Re: OSPF over FR [7:70025]

[The Road Goes Ever On]

you may want to check out the OSPF config guide on my website

www.chuckslongroad.info

hint - in the world of Cisco certification, it is essential that you master
OSPF over NMBA in all its manifestations.

Catherine Wu  wrote in message
news:[EMAIL PROTECTED]
 I am testing Hub-Spoke for OSPF over FR,

 I verified the neighbor adjacency,but I couldn't see route 2.2.2.2 and
 3.3.3.3 in the routing table,

 RouterA#sh ip ospf nei

 Neighbor ID Pri   State   Dead Time   Address
Interface
 3.3.3.3   1   FULL/  -00:01:4110.1.1.6
 Serial0/0.2
 2.2.2.2   1   FULL/  -00:01:3910.1.1.2
 Serial0/0.1
 RouterB#sh ip ospf nei

 Neighbor ID Pri   State   Dead Time   Address
Interface
 1.1.1.1   1   FULL/BDR00:01:3810.1.1.1
Serial0/0
 RouterC#sh ip ospf nei

 Neighbor ID Pri   State   Dead Time   Address
Interface
 1.1.1.1   1   FULL/BDR00:01:3410.1.1.5
Serial0/0

 RouterA#sh ip ro
 Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
 area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

 Gateway of last resort is not set

  1.0.0.0/32 is subnetted, 1 subnets
 C   1.1.1.1 is directly connected, Loopback0
  10.0.0.0/30 is subnetted, 2 subnets
 C   10.1.1.0 is directly connected, Serial0/0.1
 C   10.1.1.4 is directly connected, Serial0/0.2

 Please help.

 Thanks

 Catherine
 
 RouterA
 interface Loopback0
  ip address 1.1.1.1 255.255.255.255
 !
 interface Serial0/0
  no ip address
  encapsulation frame-relay
  frame-relay lmi-type ansi
  no sh
 !
 interface Serial0/0.1 point-to-point
  ip address 10.1.1.1 255.255.255.252
  ip ospf hello-interval 30
  frame-relay interface-dlci 101
 !
 interface Serial0/0.2 point-to-point
  ip address 10.1.1.5 255.255.255.252
  ip ospf hello-interval 30
  frame-relay interface-dlci 102
 !
 router ospf 1
  log-adjacency-changes
  network 1.1.1.1 0.0.0.0 area 1
  network 10.1.1.0 0.0.0.3 area 0
  network 10.1.1.4 0.0.0.3 area 0

 RouterB
 !
 interface Loopback0
  ip address 2.2.2.2 255.255.255.255
 !
 interface Serial0/0
  ip address 10.1.1.2 255.255.255.252
  encapsulation frame-relay
  frame-relay map ip 10.1.1.1 110 broadcast
  no frame-relay inverse-arp
  frame-relay lmi-type ansi
  no sh
 !
 router ospf 1
  log-adjacency-changes
  network 2.2.2.2 0.0.0.0 area 2
  network 10.1.1.0 0.0.0.3 area 0
  neighbor 10.1.1.1
 !
 RouterC
 interface Loopback0
  ip address 3.3.3.3 255.255.255.255
 !
 interface Serial0/0
  ip address 10.1.1.6 255.255.255.252
  encapsulation frame-relay
  frame-relay map ip 10.1.1.5 120 broadcast
  no frame-relay inverse-arp
  frame-relay lmi-type ansi
  no sh
 !
 router ospf 1
  log-adjacency-changes
  network 3.3.3.3 0.0.0.0 area 3
  network 10.1.1.4 0.0.0.3 area 0
  neighbor 10.1.1.5

 [GroupStudy removed an attachment of type application/ms-tnef which had a
 name of winmail.dat]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70297t=70025
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Are we getting naughty email in the group? [7:70298]

[Nuurul Basar]

Hi,

I am receiving some naughty email on my official email.  I did not register
any and wondering if other in the group are receiving the same type off
email.  I used this email to received only officials email and groupstudy
only.

Thanks

Nuurul Basar Mohd Baki
Network Engineer
DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70298t=70298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Number of routes and memory usage [7:70299]

[Curious]

Hello again friends, I want to thank Mr Jvd for his help, and I would like
to post again my question, It is very surprising that we all have been
working with routers for years but there is no answer for this question, I
can evaluate the ammount of memory used in my router for every type of
route, but I would like to learn from someone more skilled than me and test
my results :) :)

Hello folks, 

I have to evaluate the impact of adding almost 1000  routes in my network,
and what I want to know is simple: How many memory do I need for every new
router? Do you know a simle rule? What I want to know is the relationship
between the number of routes and the memory consumption. I can evaluate know
this by looking how many routes are in may routing table and the memory
used, but I would appreciate any experience from you.
Thanks group! 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70299t=70299
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS for 2500 series router. [7:70056]

[Lamy Alexandre]

Send me Email

[EMAIL PROTECTED]


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70300t=70056
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Number of routes and memory usage [7:70299]

[The Road Goes Ever On]

sounds like the perfect topic for a PhD research project. Assuming, of
course, that number of routes is the only variable which effects sizing of
memory


 Curious  wrote in message
news:[EMAIL PROTECTED]
 Hello again friends, I want to thank Mr Jvd for his help, and I would like
 to post again my question, It is very surprising that we all have been
 working with routers for years but there is no answer for this question, I
 can evaluate the ammount of memory used in my router for every type of
 route, but I would like to learn from someone more skilled than me and
test
 my results :) :)

 Hello folks,

 I have to evaluate the impact of adding almost 1000  routes in my network,
 and what I want to know is simple: How many memory do I need for every new
 router? Do you know a simle rule? What I want to know is the relationship
 between the number of routes and the memory consumption. I can evaluate
know
 this by looking how many routes are in may routing table and the memory
 used, but I would appreciate any experience from you.
 Thanks group!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70305t=70299
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7505 problem, microcode? [7:70288]

[Phil Lorenz]

Is this a new or existing configuration?

Not every 75xx and 72xx module is backwards and forward compatible.

I first began to notice this about 2 or 3 years ago when receiving our
first VXR chassis and have since dealt with the microcode issue (old
module syndrome) in 7500s as well.

When this happens Cisco will generally posts the compatibility issues on
the CCO, and offers some sort of trade up program (very little credit I
might add).

http://www.cisco.com/en/US/customer/products/hw/modules/ps2033/prod_bull
etin09186a00800a3f83.html

I have never seen microcode available for download (chipset thing I
suspect), except for the old CiscoPro routers.

**Don't stop looking and asking though, it's why we're all here... and
all ears ;-)

All the best!
Phil


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Lamy Alexandre
Sent: Friday, June 06, 2003 6:10 PM
To: [EMAIL PROTECTED]
Subject: 7505 problem, microcode? [7:70288]

Is there a good Samaritan who can help me?

I am looking for a microcode for my 7505 router.

I have hundreds IOS images, but there is a microcode missing.

I think that it is cip28.12.bin

take a look at this problem:



sho diagbus
Slot 0:
Physical slot 0, ~physical slot 0xF, logical slot 0, CBus 0
Microcode Status 0x4
Master Enable, LED, WCS Loaded
Board is analyzed
Pending I/O Status: None
EEPROM format version 1
FEIP2 controller, HW rev 2.11, board revision E0
Serial number: 17934563  Part number: 73-1684-04
Test history: 0x00RMA number: 00-00-00
Flags: cisco 7000 board; 7500 compatible

EEPROM contents (hex):
  0x20: 01 20 02 0B 01 11 A8 E3 49 06 94 04 00 00 00 00
  0x30: 70 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00

Slot database information:
Flags: 0x4  Insertion time: 0x2C68 (00:33:37 ago)

Controller Memory Size: 32 MBytes DRAM, 2048 KBytes SRAM

PA Bay 0 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 1
HW rev 1.04, Board revision B0
Serial number: 15811504  Part number: 73-2570-02

PA Bay 1 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 1
HW rev 1.04, Board revision B0
Serial number: 15810930  Part number: 73-2570-02

--Boot log begin--

Cisco Internetwork Operating System Software
IOS (tm) VIP Software (SVIP-DW-M), Version 12.2(16), RELEASE SOFTWARE
(fc3)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 06-Mar-03 23:12 by pwade
Image text-base: 0x60010930, data-base: 0x603E


--Boot log end--

Slot 1:
Physical slot 1, ~physical slot 0xE, logical slot 1, CBus 0
Internal Instruction Error, Microcode Status 0x5
Master Enable, LED, WCS DBUS Cmd Enable, WCS Loading, WCS Loaded
Board is disabled wedged
Pending I/O Status: None
EEPROM format version 1
VIP2 R5K controller, HW rev 2.03, board revision A0
Serial number: 18571089  Part number: 73-2167-06
Test history: 0x00RMA number: 00-00-00
Flags: cisco 7000 board; 7500 compatible

EEPROM contents (hex):
  0x20: 01 1E 02 03 01 1B 5F 51 49 08 77 06 00 00 00 00
  0x30: 50 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00

Slot database information:
Flags: 0x291Insertion time: 0x2C68 (00:33:43 ago)

VIP Controller Memory Size: Unknown

2 crashes since restart.
Last crash context (*Jun 06 2003 06:01:07):
$0 : , AT : , v0 : , v1 : 
a0 : , a1 : , a2 : , a3 : 
t0 : , t1 : , t2 : , t3 : 
t4 : , t5 : , t6 : , t7 : 
s0 : , s1 : , s2 : , s3 : 
s4 : , s5 : , s6 : , s7 : 
t8 : , t9 : , k0 : , k1 : 
gp : , sp : , s8 : , ra : 
EPC : , ErrorEPC : , SREG : 
Cause  (Code 0x0): Interrupt exception


--Boot log begin--

Cisco Internetwork Operating System Software
IOS (tm) VIP Software (SVIP-DW-M), Version 12.2(16), RELEASE SOFTWARE
(fc3)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 06-Mar-03 23:12 by pwade
Image text-base: 0x60010930, data-base: 0x603E


PA Bay 1 Upstream PCI-PCI Bridge, Handle=1
DEC21050 bridge chip, config=0x0
(0x00):dev, vendor id   = 0x00011011
(0x04):status, command  = 0x42800147
 Signaled System Error  on primary bus
(0x08):class code, revid= 0x06040002
(0x0C):hdr, lat timer, cls  = 0x0001
(0x18):sec lat,cls  bus no = 

Re: Insufficient memory to boot the image. [7:70223]

[Brad Ellis]

Either

1) You do not have enough memory (would be the obvious choice)
2) You have a corrupt IOS
3) You have a hardware problem

Try troubleshooting each item one step at a time.  Have you checked the
software center on cisco to make sure you have enough memory for the IOS
image you are tryign to load?  Have you tried swapping out the memory?  Have
you tried re-installing the IOS?

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.ccbootcamp.com (cisco training)
Rajesh Kumar  wrote in message
news:[EMAIL PROTECTED]
 Hello all,

 I see this message upon bootup on 85K router - System INIT -
 Insufficient memory to boot the image.  I suspected the processor board
 and replaced with the known good one.  But still it keeps coming.  Any
 idea of what exactly is going on?

 Thanks,
 rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70295t=70223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[n rf]

The Road Goes Ever On wrote:
 
 n rf  wrote in message
 news:[EMAIL PROTECTED]
  Well, there are still less than 10,000 CCIE's.  So the
 population hasn't
  accelerated THAT dramatically.
 
  Having said that, I will say that the CCIE has most likely
 gotten less
  rigorous and therefore less valuable over time.  I know this
 is going to
  greatly annoy some people when I say this, but the truth is,
 the average
  quality of the later (read: high-number) CCIE's is probably
 lower than the
  average quality of the higher (read: lower-number) CCIE's.
 
 
 I respectfully disagree. True, there are more cheaters out
 there, and more
 practice labs, and the like. OTOH, Cisco is turning over the
 tests more
 often, and the test I saw a couple of mopnths ago was every bit
 as difficult
 as the one I saw a couple of years ago.

You just said it right there, though, Chuck.  More cheaters and more
practice labs.  That makes the process ultimately easier.  I would add other
factors, like changing the test from 2 days to 1, but I think you catch my
drift.

 
 The exam still seems to thrive on silliness ( build a six
 router network
 with every known routing protocol, and force any and all
 peering to occur
 through at least two redistribution points, while forbidding
 static routes,
 routes to null 0, and default networks, and by the way, all
 your /22's must
 be reachable in all of your classful protocol routers which are
 all /29's or
 /28's, and try to get anything to work with the bizarre
 combinations of
 physical interfaces and subinterfaces that we give you )
 
 But IMHO the test is no easier today than it was three years
 ago, anyway. In
 fact, I think the case can be made that the test is more, not
 less relevant
 than it was for those with numbers in the 4000-6000 series,
 where there was
 still substantial emphasis on obsolete vendor proprietary
 protocols

I think the test itself is probably of comparable difficulty.  But I'm
talking about the entire test 'environment' which ultimately makes things
easier.  Bootcamps, practice labs, and all that.

Let me put it to you this way.  Let's say that I set a competition where
everybody who runs 100 meters in 10 seconds or less gets a prize.  My first
batch of runners runs without the benefit of nutritional or chemical
supplements.  My second batch of runners have available to them anabolic
steroids, androstenedione (think Mark McGwire), creatine, blood-doping, and
every other supplement in the world.  Sure, the test itself (can you run 100
m in 10 seconds) is of equivalent difficulty, but surely you would agree
that things are easier for the second group of runners?  Practice labs and
braindumps would be the chemical supplements of the CCIE world.



Now, I'm not saying that there's anything wrong with bootcamps necessarily. 
But it does mean that Cisco needs to constantly raise the bar in order to
keep the overall testing environment the same.  For example, I should
probably adjust the test difficult so that the second group has to run
faster than the first group in order to win the prize, simply because the
second group is chemically enhanced.


 
 just another opinion, worth hat you paid for it ;-
 
 
 
 
 
  Before any of you high-number CCIE's decides to flame me, ask
 yourself if
  you were given the opportunity to trade your number for a
 lower number,
  would you do it?  For example, if you are CCIE #11,000 and
 you could trade
  that number for CCIE #1100, would you take it?  Be honest
 with yourself.
  I'm sure you would concede that you would.  By the same token
 we also know
  that no low-number CCIE would willingly trade his number for
 a higher one.
  The movement is therefore all one-way.  If all CCIE's were
 really
 created
  equal then nobody would really care one way or another which
 number they
  had. Therefore the CCIE community realizes that all CCIE's
 are not created
  equal and that intuitively that the lower number is more
 desirable and the
  higher number is less desirable (otherwise, why does
 everybody want a
 lower
  number?).  Simply put, the test is not as rigorous as it was
 in the past,
  which is why lower numbers are preferred.
 
  Or, I'll put it to you another way.  Let's say that starting
 at #12,000
  Cisco makes the test ridiculously hard, putting in all kinds
 of funky
  technologies, and making the pass rate less than 1% or some
 other
 god-awful
  number.  What would happen?  Simple.  Word would get around
 that the new
  CCIE was super-rigorous and therefore very prestigious to
 pass.
 Eventually,
  numbers greater than #12000 would be coveted, and everybody
 would want to
  trade in their number for one greater than #12000. 
 Recruiters and HR
 people
  would start giving preference to CCIE's with numbers greater
 than #12000.
  The point is that when rigor increases, prestige and
 desirability tends to
  follow.  When rigor declines, so does prestige and
 desirability.
 
 
  And what is the cause of this decline in 

Re: RE: number of CCIE [7:70151]

[n rf]

garrett allen wrote:
 
 you make an a priori argument that lower is better.  is a lower
 number
 cpa better than a higher numbered one?  

You got me wrong.  I didn't say that lower is better at all times.  Read my
entire post again.

I said that more rigorous equates to prestige.  This is why I included my
example of what would happen if Cisco decided to change the CCIE exam to
become extremely rigorous - then eventually people would prize high-number
CCIE's who passed the more rigorous version.  The fact is, prestige follows
rigor.  If something is more rigorous, then it becomes rigorous and vice
versa.  This is why graduating from MIT is more prestigious than graduating
from Podunk Community College.  But the fact is, the CCIE on the whole has
probably gotten more rigorous (i.e. chopping the test from 2 days to 1,
eliminating the dedicated troubleshooting section, more
bootcamps/braindumps, more cheating, etc. etc.) which is why it has become
less prestigious.


actually, probably the
 inverse
 is true as the more recent the certification the more recent
 the
 material covered.  this is balanced against with age comes 
 opportunities and experiences.

Unfortunately, the free market disagrees with you.  The fact is, a growing
number of recruiters, headhunters, and HR people are starting to give
preference to lower-number CCIE's.  Go check out the groupstudy.jobs forum. 
Yet I have never heard of any recruiter giving preference to higher-number
CCIE.  It's always one-way, and that's my point.


 
 threads like this are like discussing the maximum number of
 angels
 dancing on the head of a pin.  i vote we kill the thread before
 it
 spawn.
 
 later.
 
 
 
 
 
 - Original Message -
 From: n rf 
 Date: Thursday, June 5, 2003 5:16 pm
 Subject: RE: number of CCIE [7:70151]
 
  Well, there are still less than 10,000 CCIE's.  So the
 population
  hasn'taccelerated THAT dramatically.
  
  Having said that, I will say that the CCIE has most likely
 gotten
 less
  rigorous and therefore less valuable over time.  I know this
 is
  going to
  greatly annoy some people when I say this, but the truth is,
 the
  averagequality of the later (read: high-number) CCIE's is
 probably
  lower than the
  average quality of the higher (read: lower-number) CCIE's.
  
  Before any of you high-number CCIE's decides to flame me, ask 
  yourself if
  you were given the opportunity to trade your number for a
 lower
  number,would you do it?  For example, if you are CCIE #11,000
 and
  you could trade
  that number for CCIE #1100, would you take it?  Be honest
 with
  yourself. 
  I'm sure you would concede that you would.  By the same token
 we
  also know
  that no low-number CCIE would willingly trade his number for
 a
  higher one. 
  The movement is therefore all one-way.  If all CCIE's were 
  really created
  equal then nobody would really care one way or another which 
  number they
  had. Therefore the CCIE community realizes that all CCIE's
 are not
  createdequal and that intuitively that the lower number is
 more
  desirable and the
  higher number is less desirable (otherwise, why does
 everybody
  want a lower
  number?).  Simply put, the test is not as rigorous as it was
 in
  the past,
  which is why lower numbers are preferred.
  
  Or, I'll put it to you another way.  Let's say that starting
 at
  #12,000Cisco makes the test ridiculously hard, putting in all 
  kinds of funky
  technologies, and making the pass rate less than 1% or some
 other
  god-awful
  number.  What would happen?  Simple.  Word would get around
 that
  the new
  CCIE was super-rigorous and therefore very prestigious to
 pass.
  Eventually,numbers greater than #12000 would be coveted, and 
  everybody would want to
  trade in their number for one greater than #12000. 
 Recruiters and
  HR people
  would start giving preference to CCIE's with numbers greater
 than
  #12000. 
  The point is that when rigor increases, prestige and
 desirability
  tends to
  follow.  When rigor declines, so does prestige and
 desirability.
  
  
  And what is the cause of this decline in rigor?  Well, you
 alluded to
  several factors.  While it is still rather controversial
 exactly
  how the
  switch from 2 days to 1 day impacted the program, it is
 widely
  conceded that
  it probably didn't help.  Nor does having all these
 braindumps all
  over the
  Internet, and not just for the written, but the lab as well. 
 The
  CCIE has
  certain arcane logistical rules that people have figured out
 how
  to 'game' -
  for example, for example, some people who live near test
 sites
  just attempt
  the lab every month over and over again.  Finally, there is
 the
  consensusthat the CCIE program has simply not kept up with
 the
  growing amount of
  study material, bootcamps, lab-guides, and so forth.  We all
 know
  there's an
  entire cottage industry devoted just to helping people to
 pass the
  lab, and
  while there's nothing wrong with that per se, it does 

Remote VPN config cause PIX-PIX link hang!! [7:70293]

[Steven shinnick]

Hi.. Group.  Me again, I solved my no traffic pass thru problem but
PIX-PIX link hang problem still there. After I added my remote VPN client
config in my PIX, my PIX-PIX link to HK and Tokyo will hang after 10 hours. 
Any one know what is the problem?
 
Below are my sh crypto isakmp sa result in my LonPIX when it hang
  dstsrcstate  
pending   created
103.103.103.130  200.117.50.125(remote)  QM_IDLE 0  2
hkpix  103.103.103.130 QM_IDLE
0  0
tokpix 103.103.103.130 QM_IDLE
0  0

I recall Daniel question for me as shown below?  Should I ask Tokyo and HK
admin to to change transform-set from esp-des to esp-des esp-md5-hmac as
well?  Is that the cause??

4) You mentioned that you changed your transform set in London. Did you 
also change it to match in Hong Kong and Tokyo?

 
Lonpix
crypto ipsec transform-set lonset esp-des esp-md5-hmac 
 
TokPIX/ HKPIX 
crypto ipsec transform-set newset esp-des
 
LonPIX
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

TokPIX/ HKPIX
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400

 
 
Daniel Cotts  wrote:
1) Can we assume that the client is fully authenticated? Your config looks
good. There is a line crypto map lonmap client authentication RS that I
don't understand. My guess is that authenticates remote users individually
beyond the group password used between the Client and PIX. If there is any
question, you could remove it temporarily for testing.
2) Is the Client installed on a PC that has a software firewall or the PC is
behind a firewall? If so, check the settings there.
3) You are using VPN Client software 3.6 or thereabouts?
4) You mentioned that you changed your transform set in London. Did you also
change it to match in Hong Kong and Tokyo?
5) use sh crypto isakmp sa and sh crypto ipsec sa to see what connections
are up.
HTH
Let the list know when you are successful.

-Original Message-
From: Steven shinnick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 9:23 PM
To: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: VPN client can connect but no traffic can pass [7:70084]


Hey.. Daniel and Study Group

I follow the instruction to assign different IP range for my IPPOOLS,
172.16.4.1-172.16.4.31. But I still can't ping and talk to my local LAN
after get connected. Any idea what's wrong? Besides, I want to make clear
that I accidentally delete - at the following line when I send to u. It
was no-nat in my config not nonat

nat (inside) 0 access-list no-nat

Besides, I want to discussing about the PIX-PIX hang problem (not
immediately) after I add in additional config for remote VPN client. I
suspect it is caused by change the following line from 
crypto ipsec transform-set lonset esp-des to--
crypto ipsec transform-set lonset esp-des esp-md5-hmac 

without changing this my client can't get authenticated

I have 2 isakmp policies , 10 was originally set for PIX-PIX to HK and
Tokyo, and I add in 20 for Remote VPN connection. Any idea about my PIX-PIX
hang problem with additional Remote VPN config? 

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

My New config is 
LONPIX# wr term
Building configuration...
: Saved
:
PIX Version 6.0
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password  encrypted
passwd  encrypted
hostname LONPIX
domain-name xxx.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 70.7.75.150 HKpix
name 20.2.25.150 tokpix
access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0
255.255.255.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-n! at permit ip 172.16.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0
255.255.255.255.224

Re: Cisco cert [7:70233]

[Rajagopal Iyengar]

Dear all,

I would like to add that as long as you are a CCIE its irrelevant becuase
you are among the few who has that Internetworking Expert tag with you.Even
though there are a lot of Boot camps  lots of resources that are available
for you to gain the knowledge to pass the most difficult certification.But
it should also be remembered that its the person who has earned it has gone
through the grind to get it.It takes atleast 6 months of dedicated
preparation to atleast pass the Lab on the first attempt.I would like to ask
one Question aren't most of the Network Engineers have an Engineering Degree
as their Basic qualification does that mean that the value of the degree
goes down??Even though u might be a CCIE# 2.Aren't you among the few of
best knowledgble people in the networking Arena??And more over you also get
paid for it +Job Gurantee.
Please consider the above mentioned view points.


--
Regards,

Rajagopal.
95250-2463729/02502463729/912502463729.
Lamy Alexandre  wrote in message
news:[EMAIL PROTECTED]
 You think that it is possible to have all certifications Cisco, and to be
an
 expert on all technologies?

 Because I really wonder if that is worth the sorrow the CCIE in 2003,
 prestige is not there any more.

 Will too many resources, too much bootcamp, too many offers to become
 CCIE... that give what in 5 years?

 Perhaps it is interesting to have other certifications Cisco, which will
 have perhaps more recognition.

 In the sense that to be well recognized, several high level certifications
 would be perhaps better. Because CCIE RS, the answers of the written exam
 are not hard to find. Testking, Troytech, CorrectExam, RealQuestions, lot
of
 braindump etc... just them to retain and you have the written exam. On the
 other hand, it is harder to find the answers for other certifications
(CCIE
 Security, SNA, CCIP etc...)

 By having all certifications, perhaps one will be a truth gourou
networker..

 If this possible...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70262t=70233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Are we getting naughty email in the group? [7:70298]

[The Road Goes Ever On]

Nuurul Basar  wrote in message
news:[EMAIL PROTECTED]
 Hi,

 I am receiving some naughty email on my official email.  I did not
register
 any and wondering if other in the group are receiving the same type off
 email.  I used this email to received only officials email and groupstudy
 only.

I stopped using my real e-mail address on Groupstudy well over a year ago -
maybe even two years ago. Since that time I have received two spams on the
Groupstudy address, both of which were certification study related. So I can
say with confidence that Groupstudy is not likely the source of your spam
problem.

On the other hand, my real e-mail address is now being flooded with spam of
all sorts. I strongly suspect that happened for two reasons - using it to
buy something from e-bay stores and foolishly using it as my contact e-mail
when I registered my domain.

if you are using your company e-mail address for anyting other than internal
company business, such as buying from an on-line store, you may have opened
yourself up. I regularly receive spams from persons offering to sell me
hundreds of thousands of proven valid e-mail addresses.Once you are on one
of thoses lists, your only recourse is to change e-mail addresses.





 Thanks

 Nuurul Basar Mohd Baki
 Network Engineer
 DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70306t=70298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN client can connect but no traffic can pass [7:70084]

[Steven shinnick]

Hi.. Daniel and Group..  Thanks a millions..!!  I SOLVED the issue.  It was
bcoz I installed Two different VPN clients in my PC.  1)VPN Systems VPN
client 3.6.4 2)Cisco Secure VPN client (Safenet).  I uninstall both and
reinstalled # 1 only.  I can connect to LAN now.
 
I have some extra questions
1) how many remote VPN connections can connect to the PIX515 at the same
time?
2) Can I assign the same local LAN IP range for  VPN client IPPOOLS?
 
Thanks   

Daniel Cotts  wrote:
1) Can we assume that the client is fully authenticated? Your config looks
good. There is a line crypto map lonmap client authentication RS that I
don't understand. My guess is that authenticates remote users individually
beyond the group password used between the Client and PIX. If there is any
question, you could remove it temporarily for testing.
2) Is the Client installed on a PC that has a software firewall or the PC is
behind a firewall? If so, check the settings there.
3) You are using VPN Client software 3.6 or thereabouts?
4) You mentioned that you changed your transform set in London. Did you also
change it to match in Hong Kong and Tokyo?
5) use sh crypto isakmp sa and sh crypto ipsec sa to see what connections
are up.
HTH
Let the list know when you are successful.

-Original Message-
From: Steven shinnick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 9:23 PM
To: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: VPN client can connect but no traffic can pass [7:70084]


Hey.. Daniel and Study Group

I follow the instruction to assign different IP range for my IPPOOLS,
172.16.4.1-172.16.4.31. But I still can't ping and talk to my local LAN
after get connected. Any idea what's wrong? Besides, I want to make clear
that I accidentally delete - at the following line when I send to u. It
was no-nat in my config not nonat

nat (inside) 0 access-list no-nat

Besides, I want to discussing about the PIX-PIX hang problem (not
immediately) after I add in additional config for remote VPN client. I
suspect it is caused by change the following line from 
crypto ipsec transform-set lonset esp-des to--
crypto ipsec transform-set lonset esp-des esp-md5-hmac 

without changing this my client can't get authenticated

I have 2 isakmp policies , 10 was originally set for PIX-PIX to HK and
Tokyo, and I add in 20 for Remote VPN connection. Any idea about my PIX-PIX
hang problem with additional Remote VPN config? 

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

My New config is 
LONPIX# wr term
Building configuration...
: Saved
:
PIX Version 6.0
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password  encrypted
passwd  encrypted
hostname LONPIX
domain-name xxx.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 70.7.75.150 HKpix
name 20.2.25.150 tokpix
access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0
255.255.255.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-n! at permit ip 172.16.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0
255.255.255.255.224
no pager
logging on
logging buffered errors
logging trap errors
logging history errors
logging facility 18
logging host inside 172.16.3.101
no logging message 400010
interface ethernet0 100basetx
interface ethernet1 100basetx
mtu outside 1500
mtu inside 1500
ip address outside 103.103.130.130 255.255.255.240
ip address inside 172.16.3.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool IPPOOLS 172.16.4.1-172.16.4.31
pdm history enable
arp timeout 14400
global (outside) 1 103.103.103.131
nat (inside) 0 access-list no-nat
nat (inside) 1 172.16.3.0 255.255.255.0 0 0
conduit permit icmp any any 
route outside 0.0.0.0 0.0.0.0 103.103.103.129 ! 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server RADIUS protocol radius 
aaa-server LOCAL protocol local 
aaa-server RS protocol radius
aaa-server RS (inside) host 172.16.3.101 RSKEY timeout 5 
aaa authentication ssh console LOCAL
no snmp-server location

Re: Cisco 3550 smi switch [7:70072]

[Brad Ellis]

Oh, BTW, if you erase the flash completely, and reload the switch, it very
nicely takes a new image via serial xmodem (even at 9.6kpbs)...we figured
this one out last week.  Oh fun.

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.ccbootcamp.com (cisco training)
The Road Goes Ever On  wrote in
message news:[EMAIL PROTECTED]
 Brad Ellis  wrote in message
 news:[EMAIL PROTECTED]
  Technically, all you need is the emi image, and tftp it to the switch.
 Keep
  in mind, that the 3550 will not erase the flash before xfer'ing the file
  over, so you'll need to take that into consideration and either erase
the
  current flash, or config it to boot off the new image (otherwise it will
  still use the SMI image even though the EMI image is on there as well).


 This is one case where it is absolutely essential to RTFM, and understand
 it, prior to attmpting an upgrade.

 And it's not like the FM is particularly clear, with several excellent
 examples.

 But you are correct that copy tftp flash is not the way to go.


 
  thanks,
  -Brad Ellis
  CCIE#5796 (RS / Security)
  Network Learning Inc
  [EMAIL PROTECTED]
  www.ccbootcamp.com (cisco training)
   wrote in message
  news:[EMAIL PROTECTED]
   Hi group,
  
   I just got a cisco 3550 smi switch, could someone let me know how to
   upgrade the switch to emi ?
  
   Thank you very much...
  
  
   Philip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70245t=70072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[philip]

Man,



I never see a job post specify that certain CCIE number is prefer.

Why did you even bother to ask this question in the beginning, if you think
the value of CCIE title has drop.

I think is fair to say, after you finished it than you will know what it
take.

Please take the CCIE lab exam before you make any common on this subject.

Of course the # mean a lot but the learning process was even more important.
In fact, one consultant company just hires two new CCIE recently with 140K
salaries per year. They both study at the same school that I went.



This studygroup is a very valuable resource to us and everybody is working
really hard to his or her dream. I will suggest that if you are scare about
the increasing number of CCIE, please leave and seeking another valuable
certification for yourself.



Just my 2-cent.


- Original Message -
From: n rf 
To: 
Sent: Thursday, June 05, 2003 5:16 PM
Subject: RE: number of CCIE [7:70151]


 Well, there are still less than 10,000 CCIE's.  So the population hasn't
 accelerated THAT dramatically.

 Having said that, I will say that the CCIE has most likely gotten less
 rigorous and therefore less valuable over time.  I know this is going to
 greatly annoy some people when I say this, but the truth is, the average
 quality of the later (read: high-number) CCIE's is probably lower than the
 average quality of the higher (read: lower-number) CCIE's.

 Before any of you high-number CCIE's decides to flame me, ask yourself if
 you were given the opportunity to trade your number for a lower number,
 would you do it?  For example, if you are CCIE #11,000 and you could trade
 that number for CCIE #1100, would you take it?  Be honest with yourself.
 I'm sure you would concede that you would.  By the same token we also know
 that no low-number CCIE would willingly trade his number for a higher one.
 The movement is therefore all one-way.  If all CCIE's were really
created
 equal then nobody would really care one way or another which number they
 had. Therefore the CCIE community realizes that all CCIE's are not created
 equal and that intuitively that the lower number is more desirable and the
 higher number is less desirable (otherwise, why does everybody want a
lower
 number?).  Simply put, the test is not as rigorous as it was in the past,
 which is why lower numbers are preferred.

 Or, I'll put it to you another way.  Let's say that starting at #12,000
 Cisco makes the test ridiculously hard, putting in all kinds of funky
 technologies, and making the pass rate less than 1% or some other
god-awful
 number.  What would happen?  Simple.  Word would get around that the new
 CCIE was super-rigorous and therefore very prestigious to pass.
Eventually,
 numbers greater than #12000 would be coveted, and everybody would want to
 trade in their number for one greater than #12000.  Recruiters and HR
people
 would start giving preference to CCIE's with numbers greater than #12000.
 The point is that when rigor increases, prestige and desirability tends to
 follow.  When rigor declines, so does prestige and desirability.


 And what is the cause of this decline in rigor?  Well, you alluded to
 several factors.  While it is still rather controversial exactly how the
 switch from 2 days to 1 day impacted the program, it is widely conceded
that
 it probably didn't help.  Nor does having all these braindumps all over
the
 Internet, and not just for the written, but the lab as well.  The CCIE has
 certain arcane logistical rules that people have figured out how to
'game' -
 for example, for example, some people who live near test sites just
attempt
 the lab every month over and over again.  Finally, there is the consensus
 that the CCIE program has simply not kept up with the growing amount of
 study material, bootcamps, lab-guides, and so forth.  We all know there's
an
 entire cottage industry devoted just to helping people to pass the lab,
and
 while there's nothing wrong with that per se, it does mean that Cisco
needs
 to keep pace to maintain test rigor.  To offer a parallel situation, when
 the MCSE bootcamps started to proliferate, the value of the MCSE plummeted
 because Microsoft did not properly maintain the rigor of the cert.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70239t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: number of CCIE [7:70151]

[n rf]

Fernando Saldana del C wrote:
 
 Dear n fr,
 
 Which CCIE number are you ?

What does it matter what my CCIE number is?  How does that affect the
validity of my statements? Either what I’m saying is either true or it
isn’t, who I am has nothing to do with anything.  Why can’t people debate
just on the merits of the argument?

 
 Are you trying to devalue more the networking jobs?

As if I really had that kind of power over the market.   I am just one
person.  If networking jobs are being devalued, it is because the free
market has decided that it be so.  The free market is composed of numerous
economic entities.  It would be the height of arrogance to think that I, as
one person, could by myself manipulate the entire market merely with my
words.  If I really had that kind of power of persuasion, then I have a
stellar career as a politician or a motivational speaker ahead of me, and I
certainly wouldn’t be wasting my time here.

I think what people are really afraid of is that I am not ‘acting alone’ –
that what I’m saying is actually a growing consensus within the market. 
Think about it – who really cares if I alone think one way if everybody else
thinks the opposite?   If such were the case, then my concerns could be
easily dismissed.  The real problem is that I am not alone – that I am
saying what the free market (which is comprised of numerous economic
entites) is saying, which is that high-number CCIE’s are on the whole
treated with more skepticism than low-number CCIE’s.


 
 Please be realistic you cannot compare a Software
 company with a Networking company.

I am being entirely realistic.  The fact is, in the history of IT
certification, every single one ultimately declines in value.  Happened with
the CNE, happened with the MCSE, and is happening now with the CCIE.

 
 I looks like you are saying that the world will return
 to the stone age and communicate by messengers that
 will run log distance to take the information to the
 main site.

Uh, interesting non-sequitur.  When did I ever say anything like that?  

What I said is that on the whole, the CCIE program has gotten easier with
time due to the proliferatio of bootcamps, braindumps, and other such
supporting infrastructure.  Therefore, anybody who has passed the CCIE
lately has undergone a less rigorous test than those who passed the exam in
the old days.

 
 Try to respect the networking field and rise its
 level.

And how does anything I've said imply a lack of respect?  

 
 Thank you
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70301t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3550 smi switch [7:70072]

[The Road Goes Ever On]

Brad Ellis  wrote in message
news:[EMAIL PROTECTED]
 Technically, all you need is the emi image, and tftp it to the switch.
Keep
 in mind, that the 3550 will not erase the flash before xfer'ing the file
 over, so you'll need to take that into consideration and either erase the
 current flash, or config it to boot off the new image (otherwise it will
 still use the SMI image even though the EMI image is on there as well).


This is one case where it is absolutely essential to RTFM, and understand
it, prior to attmpting an upgrade.

And it's not like the FM is particularly clear, with several excellent
examples.

But you are correct that copy tftp flash is not the way to go.



 thanks,
 -Brad Ellis
 CCIE#5796 (RS / Security)
 Network Learning Inc
 [EMAIL PROTECTED]
 www.ccbootcamp.com (cisco training)
  wrote in message
 news:[EMAIL PROTECTED]
  Hi group,
 
  I just got a cisco 3550 smi switch, could someone let me know how to
  upgrade the switch to emi ?
 
  Thank you very much...
 
 
  Philip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70296t=70072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[n rf]

Sigh.  I knew this was going to happen.  

Gentlemen, this is why I posted such a long response, because I wanted you
all to be honest with yourselves.  I could have just said what I had to say
straight-up, without any explanation, but I felt (and obviously with a lot
of justification) that I needed to do a lot of explaining.  Just ask
yourself the question - if you had a high-number, would you want to trade it
for a lower number?  You know in your heart what you want, even if you don't
want to admit it on this board.  Answer the question and be perfectly honest
with yourself.

Somebody asked whether employers are asking for lower numbers.  You're damn
right they are.  Several recruiters, headhunters, and HR people have stated
that they give preference lower-number CCIE's.  In fact, you may have seen
this several times on the groupstudy.jobs ng.  Yet I have never ever seen a
recruiter saying that he gives preference a higher-number CCIE.  Why is
that?  Why is it only one-way?  I tend not to believe in coincidences - when
there's smoke, there's probably fire.

Somebody also asked what number CCIE I am.  Well, what exactly does that
have to do with anything?  Because I may or may not be a low-number CCIE,
that somehow affects the truth of my arguments?  Either they're true or
they're not. Who I am has nothing to do with it.   Why the ad-hominem
attacks?  Why can't people debate things simply on the merits of the
argument, rather than calling into question people's motives?   Hell, if you
want to go down the road of ad-hominem attacks, I could just as easily say
that all my detractors are or will be high-number CCIE's and so therefore
all their arguments should be ignored because their motives are also
questionable.  But I don't do that.

And when did I ever compare networking to a software company?  Seems like a
complete non-sequitur to me.

About me 'devaluing' networking - how could I really doing that?  Are you
saying it's my fault that networking is devalued?  Seriously.  I am only 1
person.  How could 1 person acting alone devalue networking in any
measurable way?  If I really had the power to manipulate entire markets like
that, I'd be a multimillionaire and I  certainly wouldn't be hanging out
here on this ng.  I think the real fear that people have is that I am not
alone - that I really am telling the truth.  If networking has been
devalued, it is because the free market has decided that it should be
devalued, and what is the free market but many individual entities all
acting in their own self-interest?  Therefore if networking has been
devalued, it is because many people have decided that it be so.  Not just me
alone.


About the cpa argument - I would argue that whenever the cpa test happened
to be more difficult, then it would be more prestigious. Whenever anything
is more difficult, it becomes more prestigious.  Is that particularly
shocking?  Why is a degree from MIT more prestigious than a degree from
Podunk Community College?  Simple - graduating from MIT is harder than
graduating from PCC.  I even stated that if the CCIE all of a sudden got
very very difficult starting today, then anybody who passed starting today
would earn more prestige.  Simply put - prestige follows rigor.

And Chuck, you said it yourself  -   True, there are more cheaters out
there, and more practice labs, and the like...  - and those kinds of things
are exactly what I'm talking about.  Bottom line - the CCIE is not as hard
to attain today as it was in the past, whether because of cheating or more
practice materials, or whatever.  You also said that the test is just as
difficult today as it was in the past.  But it's not just the test that I'm
talking about, but rather the entire CCIE procedure that I'm talking about. 
The tests themselves may be of equivalent difficulty, but if there are more
bootcamps and whatnot today, then ultimately that means that the CCIE
procedure of today is easier.  Sure test A and test B might be equal in
difficulty, but if people are more bootcamp-ed to take test B, then
ultimately passing test B is easier.  Again, I don't think bootcamps are
necessarily wrong, but it does mean that if you want to maintain the same
level of difficulty, you have to compensate for the bootcamps by making test
B even harder than test A.   Otherwise, you end up with a situation where
people who passed test A were good, but people who passed test B may not be
quite as good, but had the benefit of bootcamps.
 
Or let me put it to you another way.  Surely you would agree that companies
like Princeton Review and Kaplan make the SAT's easier.  The SAT's fight
back by using relative scoring - where your scores are calculated not
absolutely, but relative to your peers, according to percentiles. 
(Incidentally, I think relative scoring is something the CCIE program could
use, but I digress).   But if ETS (the administrators of the SAT) were to
use absolute scoring, then surely you would agree that a score of 1500

Re: VPN client can connect but no traffic can pass [7:70084]

[Steven shinnick]

Hey David and Group
 
I have done as what you had asked me to change but no luck.  Still no
traffic can pass thru although it can connect.  My new config is at the end
of the mail.  Anyone have idea why??  I really feel strange, as my username
and password can be authenticated by my W2K radius server but why no traffic
can pass to LAN after get connected? I saw the traffic statistic of VPN
client increase but I can't connect to any thing on the LAN.  Why?
 
 P/s: why you suggest to change from crypto map from 30 to 35 ?  

David Tran II  wrote:

After looking at your configuration, you need to do this:

change from:
crypto map lonmap 30 ipsec-isakmp dynamic outside_dyn

change to:
crypto map lonmap 35 ipsec-isakmp dynamic outside_dyn

and add in this line:
crypto map lonmap client configuration address respond
crypto map lonmap client authentication RS (I think you already have this
line)


It looks to me like you are using xtended authentication, it is a good 
idea to upgrade your code from 6.0.x to at least 6.2(2) or better yet,
6.3(1).
I know for a fact that the configuration above works for version 6.2(2) or 
higher. 6.3(1) supports NAT traversal.

 My New config is 
 LONPIX# wr term
 Building configuration...
 : Saved
 :
 PIX Version 6.2 
 nameif ethernet0 outside security0
 nameif ethernet1 inside security100
 enable password  encrypted
 passwd  encrypted
 hostname LONPIX
 domain-name xxx.co.uk
 fixup protocol ftp 21
 fixup protocol http 80
 fixup protocol h323 h225 1720
 fixup protocol h323 ras 1718-1719
 fixup protocol ils 389
 fixup protocol rsh 514
 fixup protocol rtsp 554
 fixup protocol smtp 25
 fixup protocol sqlnet 1521
 fixup protocol sip 5060
 fixup protocol skinny 2000
 names
 name 70.7.75.150 HKpix
 name 20.2.25.150 tokpix
 access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 
255.255.255.0 
 access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 
255.255.0.0 
 access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0
 255.255.255.0
 access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 
255.255.0.0 
 access-list no-nat permit ip 172.16.3.0 255.255.255.0 172.16.4.0
 255.255.255.224
 access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0
 255.255.255.224
 access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0
 255.255.255.255.224
 no pager
 logging on
 logging buffered errors
 logging trap errors
 logging history errors
 logging facility 18
 logging host inside 172.16.3.101
 no logging message 400010
 interface ethernet0 100basetx
 interface ethernet1 100basetx
 mtu outside 1500
 mtu inside 1500
 ip address outside 103.103.130.130 255.255.255.240
 ip address inside 172.16.3.254 255.255.255.0
 ip audit info action alarm
 ip audit attack action alarm
 ip local pool IPPOOLS 172.16.4.1-172.16.4.31
 pdm history enable
 arp timeout 14400
 global (outside) 1 103.103.103.131
 nat (inside) 0 access-list no-nat
 nat (inside) 1 172.16.3.0 255.255.255.0 0 0
 conduit permit icmp any any 
 route outside 0.0.0.0 0.0.0.0 103.103.103.129 1
 timeout xlate 3:00:00
 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
 0:05:00 sip 0:30:00 sip_media 0:02:00
 timeout uauth 0:05:00 absolute
 aaa-server TACACS+ protocol tacacs+ 
 aaa-server RADIUS protocol radius 
 aaa-server LOCAL protocol local 
 aaa-server RS protocol radius
 aaa-server RS (inside) host 172.16.3.101 RSKEY timeout 5 
 aaa authentication ssh console LOCAL
 no snmp-server location
 no snmp-server contact
 snmp-server community public
 no snmp-server enable traps
 floodguard enable
 sysopt connection permit-ipsec
 no sysopt route dnat
 crypto ipsec transform-set lonset esp-des esp-md5-hmac 
 crypto dynamic-map outside_dyn 30 set transform-set lonset
 crypto map lonmap 10 ipsec-isakmp
 crypto map lonmap 10 match address 111
 crypto map lonmap 10 set peer hkpix
 crypto map lonmap 10 set transform-set lonset
 crypto map lonmap 20 ipsec-isakmp
 crypto map lonmap 20 match address 112
 crypto map lonmap 20 set peer tokpix
 crypto map lonmap 20 set transform-set lonset
 crypto map lonmap 35 ipsec-isakmp dynamic outside_dyn
 crypto map lonmap interface outside

crypto map lonmap client configuration address respond
 crypto map lonmap client authentication RS
 isakmp enable outside
 isakmp key  address hkpix netmask 255.255.255.255 
 isakmp key  address tokpix netmask 255.255.255.255 
 isakmp identity address
 isakmp policy 10 authentication pre-share
 isakmp policy 10 encryption des
 isakmp policy 10 hash sha
 isakmp policy 10 group 1
 isakmp policy 10 lifetime 86400
 isakmp policy 20 authentication pre-share
 isakmp policy 20 encryption des
 isakmp policy 20 hash md5
 isakmp policy 20 group 2
 isakmp policy 20 lifetime 86400
 vpngroup GROUP address-pool IPPOOLS
 vpngroup GROUP dns-server 172.16.3.101
 vpngroup GROUP wins-server 172.16.3.101
 vpngroup GROUP default-domain company.com
 vpngroup GROUP idle-time 1000
 vpngroup GROUP password 
 telnet 

RE: VPN client can connect but no traffic can pass [7:70084]

[Daniel Cotts]

1) Can we assume that the client is fully authenticated? Your config looks
good. There is a line crypto map lonmap client authentication RS that I
don't understand. My guess is that authenticates remote users individually
beyond the group password used between the Client and PIX. If there is any
question, you could remove it temporarily for testing.
2) Is the Client installed on a PC that has a software firewall or the PC is
behind a firewall? If so, check the settings there.
3) You are using VPN Client software 3.6 or thereabouts?
4) You mentioned that you changed your transform set in London. Did you also
change it to match in Hong Kong and Tokyo?
5) use sh crypto isakmp sa and sh crypto ipsec sa to see what connections
are up.
HTH
Let the list know when you are successful.

-Original Message-
From: Steven shinnick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 9:23 PM
To: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: VPN client can connect but no traffic can pass [7:70084]


Hey..  Daniel and Study Group
 
I follow the instruction to assign different IP range for my IPPOOLS,
172.16.4.1-172.16.4.31.  But I still can't ping and talk to my local LAN
after get connected.  Any idea what's wrong? Besides, I want to make clear
that I accidentally delete - at the following line when I send to u.  It
was no-nat in my config not nonat
 
nat (inside) 0 access-list no-nat

Besides, I want to discussing about the PIX-PIX hang problem (not
immediately) after I add in additional config for remote VPN client.  I
suspect it is caused by change the following line from 
crypto ipsec transform-set lonset esp-des   to--
crypto ipsec transform-set lonset esp-des esp-md5-hmac 
 
without changing this my client can't get authenticated
 
I have 2 isakmp policies , 10 was originally set for PIX-PIX to HK and
Tokyo, and I add in 20 for Remote VPN connection.  Any idea about my PIX-PIX
hang problem with additional Remote VPN config? 
 
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
 
My New config is 
LONPIX# wr term
Building configuration...
: Saved
:
PIX Version 6.0
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password  encrypted
passwd  encrypted
hostname LONPIX
domain-name xxx.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 70.7.75.150 HKpix
name 20.2.25.150 tokpix
access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0
255.255.255.0 
access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 
access-list no-n! at permit ip 172.16.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0
255.255.255.224
access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0
255.255.255.255.224
no pager
logging on
logging buffered errors
logging trap errors
logging history errors
logging facility 18
logging host inside 172.16.3.101
no logging message 400010
interface ethernet0 100basetx
interface ethernet1 100basetx
mtu outside 1500
mtu inside 1500
ip address outside 103.103.130.130 255.255.255.240
ip address inside 172.16.3.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool IPPOOLS 172.16.4.1-172.16.4.31
pdm history enable
arp timeout 14400
global (outside) 1 103.103.103.131
nat (inside) 0 access-list no-nat
nat (inside) 1 172.16.3.0 255.255.255.0 0 0
conduit permit icmp any any 
route outside 0.0.0.0 0.0.0.0 103.103.103.129 ! 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server RADIUS protocol radius 
aaa-server LOCAL protocol local 
aaa-server RS protocol radius
aaa-server RS (inside) host 172.16.3.101 RSKEY timeout 5 
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set lonset esp-des esp-md5-hmac 
crypto dynamic-map outside_dyn 30 set transform-set lonset
crypto map lonmap 10 ipsec-isakmp
crypto map lonmap 10 match address 111
crypto map lonmap 10 set peer hkpix
crypto map lonmap 10 set transform-set lonset
crypto map lonmap 20 ipsec-isakmp
crypto map lonmap 20 

RE: number of CCIE [7:70151]

[Howard C. Berkowitz]

I commend people to remember the tale of the Emperor's New Clothes here.

It utterly confounds me that people are focusing on the CCIE number 
as the discriminator for a hiring decision, lower being better.

Lower means that one obtained the certification earlier.  Presumably, 
since the number was obtained, the individual has been working.  This 
can mean that the lower-numbered candidate can present a solid track 
record of CCIE-level work experience to an employer, while the 
higher-numbered candidate simply may not have the experience.

I've never regarded certification, in any field, as more than an 
entry point.  Let's put it this way -- when I had to have open-heart 
surgery, I could have chosen among several board-certified surgeons. 
The most important factors, however, were how many procedures they 
had done, and, even more importantly, how frequently they do them. 
Surgical statistics show, without question, that part-time cardiac 
surgeons and their teams do not have the good results of someone that 
does such procedures constantly.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70307t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Anyone use the older Cisco Cache 2050 Cache engines? [7:70308]

[Scott Nelson]

Called Cisco and they do not have the upgrade anymore, to enable Wccp v2.

I have v1.7.5  and I need v1.7.6  .

It's not even on their software download site any longer.
Anyone have 1.7.6 lying around?

TIA

Scotty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70308t=70308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: religious wars [7:70274]

[Sam Sneed]

Since when is FreeBSD a flavor of Linux??? Would you say Solaris is a flavor
of Linux as well???

All *nix's are not the same.


Black Jack  wrote in message
news:[EMAIL PROTECTED]
 Old timers will remember Mac vs DOS/Windows. Or UNIX vs DOS. Or Beta vs
VHS.
 More recent is Linux vs FreeBSD, or one flavor of Linux distribution vs
 another. (See http://ars.userfriendly.org/cartoons/?id=19990301 for
example.
 By the way, if you are not familiar with www.userfriendly.org, you gotta
 check it out. Funniest geek-oriented comic strip this side of dilbert)

 Anyway, try asking network types what their favorite TFTP server is...
 then step back!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70310t=70274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: religious wars [7:70274]

[Arnold, Jamie]

That's for sure.  Linus wrote his first code in 1991.  FreeBSD was beginning
in 1993.  OpenBSD is my personal fave.


-Original Message-
From: Sam Sneed [mailto:[EMAIL PROTECTED] 
Sent: Saturday, June 07, 2003 3:34 PM
To: [EMAIL PROTECTED]

Since when is FreeBSD a flavor of Linux??? Would you say Solaris is a flavor
of Linux as well???

All *nix's are not the same.


Black Jack  wrote in message
news:[EMAIL PROTECTED]
 Old timers will remember Mac vs DOS/Windows. Or UNIX vs DOS. Or Beta 
 vs
VHS.
 More recent is Linux vs FreeBSD, or one flavor of Linux distribution 
 vs another. (See http://ars.userfriendly.org/cartoons/?id=19990301 for
example.
 By the way, if you are not familiar with www.userfriendly.org, you 
 gotta check it out. Funniest geek-oriented comic strip this side of 
 dilbert)

 Anyway, try asking network types what their favorite TFTP server is...
 then step back!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70320t=70274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: religious wars [7:70274]

[Howard C. Berkowitz]

At 7:33 PM + 6/7/03, Sam Sneed wrote:
Since when is FreeBSD a flavor of Linux??? Would you say Solaris is a flavor
of Linux as well???

All *nix's are not the same.

In other words, we don't just have wars between major religions; it 
goes down to the level of denomination and schism, to say nothing of 
legitimacy. Shades of Popes and Anti-Popes...

Someone from Avignon really should post in this thread. :-)



Black Jack  wrote in message
news:[EMAIL PROTECTED]
  Old timers will remember Mac vs DOS/Windows. Or UNIX vs DOS. Or Beta vs
VHS.
  More recent is Linux vs FreeBSD, or one flavor of Linux distribution vs
  another. (See http://ars.userfriendly.org/cartoons/?id=19990301 for
example.
  By the way, if you are not familiar with www.userfriendly.org, you gotta
  check it out. Funniest geek-oriented comic strip this side of dilbert)

  Anyway, try asking network types what their favorite TFTP server is...
   then step back!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70321t=70274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Number of routes and memory usage [7:70299]

[Howard C. Berkowitz]

At 3:48 PM + 6/7/03, The Road Goes Ever On wrote:
sounds like the perfect topic for a PhD research project. Assuming, of
course, that number of routes is the only variable which effects sizing of
memory


 Curious  wrote in message
news:[EMAIL PROTECTED]
  Hello again friends, I want to thank Mr Jvd for his help, and I would
like
  to post again my question, It is very surprising that we all have been
  working with routers for years but there is no answer for this question,
I
  can evaluate the ammount of memory used in my router for every type of
  route, but I would like to learn from someone more skilled than me and
test
  my results :) :)

  Hello folks,

  I have to evaluate the impact of adding almost 1000  routes in my
network,
  and what I want to know is simple: How many memory do I need for every
new
  router? Do you know a simle rule? What I want to know is the relationship
  between the number of routes and the memory consumption. I can evaluate
know
  this by looking how many routes are in may routing table and the memory
  used, but I would appreciate any experience from you.
   Thanks group!

  To start out with, the amount of memory is going to depend on the 
routing protocol(s) in use. But before going farther, be aware that 
the impact of adding routes impacts more than memory. It will have 
effects on route processor load, and thus potentially on other 
functions using that processor.  In certain processing architectures, 
such as the 7000 with silicon or autonomous switching, it can have 
significant effects on the cache.

Purely for memory, you will need 1-2 small buffers per route in the 
routing table. OSPF, EIGRP, and ISIS all keep databases, which will 
vary as to the amount of storage needed. Roughly, an LSA takes 
300-400 bytes.  EIGRP topology tables will be on the order of the 
size of the routing table each neighbor.

In a router with fast switching, you'll also need at least one buffer 
per cached route. Of course, when you get into the distributed 
switching modes, there will be VIP memory consumption as well as main 
processor.

BGP will become even more complex because you can have multiple views 
of the loc-RIB.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70319t=70299
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: number of CCIE [7:70151]

[Jamie Johnson]

I was finally going to weigh into this, but Howard has said pretty much what
I was going to say (excluding the part about having had heart surgery!).
Thanks.

Jamie Johnson

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Howard C. Berkowitz
Sent: Saturday, June 07, 2003 11:36 AM
To: [EMAIL PROTECTED]
Subject: RE: number of CCIE [7:70151]


I commend people to remember the tale of the Emperor's New Clothes here.

It utterly confounds me that people are focusing on the CCIE number
as the discriminator for a hiring decision, lower being better.

Lower means that one obtained the certification earlier.  Presumably,
since the number was obtained, the individual has been working.  This
can mean that the lower-numbered candidate can present a solid track
record of CCIE-level work experience to an employer, while the
higher-numbered candidate simply may not have the experience.

I've never regarded certification, in any field, as more than an
entry point.  Let's put it this way -- when I had to have open-heart
surgery, I could have chosen among several board-certified surgeons.
The most important factors, however, were how many procedures they
had done, and, even more importantly, how frequently they do them.
Surgical statistics show, without question, that part-time cardiac
surgeons and their teams do not have the good results of someone that
does such procedures constantly.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70318t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: religious wars [7:70274]

[The Road Goes Ever On]

Howard C. Berkowitz  wrote in message
news:[EMAIL PROTECTED]
 At 7:33 PM + 6/7/03, Sam Sneed wrote:
 Since when is FreeBSD a flavor of Linux??? Would you say Solaris is a
flavor
 of Linux as well???
 
 All *nix's are not the same.

 In other words, we don't just have wars between major religions; it
 goes down to the level of denomination and schism, to say nothing of
 legitimacy. Shades of Popes and Anti-Popes...

 Someone from Avignon really should post in this thread. :-)

Preferably somebody named Boniface?


 
 
 Black Jack  wrote in message
 news:[EMAIL PROTECTED]
   Old timers will remember Mac vs DOS/Windows. Or UNIX vs DOS. Or Beta
vs
 VHS.
   More recent is Linux vs FreeBSD, or one flavor of Linux distribution
vs
   another. (See http://ars.userfriendly.org/cartoons/?id=19990301 for
 example.
   By the way, if you are not familiar with www.userfriendly.org, you
gotta
   check it out. Funniest geek-oriented comic strip this side of dilbert)
 
   Anyway, try asking network types what their favorite TFTP server is...
then step back!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70322t=70274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7505 problem, microcode? [7:70288]

[Daniel Cotts]

The proper microcode should be included with each release of IOS. In very
special circumstances a special microcode release may be needed to fix a
specific bug. TAC would provide that to you via a special download. So my
guess is that if your IOS doesn't have the required microcode then it is not
the correct version to support the PA in that VIP2 card.
1) What is in slot1?
2) Has it ever worked? In this router or another?

 -Original Message-
 From: Lamy Alexandre [mailto:[EMAIL PROTECTED]
 Sent: Friday, June 06, 2003 5:10 PM
 To: [EMAIL PROTECTED]
 Subject: 7505 problem, microcode? [7:70288]
 
 
 Is there a good Samaritan who can help me?
 
 I am looking for a microcode for my 7505 router.
 
 I have hundreds IOS images, but there is a microcode missing.
 
 I think that it is cip28.12.bin
 
 take a look at this problem:
 
 
 
 sho diagbus
 Slot 0:
 Physical slot 0, ~physical slot 0xF, logical slot 0, CBus 0
 Microcode Status 0x4
 Master Enable, LED, WCS Loaded
 Board is analyzed
 Pending I/O Status: None
 EEPROM format version 1
 FEIP2 controller, HW rev 2.11, board revision E0
 Serial number: 17934563  Part number: 73-1684-04
 Test history: 0x00RMA number: 00-00-00
 Flags: cisco 7000 board; 7500 compatible
 
 EEPROM contents (hex):
   0x20: 01 20 02 0B 01 11 A8 E3 49 06 94 04 00 00 00 00
   0x30: 70 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00
 
 Slot database information:
 Flags: 0x4  Insertion time: 0x2C68 (00:33:37 ago)
 
 Controller Memory Size: 32 MBytes DRAM, 2048 KBytes SRAM
 
 PA Bay 0 Information:
 Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
 EEPROM format version 1
 HW rev 1.04, Board revision B0
 Serial number: 15811504  Part number: 73-2570-02
 
 PA Bay 1 Information:
 Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
 EEPROM format version 1
 HW rev 1.04, Board revision B0
 Serial number: 15810930  Part number: 73-2570-02
 
 --Boot log begin--
 
 Cisco Internetwork Operating System Software
 IOS (tm) VIP Software (SVIP-DW-M), Version 12.2(16), RELEASE 
 SOFTWARE (fc3)
 Copyright (c) 1986-2003 by cisco Systems, Inc.
 Compiled Thu 06-Mar-03 23:12 by pwade
 Image text-base: 0x60010930, data-base: 0x603E
 
 
 --Boot log end--
 
 Slot 1:
 Physical slot 1, ~physical slot 0xE, logical slot 1, CBus 0
 Internal Instruction Error, Microcode Status 0x5
 Master Enable, LED, WCS DBUS Cmd Enable, WCS Loading, 
 WCS Loaded
 Board is disabled wedged
 Pending I/O Status: None
 EEPROM format version 1
 VIP2 R5K controller, HW rev 2.03, board revision A0
 Serial number: 18571089  Part number: 73-2167-06
 Test history: 0x00RMA number: 00-00-00
 Flags: cisco 7000 board; 7500 compatible
 
 EEPROM contents (hex):
   0x20: 01 1E 02 03 01 1B 5F 51 49 08 77 06 00 00 00 00
   0x30: 50 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00
 
 Slot database information:
 Flags: 0x291Insertion time: 0x2C68 (00:33:43 ago)
 
 VIP Controller Memory Size: Unknown
 
 2 crashes since restart.
 Last crash context (*Jun 06 2003 06:01:07):
 $0 : , AT : , v0 : , v1 : 
 a0 : , a1 : , a2 : , a3 : 
 t0 : , t1 : , t2 : , t3 : 
 t4 : , t5 : , t6 : , t7 : 
 s0 : , s1 : , s2 : , s3 : 
 s4 : , s5 : , s6 : , s7 : 
 t8 : , t9 : , k0 : , k1 : 
 gp : , sp : , s8 : , ra : 
 EPC : , ErrorEPC : , SREG : 
 Cause  (Code 0x0): Interrupt exception
 
 
 --Boot log begin--
 
 Cisco Internetwork Operating System Software
 IOS (tm) VIP Software (SVIP-DW-M), Version 12.2(16), RELEASE 
 SOFTWARE (fc3)
 Copyright (c) 1986-2003 by cisco Systems, Inc.
 Compiled Thu 06-Mar-03 23:12 by pwade
 Image text-base: 0x60010930, data-base: 0x603E
 
 
 PA Bay 1 Upstream PCI-PCI Bridge, Handle=1
 DEC21050 bridge chip, config=0x0
 (0x00):dev, vendor id   = 0x00011011
 (0x04):status, command  = 0x42800147
  Signaled System Error  on primary bus
 (0x08):class code, revid= 0x06040002
 (0x0C):hdr, lat timer, cls  = 0x0001
 (0x18):sec lat,cls  bus no = 0x00020200
 (0x1C):sec status, io base  = 0x0380F0A0
  Data Parity Detected   on secondary bus
 (0x20):mem base  limit = 0x03F00200
 (0x24):prefetch membase/lim = 0xFE00
 (0x3C):bridge ctrl  = 0x0003
 (0x40):arb/serr, 

RE: number of CCIE [7:70151]

[Mark W. Odette II]

Here's a question for those recruiters, headhunters and HR People- Out of
CCIE 1025-, how many of them do you think are still actively with the
program, still working in the industry, still are at the top of their game
(i.e., could go back in and take the OLD LAB again), and are the Crhme of
the crop that they have so valued them as??!?!?!

There are reasons of human physiology and psychology that proves that the
old saying is true... If you don't keep practicing a skill or knowledge
through repetition, you simply will loose your edge.  My hat is off to
CCIE #1058 if he can still complete the OLD LAB blind folded and run circles
around CCIE #10,269 in regards to the complex multi-protocol setup of
DECNet, IPX, SNA, IP (w/ BGP, OSPF, EIGRP), and AppleTalk for a 8-10+ router
network that was the result of 2 or more multi-hundred-thousand-node
companies merging.  But I must insert my own pessimism that I seriously
doubt this is the case.  This could be for any number of reasons, but I'm
sure the number one reason is that it was too time-consuming and expensive
to maintain such prestige.  Not to mention, they probably got laid off for
one reason or another in the past 3-5 years.

Headhunters and Recruiters are more arrogant than those CCIE's that have
been minted in the past 24 months.  And they've been that way for at least
the last decade.  An engineer with Blah-blah-blah certifications is nothing
but a potential for them making a huge commission for hooking up that
engineer with the employer.  And because of this arrogance, they have these
BS ideals that CCIE# 6328 is truly expert, and CCIE #10524 doesn't deserve
the respect of knowing much more than how to power on a piece of Cisco
equipment.  To put in your analogy format, that's like saying the M.D. that
got his PHD 20 years ago, but got bored with continually going back to those
medical conferences and continued education on advances in medical science
is more preferential than the Doctor that has been practicing medicine for
only the past 3 years.  I bet is that the older Doc is going to continue
performing tried and true procedures that have a greater risk of failure
or permanent damage of some sort (could be scars, amputated limb, etc.) than
the younger Doc that is current with procedures that result in more
favorable outcomes for the same medical situations.

NRF- You've said yourself in the past that Cisco has changed the CCIE
program for financial reasons, be it for increased revenue or wiser
financial efficiency in maintaining the equipment, facilities, etc.  What
about simple relevance?  True, not as many routing protocol technologies are
being tested on... but they make up for that by testing on new technologies
such as Voice, Security, etc.   So, because Cisco tests on new technologies,
that makes it acceptable for the market and all those Headhunters,
Recruiters, and HR folks to deem the CCIE not as valuable as it once was?!?
They obviously have a jaded/ill-informed point of reference in comparing the
old with the new.

Out of curiosity, just exactly what are the names of all these brain-dump
groups/sites that make the CCIE LAB a cake-walk?!?  If they are so common
knowledge, I have a hard time believing that Cisco would allow them to
continue operating.  I'm sure Mr. Chambers is intelligent enough to look
ahead and realize he would be preempting the demise of his own company if
his company perpetuated the cycle of braindump-prepared CCIEs will equal
less positive reputation for support and value of the products themselves. 
Or in more simplistic terms, surely he's smart enough to foresee the
cause-and-effect scenario of allowing hundreds of CCIE's to be minted per
month.

If the economy is so dismal for a majority (read 70%+) of the country,
especially the IT industry, just exactly how are all these New CCIE's
affording to pay for braindump memberships, Bootcamps, rack rentals and/or
personal lab purchases to prepare for the O-so-easy CCIE LAB?!?!  I guess my
point is, I must be continuing to perpetuate myself in this little naove
bubble that makes me have a hard time believing/accepting the CCIE program
is being overran in record time with wannabe CCIE's that just simply
bought their certification rather than earning it.

Give us some facts that can give merit to the free market's delusion that
Computer Networking isn't worth the nickel it used to be.  And yes, I
believe the free market is under delusional control.  Most of which has
been perpetuated by the Dot.Bomb era (which has been nothing but
pessimistic influence of the US Media [and yes, I know part of it was a
result of bad financial decisions by some start-up companies and some of the
Telco's, but the ripple affects caused in short by the media is why all the
other businesses have experienced demise]).  Real Estate and Oil had its
big boom period too, but that hasn't seemed to have had an affect on the
purchases of houses and gas in the past 15 years... in fact, they've just

Re: number of CCIE [7:70151]

[The Road Goes Ever On]

some comments are meant in good fun, others are of more serious source. pray
do not take offense, as none is intended.

n rf  wrote in message
news:[EMAIL PROTECTED]
 Sigh.  I knew this was going to happen.

so why'd you bring it up in the first place? :-


 Gentlemen, this is why I posted such a long response, because I wanted you
 all to be honest with yourselves.  I could have just said what I had to
say
 straight-up, without any explanation, but I felt (and obviously with a lot
 of justification) that I needed to do a lot of explaining.  Just ask
 yourself the question - if you had a high-number, would you want to trade
it
 for a lower number?  You know in your heart what you want, even if you
don't
 want to admit it on this board.  Answer the question and be perfectly
honest
 with yourself.

most of us on this list would take any number we could get!  ;-


 Somebody asked whether employers are asking for lower numbers.  You're
damn
 right they are.  Several recruiters, headhunters, and HR people have
stated
 that they give preference lower-number CCIE's.  In fact, you may have seen
 this several times on the groupstudy.jobs ng.  Yet I have never ever seen
a
 recruiter saying that he gives preference a higher-number CCIE.  Why is
 that?  Why is it only one-way?  I tend not to believe in coincidences -
when
 there's smoke, there's probably fire.


so there are some idiot recruiters who are lockstepping with what thweir
idiot employer / clients are asking for.  I can recall when CCNA became all
the rage, and there were some employers / recruiters who were turning down
people with CCNP's. Against stupidity, the gods themselves contend in vain.
As a job seeker, it behooves someone to focus on identifying the kind of
people they want to work with and for, and those who should be avoided.


 Somebody also asked what number CCIE I am.  Well, what exactly does that
 have to do with anything?  Because I may or may not be a low-number CCIE,
 that somehow affects the truth of my arguments?  Either they're true or
 they're not. Who I am has nothing to do with it.   Why the ad-hominem
 attacks?  Why can't people debate things simply on the merits of the
 argument, rather than calling into question people's motives?   Hell, if
you
 want to go down the road of ad-hominem attacks, I could just as easily say
 that all my detractors are or will be high-number CCIE's and so therefore
 all their arguments should be ignored because their motives are also
 questionable.  But I don't do that.

in general I respect your observations. I agree with this particular
comment. I believe your own particular status is irrelevant. I believe the
source is typical human nature. Just because someone has achieved something
does not necessarily mean their observation or opinion is more valid than
those of someone who has not. But human nature being what it is, many people
tend to take the advice of someone with the numbers or letters after tha
name as better than that of someone who does not.



 And when did I ever compare networking to a software company?  Seems like
a
 complete non-sequitur to me.

 About me 'devaluing' networking - how could I really doing that?  Are you
 saying it's my fault that networking is devalued?  Seriously.  I am only 1
 person.  How could 1 person acting alone devalue networking in any
 measurable way?  If I really had the power to manipulate entire markets
like
 that, I'd be a multimillionaire and I  certainly wouldn't be hanging out
 here on this ng.  I think the real fear that people have is that I am not
 alone - that I really am telling the truth.  If networking has been
 devalued, it is because the free market has decided that it should be
 devalued, and what is the free market but many individual entities all
 acting in their own self-interest?  Therefore if networking has been
 devalued, it is because many people have decided that it be so.  Not just
me
 alone.

you're NOT that powerful? How disappointing :-

the job market is what you make of it. Yes there are external factors. In
the grand scheme of things, comparative advantage comes into play somewhere
along the line. I suggest that netwroking is to the point where fewer
companies require on site support staff. They can outsource, colocate,
purchase manged services, and in the end this means fewer staff jobs, and
the remaining staff jobs requiring more expertise. Not saying it will happen
tomorrow, but I can see the trend as well.




 About the cpa argument - I would argue that whenever the cpa test happened
 to be more difficult, then it would be more prestigious. Whenever anything
 is more difficult, it becomes more prestigious.  Is that particularly
 shocking?  Why is a degree from MIT more prestigious than a degree from
 Podunk Community College?  Simple - graduating from MIT is harder than
 graduating from PCC.  I even stated that if the CCIE all of a sudden got
 very very difficult starting today, then anybody who passed starting today
 

Re: number of CCIE [7:70151]

[nrf nrf]

Man,



I never see a job post specify that certain CCIE number is prefer.

I have, many times.  For example, just check out the archives at 
groupstudy.jobs.


Why did you even bother to ask this question in the beginning, if you think
the value of CCIE title has drop.

Huh?  I didn't ask anything.  What are you talking about?


I think is fair to say, after you finished it than you will know what it
take.

Believe me, I know what it takes.  See below.


Please take the CCIE lab exam before you make any common on this subject.

You are assuming that I have never taken the lab.  What if I told you I 
have.  So now, according to your rules, I now have the right to say anything 
I want, right?


Of course the # mean a lot but the learning process was even more 
important.
In fact, one consultant company just hires two new CCIE recently with 140K
salaries per year. They both study at the same school that I went.

And by the same token check out all the CCIE's who haven't found a a job for 
a very long time.  Don't believe me?  Again, go to groupstudy.jobs.  Or 
alt.certification.cisco.  Or forums.cisco.com.  Or any other place where 
CCIE's tend to congregate and you can read the stories of CCIE's desperate 
to find work.




This studygroup is a very valuable resource to us and everybody is working
really hard to his or her dream. I will suggest that if you are scare about
the increasing number of CCIE, please leave and seeking another valuable
certification for yourself.

I'm not scared about anything.  I would ask whether you're scared that 
perhaps your high-number CCIE may not be particularly valuable.

But is that my fault?  Did I cause the high-number to be less valuable?  I'm 
just saying that it is less valuable, but I did not make that happen.  You 
don't like what I'm saying, take it up with the entity that is responsible - 
take it up with Cisco itself.  Ask Cisco why they changed the test from 2 
days to 1.  Ask Cisco why they let braindumps proliferate.  Ask Cisco why 
they got rid of the troubleshooting section of the test.  Ask Cisco why they 
just let people come back every month and take the test over and over again 
until they finally pass.  All these things hurt the integrity of the 
program.  But none of them are my fault - they're Cisco's fault.

Look, the facts are clear.  The CCIE has declined in quality.  This is why 
you have some recruiters giving preference to low-number CCIE's.  But nobody 
is giving preference to high-number CCIE's.  Why is that?  Ask yourself why 
is it only one-way?  It is inescapably  because of the drop in quality of 
the program.  But now ask yourself whose fault is that?  It's certainly not 
my fault - I'm not responsible for keeping the quality of the program high.  
It's Cisco's fault.




Just my 2-cent.


- Original Message -
From: n rf 
To: 
Sent: Thursday, June 05, 2003 5:16 PM
Subject: RE: number of CCIE [7:70151]


  Well, there are still less than 10,000 CCIE's.  So the population hasn't
  accelerated THAT dramatically.
 
  Having said that, I will say that the CCIE has most likely gotten less
  rigorous and therefore less valuable over time.  I know this is going to
  greatly annoy some people when I say this, but the truth is, the average
  quality of the later (read: high-number) CCIE's is probably lower than 
the
  average quality of the higher (read: lower-number) CCIE's.
 
  Before any of you high-number CCIE's decides to flame me, ask yourself 
if
  you were given the opportunity to trade your number for a lower number,
  would you do it?  For example, if you are CCIE #11,000 and you could 
trade
  that number for CCIE #1100, would you take it?  Be honest with yourself.
  I'm sure you would concede that you would.  By the same token we also 
know
  that no low-number CCIE would willingly trade his number for a higher 
one.
  The movement is therefore all one-way.  If all CCIE's were really
created
  equal then nobody would really care one way or another which number 
they
  had. Therefore the CCIE community realizes that all CCIE's are not 
created
  equal and that intuitively that the lower number is more desirable and 
the
  higher number is less desirable (otherwise, why does everybody want a
lower
  number?).  Simply put, the test is not as rigorous as it was in the 
past,
  which is why lower numbers are preferred.
 
  Or, I'll put it to you another way.  Let's say that starting at #12,000
  Cisco makes the test ridiculously hard, putting in all kinds of funky
  technologies, and making the pass rate less than 1% or some other
god-awful
  number.  What would happen?  Simple.  Word would get around that the 
new
  CCIE was super-rigorous and therefore very prestigious to pass.
Eventually,
  numbers greater than #12000 would be coveted, and everybody would want 
to
  trade in their number for one greater than #12000.  Recruiters and HR
people
  would start giving preference to CCIE's with numbers greater than 
#12000.
  The 

RE: number of CCIE [7:70151]

[Jack Nalbandian]

Dude, with all due respect, are you a recruiter for some college somwhere?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n
rf
Sent: Saturday, June 07, 2003 9:06 AM
To: [EMAIL PROTECTED]
Subject: Re: number of CCIE [7:70151]


Sigh.  I knew this was going to happen.

Gentlemen, this is why I posted such a long response, because I wanted you
all to be honest with yourselves.  I could have just said what I had to say
straight-up, without any explanation, but I felt (and obviously with a lot
of justification) that I needed to do a lot of explaining.  Just ask
yourself the question - if you had a high-number, would you want to trade it
for a lower number?  You know in your heart what you want, even if you don't
want to admit it on this board.  Answer the question and be perfectly honest
with yourself.

Somebody asked whether employers are asking for lower numbers.  You're damn
right they are.  Several recruiters, headhunters, and HR people have stated
that they give preference lower-number CCIE's.  In fact, you may have seen
this several times on the groupstudy.jobs ng.  Yet I have never ever seen a
recruiter saying that he gives preference a higher-number CCIE.  Why is
that?  Why is it only one-way?  I tend not to believe in coincidences - when
there's smoke, there's probably fire.

Somebody also asked what number CCIE I am.  Well, what exactly does that
have to do with anything?  Because I may or may not be a low-number CCIE,
that somehow affects the truth of my arguments?  Either they're true or
they're not. Who I am has nothing to do with it.   Why the ad-hominem
attacks?  Why can't people debate things simply on the merits of the
argument, rather than calling into question people's motives?   Hell, if you
want to go down the road of ad-hominem attacks, I could just as easily say
that all my detractors are or will be high-number CCIE's and so therefore
all their arguments should be ignored because their motives are also
questionable.  But I don't do that.

And when did I ever compare networking to a software company?  Seems like a
complete non-sequitur to me.

About me 'devaluing' networking - how could I really doing that?  Are you
saying it's my fault that networking is devalued?  Seriously.  I am only 1
person.  How could 1 person acting alone devalue networking in any
measurable way?  If I really had the power to manipulate entire markets like
that, I'd be a multimillionaire and I  certainly wouldn't be hanging out
here on this ng.  I think the real fear that people have is that I am not
alone - that I really am telling the truth.  If networking has been
devalued, it is because the free market has decided that it should be
devalued, and what is the free market but many individual entities all
acting in their own self-interest?  Therefore if networking has been
devalued, it is because many people have decided that it be so.  Not just me
alone.


About the cpa argument - I would argue that whenever the cpa test happened
to be more difficult, then it would be more prestigious. Whenever anything
is more difficult, it becomes more prestigious.  Is that particularly
shocking?  Why is a degree from MIT more prestigious than a degree from
Podunk Community College?  Simple - graduating from MIT is harder than
graduating from PCC.  I even stated that if the CCIE all of a sudden got
very very difficult starting today, then anybody who passed starting today
would earn more prestige.  Simply put - prestige follows rigor.

And Chuck, you said it yourself  -   True, there are more cheaters out
there, and more practice labs, and the like...  - and those kinds of things
are exactly what I'm talking about.  Bottom line - the CCIE is not as hard
to attain today as it was in the past, whether because of cheating or more
practice materials, or whatever.  You also said that the test is just as
difficult today as it was in the past.  But it's not just the test that I'm
talking about, but rather the entire CCIE procedure that I'm talking about.
The tests themselves may be of equivalent difficulty, but if there are more
bootcamps and whatnot today, then ultimately that means that the CCIE
procedure of today is easier.  Sure test A and test B might be equal in
difficulty, but if people are more bootcamp-ed to take test B, then
ultimately passing test B is easier.  Again, I don't think bootcamps are
necessarily wrong, but it does mean that if you want to maintain the same
level of difficulty, you have to compensate for the bootcamps by making test
B even harder than test A.   Otherwise, you end up with a situation where
people who passed test A were good, but people who passed test B may not be
quite as good, but had the benefit of bootcamps.

Or let me put it to you another way.  Surely you would agree that companies
like Princeton Review and Kaplan make the SAT's easier.  The SAT's fight
back by using relative scoring - where your scores are calculated not
absolutely, but relative to 

RE: AUX Port dial in [7:69994]

[Daniel Cotts]

Cisco has sample configs. You have to look. It is a skill that is necessary
to learn.
pad
http://www.cisco.com/warp/public/471/mod-aux-exec.html

 -Original Message-
 From: Shane Stockman [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, June 04, 2003 11:41 PM
 To: [EMAIL PROTECTED]
 Subject: AUX Port dial in [7:69994]
 
 
 I have a Windows PC and would like to telnet into a remote 
 router via the 
 AUX port using a modem on it.Does anyone have any sample 
 configs for the 
 router.
 
 PC--modem---modem--Router (AUX Port)
 
 Thanks
 
 _
 Wazup? Find out by joining SA Teens -  
 http://groups.msn.com/SAteens/ 
 MSN's hottest South African Group




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70324t=69994
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[n rf]

Man, 



I never see a job post specify that certain CCIE number is prefer. 
 

I have, many times.  For example, just check out the archives at
groupstudy.jobs.


Why did you even bother to ask this question in the beginning, if you
think
the value of CCIE title has drop. 
 

Huh?  I didn't ask anything.  What are you talking about? 


I think is fair to say, after you finished it than you will know what it 
take. 
 

Believe me, I know what it takes.  See below. 


Please take the CCIE lab exam before you make any common on this subject. 
 

You are assuming that I have never taken the lab.  What if I told you I
have.  So now, according to your rules, I now have the right to say anything
I want, right?


Of course the # mean a lot but the learning process was even more
important.
In fact, one consultant company just hires two new CCIE recently with 140K 
salaries per year. They both study at the same school that I went. 
 

And by the same token check out all the CCIE's who haven't found a a job for
a very long time.  Don't believe me?  Again, go to groupstudy.jobs.  Or
alt.certification.cisco.  Or forums.cisco.com.  Or any other place where
CCIE's tend to congregate and you can read the stories of CCIE's desperate
to find work.




This studygroup is a very valuable resource to us and everybody is working 
really hard to his or her dream. I will suggest that if you are scare
about
the increasing number of CCIE, please leave and seeking another valuable 
certification for yourself. 
 

I'm not scared about anything.  I would ask whether you're scared that
perhaps your high-number CCIE may not be particularly valuable.

But is that my fault?  Did I cause the high-number to be less valuable?  I'm
just saying that it is less valuable, but I did not make that happen.  You
don't like what I'm saying, take it up with the entity that is responsible -
take it up with Cisco itself.  Ask Cisco why they changed the test from 2
days to 1.  Ask Cisco why they let braindumps proliferate.  Ask Cisco why
they got rid of the troubleshooting section of the test.  Ask Cisco why they
just let people come back every month and take the test over and over again
until they finally pass.  All these things hurt the integrity of the
program.  But none of them are my fault - they're Cisco's fault.

Look, the facts are clear.  The CCIE has declined in quality.  This is why
you have some recruiters giving preference to low-number CCIE's.  But nobody
is giving preference to high-number CCIE's.  Why is that?  Ask yourself why
is it only one-way?  It is inescapably  because of the drop in quality of
the program.  But now ask yourself whose fault is that?  It's certainly not
my fault - I'm not responsible for keeping the quality of the program high. 
It's Cisco's fault.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70313t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: number of CCIE [7:70151]

[garrett allen]

yawn.




- Original Message -
From: n rf 
Date: Saturday, June 7, 2003 12:09 pm
Subject: Re: RE: number of CCIE [7:70151]

 garrett allen wrote:
  
  you make an a priori argument that lower is better.  is a lower
  number
  cpa better than a higher numbered one?  
 
 You got me wrong.  I didn't say that lower is better at all times. 
 Read my
 entire post again.
 
 I said that more rigorous equates to prestige.  This is why I 
 included my
 example of what would happen if Cisco decided to change the CCIE 
 exam to
 become extremely rigorous - then eventually people would prize 
 high-number
 CCIE's who passed the more rigorous version.  The fact is, 
 prestige follows
 rigor.  If something is more rigorous, then it becomes rigorous 
 and vice
 versa.  This is why graduating from MIT is more prestigious than 
 graduatingfrom Podunk Community College.  But the fact is, the 
 CCIE on the whole has
 probably gotten more rigorous (i.e. chopping the test from 2 days 
 to 1,
 eliminating the dedicated troubleshooting section, more
 bootcamps/braindumps, more cheating, etc. etc.) which is why it 
 has become
 less prestigious.
 
 
 actually, probably the
  inverse
  is true as the more recent the certification the more recent
  the
  material covered.  this is balanced against with age comes 
  opportunities and experiences.
 
 Unfortunately, the free market disagrees with you.  The fact is, a 
 growingnumber of recruiters, headhunters, and HR people are 
 starting to give
 preference to lower-number CCIE's.  Go check out the 
 groupstudy.jobs forum. 
 Yet I have never heard of any recruiter giving preference to 
 higher-number
 CCIE.  It's always one-way, and that's my point.
 
 
  
  threads like this are like discussing the maximum number of
  angels
  dancing on the head of a pin.  i vote we kill the thread before
  it
  spawn.
  
  later.
  
  
  
  
  
  - Original Message -
  From: n rf 
  Date: Thursday, June 5, 2003 5:16 pm
  Subject: RE: number of CCIE [7:70151]
  
   Well, there are still less than 10,000 CCIE's.  So the
  population
   hasn'taccelerated THAT dramatically.
   
   Having said that, I will say that the CCIE has most likely
  gotten
  less
   rigorous and therefore less valuable over time.  I know this
  is
   going to
   greatly annoy some people when I say this, but the truth is,
  the
   averagequality of the later (read: high-number) CCIE's is
  probably
   lower than the
   average quality of the higher (read: lower-number) CCIE's.
   
   Before any of you high-number CCIE's decides to flame me, ask 
   yourself if
   you were given the opportunity to trade your number for a
  lower
   number,would you do it?  For example, if you are CCIE #11,000
  and
   you could trade
   that number for CCIE #1100, would you take it?  Be honest
  with
   yourself. 
   I'm sure you would concede that you would.  By the same token
  we
   also know
   that no low-number CCIE would willingly trade his number for
  a
   higher one. 
   The movement is therefore all one-way.  If all CCIE's were 
   really created
   equal then nobody would really care one way or another which 
   number they
   had. Therefore the CCIE community realizes that all CCIE's
  are not
   createdequal and that intuitively that the lower number is
  more
   desirable and the
   higher number is less desirable (otherwise, why does
  everybody
   want a lower
   number?).  Simply put, the test is not as rigorous as it was
  in
   the past,
   which is why lower numbers are preferred.
   
   Or, I'll put it to you another way.  Let's say that starting
  at
   #12,000Cisco makes the test ridiculously hard, putting in all 
   kinds of funky
   technologies, and making the pass rate less than 1% or some
  other
   god-awful
   number.  What would happen?  Simple.  Word would get around
  that
   the new
   CCIE was super-rigorous and therefore very prestigious to
  pass.
   Eventually,numbers greater than #12000 would be coveted, and 
   everybody would want to
   trade in their number for one greater than #12000. 
  Recruiters and
   HR people
   would start giving preference to CCIE's with numbers greater
  than
   #12000. 
   The point is that when rigor increases, prestige and
  desirability
   tends to
   follow.  When rigor declines, so does prestige and
  desirability.
   
   
   And what is the cause of this decline in rigor?  Well, you
  alluded to
   several factors.  While it is still rather controversial
  exactly
   how the
   switch from 2 days to 1 day impacted the program, it is
  widely
   conceded that
   it probably didn't help.  Nor does having all these
  braindumps all
   over the
   Internet, and not just for the written, but the lab as well. 
  The
   CCIE has
   certain arcane logistical rules that people have figured out
  how
   to 'game' -
   for example, for example, some people who live near test
  sites
   just attempt
   the lab every month over and over again.  Finally, there is
  

RE: number of CCIE [7:70151]

[n rf]

Howard C. Berkowitz wrote:
 
 I commend people to remember the tale of the Emperor's New
 Clothes here.
 
 It utterly confounds me that people are focusing on the CCIE
 number
 as the discriminator for a hiring decision, lower being
 better.

I'm just telling you what I've seen. I think anybody who's been looking for
work lately knows that this is happening.  Whether they agree with it or not
is besides the point.  It's happening.

 
 Lower means that one obtained the certification earlier. 
 Presumably,
 since the number was obtained, the individual has been
 working.  This
 can mean that the lower-numbered candidate can present a solid
 track
 record of CCIE-level work experience to an employer, while the 
 higher-numbered candidate simply may not have the experience.

Which is why I provided the thought exercise of people trading their
number.  I didn't talk about people trading their experience level - just
their number.  For example, I'm fairly sure that CCIE #1100 will never
willingly trade his number for #11,000.  But why not - his experience level
will stay the same.  It's because that everybody realizes that there is a,
dare I say it, a stigma attached to higher numbers - particularly to those
guys who passed after the test was changed from 2 days to 1.

The fact is, everybody wants to have the lowest number they can get, all
other things being equal, and the inescapable reason behind this is that the
test has declined in overall quality with time.  For example, like I said,
the change from 2 days to 1 was probably not a good thing.  So was the loss
of the dedicated troubleshooting section which was the one truly realistic
part of the old exam.  The proliferation of super-specialized bootcamps that
are geared not to making a person a better overall engineer but geared
strictly to help people pass the test and nothing more.  Things like that
have all chipped away at the rigor of the program.

Now, let me point out this.  It's not the fault of the recent CCIE's that
things are like this.  They're not the ones who are causing this decline. 
And it's certainly not my fault - I didn't cause this decline, so why are
people jumping down my throat?  You don't like it? Take it up with the
entity that's responsible.   The entity responsible is Cisco itself.  It is
Cisco that changed the test from 2 days to 1.  It is Cisco that removed the
troubleshooting section.


 
 I've never regarded certification, in any field, as more than
 an
 entry point.  Let's put it this way -- when I had to have
 open-heart
 surgery, I could have chosen among several board-certified
 surgeons.
 The most important factors, however, were how many procedures
 they
 had done, and, even more importantly, how frequently they do
 them.
 Surgical statistics show, without question, that part-time
 cardiac
 surgeons and their teams do not have the good results of
 someone that
 does such procedures constantly.

Let me put it to you this way, Howard.  There have been quite a few rather
emotional responses in this thread.  So, rightly or wrongly, a lot of people
seem to regard this particular certification as certainly a lot more than an
entry point.   If the CCIE wasn't a big deal, then nobody would really care
that I'm pointing out problems with it.  Therefore obviously some people
believe that the stakes are high.

 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70312t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[Carlil Gibran]

Perfect!


- Original Message -
From: philip 
To: 
Sent: Saturday, June 07, 2003 1:05 PM
Subject: Re: number of CCIE [7:70151]


 Man,



 I never see a job post specify that certain CCIE number is prefer.

 Why did you even bother to ask this question in the beginning, if you
think
 the value of CCIE title has drop.

 I think is fair to say, after you finished it than you will know what it
 take.

 Please take the CCIE lab exam before you make any common on this subject.

 Of course the # mean a lot but the learning process was even more
important.
 In fact, one consultant company just hires two new CCIE recently with 140K
 salaries per year. They both study at the same school that I went.



 This studygroup is a very valuable resource to us and everybody is working
 really hard to his or her dream. I will suggest that if you are scare
about
 the increasing number of CCIE, please leave and seeking another valuable
 certification for yourself.



 Just my 2-cent.


 - Original Message -
 From: n rf
 To:
 Sent: Thursday, June 05, 2003 5:16 PM
 Subject: RE: number of CCIE [7:70151]


  Well, there are still less than 10,000 CCIE's.  So the population hasn't
  accelerated THAT dramatically.
 
  Having said that, I will say that the CCIE has most likely gotten less
  rigorous and therefore less valuable over time.  I know this is going to
  greatly annoy some people when I say this, but the truth is, the average
  quality of the later (read: high-number) CCIE's is probably lower than
the
  average quality of the higher (read: lower-number) CCIE's.
 
  Before any of you high-number CCIE's decides to flame me, ask yourself
if
  you were given the opportunity to trade your number for a lower number,
  would you do it?  For example, if you are CCIE #11,000 and you could
trade
  that number for CCIE #1100, would you take it?  Be honest with yourself.
  I'm sure you would concede that you would.  By the same token we also
know
  that no low-number CCIE would willingly trade his number for a higher
one.
  The movement is therefore all one-way.  If all CCIE's were really
 created
  equal then nobody would really care one way or another which number
they
  had. Therefore the CCIE community realizes that all CCIE's are not
created
  equal and that intuitively that the lower number is more desirable and
the
  higher number is less desirable (otherwise, why does everybody want a
 lower
  number?).  Simply put, the test is not as rigorous as it was in the
past,
  which is why lower numbers are preferred.
 
  Or, I'll put it to you another way.  Let's say that starting at #12,000
  Cisco makes the test ridiculously hard, putting in all kinds of funky
  technologies, and making the pass rate less than 1% or some other
 god-awful
  number.  What would happen?  Simple.  Word would get around that the
new
  CCIE was super-rigorous and therefore very prestigious to pass.
 Eventually,
  numbers greater than #12000 would be coveted, and everybody would want
to
  trade in their number for one greater than #12000.  Recruiters and HR
 people
  would start giving preference to CCIE's with numbers greater than
#12000.
  The point is that when rigor increases, prestige and desirability tends
to
  follow.  When rigor declines, so does prestige and desirability.
 
 
  And what is the cause of this decline in rigor?  Well, you alluded to
  several factors.  While it is still rather controversial exactly how the
  switch from 2 days to 1 day impacted the program, it is widely conceded
 that
  it probably didn't help.  Nor does having all these braindumps all over
 the
  Internet, and not just for the written, but the lab as well.  The CCIE
has
  certain arcane logistical rules that people have figured out how to
 'game' -
  for example, for example, some people who live near test sites just
 attempt
  the lab every month over and over again.  Finally, there is the
consensus
  that the CCIE program has simply not kept up with the growing amount of
  study material, bootcamps, lab-guides, and so forth.  We all know
there's
 an
  entire cottage industry devoted just to helping people to pass the lab,
 and
  while there's nothing wrong with that per se, it does mean that Cisco
 needs
  to keep pace to maintain test rigor.  To offer a parallel situation,
when
  the MCSE bootcamps started to proliferate, the value of the MCSE
plummeted
  because Microsoft did not properly maintain the rigor of the cert.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70314t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: religious wars [7:70274]

[Dom]

Sur le pont d'Avignon
On y danse, on y danse
Sur le pont d'Avignon
On y danse, tous en rond
Les jeunes filles font comme ci
Les garcons font comme ca
Sur le pont d'Avignon
On y danse, on y danse
Sur le pont d'Avignon
On y danse, tous en rond
Les poupees font comme ce
Les soldats font comme ca
Sur le pont d'Avignon
On y danse, on y danse
Sur le pont d'Avignon
On the bridge of Avignon
On y danse, tous en rond
Les grenouilles font comme ci
Les gorilles font comme ca
Sur le pont d'Avignon
Sur le pont d'Avignon
On y danse, tous en rond

Cheese munching surrender monkeys!

Best regards,

Dom Stocqueler
Zoo Keeper (Small Mammals) - SysDom Technologies


P.S. I like NetBSD!

===
IMPORTANT: This email is intended for the use of the individual
addressee(s)named above and may contain information that is confidential
privileged or unsuitable for overly sensitive persons with low
self-esteem, no sense of humour or irrational religious beliefs. If you
are not the
intended recipient, any dissemination, distribution or copying of this
email
is not authorised (either explicitly or implicitly) and constitutes
an irritating social faux pas. Unless the word absquatulation has been
used in its correct context somewhere other than in this warning, it
does not
have any legal or grammatical use and may be ignored. No animals were
harmed in the transmission of this email, although the poodle next door
is living on borrowed time, let me tell you. Those of you with an
overwhelming fear of the unknown will be gratified to learn that there
is
no hidden message revealed by reading this warning backwards, so just
ignore that
Alert Notice from Microsoft. However, by pouring a complete circle of
salt around yourself and your computer you can ensure that no harm
befalls
you and your pets. If you have received this email in error,
please add some nutmeg and egg whites and place it in a warm oven for 40
minutes. Whisk briefly and let it stand for 2 hours before icing.
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
The Road Goes Ever On
Sent: 08 June 2003 02:12
To: [EMAIL PROTECTED]
Subject: Re: religious wars [7:70274]


Howard C. Berkowitz  wrote in message
news:[EMAIL PROTECTED]
 At 7:33 PM + 6/7/03, Sam Sneed wrote:
 Since when is FreeBSD a flavor of Linux??? Would you say Solaris is a
flavor
 of Linux as well???
 
 All *nix's are not the same.

 In other words, we don't just have wars between major religions; it 
 goes down to the level of denomination and schism, to say nothing of 
 legitimacy. Shades of Popes and Anti-Popes...

 Someone from Avignon really should post in this thread. :-)

Preferably somebody named Boniface?


 
 
 Black Jack  wrote in message 
 news:[EMAIL PROTECTED]
   Old timers will remember Mac vs DOS/Windows. Or UNIX vs DOS. Or 
  Beta
vs
 VHS.
   More recent is Linux vs FreeBSD, or one flavor of Linux 
  distribution
vs
   another. (See http://ars.userfriendly.org/cartoons/?id=19990301 
  for
 example.
   By the way, if you are not familiar with www.userfriendly.org, you
gotta
   check it out. Funniest geek-oriented comic strip this side of 
  dilbert)
 
   Anyway, try asking network types what their favorite TFTP server 
  is...
then step back!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70325t=70274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]