RE: IOS version [7:71225]
Hi, It looks like the IOS has given you the answer: Command rejected: One or more ports is already configured as a trunk port. And the documentation confirms that you cannot configure multi-VLAN and trunk ports on the same 2900XL/3500XL switch. See: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/scg /swvlan.htm#xtocid42 Regards, Jonathan Hays -Original Message- From: milind tare [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: IOS version [7:71225] Hi Jhays, IT-3548-2#conf t Enter configuration commands, one per line. End with CNTL/Z. IT-3548-2(config)#int fa0/22 IT-3548-2(config-if)#swi IT-3548-2(config-if)#switchport mu IT-3548-2(config-if)#switchport mod IT-3548-2(config-if)#switchport mode mu IT-3548-2(config-if)#switchport mode multi ? IT-3548-2(config-if)#switchport mode multi Command rejected: One or more ports is already configured as a trunk port. IT-3548-2(config-if)#swit IT-3548-2(config-if)#switchport mu IT-3548-2(config-if)#switchport multi vl IT-3548-2(config-if)#switchport multi vlan add IT-3548-2(config-if)#switchport multi vlan add 2,4 i hv tried like this but still it is not working. and my IOS version IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWA RE (fc1) so pls give me suggestion. Thanks warm Regards, Milind Tare --- Jonathan V Hays wrote: milind tare wrote: Dear All, I have 3500 series switches in my network. i want to configure multiple vlan for some ports. right now i am using following IOS IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWA RE (fc1) i tried the command switchport multi vl but it is not working in that. so pleas give me suggestion. shall upgrade the IOS.? i hv 3512,3524,3548 switches in my network Thanks Regards, Milind Tare Please post a snapshot of your terminal session. Are you in interface mode when you enter the command? Switch(config)# int fa0/1 Switch(config-if)# switchport multi vlan 2,4 __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71327t=71225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS version [7:71225]
Hi jon, Thanks for reply. I can show this link to my boss. Thanks Warms Regards, Milind Tare --- Jonathan V Hays wrote: Hi, It looks like the IOS has given you the answer: Command rejected: One or more ports is already configured as a trunk port. And the documentation confirms that you cannot configure multi-VLAN and trunk ports on the same 2900XL/3500XL switch. See: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/scg /swvlan.htm#xtocid42 Regards, Jonathan Hays -Original Message- From: milind tare [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: IOS version [7:71225] Hi Jhays, IT-3548-2#conf t Enter configuration commands, one per line. End with CNTL/Z. IT-3548-2(config)#int fa0/22 IT-3548-2(config-if)#swi IT-3548-2(config-if)#switchport mu IT-3548-2(config-if)#switchport mod IT-3548-2(config-if)#switchport mode mu IT-3548-2(config-if)#switchport mode multi ? IT-3548-2(config-if)#switchport mode multi Command rejected: One or more ports is already configured as a trunk port. IT-3548-2(config-if)#swit IT-3548-2(config-if)#switchport mu IT-3548-2(config-if)#switchport multi vl IT-3548-2(config-if)#switchport multi vlan add IT-3548-2(config-if)#switchport multi vlan add 2,4 i hv tried like this but still it is not working. and my IOS version IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWA RE (fc1) so pls give me suggestion. Thanks warm Regards, Milind Tare --- Jonathan V Hays wrote: milind tare wrote: Dear All, I have 3500 series switches in my network. i want to configure multiple vlan for some ports. right now i am using following IOS IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWA RE (fc1) i tried the command switchport multi vl but it is not working in that. so pleas give me suggestion. shall upgrade the IOS.? i hv 3512,3524,3548 switches in my network Thanks Regards, Milind Tare Please post a snapshot of your terminal session. Are you in interface mode when you enter the command? Switch(config)# int fa0/1 Switch(config-if)# switchport multi vlan 2,4 __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71328t=71225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how about ccie salary in US? [7:71143]
dear n rf, area you still in networking business, and are you a CCIE? Just curious :) Xy - Original Message - From: n rf To: Sent: Tuesday, June 24, 2003 4:46 PM Subject: RE: how about ccie salary in US? [7:71143] douglas mizell wrote: not. I honestly cannot comment on the job market at home except to say it sounds dismal, if there really are CCIE's out there fighting over $35K jobs than to hell with this whole idea, open a taco stand. Which is why a growing number of them are leaving the industry. Without naming names (I want to respect their privacy), I can now count in double figures the number of CCIE's who have left the field for othe work. Some have gone back to being UNIX admins, which is what they had been doing before they got into networks. Some are in graduate school. Some have finished graduate school and are in entirely different fields - strategy consulting, Wall Street, etc. I know one who became a real-estate agent. Invariably they all say the same thing, which is that while networks are interesting, they gotta do what they gotta do to pay the bills, and if networks aren't going to butter their bread, they have to find something that will. And in some cases, they butter their bread with Lurpak. The guy who's a real-estate agent now makes several times more than he ever made as a network guy even during the dotcom boom. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71329t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
True, fairness is a must. CCIEs without much experience are rare in the field percentage-wise in comparison, as no-nothing frat boys who drank through college are aplenty. These chaps sure played good paintball, but they were not good techs. CCIEs with some experience are considered to have college equivalent experience and training as it pertains to technical know-how, knowledge that has proven to be crucial in the survival of a few companies that I have worked in. The companies did not care very much whether the CCIE had any soft skills when it came time to salvage a disaster of a network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Tuesday, June 24, 2003 7:59 PM To: [EMAIL PROTECTED] Subject: RE: how about ccie salary in US? [7:71143] Jack Nalbandian wrote: That is anecdotal nonsense. Any major corporation in need of real techs and that has a Cisco infrastructure will certainly consider CCIEs very seriously, yes even above so-called CS degree holders without much experience, for technical lead positions. I can bring examples that are not merely anecdotal. At the risk of restarting a war, that's a bit unfair, don't you think? You're saying that a CCIE (with experience, although you left that part unstated) will be considered above a degree-holder without experience for a lead position. I think it's more fair to say that nobody without experience will ever be considered for a lead position, regardless of other qualifications. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71331t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FR Backup Over ISDN [7:71332]
Hi Group, This is pertaining to FR Backup over ISDN http://www.cisco.com/warp/customer/125/12.html#topic21 It may not help much to back up the main interface because you could lose permanent virtual circuits (PVCs) without the main interface going down. Remember, the protocol is being exchanged with the local Frame Relay switch, not the remote router. I quote this from the aforesaid Cisco link. Can somebody explain as to why it doesn't help much to back up the main interface and how does it lead to the loss of PVCs without the main interface going down. ?? Regards, Srivathsan A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71332t=71332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windowing [7:71333]
Hi, This might have something to do with the protocol design . I was wondering whether all the connection-oriented / reliable protocols use Windowing . Can the group add elaborate on this please..? TIA Srivathsan A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71333t=71333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS Switches... [7:71292]
I have a couple in production and ssl sticky does indeed work !! Herlocker, Tim wrote: Hi, Just wondering if anybody has worked with the CSS 11000 switches at all. We are looking at purchasing one or two but would like to make sure SSL sticky works on them first Thanks in advance! - Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71335t=71292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FR Backup Over ISDN [7:71332]
Breif example... Your local T1 ciruit to your carrier is Up Up but.. when you do a sh frame-relay pvc your DLCI shows INACTIVE. Hence why the ISDN backup interface command does not take effect since the interface is still up.. even though your frame-relay is not working. This can be caused to certain instability within the cloud.. and not to your local CO's frame-switch... LMI's will exchange every 10 sec from your router to the Frame-Switch and provide a Full PVC status every 60 sec. HTH, Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71334t=71332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch cluster managment problem. [7:71336]
Hi all, We have a 3550-12T which is connected to 3 2950G-48-EI's via the GBIC ports. When I access the cluster managment software on the 3550 is shows the 2950s as unknown devices, if I access the CMS on one of the 2950s it shows me the correct switch (but only the one) and I'm able to manage it. Is there anyway I can get the CMS on the 3550 to pick up the model of the switches it's connected to correctly. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71336t=71336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
Jack Nalbandian wrote: CCIEs with some experience are considered to have college equivalent experience and training as it pertains to technical know-how, knowledge that has proven to be crucial in the survival of a few companies that I have worked in. The companies did not care very much whether the CCIE had any soft skills when it came time to salvage a disaster of a network. But then what are we really talking about here - is it the CCIE or is it the experience that matters? I think we both agree that a CCIE with no experience - the prototype lab-rat- is not one to be trusted with running a live network until and unless that lab-rat gets experience. A much more fair comparison would be the CCIE with some experience vs. the college graduate with equal experience. And I would wonder whether there really are enough network disasters around that one could really make a reliable living off them merely with strong technical skills but no soft-skills. I would contend probably not. The fact is, if nobody in the company likes you, then you either better be an absolutely awesome firefighter, or you're going to get canned. Companies these days simply don't have a lot of room anymore for guys who may be technically brilliant but socially inept. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71338t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FR Backup Over ISDN [7:71332]
you need to configure dialer watch for this to work correctly. -Original Message- From: Salvatore De Luca [mailto:[EMAIL PROTECTED] Sent: 25 June 2003 09:42 To: [EMAIL PROTECTED] Subject: RE: FR Backup Over ISDN [7:71332] Breif example... Your local T1 ciruit to your carrier is Up Up but.. when you do a sh frame-relay pvc your DLCI shows INACTIVE. Hence why the ISDN backup interface command does not take effect since the interface is still up.. even though your frame-relay is not working. This can be caused to certain instability within the cloud.. and not to your local CO's frame-switch... LMI's will exchange every 10 sec from your router to the Frame-Switch and provide a Full PVC status every 60 sec. HTH, Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71339t=71332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
6509 MSFC [7:71340]
I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71340t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Technology, Certification, Skill Sets, and Loo [7:70953]
Mark E. Hayes wrote: Ok Sen. McCarthy, Your response is Bolshevik, get it? ;) All I'm talking about is taking care of people who took care of you. As an employee I have an obligation to do x amount of work. I always do more than that, it's a pride thing. I want the business I work for to prosper. What is wrong with showing an employee like that some loyalty. Hey, if the employer wants to do that, there is nothing wrong at all. What's 'wrong' is that you apparently expect them to do so. The employer is obligated to compensate you for your time according to whatever employment agreement you arranged when you were hired, nothing more, nothing less. If you want to altruistically give time and effort above and beyond what is necessary, that's your prerogative, but the employer is not obligated to reward you for it, and if you're truly being altruistic, then you shouldn't have anything to complain about, because altruism means to do something without any expectation of recompense. Now, if you're not being altruistic and you are willing to do extraordinary work but because you expect a reward for it, then you should play Let's Make a Deal. Tell your employer that you're willing to do this-and-that task but only for such-and-such an increase in compensation or a similar arrangement.But if you don't do that, you can't complain ex-post-facto. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71342t=70953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
crypto maps and IPSEC tunnels [7:71341]
Hi I have just setup a IPSEC tunnel between to routers and tunneling a source address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything works with the current configs given below. But I want to change the acl 101 on router B from using a class A mask to something like a class C mask or even a host address. I have changed the ACL 101 and even added a deny ip any any log to the end to see what is being dropped. The VPN tunnel doesnt come up unless I use a class A mask like showen below. I know this is an ACL but is being used for matching traffic, do they work differently and dont support host address ?? Thanks Ian Here is the config of router A ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key cisco address 10.10.10.10 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.10 set transform-set TEST match address 101 access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 Here is the config router B crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key password address 10.10.10.20 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.20 set transform-set TEST match address 101 access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 access-list 101 permit ip host 10.10.10.10 host 10.10.10.20 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71341t=71341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RFCs [7:71276]
Thank you all !!! I really appreciated. Annlee, I meant major which relate to the important ones for the ccie written. -rbx10 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71344t=71276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCDA Study material [7:71111]
Group, To answer the question regarding Knowledgenet from thread below...I've recently purchased a few courses from Knowledgenet - cvoice, dqos and evodd. It's basically 6 weeks of self/web-based study with hands on lab scenarios and sample exam questions for each class. My first course was cvoice. I went through the coursework just about everyday for six weeks. At the end of the six weeks I sat the cvoice exam and passed - the only material used was from knowledgenet and the cisco website - a little hand-on experience helped as well. I'm in the process of sitting the exam for dqos - this upcoming Friday... Robert -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:33 PM To: [EMAIL PROTECTED] Subject: RE: CCDA Study material [7:7] CiscoNewbie wrote: Great write up. Thanks. So what is the current exam number? 640-861 DESGN Is it just one exam that I have to take? Yes, It's just one exam to get CCDA. Lots of exams to get CCDP. Do you know what the new exam number will be or is? I think it's the same answer as the one above. It just came out but I don't think you can still take the old one, as I implied before. Cisco shouldn't change the exam for a while. It took them years to do the development on this class and test. And they did a great job, from what I can tell. I was looking at taking the following course, what do you think: http://www.knowledgenet.com/courselibrary/cisco/courses/desgn_pf.jsp An advantage to taking the class is that you will get the 1,000s of pages that Cisco wrote for the course manual. I don't know much about Knowledgenet. It appears to not be a real, carbon-based classroom where you go in person to the site and can easily interract with the instructor and other people taking the class, which is a major benefit in a design class. In fact, the exercises for DESGN are designed to be done with a team. Can you do that with this Web-based training? It's possible that they do a good job with their Web-based training and simulate the real world well. I just don't know. Cisco recommends that DESGN be taught with a simulator that will let you do some design tasks. They recommend OPNET. Does Knowledgenet let you use OPNET? I would ask a few questions before shelling out a lot of money for the Knowlegenet course. Has anyone else here on GroupStudy used them? If you do use them, let us know how it goes. Thanks and good luck with your CCDA. Priscilla Thank you! --- Priscilla Oppenheimer wrote: CiscoNewbie wrote: Hi all. I am going up for my CCDA cert and would like to know what are the recommended books and material to study with? Nothing is out yet for the new version of the test, as far as I know. Your best bet would be to take the instructor-led class, if you can afford it. With a good instructor, I think DESGN could be a really great class. It's got tons of meat now, much more than before. It has a big focus on systems analysis as it is taught at universities, as a real discipline, not just a bunch of hand-waving. The class also has a huge scope, covering almost everything you ever wanted to know related to campus and enterprise networks, from business (which they call social or organizational) goals, technical goals, topologies, architectures, modular design, addressing (including IPv6), routing, voice, network management, and security. One focus is on the SAFE architecture, so look that up on Cisco's site and learn it. There's also some AVVID stuff Many of the course modules are partially based on my book Top-Down Network Design. Many of the modules say that Top-Down Network Design is recommended reading. Top-Down Network Design doesn't cover some newer topics, though, such as SAFE and AVVID, although it did cover voice in a limited fashion, since Cisco has been harping on that for years now. DESGN covers voice in gory detail, however. It seems to have all of the old CVOICE course in it. Each module in DESGN has many chapters, each of which is literally hundreds of pages long. The person turning it into a book (not me unfortunately) is going to have a heyday. :-) I haven't taken the new test, but if it really tests all that's in the course, it's going to be one of the hardest tests out there (and that's a good thing. It's about time design got some respect. :-) Anyway, bottom line: if you can take the older version of the test, then there's lots of study materials. If you have to take the newer version, then you should take the instructor-led DESGN class or wait a few months for study material. Priscilla Thanks. - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! [EMAIL PROTECTED] __ Do you Yahoo!? SBC
Re: 6509 MSFC [7:71340]
You can 'session' to the MSFC without previously configuring anything (like IP address) on it, right? So it can't be telnet... :) Thanks, Zsombor At 12:22 PM 6/25/2003 +, Dave C. wrote: I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71345t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
Zsombor Papp wrote: At 10:21 PM 6/24/2003 +, MADMAN wrote: The spokes only connect via the hub if you don't have a PVC between the spokes. It doesn't matter if your uni or bi, You can actually buy unidirectional PVC service? What do people do with that? Curious, Zsombor No you can't buy unidirectional, at least I have never heard of any such thing and we have over 100,000 frame ports in service. I made that comment based on the posters use of the terms, I didn't try to imply they existed. Dave you have 2 DLCI's per PVC, one on each end. In our frame network we using local addressing of DLCI's, DLCI 16 could be on both ends of a PVC. Some carries use what is called global which I think you may be refering to. The users don't have control of the DLCI numbering if connecting to the public frame network but can request DLCI's which we can usually accomodate. I have no idea what a forward and return DLCI is!?! Dave annlee wrote: Even if it is switched from spoke-to-spoke, at Layer 1 the spokes connect via the hub. And to do anything with the traffic, Layer 2 must be consulted -- which gives us Priscilla's DLCI switching table. And, unless the traffic is unidirectional, you will need DLCIs for the opposite direction, as well. I don't know Cisco FR that well, but in at least some vendors' FR implementations, the return DLCIs do not have to have the same numbers as the forward ones. That actually enables you to number according to a pattern which indicates connectionality. And it also makes the DLCI switching table twice the size that Priscilla showed. Annlee Larry Letterman wrote in message news:[EMAIL PROTECTED] My opinion is that it will go to the hub site since it's a point to point network.. If the hub were to be a multi-point connection to the spokes, which would be one network, Then the traffic could be switched from spoke to spoke... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Ajello Sent: Tuesday, June 24, 2003 10:06 AM To: [EMAIL PROTECTED] Subject: FR concept question [7:71263] This is probably a very simple concept question, but I've asked a couple people and haven't gotten a solid answer. If I've got two frame relay spoke sites connected point to point with a hub site and a server in one spoke site copies a file to a server in the other spoke site, does all the traffic pass through the hub site, or is it switched within the frame cloud? I guess what I'm wondering is does a frame cloud act somewhat like a lan, where initially packets will go through the default gateway and be routed and then the following packets will be switched? thanks. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71346t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP on 1720 ? [7:70960]
Everybody - thank you. Sorry for this late answer, got stuck with a problem in a remote site for some time. From what you said I'd think one provider is planning to give us a full BGP feed (but doesn't charge very much), while the other requires a smaller router because they want to filter most routes and charge a lot, I suppose for the (supposed?) continuous tweaking of the routes (what else?). I *assume* (we all know what that means) they think about using a small router at our site, just for redundancy and link switching in case one ISP does lose connectivity, but really won't use BGP at our site for the best path selection a lot. This could make sense if both ISP are connected to the rest of internet through the same node at some point, so there wouldn't be any big difference in using one path or the other except for connections to those ISPs itself. However I think although all local ISP do have a interconnection at a node named MIX-IT (Milan, Italy) these major ones all have different long range carriers (to the rest of Europe, to USA and some parts of ASIA if I remember correctly), so I'm still convinced something somewhere stinks, a strategy of that kind would be at best suboptimal. Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax -Original Message- From: - jvd [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 9:50 PM To: [EMAIL PROTECTED] Subject: RE: BGP on 1720 ? [7:70960] Hi, Just a few thoughts: 1. You can use something small like a 1720 to run BGP but the trick here is to filter all/some routes that you are receiving. The current recommendation from Cisco is 128MB for full BGP routing tables (I think the tables stand on 110 000 routes now). The second part would be to advertise your registered range to your two ISPs. 2. If you want to run full BGP tables you will need a router with more punch than the 1720. I did a proposal once with a 2650XM and the 2691 is also a good option. Next in line would be your 3640. Of course all of these models will need at least 128MB DRAM. As I say, just a few thoughts on a lazy Friday afternoon. Cheers, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71350t=70960 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR Backup Over ISDN [7:71332]
Yes you are correct that backing up the main interface will not help if the remote side of the frame connection goes down, you will still be up up to your local switch. since I think 10.2 or 3 you can backup the subinterface, it recognizes the PVC being down and will initiate you backup though I prefer triggering backups on loss of routes personally. Dave Srivathsan Ananthachari wrote: Hi Group, This is pertaining to FR Backup over ISDN http://www.cisco.com/warp/customer/125/12.html#topic21 It may not help much to back up the main interface because you could lose permanent virtual circuits (PVCs) without the main interface going down. Remember, the protocol is being exchanged with the local Frame Relay switch, not the remote router. I quote this from the aforesaid Cisco link. Can somebody explain as to why it doesn't help much to back up the main interface and how does it lead to the loss of PVCs without the main interface going down. ?? Regards, Srivathsan A -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71347t=71332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCDA Study material [7:71111]
I recently used the knowledgenet BSCI course. I used it as a supplement to my studying and not my main source. it was very good in explaining the technology and hands on labs just not sure that it covered all of the details needed to pass the exam. I signed up for the exam at www.computer.org this is the IEEE site. If you join as a member of IEEE $100.00 US fee/yr you get access to the courses that they have available. I paid $44.00 only since it is prorated over the year. I did BSCI they also have Advanced Cisco wireless and other tech courses. It is a very cheap resource for studying $44.00 all you can study not bad. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lopez, Robert Sent: Wednesday, June 25, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: CCDA Study material [7:7] Group, To answer the question regarding Knowledgenet from thread below...I've recently purchased a few courses from Knowledgenet - cvoice, dqos and evodd. It's basically 6 weeks of self/web-based study with hands on lab scenarios and sample exam questions for each class. My first course was cvoice. I went through the coursework just about everyday for six weeks. At the end of the six weeks I sat the cvoice exam and passed - the only material used was from knowledgenet and the cisco website - a little hand-on experience helped as well. I'm in the process of sitting the exam for dqos - this upcoming Friday... Robert -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:33 PM To: [EMAIL PROTECTED] Subject: RE: CCDA Study material [7:7] CiscoNewbie wrote: Great write up. Thanks. So what is the current exam number? 640-861 DESGN Is it just one exam that I have to take? Yes, It's just one exam to get CCDA. Lots of exams to get CCDP. Do you know what the new exam number will be or is? I think it's the same answer as the one above. It just came out but I don't think you can still take the old one, as I implied before. Cisco shouldn't change the exam for a while. It took them years to do the development on this class and test. And they did a great job, from what I can tell. I was looking at taking the following course, what do you think: http://www.knowledgenet.com/courselibrary/cisco/courses/desgn_pf.jsp An advantage to taking the class is that you will get the 1,000s of pages that Cisco wrote for the course manual. I don't know much about Knowledgenet. It appears to not be a real, carbon-based classroom where you go in person to the site and can easily interract with the instructor and other people taking the class, which is a major benefit in a design class. In fact, the exercises for DESGN are designed to be done with a team. Can you do that with this Web-based training? It's possible that they do a good job with their Web-based training and simulate the real world well. I just don't know. Cisco recommends that DESGN be taught with a simulator that will let you do some design tasks. They recommend OPNET. Does Knowledgenet let you use OPNET? I would ask a few questions before shelling out a lot of money for the Knowlegenet course. Has anyone else here on GroupStudy used them? If you do use them, let us know how it goes. Thanks and good luck with your CCDA. Priscilla Thank you! --- Priscilla Oppenheimer wrote: CiscoNewbie wrote: Hi all. I am going up for my CCDA cert and would like to know what are the recommended books and material to study with? Nothing is out yet for the new version of the test, as far as I know. Your best bet would be to take the instructor-led class, if you can afford it. With a good instructor, I think DESGN could be a really great class. It's got tons of meat now, much more than before. It has a big focus on systems analysis as it is taught at universities, as a real discipline, not just a bunch of hand-waving. The class also has a huge scope, covering almost everything you ever wanted to know related to campus and enterprise networks, from business (which they call social or organizational) goals, technical goals, topologies, architectures, modular design, addressing (including IPv6), routing, voice, network management, and security. One focus is on the SAFE architecture, so look that up on Cisco's site and learn it. There's also some AVVID stuff Many of the course modules are partially based on my book Top-Down Network Design. Many of the modules say that Top-Down Network Design is recommended reading. Top-Down Network Design doesn't cover some newer topics, though, such as SAFE and AVVID, although it did cover voice in a limited fashion, since Cisco has been harping on that for years now. DESGN covers voice in gory detail, however. It seems to have all of the old CVOICE course in it. Each module in DESGN has many chapters, each of which is literally hundreds of
Re: 6509 MSFC [7:71340]
The access-list will have no effect. Consider this. Can you seesion to the MSFC when it has no configuration on it? Dave if somehow you do wedge yourself, the switch console x command is your friend. Dave Dave C. wrote: I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71348t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF and ping [7:71349]
i have this topology into my POP: two 6509( with MSFC2) which are connected with two juniper. The default route of sc0 is ip_address of MSFC2, while the MSFC2 speaks with juniper with OSPF process. The juniper originate the default always ad so the MSFC2 receives the default by Ospf (External type2). my problem is the following: with this configuration the MSFC can reach all ip of our backbone, while the sc0 doesn't reach anyone ip (if we do a trace we see a series of * just by first step). If i configure the defualt manually into MSFC, with the command ip route 0.0.0.0 0.0.0 next hop, the sc0 can reach all ip. Do you know the cause of this behavior? Best Regards Paolo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71349t=71349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windowing [7:71333]
Are they required to use windowing (apart from the obvious window size == 1 case)? No. Do they usually use windowing (for performance reasons)? Yes. Thanks, Zsombor At 07:25 AM 6/25/2003 +, Srivathsan Ananthachari wrote: Hi, This might have something to do with the protocol design . I was wondering whether all the connection-oriented / reliable protocols use Windowing . Can the group add elaborate on this please..? TIA Srivathsan A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71355t=71333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: crypto maps and IPSEC tunnels [7:71341]
Thanks for the reply, but this doesnt work I have the more specific acl and even created a LOG to syslog and its matching correctly but doesnt work any ideas On Wed, 2003-06-25 at 15:35, Robert Perez wrote: I would do your more specific ACL entry and make sure your inverted mask is correct such as 192.1.1.0 0.0.0.255. Once you do that then issue the following commands to reset the tunnel and force a renegotiation. Clear crypto ipsec sa clear crypto isakmp sa That should do it... -Original Message- From: ian williams [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: crypto maps and IPSEC tunnels [7:71341] Hi I have just setup a IPSEC tunnel between to routers and tunneling a source address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything works with the current configs given below. But I want to change the acl 101 on router B from using a class A mask to something like a class C mask or even a host address. I have changed the ACL 101 and even added a deny ip any any log to the end to see what is being dropped. The VPN tunnel doesnt come up unless I use a class A mask like showen below. I know this is an ACL but is being used for matching traffic, do they work differently and dont support host address ?? Thanks Ian Here is the config of router A ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key cisco address 10.10.10.10 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.10 set transform-set TEST match address 101 access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 Here is the config router B crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key password address 10.10.10.20 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.20 set transform-set TEST match address 101 access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 access-list 101 permit ip host 10.10.10.10 host 10.10.10.20 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71353t=71341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: crypto maps and IPSEC tunnels [7:71341]
I would do your more specific ACL entry and make sure your inverted mask is correct such as 192.1.1.0 0.0.0.255. Once you do that then issue the following commands to reset the tunnel and force a renegotiation. Clear crypto ipsec sa clear crypto isakmp sa That should do it... -Original Message- From: ian williams [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: crypto maps and IPSEC tunnels [7:71341] Hi I have just setup a IPSEC tunnel between to routers and tunneling a source address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything works with the current configs given below. But I want to change the acl 101 on router B from using a class A mask to something like a class C mask or even a host address. I have changed the ACL 101 and even added a deny ip any any log to the end to see what is being dropped. The VPN tunnel doesnt come up unless I use a class A mask like showen below. I know this is an ACL but is being used for matching traffic, do they work differently and dont support host address ?? Thanks Ian Here is the config of router A ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key cisco address 10.10.10.10 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.10 set transform-set TEST match address 101 access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 Here is the config router B crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key password address 10.10.10.20 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.20 set transform-set TEST match address 101 access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 access-list 101 permit ip host 10.10.10.10 host 10.10.10.20 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71352t=71341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet is very slow behind Pix 515E UR [7:70783]
Greeting, The problem has been solved which wrong information was provided to me by the satellite service provider: They have two different default gateways, one of those gateways is very slow and other one is very fast, so I have replaced the old default gateway with the new one, the browsing is so fast now. Regards, Ismail Al-Shelh -Original Message- From: Mark Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: RE: Internet is very slow behind Pix 515E UR [7:70783] 100basetx is 100MB, half duplex. Try interface ethernet0 100full and interface ethernet1 100full instead. Make sure that whatever is on the other side of the outside interface is 100/full or auto too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Internet is very slow behind Pix 515E UR [7:70783] Whenever I access the web site which is behind the Pix firewalls, the speed is really slow. I bypassed the firewall and accessed the same site and it's fast! I checked my settings and made sure all the connected devices are running at 100 and full duplex, they all are! I mean why this is happening ... is it because the pix have to inspect each packet! The Bandwidth from the service provider is 64k. Any Idea Please. Any ideas? The Pix version is 6.1 besides this is satellite connection The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 Outside address range is 10.15.9.163-183 255.255.255.224 Default Gateway: 10.15.9.62 255.255.255.224 DNS1: 195.238.62.1 DNS2: 195.238.40.30 AN# show config : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password kC9ZDwfWejkBqApp encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname AN domain-name ciscopix.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit udp any any access-list acl_in permit tcp any any pager lines 10 logging buffered debugging interface ethernet0 100basetx interface ethernet1 100basetx interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 10.15.9.163 255.255.255.224 ip address inside 191.1.1.85 255.255.0.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.15.9.164-10.15.9.180 global (outside) 1 10.15.9.181 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de AN# Ismail Al-Shelh [GroupStudy removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71330t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 MSFC [7:71340]
According to Cisco's website, using the session command is what they call accessing the MSFC from the switch CLI using a Telnet session. However, you can access the MSFC from the console port using the switch console command, which Cisco describes as accessing the MSFC from the switch CLI directly connected to the supervisor engine console port. See the following link for more information (watch for wrap): http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration _guide_chapter09186a008007ebb5.html Shawn K. -Original Message- From: Dave C. [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:23 AM To: [EMAIL PROTECTED] Subject: 6509 MSFC [7:71340] I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71354t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AP =- PCMCIA Assocation n tereafter [7:71318]
Hi All I have got a 350 AP and a 350 PCMCIA. Now with a open auth i authenticated myself to the AP and when i try to pin the AP , I cant and when i try to do the AP and PCMCIA troubleshoot via the tool u get with the PCMCIA package , am not able to ping to te AP . anyhelp from people around thnx venu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71318t=71318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 MSFC [7:71340]
Actually I think I answered my own question. I believe that it does telnet, but uses a system default Loopback address (127.0.0.x). When I session over, it shows that I came from 127.0.0.y. Any thoughts...? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71356t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Technology, Certification, Skill Sets, and Altruiism in the [7:71358]
Good Morning! Statement 1: In general - businesses are not well known for being altruistic in their hiring compensation practices. Statement 2: Any good manager would be rather foolish to not appreciate, and compensate accordingly, a hard-working and presumably valued employee. (S)He would also be rather foolish to pay more than needed ... there is a delicate balancing act, with a very precipitous fall into bankruptcy being one of the major indications of failure! Caveats:NOTE - I said the following -incredibly- subjective things: good manager foolish accordingly hard working valued employee needed .. furthermore the valued employee part may be invoking a bit of circular login, since the value may be seen as directly related to the compensation. Alternatively - your level of compensation may also be more indicative of what you WERE worth to the company AT ONE TIME, and if it exceeds certain levels may actually decrease your overall value to the company.(the highest paid are the first to go) .. let's get back to networking before I decide to go sell real estate ... Thanks! TJ -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: RE: Technology, Certification, Skill Sets, and Loo [7:70953] Mark E. Hayes wrote: Ok Sen. McCarthy, Your response is Bolshevik, get it? ;) All I'm talking about is taking care of people who took care of you. As an employee I have an obligation to do x amount of work. I always do more than that, it's a pride thing. I want the business I work for to prosper. What is wrong with showing an employee like that some loyalty. Hey, if the employer wants to do that, there is nothing wrong at all. What's 'wrong' is that you apparently expect them to do so. The employer is obligated to compensate you for your time according to whatever employment agreement you arranged when you were hired, nothing more, nothing less. If you want to altruistically give time and effort above and beyond what is necessary, that's your prerogative, but the employer is not obligated to reward you for it, and if you're truly being altruistic, then you shouldn't have anything to complain about, because altruism means to do something without any expectation of recompense. Now, if you're not being altruistic and you are willing to do extraordinary work but because you expect a reward for it, then you should play Let's Make a Deal. Tell your employer that you're willing to do this-and-that task but only for such-and-such an increase in compensation or a similar arrangement.But if you don't do that, you can't complain ex-post-facto. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71358t=71358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Unable to copy from Sup-Slot0 [7:71038]
Well, this issue has been resolved with the help of Cisco! Here's a quick run-down of what happened: The MSFC2 on the 6509 switch was booting into boot mode because there was only one image in bootflash (the boot image). I couldn't copy a main image to bootflash using the copy sup-slot0: bootflash: command and I couldn't get any connectivity between the switch and the MSFC2. After working with Cisco, they said that there is a bug in the 12.1 MSFC2 code that causes problems using the copy sup-slot0: bootflash: command with the main image. The boot image can be copied using the copy sup-slot0: bootflash: command because it is small, but the main image is apparently too big to be handled. As for the connectivity between the 6509 switch and the MSFC2, Cisco told me that since the MSFC2 is booting into boot mode, the boot image is very limited in what it can do. In fact, you need to use VLAN1 to set up connectivity (I was using VLAN120). So, after changing everything over to VLAN1 on the switch and on the MSFC2, I was able to gain connectivity between the switch and the MSFC2. From there, I connected my laptop to a port on the switch and TFTP could then be used to dump the main image into bootflash! Shawn K. -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 2:56 PM To: Kaminski, Shawn G Cc: '[EMAIL PROTECTED]' Subject: Re: Unable to copy from Sup-Slot0 [7:71038] If you need to get it working copy the image off the slot0: onto a PC and then copy the image off the PC into the MSFC bootflash:, that will work. Dave Kaminski, Shawn G wrote: Yes, the main problem is that I'm booting into boot mode, which is why I want to copy an image into bootflash. As you probably know, the boot image is required in bootflash in order to boot to the main image. Just so you can see the whole process, I deleted the boot image from bootflash and started from scratch. As you can see, the boot image copies with no problem from sup-slot0 into bootflash. However, as soon as I try to copy the main image, it times out. I think I'll try formatting the flash card next and copy the images back onto it. Still no word from my TAC engineer. Shawn K. SMC6500#2MSFC(boot)#copy sup-slot0:c6msfc2-boot-mz.121-8a.EX bootflash: Destination filename [c6msfc2-boot-mz.121-8a.EX]? Accessing sup-slot0:c6msfc2-boot-mz.121-8a.EX... Loading slot0:c6msfc2-boot-mz.121-8a.EX from 127.0.0.11 (via EOBC0/0): ! Loading slot0:c6msfc2-boot-mz.121-8a.EX Loading slot0:c6msfc2-boot-mz.121-8a.EX Loading slot0:c6msfc2-boot-mz.121-8a.EX Loading slot0:c6msfc2-boot-mz.121-8a.EX Loading slot0:c6msfc2-boot-mz.121-8a.EX from 127.0.0.11 (via EOBC0/0): !!! !!! !!! !! [OK - 1693168/3385344 bytes] 1693168 bytes copied in 96.552 secs (17637 bytes/sec) SMC6500#2MSFC(boot)#copy sup-slot0:c6msfc2-jsv-mz.121-8a.E5 bootflash: Destination filename [c6msfc2-jsv-mz.121-8a.E5]? Accessing sup-slot0:c6msfc2-jsv-mz.121-8a.E5... Loading slot0:c6msfc2-jsv-mz.121-8a.E5 ...from 127.0.0.11 (via EOBC0/0): ! Loading slot0:c6msfc2-jsv-mz.121-8a.E5 Loading slot0:c6msfc2-jsv-mz.121-8a.E5 Loading slot0:c6msfc2-jsv-mz.121-8a.E5 Loading slot0:c6msfc2-jsv-mz.121-8a.E5 %Error opening sup-slot0:c6msfc2-jsv-mz.121-8a.E5 (Timed out) -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: Unable to copy from Sup-Slot0 [7:71038] Kaminski, Shawn G wrote: OK, this is probably something simple, but my brain is done thinking tonight. I'm getting a timeout when trying to copy a 6509 IOS image (c6msfc2-jsv-mz.121-8a.E5) from the 6509 Supervisor Slot0: flash card to the MSFC2 bootflash: . I just copied the boot image (c6msfc2-boot-mz.121-8a.EX) with no problems from the Supervisor Slot0: flash card to the MSFC2 bootflash:, but get a timeout when I try to do the image . There's plenty of bootflash and the flash card is 24 MB, so it's not a matter of space. The image is not corrupt. Any advice is appreciated. I don't feel like putting my MSFC into boot mode but I suspect that is you issue!! MSFC_15#copy sup-slot0:c6msfc2-jk2o3sv-mz.121-13.E3.bin bootflash: Destination filename [c6msfc2-jk2o3sv-mz.121-13.E3.bin]? Accessing sup-slot0:c6msfc2-jk2o3sv-mz.121-13.E3.bin... Loading slot0:c6msfc2-jk2o3sv-mz.121-13.E3.bin .from 127.0.0.11 (via EOBC0/0): ! Loading slot0:c6msfc2-jk2o3sv-mz.121-13.E3.bin .from 127.0.0.11 (via EOBC0/0): ! !!! snip Dave SMC6500#2MSFC(boot)#copy sup-slot0: bootflash: Source filename
Re: OSPF and ping [7:71349]
What does traceroute show from the backbone to sc0 in both cases (when it works and when it doesn't)? Thanks, Zsombor At 02:04 PM 6/25/2003 +, riposi alessandro wrote: i have this topology into my POP: two 6509( with MSFC2) which are connected with two juniper. The default route of sc0 is ip_address of MSFC2, while the MSFC2 speaks with juniper with OSPF process. The juniper originate the default always ad so the MSFC2 receives the default by Ospf (External type2). my problem is the following: with this configuration the MSFC can reach all ip of our backbone, while the sc0 doesn't reach anyone ip (if we do a trace we see a series of * just by first step). If i configure the defualt manually into MSFC, with the command ip route 0.0.0.0 0.0.0 next hop, the sc0 can reach all ip. Do you know the cause of this behavior? Best Regards Paolo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71359t=71349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
AhhhThat just turned on a small light bulb for me. So you have uiniderectional service but you configure it for diferent paths to and from. I have seen a similar installation and I just figured the design team had gone insane. now it makes sense. I like this explanation better. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71363t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RFCs [7:71276]
rbx10 Defcom wrote: Thank you all !!! I really appreciated. Annlee, I meant major which relate to the important ones for the ccie written. You don't have to know any RFCs for CCIE!? I've talked to quite a few CCIEs who don't even know how TCP works. Afterall it's just payload in a packet that a router forwards. I liked dre's comment about grouping them by category. My list is focused on understanding protocol behavior for the fundamental protocols found on enterprise networks. There are many other categories. Hey, what other subject can we beat to death today! :-) I know I for one have been procrastinating due to a horrid project I'm working on. :-) How far away is the 4th of July, next day off??? Priscilla -rbx10 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71362t=71276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF and ping [7:71349]
That does sound odd. Are you saying that, without the static default, in your routing table you have a gateway of last resort but it doesn;t work unless you statically define it on the MSFC? Dave riposi alessandro wrote: i have this topology into my POP: two 6509( with MSFC2) which are connected with two juniper. The default route of sc0 is ip_address of MSFC2, while the MSFC2 speaks with juniper with OSPF process. The juniper originate the default always ad so the MSFC2 receives the default by Ospf (External type2). my problem is the following: with this configuration the MSFC can reach all ip of our backbone, while the sc0 doesn't reach anyone ip (if we do a trace we see a series of * just by first step). If i configure the defualt manually into MSFC, with the command ip route 0.0.0.0 0.0.0 next hop, the sc0 can reach all ip. Do you know the cause of this behavior? Best Regards Paolo -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71361t=71349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Transporting Multiple Vlans over point-to-poin [7:71074]
Thanks to the reply Tom, That idea was great. I am afraid I would have a problem because the number of servers. Bridging on ppp seems to have a problem: just one Vlan (bridge-group) per interface. Two links on Cisco explains EoMPLS. It seems to solve the problem but I can not find an example with PoS interface. I am not sure if it is supported. The links is: http://www.cisco.com/warp/public/cc/pd/rt/7600osr/prodlit/emp76_tc.htm http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/products_feature_guide09186a0080088187.html#1045718 And it states: The Ethernet over MPLS feature is supported on the following router at the edge: Cisco 7600 Series Internet Router with 4-port Gigabit Ethernet WAN modules Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71360t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windowing [7:71333]
Srivathsan Ananthachari wrote: Hi, This might have something to do with the protocol design . I was wondering whether all the connection-oriented / reliable protocols use Windowing . No, a lot of connection-oriented protocols and a lot of reliable protocols don't use windowing. There are three separate issues here: connection-oriented, reliability, and flow control. Those characteristics can be combined in many ways, as in a protocol that is reliable, not connection-oriented, and doesn't use flow control (such as TFTP); or a protocol that is connection-oriented and reliable and doesn't use flow control (like NetWare Core Protocol with no burst mode); or a protocol that is connection-oriented but not reliable and doesn't do windowing, such as Frame Relay. Wow, how many other combinations could I come up with? :-) Connection-oriented means that there's some sort of formal establishment of the connection. Examples are Frame Relay, ATM, TCP. Dare I bring up NetBIOS again? :-) In a TCP/IP environment, NetBIOS depends on TCP for connection establishment (and reliability and windowing flow control). In a NetBEUI environment, NetBIOS handles reliability and connection establishment. It also relies on LLC type 2 for those 2 things (it's pretty inefficient) and windowing flow control. With NWLink (NetBIOS on IPX), NetBIOS does connection establishment and realibility on its own, and has no windowing flow control. Reliable means that data delivery is guaranteed. This usualy requires sequence numbers and ACKs. There are protocols that are reliable but not connection-oriented and that don't use flow control. An example is OSPF when it exchanges database description messages. This is a reliable protocol with sequence numbers, but there's no formal connection establishment first. Neighbors discover each other with hellos, but they don't establish a connection. They don't use windowing either. Many command/reply protocols, such as DNS, are reliable. The client retransmits if it doesn't get an asnwer. But they aren't connection-oriented and they don't use flow control. Flow control coordinates the amount of data that can be sent to a receiver. It can be handled in two different ways: Stop-and-wait flow control: The sender waits for an ACK after every frame. Examples of protocols that do this are Bysync (BSC), NetWare Core Protocol when burst mode isn't used, Network File System (NFS), Trivial File Transfer Protocol (TFTP). Some of those (like NCP) are connection-oriented and reliable, but they don't use windowing. Some of them (like TFTP) are reliable, but not connection-oriented. Sliding window flow control: The sender can transmit several frames before needing an ACK. TCP uses this, as does X.25, LLC Type 2, HDLC (though not Cisco's HDLC), SDLC. Those are all connection-oriented and reliable also. There are quite a few protocols that aren't connection-oriented or reliable and don't do flow control: Ethernet, Token Ring, Cisco's HDLC, IP, UDP, etc. Priscilla Can the group add elaborate on this please..? TIA Srivathsan A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71364t=71333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6509 MSFC [7:71340]
Hy, but uses a system default Loopback address (127.0.0.x). When I session over, it shows that I came from 127.0.0.y. Any thoughts...? you are right :-) It does use a telnet-session. If you use an ACL on your vty's, you can include/exclude the 127.0.0.x range to allow / reject telnet-sessions from the switching-engine (if you telnet/ssh on the sw-engine). As mentioned before, you can use the switch console while you have access to the consle of the 65xx. Regards, Marco [GroupStudy removed an attachment of type application/pgp-signature] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71365t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 MSFC [7:71340]
Yes, I agree that the session command uses an internal telnet session. Cisco's documentation says using a Telnet session, but I believe they didn't go into enough detail! Shawn K. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:55 PM To: Kaminski, Shawn G Cc: [EMAIL PROTECTED] Subject: RE: 6509 MSFC [7:71340] At 02:48 PM 6/25/2003 +, Kaminski, Shawn G wrote: According to Cisco's website, using the session command is what they call accessing the MSFC from the switch CLI using a Telnet session Not using a telnet session, rather from a telnet session. To appreciate the difference, consider what the 'switch console' command does: it directs the MSFC console to the console outlet that is visible on the supervisor card (FWIW, the MSFC module has its own hardware console port, it's just not wired into an RJ-45 outlet on the front panel of the card). So if you are *not* on the console, then 'switch console' doesn't help you. If you are telnetting to the box (ie. you want to access the MSFC from a telnet session), then you have to use the 'session' command. Now it is possible that the 'session' command is in fact uses a telnet session internally. Even so I would be surprised if you could disable that using access lists. It is certainly not a normal telnet session as it doesn't require username/password and such. However, to be sure: Dave, please try it out, and let us know! :) Thanks, Zsombor . However, you can access the MSFC from the console port using the switch console command, which Cisco describes as accessing the MSFC from the switch CLI directly connected to the supervisor engine console port. See the following link for more information (watch for wrap): http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuratio n _guide_chapter09186a008007ebb5.html Shawn K. -Original Message- From: Dave C. [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:23 AM To: [EMAIL PROTECTED] Subject: 6509 MSFC [7:71340] I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71373t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
douglas mizell wrote: Hi, I don't normally participate in threads like this but I could not resist. Everything posted so far is probably correct and necessary and would apply generically to any job hunt. I have my lab scheduled for October (first attempt). I started this odyssey a couple of years ago and like many of us have spent far too much time and money to back out now. But, I do not believe that getting my number is going to suddenly make a huge difference in my earning potential. Everyone's profile is different but I think the trick is to be diverse, willing to work long hours, travel and wear alot of hats. Let's face it, the 90's, God blessum, are over and so are the days of $150,000 salaries for CCIE's. I have worked overseas for the past several years on military bases and there is plenty of oppurtunity for experienced people in this little niche if you are willing to do it. The certifications will get you in the door, the USAF requires at least a CCNP for senior infrastructure guys but experience is the biggest factor by far. They will not consider someone with less than a couple of years experience, cert or not. I honestly cannot comment on the job market at home except to say it sounds dismal, if there really are CCIE's out there fighting over $35K jobs than to hell with this whole idea, open a taco stand. Regards, Douglas Mizell CCNP/CCDP You forgot to include something there. To take advantage of that USAF possibility you not only have to be willing to do it, but able to do it. The moment you start talking about a position that requires a Secret clearence I would estimate that you slice 35-40 percent of those who are technically qualified right out of the picture. make it a TS and you probably killed 75+ percent. CCIE's trying to get ccna level jobs? I suppose some are. But I have to say I only have 6 years in the computer arena with just 2 years holding my CCNA. (I'm sitting the BSCI exam next week). I was a contracted employee at my last job and the project ended. The first thing I did was file for unemployment (since I paid for it) and start job hunting. When I was down there filing there was a group of 11 Cisco/nortel people who were there together. They had come from their meeting at ATT where they had just found out that they were losing their jobs. They said there were another 20-30 in their group who were also about to hit the skids. I job hunted for 2 months before being offered an acceptable position. I took a cut but I got a job I love. I was very intimidated when I found out that 30-40 qualified experienced Cisco people were jumping in the job hunt at the same time as I was but I bet I did better than at least half of them and in less time. I just don't believe that you can not find a job if you are experienced and certified. It might not be your dream job. it might not pay as much as you thought you would be making now. And it might require you to relocate. But there are jobs out there. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71369t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RFCs [7:71276]
At 5:01 PM + 6/25/03, Priscilla Oppenheimer wrote: rbx10 Defcom wrote: Thank you all !!! I really appreciated. Annlee, I meant major which relate to the important ones for the ccie written. You don't have to know any RFCs for CCIE!? I've talked to quite a few CCIEs who don't even know how TCP works. Afterall it's just payload in a packet that a router forwards. But if you start getting into NAT and load balancers, it's essential knowledge. I liked dre's comment about grouping them by category. My list is focused on understanding protocol behavior for the fundamental protocols found on enterprise networks. There are many other categories. One natural way to characterize the ones that aren't fully stable is to review the drafts and RFCs by the IETF Working Group: http://www.ietf.org/html.charters/wg-dir.html Now, you won't find old and stable things there like basic IPv4. You may also find exceptionally valuable drafts. For example, the current draft 20 of the revision to the BGP specification, RFC 1771, is a far better picture of real-world BGP than is 1771. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71368t=71276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
I found the sense dubious at the time ;-) but it was how the customer wanted to do it... Annlee David Vital wrote in message news:[EMAIL PROTECTED] AhhhThat just turned on a small light bulb for me. So you have uiniderectional service but you configure it for diferent paths to and from. I have seen a similar installation and I just figured the design team had gone insane. now it makes sense. I like this explanation better. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71367t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: Re: Clarification on Cisco OSPF network types [7:71371]
This is NOT the sort of thing that belongs on an IETF mailing list, because it's vendor specific. That being said, it's relevant here. Date: Tue, 24 Jun 2003 18:15:59 -0700 Reply-To: Mailing List Sender: Mailing List From: Sina Mirtorabi Subject: Re: Clarification on Cisco OSPF network types To: [EMAIL PROTECTED] Paresh, -Hi all, - -Appreciate if someone could clarify how the various Cisco -OSPF modes for NBMA networks work. - -The command ip ospf network {broadcast | non-broadcast | -{point-to-multipoint [non-broadcast] | point-to-point}} -allows you to set an OSPF network mode. - -I would like to know: -1. How OSPF packets are transmitted on each of these modes - -unicast, multicast etc ? network \packet type |type 1 | type 2| type 3| type 4| type 5 -|---|---|---|---|-- p2p | M| M | M | M | M -|---|---|---|---|-- p2mp non-broadcast | U| U | U | U | U -|---|---|---|---|-- p2mp broadcast | M| U | U | U | U -|---|---|---|---|-- NBMA | U| U | U | U | U -|---|---|---|---|-- Broadcast| M| U | U |M /MD *| M/MD * U : unicast ( neighbor IP address ) M : Multicast AllSPFRouters (224.0.0.5) MD : Multicast AllDRouters ( 224.0.0.4 ) * For broadcast network, if Interface FSM is DR /BDR type 4 5 are sent to M ( 224.0.0.5) otherwise it is sent to MD ( 224.0.0.6 ) -2. How are neighbors discovered ? When the packet ( actually Hello ) is sent to unicast IP address a manual configuration is required (except for VL which is found dynamically once there is an intra-area path to the other end-point ) If Hello is sent to Multicast AllSPFRouters address and the link layer has the broadcast capability ( or packet can be replicated to sent to different VC ) then the neighbor discovery is dynamic Sina Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71371t=71371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quoting in Replies [7:71366]
A lot of list newbies probably don't realize that many list old-timers read the messages via e-mail. The messages arrive as they are sent or posted. They are essentially sorted by time rather than topic. They are not grouped by subject in any way. They use a synchronous, connectionless, stateless, delivery mechanism. :-) John is right. A message that arrives this way without any context is terribly annoying and pretty much useless. The reader wants to know what it's talking about but can't easily tell without going through a bunch of old messages which are sorted by time, if they were kept at all. Many of us use the Web to post our messages. If you are on the Web right now, take a look at the text-input box below this message. Beside that tempting outlined Post button, see the Quote button? Press that first. It puts the original message into the text box. Only delete it or parts of it if it's gotten really long-winded or you said something embarassing a few messages back that you don't want people to see again! ;-) Seriously, leave the message intact and reply to it, in context. Most e-mail programs also have a way of saying that you should quote the original message when you reply. Please enable this. And, as discussed above, if you post with the Web, please realize that we need you to emulate that e-mail function of quoting. Use your Quote button. Thank-you. Priscilla John Neiberger wrote: Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71372t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quoting in Replies [7:71366]
Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71366t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 MSFC [7:71340]
At 02:48 PM 6/25/2003 +, Kaminski, Shawn G wrote: According to Cisco's website, using the session command is what they call accessing the MSFC from the switch CLI using a Telnet session Not using a telnet session, rather from a telnet session. To appreciate the difference, consider what the 'switch console' command does: it directs the MSFC console to the console outlet that is visible on the supervisor card (FWIW, the MSFC module has its own hardware console port, it's just not wired into an RJ-45 outlet on the front panel of the card). So if you are *not* on the console, then 'switch console' doesn't help you. If you are telnetting to the box (ie. you want to access the MSFC from a telnet session), then you have to use the 'session' command. Now it is possible that the 'session' command is in fact uses a telnet session internally. Even so I would be surprised if you could disable that using access lists. It is certainly not a normal telnet session as it doesn't require username/password and such. However, to be sure: Dave, please try it out, and let us know! :) Thanks, Zsombor . However, you can access the MSFC from the console port using the switch console command, which Cisco describes as accessing the MSFC from the switch CLI directly connected to the supervisor engine console port. See the following link for more information (watch for wrap): http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration _guide_chapter09186a008007ebb5.html Shawn K. -Original Message- From: Dave C. [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:23 AM To: [EMAIL PROTECTED] Subject: 6509 MSFC [7:71340] I have a MSFC on a 6509 that I am firing up for the first time. The 6509 is running CAT-OS (Hybrid Mode). I have defined several VLAN interfaces on the MSFC, and now must create a specific access-list to limit only a certain source and port address to reach each of these VLAN's. This access-list will not allow Telnet connectivity. My question is, if I create this access list and bind it to all VLANs, will I be able to SESSION over from the switch to the MSFC? Does the SESSION command actually use Telnet to get to the MSFC? Will I need to assign a loopback address and then allow access to the loopback address specifically in my access-list? I just want to make sure that I do not block all access to the MSFC. Any clarification on this would be helpful. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71370t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
Zsombor Papp wrote in message news:[EMAIL PROTECTED] At 06:33 PM 6/24/2003 +, Priscilla Oppenheimer wrote: Aaron Ajello wrote: This is probably a very simple concept question, but I've asked a couple people and haven't gotten a solid answer. If I've got two frame relay spoke sites connected point to point with a hub site and a server in one spoke site copies a file to a server in the other spoke site, does all the traffic pass through the hub site, or is it switched within the frame cloud? All the traffic passes through the hub site. I guess what I'm wondering is does a frame cloud act somewhat like a lan, where initially packets will go through the default gateway and be routed and then the following packets will be switched? A frame cloud does act like a LAN but a LAN without a router (and no broadcasting, but that's another story). You mixed metaphors by sticking in the router, which is a layer up. The only reason a LAN switch can route and then switch is because it's really a router (dare I say L3 switch!? :-) Or it is in communication with a router, running Cisco's Multilayer Switching Protcol (MLSP), and has an understanding of L3 addressing. A Frame Relay switch is just a L2 switch. It really does behave quite a bit like a classic LAN L2 switch. It has a switching table that has a set of entries that say, if packet comes in on this DLCI, it goes out on that DLCI. This is similar to a L2 bridging/switching cam table, although there are differences. The main differences being that a.) the FR switch typically doesn't learn the DLCI numbers dynamically, rather the service provider needs to configure it hop-by-hop, and b.) the DLCI is not a globally unique identifier, like the MAC address in the case of an Ethernet switch, rather has only local significance and it might change along the path (aka PVC) from switch to switch. Actually, there is such a thing as a universal DLCI. PVO and I and a couple of other folks researched this thoroughly one Saturday a couple of years ago. It is an extension to the standard, and allows( going from memory here ) for an extended DLCI field that supports a 15 bit identifier. This means that a unique DLCI is assigned to every customer device in the cloud. To my knowledge, no telco supports this, for a lot of reasons, not the least of which is the complexity and the lack of capacity to support end to end across several provider networks. An enterprise running it's own frame network, say using Stratacom equipment, for example, might find this of value. I've done a couple of quick looks on CCO and have not found any links. My recollection is that we researched outside of cisco to find the info, and there may be some links on CCO but my phrasing is not turning them up just another bit of pretty much useless information I've run across over the years. :- Thanks, Zsombor The Frame Relay switch understands the virtual circuits that have been provisioned to the customer. With a hub and spoke topology, the spokes don't have a virtual circuit to each other. They just have a virtual circuit to the hub. So imagine a hub and spoke topology with Chicago being the Hub. Make Los Angeles and Miami the spokes. Chicago has two virtual circuits: DLCI 100 goes to Los Angeles DLCI 200 goes to Miami Los Angeles has just one virtual circuit: DLCI 777 goes to Chicago Miami has just one virtual circuit DLCI 888 goes to Chicago A switch in Chicago has two entries in its switching table: incoming = 100, outgoing = 777 incoming = 200, outoing = 888 A switch in Los Angeles has the following entry in its switching table incoming = 777, outgoing = 100 A switch in Miam has the following entry in its switching table incoming = 888, outgoing = 200 If you can get your hands on enough routers, set up one of them to be a Frame Relay switch in a hub-and-spoke topology. Just a switch, no routing. It's truly an eye opener to manually configure its switching table (and it is generally done manually, unlike a LAN switch.) Actually, from what I understand, there can be intermediate DLCIs in the cloud too, but that's a high-level view. Someone can correct me if I'm wrong about it. I'm a bit tired after the NetBIOS biopsy or was it a lobotomy. :-) Priscilla thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71378t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quoting in Replies [7:71366]
I agree. I was going to rag about this the other day, but figured that many people on this list already think I bi*ch too much about other things! :-) Shawn K. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71380t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quoting in Replies [7:71366]
Grump, grump, grump If everyone would post the new text at the top, I'd be happy... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Neiberger Sent: Wednesday, June 25, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71379t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
At 6:34 PM + 6/25/03, annlee wrote: I found the sense dubious at the time ;-) but it was how the customer wanted to do it... Annlee I never cease to be amazed at how less-than-well-informed-customers demand crazy protocol changes. One of my favorites was to introduce something along the lines of detailed NetFlow in a price-sensitive DSL ISP, so they could look for (blocked by policy) HTTP servers. They couldn't understand why I suggested they simply filter on TCP port 80. But as to your customer, some people like write-only memory. David Vital wrote in message news:[EMAIL PROTECTED] AhhhThat just turned on a small light bulb for me. So you have uiniderectional service but you configure it for diferent paths to and from. I have seen a similar installation and I just figured the design team had gone insane. now it makes sense. I like this explanation better. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71377t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6509 MSFC [7:71340]
You made me try it... :) I configured this on the MSFC: access-list 100 deny ip any any log ! line vty 0 4 access-class 100 in and I was still able to use 'session' to get to it. Does anyone have different experience? FWIW, I also checked the TCP connections on the MSFC, and when a 'session' is open, it does show a TCP connection between 127.0.0.12:23 (local) and 127.0.0.11:1025 (local). And when I configured a password on the vty's, I was subsequently required to enter that password for a 'session'. So it looks like telnet, walks like telnet, ... :) OK, now back to work... ;( Thanks, Zsombor At 06:01 PM 6/25/2003 +, Marco Eulenfeld wrote: Hy, but uses a system default Loopback address (127.0.0.x). When I session over, it shows that I came from 127.0.0.y. Any thoughts...? you are right :-) It does use a telnet-session. If you use an ACL on your vty's, you can include/exclude the 127.0.0.x range to allow / reject telnet-sessions from the switching-engine (if you telnet/ssh on the sw-engine). As mentioned before, you can use the switch console while you have access to the consle of the 65xx. Regards, Marco [GroupStudy removed an attachment of type application/pgp-signature] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71376t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
The consensus among all corporate managers that I have dealt with is that CCIEs cannot obtain their status with at least some real experience. That is the consensus. Don't shoot me for it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Wednesday, June 25, 2003 1:43 AM To: [EMAIL PROTECTED] Subject: RE: how about ccie salary in US? [7:71143] Jack Nalbandian wrote: CCIEs with some experience are considered to have college equivalent experience and training as it pertains to technical know-how, knowledge that has proven to be crucial in the survival of a few companies that I have worked in. The companies did not care very much whether the CCIE had any soft skills when it came time to salvage a disaster of a network. But then what are we really talking about here - is it the CCIE or is it the experience that matters? I think we both agree that a CCIE with no experience - the prototype lab-rat- is not one to be trusted with running a live network until and unless that lab-rat gets experience. A much more fair comparison would be the CCIE with some experience vs. the college graduate with equal experience. And I would wonder whether there really are enough network disasters around that one could really make a reliable living off them merely with strong technical skills but no soft-skills. I would contend probably not. The fact is, if nobody in the company likes you, then you either better be an absolutely awesome firefighter, or you're going to get canned. Companies these days simply don't have a lot of room anymore for guys who may be technically brilliant but socially inept. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71375t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
507 and 560 Content Engine Issues [7:71374]
Team, Is anybody having issues with their Content Engines having a lot of hard drive failures? If you don't and you are using 507 and 560 series CE's then can you provide me with what IOS you are currently using. We are having tons of issues with these hard drives but Cisco at the moment can't provide us with a reason why until they get some EFA results back. I want to make sure this isn't a IOS issue by chance. Thanks for your help in advance. Travis Bolton Web Media CCNP,CCDA Office (913) 794-7911 PCS (913) 484-6609 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71374t=71374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
I would appreciate if the posters would drive over to my house and read their message to me, with accompanying gestures as appropriate.Not only that, but maybe fix me a glass of ice tea and some cookies. It's hot out here in Kansas, and cookies are hard to come by... Kaminski, Shawn G wrote in message news:[EMAIL PROTECTED] I agree. I was going to rag about this the other day, but figured that many people on this list already think I bi*ch too much about other things! :-) Shawn K. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71383t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RFC 1855, was RE: Quoting in Replies [7:71366]
While we're on this topic, I just now found out there was an RFC that deals with these issues. Here is a snippet from that RFC: - If you are sending a reply to a message or a posting be sure you summarize the original at the top of the message, or include just enough text of the original to give a context. This will make sure readers understand when they start to read your response. Since NetNews, especially, is proliferated by distributing the postings from one host to another, it is possible to see a response to a message before seeing the original. Giving context helps everyone. But do not include the entire original! Of course, by top-posting I'm breaking this rule, but Shawn did it first! John Kaminski, Shawn G 6/25/03 3:06:59 PM I agree. I was going to rag about this the other day, but figured that many people on this list already think I bi*ch too much about other things! :-) Shawn K. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71381t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
Fe, fi, fo, fum, I smell the blood of another undying thread! :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem On Wed, 25 Jun 2003 20:29:34 GMT Larry Letterman wrote: Grump, grump, grump If everyone would post the new text at the top, I'd be happy... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Neiberger Sent: Wednesday, June 25, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71387t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 MSFC [7:71340]
Good information! Thanks for trying it out for us! Shawn K. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 4:21 PM To: [EMAIL PROTECTED] Subject: Re: 6509 MSFC [7:71340] You made me try it... :) I configured this on the MSFC: access-list 100 deny ip any any log ! line vty 0 4 access-class 100 in and I was still able to use 'session' to get to it. Does anyone have different experience? FWIW, I also checked the TCP connections on the MSFC, and when a 'session' is open, it does show a TCP connection between 127.0.0.12:23 (local) and 127.0.0.11:1025 (local). And when I configured a password on the vty's, I was subsequently required to enter that password for a 'session'. So it looks like telnet, walks like telnet, ... :) OK, now back to work... ;( Thanks, Zsombor At 06:01 PM 6/25/2003 +, Marco Eulenfeld wrote: Hy, but uses a system default Loopback address (127.0.0.x). When I session over, it shows that I came from 127.0.0.y. Any thoughts...? you are right :-) It does use a telnet-session. If you use an ACL on your vty's, you can include/exclude the 127.0.0.x range to allow / reject telnet-sessions from the switching-engine (if you telnet/ssh on the sw-engine). As mentioned before, you can use the switch console while you have access to the consle of the 65xx. Regards, Marco [GroupStudy removed an attachment of type application/pgp-signature] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71386t=71340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quoting in Replies [7:71366]
Until it becomes such an unwieldy and nasty message... Sometimes I take out some of the messages to avoid gargantuan replies. Sometime I post inline to directly respond to certain viewpoints. Otherwise you tend to get that nasty... um.. you didn't answer that question syndrome. I think quoting relevant info is good, not sure on the entire bit. Some of the other mailing lists I am on suggest I do not quote every little detail to avoid the gargantuan replies of doom. ;) I agree. I was going to rag about this the other day, but figured that many people on this list already think I bi*ch too much about other things! :-) Shawn K. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71389t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 640-100 MCNS exam [7:71388]
PIX People, I am currently studying for Cisco's 640-100 MCNS exam and current study material seems a bit thin. I have the Boson package, pretty good, a good reference book that I have read about 3 time. I am looking for good study scenarios where one has to step through setting up a router, firewall etc. I am a CCNA, CCNP, and CCIE (written) --- a 98% correct score on that exam, so feel pretty good about things, BUT I can tell when study materail is not so good. I have purchase some study notes that are really bad, lots of mistakes. I recently purchased a nice new PIX 501 firewall with 3DES and am having fun. I need any and all good study sources that are also pertinent to what one is apt to see on the actual exam The mission is to understand, not figure out how to cheat on the exam, can anyone help? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71388t=71388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FR concept question [7:71263]
At 8:29 PM + 6/25/03, Hemingway wrote: The main differences being that a.) the FR switch typically doesn't learn the DLCI numbers dynamically, rather the service provider needs to configure it hop-by-hop, and b.) the DLCI is not a globally unique identifier, like the MAC address in the case of an Ethernet switch, rather has only local significance and it might change along the path (aka PVC) from switch to switch. Actually, there is such a thing as a universal DLCI. PVO and I and a couple of other folks researched this thoroughly one Saturday a couple of years ago. It is an extension to the standard, and allows( going from memory here ) for an extended DLCI field that supports a 15 bit identifier. This means that a unique DLCI is assigned to every customer device in the cloud. The DLCI field is actually infinitely recursively extensible, not just to 15 bits. But there's a reasonable question -- why try to make a connection-oriented L2 service do what IP or MPLS can do more flexibly? To my knowledge, no telco supports this, for a lot of reasons, not the least of which is the complexity and the lack of capacity to support end to end across several provider networks. An enterprise running it's own frame network, say using Stratacom equipment, for example, might find this of value. How would this be superior to simply routing, where you have IP addresses? I suppose that if you had the Stratacoms and couldn't afford to get rid of them... I've done a couple of quick looks on CCO and have not found any links. My recollection is that we researched outside of cisco to find the info, and there may be some links on CCO but my phrasing is not turning them up just another bit of pretty much useless information I've run across over the years. :- The standards-speak is recursive extensibility, but I doubt Cisco supports it -- it doesn't solve problems for which there isn't a better solution. People forget the origin of Frame Relay: it was intended as a low-speed access service to ATM. The Gang of Four popularized it as a general interface, just as the ATM Forum popularized UNI. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71385t=71263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Boot problem with new 6513 [7:71390]
I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71390t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boot problem with new 6513 [7:71390]
Is there a slot card in the sup ? If so , try to boot from slot0: Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Sent: Wednesday, June 25, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: Boot problem with new 6513 [7:71390] I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71392t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 640-100 MCNS exam [7:71388]
FWIW-- The 640-100 is being retired 30 Sep 2003, so you may want to consider taking the new SECUR exam (642-501), which just went active 17 Jun. Granted, there aren't a lot of materials published for it, but the published material for MCNS is poor. My opinion of the exam is shared by a more experienced old hand locally, who took the same exam not too long before I did. The exam was really quite poor -- lots of questions about configuration options in AAA (which options in authenticate vs. authorize, for instance). I recall very few -- if any -- questions about the PIX. Much of the information was, frankly, old, which is why I recommend the newer exam. Also, I had a handful of questions which were word-for-word the same as a commercial practice exam. That practice test was of very little use -- it did not reflect the exam content (and I am very unhappy with the explanations behind the answers). For more information, feel free to contact me offline, understanding I will not violate the NDA. Annlee John Holp wrote in message news:[EMAIL PROTECTED] PIX People, I am currently studying for Cisco's 640-100 MCNS exam and current study material seems a bit thin. I have the Boson package, pretty good, a good reference book that I have read about 3 time. I am looking for good study scenarios where one has to step through setting up a router, firewall etc. I am a CCNA, CCNP, and CCIE (written) --- a 98% correct score on that exam, so feel pretty good about things, BUT I can tell when study materail is not so good. I have purchase some study notes that are really bad, lots of mistakes. I recently purchased a nice new PIX 501 firewall with 3DES and am having fun. I need any and all good study sources that are also pertinent to what one is apt to see on the actual exam The mission is to understand, not figure out how to cheat on the exam, can anyone help? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71393t=71388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
serial interface and pinging [7:71391]
Found this a bit unusual... have a feel for why it works this way, but figured I'd float this to the list for thoughts... Got two routers connected via a serial interface. R1 is assigned 192.168.2.1/30 on its serial R2 is assigned 192.168.2.2/30 on its serial On R1, do a debug ip icmp And then from R1, do a ping 192.168.2.1 (the IP on it's local serial interface). Interestingly we see the following: r2511#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/73/84 ms r2511# 01:35:35: ICMP: redirect rcvd from 192.168.2.2 -- for 192.168.2.1 use gw 192.168.2.1 01:35:35: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 Two items of interest: 1) The router, when pinging it's local IP, actually transmits the packets onto the interface with source and destination being the interface's local IP address. The packets aren't looped internally, as I would have expected, but are looped via the remote router. 2) Router R2 sends an ICMP redirect suggesting a more efficient way to reach 192.168.2.1. Interesting behavior Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71391t=71391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback connection on Switch with STP [7:71394]
May find it very simple but could not find an accurate answer... Did not have a lab switch to try it out... If i make a loopback (cross cable) connectivity between 2 ports within the switch. And having the STP enabled on the switch, what would be the status for the ports... I thought it is one will be blocking and one will be forwarding. Is that a right statement ? What if the bridge will act as root bridge (according to theory, ports on the root bridge should be on forward mode) ? But then the loop would be there... Your advice is appreciated. Thank you shibu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71394t=71394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
Jack Nalbandian wrote: The consensus among all corporate managers that I have dealt with is that CCIEs cannot obtain their status with at least some real experience. That is the consensus. Don't shoot me for it. \ Those corporate managers are wrong. They may want to look up the term lab-rat and see how it is commonly used, especially on this ng. Also, consider this. Those people who really think that the CCIE is impossible to pass without experience should freely support (or at least have no objection to) an idea I've been pushing for awhile - namely requiring a minimum number of years of verifiable networking experience in order to be eligible to take the exam, and for which all candidates would be subject to a random background check to catch liars - similar to how some companies run background checks on their job candidates. If it's categorically true that nobody could ever pass the lab without experience, then this new requirement should not be a problem, right? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71397t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
fracking top poster here - you happy now? ;- Larry Letterman wrote in message news:[EMAIL PROTECTED] Grump, grump, grump If everyone would post the new text at the top, I'd be happy... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Neiberger Sent: Wednesday, June 25, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: Quoting in Replies [7:71366] Okay, this is getting really old, really fast. When responding to a post, PLEASE QUOTE WHAT YOU'RE REPLYING TO! The number of unintelligible posts is increasing and some simple quoting would help immensely. Perhaps the issue is that if you use the web-based board to post a quote does not happen by default. So, if you are using the board to reply to posts, please hit the QUOTE button and edit appropriately. Thanks, John (who is exceptionally grumpy today, and it shows. Sorry about that.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71398t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
\ I just don't believe that you can not find a job if you are experienced and certified. It might not be your dream job. it might not pay as much as you thought you would be making now. And it might require you to relocate. But there are jobs out there. The issue is not finding a job, any job. I agree that if you're willing to work for, say, minimum wage, and relocate to Podunk, then you can probably find a job. But that's the rub, isn't it? How many experienced people are willing to work for puny pay and be forced to relocate when, quite frankly, they don't have to? In particular, how many are going to do it when they can simply transfer into another profession that pays better and doesn't require them to relocate? I am not aware of any mandate that requires you to work in networking simply because you're a CCIEr or simply because you have a lot of experience in it. Take the case of my highly experienced CCIE buddies who went back to UNIX admin-work. Sure, they COULD continue to be network guys if they were willing to take grand-mal paycut, but why should they when they can continue to get a nice UNIX redux paycheck? Therefore when people say there are no jobs, they don't mean that there are literally no jobs, they mean that the overall quality of the jobs has declined dramatically (something which I doubt anybody will seriously dispute) such that other options look mighty attractive by comparison. People will therefore leave this field not because there are literally no jobs, but because other fields other decidedly better opportunities. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71396t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Technology, Certification, Skill Sets, and Altruiism in the [7:71399]
Evans, Timothy R (BearingPoint) wrote in message news:[EMAIL PROTECTED] Good Morning! Statement 1: In general - businesses are not well known for being altruistic in their hiring compensation practices. Statement 2: Any good manager would be rather foolish to not appreciate, and compensate accordingly, a hard-working and presumably valued employee. (S)He would also be rather foolish to pay more than needed ... there is a delicate balancing act, with a very precipitous fall into bankruptcy being one of the major indications of failure! Caveats: NOTE - I said the following -incredibly- subjective things: good manager foolish accordingly hard working valued employee needed .. furthermore the valued employee part may be invoking a bit of circular login, since the value may be seen as directly related to the compensation. Alternatively - your level of compensation may also be more indicative of what you WERE worth to the company AT ONE TIME, and if it exceeds certain levels may actually decrease your overall value to the company. (the highest paid are the first to go) Back in the days when baseball was understood to be the ultimate expression of American values, this may have been true. Take each individual and weigh his/her strengths and weaknesses, consider the overall value of heir contribution, and decide on that basis. These days, when football is king, what does that say about our values? That we are all specialists and we are all easily replaced. In fact, in a football model, the ideal is to churn and burn. .. let's get back to networking before I decide to go sell real estate ... Given the current real estate market, you may do far better financially. and no heavy lifting. :- Thanks! TJ -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: RE: Technology, Certification, Skill Sets, and Loo [7:70953] Mark E. Hayes wrote: Ok Sen. McCarthy, Your response is Bolshevik, get it? ;) All I'm talking about is taking care of people who took care of you. As an employee I have an obligation to do x amount of work. I always do more than that, it's a pride thing. I want the business I work for to prosper. What is wrong with showing an employee like that some loyalty. Hey, if the employer wants to do that, there is nothing wrong at all. What's 'wrong' is that you apparently expect them to do so. The employer is obligated to compensate you for your time according to whatever employment agreement you arranged when you were hired, nothing more, nothing less. If you want to altruistically give time and effort above and beyond what is necessary, that's your prerogative, but the employer is not obligated to reward you for it, and if you're truly being altruistic, then you shouldn't have anything to complain about, because altruism means to do something without any expectation of recompense. Now, if you're not being altruistic and you are willing to do extraordinary work but because you expect a reward for it, then you should play Let's Make a Deal. Tell your employer that you're willing to do this-and-that task but only for such-and-such an increase in compensation or a similar arrangement.But if you don't do that, you can't complain ex-post-facto. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71399t=71399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback connection on Switch with STP [7:71394]
Shibu Nair wrote: May find it very simple but could not find an accurate answer... Did not have a lab switch to try it out... If i make a loopback (cross cable) connectivity between 2 ports within the switch. And having the STP enabled on the switch, what would be the status for the ports... I thought it is one will be blocking and one will be forwarding. Is that a right statement ? Yes. The switch ports will see the BPDUs from each other. One will have a lower Port ID so they can use that to make a decision. There's finally a use for the Port ID! :-) What if the bridge will act as root bridge (according to theory, ports on the root bridge should be on forward mode) ? But then the loop would be there... This would be an exception. The port with the higher Port ID would defer to what it thinks is a better designated bridge on the other port. IEEE did actually think of this. (I think it's mentioned in the standard anyway. It is definitely mentioned in Radia Perlman's Interconnections book.) You don't need a cross-over cable to test it. You could use a hub and connect 2 of the hub ports to 2 ports on the switch and completely break the hierarchical design model!? Priscilla Your advice is appreciated. Thank you shibu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71403t=71394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cosmic rays?? [7:71402]
We have a Cisco VIP card plugged into a 7500 router. Every once in a while the card just stops working and sometimes it gets stuck so hard that we have to reload the microcode. The last we did that, the router crashed and had to be reset (Ugly!). Well, it gets worse. After having to convince the guys at the local Cisco office to help us in this issue, they came to our facilities and began their analysis. To make a long story short, they told us that these problems were caused by cosmic rays! We almost fainted! Cosmic rays! Has anybody around here ever heard of this problem in this combo? Let me tell you this router is not installed in a spaceship or something like that, it4s just an ordinary datacenter. Any ideas about what the real problem might be? P. S. The router is using a recent version of IOS (newer than 12.1) and has been patched as per the Cisco site. Thanks a lot for any advice on this issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71402t=71402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boot problem with new 6513 [7:71390]
Ronnie Ron wrote in message news:[EMAIL PROTECTED] I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71400t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Technology, Certification, Skill Sets, and Alt [7:71399]
Back in the days when baseball was understood to be the ultimate expression of American values, this may have been true. Take each individual and weigh his/her strengths and weaknesses, consider the overall value of heir contribution, and decide on that basis. These days, when football is king, what does that say about our values? That we are all specialists and we are all easily replaced. In fact, in a football model, the ideal is to churn and burn. While the game of baseball itself may in the past have neatly symbolized American individualism, ironically you wouldn't know it from the salaries paid to baseball players in those supposedly gloried old days. Before the days of free agency, players were paid far far less than they would have been paid in an open and free market. You'd think that if anybody would have understood the importance of providing proper compensation for individual performance in line with the spirit of the game of baseball, it would have been the baseball team owners themselves. But I digress... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71406t=71399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF with passive interface [7:71395]
Shibu Nair wrote: If the interface configured as passive under OSPF routing protocol, will there be any neighbor relationship establish on that interface ? No. Passive interface means it doesn't send Hellos, which it would need to do to establish a neighbor relationship. Priscilla (assume OSPF is on both router interfaces connected with a T1 circuit) Thank you Shibu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71405t=71395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial interface and pinging [7:71391]
Yes, it's true that when you ping your own serial interface, the ping actually crosses the serial link! You can also see evidence of it by enabling debugging on the other side. When I first saw this documented on a Cisco page, I submitted a documentation bug report. :-) I guess it's the only way you'll get a response? It seems awfully weird though... Priscilla p b wrote: Found this a bit unusual... have a feel for why it works this way, but figured I'd float this to the list for thoughts... Got two routers connected via a serial interface. R1 is assigned 192.168.2.1/30 on its serial R2 is assigned 192.168.2.2/30 on its serial On R1, do a debug ip icmp And then from R1, do a ping 192.168.2.1 (the IP on it's local serial interface). Interestingly we see the following: r2511#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/73/84 ms r2511# 01:35:35: ICMP: redirect rcvd from 192.168.2.2 -- for 192.168.2.1 use gw 192.168.2.1 01:35:35: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:35: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply sent, src 192.168.2.1, dst 192.168.2.1 01:35:36: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.2.1 Two items of interest: 1) The router, when pinging it's local IP, actually transmits the packets onto the interface with source and destination being the interface's local IP address. The packets aren't looped internally, as I would have expected, but are looped via the remote router. 2) Router R2 sends an ICMP redirect suggesting a more efficient way to reach 192.168.2.1. Interesting behavior Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71401t=71391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PortFast and routers [7:71253]
Curious wrote in message news:[EMAIL PROTECTED] Hello, I know that is a bad idea to configure a port with portfast when this port connect with other switch (loops can be created), but the question is: could I put a port connected to a router in portfast mode? A router is a layer 3 device not a layer 2, so I think this is not a risk, am I right? This way the port wakes up quickly, right? And the final question: If I configure a portfast port with a trunk an connect it to a router? My understanding of the reason for the existence of the portfast function in the first place had to do with startup times for protocols like IPX. I can recall in one production network I managed, where we ran IP and IPX, it was not uncommon for a machine to boot on the IP side but fail to boot on the IPX side - the IPX side timed out prior to establishing a connection with an IPX server. I could browse the internet, for example, but I was unable to log on to the Novell server. The solution was portfast on all the switchports to which servers and users connected. A router isn't going to care one way or another since it is not logging on to anything. So the answer is that it can't hurt. I'm curious - what is it you think will be gained? Thanks my friends. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71404t=71253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO ATA-186 [7:71407]
Hey there Can the CISCO ATA-186 connect to more than one IP-voice network? I am basically subscribing to telephone service through high-speed DSL with a company called Vonage. But I already have similar service from another company and would wish my ATA-186 to be logged on to both the networks. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71407t=71407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cosmic rays?? [7:71402]
The only thing close to your story is the comment from Robert and Barbara Thompson in _PC Hardware In A Nutshell, 2e_ where they comment that on a device used as a server or any other PC that needs a large RAM, they always use ECC memory (Error Checking and Correction) because (honest!) cosmic rays do strike. Quote: One common cause of flipped bit memory errors is, believe it or not, cosmic rays. The more memory you have installed, the more likely it is that a random cosmic ray will impact one of the memory cells in a chip on your system, causing the contents of that cell to flip from binary zero to a one or vice versa. We don't pretend to understand this issue, but we've been told by memory experts that for systems with 512MB of RAM, using ECC versus non-parity memory is about an even trade-off in terms of extra cost and lost performance versus the likelihood of memory errors. For systems with 768MB+, we use ECC memory exclusively. End quote (pp201-2). However ... that could also be a Real Convenient Excuse. Do you have any kind of other experience with the people who said this (like, are they naturally FUD-prone)? Annlee Juan Carlos Perez wrote in message news:[EMAIL PROTECTED] We have a Cisco VIP card plugged into a 7500 router. Every once in a while the card just stops working and sometimes it gets stuck so hard that we have to reload the microcode. The last we did that, the router crashed and had to be reset (Ugly!). Well, it gets worse. After having to convince the guys at the local Cisco office to help us in this issue, they came to our facilities and began their analysis. To make a long story short, they told us that these problems were caused by cosmic rays! We almost fainted! Cosmic rays! Has anybody around here ever heard of this problem in this combo? Let me tell you this router is not installed in a spaceship or something like that, it4s just an ordinary datacenter. Any ideas about what the real problem might be? P. S. The router is using a recent version of IOS (newer than 12.1) and has been patched as per the Cisco site. Thanks a lot for any advice on this issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71409t=71402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how about ccie salary in US? [7:71143]
n rf wrote: Therefore when people say there are no jobs, they don't mean that there are literally no jobs, they mean that the overall quality of the jobs has declined dramatically (something which I doubt anybody will seriously dispute) such that other options look mighty attractive by comparison. People will therefore leave this field not because there are literally no jobs, but because other fields other decidedly better opportunities. Well... 4 years ago I was making about 13K a year doing Cisco, Microsoft and Unix for Uncle Sam. I say if the people are willing to leave the Networking field due to job dissatisfaction, all the better for me. That sounds great for my future, but I really don't believe it will happen in significant enough a number to be a silver lining in my bank account. Leaving networking for Real Estate. ok.. switching back to Unix and still making great money. Good Lord. What a great life it is to be able to do that. My frame of reference must just be so dramatically different from a lot of the other's here. I don't understand what all the griping is about. I read a quote in an article the other day that just rings totally true to me. Nobody is worth $200,000 a year. NOBODY. If you can get it, more power to you. But if you were getting that or $100,000 a year and suddenly you can't and the only thing you can get is a 70K or 80 K job... Even in another area.. That's astounding to me that you would be so upset . But maybe it's why you made that kind of money and I never have. You believe you can and I'm smiling all the way to the bank with less. I guess the picture all depends on the angle you are viewing it from. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71408t=71143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]