, 31 Jan 2003 21:45:53 -0500 >>X-Message-Info: dHZMQeBBv44lPE7o4B5bAg== >>Message-ID: >>In-Reply-To: >>References: >>X-Mailer: Calypso Version 3.30.00.00 (4) >>Return-Path: [EMAIL PROTECTED] >>X-OriginalArrivalTime: 01 Feb 2003 02:45:57.0798 (UTC) >>FILETIME=[0C48E460:01C2C99C] >> >>Emile, >> >>Here's what I see right off hand... >> >>1) You aren't trunking. The switch isn't set up for it. >> >>Pick a port to connect the switch to the router with and configure it to >>trunk. Make sure that it isn't set up with a VLAN as this can interfer >>witht eh trunking. >>Example, if you want FE0/1 to be your trunk and its native VLAN to be >VLAN >>3: >> >>interface FastEthernet0/1 >> switchport trunk encapsulation isl >> switchport mode trunk >> switchport trunk native 3 >> >>this set ts the default (non-trunking) vlan of the port to VLAN 3, sets >the >>trunking encfapsulation to ISL, and tells the port to act as a trunk with >>the configured encapsulation. >> >>2) You're set up up to run each VLAN into the router via separate links. >>Kind of negates the idea of using trunking doesn't it? See #1 >>3) Your switch's IP address is on one of your production VLANs. Not a >good >>idea since high traffic can swamp out control and management traffic >>between the various switches and the router. >> >> >> >>*** REPLY SEPARATOR *** >> >>On 2/1/2003 at 12:25 AM Emile Harding wrote: >> >> >I am having a problem getting two VLANS to work.Help, I can't ping >> >I am using ISL as my trunking protocol.As far as I know you have to >>enable >> >trunking on the switch and use one of the trunking protocols on the >> >router(which I choose ISL)..Please help me and if I have any configs >> >wrong,please let me know. >> > >> >I have a Cisco Catalyst 2900 XL Switch and a Cisco 2600 router >> >with two >> >fastethernet ports. >> > >> >I have the configs for the router and the switch below. >> >I have spanning-tree enabled and I am using VTP i
RE: kismet [7:62376]
A completely passive attack can capture data and derive a WEP key without an association. This is the real issue with WEP encryption and wireless networks. A wireless network card and AirSnort or Ethereal will get you the same result. -Original Message- From: s vermill [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 2:03 PM To: [EMAIL PROTECTED] Subject: RE: kismet [7:62376] Priscilla Oppenheimer wrote: > > Sitting in a class. It would be very cool if someone answered > this before the class got out!? :-) > > Is it really true that Kismet can sniff packets on an 802.11 > wireless network, even if you have the access point set up to > require login/authentication. (assume the hacker doesn't know a > login) > > From what I know about access points, the hacker would fail to > associate with the access point, and hence could not see traffic. > > Thanks, > > Priscilla If I understand the question, I don't see why a wireless sniffer would need to associate to an AP. It's pulling data off the airways similar to a NIC in promiscuous mode on a hard-wired network. Unless the data is encrypted, it's available to any wireless sniffer. Sort of like a police scanner. But I sense there is more to the question... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62387&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kismet [7:62376]
Priscilla Oppenheimer wrote: > > Sitting in a class. It would be very cool if someone answered > this before the class got out!? :-) > > Is it really true that Kismet can sniff packets on an 802.11 > wireless network, even if you have the access point set up to > require login/authentication. (assume the hacker doesn't know a > login) > > From what I know about access points, the hacker would fail to > associate with the access point, and hence could not see traffic. > > Thanks, > > Priscilla I got called away just as I was about to send you this. Sorry for the delay... http://www.linuxsecurity.com/feature_stories/wireless-kismet.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62388&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kismet [7:62376]
s vermill wrote: > > Priscilla Oppenheimer wrote: > > > > Sitting in a class. It would be very cool if someone answered > > this before the class got out!? :-) > > > > Is it really true that Kismet can sniff packets on an 802.11 > > wireless network, even if you have the access point set up to > > require login/authentication. (assume the hacker doesn't know > a > > login) > > > > From what I know about access points, the hacker would fail to > > associate with the access point, and hence could not see > traffic. > > > > Thanks, > > > > Priscilla > > If I understand the question, I don't see why a wireless > sniffer would need to associate to an AP. It's pulling data > off the airways similar to a NIC in promiscuous mode on a > hard-wired network. Unless the data is encrypted, it's > available to any wireless sniffer. Sort of like a police > scanner. But I sense there is more to the question... > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62390&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: kismet [7:62376]
On Mon, Feb 03, 2003 at 08:41:44PM +, Priscilla Oppenheimer wrote: > Is it really true that Kismet can sniff packets on an 802.11 > wireless network, even if you have the access point set up to > require login/authentication. It is sort of like using tcpdump on a hub. In addition, kismet also makes WEP less useful: http://www.kismetwireless.net/documentation.shtml "Kismet supports decrypting WEP as packets are captured. This enables Kismet to extract clients, IP ranges, and alert conditions out of WEP-enabled traffic." -Vince Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62392&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kismet [7:62376]
Priscilla Oppenheimer wrote: > > s vermill wrote: > > > > Priscilla Oppenheimer wrote: > > > > > > Sitting in a class. It would be very cool if someone > answered > > > this before the class got out!? :-) > > > > > > Is it really true that Kismet can sniff packets on an 802.11 > > > wireless network, even if you have the access point set up > to > > > require login/authentication. (assume the hacker doesn't > know > > a > > > login) > > > > > > From what I know about access points, the hacker would fail > to > > > associate with the access point, and hence could not see > > traffic. > > > > > > Thanks, > > > > > > Priscilla > > > > If I understand the question, I don't see why a wireless > > sniffer would need to associate to an AP. It's pulling data > > off the airways similar to a NIC in promiscuous mode on a > > hard-wired network. Unless the data is encrypted, it's > > available to any wireless sniffer. Sort of like a police > > scanner. But I sense there is more to the question... > > > > > > > > > > Cat got your tongue? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62393&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Self-Employment [7:62394]
Really? WHERE DO I SIGN?? :) Mike Chicagoland CCIE #7079 -Original Message- From: Sam Munzani [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 4:12 PM To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: CCIE Self-Employment Rate depends on who is paying and how much do they have? :-) In chicago area $125/Hr is considered normal with 1 way travel time. If you got a fortune 500 client, you can easily bump it up to $175/Hr. and they will not argue about it. Sam > CCIE self employed, > well if you find another CCIE to partner with you can get silver partner > status, (and some other requirements too) > > If you are in the biz you should know...pix...vpn and some other stuff the > hourly work is great but it depends on the clients locations...and the > billing rate.. > Good luck in this market it may be better then being out of work like my > friend is (and he is a CCIE too) > Bill at what you can get $100 to $200 an hour or more > or less if its cash.. > > Stephen > - Original Message - > From: "Jay Greenberg" > To: ; > Sent: Monday, February 03, 2003 12:14 PM > Subject: CCIE Self-Employment > > > > Any CCIEs on the list in business for themselves? What's the money > > like, what sort of companies do you work for? Do you do short-term or > > long term contracts? Hourly work? > > > > Thanks, > > > > -- > > Jason Greenberg, CCIE #11021 > > > > . > . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blown Away By The New CCIE Written [7:62396]
Has anyone taken the new format of the written test? I just got my head handed to me. Needed a 58 to pass and got a 47. I definitely studied the wrong material. I thought the test would emphasize OSPF, BGP, WAN and the basic Routing Protocol interaction. Boy was I wrong. 75% of the test was Multicast, IPX, Token Ring and QoS. I studied QoS pretty well, but slacked a bit on Multicast and totally wrote off Token Ring or IPX. Ooops$300 down the drain. Anyone else have a similiar experience? As far as what I used, I thought the "official CCIE R&S Exam Cert. Guide" would be enough. Uhh, that's a big NO! Bruno and clan don't even cover half of what was on this test. Anyone else recommend something different for next time? Should I just say No to all books and print out all the links on the Exam blueprint page? I think that's what I'm going to do this time, oh, that and concentrate on useless protocols. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62396&t=62396 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The New CCIE Written [7:61507]
Raj, What was that link again? You might need to send it to my email as it might be blocked by the moderators. Send it to [EMAIL PROTECTED] Thanks, Todd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62397&t=61507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Time Between CCNP Tests [7:62398]
I was wondering how long I have between each CCNP test. I heard 2 years, but does that mean I have two years for example, between the routing and switching, then when I take the switching, I have another 2 years between either the remote access or support? or is it 2 years to get them all? Thanks for the help :-) Jarred Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62398&t=62398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
Sorry for the confusion. My indication to the original post was meant to say that the source mac address will change from hop to hop...and the destination mac address, the source and dest. ip address's should remain the same. As Scott says,the routers may change more than the mac address's when the packet is re-wrote, but I didn't think that level of detail was asked in the question My answer about wan issues was incorrect as Priscilla pointed out...which obviously points out my lack of day to day knowledge on the wan side. Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, February 03, 2003 12:45 PM Subject: Re: MAC Address [7:62251] > s vermill wrote: > > > > s vermill wrote: > > > > > > Priscilla Oppenheimer wrote: > > > > > > > > s vermill wrote: > > > > > > > > > > Larry Letterman wrote: > > > > > > > > > > > > In most cases you will only re-write the source mac > > > address > > > > > > when traversing > > > > > > across a L3 device. > > > > > > > > > > I don't think that's so. > > > > > > > > Did you misplace your comment? > > > > > > No. I disagree that a source MAC re-write would be all that > > > takes place when crossing a L3 device. Host A, sending to an > > > off-subnet Host B, would use its own MAC as the source and the > > > L3 device interface MAC as the destination. The L3 device > > > strips both at ingress. If, in fact, the destination is on a > > > directly attached shared medium, the source MAC is re-writen > > to > > > that of the egress interface. The destination MAC is whatever > > > the L3 device has in the ARP cache for Host B. Both source > > and > > > destination MACs change when crossing a L3 device. Doesn't it > > > sound like Larry is saying that the source MAC is all that > > > changes and not the destination MAC? Or maybe I just took > > that > > > wrong? > > > > I think that maybe Larry was saying that the only time it would > > be *necessary* to change the source MAC is when traversing a L3 > > device. > > That's how I read it. (He was comparing it to a L2 device.) The word "only" > is an evil word that editors hate. :-) > > P. > > > He isn't necessarily saying that only the source MAC > > would change when crossing one. Sorry Larry. I think that was > > a mis-read on my part. > > > > > > > > I think his first comment is > > > > correct, but then a following one is strangely worded. See > > > below > > > > > > > > > A host will have an ARP cache entry > > > > > for its gateway. That would be the destination MAC. The > > > > > source MAC would be that of the sending host itself. > > Using > > > > its > > > > > own ARP cache, the gateway would re-write both the source > > > and > > > > > destination MAC if the destination was, in fact, directly > > > > > attached to (or reachable via) another Ethernet > > interface. > > > > > If > > > > > not, and the packet needed to cross some serial WAN link, > > > both > > > > > MACs would simply be stripped off. Every L3 device strips > > > off > > > > > source and dest. MAC at ingress. Whether or not a new > > > source > > > > > and dest. MAC is encapsulated around the IP packet depends > > > on > > > > > whether or not the destination is reachable via another > > > > > Ethernet interface. > > > > > > > > Or Token Ring, FDDI, LocalTalk. :-) > > > > > > > > > > > > > > > If you go across a layer 2 network, all > > > > > > the mac address's > > > > > > would typically be part of the same broadcast domain and > > > not > > > > > > need to be changed. > > > > > > > > > > > > If you go across a T1 or Frame it will still be mapped > > to > > > or > > > > > > have an assigned IP Address > > > > > > that constitutes a layer 3 hop and write its mac address > > > in > > > > > > the frame. > > > > > > > > Here's where he went astray. As I mentioned earlier, a > > serial > > > > interface doesn't have a MAC address and the data-link-layer > > > > protocols used across serial interfaces don't have MAC > > > > addresses in them. > > > > > > > > The sentence isn't parsable, (sorry Larry!) but may indicate > > > > some additional misunderstanding. The fact that the next > > hop > > > > has a Layer 3 address isn't of major significance when > > talking > > > > about forwarding traffic and the addresses that end up in > > the > > > > forwarded packet. The IP addresses don't change end-to-end. > > > MAC > > > > addresses on LANs change, hop by hop. WANs don't have MAC > > > > addresses. > > > > > > > > Yes, routing protocols exchange next hop info using IP > > > > addresses. So, if we're considering Ethernet, at some point > > > the > > > > source router must have found out the MAC address of the > > > > destination router using ARP. The router will put its own > > MAC > > > > address in the source field and the destination (next hop) > > > > router's MAC address in the destination field. > > > > > > > > In the case of a T1 point-to-point link, a MAC addre
Re: CCIE Self-Employment [7:62394]
Mike , he must be dreaming about deerfield... - Original Message - From: "Mike Schlenger" To: Sent: Monday, February 03, 2003 2:43 PM Subject: RE: CCIE Self-Employment [7:62394] > Really? WHERE DO I SIGN?? :) > > Mike > Chicagoland CCIE #7079 > > -Original Message- > From: Sam Munzani [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 03, 2003 4:12 PM > To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: CCIE Self-Employment > > > Rate depends on who is paying and how much do they have? :-) > > In chicago area $125/Hr is considered normal with 1 way travel time. If you > got a fortune 500 client, you can easily bump it up to $175/Hr. and they > will not argue about it. > > Sam > > > > CCIE self employed, > > well if you find another CCIE to partner with you can get silver partner > > status, (and some other requirements too) > > > > If you are in the biz you should know...pix...vpn and some other stuff the > > hourly work is great but it depends on the clients locations...and the > > billing rate.. > > Good luck in this market it may be better then being out of work like my > > friend is (and he is a CCIE too) > > Bill at what you can get $100 to $200 an hour or more > > or less if its cash.. > > > > Stephen > > - Original Message - > > From: "Jay Greenberg" > > To: ; > > Sent: Monday, February 03, 2003 12:14 PM > > Subject: CCIE Self-Employment > > > > > > > Any CCIEs on the list in business for themselves? What's the money > > > like, what sort of companies do you work for? Do you do short-term or > > > long term contracts? Hourly work? > > > > > > Thanks, > > > > > > -- > > > Jason Greenberg, CCIE #11021 > > > > > > . > > . > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62402&t=62394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix Enable Password recovery [7:62401]
Just purchased a pix 515, however the muppet how sold it to me cant remember the enable password. Can any one remember the steps to recover ??? Thanks all. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62401&t=62401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VOIP Books and Resources [7:62403]
Can anyone recommend a good vendor independent book on VOIP, something that goes into detail on the different protocols, codecs, so on and so forth? I am looking for something that takes you through VOIP in detail, not just basic stuff. Thanks. Guy H. Lupi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62403&t=62403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE Tunnel [7:62235]
Hi again, I already tried to give the command in the tunnel interface but the bridge-group command simply isn't there, I am doing this in 2600 router, with an enterprise image. Any comments Thanks in advance, Bruno Fernandes ""The Long and Winding Road"" wrote in message news:... > ""Bruno Fernandes"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Good morning !!! > > > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ? > > > yes > > > > If yes, how ? > > same as with any other interface - enter the appropriate bridge-group > command > > > > > Regards, > > Bruno Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62404&t=62235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Enable Password recovery [7:62401]
You will need to boot into monitor mode then tftp the file that you can get from the TAC and clear de password EX: monitor> interface 0 0: i8255X @ PCI(bus:0 dev:13 irq:10) 1: i8255X @ PCI(bus:0 dev:14 irq:7 ) Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9 monitor> address 10.21.1.99 address 10.21.1.99 monitor> server 172.18.125.3 server 172.18.125.3 monitor> file np52.bin file np52.bin monitor> gateway 10.21.1.1 gateway 10.21.1.1 monitor> ping 172.18.125.3 Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds: ! Success rate is 100 percent (5/5) monitor> tftp tftp [EMAIL PROTECTED] via 10.21.1.1... Received 73728 bytes Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000 Flash=i28F640J5 @ 0x300 BIOS Flash=AT29C257 @ 0xd8000 Do you wish to erase the passwords? [yn] y Passwords have been erased. Rebooting Regards BF ""John Brandis"" wrote in message news:... > Just purchased a pix 515, however the muppet how sold it to me cant > remember the enable password. Can any one remember the steps to > recover ??? > > Thanks all. > > > > > ** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ** > > The Solution 6 Head Office and NSW Branch has moved premises. Please > make sure you have updated your records with our new details. > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you > cannot use, distribute or copy the message or attachments. In such a > case, please notify the sender by return email immediately and erase > all copies of the message and attachments. Opinions, conclusions and > other information in this message and attachments that do not relate > to the official business of Solution 6 are neither given nor endorsed > by it. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62405&t=62401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Self-Employment [7:62394]
Not sure about Chicago area, but in my area, rate is generally above $150/hr. And guess what, I'm in Silicon Valley. To configure a router or switch is simple. Worst case, pick up the phone and call TAC will solve most configuration problems. Customers are looking for someone that can run the show. CCIE is not enough, you also need to know how to do project management and very importantly, how to BS. This is based on several interviews I had during the past couple of weeks. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Schlenger Sent: Monday, February 03, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Self-Employment [7:62394] Really? WHERE DO I SIGN?? :) Mike Chicagoland CCIE #7079 -Original Message- From: Sam Munzani [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 4:12 PM To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: CCIE Self-Employment Rate depends on who is paying and how much do they have? :-) In chicago area $125/Hr is considered normal with 1 way travel time. If you got a fortune 500 client, you can easily bump it up to $175/Hr. and they will not argue about it. Sam > CCIE self employed, > well if you find another CCIE to partner with you can get silver partner > status, (and some other requirements too) > > If you are in the biz you should know...pix...vpn and some other stuff the > hourly work is great but it depends on the clients locations...and the > billing rate.. > Good luck in this market it may be better then being out of work like my > friend is (and he is a CCIE too) > Bill at what you can get $100 to $200 an hour or more > or less if its cash.. > > Stephen > - Original Message - > From: "Jay Greenberg" > To: ; > Sent: Monday, February 03, 2003 12:14 PM > Subject: CCIE Self-Employment > > > > Any CCIEs on the list in business for themselves? What's the money > > like, what sort of companies do you work for? Do you do short-term or > > long term contracts? Hourly work? > > > > Thanks, > > > > -- > > Jason Greenberg, CCIE #11021 > > > > . > . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62406&t=62394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP Books and Resources [7:62403]
"Lupi, Guy"" wrote in message ... > Can anyone recommend a good vendor independent book on VOIP, > something that goes into detail on the different protocols, codecs, > so on and so forth? I am looking for something that takes you > through VOIP in detail, not just basic stuff. Thanks. Voice-over-IP isn't really a technology, it's more of a solution that has individual technologies surrounding it. VoIP is more of a term, primarily in use by Cisco, and possibly Lucent, Sprint, et al, to describe nothing other than "Voice can be used over TCP/IP networks, including the Internet". It's a marketing term. So you might not be looking for "vendor-specific" VoIP, but I recommend that you do look for "technology-specific" VoIP. Another popular term is "IP Telephony" (versus traditional telephony, or TDM-only telephony), which is comparable to "VoIP". If you were to ask any member or follower of the Internet Engineering Task Force (The IETF organization, whose members document the ever-evolving Internet), they would tell you that two specific technologies are in the process of standardization and implementation: RTP/RTSP (Real-Time [Streaming] Protocol) and SIP (Session Initiation Protocol). SIP is the bulk of where IP Telephony, or VoIP, is currently heading. Other VoIP products and solutions are available, but they are likely to be not as robust or complete as SIP, and also are likely to go away in 5-10 years in favor of SIP technology. This is the best website I've seen on SIP technology that isn't quite as dry as reading RFC's: http://www.cs.columbia.edu/~hgs/sip/ They make some book recommendations here: http://www.cs.columbia.edu/~hgs/sip/papers.html The website also includes some details on other technologies in the VoIP arena (such as H.323) and makes direct comparisons to SIP as well as states how they can work together. H.323 also interfaces to TCP/IP with RTP/RTSP (needs to have glue somewhere), so it does all go back to the IETF and vendor implementations fall in suit. Clearly, SIP, MGCP, and H.323 will all still rely on SS7 to access the PSTN (Public Switched Telephone Network), but SIP (et al) can also act as standalone networks. SS7 and the PSTN are likely to stay the way they are for quite some time, but as an end-user, your voice equipment and technology can be optimized (cheaper, better, faster, more scalable) today. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62407&t=62403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3640 and 2 NM-2FE-2W? [7:62346]
Ben, According to CCO you need 12.0(7)XK, 12.1(1)T, 12.2, or 12.2T. http://www.cisco.com/warp/public/107/nm-fe2w.shtml Best Regards, John - Original Message - From: "Ben Hockenhull" To: Sent: Monday, February 03, 2003 8:15 AM Subject: 3640 and 2 NM-2FE-2W? [7:62346] > I've got a 3640 running 12.2.x software and currently have one NM-2FE-2W > installed, with 2 WICs in it. I tried to install another NM-2FE-2W and > use the WIC slots in that NM as well, but none of the interfaces show up. > > I can't find any documentation one way or another about support for > multiple NM2-FE-2Ws in a 3640. Anyone know if this is supported? > > I'm not concerned about overutilizing the backplane with 4 FE interfaces, > as I won't use all 4. > > Ben > > -- > Ben Hockenhull > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62408&t=62346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Self-Employment [7:62394]
to me ccie is an impressive cert because it is hard to obtain, but so what? it just means that you know how to configure some routers, switches and know protocols and etc, to me what is important is how you can apply your knowledge in a real work situation, how good are you in designing a network, how good are you in troubleshooting when problems occur, how soon can you fulfill a request when a project comes thru and you need to be fast and efficient in fulfilling that request, can you think in an overall scenario of how to design and build a redundent and functional network for a company, the core engineers in my company, some have ccies and some dont, the ones that doesnt have them can probably run circles around some ccies that are out there in the industry i am also going after my certs but i am only doing it because of pressure from upper management and it will make my resume look better this is just my 2 cents :) [EMAIL PROTECTED] mTo: [EMAIL PROTECTED] Sent by: cc: nobody@groupstudySubject: RE: CCIE Self-Employment [7:62394] .com 02/03/2003 08:16 PM Please respond to supernet Not sure about Chicago area, but in my area, rate is generally above $150/hr. And guess what, I'm in Silicon Valley. To configure a router or switch is simple. Worst case, pick up the phone and call TAC will solve most configuration problems. Customers are looking for someone that can run the show. CCIE is not enough, you also need to know how to do project management and very importantly, how to BS. This is based on several interviews I had during the past couple of weeks. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Schlenger Sent: Monday, February 03, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Self-Employment [7:62394] Really? WHERE DO I SIGN?? :) Mike Chicagoland CCIE #7079 -Original Message- From: Sam Munzani [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 4:12 PM To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: CCIE Self-Employment Rate depends on who is paying and how much do they have? :-) In chicago area $125/Hr is considered normal with 1 way travel time. If you got a fortune 500 client, you can easily bump it up to $175/Hr. and they will not argue about it. Sam > CCIE self employed, > well if you find another CCIE to partner with you can get silver partner > status, (and some other requirements too) > > If you are in the biz you should know...pix...vpn and some other stuff the > hourly work is great but it depends on the clients locations...and the > billing rate.. > Good luck in this market it may be better then being out of work like my > friend is (and he is a CCIE too) > Bill at what you can get $100 to $200 an hour or more > or less if its cash.. > > Stephen > - Original Message - > From: "Jay Greenberg" > To: ; > Sent: Monday, February 03, 2003 12:14 PM > Subject: CCIE Self-Employment > > > > Any CCIEs on the list in business for themselves? What's the money > > like, what sort of companies do you work for? Do you do short-term or > > long term contracts? Hourly work? > > > > Thanks, > > > > -- > > Jason Greenberg, CCIE #11021 > > > > . > . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62409&t=62394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VOIP Books and Resources [7:62403]
Because I'm creating a VoIP course for a community college, I have been going through several books (mostly from Cisco Press). One book that really stood out was "Carrier Grade Voice Over IP" by Daniel Collins, published by McGraw-Hill. It is not the most technical (read the specs or RFCs if you can't fall asleep at night), and the graphics look a bit cheesy. I like it because the author digs into all technical areas of VoIP and actually makes me want to keep on reading. VoIP crosses over both telco & networking fields. It is hard to encounter good writers who knows both fields well. If I needed to pick a textbook for my class, this would be it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62410&t=62403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay...Serial Int Flapping [7:62411]
Hi all, I have a Frame Relay circuit to an adtran ts120 and then v.35 to a cisco1721. My serial interface keeps flapping 01:11:40: Serial0: attempting to restart 01:11:40: PowerQUICC(0/0): DCD is up. Line protocol changes to up...then down...and stays down. But debug output shows the above. Any ideas? interface Serial0 bandwidth 512 ip address x.x.x.x x.x.x.x encapsulation frame-relay IETF frame-relay map ip x.x.x.x 114 IETF frame-relay lmi-type ansi -- Dain Deutschman CCNP, CSS-1, CCNA, MCP, CNA Data Communications Manager New Star Sales and Service, Inc. 800.261.0475 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62411&t=62411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: kismet [7:62376]
I am not a wireless expert; however, I've setup a few network to know that sniffer such as airsnort and Kismet are essentially "useless" if one designs the network with "PEAP" and "EAP-TTLS". Furthermore, if you implement IPSec (AES) over "PEAP" or "EAP-TTLS", then that will make kismet useless. I welcome anyone to "hack" into my home wireless network because that is what I have. David Vince Hoang wrote:On Mon, Feb 03, 2003 at 08:41:44PM +, Priscilla Oppenheimer wrote: > Is it really true that Kismet can sniff packets on an 802.11 > wireless network, even if you have the access point set up to > require login/authentication. It is sort of like using tcpdump on a hub. In addition, kismet also makes WEP less useful: http://www.kismetwireless.net/documentation.shtml "Kismet supports decrypting WEP as packets are captured. This enables Kismet to extract clients, IP ranges, and alert conditions out of WEP-enabled traffic." -Vince Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62412&t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Enable Password recovery [7:62401]
Depend on the version of Pix OS on the firewall, you need an TFTP server so that you can download the npxx.bin to the pix in "monitor" mode from the TFTP server to erase the password on the pix. Very simple. Go to www.cisco.com and search for "password recovery" Good luck. John Brandis wrote:Just purchased a pix 515, however the muppet how sold it to me cant remember the enable password. Can any one remember the steps to recover ??? Thanks all. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62413&t=62401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Time Between CCNP Tests [7:62398]
You have 3 years from the time of completion of the last test. Unless it's two yearsGod I hope it's not two years. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 5:27 PM To: [EMAIL PROTECTED] Subject: Time Between CCNP Tests [7:62398] I was wondering how long I have between each CCNP test. I heard 2 years, but does that mean I have two years for example, between the routing and switching, then when I take the switching, I have another 2 years between either the remote access or support? or is it 2 years to get them all? Thanks for the help :-) Jarred Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62414&t=62398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE Tunnel [7:62235]
-- TANSTAAFL "there ain't no such thing as a free lunch" ""Bruno Fernandes"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi again, > > I already tried to give the command in the tunnel interface but the > bridge-group command simply isn't there, I am doing this in 2600 router, > with an enterprise image. > > Any comments OK, let's figure out why I'm an idiot on this one. ( shut up, Ken, Nigel, Phil, and CN ) Oh never mind - I've been playing with IPX bridging here - a complete waste of time since there is no IPX on the Lab any longer. Suffice it to say I was wrong. sorry. > > Thanks in advance, > Bruno Fernandes > > ""The Long and Winding Road"" wrote > in message news:... > > ""Bruno Fernandes"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Good morning !!! > > > > > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ? > > > > > > yes > > > > > > > If yes, how ? > > > > same as with any other interface - enter the appropriate bridge-group > > command > > > > > > > > Regards, > > > Bruno Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62415&t=62235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Doc CD Errors [7:62417]
Some of you probably know this already, but there appear to be problems with the June 2002 Documentation CD. I have had the Doc CD in various flavors running on this poor computer for many months now. When I bought my 3550 switch, I got a June 2002 Doc CD, newer than what I had. So I popped it in, turned it on, and got the "expired" message. I could work my way around this problem, but for the documentation for any IOS version 12.1 or earlier, I was sent to the Cisco public web site, not to the doc CD. 12.2 used the CD. Various network management and switch and CAT OS documentation versions all used the doc CD. but not IOS 12.0 or 11.3 or 12.1, all of which pointed me out to the internet. Several uninstall-reinstalls later I gave up, opened a TAC case, and was provided a new version of a vdk20.lic file, which ended the "expired" problem. However, the problem remains with certain IOS version pointing me to Cisco's web site, not to the doc CD. I've asked TAC to refer this to the doc CD group - probably a failure to change the url references when converting the web site to the CD. Just an FYI -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62417&t=62417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Management and Reporting for Cisco Site-to-site VPN [7:62418]
Hi All, I am deploying Site-to-site VPN using Cisco IOS routers. I am wondering what software package offering the management, connectivity monitoring of tunnels, and content reporting available? How much it costs? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62418&t=62418 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP vs. OSPF [7:62419]
Hi All, I have been using EIGRP for our routing protocol for the last couple years, which is prettly great. The controversal of selecting the routing protocol came up again recently. I would like to have your opinion on EIGRP vs. OSPF, which one is refered? What's the weakness and advantage? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62419&t=62419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE Tunnel [7:62235]
Correct me if I am wrong but according to the CCIE Blue Print IPX is still on the lab, It is in the section of Desktop Protocols IPX (NLSP, IPX-RIP/SAP,IPX-EIGRP, SPX, NCP,IPXWAN,IPX Addressing, GNS) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The Long and Winding Road Sent: Monday, February 03, 2003 11:14 PM To: [EMAIL PROTECTED] Subject: Re: GRE Tunnel [7:62235] -- TANSTAAFL "there ain't no such thing as a free lunch" ""Bruno Fernandes"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi again, > > I already tried to give the command in the tunnel interface but the > bridge-group command simply isn't there, I am doing this in 2600 router, > with an enterprise image. > > Any comments OK, let's figure out why I'm an idiot on this one. ( shut up, Ken, Nigel, Phil, and CN ) Oh never mind - I've been playing with IPX bridging here - a complete waste of time since there is no IPX on the Lab any longer. Suffice it to say I was wrong. sorry. > > Thanks in advance, > Bruno Fernandes > > ""The Long and Winding Road"" wrote > in message news:... > > ""Bruno Fernandes"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Good morning !!! > > > > > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ? > > > > > > yes > > > > > > > If yes, how ? > > > > same as with any other interface - enter the appropriate bridge-group > > command > > > > > > > > Regards, > > > Bruno Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62420&t=62235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE Tunnel [7:62235]
""Juan Blanco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Correct me if I am wrong but according to the CCIE Blue Print IPX is still > on the lab, It is in the > section of Desktop Protocols > IPX (NLSP, IPX-RIP/SAP,IPX-EIGRP, SPX, NCP,IPXWAN,IPX Addressing, GNS) http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#18 > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > The Long and Winding Road > Sent: Monday, February 03, 2003 11:14 PM > To: [EMAIL PROTECTED] > Subject: Re: GRE Tunnel [7:62235] > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > ""Bruno Fernandes"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi again, > > > > I already tried to give the command in the tunnel interface but the > > bridge-group command simply isn't there, I am doing this in 2600 router, > > with an enterprise image. > > > > Any comments > > > OK, let's figure out why I'm an idiot on this one. ( shut up, Ken, Nigel, > Phil, and CN ) > > Oh never mind - I've been playing with IPX bridging here - a complete waste > of time since there is no IPX on the Lab any longer. Suffice it to say I was > wrong. > > sorry. > > > > > > > > Thanks in advance, > > Bruno Fernandes > > > > ""The Long and Winding Road"" wrote > > in message news:... > > > ""Bruno Fernandes"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Good morning !!! > > > > > > > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ? > > > > > > > > > yes > > > > > > > > > > If yes, how ? > > > > > > same as with any other interface - enter the appropriate bridge-group > > > command > > > > > > > > > > > Regards, > > > > Bruno Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62421&t=62235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Summarization [7:62347]
Steve The missing one if advertised with smaller block will take effect. Rgds, Kiran >From: "Steven Aiello" >Reply-To: "Steven Aiello" >To: [EMAIL PROTECTED] >Subject: Route Summarization [7:62347] >Date: Mon, 3 Feb 2003 14:15:20 GMT > >Hello All, > > I have a question about route summarization. I was reading over the >material from Cisco on the matter, I was wondering; or actually >assuming. If you want to have route summarization in place to you need >continuos network numbers? I know that the docs. said you would send a >network address upstream that would reflect the bit that are common to >all networks thus decreasing the size of the routing tables which is >great. But what if someone else owned a network block on the net that >was randomly missing from your group? Again, I can only assume that you >must have all continuous networks. Is this correct, or am I missing >something? > >Thank you all, >Steven _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62422&t=62347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Dialer Watch on 4500 [7:62423]
Are there any special tricks to getting a dialer watch to work on a 4500 NP-4B? I have tried the configurations from the web site and from Solie's book on a 4500 w/4B connecting to a 4000M/4B via a Teltone Demonstrator. I cannot get the ISDN to show any dialer event activity when I unplug the serial cable. Packet debug shows the dialer conditions appropriately (primary, secondary down) but no attempt appears to be made to dial out. I'm using IOS 12's. I've tried clearing the int bri's, shut/no shut the bri on each end, turning off the demonstrator, reloading the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62423&t=62423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Doc CD Errors [7:62417]
Thx. I thought maybe they had gone to the Bill for some advice on how to make the documentation more user friendly like like certain NOSs. I have been frogging around with that damned thing for a week now. It worked fine until I left for a Christmas vacation. Had been using the web site since, but decided that I should try to use the CD - dummmiieee. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62424&t=62417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Self-Employment [7:62394]
>From what I've seen, you can still get very high rates. The problem is that in order to get those kind of rates, you either have to be very well connected, have a big name (far beyond what a CCIE could ever give you - for example, Dr. Vint Cerf could easily command a princely rate, but of course he "only" invented TCP/IP), or be an excellent salesman, or usually all of the above. Furthermore, it is extremely dangerous to assume that you will be getting that high rate consistently for 40 hours a week, 50 weeks a year. The Usually the majority of your time will be spent scoping out clients, marketing yourself, and doing paperwork - things for which you are making no money. Also from what I've seen, for true success as a self-employed person, what is much more important than your technical skills is your business savvy. I know a bunch of technically brilliant people who could never run their own gig, and by the same token, I know guys who, quite frankly, suck technically, but have the slick salesmanship to be very successful at running their own business. You might ask how such people can actually get jobs done if they aren't technically sharp, and the answer is simple - they hire others to do it for them. To digress slightly,this is why at practically every tech company I know, the top salesmen always make substantially more than the top engineers - often by a factor of 3 to 5 times. ""supernet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Not sure about Chicago area, but in my area, rate is generally above > $150/hr. And guess what, I'm in Silicon Valley. > > To configure a router or switch is simple. Worst case, pick up the phone > and call TAC will solve most configuration problems. Customers are > looking for someone that can run the show. CCIE is not enough, you also > need to know how to do project management and very importantly, how to > BS. > > This is based on several interviews I had during the past couple of > weeks. > > Yoshi > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Mike Schlenger > Sent: Monday, February 03, 2003 2:44 PM > To: [EMAIL PROTECTED] > Subject: RE: CCIE Self-Employment [7:62394] > > Really? WHERE DO I SIGN?? :) > > Mike > Chicagoland CCIE #7079 > > -Original Message- > From: Sam Munzani [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 03, 2003 4:12 PM > To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: CCIE Self-Employment > > > Rate depends on who is paying and how much do they have? :-) > > In chicago area $125/Hr is considered normal with 1 way travel time. If > you > got a fortune 500 client, you can easily bump it up to $175/Hr. and they > will not argue about it. > > Sam > > > > CCIE self employed, > > well if you find another CCIE to partner with you can get silver > partner > > status, (and some other requirements too) > > > > If you are in the biz you should know...pix...vpn and some other stuff > the > > hourly work is great but it depends on the clients locations...and the > > billing rate.. > > Good luck in this market it may be better then being out of work like > my > > friend is (and he is a CCIE too) > > Bill at what you can get $100 to $200 an hour or more > > or less if its cash.. > > > > Stephen > > - Original Message - > > From: "Jay Greenberg" > > To: ; > > Sent: Monday, February 03, 2003 12:14 PM > > Subject: CCIE Self-Employment > > > > > > > Any CCIEs on the list in business for themselves? What's the money > > > like, what sort of companies do you work for? Do you do short-term > or > > > long term contracts? Hourly work? > > > > > > Thanks, > > > > > > -- > > > Jason Greenberg, CCIE #11021 > > > > > > . > > . > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62425&t=62394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Management and Reporting for Cisco Site-to-site VPN [7:62426]
""Thomas N."" wrote in message ... > I am deploying Site-to-site VPN using Cisco IOS routers. I am > wondering what software package offering the management, connectivity > monitoring of tunnels, and content reporting available? How much > it costs? Thanks! Most people roll-their-own (i.e. use a home-grown solution). They often use the following base programming languages to do so: C, C++, Java, Perl, Python, Tcl, Expect, Ruby, Unix Shell, and similar, less-powerful Microsoft or IBM languages (NT Shell, Visual Basic, VBScript, C#, REXX, JCL, COBOL, etc). Sometimes applications are written in assembly (x86, m68k, mips), but this is less often the case. Sometimes the use of libraries, or modules, are used (net-snmp, libgd, the ANSI/ISO C libraries, C++ STL templates, CPAN Perl modules) other times, horrific sub-languages are created instead (Microsoft Foundation Classes) and munged -- but possibly made useful. Sometimes these are packaged together in the form of commercial (read: over-priced) or open-source software (e.g. MRTG), but often these packages do not meet any specific needs, only generic requirements that often involve complex customization anyways. However, functionality that meets your criteria is available as a $20k or thereabouts software package from Cisco, simply search on their website under Network Management and find a VPN-specific solution that appears to meet your needs. In reality, this sort of package requires more than just "customization", it requires more time and money in the form of "software application babysitting", and late-night calls to Cisco for tech support calls that are followed-up the next day and night by more calls, ad nauseum. For some reason, other commercial products and even the least hardened (or worst coded) open-source software packages do not seem to suffer this "babysitting" complex, while CiscoWorks does. I do not have room in this email to further explain this phenonmenon. You may find that the easiest route is to collect some Cisco IOS SNMP MIB OID's (enough acronyms for you there?) and graph them, while also either using an external application to create thresholds on the OID values (counter or gauge integer types), or an internal polling mechanim such as SAA or RMON alarms and events (and have the thresholds sent to your pager or email or syslog file or operations center monitor). This is often very easily accomplished with NET-SNMP or MRTG, which are open-source and free to download. Others find it is best to have it centrally located in some type of overlord system such as IRCd, or $100M/year software-supported applications made by the likes of the network management triumvirate - HP, CA, and IBM/Tivoli. It is also recommended that you choose one platform/package and not, for example, 3 (especially when you end up spending $300M per year). Often what you hear of as "best-of-breed" is normally just another way of adding additional complexity, under-utilization, and exponential interoperability issues between platforms/packages. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62426&t=62426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Licensing [7:62233]
hi, this is a "show version" printout from a 535 PIX with FO license. with failover license _ Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.0(2) Compiled on Fri 07-Jun-02 17:49 by morlee inetpix up 156 days 14 hours Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5 0: gb-ethernet0: address is 0003.47e0.0748, irq 10 1: gb-ethernet1: address is 0003.47e0.070d, irq 255 2: ethernet0: address is 00e0.b605.74f7, irq 11 3: ethernet1: address is 00e0.b605.74f6, irq 10 4: ethernet2: address is 00e0.b605.74f5, irq 11 5: ethernet3: address is 00e0.b605.74f4, irq 10 6: ethernet4: address is 0002.b3b2.4a00, irq 12 7: ethernet5: address is 0002.b3b2.49ff, irq 12 8: ethernet6: address is 0002.b3b2.4a02, irq 11 9: ethernet7: address is 0002.b3b2.4a01, irq 255 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Enabled Maximum Interfaces: 10 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This machine is licensed to run in failover secondary mode only Serial Number: 406300710 (0x1837a826) Running Activation Key: 0xba6c104d 0xc375beb0 0x1a8b03e8 0x81cee06a Configuration last modified by enable_15 at 09:42:24.312 MET Mon Feb 3 2003 with UR-license, primary PIX _ Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.0(2) Compiled on Fri 07-Jun-02 17:49 by morlee inetpix up 156 days 14 hours Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5 0: gb-ethernet0: address is 0003.47e0.07c6, irq 10 1: gb-ethernet1: address is 0003.47e0.0715, irq 255 2: ethernet0: address is 00e0.b603.4f58, irq 11 3: ethernet1: address is 00e0.b603.4f57, irq 10 4: ethernet2: address is 00e0.b603.4f56, irq 11 5: ethernet3: address is 00e0.b603.4f55, irq 10 6: ethernet4: address is 0002.b3b2.4880, irq 12 7: ethernet5: address is 0002.b3b2.46b3, irq 12 8: ethernet6: address is 0002.b3b2.4a32, irq 11 9: ethernet7: address is 0002.b3b2.475c, irq 255 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Enabled Maximum Interfaces: 10 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited Serial Number: 406300498 (0x1837a752) Running Activation Key: 0xfb8670f9 0xdc4290f3 0x2e46ca84 0x3c3d8b96 Configuration last modified by enable_15 at 13:37:09.877 MET Fri Jan 31 2003 inetpix> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62342&t=62233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BayTech RPC-2 [7:62331]
I had the same problem, so I went to an APC product. ""John Tafasi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Group, > > I am using baytech rpc-2 in my home lab but I could not get it to work with > a cisoc 2511 terminal server. I am using the correct cable from baytech. > Could some one with a similar experience show me how to configure the 2511 > to work with baytech? > > Thanks in advance > > John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62343&t=62331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN with Cisco router and digital certificates [7:62213]
I started once, but could not dedicate more time. The biggest problem was that Cisco TAC do not support this design, so I could not get help. "Sam Sneed" @groupstudy.com em 31/01/2003 17:04:05 Favor responder a "Sam Sneed" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Re: VPN with Cisco router and digital certificates [7:62213] I guess no one has ever set this up before. ""Sam Sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a 3600 router that current supports PPTP win2K clients using win2K > client. I do not wnat to use Cisco client for VPN. > What I am trying to do is authenticate using digital certificates. The Cert > server is Win2K certificate server. I used a MS machine as VPN server with > certificates and it works. I now need to get the Cisco router to do the > same. Currently VPN users connecting to 3640 router and are authenticated > via IAS using domain logons and it works fine this way. > Has anyone implemented this? The router has certificate and it all looks OK. > I'm not sure how to configure the router to use digital certificates to > authenticate the users instead of username/password. > When I try to login I get "verifying username and password" and then error > 619 : the specifoed port is not connected. > > Here is config: > > aaa new-model > aaa authentication login default group tacacs+ local line none > aaa authentication ppp default group radius > aaa authorization network default group radius none > enable secret 5 $1$2MGM$ttPEfWBYGVf.Hc78TEuwn0 > > vpdn enable > ! > vpdn-group 1 > ! Default PPTP VPDN group > accept-dialin > protocol pptp > virtual-template 1 > ! > vpdn-group 2 > ! > ! > crypto ca identity mscert > enrollment mode ra > enrollment url http://99.17.4.20:80/certsrv/mscep/mscep.dll > crypto ca certificate chain mscert > certificate 61285CC90004 > ... > ... > 1CAC37AB 61BDC6 > quit > certificate ra-sign 6144F5320002 > .. > > quit > certificate ra-encrypt 6144F7EF0003 > . > . > certificate ca 1B36F87430D2D4AC47DC9C0E1C4D9320 > > interface Virtual-Template1 > ip unnumbered FastEthernet0/0 > ip nat inside > ip mroute-cache > no keepalive > peer default ip address pool vpn > ppp encrypt mppe 128 required > ppp authentication ms-chap > ppp timeout authentication 5 > ! > ip local pool vpn 123.17.10.31 123.17.10.254 > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62344&t=62213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrade BootROMs [7:62321]
Just a note: I needed to purchase one of those Programmable Logic Controller Chip (PLCC) extractor tools to pull out the old Boot ROMS (the tool is shown in the link that Symon provided). I just couldn't pull them out any other way without doing some damage! They're inexpensive; I got mine at Radio Shack for about $8.00 or less a couple of years ago. Shawn K. -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 02, 2003 5:20 PM To: [EMAIL PROTECTED] Subject: RE: Upgrade BootROMs [7:62321] Yep, you just pull them out and put the new ones in. Be careful to put the correct one in the correct slot. Search google or cco for "replace boot roms 2500" there is an excellent cisco doc Infact, I just did it, and this was the first hit: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2 500cfig/bootrom.htm Too easy Symon -Original Message- From: H [mailto:[EMAIL PROTECTED]] Sent: 02 February 2003 02:25 To: [EMAIL PROTECTED] Subject: Upgrade BootROMs [7:62321] Hi Gruop, I want to upgrade my BootROMs for my 2500s routers. Is it easy to do? Any comments will be greatly appreciated. Best Regards, Hunt = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62345&t=62321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3640 and 2 NM-2FE-2W? [7:62346]
I've got a 3640 running 12.2.x software and currently have one NM-2FE-2W installed, with 2 WICs in it. I tried to install another NM-2FE-2W and use the WIC slots in that NM as well, but none of the interfaces show up. I can't find any documentation one way or another about support for multiple NM2-FE-2Ws in a 3640. Anyone know if this is supported? I'm not concerned about overutilizing the backplane with 4 FE interfaces, as I won't use all 4. Ben -- Ben Hockenhull [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62346&t=62346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Summarization [7:62347]
Hello All, I have a question about route summarization. I was reading over the material from Cisco on the matter, I was wondering; or actually assuming. If you want to have route summarization in place to you need continuos network numbers? I know that the docs. said you would send a network address upstream that would reflect the bit that are common to all networks thus decreasing the size of the routing tables which is great. But what if someone else owned a network block on the net that was randomly missing from your group? Again, I can only assume that you must have all continuous networks. Is this correct, or am I missing something? Thank you all, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62347&t=62347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE training in the MD area by Brian (CCIE) - ?? [7:62348]
Hello,Does anyone know if Brian still offers the CCIE training in the MD area? Does anyone know of his web-site?Thank you. MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62348&t=62348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3640 and 2 NM-2FE-2W? [7:62346]
According to this table you should be able to install 4! http://www.cisco.com/en/US/customer/products/hw/routers/ps274/products_data_sheet09186a00800921cb.html Dave Ben Hockenhull wrote: > I've got a 3640 running 12.2.x software and currently have one NM-2FE-2W > installed, with 2 WICs in it. I tried to install another NM-2FE-2W and > use the WIC slots in that NM as well, but none of the interfaces show up. > > I can't find any documentation one way or another about support for > multiple NM2-FE-2Ws in a 3640. Anyone know if this is supported? > > I'm not concerned about overutilizing the backplane with 4 FE interfaces, > as I won't use all 4. > > Ben > > -- > Ben Hockenhull > [EMAIL PROTECTED] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62349&t=62346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Route Summarization [7:62347]
Steven Aiello wrote: > > Hello All, > > I have a question about route summarization. I was reading > over the > material from Cisco on the matter, I was wondering; or actually > assuming. If you want to have route summarization in place to > you need > continuos network numbers? I know that the docs. said you > would send a > network address upstream that would reflect the bit that are > common to > all networks thus decreasing the size of the routing tables > which is > great. But what if someone else owned a network block on the > net that > was randomly missing from your group? Again, I can only assume > that you > must have all continuous networks. Is this correct, or am I > missing > something? > > Thank you all, > Steven > > More or less I think that's true. But in the example where someone else has a block of addresses from the middle of an otherwise contiguous block, that can be accommodated. In most instances, the most specific match is used. So as long as that rouge block was being advertised with a more specific mask, there shouldn't be any problems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62353&t=62347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QOS Question [7:62351]
Using one T1 IP circuit, I need to allocate a certain percentage for VPN and the rest for generic Internet traffic. Would CBWFQ be the best solution to reserve 60% for VPN? And if it wasn't used for VPN, could it be used for other? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62351&t=62351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Burst rate in Routes and Catalyst 6000 [7:62352]
For configuring CAR, normal burst sets a point where traffic is still allowed. Between normal burst and exceed burst, traffic may be dropped or transmitted. http://www.pdaconsulting.com/dospart2.htm For Catalyst 6000 policing, burst rate should have at least the size of the maximum packet size or rate*interval. http://www.cisco.com/warp/public/473/102.html Any thoughts on that? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62352&t=62352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
