Re: Top Down Network Design - Great Book!! [7:63546]
I just finished an in depth reading of Priscilla's Campus lan book as a review for the lan/wan part of CCIE lab. Its a great book and covers a lot of good topics that aren't availbale elsewhere I would suggest it to most anybody that may be working in the CCNP arena Larry Letterman Network Engineer Cisco Systems - Original Message - From: "ccnp ccnp2002" To: Sent: Friday, February 21, 2003 7:50 PM Subject: Top Down Network Design - Great Book!! [7:63546] > Hi, > > I just want to comment on this book again (Top Down Network Design by > Priscilla Oppenheimer). > > I used it for my CCDA, but now when I am studying for CID, I realize how > good this book is, something I did not realize a few months back. > > That book was really well planned and I can only hope more will come of the > kind. Still looking for $55.00 to buy her other book on network > troubleshooting. > > Just a comment, please. > > CCDP-to-be [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63552&t=63546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
You are correct. That's why security should be a "belt and suspenders" approach. For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop the packets. http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1 ISS gets some stuff, Checkpoint is good at getting some other stuff, etc., I also don't allow much UDP in. It's blocked by an inbound ACL, as it's not statefully inspected. UDP 53 ( DNS ) and some host to host special allow's and that's it. Everything else is TCP. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63551&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Monitoring [7:63532]
On Sat, 22 Feb 2003, Kevin Banifaz wrote: > Thanks for the input guys. Netsaint Nagios looks real cool, I think I'll > give that a try. Netsaint/Nagios rocks. MRTG is also cool if you don't have much time, but if you've got time/energy to spare, roll your own using RRDTool. Unlike MRTG, RRDTool draws graphs on the fly for any period of time you specify, so accuracy isn't lost for periods older than 24 hours (fiddle with MRTG and you'll see where this can be a pain). One suggestion for both of them: Run them from a database. Create a table containing all your devices and what they are, then create a profile of monitoring for each device type. Now, whip up something quick to generate your Netsaint configs. It can be a /real/ pain finding errors in a hand written hosts.cfg file (Yes, I know there is a lint filter for it, but even so, if you don't have to mangle the file, why should you?). Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63550&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco over Madge Token Ring [7:63549]
Dear Group, I have a unit Madge LET36 Chassis with Token Ring Module LTR108F(Fiber) connected to IBM Mainframe 390 and this is the only token ring running in the network. The question here is, if this unit down what is the equivalent product I can replace? Please advice Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63549&t=63549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Come on now, the slammer worm? If you are security conscious this shouldn't have had any effect on you. Microsoft released a patch last summer. Security is a best effort solution. It is about layers and maintenance. You cannot eliminate risk, you can only reduce risk. An IDSs responsibility is to pick up attacks on the wire, not prevent them. I personally don't believe in allowing my IDS to respond to an attack. -Original Message- From: cebuano [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 8:22 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Albert, Very good point. Which brings me to this question - how can one measure the security of a network? It almost always is an after-the-fact response whichever vendor you choose. As you pointed out in your example regarding the slammer virus, have you heard any vendor claiming immunity from this? Is "detecting" synonymous with "preventing"? I'm also interested in this topic due to the fact that the pricing structure from almost ALL the major players in the IDS/Firewall market is astronomical. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Lu Sent: Friday, February 21, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > which one is better suited for our network. > > > > Can anyone voice their opinion about these two IDS? > > > > Thanks, > > > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63548&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
800 IPSec throughput [7:63547]
Hi all. I was wondering if anyone has practical experience with the 800 series as ipsec devices. I'm particularly interested in field-measured throughput and delay stats, but i'd settle for anecdotal evidence as well. FWIW, I just got a few in and I'm underwhelmed... Granted, I didn't order them to spec, but they shipped with 4MB DRAM and 8MB Flash. Guess how many images run in 4MB... Then when I went to bump the image up (after upping the RAM), the stupid tftp transfer kept timing out half way through. A little etherealing showed that the device stopped responding to ARP requests during the transfer (which had to be done from ROM due to limited flash space and the fact that you can't delete the running IOS from flash). I finally had to add static arp entries to my tftp server. Don't ask me why the server felt the need to re-arp after 5 seconds, either. :-) Anyhow, thanks in advance. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63547&t=63547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Top Down Network Design - Great Book!! [7:63546]
Hi, I just want to comment on this book again (Top Down Network Design by Priscilla Oppenheimer). I used it for my CCDA, but now when I am studying for CID, I realize how good this book is, something I did not realize a few months back. That book was really well planned and I can only hope more will come of the kind. Still looking for $55.00 to buy her other book on network troubleshooting. Just a comment, please. CCDP-to-be Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63546&t=63546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: invalid checksum [7:63112]
Could someone please help me out with this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63545&t=63112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Albert, Very good point. Which brings me to this question - how can one measure the security of a network? It almost always is an after-the-fact response whichever vendor you choose. As you pointed out in your example regarding the slammer virus, have you heard any vendor claiming immunity from this? Is "detecting" synonymous with "preventing"? I'm also interested in this topic due to the fact that the pricing structure from almost ALL the major players in the IDS/Firewall market is astronomical. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Lu Sent: Friday, February 21, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > which one is better suited for our network. > > > > Can anyone voice their opinion about these two IDS? > > > > Thanks, > > > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63544&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Done, finaly [7:63355]
Hi Arni and Congratulations for this career upgrade I passed last week BSCN, sure it was hard! This was my first CCNP, now I am preparing for the Switching exam. People say this one is easier than the BSCN but I am having some problems to understand all the trunking, prunning, and this vtp stuff!!! For me it was easier to learn how routing protocols work, I am using the Cisco Preparation Library and this is really heavy stuff!! Congrats - Original Message - From: "Joseph R. Taylor" Date: Wed, 19 Feb 2003 19:54:09 GMT To: [EMAIL PROTECTED] Subject: RE: CCNP Done, finaly [7:63355] Hi Arni, Congratulations. Good Job. JoeT Diego Martmnez Boqui -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63543&t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy, I'm interested in how you are doing monitoring on the security side of things. I'm aware of netforensics that can correlate FW/Router/IDS logs in real-time to tell you about attacks. My personal opinion of the product is that it's a beefed up syslog server with an oracle database in the backend to pump out reports. It's a good solution if you can afford it, otherwise you would have to develop your own scripts to pick out the syslog messages that is relevant. I think the ideal way of responding to security alerts is through a 24x7 cover, and have someone make changes on firewalls where necessary. I'm not too sure about the IDS modifying the FW's ACL in real time, sounds it could potentially be used by someone to DOS. What are people's experience in this, I would be intersted to know? Yes, you're right that most of the security systems are used to stop script kiddies, since exploits that get released have already been known by the more 'elite' hacking/cracking community for weeks/months before it was released. So the best you can do is to do your best to stop the mass herd of script kiddies, and the rest is a numbers game. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 1:51 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Albert, We have 24x7 cover so that response time is pretty quick. (and a very well defined escalation procedure). However at the end of the day you are right, I believe that no systems are secure, what we do is try to stick up as many deterants as possible to make it not worth while, and for the cracker to try and find a more easily exploited system. Further more, the majority of cracking alerts are as a result of script kiddies, and if 10 other systems show up as exploitable before ours, then that is half the war won. Albert Lu wrote: > > Hi Troy, > > Must be some secure site, reason I was interested is that I had > a discussion > with someone else before in regards to multi-vendor IDS > solutions and how > effective they might be. > > So if you mostly rely on manual action, and an attack came in > after hours, > how quickly can you respond to your alerts? Since for some > attacks, a half > hour response time could cause your site to be down (eg. > slammer virus). If > that was the case, even if you had all the vendor's IDS, it > will be useless. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 10:57 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > As with most things, you need to way up costs againts your > requirements. IN > our case, security is absolutely essential, so having a > multivendor security > solutions (and indeed fully redundant) is costly, but we see it > as > justified. > > With regards to action during attacks etc. We mostly rely on > manual actions > as we dont want to inadvertently block legitimate traffic (for > example if an > attack came from a spoofed IP). For automatic action, you can > make use of > Ciso Policy manage, which has the ability to dynamically > rewrite ACL's, on > Pix's, Routers, and indeed Cat's. according to data from IDS. > So for > example, if you where really paraniod (like we are),. you could > have pix's > as the first firewall, with IDS on the inside / dmz etc (using > IDSM or > standalone IDS), tie these together with Policy manager .. then > taking a > further step into your network, a set of Nokia Fw1 NG, along > with further > Nokia IDS solutions on the inside, and tied together using the > enterprisef > software! > > > > Albert Lu wrote: > > > > Hi, > > > > I'm just curious about your multi-vendor solution. It must > cost > > quite alot > > in order to have 3 IDS running. What about redundancy, if you > > are using dual > > switch/router/fw/ids, you would have a total of 6 IDS. > > > > Being able to detect attacks with multiple IDS is one thing. > > What action can > > it take once the IDS detects an attack? Logging it into the > > syslog server is > > not enough. > > > > Albert > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Friday, February 21, 2003 7:53 PM > > To: [EMAIL PROTECTED] > > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > > > > Hi Sean, > > > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > > IDS, and > > Snort on the server themselves. You can never be paranoid > > enough about > > these sort of things. Each vendor has different exploits etc, > > so by > > implementing a multi vendor path to your critical servers, you > > protect > > yourself from any signle vendor specific exploit! > > > > > > > > > > Sean Kim wrote: > > > > > > Hello all, > > > > > > My company is thinking about installing an IDS (dedicated > > > appliance type) for our network. > > > As far as I know, the Real Secure and th
RE: Network Monitoring [7:63532]
Thanks for the input guys. Netsaint Nagios looks real cool, I think I'll give that a try. Thanks again >From: "Rob Bains" >Reply-To: "Rob Bains" >To: [EMAIL PROTECTED] >Subject: RE: Network Monitoring [7:63532] >Date: Fri, 21 Feb 2003 23:34:43 GMT > >You may also want to look at netsaint or MRTG. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Sonic >Sent: February 21, 2003 3:29 PM >To: [EMAIL PROTECTED] >Subject: Re: Network Monitoring [7:63532] > >Whats up Gold by Ipswitch migh do it for you? >http://www.ipswitch.com/Products/WhatsUp/index.html > > Brian > >""Kevin Banifaz"" wrote in message >news:[EMAIL PROTECTED] > > Does anyone know of any free or really cheap network monitoring tools, >I > > work for a real cheap company and I can't get them to shell out for HP >OV. > > I appreciate a response. > > > > Thanks in advance > > > > Kaveh > > > > > > > > > > > > _ > > The new MSN 8: advanced junk mail protection and 2 months FREE* > > http://join.msn.com/?page=features/junkmail _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63541&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
""Albert Lu"" wrote in message news:[EMAIL PROTECTED] > how quickly can you respond to your alerts? Since for some attacks, a half > hour response time could cause your site to be down (eg. slammer virus). If > that was the case, even if you had all the vendor's IDS, it will be useless. Just to soapbox a bit on the current flare so many networking and security folks have for IDS's Using anything that only did detection would have let SQL slammer in. It is a single packet attack, by the time you saw one(and had vulnerable systems) it would have been too late for that host. Lets think about if you had super-double-secret AI to build a rule based the change in traffic behaviour of the (now infected) server and push this rule toward the "outside" or policy enforcement locations. Your would still have an infected server and any other vulnerable SQL server inside the nearest policy enforcement location would quickly also be infected. So now weeks later if you have vulnerable systems an IDS, with perfectly valid signatures, STILL does you no good. You would have already needed to deploy proper filtering, which was the case on day0, day10, and on day(-365). IDS's are nice tools, but like firewalls they don't do much for any network JUST becuase they were purchased and installed. Darrell Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63540&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Monitoring [7:63532]
Look at "What's Up Gold" from Ipswitch. Last I looked it's about $700 US. They have a 30 day eval on thier site. www.ipswitch.com - Original Message - From: "Kevin Banifaz" To: Sent: Friday, February 21, 2003 5:32 PM Subject: Network Monitoring [7:63532] > Does anyone know of any free or really cheap network monitoring tools, I > work for a real cheap company and I can't get them to shell out for HP OV. > I appreciate a response. > > Thanks in advance > > Kaveh > > > > > > _ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63539&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Different usename n pwd for PAP and CHAP [7:63442]
Hi Troy Thanks for the reply So, this would mean, there is no possibility of using one set of username/password for CHAP and another set for PAP, i guess. The same set of username/password for eg: cisco/cisco would be used for both CHAP and PAP. Regards Deepak Troy Leliard wrote: > > Normally you would only get one username / password., and the > ISP would configure CHAP, then PAP authentication, ie if the > cllent (user) tries to authenticate, and CHAP fails, it will > then authenticate using PAP. (CHAP Should always come first as > it is the more secure authentication method). > > Hope this helps > > > Deepak N wrote: > > > > Hi > > I am having this question. > > When configuring the username and password for PAP n CHAP, i > am > > giving different username n password. > > Is there any customer scenario where this kind of situation is > > there? > > Also does the ISP provide different username n password for > > different authentication types i.e, one set of username n > > password for CHAP and another set of username and password for > > PAP. > > i assume that ISP gives only one authentication type either > > CHAP or PAP not both. > > I need inputs from all of you > > > > Thanks in advance > > > > Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63538&t=63442 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Monitoring [7:63532]
You may also want to look at netsaint or MRTG. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sonic Sent: February 21, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: Re: Network Monitoring [7:63532] Whats up Gold by Ipswitch migh do it for you? http://www.ipswitch.com/Products/WhatsUp/index.html Brian ""Kevin Banifaz"" wrote in message news:[EMAIL PROTECTED] > Does anyone know of any free or really cheap network monitoring tools, I > work for a real cheap company and I can't get them to shell out for HP OV. > I appreciate a response. > > Thanks in advance > > Kaveh > > > > > > _ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63537&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Monitoring [7:63532]
Whats up Gold by Ipswitch migh do it for you? http://www.ipswitch.com/Products/WhatsUp/index.html Brian ""Kevin Banifaz"" wrote in message news:[EMAIL PROTECTED] > Does anyone know of any free or really cheap network monitoring tools, I > work for a real cheap company and I can't get them to shell out for HP OV. > I appreciate a response. > > Thanks in advance > > Kaveh > > > > > > _ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63536&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco ISDN issue [7:63535]
I don't what I am doing wrong, but apparently it is something to do with either Cisco 4500 router running ios 11.3. In router 1: I have DN: 963-5000 SPID1: 2569635101DN: 963-5001 SPID2: 25696350010101In router 2: I have DN: 963-6000 SPID1: 2569636101DN: 963-6001 SPID2: 25696360010101___hostname r1int bri0ip address 10.0.0.1 255.0.0.0encapsulation pppdialer map ip 10.0.0.2 name r2 broadcast 9636000dialer-group 1dialer-list 1 protocol ip permit___hostname r2int bri0ip address 10.0.0.2 255.0.0.0encapsulation pppdialer map ip 10.0.0.1 name r1 broadcast 9635000dialer-group 1dialer-list 1 protocol ip permit__First Issue: If I ping r2 (10.0.0.2), it will time out, however my interface gets connected. if I do show int bri 0 1 2, it will show bri0:1 is up line protocol is up, but ping will not go through. Because of frustration, I changed the Dial in number in both routers from 9635000 and 9636000 to 2nd Dial in numbers 963-5001 and 963-6001. ping was successfull. I don't know why it will not work on primary DNs. __Second issue: If I only want r1 to initiate a call, all I have to do remove dialer map command from the r2 router and that should only allow r1 to initiate a call, pretty basic that is what I thought so, but I guess I was wrong. If I do that I can get my interface bri0:1 to up/up mode, but ping will not go through. Some how these 4500 routers want dialer map commands on both routers along with only Second DNs.I spent the whole week in lab troubleshooting this issue, but finally gave up. I even check the logs in ISDN switch and it accepts the calls on it's interface, and that made me think that it is not the switch. However I could be wrong.Can someone please help? I am really frustrated.Thanks in advance,Regards, ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63535&t=63535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Effect of Multipoint config on point-to-point [7:63460]
First of all, what WAN technology will you be using. FR or PPP T1. Mulitpoint on FR will have a network type non-broadcast and will not neighbor to a router on point to point interface which will have network type point to point. Either you change your point to point network type to non-broadcast and use neighbor command on your hub router or change multipoint interface to point-to-point.--- On Thu 02/20, Monu Sekhon < [EMAIL PROTECTED] > wrote:From: Monu Sekhon [mailto: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Fri, 21 Feb 2003 02:06:14 GMTSubject: Effect of Multipoint config on point-to-point [7:63460]Hi Again ,A new small query on frame-relay itself.Is the config below valid and can it be used having both Multipoint on maininterface and poin-to-point sub interface simutaneusly.int serial 0encap frame-relayip address frame-relay interface-dlci 16int serial 0/0.2 multiip address frame-relay map 17Does such conguration can work or the Muti access config on main interfacewill afffect the sub interfaces connections also.What implications the above design has or all 3 connections can be made toworkany help will be appreciated.Thanx in advance Message Posted at:http://www.groupstudy.com/form/read.php?f=7&i=63460&t=63460--FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.htmlReport misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63534&t=63460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Monitoring [7:63532]
Does anyone know of any free or really cheap network monitoring tools, I work for a real cheap company and I can't get them to shell out for HP OV. I appreciate a response. Thanks in advance Kaveh _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63532&t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Breaking out of telnet [7:63530]
CTRL-SHIFT-6 Rodgers Moore ""SamN"" wrote in message news:[EMAIL PROTECTED] > From a router, I tried telnetting to another router but entered the wrong ip > address so it got stuck at: > > Trying 192.168.5.55 ... > How do i break out without waiting for those 15-20 seconds it keeps trying? > > thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63531&t=63530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Breaking out of telnet [7:63530]
>From a router, I tried telnetting to another router but entered the wrong ip address so it got stuck at: Trying 192.168.5.55 ... How do i break out without waiting for those 15-20 seconds it keeps trying? thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63530&t=63530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback Testing [7:63515]
This should help. http://www.cisco.com/en/US/tech/tk713/tk584/technologies_tech_note09186a0080 0a754b.shtml -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 1:00 PM To: [EMAIL PROTECTED] Subject: RE: Loopback Testing [7:63515] Do the routers have built-in CSU/DUSs? That makes a difference. Priscilla Curious wrote: > > I want to do a loopback testing between my router and a remote > router over a > Frame Circuit. > Tell me what i need to configure > Both routers are Cisco 2600 and running 12.0 IOS. > > thanks, > > > -- > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63529&t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Testing [7:63515]
Yes it has a BuiltIn CSU/DSU -- Curious MCSE, CCNP ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Do the routers have built-in CSU/DUSs? That makes a difference. > > Priscilla > > Curious wrote: > > > > I want to do a loopback testing between my router and a remote > > router over a > > Frame Circuit. > > Tell me what i need to configure > > Both routers are Cisco 2600 and running 12.0 IOS. > > > > thanks, > > > > > > -- > > Curious > > > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63528&t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Free Cisco Doc CD's [7:63522]
Chuck, I'd be very interested to hear how many requests you get about this. (I don't need the CDs.) Would you mind either posting to the group or replying directly to me after this weekend? Thanks! Geoff Mossburg -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 1:43 PM To: [EMAIL PROTECTED] Subject: Off Topic - Free Cisco Doc CD's [7:63522] Before you all go too crazy over this, here's what I have available June, 2002 March, 2002 October 2000 March 1998 maybe I should just toss these last two. found them when I was cleaning out one of my drawers. before you all inundate me with requests, the rules are as follows: 1) contact me at [EMAIL PROTECTED] ( do not reply to this message, please use the e-mail address provided, so I can keep track of requests. 2) you must be willing to send me a self address stamped envelope capable of transporting the CD set. You can get those 5x7 padded envelopes just about everywhere. probably 2 bucks postage will do. This means folks outside the US can receive these CD's, just so long as they provide me with a US postage paid envelope. Outside the US, people will have to check rates with their own postal services. I will accumulate requests over the weekend, and I will contact people directly Sunday evening or Monday morning. Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63527&t=63522 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Testing [7:63515]
Actually, Frame Relay switches don't forward the loop messages received on local port to the remote port. You can only loop between each end router and it's local Frame Relay switch. So, unless this is a cross-over simulation, you won't be able to achieve end-to-end loop. So, you can do loopback tests between each end router and it's Frame Switch. As long as those tests show fine - and your configuration is correct :-) - and you still have issues it might simply be the telco problem. But most often than not, you gotta prove it to them by running these tests. ""Curious"" wrote in message news:[EMAIL PROTECTED] > I want to do a loopback testing between my router and a remote router over a > Frame Circuit. > Tell me what i need to configure > Both routers are Cisco 2600 and running 12.0 IOS. > > thanks, > > > -- > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63526&t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Traning [7:63494]
I studied the caslow book and did the paper by Dennis L. on the sna token ring stuff. The Boson test by the same Dennis was the icing on the cake for me...you will probably want to know MPLS/Multicast and QOS also now Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Kaminski, Shawn G" To: Sent: Friday, February 21, 2003 8:11 AM Subject: RE: CCIE Written Traning [7:63494] > I don't know of any training classes for the CCIE Written, probably because > the CCIE Written covers a lot of oddball technologies, etc. If you did find > a class, all they would probably do is go over the topics on the CCIE > Written blueprint. Why bother paying for a class when you can do that for > free?!! Just go the Cisco site, print out the blueprint, and start searching > CCO on each topic. It's probably the best way to study for the CCIE Written. > > Shawn K. > > -Original Message- > From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 4:21 AM > To: [EMAIL PROTECTED] > Subject: CCIE Written Traning [7:63494] > > Can any one recomed a good traning class for the CCIE Written Exam, most of > the CCIE traning programs I see offerd are traning for the lab, after you > have taken the written. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63521&t=63494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
protocol IP length 318 [7:63524]
Hello Can any one tell what is mean when I see in the event log alert: packet from (IP Address)(MAC Address) to (IP Address)(MAC Address) protocol IP length 318,and others with 306,309,174 and so on in Cisco wireless bridge 350 Could you please help? hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63524&t=63524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame-Relay issue [7:63446]
There's obviously no good answer to why there are no problems bringing the link up/up when you type in the commands one by one but there are problems when you copy and paste them. Here are some suggestions, though: 1) You work for Cisco. Report it as a bug. 2) The copy and paste is corrupting a character, forgetting to do carriage return or something of that nature. Do all the commands end up the in the running config? 3) There's some sort of timing issue. To fix the problem: Don't do copy and paste that fast. :-) Priscilla Monu Sekhon wrote: > > Hi Mark, > Thanx for reply.but I mentioned that when we do shut & no shut > again link comes up.no dlci, no lmi problem: > I am testing in lab setup two rouetrs connnected to frame-relay > cloud > Please do help anybody in this regard, why the link doesnot > come at one instant > why it requiers again shut and no shut, when i copy paste the > config and when i give command by command then without gving > shut and noshut the link comes up. > > Mark W. Odette II wrote: > > > > >>in show ip interface it shows as protocol down , physical > > link up. > > >>sh frame-relay pvs shows as inactive.no lmi are exchanged. > > > > Usually "Protocol Down, Link Up" indicates that you have > > mismatched > > encapsulation, LMI-Type, or even incorrect IP Addressing > (wrong > > Subnet > > or incorrect Subnet Mask) between your end and the other end > of > > the FR > > Network. > > > > If no LMI is exchanged, then the LMI-Type is incorrect between > > that > > Serial Interface and the Service Provider Frame Switch. > > > > If this is a Frame Relay LAB setup, double-check your Frame > > Relay > > "Switch" configuration. > > > > If this is a Production Setup, contact your ISP and verify > your > > Frame > > Relay configuration parameters. (LMI-Type, DLCI, etc.) > > > > > > On the No Shut command, I'd use it last on each interface you > > configure. > > > > -Mark > > > > -Original Message- > > From: Monu Sekhon [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 20, 2003 7:40 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Frame-Relay issue [7:63446] > > > > Hi Larry/John, > > I forgot to mention no shut in the above confif while writing > > here, > > Its still there and connection does not come out > > See I mentioned that while giving command by command manually > > connection > > comes out. > > It seems to me that while the interface is down during that > > frame-relay > > LMIs > > think that interface is down and make the link down. > > I am rather confused.I dont know but this is happening. > > > > again writing config: > > -- > > interface Serial0 > > shut (if i give here no shut then link comes up at one go) > > encapsulation frame-relay > > frame-relay lmi-type cisco > > no shut > > exit > > interface Serial0/0.1 point-to-point > > no shutdown > > ip address 1.1.1.1 255.255.255.0 > > frame-relay interface-dlci 108 > > exit > > > > > > and also John try these in your router but at one go the > > interface will > > not > > come up as far i know .I agree with ur confguration and mine > is > > also > > correct > > .Its said by Prisicilla and others that shutting a interface > > is good > > practise while configuring encap types.This i read in one of > > the > > previous > > Posts. > > so can u all reply what is the problem here > > in show ip interface it shows as protocol down , physical link > > up. > > sh frame-relay pvs shows as inactive.no lmi are exchanged. > > any help will be appreciated. > > > > > > - > > Larry Letterman wrote: > > > > > > enter the no shut command into your cut and paste script for > > > the Int Ser0 and it will > > > come up..all interfaces in a router are always defaulted to > > > shutdown..In your case the > > > Main interface needs to be no shut in order for the logical > > > interface to work... > > > > > > -- > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > > > > > > ""Monu Sekhon"" wrote in message > > > news:[EMAIL PROTECTED] > > > > Hi All > > > > Hey I am facing a strange problem in frame-relay > > > > > > > > My config > > > > -- > > > > my initial config > > > > int serial 0 > > > > (nothing confgured initially) > > > > > > > > Then I cut paste this config and my link does not come up > > > means Interface > > > > does not come up. > > > > > > > > interface Serial0 > > > > shut (if i give here no shut then link comes up at one go) > > > > encapsulation frame-relay > > > > frame-relay lmi-type cisco > > > > exit > > > > interface Serial0/0.1 point-to-point > > > > no shutdown > > > > ip address 1.1.1.1 255.255.255.0 > > > > frame-relay interface-dlci 108 > > > > exit > > > > > > > > I have to do shut and no shut on main interface why ? > > > > > > > > if the above commands i execute one by one then the link > > > comes up. > > > > > > > > Is it a differnece between pasting the config at one go or > > >
Off Topic - Free Cisco Doc CD's [7:63522]
Before you all go too crazy over this, here's what I have available June, 2002 March, 2002 October 2000 March 1998 maybe I should just toss these last two. found them when I was cleaning out one of my drawers. before you all inundate me with requests, the rules are as follows: 1) contact me at [EMAIL PROTECTED] ( do not reply to this message, please use the e-mail address provided, so I can keep track of requests. 2) you must be willing to send me a self address stamped envelope capable of transporting the CD set. You can get those 5x7 padded envelopes just about everywhere. probably 2 bucks postage will do. This means folks outside the US can receive these CD's, just so long as they provide me with a US postage paid envelope. Outside the US, people will have to check rates with their own postal services. I will accumulate requests over the weekend, and I will contact people directly Sunday evening or Monday morning. Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63522&t=63522 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-lists [7:63520]
Hello all. I'am stumped on an access-list that i need to create. What i did was i set up two routers using rip and put loopbacks on one of them and advertised them in rip. I then attempted to build an access-list allowing just these networks to pass into the other router. The router with the loopbacks is A the destination is B. so I know this will be a standard access list (direction in) on router B's interface to router A. The requirements are allow any packet originating from 192.17.77.0 /24 allow any packet originating from 192.17.73.0 /24 allow any packet originating from 192.81.77.0 /24 allow any packet originating from 192.81.73.0 /24 allow any packet originating from 176.17.77.0 /24 allow any packet originating from 176.17.73.0 /24 allow any packet originating from 176.81.77.0 /24 allow any packet originating from 176.81.73.0 /24 Hers what i think i can do with the 182 address i can do permit ip 192.17.73.0 0.64.4.0 because the 64 will increase the second octet to 81 then the 4 in the third bit will increase the network to 77. Is this how i would impliment this filtering policy in just two statements? The same way with the 176 networks? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63520&t=63520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 2950 and trunk negotiation [7:63466]
Robert is correct, Cisco is moving to the gear to support most of the standards. Most of the new switches will be on Dot1q/Dot1p since thats the standard for layer 2EIGRP is still in use by a lot of places so I believe it will stay for a good while.. Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Robert Edmonds" To: Sent: Friday, February 21, 2003 6:41 AM Subject: Re: cisco 2950 and trunk negotiation [7:63466] > The reason that the 2950's do not support ISL trunking is that Cisco is > gradually moving towards supporting the major standards more and proprietary > standards less. As part of this plan they are beginning to make switches > that only support dot1q trunking. At least that's what a TAC engineer told > me. However, this brought up the question, "What about EIGRP?" He assured > me that some of the proprietary stuff like EIGRP, where there is a real > tangible benefit to using it, will stay. > > Robert > > ""John Brandis"" wrote in message > news:[EMAIL PROTECTED] > > Hi, > > > > Any one else noticed that on the 2950, and I guessing other catalyst low > end > > switch's, that one cant define the encapsulation of the trunk link. Yes it > > will auto negotiate, however I feel that control has been pulled away from > > me. I also dont like on the 4006, that you can only define this same > setting > > (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the > > ports default to dot1q. Thankfully I use this, but I am betting that there > > are the odd people out there who may use ISL... > > > > Can some one tell me, is possible, how to define what type of trunk I wish > > to use on the 2950 using IOS 12.1(11) > > > > Thanks all > > > > John > > (please correct where I am wrong) > > > > > > ** > > > > visit http://www.solution6.com > > > > UK Customers - http://www.solution6.co.uk > > > > ** > > > > The Solution 6 Head Office and NSW Branch has moved premises. > > Please make sure you have updated your records with our new details. > > > > Level 14, 383 Kent Street, Sydney NSW 2000. > > > > General Phone: 61 2 9278 0666 > > > > General Fax: 61 2 9278 0555 > > > > ** > > > > This email message (and attachments) may contain information that is > > confidential to Solution 6. If you are not the intended recipient you > cannot > > use, distribute or copy the message or attachments. In such a case, > please > > notify the sender by return email immediately and erase all copies of the > > message and attachments. Opinions, conclusions and other information in > > this message and attachments that do not relate to the official business > of > > Solution 6 are neither given nor endorsed by it. > > > > * [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63519&t=63466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL and PIX puzzle [7:63498]
Strictly speaking, I didn't do the math and verify (since you specified "for example") the ip net block against your example subnet mask. You specified .248 as your mask before, now you're indicating it as /24 mask. Which ever it is, the point was this: If the ISP has assigned you a two-host subnet for the ADSL connection to them (Just like a Point-to-Point T1), and they've also assigned you a block of 8 addresses (1 used for Net boundary, 1 used for Broadcast, 1 used for the Router, 5 used for what ever you feel like), then you would follow the suggestions for addressing that I laid out. If you were assigned full Class C addresses for either the DSL Connection OR the "Client" Public block (which represents hosts like your WebServer via NAT), then simply put the /24 mask on each interface. For the ADSL connection itself though, that would be a gross waste of addresses. Also, if you were given TWO Class C blocks, then you could simply put one IP from the first block on your Dialer Interface, one IP from the same block on the Ethernet0 Interface, and one IP from the same block on the Outside Interface of the PIX. You'd then put 1 IP address from the second block on the Inside interface, and DHCP/STATIC Assign the rest of that block to any host on the Inside network (alternatively, if you had a PIX that had the DMZ NIC, you could put the second block on that, but the address assignment still applies in practice). This would work for the application of your web server hosting a max of 253 Unique .com/.net/.org/.whatever websites- each with its own unique public address (you can assign a whole class C to a single NIC). This would, of course be a waste of addresses if your web server is only hosting a couple of websites and you don't even have a LAN that uses all 254 addresses of that second public block. Doing Double-Nat is only really necessary (from my limited experience) for situations where you are trying to connect two LANs together that were previously numbered with the same net block/mask, i.e., LAN A and LAN B are on the 172.16.30.x/24 network. You have to introduce an additional router/firewall into the mix on ONE of the ends to make the connection work (whether it be GRE Tunneling from LAN to LAN, VPN Tunnel from LAN to LAN, etc.). I'm quite sure others will expand on or correct me where I'm not hitting the mark :) -Mark -Original Message- From: dlci dlci [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 4:25 AM To: [EMAIL PROTECTED] Subject: RE: ADSL and PIX puzzle [7:63498] I would like to thank everyone who helped out with my Pix horror picture show. This has aroused some possiblities where previously I couldn4t, lets say "see the trees from the forest"(or is it the other way around ;) However this has also brought up some questions about all your suggestions. ..the story so far: Network number: 200.10.10.136/30 So I use 200.10.10.138 255.255.255.0 since provide uses the other available IP Public IPs: 200.10.15.184/29 webserver is 200.10.15.189 Ok, following Mark4s tip I would put 200.10.10.138 255.255.255.0 on Dialer int. Mark then suggests "Put 200.10.15.184/29 on the Ethernet0 of the DSL Router..." and "Put 200.10.15.185/29 on the PIX Outside Interface..." umm, the IP on eth0 is my network number for public IP space, so, shouldn4t eth0 on router be 200.10.15.185/24 ? If so wouldn4t I be wasting 1 IP to get to the pix? Albert Lu suggests using ip unnumbered eth0, on the Dialer int, ok, then if I use 200.10.10.138/24 on eth0 on the router(ISP uses the other available IP) what other IP could I use on the pix eth0 (interface directly connected to router4s eth0)? Why wouldn4t I want to use NAT on both router and pix, and go with Kent Hundley suggestion? _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63518&t=63498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
callback without calling back!!! [7:63517]
Hi, I have a 3620 (12.1) with Cisco ACS configured for callback option. The Client dials in ok, and you are prompted for the callback number, if you press ok, you will be called back without any problem but you have another option to press ESCAPE if you want to connect directly without calling back, at this point we are getting: "Error 619: the specified port is not connected" Any ideas on where I can look next would be appreciated. thanx [GroupStudy removed an attachment of type text/x-vcard which had a name of Orest.Umudumov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63517&t=63517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Traning [7:63494]
I don't know of any training classes for the CCIE Written, probably because the CCIE Written covers a lot of oddball technologies, etc. If you did find a class, all they would probably do is go over the topics on the CCIE Written blueprint. Why bother paying for a class when you can do that for free?!! Just go the Cisco site, print out the blueprint, and start searching CCO on each topic. It's probably the best way to study for the CCIE Written. Shawn K. -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 4:21 AM To: [EMAIL PROTECTED] Subject: CCIE Written Traning [7:63494] Can any one recomed a good traning class for the CCIE Written Exam, most of the CCIE traning programs I see offerd are traning for the lab, after you have taken the written. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63516&t=63494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback Testing [7:63515]
I want to do a loopback testing between my router and a remote router over a Frame Circuit. Tell me what i need to configure Both routers are Cisco 2600 and running 12.0 IOS. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63515&t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Health Checks on Local Director [7:63514]
HI all, I am playing around with some Local Director (416's) and would like to konw if anyone has found a way of doing intelligent health checks (layer 7), of anything other than HTTP and DNS. Eg I want to have a VIP bound to 3-4 real servers, and then health check a specific service on the real servers (other than http/dns/ping), and if the port is not listening to remove the real server from the pool. I know you can do this on the newer css's but haven't found a way to do it on the 416's ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63514&t=63514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lost Switch [7:63469]
The simplest and least-intrusive method I can think of would be to use mobile arp. Simply add 'ip arp mobile' or whatever the exact command is to the router interface leading to that switch. Then perhaps an a static host route on that same interface pointing to that oddball IP address. That would allow you to access that specific IP address without causing any other routing issues should you be using that same subnet somewhere else in your network. Regards, John >>> "Kevin Wigle" 2/20/03 9:19:42 PM >>> Our group got a support call that a port wasn't working on a switch. A colleague started looking into the case and found that he couldn't connect to the switch. (or ping etc) He was able to get to another switch which is directly connected. Using CDP he was able to see that the switch is incorrectly configured with the wrong IP address. The real subnet is 10.235.x.x but CDP nei det says that the switch has 10.255.x.x configured. Is there a way we can get to the switch and fix it over the wire? Kevin Wigle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63513&t=63469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffer with span on port 6/4 - where just station B is [7:63512]
I found the following url about some reasons for flooding. http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800a875c.shtml#subtopic2C I am trying to find what is the limit of the Forwarding Table for a 6509 switch. I could not find information about this. "[EMAIL PROTECTED]" @groupstudy.com em 21/02/2003 09:53:36 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Sniffer with span on port 6/4 - where just station B is [7:63504] Why would a switch lose its CAM entry if the PC is transmiting packets when flood packets? I am wondering if there is other condition besides bug or fail module. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63512&t=63512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Albert, We have 24x7 cover so that response time is pretty quick. (and a very well defined escalation procedure). However at the end of the day you are right, I believe that no systems are secure, what we do is try to stick up as many deterants as possible to make it not worth while, and for the cracker to try and find a more easily exploited system. Further more, the majority of cracking alerts are as a result of script kiddies, and if 10 other systems show up as exploitable before ours, then that is half the war won. Albert Lu wrote: > > Hi Troy, > > Must be some secure site, reason I was interested is that I had > a discussion > with someone else before in regards to multi-vendor IDS > solutions and how > effective they might be. > > So if you mostly rely on manual action, and an attack came in > after hours, > how quickly can you respond to your alerts? Since for some > attacks, a half > hour response time could cause your site to be down (eg. > slammer virus). If > that was the case, even if you had all the vendor's IDS, it > will be useless. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 21, 2003 10:57 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > As with most things, you need to way up costs againts your > requirements. IN > our case, security is absolutely essential, so having a > multivendor security > solutions (and indeed fully redundant) is costly, but we see it > as > justified. > > With regards to action during attacks etc. We mostly rely on > manual actions > as we dont want to inadvertently block legitimate traffic (for > example if an > attack came from a spoofed IP). For automatic action, you can > make use of > Ciso Policy manage, which has the ability to dynamically > rewrite ACL's, on > Pix's, Routers, and indeed Cat's. according to data from IDS. > So for > example, if you where really paraniod (like we are),. you could > have pix's > as the first firewall, with IDS on the inside / dmz etc (using > IDSM or > standalone IDS), tie these together with Policy manager .. then > taking a > further step into your network, a set of Nokia Fw1 NG, along > with further > Nokia IDS solutions on the inside, and tied together using the > enterprisef > software! > > > > Albert Lu wrote: > > > > Hi, > > > > I'm just curious about your multi-vendor solution. It must > cost > > quite alot > > in order to have 3 IDS running. What about redundancy, if you > > are using dual > > switch/router/fw/ids, you would have a total of 6 IDS. > > > > Being able to detect attacks with multiple IDS is one thing. > > What action can > > it take once the IDS detects an attack? Logging it into the > > syslog server is > > not enough. > > > > Albert > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Friday, February 21, 2003 7:53 PM > > To: [EMAIL PROTECTED] > > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > > > > Hi Sean, > > > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > > IDS, and > > Snort on the server themselves. You can never be paranoid > > enough about > > these sort of things. Each vendor has different exploits etc, > > so by > > implementing a multi vendor path to your critical servers, you > > protect > > yourself from any signle vendor specific exploit! > > > > > > > > > > Sean Kim wrote: > > > > > > Hello all, > > > > > > My company is thinking about installing an IDS (dedicated > > > appliance type) for our network. > > > As far as I know, the Real Secure and the Cisco IDS are two > > > biggest names out there. So I checked out the documents and > > > white papers provided by the each company, but I couldn't > > > really come up with what the differences are between them, > and > > > which one is better suited for our network. > > > > > > Can anyone voice their opinion about these two IDS? > > > > > > Thanks, > > > > > > Sean Kim > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63511&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
There are some papers comparing IDS solution (Cisco, ISS, Snort, etc) on NSS. The did a good job. http://www.nss.co.uk/ Paulo Roque Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63510&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 2950 and trunk negotiation [7:63466]
The reason that the 2950's do not support ISL trunking is that Cisco is gradually moving towards supporting the major standards more and proprietary standards less. As part of this plan they are beginning to make switches that only support dot1q trunking. At least that's what a TAC engineer told me. However, this brought up the question, "What about EIGRP?" He assured me that some of the proprietary stuff like EIGRP, where there is a real tangible benefit to using it, will stay. Robert ""John Brandis"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > Any one else noticed that on the 2950, and I guessing other catalyst low end > switch's, that one cant define the encapsulation of the trunk link. Yes it > will auto negotiate, however I feel that control has been pulled away from > me. I also dont like on the 4006, that you can only define this same setting > (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the > ports default to dot1q. Thankfully I use this, but I am betting that there > are the odd people out there who may use ISL... > > Can some one tell me, is possible, how to define what type of trunk I wish > to use on the 2950 using IOS 12.1(11) > > Thanks all > > John > (please correct where I am wrong) > > > ** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ** > > The Solution 6 Head Office and NSW Branch has moved premises. > Please make sure you have updated your records with our new details. > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63509&t=63466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > which one is better suited for our network. > > > > Can anyone voice their opinion about these two IDS? > > > > Thanks, > > > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63508&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco 2950 and trunk negotiation [7:63466]
I am pretty sure that the 2950's only support dot1q trunking and Cisco never plans to change that. I remember reading that in an article. The 2950's are basically taking over the 1900 series which is ironic because the 1900's only support isl. We personally use dot1q on all our trunks because you can do more with traffic prioritization with dot1q headers. -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 9:22 PM To: [EMAIL PROTECTED] Subject: cisco 2950 and trunk negotiation [7:63466] Hi, Any one else noticed that on the 2950, and I guessing other catalyst low end switch's, that one cant define the encapsulation of the trunk link. Yes it will auto negotiate, however I feel that control has been pulled away from me. I also dont like on the 4006, that you can only define this same setting (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the ports default to dot1q. Thankfully I use this, but I am betting that there are the odd people out there who may use ISL... Can some one tell me, is possible, how to define what type of trunk I wish to use on the 2950 using IOS 12.1(11) Thanks all John (please correct where I am wrong) ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63507&t=63466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
You can span/mirror 2 ports into one so we only have one set at each ISP connection. Most of the action is manual with the exception of some fairly proven exploits that we use ISS "kills" to handle, such as Napster traffic ( not a big deal now that it's gone ), gnutella, code red, DNS I-queries, etc. If I turn all of the automatic stuff on, when a known signature match is made, whomever that was is no longer able to gain access as via OPSEC connections ( http://www.opsec.com/solutions/sec_intrusion_detection.html ) , that block that connection and future connections for that IP for a pre-determined time. Cisco have the same type of deal for controlling Cisco devices via the Cisco IDS but I don't like IDS doing too much automatically though. It's all kinda like virus protection though, you have to have a signature match to detect it. Which means you have to have a signature written before that attack can be recognized. It's all a "belt-and-suspenders" approach really. With a combination of ACL's on the ISP connection router and firewall rules and then ACL's on the router after the firewall, we get most of the stuff. Snort requires a hardare investment and a lot of tuning. It's not for the novice but it is on my list of yet another IDS at some point. Probably after we do the Cisco blades on the 6500's.. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63506&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bridge loop and spanning tree NB : sorry I made a mistake there [7:63505]
Hello Could you please tell why sometime I have in the log of my bridge 350 wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour later there is no more loop in the bridge, can we have loop occasionally? And how I can resolve the bridge loop problem If I enable spanning tree on the bridge and chose the root bridge, do I need to disable the spanning tree on the APs or the AP also need to be spanning tree enable, and one last question in switch 2900 the priority to the root bridge must be 4096,8192,12288 and so on, did the bridge root priority is the same as the switch or I can chose any number less than 32000? Do I need also to choose the root bridge in the switches or its enough for the bridges Thank you for your help Hanan NB : sorry I made a mistake there is no spanning tree in AP ignore my question about that Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63505&t=63505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sniffer with span on port 6/4 - where just station B is [7:63504]
Why would a switch lose its CAM entry if the PC is transmiting packets when flood packets? I am wondering if there is other condition besides bug or fail module. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63504&t=63504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bridge loop and spanning tree [7:63503]
Hello Could you please tell why sometime I have in the log of my bridge 350 wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour later there is no more loop in the bridge, can we have loop occasionally? And how I can resolve the bridge loop problem If I enable spanning tree on the bridge and chose the root bridge, do I need to disable the spanning tree on the APs or the AP also need to be spanning tree enable, and one last question in switch 2900 the priority to the root bridge must be 4096,8192,12288 and so on, did the bridge root priority is the same as the switch or I can chose any number less than 32000? Do I need also to choose the root bridge in the switches or its enough for the bridges Thank you for your help hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63503&t=63503 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccnp simulator [7:63502]
There is a lot of router simulators but Is there any good for the ccnp? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63502&t=63502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > which one is better suited for our network. > > > > Can anyone voice their opinion about these two IDS? > > > > Thanks, > > > > Sean Kim > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63501&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi, I'm just curious about your multi-vendor solution. It must cost quite alot in order to have 3 IDS running. What about redundancy, if you are using dual switch/router/fw/ids, you would have a total of 6 IDS. Being able to detect attacks with multiple IDS is one thing. What action can it take once the IDS detects an attack? Logging it into the syslog server is not enough. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 7:53 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Sean, I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and Snort on the server themselves. You can never be paranoid enough about these sort of things. Each vendor has different exploits etc, so by implementing a multi vendor path to your critical servers, you protect yourself from any signle vendor specific exploit! Sean Kim wrote: > > Hello all, > > My company is thinking about installing an IDS (dedicated > appliance type) for our network. > As far as I know, the Real Secure and the Cisco IDS are two > biggest names out there. So I checked out the documents and > white papers provided by the each company, but I couldn't > really come up with what the differences are between them, and > which one is better suited for our network. > > Can anyone voice their opinion about these two IDS? > > Thanks, > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63500&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
clear arp [7:63499]
Is there a command that I can use to clear the arp table of a specific VLAN on a Cat6500 with MSFC2?. thanks _ Who's your buddy? Win Vespa scooters for yourself and 5 of your buddies! http://www.sweepstakes2003.com/entry.aspx?LocationID=3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63499&t=63499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL and PIX puzzle [7:63498]
I would like to thank everyone who helped out with my Pix horror picture show. This has aroused some possiblities where previously I couldn4t, lets say "see the trees from the forest"(or is it the other way around ;) However this has also brought up some questions about all your suggestions. ..the story so far: Network number: 200.10.10.136/30 So I use 200.10.10.138 255.255.255.0 since provide uses the other available IP Public IPs: 200.10.15.184/29 webserver is 200.10.15.189 Ok, following Mark4s tip I would put 200.10.10.138 255.255.255.0 on Dialer int. Mark then suggests "Put 200.10.15.184/29 on the Ethernet0 of the DSL Router..." and "Put 200.10.15.185/29 on the PIX Outside Interface..." umm, the IP on eth0 is my network number for public IP space, so, shouldn4t eth0 on router be 200.10.15.185/24 ? If so wouldn4t I be wasting 1 IP to get to the pix? Albert Lu suggests using ip unnumbered eth0, on the Dialer int, ok, then if I use 200.10.10.138/24 on eth0 on the router(ISP uses the other available IP) what other IP could I use on the pix eth0 (interface directly connected to router4s eth0)? Why wouldn4t I want to use NAT on both router and pix, and go with Kent Hundley suggestion? _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63498&t=63498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bridge loop [7:63497]
Hello Could you please tell why sometime I have in the log of my bridge 350 wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour later there is no more loop in the bridge, can we have loop occasionally? And how I can resolve the bridge loop problem hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63497&t=63497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame-Relay issue [7:63446]
Hi Mark, Thanx for reply.but I mentioned that when we do shut & no shut again link comes up.no dlci, no lmi problem: I am testing in lab setup two rouetrs connnected to frame-relay cloud Please do help anybody in this regard, why the link doesnot come at one instant why it requiers again shut and no shut, when i copy paste the config and when i give command by command then without gving shut and noshut the link comes up. Mark W. Odette II wrote: > > >>in show ip interface it shows as protocol down , physical > link up. > >>sh frame-relay pvs shows as inactive.no lmi are exchanged. > > Usually "Protocol Down, Link Up" indicates that you have > mismatched > encapsulation, LMI-Type, or even incorrect IP Addressing (wrong > Subnet > or incorrect Subnet Mask) between your end and the other end of > the FR > Network. > > If no LMI is exchanged, then the LMI-Type is incorrect between > that > Serial Interface and the Service Provider Frame Switch. > > If this is a Frame Relay LAB setup, double-check your Frame > Relay > "Switch" configuration. > > If this is a Production Setup, contact your ISP and verify your > Frame > Relay configuration parameters. (LMI-Type, DLCI, etc.) > > > On the No Shut command, I'd use it last on each interface you > configure. > > -Mark > > -Original Message- > From: Monu Sekhon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 20, 2003 7:40 PM > To: [EMAIL PROTECTED] > Subject: Re: Frame-Relay issue [7:63446] > > Hi Larry/John, > I forgot to mention no shut in the above confif while writing > here, > Its still there and connection does not come out > See I mentioned that while giving command by command manually > connection > comes out. > It seems to me that while the interface is down during that > frame-relay > LMIs > think that interface is down and make the link down. > I am rather confused.I dont know but this is happening. > > again writing config: > -- > interface Serial0 > shut (if i give here no shut then link comes up at one go) > encapsulation frame-relay > frame-relay lmi-type cisco > no shut > exit > interface Serial0/0.1 point-to-point > no shutdown > ip address 1.1.1.1 255.255.255.0 > frame-relay interface-dlci 108 > exit > > > and also John try these in your router but at one go the > interface will > not > come up as far i know .I agree with ur confguration and mine is > also > correct > .Its said by Prisicilla and others that shutting a interface > is good > practise while configuring encap types.This i read in one of > the > previous > Posts. > so can u all reply what is the problem here > in show ip interface it shows as protocol down , physical link > up. > sh frame-relay pvs shows as inactive.no lmi are exchanged. > any help will be appreciated. > > > - > Larry Letterman wrote: > > > > enter the no shut command into your cut and paste script for > > the Int Ser0 and it will > > come up..all interfaces in a router are always defaulted to > > shutdown..In your case the > > Main interface needs to be no shut in order for the logical > > interface to work... > > > > -- > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > > > > > ""Monu Sekhon"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi All > > > Hey I am facing a strange problem in frame-relay > > > > > > My config > > > -- > > > my initial config > > > int serial 0 > > > (nothing confgured initially) > > > > > > Then I cut paste this config and my link does not come up > > means Interface > > > does not come up. > > > > > > interface Serial0 > > > shut (if i give here no shut then link comes up at one go) > > > encapsulation frame-relay > > > frame-relay lmi-type cisco > > > exit > > > interface Serial0/0.1 point-to-point > > > no shutdown > > > ip address 1.1.1.1 255.255.255.0 > > > frame-relay interface-dlci 108 > > > exit > > > > > > I have to do shut and no shut on main interface why ? > > > > > > if the above commands i execute one by one then the link > > comes up. > > > > > > Is it a differnece between pasting the config at one go or > > what when i give > > > command single by single. > > > I enable debugging for frame-relay packets and it shows > > encap faiiled once > > > only on the above sub interface.is anything frame-relay > > lmis has anything > > > to do. > > > I am very confused. > > > Thanx in advance > > [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63495&t=63446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Traning [7:63494]
Can any one recomed a good traning class for the CCIE Written Exam, most of the CCIE traning programs I see offerd are traning for the lab, after you have taken the written. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63494&t=63494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccnp kit [7:63453]
Got a friend who is looking for a ccnp kit, you know a couple switches, a few routers. It seems he would rather pay a little more for the ability to have some warranty and the convenience of buying it all at once. He already knows about optsys.net and chipsettech.com. Any other recommendations? Brian Why do we reward illegal behavior? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63453&t=63453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL and PIX puzzle [7:63458]
Hi, Ideally, you should have the 827 using 'ip unumbered' on the ADSL (dialer) interface, so that it uses the ethernet interface as the ip address. This will allow the outside interface of the PIX to be in the public ip address range that you are allocated, no need for subnetting as suggestted as this will waste IP address. Once that is done, just do your standard NAT on you PIX with statics for your webservers etc, etc. If that isn't possible, then will have to do NAT on the router, and put statics on the router. The PIX will be doing no translation, so you can either use nat0 or static (you might need both), I prefer statics. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of dlci_16 Sent: Friday, February 21, 2003 12:34 PM To: [EMAIL PROTECTED] Subject: ADSL and PIX puzzle [7:63458] Hello networkers, I am trying to "conjure up" a working config for an ADSL link with static IPs for a 827 series router, these public IPs are supposed to point to, say a webserver, that sits behind a pix firewall (which is directly connected to 827 router4s ethernet interface), problem is when I try to come up with a working config. I find myself getting into trouble. (The catch is, I need the webserver behind that pix.) Now this gets me using NAT twice to get a public IP from the internet through the router past the pix and into my webserver, I know it doesn4t sound right and obviously does not work either ;), Any help/clue/criticisms are most welcome ;) Ok, What it looks like so far: [internet] >[router] ->[pix] ->[lan/webserver] [827series]->[506E]--->[lan/webserver] IP addresses: For internet access I have 200.10.10.136 mask 255.255.255.0 Public IPs: 200.10.15.184 255.255.255.248 (for example) Public IP for my webserver is 200.10.15.189 Router 827: -- ! int eth0 ip address 192.168.0.200 255.255.255.255.0 ip nat inside ! int atm0 no ip address dsl operating-mode auto ! int atm0.1 point-to-point no ip address pvc 0/35 pppoe-cliente dial-pool-number 1 ! int dialer1 ip address 200.10.10.136 255.255.255.0 ip nat outside dialer pool 1 ! ip nat inside source list 1 interface dialer1 overload ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable access-list 1 permit 192.168.0.0 0.0.0.255 ! ip route 0.0.0.0 0.0.0.0 interface dialer1 ! PIX 506E: - ! nameif eth0 outside security0 nameif eth1 inside security 100 ! ip address outside 192.168.0.201 255.255.255.0 ip address inside 192.168.1.21 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 192.168.0.200 1 ! global (outside) 1 192.168.0.202-192.168.0.248 nat (inside) 1 192.168.0.0 255.255.255.0 ! name 192.168.1.30 webserver ! static (inside,outside) 200.10.15.189 webserver ! access-list acl_out permit tcp any host 200.10.15.189 eq 80 ! access-group acl_out in interface outside ! Maby I am going about this the wrong way, maby there is still hope just by tweaking my static nat translation at the router. If you have reached this far, thank you for your time and effort. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63493&t=63458 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lost Switch [7:63469]
Kevin, How about adding a secondary address to the router interface, that would allow you to telnet to the switch and change it's address. Dave Swink -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Wigle Sent: Thursday, February 20, 2003 10:20 PM To: [EMAIL PROTECTED] Subject: Lost Switch [7:63469] Our group got a support call that a port wasn't working on a switch. A colleague started looking into the case and found that he couldn't connect to the switch. (or ping etc) He was able to get to another switch which is directly connected. Using CDP he was able to see that the switch is incorrectly configured with the wrong IP address. The real subnet is 10.235.x.x but CDP nei det says that the switch has 10.255.x.x configured. Is there a way we can get to the switch and fix it over the wire? Kevin Wigle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63491&t=63469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Sean, I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and Snort on the server themselves. You can never be paranoid enough about these sort of things. Each vendor has different exploits etc, so by implementing a multi vendor path to your critical servers, you protect yourself from any signle vendor specific exploit! Sean Kim wrote: > > Hello all, > > My company is thinking about installing an IDS (dedicated > appliance type) for our network. > As far as I know, the Real Secure and the Cisco IDS are two > biggest names out there. So I checked out the documents and > white papers provided by the each company, but I couldn't > really come up with what the differences are between them, and > which one is better suited for our network. > > Can anyone voice their opinion about these two IDS? > > Thanks, > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63492&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connecting Console cable [7:63447]
This would work if you didn't go throgh the switch, ie from the router console port -> patchpanel -> wall port -> to your PC (with DB converter obviously). SamN wrote: > > I wish to gain access to a router console but it's in the > server room while > I am outside. > Is it possible to do something like that:, Diagram-wise: > Router---Switch---PatchPanel---User wall I/O---Computer > > I mean, just the way a user would be connected to the router > ethernet port, > i want to connect the user to the console port. > > If a solution ain't possible, I can get rid of the switch in > the middle and > directly go through the patch panels. > Any solution would do. > > thank you. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63490&t=63447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3600 Network Module 1FE-TX [7:63443]
Correct, FX is Fibre. SamN wrote: > > Hey Guys. > > Whats the difference between these two 3600 Modules > > 1FE-TX and 1FE-FX > > Whenever the word FX comes in, does it mean fiber? > > thank you. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63489&t=63443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Different usename n pwd for PAP and CHAP [7:63442]
Normally you would only get one username / password., and the ISP would configure CHAP, then PAP authentication, ie if the cllent (user) tries to authenticate, and CHAP fails, it will then authenticate using PAP. (CHAP Should always come first as it is the more secure authentication method). Hope this helps Deepak N wrote: > > Hi > I am having this question. > When configuring the username and password for PAP n CHAP, i am > giving different username n password. > Is there any customer scenario where this kind of situation is > there? > Also does the ISP provide different username n password for > different authentication types i.e, one set of username n > password for CHAP and another set of username and password for > PAP. > i assume that ISP gives only one authentication type either > CHAP or PAP not both. > I need inputs from all of you > > Thanks in advance > > Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63488&t=63442 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet with mac address [7:63440]
Thank you very much for your reply But why I want to telnet because my problem is related to my first email when I upgrade the bridge350 Cisco to the new firmware but I didn't get answer for that email problem, so for that I need to telnet the bridge here is a copy of my first email The bridge had fixed ip address it didn't take ip address from dhcp, and it is in the remote network Hello I tried today to upgrade our Cisco APs 350 and Cisco Bridges 350 to the new Version firmware 12 AP 350 I upgrade it was ok but when I upgrade the bridge 350, I couldn't any More access it from the web browser and this bridge dose association with The other bridge but without ip address so I upgrade the second bridge and It wasn't any problem with the upgrade with the second bridge but the Problem still the same the first bridge associate with the second but Without ip address I made test link to this bridge and the signal was 60% And what I have in log is too many station BSS I saw in Cisco web site and it was this error for bridge 340 and its mean That the bridge can associate one client at a time And of course I can't any more access the AP Can you help what I must do exactly and what I must do also to prevent this? Problem for the upgrade for the others bridges hanan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 11:02 PM To: [EMAIL PROTECTED] Subject: RE: telnet with mac address [7:63440] hanan wrote: > > Hello > Could you help please? > How I can telnet a bridge 350 with his MAC address not with IP > address No. Telnet runs above TCP/IP. When you Telnet to something you tell your Telnet software the IP address (or domain name) of the thing you are Telnetting to. There's no workaround to this. But, what problem are you really trying to solve? According to Cisco documentation, the wireless bridge does have a default address of 192.168.200.1. You could Telnet to that. However, if the bridge has succesfully gotten a new address from DHCP then you can no longer use that address. If that is the case, then you can use the IP Setup Utility (IPSU) to find the bridge's IP address. You may also use IPSU to set the bridge's IP address. The IPSU cannot query the bridge's IP address when the computer running IPSU is on a different subnet than the bridge. If your bridge receives an IP address from a DHCP server, you must install and run IPSU on a computer on the same subnet as the bridge. Priscilla > > Thank you > > hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63487&t=63440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address filtering [7:63463]
Router(config)#access-list ? IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list IP standard access list (expanded range) Protocol type-code access list IP extended access list (expanded range) DECnet access list XNS standard access list XNS extended access list Appletalk access list 48-bit MAC address access list IPX standard access list IPX extended access list dynamic-extended Extend the dynamic ACL abolute timer rate-limitSimple rate-limit specific access list Router(config)#access-list 700 deny 1234.1234.1234 ..00ff Router(config)#access-list 700 permit .. .. Router(config)#int fa0/0 Router(config-if)#access-expression input smac(700) Therefor the deny mac is obviously denying that first mac and then we're permitting everything else Keep in mind that MAc's are in hexadecimel and therefor the inverse mask (ACL remember) is .. which is kind of like going 255.255.255.255 (any) for an ip access-list. Don't fret about the "access-expression". That's the only way to apply certain ACL's using Boolean algebraic expression. smac(700) being source-mac of using address 700. You can also use dmac(700) being the destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63486&t=63463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Effect of Multipoint config on point-to-point [7:63460]
The physical interface cannot be used as an active connection if the sub-interfaces are configured and used, I believe... The below might be bettter... > > int serial 0 > encap frame-relay > no shut > int serial 0.10 multi > no shut > ip address x.x.x.x > frame-relay map ip x.x.x.x 17 Larry Letterman Network Engineer Cisco Systems > Hi Again , > A new small query on frame-relay itself. > Is the config below valid and can it be used having both Multipoint on main > interface and poin-to-point sub interface simutaneusly. > > int serial 0 > encap frame-relay > ip address > > frame-relay interface-dlci 16 > > int serial 0/0.2 multi > ip address > frame-relay map 17 > > Does such conguration can work or the Muti access config on main interface > will afffect the sub interfaces connections also. > What implications the above design has or all 3 connections can be made to > work > any help will be appreciated. > Thanx in advance [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63485&t=63460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
""Sean Kim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello all, > > My company is thinking about installing an IDS (dedicated appliance type) > for our network. > As far as I know, the Real Secure and the Cisco IDS are two biggest names > out there. Actually, the biggest name of all when it comes to IDS is Snort, which is a freeware open-source product. >So I checked out the documents and white papers provided by the > each company, but I couldn't really come up with what the differences are > between them, and which one is better suited for our network. > > Can anyone voice their opinion about these two IDS? > > Thanks, > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63484&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GE connect to FE [7:63457]
No its not...you can connect gig fiber to another switch that has a 1000sx connector in it, and connect the fx100 fiber to a fx100 fiber port...the second switch then becomes a media converter... Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Happy World" To: Sent: Thursday, February 20, 2003 5:09 PM Subject: GE connect to FE [7:63457] > Dear All, > > In genearl, is it possible to connect the 1000BaseSX to 100BaseFX using the > MMF? > > Thanks your help. > > rgds, > Happy World [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63483&t=63457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]