Re: Top Down Network Design - Great Book!! [7:63546]

2003-02-21 Thread Larry Letterman 
I just finished an in depth reading of Priscilla's Campus
lan book as a review for the lan/wan part of
CCIE lab. Its a great book and covers a lot of good topics
that aren't availbale elsewhere

I would suggest it to most anybody that may be working in
the CCNP arena

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: "ccnp ccnp2002" 
To: 
Sent: Friday, February 21, 2003 7:50 PM
Subject: Top Down Network Design - Great Book!! [7:63546]


> Hi,
>
> I just want to comment on this book again (Top Down
Network Design by
> Priscilla Oppenheimer).
>
> I used it for my CCDA, but now when I am studying for CID,
I realize how
> good this book is, something I did not realize a few
months back.
>
> That book was really well planned and I can only hope more
will come of the
> kind. Still looking for $55.00 to buy her other book on
network
> troubleshooting.
>
> Just a comment, please.
>
> CCDP-to-be
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63552&t=63546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Scott Nelson 
You are correct. That's why security should be a "belt and suspenders"
approach.

For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop
the packets.

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1

ISS gets some stuff, Checkpoint is good at getting some other stuff, etc.,

I also don't allow much UDP in. It's blocked by an inbound ACL, as it's not
statefully inspected. UDP 53 ( DNS ) and some host to host special allow's
and that's it. Everything else is TCP.

Scotty


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63551&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Monitoring [7:63532]

2003-02-21 Thread Ian Henderson 
On Sat, 22 Feb 2003, Kevin Banifaz wrote:

> Thanks for the input guys.  Netsaint Nagios looks real cool, I think I'll
> give that a try.

Netsaint/Nagios rocks. MRTG is also cool if you don't have much time, but
if you've got time/energy to spare, roll your own using RRDTool. Unlike
MRTG, RRDTool draws graphs on the fly for any period of time you specify,
so accuracy isn't lost for periods older than 24 hours (fiddle with MRTG
and you'll see where this can be a pain).

One suggestion for both of them: Run them from a database. Create a table
containing all your devices and what they are, then create a profile of
monitoring for each device type. Now, whip up something quick to generate
your Netsaint configs. It can be a /real/ pain finding errors in a hand
written hosts.cfg file (Yes, I know there is a lint filter for it, but
even so, if you don't have to mangle the file, why should you?).

Rgds,



- I.

--
Ian Henderson CCNA, CCNP
Senior Network Engineer, Chime Communications




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63550&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco over Madge Token Ring [7:63549]

2003-02-21 Thread Steiven Poh-\(Jaring MailBox\) 
Dear Group,

I have a unit Madge LET36 Chassis with Token Ring Module LTR108F(Fiber)
connected to
IBM Mainframe 390 and this is the only token ring running in the network.

The question here is, if this unit down what is the equivalent product I can
replace? Please advice

Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63549&t=63549
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Jim Brown 
Come on now, the slammer worm? If you are security conscious this
shouldn't have had any effect on you. Microsoft released a patch last
summer.  Security is a best effort solution. It is about layers and
maintenance. You cannot eliminate risk, you can only reduce risk.

An IDSs responsibility is to pick up attacks on the wire, not prevent
them. I personally don't believe in allowing my IDS to respond to an
attack.

-Original Message-
From: cebuano [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 21, 2003 8:22 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


Hi Albert,
Very good point. Which brings me to this question - how can one measure
the security of a network? It almost always is an after-the-fact
response whichever vendor you choose. As you pointed out in your example
regarding the slammer virus, have you heard any vendor claiming immunity
from this?
Is "detecting" synonymous with "preventing"?
I'm also interested in this topic due to the fact that the pricing
structure from almost ALL the major players in the IDS/Firewall market
is astronomical.

Elmer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]

Hi Troy,

Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS solutions and
how
effective they might be.

So if you mostly rely on manual action, and an attack came in after
hours,
how quickly can you respond to your alerts? Since for some attacks, a
half
hour response time could cause your site to be down (eg. slammer virus).
If
that was the case, even if you had all the vendor's IDS, it will be
useless.

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


As with most things, you need to way up costs againts your requirements.
IN
our case, security is absolutely essential, so having a multivendor
security
solutions (and indeed fully redundant) is costly, but we see it as
justified.

With regards to action during attacks etc.  We mostly rely on manual
actions
as we dont want to inadvertently block legitimate traffic (for example
if an
attack came from a spoofed IP). For automatic action, you can make use
of
Ciso Policy manage, which has the ability to dynamically rewrite ACL's,
on
Pix's, Routers, and indeed Cat's.  according to data from IDS.  So for
example, if you where really paraniod (like we are),. you could have
pix's
as the first firewall, with IDS on the inside / dmz etc (using IDSM or
standalone IDS), tie these together with Policy manager .. then taking a
further step into your network, a set of Nokia Fw1 NG, along with
further
Nokia IDS solutions on the inside, and tied together using the
enterprisef
software!



Albert Lu wrote:
>
> Hi,
>
> I'm just curious about your multi-vendor solution. It must cost
> quite alot
> in order to have 3 IDS running. What about redundancy, if you
> are using dual
> switch/router/fw/ids, you would have a total of 6 IDS.
>
> Being able to detect attacks with multiple IDS is one thing.
> What action can
> it take once the IDS detects an attack? Logging it into the
> syslog server is
> not enough.
>
> Albert
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 21, 2003 7:53 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> Hi Sean,
>
> I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> IDS, and
> Snort on the server themselves.  You can never be paranoid
> enough about
> these sort of things.  Each vendor has different exploits etc,
> so by
> implementing a multi vendor path to your critical servers, you
> protect
> yourself from any signle vendor specific exploit!
>
>
>
>
> Sean Kim wrote:
> >
> > Hello all,
> >
> > My company is thinking about installing an IDS (dedicated
> > appliance type) for our network.
> > As far as I know, the Real Secure and the Cisco IDS are two
> > biggest names out there.  So I checked out the documents and
> > white papers provided by the each company, but I couldn't
> > really come up with what the differences are between them, and
> > which one is better suited for our network.
> >
> > Can anyone voice their opinion about these two IDS?
> >
> > Thanks,
> >
> > Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63548&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

800 IPSec throughput [7:63547]

2003-02-21 Thread Steve Dispensa 
Hi all.

I was wondering if anyone has practical experience with the 800 series
as ipsec devices.  I'm particularly interested in field-measured
throughput and delay stats, but i'd settle for anecdotal evidence as
well.  FWIW, I just got a few in and I'm underwhelmed... Granted, I
didn't order them to spec, but they shipped with 4MB DRAM and 8MB
Flash.  Guess how many images run in 4MB...

Then when I went to bump the image up (after upping the RAM), the stupid
tftp transfer kept timing out half way through.  A little etherealing
showed that the device stopped responding to ARP requests during the
transfer (which had to be done from ROM due to limited flash space and
the fact that you can't delete the running IOS from flash).  I finally
had to add static arp entries to my tftp server.  Don't ask me why the
server felt the need to re-arp after 5 seconds, either. :-)

Anyhow, thanks in advance.

 -sd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63547&t=63547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Top Down Network Design - Great Book!! [7:63546]

2003-02-21 Thread ccnp ccnp2002 
Hi,

I just want to comment on this book again (Top Down Network Design by
Priscilla Oppenheimer).

I used it for my CCDA, but now when I am studying for CID, I realize how
good this book is, something I did not realize a few months back.

That book was really well planned and I can only hope more will come of the
kind. Still looking for $55.00 to buy her other book on network
troubleshooting.

Just a comment, please.

CCDP-to-be


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63546&t=63546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: invalid checksum [7:63112]

2003-02-21 Thread Vic Dmon 
Could someone please help me out with this.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63545&t=63112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread cebuano 
Hi Albert,
Very good point. Which brings me to this question - how can one measure
the security of a network? It almost always is an after-the-fact
response whichever vendor you choose. As you pointed out in your example
regarding the slammer virus, have you heard any vendor claiming immunity
from this?
Is "detecting" synonymous with "preventing"?
I'm also interested in this topic due to the fact that the pricing
structure from almost ALL the major players in the IDS/Firewall market
is astronomical.

Elmer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]

Hi Troy,

Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS solutions and
how
effective they might be.

So if you mostly rely on manual action, and an attack came in after
hours,
how quickly can you respond to your alerts? Since for some attacks, a
half
hour response time could cause your site to be down (eg. slammer virus).
If
that was the case, even if you had all the vendor's IDS, it will be
useless.

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


As with most things, you need to way up costs againts your requirements.
IN
our case, security is absolutely essential, so having a multivendor
security
solutions (and indeed fully redundant) is costly, but we see it as
justified.

With regards to action during attacks etc.  We mostly rely on manual
actions
as we dont want to inadvertently block legitimate traffic (for example
if an
attack came from a spoofed IP). For automatic action, you can make use
of
Ciso Policy manage, which has the ability to dynamically rewrite ACL's,
on
Pix's, Routers, and indeed Cat's.  according to data from IDS.  So for
example, if you where really paraniod (like we are),. you could have
pix's
as the first firewall, with IDS on the inside / dmz etc (using IDSM or
standalone IDS), tie these together with Policy manager .. then taking a
further step into your network, a set of Nokia Fw1 NG, along with
further
Nokia IDS solutions on the inside, and tied together using the
enterprisef
software!



Albert Lu wrote:
>
> Hi,
>
> I'm just curious about your multi-vendor solution. It must cost
> quite alot
> in order to have 3 IDS running. What about redundancy, if you
> are using dual
> switch/router/fw/ids, you would have a total of 6 IDS.
>
> Being able to detect attacks with multiple IDS is one thing.
> What action can
> it take once the IDS detects an attack? Logging it into the
> syslog server is
> not enough.
>
> Albert
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 21, 2003 7:53 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> Hi Sean,
>
> I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> IDS, and
> Snort on the server themselves.  You can never be paranoid
> enough about
> these sort of things.  Each vendor has different exploits etc,
> so by
> implementing a multi vendor path to your critical servers, you
> protect
> yourself from any signle vendor specific exploit!
>
>
>
>
> Sean Kim wrote:
> >
> > Hello all,
> >
> > My company is thinking about installing an IDS (dedicated
> > appliance type) for our network.
> > As far as I know, the Real Secure and the Cisco IDS are two
> > biggest names out there.  So I checked out the documents and
> > white papers provided by the each company, but I couldn't
> > really come up with what the differences are between them, and
> > which one is better suited for our network.
> >
> > Can anyone voice their opinion about these two IDS?
> >
> > Thanks,
> >
> > Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63544&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Done, finaly [7:63355]

2003-02-21 Thread Diego Martínez Boqué 
Hi Arni and Congratulations for this career upgrade

I passed last week BSCN, sure it was hard!  This was my first CCNP, now I am
preparing for the Switching exam.  People say this one is easier than the
BSCN but I am having some problems to understand all the trunking, prunning,
and this vtp stuff!!!  For me it was easier to learn how routing protocols
work, I am using the Cisco Preparation Library and this is really heavy
stuff!!

Congrats
- Original Message -
From: "Joseph R. Taylor" 
Date: Wed, 19 Feb 2003 19:54:09 GMT
To: [EMAIL PROTECTED]
Subject: RE: CCNP Done, finaly [7:63355]

Hi Arni,
   Congratulations. Good Job.
   JoeT
Diego Martmnez Boqui

-- 
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63543&t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Albert Lu 
Hi Troy,

I'm interested in how you are doing monitoring on the security side of
things. I'm aware of netforensics that can correlate FW/Router/IDS logs in
real-time to tell you about attacks. My personal opinion of the product is
that it's a beefed up syslog server with an oracle database in the backend
to pump out reports. It's a good solution if you can afford it, otherwise
you would have to develop your own scripts to pick out the syslog messages
that is relevant.

I think the ideal way of responding to security alerts is through a 24x7
cover, and have someone make changes on firewalls where necessary. I'm not
too sure about the IDS modifying the FW's ACL in real time, sounds it could
potentially be used by someone to DOS. What are people's experience in this,
I would be intersted to know?

Yes, you're right that most of the security systems are used to stop script
kiddies, since exploits that get released have already been known by the
more 'elite' hacking/cracking community for weeks/months before it was
released. So the best you can do is to do your best to stop the mass herd of
script kiddies, and the rest is a numbers game.

Regards,

Albert



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 22, 2003 1:51 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


Hi Albert,

We have 24x7 cover so that response time is pretty quick. (and a very well
defined escalation procedure).

However at the end of the day you are right, I believe that no systems are
secure, what we do is try to stick up as many deterants as possible to make
it not worth while, and for the cracker to try and find a more easily
exploited system.   Further more, the majority of cracking alerts are as a
result of script kiddies, and if 10 other systems show up as exploitable
before ours, then that is half the war won.


Albert Lu wrote:
>
> Hi Troy,
>
> Must be some secure site, reason I was interested is that I had
> a discussion
> with someone else before in regards to multi-vendor IDS
> solutions and how
> effective they might be.
>
> So if you mostly rely on manual action, and an attack came in
> after hours,
> how quickly can you respond to your alerts? Since for some
> attacks, a half
> hour response time could cause your site to be down (eg.
> slammer virus). If
> that was the case, even if you had all the vendor's IDS, it
> will be useless.
>
> Albert
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 21, 2003 10:57 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> As with most things, you need to way up costs againts your
> requirements.  IN
> our case, security is absolutely essential, so having a
> multivendor security
> solutions (and indeed fully redundant) is costly, but we see it
> as
> justified.
>
> With regards to action during attacks etc.  We mostly rely on
> manual actions
> as we dont want to inadvertently block legitimate traffic (for
> example if an
> attack came from a spoofed IP). For automatic action, you can
> make use of
> Ciso Policy manage, which has the ability to dynamically
> rewrite ACL's, on
> Pix's, Routers, and indeed Cat's.  according to data from IDS.
> So for
> example, if you where really paraniod (like we are),. you could
> have pix's
> as the first firewall, with IDS on the inside / dmz etc (using
> IDSM or
> standalone IDS), tie these together with Policy manager .. then
> taking a
> further step into your network, a set of Nokia Fw1 NG, along
> with further
> Nokia IDS solutions on the inside, and tied together using the
> enterprisef
> software!
>
>
>
> Albert Lu wrote:
> >
> > Hi,
> >
> > I'm just curious about your multi-vendor solution. It must
> cost
> > quite alot
> > in order to have 3 IDS running. What about redundancy, if you
> > are using dual
> > switch/router/fw/ids, you would have a total of 6 IDS.
> >
> > Being able to detect attacks with multiple IDS is one thing.
> > What action can
> > it take once the IDS detects an attack? Logging it into the
> > syslog server is
> > not enough.
> >
> > Albert
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Friday, February 21, 2003 7:53 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
> >
> >
> > Hi Sean,
> >
> > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> > IDS, and
> > Snort on the server themselves.  You can never be paranoid
> > enough about
> > these sort of things.  Each vendor has different exploits etc,
> > so by
> > implementing a multi vendor path to your critical servers, you
> > protect
> > yourself from any signle vendor specific exploit!
> >
> >
> >
> >
> > Sean Kim wrote:
> > >
> > > Hello all,
> > >
> > > My company is thinking about installing an IDS (dedicated
> > > appliance type) for our network.
> > > As far as I know, the Real Secure and th

RE: Network Monitoring [7:63532]

2003-02-21 Thread Kevin Banifaz 
Thanks for the input guys.  Netsaint Nagios looks real cool, I think I'll 
give that a try.
Thanks again






>From: "Rob Bains" 
>Reply-To: "Rob Bains" 
>To: [EMAIL PROTECTED]
>Subject: RE: Network Monitoring [7:63532]
>Date: Fri, 21 Feb 2003 23:34:43 GMT
>
>You may also want to look at netsaint or MRTG.
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
>Sonic
>Sent: February 21, 2003 3:29 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Network Monitoring [7:63532]
>
>Whats up Gold by Ipswitch migh do it for you?
>http://www.ipswitch.com/Products/WhatsUp/index.html
>
> Brian
>
>""Kevin Banifaz""  wrote in message
>news:[EMAIL PROTECTED]
> > Does anyone know of any free or really cheap network monitoring tools,
>I
> > work for a real cheap company and I can't get them to shell out for HP
>OV.
> > I appreciate a response.
> >
> > Thanks in advance
> >
> > Kaveh
> >
> >
> >
> >
> >
> > _
> > The new MSN 8: advanced junk mail protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63541&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Darrell Newcomb 
""Albert Lu"" wrote in message news:[EMAIL PROTECTED]
> how quickly can you respond to your alerts? Since for some attacks, a half
> hour response time could cause your site to be down (eg. slammer virus).
If
> that was the case, even if you had all the vendor's IDS, it will be
useless.

Just to soapbox a bit on the current flare so many networking and security
folks have for IDS's

Using anything that only did detection would have let SQL slammer in.  It is
a single packet attack, by the time you saw one(and had vulnerable systems)
it would have been too late for that host.  Lets think about if you had
super-double-secret AI to build a rule based the change in traffic behaviour
of the (now infected) server and push this rule toward the "outside" or
policy enforcement locations.  Your would still have an infected server and
any other vulnerable SQL server inside the nearest policy enforcement
location would quickly also be infected.

So now weeks later if you have vulnerable systems an IDS, with perfectly
valid signatures, STILL does you no good.  You would have already needed to
deploy proper filtering, which was the case on day0, day10, and on
day(-365).  IDS's are nice tools, but like firewalls they don't do much for
any network JUST becuase they were purchased and installed.

Darrell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63540&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Network Monitoring [7:63532]

2003-02-21 Thread Mike Mandulak 
Look at "What's Up Gold" from Ipswitch. Last I looked it's about $700 US.
They have a 30 day eval on thier site. www.ipswitch.com

- Original Message -
From: "Kevin Banifaz" 
To: 
Sent: Friday, February 21, 2003 5:32 PM
Subject: Network Monitoring [7:63532]


> Does anyone know of any free or really cheap network monitoring tools, I
> work for a real cheap company and I can't get them to shell out for HP OV.
> I appreciate a response.
>
> Thanks in advance
>
> Kaveh
>
>
>
>
>
> _
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63539&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Different usename n pwd for PAP and CHAP [7:63442]

2003-02-21 Thread Deepak N 
Hi Troy 
Thanks for the reply

   So, this would mean, there is no possibility of using one set of
username/password for CHAP and another set for PAP, i guess.
The same set of username/password for eg: cisco/cisco would be used for both
CHAP and PAP.

Regards
Deepak


Troy Leliard wrote:
> 
> Normally you would only get one username / password., and the
> ISP would configure CHAP, then PAP authentication, ie if the
> cllent (user) tries to authenticate, and CHAP fails, it will
> then authenticate using PAP.  (CHAP Should always come first as
> it is the more secure authentication method).
> 
> Hope this helps
> 
> 
> Deepak N wrote:
> > 
> > Hi 
> >   I am having this question. 
> > When configuring the username and password for PAP n CHAP, i
> am
> > giving different username n password.
> > Is there any customer scenario where this kind of situation is
> > there?
> > Also does the ISP provide different username n password for
> > different authentication types i.e, one set of username n
> > password for CHAP and another set of username and password for
> > PAP.
> >  i assume that ISP gives only one authentication type either
> > CHAP or PAP not both.
> >  I need inputs from all of you
> > 
> > Thanks in advance
> > 
> > Deepak




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63538&t=63442
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Monitoring [7:63532]

2003-02-21 Thread Rob Bains 
You may also want to look at netsaint or MRTG. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sonic
Sent: February 21, 2003 3:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Network Monitoring [7:63532]

Whats up Gold by Ipswitch migh do it for you?
http://www.ipswitch.com/Products/WhatsUp/index.html

Brian

""Kevin Banifaz""  wrote in message
news:[EMAIL PROTECTED]
> Does anyone know of any free or really cheap network monitoring tools,
I
> work for a real cheap company and I can't get them to shell out for HP
OV.
> I appreciate a response.
>
> Thanks in advance
>
> Kaveh
>
>
>
>
>
> _
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63537&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Network Monitoring [7:63532]

2003-02-21 Thread Sonic 
Whats up Gold by Ipswitch migh do it for you?
http://www.ipswitch.com/Products/WhatsUp/index.html

Brian

""Kevin Banifaz""  wrote in message
news:[EMAIL PROTECTED]
> Does anyone know of any free or really cheap network monitoring tools, I
> work for a real cheap company and I can't get them to shell out for HP OV.
> I appreciate a response.
>
> Thanks in advance
>
> Kaveh
>
>
>
>
>
> _
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63536&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco ISDN issue [7:63535]

2003-02-21 Thread Azhar Teza 
I don't what I am doing wrong, but apparently it is something to do with
either Cisco 4500 router running ios 11.3. In router 1:  I have  DN:
963-5000  SPID1:  2569635101DN: 963-5001 
SPID2:  25696350010101In router 2:  I have  DN: 963-6000  SPID1: 
2569636101DN: 963-6001  SPID2: 
25696360010101___hostname
r1int bri0ip address 10.0.0.1 255.0.0.0encapsulation pppdialer map ip
10.0.0.2 name r2 broadcast 9636000dialer-group 1dialer-list 1 protocol ip
permit___hostname r2int bri0ip address
10.0.0.2 255.0.0.0encapsulation pppdialer map ip 10.0.0.1 name r1 broadcast
9635000dialer-group 1dialer-list 1 protocol ip
permit__First Issue: If I ping
r2 (10.0.0.2), it will time out, however my interface gets connected. if I
do show int bri 0 1 2, it will show bri0:1 is up line protocol is up, but
ping will not go through.  Because of frustration, I changed the Dial in
number in both routers from 9635000 and  9636000 to 2nd Dial in numbers
963-5001 and 963-6001. ping was successfull.  I don't know why it will not
work on primary DNs. 
__Second
 issue: If I only want r1 to initiate a call, all I have to do remove dialer map 
command from the r2 router and that should only allow r1 to initiate a call, pretty 
basic that is what I thought so, but I guess I was wrong.  If I do that I can get my 
interface bri0:1 to up/up mode, but ping will not go through.  Some how these 4500 
routers want dialer map commands on both routers along with only Second DNs.I 
spent the whole week in lab troubleshooting this issue, but finally gave up.  I even 
check the logs in ISDN switch and it accepts the calls on it's interface, and that 
made me think that it is not the switch.  However I could be wrong.Can someone please 
help?  I am really frustrated.Thanks in advance,Regards,

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63535&t=63535
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Effect of Multipoint config on point-to-point [7:63460]

2003-02-21 Thread Azhar Teza 
First of all, what WAN technology will you be using. FR or PPP T1. 
Mulitpoint on FR will have a network type non-broadcast and will not
neighbor to a router on point to point interface which will have network
type point to point.  Either you change your point to point network type to
non-broadcast and use neighbor command on your hub router or change
multipoint interface to point-to-point.--- On Thu 02/20, Monu Sekhon <
[EMAIL PROTECTED] > wrote:From: Monu Sekhon [mailto:
[EMAIL PROTECTED]: [EMAIL PROTECTED]: Fri, 21 Feb 2003
02:06:14 GMTSubject: Effect of Multipoint config on point-to-point
[7:63460]Hi Again ,A new small query on frame-relay itself.Is the config
below valid and can it be used having both Multipoint on maininterface and
poin-to-point sub interface simutaneusly.int serial 0encap frame-relayip
address frame-relay interface-dlci 16int serial 0/0.2 multiip address
frame-relay map 17Does such conguration can work or the Muti access config
on main interfacewill afffect the sub interfaces connections also.What
implications the above design has or all 3 connections can be made toworkany
help will be appreciated.Thanx in advance Message Posted
at:http://www.groupstudy.com/form/read.php?f=7&i=63460&t=63460--FAQ,
 list archives, and subscription info: http://www.groupstudy.com/list/cisco.htmlReport 
misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63534&t=63460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Network Monitoring [7:63532]

2003-02-21 Thread Kevin Banifaz 
Does anyone know of any free or really cheap network monitoring tools, I 
work for a real cheap company and I can't get them to shell out for HP OV.  
I appreciate a response.

Thanks in advance

Kaveh





_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63532&t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Breaking out of telnet [7:63530]

2003-02-21 Thread Rodgers Moore 
CTRL-SHIFT-6

Rodgers Moore

""SamN""  wrote in message
news:[EMAIL PROTECTED]
> From a router, I tried telnetting to another router but entered the wrong
ip
> address so it got stuck at:
>
> Trying 192.168.5.55 ...
> How do i break out without waiting for those 15-20 seconds it keeps
trying?
>
> thank you.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63531&t=63530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Breaking out of telnet [7:63530]

2003-02-21 Thread SamN 
>From a router, I tried telnetting to another router but entered the wrong ip
address so it got stuck at:

Trying 192.168.5.55 ...
How do i break out without waiting for those 15-20 seconds it keeps trying?

thank you.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63530&t=63530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Loopback Testing [7:63515]

2003-02-21 Thread [EMAIL PROTECTED] 
This should help.

http://www.cisco.com/en/US/tech/tk713/tk584/technologies_tech_note09186a0080
0a754b.shtml

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 21, 2003 1:00 PM
To: [EMAIL PROTECTED]
Subject: RE: Loopback Testing [7:63515]

Do the routers have built-in CSU/DUSs? That makes a difference.

Priscilla

Curious wrote:
> 
> I want to do a loopback testing between my router and a remote
> router over a
> Frame Circuit.
> Tell me what i need to configure
> Both routers are Cisco 2600 and running 12.0 IOS.
> 
> thanks,
> 
> 
> --
> Curious
> 
> MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63529&t=63515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback Testing [7:63515]

2003-02-21 Thread Curious 
Yes it has a BuiltIn CSU/DSU


--
Curious

MCSE, CCNP
""Priscilla Oppenheimer""  wrote in message
news:[EMAIL PROTECTED]
> Do the routers have built-in CSU/DUSs? That makes a difference.
>
> Priscilla
>
> Curious wrote:
> >
> > I want to do a loopback testing between my router and a remote
> > router over a
> > Frame Circuit.
> > Tell me what i need to configure
> > Both routers are Cisco 2600 and running 12.0 IOS.
> >
> > thanks,
> >
> >
> > --
> > Curious
> >
> > MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63528&t=63515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Off Topic - Free Cisco Doc CD's [7:63522]

2003-02-21 Thread Mossburg, Geoff (MAN-Corporate) 
Chuck,
I'd be very interested to hear how many requests you get about this.
(I don't need the CDs.) Would you mind either posting to the group or
replying directly to me after this weekend?
Thanks!
Geoff Mossburg

-Original Message-
From: The Long and Winding Road
[mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 1:43 PM
To: [EMAIL PROTECTED]
Subject: Off Topic - Free Cisco Doc CD's [7:63522]


Before you all go too crazy over this, here's what I have available

June, 2002

March, 2002

October 2000

March 1998

maybe I should just toss these last two. found them when I was cleaning out
one of my drawers.

before you all inundate me with requests, the rules are as follows:

1) contact me at [EMAIL PROTECTED]   ( do not reply to this
message, please use the e-mail address provided, so I can keep track of
requests.

2) you must be willing to send me a self address stamped envelope capable of
transporting the CD set. You can get those 5x7 padded envelopes just about
everywhere. probably 2 bucks postage will do.

This means folks outside the US can receive these CD's, just so long as they
provide me with a US postage paid envelope. Outside the US, people will have
to check rates with their own postal services.

I will accumulate requests over the weekend, and I will contact people
directly Sunday evening or Monday morning.

Chuck

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63527&t=63522
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback Testing [7:63515]

2003-02-21 Thread Henry D. 
Actually, Frame Relay switches don't forward the loop messages received on
local
port to the remote port. You can only loop between each end router and it's
local
Frame Relay switch. So, unless this is a cross-over simulation, you won't be
able to achieve end-to-end loop. So, you can do loopback tests between each
end router and it's Frame Switch. As long as those tests show fine - and
your
configuration is correct :-)  - and you still have issues it might simply be
the telco
problem. But most often than not, you gotta prove it to them by running
these tests.


""Curious""  wrote in message
news:[EMAIL PROTECTED]
> I want to do a loopback testing between my router and a remote router over
a
> Frame Circuit.
> Tell me what i need to configure
> Both routers are Cisco 2600 and running 12.0 IOS.
>
> thanks,
>
>
> --
> Curious
>
> MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63526&t=63515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written Traning [7:63494]

2003-02-21 Thread Larry Letterman 
I studied the caslow book and did the paper by Dennis L. on
the sna token ring stuff.
The Boson test by the same Dennis was the icing on the cake
for me...you will probably want to
know MPLS/Multicast and QOS also now

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: "Kaminski, Shawn G" 
To: 
Sent: Friday, February 21, 2003 8:11 AM
Subject: RE: CCIE Written Traning [7:63494]


> I don't know of any training classes for the CCIE Written,
probably because
> the CCIE Written covers a lot of oddball technologies,
etc. If you did find
> a class, all they would probably do is go over the topics
on the CCIE
> Written blueprint. Why bother paying for a class when you
can do that for
> free?!! Just go the Cisco site, print out the blueprint,
and start searching
> CCO on each topic. It's probably the best way to study for
the CCIE Written.
>
> Shawn K.
>
> -Original Message-
> From: Arni V. Skarphedinsson
[mailto:[EMAIL PROTECTED]
> Sent: Friday, February 21, 2003 4:21 AM
> To: [EMAIL PROTECTED]
> Subject: CCIE Written Traning [7:63494]
>
> Can any one recomed a good traning class for the CCIE
Written Exam, most of
> the CCIE traning programs I see offerd are traning for the
lab, after you
> have taken the written.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63521&t=63494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

protocol IP length 318 [7:63524]

2003-02-21 Thread hanan 
Hello
Can any one tell what is mean when I see in the event log alert: packet from
(IP Address)(MAC Address) to (IP Address)(MAC Address) protocol IP length
318,and others with 306,309,174 and so on  in Cisco wireless bridge 350

Could you please help?

hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63524&t=63524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame-Relay issue [7:63446]

2003-02-21 Thread Priscilla Oppenheimer 
There's obviously no good answer to why there are no problems bringing the
link up/up when you type in the commands one by one but there are problems
when you copy and paste them. Here are some suggestions, though:

1) You work for Cisco. Report it as a bug.
2) The copy and paste is corrupting a character, forgetting to do carriage
return or something of that nature. Do all the commands end up the in the
running config?
3) There's some sort of timing issue.

To fix the problem:

Don't do copy and paste that fast. :-)

Priscilla

Monu Sekhon wrote:
> 
> Hi Mark,
> Thanx for reply.but I mentioned that when we do shut & no shut
> again link comes up.no dlci, no lmi problem:
> I am testing in lab setup two rouetrs connnected to frame-relay
> cloud
> Please do help anybody in this regard, why the link doesnot
> come at one instant
> why it requiers again shut and no shut, when i copy paste the
> config and when i give command by command then without gving
> shut and noshut the link comes up.
> 
> Mark W. Odette II wrote:
> > 
> > >>in show ip interface it shows as protocol down , physical
> > link up.
> > >>sh frame-relay pvs shows as inactive.no lmi are exchanged.
> > 
> > Usually "Protocol Down, Link Up" indicates that you have
> > mismatched
> > encapsulation, LMI-Type, or even incorrect IP Addressing
> (wrong
> > Subnet
> > or incorrect Subnet Mask) between your end and the other end
> of
> > the FR
> > Network.
> > 
> > If no LMI is exchanged, then the LMI-Type is incorrect between
> > that
> > Serial Interface and the Service Provider Frame Switch.
> > 
> > If this is a Frame Relay LAB setup, double-check your Frame
> > Relay
> > "Switch" configuration.
> > 
> > If this is a Production Setup, contact your ISP and verify
> your
> > Frame
> > Relay configuration parameters. (LMI-Type, DLCI, etc.)
> > 
> > 
> > On the No Shut command, I'd use it last on each interface you
> > configure.
> > 
> > -Mark
> > 
> > -Original Message-
> > From: Monu Sekhon [mailto:[EMAIL PROTECTED] 
> > Sent: Thursday, February 20, 2003 7:40 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Frame-Relay issue [7:63446]
> > 
> > Hi Larry/John,
> > I forgot to mention no shut in the above confif while writing
> > here,
> > Its still there and connection does not come out
> > See I mentioned that while giving command by command manually
> > connection
> > comes out.
> > It seems to me that while the interface is down during that
> > frame-relay
> > LMIs
> > think that interface is down and make the link down.
> > I am rather confused.I dont know but this is happening.
> > 
> > again writing config:
> > --
> > interface Serial0 
> > shut (if i give here no shut then link comes up at one go) 
> > encapsulation frame-relay 
> > frame-relay lmi-type cisco 
> > no shut
> > exit 
> > interface Serial0/0.1 point-to-point 
> > no shutdown 
> > ip address 1.1.1.1 255.255.255.0 
> > frame-relay interface-dlci 108 
> > exit 
> > 
> > 
> > and also John try these in your router but at one go the
> > interface will
> > not
> > come up as far i know .I agree with ur confguration and mine
> is
> > also
> > correct
> > .Its said by Prisicilla and others that shutting a interface
> > is  good
> > practise while  configuring encap types.This i read in one of
> > the
> > previous
> > Posts.
> > so can u all reply what is the problem here
> > in show ip interface it shows as protocol down , physical link
> > up.
> > sh frame-relay pvs shows as inactive.no lmi are exchanged.
> > any help will be appreciated.
> > 
> > 
> > -
> > Larry Letterman wrote:
> > > 
> > > enter the no shut command into your cut and paste script for
> > > the Int Ser0 and it will
> > > come up..all interfaces in a router are always defaulted to
> > > shutdown..In your case the
> > > Main interface needs to be no shut in order for the logical
> > > interface to work...
> > > 
> > > --
> > > 
> > > Larry Letterman
> > > Network Engineer
> > > Cisco Systems
> > > 
> > > 
> > > ""Monu Sekhon""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Hi All
> > > > Hey I am facing a strange problem in frame-relay
> > > >
> > > > My config
> > > > --
> > > > my initial config
> > > > int serial 0
> > > > (nothing confgured initially)
> > > >
> > > > Then I cut paste this config and my link does not come up
> > > means Interface
> > > > does not come up.
> > > >
> > > > interface Serial0
> > > > shut (if i give here no shut then link comes up at one go)
> > > > encapsulation frame-relay
> > > > frame-relay lmi-type cisco
> > > > exit
> > > > interface Serial0/0.1 point-to-point
> > > > no shutdown
> > > > ip address 1.1.1.1 255.255.255.0
> > > > frame-relay interface-dlci 108
> > > > exit
> > > >
> > > > I have to do shut and no shut on main interface why ?
> > > >
> > > > if the above commands i execute one by one then the link
> > > comes up.
> > > >
> > > > Is it a differnece between pasting the config at one go or
> > >

Off Topic - Free Cisco Doc CD's [7:63522]

2003-02-21 Thread The Long and Winding Road 
Before you all go too crazy over this, here's what I have available

June, 2002

March, 2002

October 2000

March 1998

maybe I should just toss these last two. found them when I was cleaning out
one of my drawers.

before you all inundate me with requests, the rules are as follows:

1) contact me at [EMAIL PROTECTED]   ( do not reply to this
message, please use the e-mail address provided, so I can keep track of
requests.

2) you must be willing to send me a self address stamped envelope capable of
transporting the CD set. You can get those 5x7 padded envelopes just about
everywhere. probably 2 bucks postage will do.

This means folks outside the US can receive these CD's, just so long as they
provide me with a US postage paid envelope. Outside the US, people will have
to check rates with their own postal services.

I will accumulate requests over the weekend, and I will contact people
directly Sunday evening or Monday morning.

Chuck

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63522&t=63522
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

access-lists [7:63520]

2003-02-21 Thread Jason Steig 
Hello all. I'am stumped on an access-list that i need to create. What i did
was i set up two routers using rip and put loopbacks on one of them and
advertised them in rip. I then attempted to build an access-list allowing
just these networks to pass into the other router. The router with the
loopbacks is A the destination is B. so I know this will be a standard
access list (direction in) on router B's interface to router A.

The requirements are 

allow any packet originating from 192.17.77.0 /24 
allow any packet originating from 192.17.73.0 /24 
allow any packet originating from 192.81.77.0 /24 
allow any packet originating from 192.81.73.0 /24 
allow any packet originating from 176.17.77.0 /24 
allow any packet originating from 176.17.73.0 /24 
allow any packet originating from 176.81.77.0 /24 
allow any packet originating from 176.81.73.0 /24 

Hers what i think i can do 

with the 182 address i can do 
permit ip 192.17.73.0 0.64.4.0 

because the 64 will increase the second octet to 81 then the 4 in the third
bit will increase the network to 77. Is this how i would impliment this
filtering policy in just two statements? The same way with the 176 networks?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63520&t=63520
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2950 and trunk negotiation [7:63466]

2003-02-21 Thread Larry Letterman 
Robert is correct, Cisco is moving to the gear to support
most of the standards. Most of the new switches
will be on Dot1q/Dot1p since thats the standard for layer
2EIGRP is still in use by a lot of places so I
believe it will stay for a good while..

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: "Robert Edmonds" 
To: 
Sent: Friday, February 21, 2003 6:41 AM
Subject: Re: cisco 2950 and trunk negotiation [7:63466]


> The reason that the 2950's do not support ISL trunking is
that Cisco is
> gradually moving towards supporting the major standards
more and proprietary
> standards less.  As part of this plan they are beginning
to make switches
> that only support dot1q trunking.  At least that's what a
TAC engineer told
> me.  However, this brought up the question, "What about
EIGRP?"  He assured
> me that some of the proprietary stuff like EIGRP, where
there is a real
> tangible benefit to using it, will stay.
>
> Robert
>
> ""John Brandis""  wrote in message
> news:[EMAIL PROTECTED]
> > Hi,
> >
> > Any one else noticed that on the 2950, and I guessing
other catalyst low
> end
> > switch's, that one cant define the encapsulation of the
trunk link. Yes it
> > will auto negotiate, however I feel that control has
been pulled away from
> > me. I also dont like on the 4006, that you can only
define this same
> setting
> > (if you have a GBIC Module) for the first 2 GBIC ports.
The rest of the
> > ports default to dot1q. Thankfully I use this, but I am
betting that there
> > are the odd people out there who may use ISL...
> >
> > Can some one tell me, is possible, how to define what
type of trunk I wish
> > to use on the 2950 using IOS 12.1(11)
> >
> > Thanks all
> >
> > John
> > (please correct where I am wrong)
> >
> >
> >

**
> >
> > visit http://www.solution6.com
> >
> > UK Customers - http://www.solution6.co.uk
> >
> >

**
> >
> > The Solution 6 Head Office and NSW Branch has moved
premises.
> > Please make sure you have updated your records with our
new details.
> >
> > Level 14, 383 Kent Street, Sydney NSW 2000.
> >
> > General Phone: 61 2 9278 0666
> >
> > General Fax: 61 2 9278 0555
> >
> >

**
> >
> > This email message (and attachments) may contain
information that is
> > confidential to Solution 6. If you are not the intended
recipient you
> cannot
> > use, distribute or copy the message or attachments.  In
such a case,
> please
> > notify the sender by return email immediately and erase
all copies of the
> > message and attachments.  Opinions, conclusions and
other information in
> > this message and attachments that do not relate to the
official business
> of
> > Solution 6 are neither given nor endorsed by it.
> >
> >

*
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63519&t=63466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ADSL and PIX puzzle [7:63498]

2003-02-21 Thread Mark W. Odette II 
Strictly speaking, I didn't do the math and verify (since you specified
"for example") the ip net block against your example subnet mask.  You
specified .248 as your mask before, now you're indicating it as /24
mask.  Which ever it is, the point was this:

If the ISP has assigned you a two-host subnet for the ADSL connection to
them (Just like a Point-to-Point T1), and they've also assigned you a
block of 8 addresses (1 used for Net boundary, 1 used for Broadcast, 1
used for the Router, 5 used for what ever you feel like), then you would
follow the suggestions for addressing that I laid out.

If you were assigned full Class C addresses for either the DSL
Connection OR the "Client" Public block (which represents hosts like
your WebServer via NAT), then simply put the /24 mask on each interface.
For the ADSL connection itself though, that would be a gross waste of
addresses.

Also, if you were given TWO Class C blocks, then you could simply put
one IP from the first block on your Dialer Interface, one IP from the
same block on the Ethernet0 Interface, and one IP from the same block on
the Outside Interface of the PIX.  You'd then put 1 IP address from the
second block on the Inside interface, and DHCP/STATIC Assign the rest of
that block to any host on the Inside network (alternatively, if you had
a PIX that had the DMZ NIC, you could put the second block on that, but
the address assignment still applies in practice).  This would work for
the application of your web server hosting a max of 253 Unique
.com/.net/.org/.whatever websites- each with its own unique public
address (you can assign a whole class C to a single NIC).  This would,
of course be a waste of addresses if your web server is only hosting a
couple of websites and you don't even have a LAN that uses all 254
addresses of that second public block.


Doing Double-Nat is only really necessary (from my limited experience)
for situations where you are trying to connect two LANs together that
were previously numbered with the same net block/mask, i.e., LAN A and
LAN B are on the 172.16.30.x/24 network.  You have to introduce an
additional router/firewall into the mix on ONE of the ends to make the
connection work (whether it be GRE Tunneling from LAN to LAN, VPN Tunnel
from LAN to LAN, etc.).

I'm quite sure others will expand on or correct me where I'm not hitting
the mark :)

-Mark

-Original Message-
From: dlci dlci [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 21, 2003 4:25 AM
To: [EMAIL PROTECTED]
Subject: RE: ADSL and PIX puzzle [7:63498]

I would like to thank everyone who helped out with my Pix horror picture

show.
This has aroused some possiblities where previously I couldn4t, lets say

"see
the trees from the forest"(or is it the other way around ;)
However this has also brought up some questions about all your
suggestions.

..the story so far:
Network number: 200.10.10.136/30
So I use 200.10.10.138 255.255.255.0 since provide uses the other
available 
IP

Public IPs: 200.10.15.184/29
webserver is 200.10.15.189

Ok, following Mark4s tip I would put 200.10.10.138 255.255.255.0 on
Dialer 
int.
Mark then suggests "Put 200.10.15.184/29 on the Ethernet0 of the DSL 
Router..."
and "Put 200.10.15.185/29 on the PIX Outside Interface..."

umm, the IP on eth0 is my network number for public IP space, so,
shouldn4t 
eth0 on router
be 200.10.15.185/24 ? If so wouldn4t I be wasting 1 IP to get to the
pix?

Albert Lu suggests using ip unnumbered eth0, on the Dialer int,
ok, then if I use 200.10.10.138/24 on eth0 on the router(ISP uses the
other 
available IP)
what other IP could I use on the pix eth0 (interface directly connected
to 
router4s eth0)?

Why wouldn4t I want to use NAT on both router and pix, and go with Kent 
Hundley suggestion?

_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63518&t=63498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

callback without calling back!!! [7:63517]

2003-02-21 Thread Orest Umudumov 
Hi,
I have a 3620 (12.1) with Cisco ACS configured for callback option.
The Client  dials in ok, and you are prompted for the callback number,
if you press ok,  you will be called back without any problem but you
have another option to press ESCAPE if you want to connect directly
without calling back, at this point we are getting:
"Error 619: the specified port is not connected"
Any ideas on where I can look next would be appreciated.

thanx

[GroupStudy removed an attachment of type text/x-vcard which had a name of
Orest.Umudumov.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63517&t=63517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Written Traning [7:63494]

2003-02-21 Thread Kaminski, Shawn G 
I don't know of any training classes for the CCIE Written, probably because
the CCIE Written covers a lot of oddball technologies, etc. If you did find
a class, all they would probably do is go over the topics on the CCIE
Written blueprint. Why bother paying for a class when you can do that for
free?!! Just go the Cisco site, print out the blueprint, and start searching
CCO on each topic. It's probably the best way to study for the CCIE Written.

Shawn K.

-Original Message-
From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 21, 2003 4:21 AM
To: [EMAIL PROTECTED]
Subject: CCIE Written Traning [7:63494]

Can any one recomed a good traning class for the CCIE Written Exam, most of
the CCIE traning programs I see offerd are traning for the lab, after you
have taken the written.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63516&t=63494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Loopback Testing [7:63515]

2003-02-21 Thread Curious 
I want to do a loopback testing between my router and a remote router over a
Frame Circuit.
Tell me what i need to configure
Both routers are Cisco 2600 and running 12.0 IOS.

thanks,


--
Curious

MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63515&t=63515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Health Checks on Local Director [7:63514]

2003-02-21 Thread Troy Leliard 
HI all, 

I am playing around with some Local Director (416's) and would like to konw
if anyone has found a way of doing intelligent health checks (layer 7), of
anything other than HTTP and DNS.  Eg I want to have a VIP bound to 3-4 real
servers, and then health check a specific service on the real servers (other
than http/dns/ping), and if the port is not listening to remove the real
server from the pool.

I know you can do this on the newer css's but haven't found a way to do it
on the 416's ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63514&t=63514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lost Switch [7:63469]

2003-02-21 Thread John Neiberger 
The simplest and least-intrusive method I can think of would be to use
mobile arp.  Simply add 'ip arp mobile' or whatever the exact command is
to the router interface leading to that switch.  Then perhaps an a
static host route on that same interface pointing to that oddball IP
address.  That would allow you to access that specific IP address
without causing any other routing issues should you be using that same
subnet somewhere else in your network.

Regards,
John

>>> "Kevin Wigle"  2/20/03 9:19:42 PM >>>
Our group got a support call that a port wasn't working on a switch.

A colleague started looking into the case and found that he couldn't
connect
to the switch. (or ping etc)

He was able to get to another switch which is directly connected.

Using CDP he was able to see that the switch is incorrectly configured
with
the wrong IP address.

The real subnet is 10.235.x.x  but CDP nei det says that the switch
has
10.255.x.x configured.

Is there a way we can get to the switch and fix it over the wire?

Kevin Wigle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63513&t=63469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sniffer with span on port 6/4 - where just station B is [7:63512]

2003-02-21 Thread [EMAIL PROTECTED] 
I found the following url about some reasons for flooding.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800a875c.shtml#subtopic2C

I am trying to find what is the limit of the Forwarding Table for a 6509
switch.  I could not find information about this.






"[EMAIL PROTECTED]" @groupstudy.com em
21/02/2003 09:53:36

Favor responder a "[EMAIL PROTECTED]" 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Sniffer with span on port 6/4 - where just station B is
   [7:63504]


Why would a switch lose its CAM entry if the PC is transmiting packets when
flood packets?

I am wondering if there is other condition besides bug or fail module.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63512&t=63512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Troy Leliard 
Hi Albert, 

We have 24x7 cover so that response time is pretty quick. (and a very well
defined escalation procedure).

However at the end of the day you are right, I believe that no systems are
secure, what we do is try to stick up as many deterants as possible to make
it not worth while, and for the cracker to try and find a more easily
exploited system.   Further more, the majority of cracking alerts are as a
result of script kiddies, and if 10 other systems show up as exploitable
before ours, then that is half the war won.


Albert Lu wrote:
> 
> Hi Troy,
> 
> Must be some secure site, reason I was interested is that I had
> a discussion
> with someone else before in regards to multi-vendor IDS
> solutions and how
> effective they might be.
> 
> So if you mostly rely on manual action, and an attack came in
> after hours,
> how quickly can you respond to your alerts? Since for some
> attacks, a half
> hour response time could cause your site to be down (eg.
> slammer virus). If
> that was the case, even if you had all the vendor's IDS, it
> will be useless.
> 
> Albert
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 10:57 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
> 
> 
> As with most things, you need to way up costs againts your
> requirements.  IN
> our case, security is absolutely essential, so having a
> multivendor security
> solutions (and indeed fully redundant) is costly, but we see it
> as
> justified.
> 
> With regards to action during attacks etc.  We mostly rely on
> manual actions
> as we dont want to inadvertently block legitimate traffic (for
> example if an
> attack came from a spoofed IP). For automatic action, you can
> make use of
> Ciso Policy manage, which has the ability to dynamically
> rewrite ACL's, on
> Pix's, Routers, and indeed Cat's.  according to data from IDS. 
> So for
> example, if you where really paraniod (like we are),. you could
> have pix's
> as the first firewall, with IDS on the inside / dmz etc (using
> IDSM or
> standalone IDS), tie these together with Policy manager .. then
> taking a
> further step into your network, a set of Nokia Fw1 NG, along
> with further
> Nokia IDS solutions on the inside, and tied together using the
> enterprisef
> software!
> 
> 
> 
> Albert Lu wrote:
> >
> > Hi,
> >
> > I'm just curious about your multi-vendor solution. It must
> cost
> > quite alot
> > in order to have 3 IDS running. What about redundancy, if you
> > are using dual
> > switch/router/fw/ids, you would have a total of 6 IDS.
> >
> > Being able to detect attacks with multiple IDS is one thing.
> > What action can
> > it take once the IDS detects an attack? Logging it into the
> > syslog server is
> > not enough.
> >
> > Albert
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, February 21, 2003 7:53 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
> >
> >
> > Hi Sean,
> >
> > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> > IDS, and
> > Snort on the server themselves.  You can never be paranoid
> > enough about
> > these sort of things.  Each vendor has different exploits etc,
> > so by
> > implementing a multi vendor path to your critical servers, you
> > protect
> > yourself from any signle vendor specific exploit!
> >
> >
> >
> >
> > Sean Kim wrote:
> > >
> > > Hello all,
> > >
> > > My company is thinking about installing an IDS (dedicated
> > > appliance type) for our network.
> > > As far as I know, the Real Secure and the Cisco IDS are two
> > > biggest names out there.  So I checked out the documents and
> > > white papers provided by the each company, but I couldn't
> > > really come up with what the differences are between them,
> and
> > > which one is better suited for our network.
> > >
> > > Can anyone voice their opinion about these two IDS?
> > >
> > > Thanks,
> > >
> > > Sean Kim
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63511&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Paulo Roque 
There are some papers comparing IDS solution (Cisco, ISS, Snort, etc) on
NSS.
The did a good job.

http://www.nss.co.uk/

Paulo Roque




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63510&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2950 and trunk negotiation [7:63466]

2003-02-21 Thread Robert Edmonds 
The reason that the 2950's do not support ISL trunking is that Cisco is
gradually moving towards supporting the major standards more and proprietary
standards less.  As part of this plan they are beginning to make switches
that only support dot1q trunking.  At least that's what a TAC engineer told
me.  However, this brought up the question, "What about EIGRP?"  He assured
me that some of the proprietary stuff like EIGRP, where there is a real
tangible benefit to using it, will stay.

Robert

""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Any one else noticed that on the 2950, and I guessing other catalyst low
end
> switch's, that one cant define the encapsulation of the trunk link. Yes it
> will auto negotiate, however I feel that control has been pulled away from
> me. I also dont like on the 4006, that you can only define this same
setting
> (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the
> ports default to dot1q. Thankfully I use this, but I am betting that there
> are the odd people out there who may use ISL...
>
> Can some one tell me, is possible, how to define what type of trunk I wish
> to use on the 2950 using IOS 12.1(11)
>
> Thanks all
>
> John
> (please correct where I am wrong)
>
>
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> **
>
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new details.
>
> Level 14, 383 Kent Street, Sydney NSW 2000.
>
> General Phone: 61 2 9278 0666
>
> General Fax: 61 2 9278 0555
>
> **
>
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
>
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63509&t=63466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Albert Lu 
Hi Troy,

Must be some secure site, reason I was interested is that I had a discussion
with someone else before in regards to multi-vendor IDS solutions and how
effective they might be.

So if you mostly rely on manual action, and an attack came in after hours,
how quickly can you respond to your alerts? Since for some attacks, a half
hour response time could cause your site to be down (eg. slammer virus). If
that was the case, even if you had all the vendor's IDS, it will be useless.

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


As with most things, you need to way up costs againts your requirements.  IN
our case, security is absolutely essential, so having a multivendor security
solutions (and indeed fully redundant) is costly, but we see it as
justified.

With regards to action during attacks etc.  We mostly rely on manual actions
as we dont want to inadvertently block legitimate traffic (for example if an
attack came from a spoofed IP). For automatic action, you can make use of
Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on
Pix's, Routers, and indeed Cat's.  according to data from IDS.  So for
example, if you where really paraniod (like we are),. you could have pix's
as the first firewall, with IDS on the inside / dmz etc (using IDSM or
standalone IDS), tie these together with Policy manager .. then taking a
further step into your network, a set of Nokia Fw1 NG, along with further
Nokia IDS solutions on the inside, and tied together using the enterprisef
software!



Albert Lu wrote:
>
> Hi,
>
> I'm just curious about your multi-vendor solution. It must cost
> quite alot
> in order to have 3 IDS running. What about redundancy, if you
> are using dual
> switch/router/fw/ids, you would have a total of 6 IDS.
>
> Being able to detect attacks with multiple IDS is one thing.
> What action can
> it take once the IDS detects an attack? Logging it into the
> syslog server is
> not enough.
>
> Albert
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 7:53 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
>
>
> Hi Sean,
>
> I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> IDS, and
> Snort on the server themselves.  You can never be paranoid
> enough about
> these sort of things.  Each vendor has different exploits etc,
> so by
> implementing a multi vendor path to your critical servers, you
> protect
> yourself from any signle vendor specific exploit!
>
>
>
>
> Sean Kim wrote:
> >
> > Hello all,
> >
> > My company is thinking about installing an IDS (dedicated
> > appliance type) for our network.
> > As far as I know, the Real Secure and the Cisco IDS are two
> > biggest names out there.  So I checked out the documents and
> > white papers provided by the each company, but I couldn't
> > really come up with what the differences are between them, and
> > which one is better suited for our network.
> >
> > Can anyone voice their opinion about these two IDS?
> >
> > Thanks,
> >
> > Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63508&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco 2950 and trunk negotiation [7:63466]

2003-02-21 Thread [EMAIL PROTECTED] 
I am pretty sure that the 2950's only support dot1q trunking and Cisco never
plans to change that.  I remember reading that in an article.  The 2950's
are basically taking over the 1900 series which is ironic because the 1900's
only support isl.  We personally use dot1q on all our trunks because you can
do more with traffic prioritization with dot1q headers.

-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 20, 2003 9:22 PM
To: [EMAIL PROTECTED]
Subject: cisco 2950 and trunk negotiation [7:63466]

Hi,
 
Any one else noticed that on the 2950, and I guessing other catalyst low end
switch's, that one cant define the encapsulation of the trunk link. Yes it
will auto negotiate, however I feel that control has been pulled away from
me. I also dont like on the 4006, that you can only define this same setting
(if you have a GBIC Module) for the first 2 GBIC ports. The rest of the
ports default to dot1q. Thankfully I use this, but I am betting that there
are the odd people out there who may use ISL...
 
Can some one tell me, is possible, how to define what type of trunk I wish
to use on the 2950 using IOS 12.1(11)
 
Thanks all
 
John
(please correct where I am wrong)


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

The Solution 6 Head Office and NSW Branch has moved premises.
Please make sure you have updated your records with our new details.

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63507&t=63466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Scott Nelson 
You can span/mirror 2 ports into one so we only have one set at each ISP
connection.

Most of the action is manual with the exception of some fairly proven
exploits that we use ISS "kills" to handle, such as Napster traffic ( not a
big deal now that it's gone ), gnutella, code red, DNS I-queries, etc.

If I turn all of the automatic stuff on,  when a known signature match is
made, whomever that was is no longer able to gain access as via OPSEC
connections ( http://www.opsec.com/solutions/sec_intrusion_detection.html )
, that block that connection and future connections for that IP for a
pre-determined time. Cisco have the same type of deal for controlling Cisco
devices via the Cisco IDS but I don't like IDS doing too much automatically
though.
It's all kinda like virus protection though, you have to have a signature
match to detect it. Which means you have to have a signature written before
that attack can be recognized. It's all a "belt-and-suspenders" approach
really. With a combination of ACL's on the ISP connection router and
firewall rules and then ACL's on the router after the firewall, we get most
of the stuff.

Snort requires a hardare investment and a lot of tuning. It's not for the
novice but it is on my list of yet another IDS at some point. Probably after
we do the Cisco blades on the 6500's..

Scotty



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63506&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bridge loop and spanning tree NB : sorry I made a mistake there [7:63505]

2003-02-21 Thread hanan 
Hello

Could you please tell why sometime I have in the log of my bridge 350
wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour
later there is no more loop in the bridge, can we have loop occasionally?
And how I can resolve the bridge loop problem
If I enable spanning tree on the bridge and chose the root bridge, do I need
to disable the spanning tree on the APs or the AP also need to be spanning
tree enable, and one last question in switch 2900 the priority to the root
bridge must be 4096,8192,12288 and so on, did the bridge root priority is
the same as the switch or I can chose any number less than 32000?
Do I need also to choose the root bridge in the switches or its enough for
the bridges
Thank you for your help
Hanan

NB : sorry I made a mistake there is no spanning tree in AP ignore my
question about that




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63505&t=63505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sniffer with span on port 6/4 - where just station B is [7:63504]

2003-02-21 Thread [EMAIL PROTECTED] 
Why would a switch lose its CAM entry if the PC is transmiting packets when
flood packets?

I am wondering if there is other condition besides bug or fail module.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63504&t=63504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bridge loop and spanning tree [7:63503]

2003-02-21 Thread hanan 
Hello

Could you please tell why sometime I have in the log of my bridge 350
wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour
later there is no more loop in the bridge, can we have loop occasionally?
And how I can resolve the bridge loop problem
If I enable spanning tree on the bridge and chose the root bridge, do I need
to disable the spanning tree on the APs or the AP also need to be spanning
tree enable, and one last question in switch 2900 the priority to the root
bridge must be 4096,8192,12288 and so on, did the bridge root priority is
the same as the switch or I can chose any number less than 32000?
Do I need also to choose the root bridge in the switches or its enough for
the bridges
Thank you for your help
hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63503&t=63503
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccnp simulator [7:63502]

2003-02-21 Thread oscar 
There is a lot of router simulators but Is there any good for the ccnp?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63502&t=63502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Troy Leliard 
As with most things, you need to way up costs againts your requirements.  IN
our case, security is absolutely essential, so having a multivendor security
solutions (and indeed fully redundant) is costly, but we see it as justified.

With regards to action during attacks etc.  We mostly rely on manual actions
as we dont want to inadvertently block legitimate traffic (for example if an
attack came from a spoofed IP). For automatic action, you can make use of
Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on
Pix's, Routers, and indeed Cat's.  according to data from IDS.  So for
example, if you where really paraniod (like we are),. you could have pix's
as the first firewall, with IDS on the inside / dmz etc (using IDSM or
standalone IDS), tie these together with Policy manager .. then taking a
further step into your network, a set of Nokia Fw1 NG, along with further
Nokia IDS solutions on the inside, and tied together using the enterprisef
software!



Albert Lu wrote:
> 
> Hi,
> 
> I'm just curious about your multi-vendor solution. It must cost
> quite alot
> in order to have 3 IDS running. What about redundancy, if you
> are using dual
> switch/router/fw/ids, you would have a total of 6 IDS.
> 
> Being able to detect attacks with multiple IDS is one thing.
> What action can
> it take once the IDS detects an attack? Logging it into the
> syslog server is
> not enough.
> 
> Albert
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 7:53 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
> 
> 
> Hi Sean,
> 
> I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
> IDS, and
> Snort on the server themselves.  You can never be paranoid
> enough about
> these sort of things.  Each vendor has different exploits etc,
> so by
> implementing a multi vendor path to your critical servers, you
> protect
> yourself from any signle vendor specific exploit!
> 
> 
> 
> 
> Sean Kim wrote:
> >
> > Hello all,
> >
> > My company is thinking about installing an IDS (dedicated
> > appliance type) for our network.
> > As far as I know, the Real Secure and the Cisco IDS are two
> > biggest names out there.  So I checked out the documents and
> > white papers provided by the each company, but I couldn't
> > really come up with what the differences are between them, and
> > which one is better suited for our network.
> >
> > Can anyone voice their opinion about these two IDS?
> >
> > Thanks,
> >
> > Sean Kim
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63501&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Albert Lu 
Hi,

I'm just curious about your multi-vendor solution. It must cost quite alot
in order to have 3 IDS running. What about redundancy, if you are using dual
switch/router/fw/ids, you would have a total of 6 IDS.

Being able to detect attacks with multiple IDS is one thing. What action can
it take once the IDS detects an attack? Logging it into the syslog server is
not enough.

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 21, 2003 7:53 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


Hi Sean,

I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and
Snort on the server themselves.  You can never be paranoid enough about
these sort of things.  Each vendor has different exploits etc, so by
implementing a multi vendor path to your critical servers, you protect
yourself from any signle vendor specific exploit!




Sean Kim wrote:
>
> Hello all,
>
> My company is thinking about installing an IDS (dedicated
> appliance type) for our network.
> As far as I know, the Real Secure and the Cisco IDS are two
> biggest names out there.  So I checked out the documents and
> white papers provided by the each company, but I couldn't
> really come up with what the differences are between them, and
> which one is better suited for our network.
>
> Can anyone voice their opinion about these two IDS?
>
> Thanks,
>
> Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63500&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

clear arp [7:63499]

2003-02-21 Thread Shane Stockman 
Is there a command that I can use to clear the arp table of a specific VLAN 
on a Cat6500 with MSFC2?.

thanks





_
Who's your buddy?  Win Vespa scooters for yourself and 5 of your buddies! 
http://www.sweepstakes2003.com/entry.aspx?LocationID=3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63499&t=63499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ADSL and PIX puzzle [7:63498]

2003-02-21 Thread dlci dlci 
I would like to thank everyone who helped out with my Pix horror picture 
show.
This has aroused some possiblities where previously I couldn4t, lets say 
"see
the trees from the forest"(or is it the other way around ;)
However this has also brought up some questions about all your suggestions.

..the story so far:
Network number: 200.10.10.136/30
So I use 200.10.10.138 255.255.255.0 since provide uses the other available 
IP

Public IPs: 200.10.15.184/29
webserver is 200.10.15.189

Ok, following Mark4s tip I would put 200.10.10.138 255.255.255.0 on Dialer 
int.
Mark then suggests "Put 200.10.15.184/29 on the Ethernet0 of the DSL 
Router..."
and "Put 200.10.15.185/29 on the PIX Outside Interface..."

umm, the IP on eth0 is my network number for public IP space, so, shouldn4t 
eth0 on router
be 200.10.15.185/24 ? If so wouldn4t I be wasting 1 IP to get to the pix?

Albert Lu suggests using ip unnumbered eth0, on the Dialer int,
ok, then if I use 200.10.10.138/24 on eth0 on the router(ISP uses the other 
available IP)
what other IP could I use on the pix eth0 (interface directly connected to 
router4s eth0)?

Why wouldn4t I want to use NAT on both router and pix, and go with Kent 
Hundley suggestion?

_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63498&t=63498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

bridge loop [7:63497]

2003-02-21 Thread hanan 
Hello

Could you please tell why sometime I have in the log of my bridge 350
wireless, bridge loop, which is connected to switch 2900 Cisco, and one hour
later there is no more loop in the bridge, can we have loop occasionally?
And how I can resolve the bridge loop problem

hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63497&t=63497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame-Relay issue [7:63446]

2003-02-21 Thread Monu Sekhon 
Hi Mark,
Thanx for reply.but I mentioned that when we do shut & no shut again link
comes up.no dlci, no lmi problem:
I am testing in lab setup two rouetrs connnected to frame-relay cloud
Please do help anybody in this regard, why the link doesnot come at one
instant
why it requiers again shut and no shut, when i copy paste the config and
when i give command by command then without gving shut and noshut the link
comes up.

Mark W. Odette II wrote:
> 
> >>in show ip interface it shows as protocol down , physical
> link up.
> >>sh frame-relay pvs shows as inactive.no lmi are exchanged.
> 
> Usually "Protocol Down, Link Up" indicates that you have
> mismatched
> encapsulation, LMI-Type, or even incorrect IP Addressing (wrong
> Subnet
> or incorrect Subnet Mask) between your end and the other end of
> the FR
> Network.
> 
> If no LMI is exchanged, then the LMI-Type is incorrect between
> that
> Serial Interface and the Service Provider Frame Switch.
> 
> If this is a Frame Relay LAB setup, double-check your Frame
> Relay
> "Switch" configuration.
> 
> If this is a Production Setup, contact your ISP and verify your
> Frame
> Relay configuration parameters. (LMI-Type, DLCI, etc.)
> 
> 
> On the No Shut command, I'd use it last on each interface you
> configure.
> 
> -Mark
> 
> -Original Message-
> From: Monu Sekhon [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, February 20, 2003 7:40 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Frame-Relay issue [7:63446]
> 
> Hi Larry/John,
> I forgot to mention no shut in the above confif while writing
> here,
> Its still there and connection does not come out
> See I mentioned that while giving command by command manually
> connection
> comes out.
> It seems to me that while the interface is down during that
> frame-relay
> LMIs
> think that interface is down and make the link down.
> I am rather confused.I dont know but this is happening.
> 
> again writing config:
> --
> interface Serial0 
> shut (if i give here no shut then link comes up at one go) 
> encapsulation frame-relay 
> frame-relay lmi-type cisco 
> no shut
> exit 
> interface Serial0/0.1 point-to-point 
> no shutdown 
> ip address 1.1.1.1 255.255.255.0 
> frame-relay interface-dlci 108 
> exit 
> 
> 
> and also John try these in your router but at one go the
> interface will
> not
> come up as far i know .I agree with ur confguration and mine is
> also
> correct
> .Its said by Prisicilla and others that shutting a interface
> is  good
> practise while  configuring encap types.This i read in one of
> the
> previous
> Posts.
> so can u all reply what is the problem here
> in show ip interface it shows as protocol down , physical link
> up.
> sh frame-relay pvs shows as inactive.no lmi are exchanged.
> any help will be appreciated.
> 
> 
> -
> Larry Letterman wrote:
> > 
> > enter the no shut command into your cut and paste script for
> > the Int Ser0 and it will
> > come up..all interfaces in a router are always defaulted to
> > shutdown..In your case the
> > Main interface needs to be no shut in order for the logical
> > interface to work...
> > 
> > --
> > 
> > Larry Letterman
> > Network Engineer
> > Cisco Systems
> > 
> > 
> > ""Monu Sekhon""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi All
> > > Hey I am facing a strange problem in frame-relay
> > >
> > > My config
> > > --
> > > my initial config
> > > int serial 0
> > > (nothing confgured initially)
> > >
> > > Then I cut paste this config and my link does not come up
> > means Interface
> > > does not come up.
> > >
> > > interface Serial0
> > > shut (if i give here no shut then link comes up at one go)
> > > encapsulation frame-relay
> > > frame-relay lmi-type cisco
> > > exit
> > > interface Serial0/0.1 point-to-point
> > > no shutdown
> > > ip address 1.1.1.1 255.255.255.0
> > > frame-relay interface-dlci 108
> > > exit
> > >
> > > I have to do shut and no shut on main interface why ?
> > >
> > > if the above commands i execute one by one then the link
> > comes up.
> > >
> > > Is it a differnece between pasting the config at one go or
> > what when i give
> > > command single by single.
> > > I enable debugging for frame-relay packets and it shows
> > encap faiiled once
> > > only  on the above sub interface.is anything frame-relay
> > lmis has anything
> > > to do.
> > > I am very confused.
> > > Thanx in advance
> > [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63495&t=63446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Traning [7:63494]

2003-02-21 Thread Arni V. Skarphedinsson 
Can any one recomed a good traning class for the CCIE Written Exam, most of
the CCIE traning programs I see offerd are traning for the lab, after you
have taken the written.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63494&t=63494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccnp kit [7:63453]

2003-02-21 Thread Sonic 
Got a friend who is looking for a ccnp kit, you know a couple switches, a
few routers.  It seems he would rather pay a little more for the ability to
have some warranty and the convenience of buying it all at once.  He already
knows about optsys.net and chipsettech.com.  Any other recommendations?

Brian
Why do we reward illegal behavior?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63453&t=63453
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ADSL and PIX puzzle [7:63458]

2003-02-21 Thread Albert Lu 
Hi,

Ideally, you should have the 827 using 'ip unumbered' on the ADSL (dialer)
interface, so that it uses the ethernet interface as the ip address. This
will allow the outside interface of the PIX to be in the public ip address
range that you are allocated, no need for subnetting as suggestted as this
will waste IP address. Once that is done, just do your standard NAT on you
PIX with statics for your webservers etc, etc.

If that isn't possible, then will have to do NAT on the router, and put
statics on the router. The PIX will be doing no translation, so you can
either use nat0 or static (you might need both), I prefer statics.

Regards,

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
dlci_16
Sent: Friday, February 21, 2003 12:34 PM
To: [EMAIL PROTECTED]
Subject: ADSL and PIX puzzle [7:63458]


Hello networkers,

I am trying to "conjure up" a working config for an ADSL link with static
IPs
for a 827 series router,
these public IPs are supposed to point to, say a webserver, that sits behind
a
pix firewall
(which is directly connected to 827 router4s ethernet interface),
problem is when I try to come up with a working config. I find myself
getting into trouble.
(The catch is, I need the webserver behind that pix.)
Now this gets me using NAT twice to get a public IP from
the internet through the router past the pix and into my webserver,
I know it doesn4t sound right and obviously does not work either ;),
Any help/clue/criticisms are most welcome ;)
Ok,
What it looks like so far:


 [internet] >[router] ->[pix] ->[lan/webserver]
[827series]->[506E]--->[lan/webserver]


IP addresses:
For internet access I have 200.10.10.136 mask 255.255.255.0
Public IPs: 200.10.15.184 255.255.255.248 (for example)
Public IP for my webserver is 200.10.15.189


Router 827:
--

!
int eth0
  ip address 192.168.0.200 255.255.255.255.0
  ip nat inside
!
int atm0
  no ip address
  dsl operating-mode auto
!
int atm0.1 point-to-point
   no ip address
   pvc 0/35
pppoe-cliente dial-pool-number 1
!
int dialer1
  ip address 200.10.10.136 255.255.255.0
  ip nat outside
  dialer pool 1
!
ip nat inside source list 1 interface dialer1 overload
ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable
access-list 1 permit 192.168.0.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 interface dialer1
!


PIX 506E:
-

!
nameif eth0 outside security0
nameif eth1 inside security 100
!
ip address outside 192.168.0.201 255.255.255.0
ip address inside 192.168.1.21 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 192.168.0.200 1
!
global (outside) 1 192.168.0.202-192.168.0.248
nat (inside) 1 192.168.0.0 255.255.255.0
!
name 192.168.1.30 webserver
!
static (inside,outside) 200.10.15.189 webserver
!
access-list acl_out permit tcp any host 200.10.15.189 eq 80
!
access-group acl_out in interface outside
!


Maby I am going about this the wrong way,
maby there is still hope just by tweaking my static nat translation at the
router.
If you have reached this far, thank you for your time and effort.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63493&t=63458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lost Switch [7:63469]

2003-02-21 Thread Dave Swink 
Kevin,

How about adding a secondary address to the router interface, that would
allow you to telnet to the switch and change it's address.

Dave Swink

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kevin Wigle
Sent: Thursday, February 20, 2003 10:20 PM
To: [EMAIL PROTECTED]
Subject: Lost Switch [7:63469]


Our group got a support call that a port wasn't working on a switch.

A colleague started looking into the case and found that he couldn't connect
to the switch. (or ping etc)

He was able to get to another switch which is directly connected.

Using CDP he was able to see that the switch is incorrectly configured with
the wrong IP address.

The real subnet is 10.235.x.x  but CDP nei det says that the switch has
10.255.x.x configured.

Is there a way we can get to the switch and fix it over the wire?

Kevin Wigle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63491&t=63469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread Troy Leliard 
Hi Sean, 

I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and
Snort on the server themselves.  You can never be paranoid enough about
these sort of things.  Each vendor has different exploits etc, so by
implementing a multi vendor path to your critical servers, you protect
yourself from any signle vendor specific exploit!




Sean Kim wrote:
> 
> Hello all,
> 
> My company is thinking about installing an IDS (dedicated
> appliance type) for our network.
> As far as I know, the Real Secure and the Cisco IDS are two
> biggest names out there.  So I checked out the documents and
> white papers provided by the each company, but I couldn't
> really come up with what the differences are between them, and
> which one is better suited for our network.
> 
> Can anyone voice their opinion about these two IDS?
> 
> Thanks,
> 
> Sean Kim


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63492&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Connecting Console cable [7:63447]

2003-02-21 Thread Troy Leliard 
This would work if you didn't go throgh the switch, ie from the router
console port -> patchpanel -> wall port -> to your PC (with DB converter
obviously).



SamN wrote:
> 
> I wish to gain access to a router console but it's in the
> server room while
> I am outside.
> Is it possible to do something like that:, Diagram-wise:
> Router---Switch---PatchPanel---User wall I/O---Computer
> 
> I mean, just the way a user would be connected to the router
> ethernet port,
> i want to connect the user to the console port.
> 
> If a solution ain't possible, I can get rid of the switch in
> the middle and
> directly go through the patch panels.
> Any solution would do.
> 
> thank you.
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63490&t=63447
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3600 Network Module 1FE-TX [7:63443]

2003-02-21 Thread Troy Leliard 
Correct, FX is Fibre.  



SamN wrote:
> 
> Hey Guys.
> 
> Whats the difference between these two 3600 Modules
> 
>  1FE-TX and  1FE-FX
> 
> Whenever the word FX comes in, does it mean fiber?
> 
> thank you.
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63489&t=63443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Different usename n pwd for PAP and CHAP [7:63442]

2003-02-21 Thread Troy Leliard 
Normally you would only get one username / password., and the ISP would
configure CHAP, then PAP authentication, ie if the cllent (user) tries to
authenticate, and CHAP fails, it will then authenticate using PAP.  (CHAP
Should always come first as it is the more secure authentication method).

Hope this helps


Deepak N wrote:
> 
> Hi 
>   I am having this question. 
> When configuring the username and password for PAP n CHAP, i am
> giving different username n password.
> Is there any customer scenario where this kind of situation is
> there?
> Also does the ISP provide different username n password for
> different authentication types i.e, one set of username n
> password for CHAP and another set of username and password for
> PAP.
>  i assume that ISP gives only one authentication type either
> CHAP or PAP not both.
>  I need inputs from all of you
> 
> Thanks in advance
> 
> Deepak


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63488&t=63442
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: telnet with mac address [7:63440]

2003-02-21 Thread hanan 
Thank you very much for your reply
But why I want to telnet because my problem is related to my first email
when I upgrade the bridge350 Cisco to the new firmware but I didn't get
answer for that email problem, so for that I need to telnet the bridge here
is a copy of my first email
The bridge had fixed ip address it didn't take ip address from dhcp, and it
is in the remote network

Hello

I tried today to upgrade our Cisco APs 350 and Cisco Bridges 350 to the new
Version firmware 12
AP 350 I upgrade it was ok but when I upgrade the bridge 350, I couldn't any
More access it from the web browser and this bridge dose association with
The other bridge but without ip address so I upgrade the second bridge and
It wasn't any problem with the upgrade with the second bridge but the
Problem still the same the first bridge associate with the second but
Without ip address I made test link to this bridge and the signal was 60%
And what I have in log is too many station BSS
I saw in Cisco web site and it was this error for bridge 340 and its mean
That the bridge can associate one client at a time
And of course I can't any more access the AP
Can you help what I must do exactly and what I must do also to prevent this?
Problem for the upgrade for the others bridges

hanan




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 20, 2003 11:02 PM
To: [EMAIL PROTECTED]
Subject: RE: telnet with mac address [7:63440]

hanan wrote:
>
> Hello
> Could you help please?
> How I can telnet a bridge 350 with his MAC address not with IP
> address

No. Telnet runs above TCP/IP. When you Telnet to something you tell your
Telnet software the IP address (or domain name) of the thing you are
Telnetting to. There's no workaround to this.

But, what problem are you really trying to solve? According to Cisco
documentation, the wireless bridge does have a default address of
192.168.200.1. You could Telnet to that.

However, if the bridge has succesfully gotten a new address from DHCP then
you can no longer use that address. If that is the case, then you can use
the IP Setup Utility (IPSU) to find the bridge's IP address. You may also
use IPSU to set the bridge's IP address.

The IPSU cannot query the bridge's IP address when the computer running IPSU
is on a different subnet than the bridge. If your bridge receives an IP
address from a DHCP server, you must install and run IPSU on a computer on
the same subnet as the bridge.

Priscilla


>
> Thank you
>
> hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63487&t=63440
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MAC address filtering [7:63463]

2003-02-21 Thread szarek john 
Router(config)#access-list ?
  IP standard access list
   IP extended access list
 IPX SAP access list
 Extended 48-bit MAC address access list
 IPX summary address access list
 IP standard access list (expanded range)
   Protocol type-code access list
 IP extended access list (expanded range)
   DECnet access list
   XNS standard access list
   XNS extended access list
   Appletalk access list
   48-bit MAC address access list
   IPX standard access list
   IPX extended access list
  dynamic-extended  Extend the dynamic ACL abolute timer
  rate-limitSimple rate-limit specific access list
Router(config)#access-list 700 deny 1234.1234.1234 ..00ff
Router(config)#access-list 700 permit .. ..
Router(config)#int fa0/0
Router(config-if)#access-expression input smac(700)


Therefor the deny mac is obviously denying that first mac and then we're
permitting everything else
Keep in mind that MAc's are in hexadecimel and therefor the inverse mask
(ACL remember) is
..   which is kind of like going 255.255.255.255 (any) for an ip
access-list.

Don't fret about the "access-expression".  That's the only way to apply
certain ACL's using
Boolean algebraic expression.  smac(700) being source-mac of using address
700.  You can also use dmac(700) being the destination.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63486&t=63463
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Effect of Multipoint config on point-to-point [7:63460]

2003-02-21 Thread Larry Letterman 
The physical interface cannot be used as an active
connection if the sub-interfaces
are configured and used, I believe...

The below might be bettter...
>
> int serial 0
> encap frame-relay
> no shut

> int serial 0.10 multi
> no shut
> ip address  x.x.x.x
> frame-relay map ip x.x.x.x 17


Larry Letterman
Network Engineer
Cisco Systems

> Hi Again ,
> A new small query on frame-relay itself.
> Is the config below valid and can it  be used having both
Multipoint on main
> interface and poin-to-point sub interface simutaneusly.
>
> int serial 0
> encap frame-relay
> ip address
>
> frame-relay interface-dlci 16
>
> int serial 0/0.2 multi
> ip address
> frame-relay map  17
>
> Does such conguration can work or the Muti access config
on main interface
> will afffect the sub interfaces connections also.
> What implications the above design has or all 3
connections can be made to
> work
> any help will be appreciated.
> Thanx in advance
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63485&t=63460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISS Real Secure Vs Cisco IDS [7:63461]

2003-02-21 Thread nrf 
""Sean Kim""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all,
>
> My company is thinking about installing an IDS (dedicated appliance type)
> for our network.
> As far as I know, the Real Secure and the Cisco IDS are two biggest names
> out there.

Actually, the biggest name of all when it comes to IDS is Snort, which is a
freeware open-source product.



>So I checked out the documents and white papers provided by the
> each company, but I couldn't really come up with what the differences are
> between them, and which one is better suited for our network.
>
> Can anyone voice their opinion about these two IDS?
>
> Thanks,
>
> Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63484&t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: GE connect to FE [7:63457]

2003-02-21 Thread Larry Letterman 
No its not...you can connect gig fiber to another switch
that has a 1000sx connector in
it, and connect the fx100 fiber to a fx100 fiber port...the
second switch then becomes a media
converter...

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: "Happy World" 
To: 
Sent: Thursday, February 20, 2003 5:09 PM
Subject: GE connect to FE [7:63457]


> Dear All,
>
> In genearl, is it possible to connect the 1000BaseSX to
100BaseFX using the
> MMF?
>
> Thanks your help.
>
> rgds,
> Happy World
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63483&t=63457
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]