For Sale
Hi, A friend of mine has won a bid on Ebay for 2503 2502 2504 2521 Price is $2125US, from IQSales. He want's to pass this on to someone else, email me if your interested. Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 5000 for home
Hi, I would like to ask what's the minimum modules I need for a Cat5000 for a home lab? I'm considering a SupI(ws-x5009) and a ws-x5010 (24pt 10meg telco ports) or ws-x5012 (48pt 10meg telco ports). Is this sufficient for a CCIE lab, the SupI has a 100Meg uplink surely this is enough to to ISL trunking, routing, etc, etc? Or should I go for a ws-x5213a (12pt 100Meg). This module is much more expensive than the other because of the onboard RJ45 and being 100Meg. Thank you for you advice. Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
O/T Lab Routers Sale in Australia (Please Excuse)
Hi, I have 2x2610 in new condition for sale, also 2xNM-4B-S/T (4port BRI network module). I'm in Sydney, email me if you're interested. Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
O/T Lab Routers Sale in Australia (Please Excuse)
Hi, I have 2x2610 in new condition for sale, also 2xNM-4B-S/T (4port BRI network module). I'm in Sydney, email me if you're interested. Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference between WS-X5213A and WS-X5203
Hi, I would like to know what the difference is between the two Catalyst 5000 modules WS-X5213A and WS-X5203? I've looked up Cisco, and they are both 12 port 10/100Mbps modules. The WS-X5203 supports FastEtherchannel, from my knowledge this provides redundant links within the switch. Allowing for better fault tolerance. I'm considering one or the other for a home lab, is it worthwhile getting the WS-X5203 over the WS-X5213A, or is the costs not worth it? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT or ACL??
Hi David, My opinion is that NAT's main purpose is not really for security, but for multiplexing multiple host behind one IP address. The security of NAT is from external hosts not being able to access hosts behind the NAT, because the external host only see only one host (the NAT). NAT is a good solution for smaller networks, but when the number of hosts behind the NAT start increasing, the NAT will start to become more of a bottleneck. I believe the bottleneck is from the CRC checksum recalculations when the IP packets have to be modified, and this CRC checksum may be computationally expensive. >From my knowledge, NAT will not let any external hosts access behind the NAT unless the internal hosts intialised the communication. I also heard that you could manually add an entry to the NAT, so that external hosts can access internal hosts, without the internal hosts making first contact. ACL is designed to secure routers, and have a richer feature set than NAT. It allows different policies and a mixture of them. It allows you to permit/deny specified hosts/networks with various conditions. ACL also doesn't modify the IP packets like NAT does, so it should be much faster. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Richard Sent: Monday, 29 January 2001 21:58 To: [EMAIL PROTECTED] Subject: NAT or ACL?? Hi All, Any body knows whats the best way to protect Internal network from Internet ?? I found many different answers out of them,Finallyy I have to choose b/w two.. NAT or Acces-Lists?? ANyh help would be appreciated. DR. Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone know where I can get a used Catalyst 5000 in Australia
Hi, I'm having a hard time at the moment sourcing a used Catalyst 5000 chasis in my little country called Australia. Are they all hiding from me, or am I just not looking in the right places? =) I see them all the time on Ebay, but the heavy thing costs a fortune to ship back to my little island. If anyone can help with this, please email me. Sometimes I wished I lived in the US =). Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial Line Protocol Problems
Hi All, I've got a problem with the serial port of a 2500 of mine. I used a serial back to back cable, in order to connect 2 2500s. I know what a normal response the 2500 should give, it should normally detect that the interface is up (I've used no shutdown already), and then set the line protocol to up. For one of the serial port, the interface and the line protocol changes to up when I connect the two routers together. But after awhile, this is what I get: 01:30:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 01:31:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 01:31:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 01:31:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 01:31:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 01:32:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 01:32:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 01:32:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down It keeps continuing. From what I can see, the line protocol keeps going up and down periodically, however the interface is still up. This is what I've tried: - Different cables. - Different serial ports - Changing clock rate and bandwidth - Rebooting the router Could someone give me some suggestions? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AUX port suitable replacement for ISDN Sim?
Hi all, I've been doing some research on ISDN sims. Reading past Groupstudy posts, I stumbled on a couple that suggested to use the AUX port for DDR, instead of using the BRI port for ISDN DDR. Is that enough for the CCIE, since the ISDN sim is a very expensive piece of equipment? Could I get away without it? (assuming I don't have real ISDN in the first place) Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN
Hi, Does anyone have experience with Teleos/Madge AccessSwitch 20? I believe one of the module has a T1 and 4 port BRI, could I use this in a CCIE lab for ISDN? I'm thinking that the T1 is a serial port which I could hook up to a cisco router, and the BRI ports I could use. Thank you for any feedback Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2600 router - critical situation
Did you get the initial bootup message? It could be the control break signal is not going through because of your terminal program. Try using Teraterm. If you are not getting the bootup message, is the power supply running ok? Have you tried replacing the power supply? If you don't see any of the LEDs come up, then it could be a power supply problem. Could it be that the memory modules are loose? What happened to the router since the last time you saw it work? Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Srihari Babu > Sent: Wednesday, 7 February 2001 21:34 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: 2600 router - critical situation > > > hi friends! > thanks for u r reply. > but i tried to reboot the router even the break signal > is not coming. > we applied both cammands "break and control breake" > but these commend are also not taking. > even the old version of the router also not getting. > what to do? > reply soon > bye and thanks in advance. > Ravee.b > > --- Kevin Wigle <[EMAIL PROTECTED]> wrote: > > you say that the tftp was successful but the router > > doesn't boot. > > > > can you be more specific?? > > > > what do you see on the console when you power cycle > > the router? > > > > Kevin Wigle > > > > - Original Message - > > From: "Ravi Kumar" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, 06 February, 2001 23:00 > > Subject: 2600 router - critical situation > > > > > > > hi friends > > > > > > I am in deep trouble > > > > > > yesterday i downloaded 12.0 IOS into my 2610 > > router from my TFTP server. > > > downloading was successful. in fact i deleted old > > version while upgrading. > > > after that my router is not booting at all. > > > > > > what to do? > > > > > > please help me. > > > > > > bye > > > ravee > > > > > > > > > > > > > > > Get free email and a permanent address at > > http://www.netaddress.com/?N=1 > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Yahoo! Auctions - Buy the things you want at great prices. > http://auctions.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2511 Problems
Hi All, I've got a 2511 that I have had problems with, and I have managed to fix it. The unit was having booting problems, and after hours on the phone with TAC they concluded that there was hardware problems with the unit. The 2511 has two SCSI ports, one for ASYNC ports 1-8 another for ASYNC ports 9-16. The ASYNC ports 9-16 is a daughterboard that sits on top of the motherboard. I decided to pull this daughterboard out, and it worked... woohoo!! =) Now it is detected as a 2509, which it should be because it now has only 8 ASYNC ports. So now I'm scratching my head, wondering where I could get another daughterboard for this 2511. It is not under warranty or service contract. The boot rom on this unit is dead, so I also have to get new boot rom for it. I've been told that Cisco gives them for free providing I pay for shipping, but nobody seems to know over there at Cisco. I wonder if anyone could give me some suggestions Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
show ver message
Hi All, I would like to know what this 'show version' output means? Particularly the '4096K/2048K' part. Does it mean I have 4Dram or 6Dram? Some 2500s report it differently. cisco 2500 (68030) processor (revision B) with 4096K/2048K bytes of memory. Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference between ws-x5213 and ws-x5213a?
Hi All, Does anyone know the difference between the above two catalyst modules? I know ws-x5213 is an end of life product, and I think the ws-x5213a is going to be end of life in a few weeks as well. Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF lsa type 1 & 2 question
The LSA Type 1 (Router) is generated and flooded by each router within the area. This will include the DR, since LSA Type 2 is the one generated by DR specifically. So the answer to your question is yes, because DR are like any router which should flood LSA Type 1 to all segments within the area. Correct me if I'm wrong =) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Blazer > Sent: Wednesday, 21 February 2001 22:14 > To: [EMAIL PROTECTED] > Subject: OSPF lsa type 1 & 2 question > > > Hello all, > > I am wondering if some could help clear up a query in regards to router=20 > & network lsa's (Type 1&2). > > Does the DR flood the router lsa type out to other segments in an area? > > Thanks in advance.. > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simulation for CCNP/CCIE
Yes there is. I've got a simulator that simulates as many routers, switches as you like. It lets you do everything that you can do on real equipment at a fraction of the cost. This is all you need to pass the CCIE!! Paypal me $100US and I will send you a copy. The first 10 people will get a free toaster simulator. YES!! you can pretend to make toast. ps. I also have a simulator guaranteed to help you become a doctor. Why practise on real people when you can do it using this simulator. It costs $200US, since human bodies are slightly more complicated than Cisco routers. ORDER NOW!! > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Thomas > Sent: Friday, 23 February 2001 18:10 > To: [EMAIL PROTECTED] > Subject: Simulation for CCNP/CCIE > > > Hi All - Is there any good lab simulation software for CCNP/CCIE > around (not > CCNA one, since it does not have enough commands)? Where can I get it? > Thanks in advance! > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IBM ATM Switches
Hi, Does anyone know about the IBM ATM switches. Specifically the 8285 ATM switches, I believe are the lower end ATM switches. Is this sufficient for an ATM switch for a home lab? I'm not too familiar with ATM product range. I believe there is an ATM module for the Catalyst 5000, so does that make it an ATM switch? What about the Cisco LightStream products, are they no a switch as well? Is setting up ATM in a home lab a matter of getting the right module for the router, and hooking it up to the switch? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Making a 2513 with 2501+2502
Hi, Is it possible to make a 2513 with 2501 and a 2502 router? I know 2 2501 can be put together to make a frame relay switch using tunnelling, using the ethernet interface to tunnel. What about using the serial interface in each of the 2501 and 2502 to tunnel, allowing it to be a router with a ethernet and token ring interface? If this is possible, then are there any limitation with this method. Can it still do RSRB and SR/TLB like the 2513? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
E1 and S/T ISDN interfaces in Australia
Hi All, I'm trying to test an ISDN S/T interface on a 3620. At the moment, I have an E1 link with 2 channels being used. And I was wondering if it is possible to test the S/T interfaces on the 3620 with the E1 link? Will I fry the circuit on the S/T port? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet to a Router
Hi Mark, Could it be that the router doesn't know where to send packets it is trying to reply to? Try adding a static route to your gateway, so packets coming in will know where to go (your gateway) once it arrives. ip route 0.0.0.0 0.0.0.0 e0 That is one way of doing it. Please make suggestions if there is better way. Of course you could use a routing protocol, but thats abit complicated when all you want to do is telnet in. Regards, Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Mark Rose > Sent: Tuesday, 6 March 2001 4:28 > To: Cisco@Groupstudy. Com (E-mail) > Subject: Telnet to a Router > > > > I am trying to telnet to a 2514 router from work. I have a Linksys BEFSR41 > ethernet/dsl router on my incoming cable line. I have enabled port > forwarding for telnet (port 23) on this router. I have also set up vty on > the 2514. When I try to telnet to the wan interface of the > Linksys forwarded > to the ethernet interface on the 2514 I get the message "Could not open a > connection to host: Connection failed". But if I remote access an > NT server > inside my home net (on internal address space), from there I can > telnet (on > the private address space) to the same ethernet interface and connect. > > Since I can remote access my NT box, port forwarding on the Linksys router > is working. Also the 2514 should be set properly since I can > telnet in from > within my lan. I must be overlooking something but I cannot figure it out. > > I would appreciate any ideas or assistance. > > TIA > Mark > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Config Problems
Hi Everyone, I'm currently configuring a 3600 for ISDN connectivity using a BRI w/ S/T port. It is currently connected to the NT1 and everything ready to go, except for the username and password. The situation with the username and password is that, it is currently being used on another access server to connect to the ISP. So in theory, if I were to try and connect with the 3600 the ISP would probably won't let me connect since I am already connected using the same username/password. I would like to test out my configuration, without having to disconnect the ISDN connection on the other box. Is it possible to test out that everything is working on the 3600, eventhough I cannot connect to the ISP? I'm currently using 'show isdn history' to see if any calls have been made based on various traffic I try to send out. At the moment, I don't see any attempts to connect and I'm not sure whether it's my configuration or just the ISP refusing my connection. Thanks in advance. Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Help me with this lab --- Im stuck
A suggestion is to a 'trace' and see the results. It would show who is dropping the packet. Could you send a 'trace' result to the list? Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > MJL > Sent: Saturday, 17 March 2001 9:33 > To: [EMAIL PROTECTED] > Subject: Please Help me with this lab --- Im stuck > > > Hi gang... > > > > I have a problem that is driving me nutz. Take a look at my configs and > > see > > if you can figure it out. > > > > Diagram: > > > > > > |___| ethernet LAN > > | > > R1 --serial--R2 > > > > > > > > Problem: I can't ping anything on the LAN from R2 > > > > > > > > R1#sh run > > Building configuration... > > > > Current configuration: > > ! > > version 11.2 > > no service password-encryption > > no service udp-small-servers > > no service tcp-small-servers > > ! > > hostname R1 > > ! > > ! > > ! > > interface Ethernet0 > > ip address 10.1.5.1 255.255.0.0 > > ! > > interface Serial0 > > ip address 10.128.1.1 255.128.0.0 > > bandwidth 56 > > clockrate 56000 > > ! > > interface Serial1 > > no ip address > > shutdown > > ! > > router ospf 200 > > network 10.1.0.0 0.0.255.255 area 0 > > network 10.128.0.0 0.0.255.255 area 0 > > ! > > ip classless > > ! > > ! > > line con 0 > > logging synchronous > > line aux 0 > > line vty 0 4 > > login > > ! > > end > > > > > > > > R1 Routing Table: > > > > R1#sh ip route > > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 > > E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP > > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate > > default > > U - per-user static route, o - ODR > > > > Gateway of last resort is not set > > > > 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks > > C 10.1.0.0/16 is directly connected, Ethernet0 > > C 10.128.0.0/9 is directly connected, Serial0 > > 172.16.0.0/32 is subnetted, 1 subnets > > O 172.16.25.1 [110/1786] via 10.128.1.2, 00:04:20, Serial0 > > > > > > > -- > > -- > > - > > > > Router #2 > > > > R2#sh > > %SYS-5-CONFIG_I: Configured from console by console run > > Building configuration... > > > > Current configuration: > > ! > > version 11.2 > > no service password-encryption > > no service udp-small-servers > > no service tcp-small-servers > > ! > > hostname R2 > > ! > > enable password ccna > > ! > > ! > > interface Loopback0 > > ip address 172.16.25.1 255.255.0.0 > > ! > > interface Ethernet0 > > no ip address > > shutdown > > ! > > interface Serial0 > > ip address 10.128.1.2 255.128.0.0 > > ! > > interface Serial1 > > no ip address > > shutdown > > ! > > router ospf 200 > > network 10.128.0.0 0.0.255.255 area 0 > > network 172.16.0.0 0.0.255.255 area 0 > > ! > > ip classless > > ! > > ! > > line con 0 > > line aux 0 > > line vty 0 4 > > password cisco > > login > > ! > > end > > > > > > R2 Routing Table: > > > > > > R2#sh ip route > > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 > > E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP > > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate > > default > > U - per-user static route, o - ODR > > > > Gateway of last resort is not set > > > > 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks > > O 10.1.0.0/16 [110/74] via 10.128.1.1, 00:06:04, Serial0 > > C 10.128.0.0/9 is directly connected, Serial0 > > C 172.16.0.0/16 is directly connected, Loopback0 > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 2600/3600 network module handle question
Hi All, I'm sure most of you are familiar with the network modules for 2600 and 3600. I've seen some of them with handles, and some without handles. Why is there a difference? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: All positions are valid - Cisco Certs Becoming Paper CCXX
Let me ask a question relating to this topic. I'm only looking for opinions, not voicing one, so please hold back the flames =) What would a person be worth (dollar terms) if they have 1 year working in an entry/1st level NOC monitoring position, and they have attained their CCIE? Will they have shown enough to move into a 3rd level position, or will they just be a highly decorated 1st level support guy? >From the job ads I see, it seems like experience of 3-5+ years is the requirement. The recruitment agencies will weed out people using this as one of their first criteria, and use CCIE as a desirable requirement. So what does that mean? Does that mean the person with the CCIE and 1 year experience would have to sit tight, and wait a couple more years? Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > EA LOUIE > Sent: Wednesday, 21 March 2001 7:20 > To: Allen May; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: All positions are valid - Cisco Certs Becoming Paper CCXX > > > No way, Allen... you already cashed it in about 15 messages ago > on this thread > - no fair cashing in twice ;-) > > and I actually think this has been a healthy thread. There seem > to be these > camps, from what I've read: > > 1. Certs add value regardless of a person's experience in > industry - it's a > willingness to learn. > 2. Experience adds value and meaning to the Certs - it's an > enhancement to > your experience and something that is in written recognizable form. > 3. Certs get your foot into the otherwise closed, air-tight door > - it's an > indication that the person is trained and knowledgeable to some > extent on the > techonology, and therefore less risky to hire than a > non-certified (possibly > experienced) person > > Thank goodness no one has presented the argument that Certs are a > bad thing > ;-) > > All of the positions have validity. The original poster was > concerned about > VALUE DILUTION of the certs with all the folks who were "jumping on the > bandwagon" versus those of us who have been in the job and are > uncertified and > working on our certs. This raised the issue of "what's more important or > holds more value... the Cert or experience?" And that's been > tossed around > alot in the past 20 or so messages. Value, fortunately, lies in > the eyes of > the hiring manager, so if you can convince HIM one way or > another, whichever > way you want to sway it, more power to you! > > (now I'm feeling like having a breath mint... hmmm.. what's up with that? > "It's two, two, two mints in one") > > LOL... I should be so jolly after a one-hour rolling blackout at > my office! > > -e- > > "Allen May" <[EMAIL PROTECTED]> wrote: > > I'm still ready to stop this thread and cash in on all the 2 > cents thrown > > in. > > ;) > > > > Allen > > - Original Message - > > From: "Robert Padjen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Tuesday, March 20, 2001 10:55 AM > > Subject: RE: Cisco Certs Becoming Paper CCXX > > > > > > > I believe that there are two distinctions that should > > > be made - and that you may disagree with. At least for > > > the bachelors degree, the experience is just that - > > > well beyond the actual academics. In addition, the > > > focus of the GE portion of the program is to diversify > > > - humanities, science, language, amongst others. This > > > is one of the limitations to the Cisco (and other) > > > certifications as the certifications present a myopic > > > view. > > > > > > The second distinction is that I would contend neither > > > represents more than the sum of its components, and > > > that value is perceived. For example, if I graduated > > > Stanford with a 2.1 GPA, as opposed to San Diego State > > > with a 4.0, which school would be a better hire? Few > > > resumes I see have the GPA, and, regardless, a lot of > > > folks use the name... > > > > > > > > > --- [EMAIL PROTECTED] wrote: > > > > This issue is turning thisgs upside down from point > > > > of view. > > > > > > > > I would like to tell you my opinion. If CCNA, NP, > > > > DA, DP and IE written > > > > are not worth then your Bachelors and Graduate > > > > studies worth the same. Just > > > > papers. > > > > > > > > I learn to configure a cisco router before knowing > > > > all the cisco stuff. > > > > I have a CCDA, CCNP and going for the complete set > > > > CCDA, CCNP and CCIE complete. > > > > > > > > I knew frame relay,atm, sna, dlsw, sdlc, ppp, ipx, > > > > switching, etc before > > > > taking any cisco course. I took all cisco traning > > > > path version 11.2 and > > > > just recently obtain my degrees and working for the > > > > big one. > > > > > > > > What will be your opinion Do I know something or I > > > > am just papers? > > > > > > > > You sould be carefull on your opinion about this > > > > things, all the knowledge > > > > since a long time ago has b
RE: All positions are valid - Cisco Certs Becoming Paper CCXX
He probably wouldn't even make the interview room, because recruiters would have screened him out long ago. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Lim Jit Cherng > Sent: Wednesday, 21 March 2001 8:40 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: All positions are valid - Cisco Certs Becoming Paper CCXX > > > i guess it'll really depends how you present yourself in the CV, > and during > the interview. . experience is good. but consider, if a young > chap with only > 1 years experience but he can show the interviewer he have the required > knowledge and show he works with passion, do you think he'll get the job? > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Albert Lu > Sent: Wednesday, March 21, 2001 4:44 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; EA LOUIE; Allen May > Subject: RE: All positions are valid - Cisco Certs Becoming Paper CCXX > > > Let me ask a question relating to this topic. I'm only looking > for opinions, > not voicing one, so please hold back the flames =) > > What would a person be worth (dollar terms) if they have 1 year working in > an entry/1st level NOC monitoring position, and they have attained their > CCIE? Will they have shown enough to move into a 3rd level > position, or will > they just be a highly decorated 1st level support guy? > > >From the job ads I see, it seems like experience of 3-5+ years is the > requirement. The recruitment agencies will weed out people using > this as one > of their first criteria, and use CCIE as a desirable requirement. > > So what does that mean? Does that mean the person with the CCIE and 1 year > experience would have to sit tight, and wait a couple more years? > > Albert > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > EA LOUIE > > Sent: Wednesday, 21 March 2001 7:20 > > To: Allen May; [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: Re: All positions are valid - Cisco Certs Becoming Paper CCXX > > > > > > No way, Allen... you already cashed it in about 15 messages ago > > on this thread > > - no fair cashing in twice ;-) > > > > and I actually think this has been a healthy thread. There seem > > to be these > > camps, from what I've read: > > > > 1. Certs add value regardless of a person's experience in > > industry - it's a > > willingness to learn. > > 2. Experience adds value and meaning to the Certs - it's an > > enhancement to > > your experience and something that is in written recognizable form. > > 3. Certs get your foot into the otherwise closed, air-tight door > > - it's an > > indication that the person is trained and knowledgeable to some > > extent on the > > techonology, and therefore less risky to hire than a > > non-certified (possibly > > experienced) person > > > > Thank goodness no one has presented the argument that Certs are a > > bad thing > > ;-) > > > > All of the positions have validity. The original poster was > > concerned about > > VALUE DILUTION of the certs with all the folks who were "jumping on the > > bandwagon" versus those of us who have been in the job and are > > uncertified and > > working on our certs. This raised the issue of "what's more > important or > > holds more value... the Cert or experience?" And that's been > > tossed around > > alot in the past 20 or so messages. Value, fortunately, lies in > > the eyes of > > the hiring manager, so if you can convince HIM one way or > > another, whichever > > way you want to sway it, more power to you! > > > > (now I'm feeling like having a breath mint... hmmm.. what's up > with that? > > "It's two, two, two mints in one") > > > > LOL... I should be so jolly after a one-hour rolling blackout at > > my office! > > > > -e- > > > > "Allen May" <[EMAIL PROTECTED]> wrote: > > > I'm still ready to stop this thread and cash in on all the 2 > > cents thrown > > > in. > > > ;) > > > > > > Allen > > > - Original Message - > > > From: "Robert Padjen" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Tuesday, March 20, 2001 10:55 AM > > &g
AGS to 2500 serial cable
Does anyone know where I can get cheap serial cables for AGS to 2500 (preferably in Australia)? I need to get 8. Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2500 power supply
Hi all, I'm about to purchase some 2500s from the US, to use in Australia. Are there any power conversion issues, as US uses a 120V, and we use 240V over here. I've taken a look at Cisco's website, and the papers there say that it will auto-detect the voltage, or something like that. Just wondering if anyone has any experience in this matter, as I wouldn't want to zap it when I plug it in =) Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab
This is the list of equipment I'm looking to purchase, I've been doing almost 4 weeks of research on this, and came up with this list. 2x2513 2x2503 2509 or 2511 2520 1x2901 Catalyst Switch Emutel Lite ISDN Simulator. Serial Cables 2 Token Ring hubs Ethernet transceivers All routers running IOS12 Enterprise so you need 16Flash/16Dram, less if your clever. Other things such as ATM and VoIP I intend to do using remote labs. Everyone else, please give me some feed back on this. -- > From: Tariq Bin Azad <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: CCIE Lab > Date: Thursday, January 04, 2001 9:51 PM > > Hello Everybody. > > I am just curious that which equipment I may need to build CCIE lab at my > home. Somebody told me that I have to buy > ISDN Simulators, Switches and different series of routers.. I will > appreciate if anybody can send me list of all equipments / simulators / > routers / switches with their series nos to build this home lab ... > > Thanks > > Tariq Bin Azad > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab
Hi, How many more 2500s do you recommend, which one specifically, and how would it help with lab scenarios? I'm already looking at 6 routers. What do you mean by VoX? Voice over IP? -- > From: John Hardman <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: CCIE Lab > Date: Friday, January 05, 2001 1:43 AM > > Hi > > Add some more 2500 or some 1700 for more serial interface and VoX. > > Kill the ISDN simulator, it is much cheaper (in most areas) to simply order > a ISDN BRI line and use a NT1 to split the B channels between the routers. > > $0.02 > -- > John Hardman CCNP MCSE+I > > > ""Albert Lu"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > This is the list of equipment I'm looking to purchase, I've been doing > > almost 4 weeks of research on this, and came up with this list. > > > > 2x2513 > > 2x2503 > > 2509 or 2511 > > 2520 > > 1x2901 Catalyst Switch > > Emutel Lite ISDN Simulator. > > Serial Cables > > 2 Token Ring hubs > > Ethernet transceivers > > All routers running IOS12 Enterprise so you need 16Flash/16Dram, less if > > your clever. > > > > Other things such as ATM and VoIP I intend to do using remote labs. > > > > Everyone else, please give me some feed back on this. > > > > -- > > > From: Tariq Bin Azad <[EMAIL PROTECTED]> > > > To: [EMAIL PROTECTED] > > > Subject: CCIE Lab > > > Date: Thursday, January 04, 2001 9:51 PM > > > > > > Hello Everybody. > > > > > > I am just curious that which equipment I may need to build CCIE lab at > > my > > > home. Somebody told me that I have to buy > > > ISDN Simulators, Switches and different series of routers.. I > > will > > > appreciate if anybody can send me list of all equipments / simulators / > > > routers / switches with their series nos to build this home lab .. > > > > > > Thanks > > > > > > Tariq Bin Azad > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab
Your list sounds fine, of course the less routers you have means some scenarios will not be able to be done. Go to www.ccprep.com, look in the articles/white papers section, there's a good guide on 3/4/5/6 router labs. My view is that, less routers means that you have to do the more complex scenarios somewhere else (remote lab, work), For me, a couple of extra routers which I can sell and get most of my money back, and can play with 24x7 is worthwile paying for than to pay for the remote lab time for them. In the case of more expensive equipment (eg. ATM), theres just no way I can fit that into my budget, so I will use remote lab time for that. Just some more food for thought =) BTW. Anyone had experience with running IOS12 Enterprise compressed on 16Dram/8Flash? -- > From: Daniel Young <[EMAIL PROTECTED]> > To: Studygroup (E-mail) <[EMAIL PROTECTED]> > Subject: RE: CCIE Lab > Date: Friday, January 05, 2001 7:52 AM > > Albert, > > I came up with a similar list after about 1 week. A smaller lab for those of > us on budget. > > 2509 or 2511 > 2513 > 2503 or 2524 > 2521 or 2523 > > Alternatively, the last two routers can be: > 2504 or 2525 > 2520 or 2522 > > Routers running 4MB RAM / 8 MB Flash for IOS 12.0.9. I got this info from > the URL below: > http://store.yahoo.com/kg2nd/router-cisco-2509.html > (Please let me know if you actually need 16/16MB for the Enterprise version) > > Token Ring MAUs > V.35 DTE/DCE Crossover (Back-to-back) Cables > Ethernet transceivers > Token Ring Card for the Workstation > ISDN Simulator or Patch cables (?) > > Some feedback would be appreciated. > > Daniel C. Young > CCNP+Security, CCDP, CCSE, MCSE+I > > netHESIVE, Inc. > Senior Network Engineer > [EMAIL PROTECTED] > 310-782-1010 > > -Original Message- > From: Albert Lu [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 04, 2001 3:45 AM > To: Tariq Bin Azad > Cc: [EMAIL PROTECTED] > Subject: Re: CCIE Lab > > > This is the list of equipment I'm looking to purchase, I've been doing > almost 4 weeks of research on this, and came up with this list. > > 2x2513 > 2x2503 > 2509 or 2511 > 2520 > 1x2901 Catalyst Switch > Emutel Lite ISDN Simulator. > Serial Cables > 2 Token Ring hubs > Ethernet transceivers > All routers running IOS12 Enterprise so you need 16Flash/16Dram, less if > your clever. > > Other things such as ATM and VoIP I intend to do using remote labs. > > Everyone else, please give me some feed back on this. > > -- > > From: Tariq Bin Azad <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: CCIE Lab > > Date: Thursday, January 04, 2001 9:51 PM > > > > Hello Everybody. > > > > I am just curious that which equipment I may need to build CCIE lab at > my > > home. Somebody told me that I have to buy > > ISDN Simulators, Switches and different series of routers.. I > will > > appreciate if anybody can send me list of all equipments / simulators / > > routers / switches with their series nos to build this home lab ... > > > > Thanks > > > > Tariq Bin Azad > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CCNP Preparation Library, Second Edition (Opinions??)
What are all the CCNP and CCNP in-the-making's opinion on the Cisco CCNP Preparation Library, Second Edition for studying for their CCNP? How does it compare to other ones? Are there any other books on top of the library that is recommended to read on top of them for further info? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disappointed with ccnp!!
I can appreciate what the senior Microsoft Architect is saying, I'm 22 and this is the kind of impression alot of older guys are giving me. They don't say it, but you know it's there. I believe these people feel threaten by younger people coming up the ranks, who have been exposed to computers since they were kids. These old guys probably started their computing career from another field, and switched careers because of the money. We kids were always into computers because we loved it, and weren't concerned with monetary rewards. -- > From: Croyle, James <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: RE: Disappointed with ccnp!! > Date: Wednesday, January 10, 2001 12:30 AM > > Don't be disappointed with your CCNP, that's for sure... Just don't > consider it the end all to getting that job. I started with my company in > June 1999 with an MSCE and CCNA, neither of which I attained with work > experience, one with school, the other self study. I got a job setting up > small LANs for scanning projects, and then doing the scanning along with the > others! Then, moved UP to the help desk!!! Didn't even start there, is > what I am getting at. Got promoted in 2 months to help desk supervisor by > doing a good job (I think), then moved to engineering team in 6 months to > help design our new Cisco network because there were only 2 other CCNAs > around to do it. In June of 2000 I attained my CCNP, with some work > experience on the equipment and our test lab at work. Now I would consider > myself a valuable member of our Network Infrastructure team, but it didn't > happen overnight, and even though I wanted it to happen, I really didn't > expect it to at this company based on where I started. > > One more thought. There are those, including a very senior Microsoft > Architect here, who still say I don't have enough experience to go after my > CCIE, that it would not benefit myself, or the company because even if I > attained it, I would not have enough years of experience to back that cert. > Well to him, I said, I am not going to sit around 10 years until I have your > experience, I am going to study everyday, and get involved with every > network problem and design issue I can to gain experience faster in > troubleshooting methods, and seeing various levels of problems. To that he > just shook his head and said with a smile... Kids nowdays.. ;-) By the > way, I am 32. Not really a kid anymore. hehehehe > > HTH > > Jim > > > > -Original Message- > From: chris fong [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 08, 2001 11:16 PM > To: [EMAIL PROTECTED] > Subject: Re: Disappointed with ccnp!! > > > I don't know you personally, but I have some > suggestions for you to think about. Don't let that > certification go to your head. If you give the > impression to an employer that you deserve to have a > job because of your CCNP, you will not get hired. > Don't think that you are better than others because of > your CCNP. Also, your personality and attitude that > you show during interviews is critical in landing that > first job. Show that you can be a team player and can > work well and get along with almost anyone. And > lastly, consider other entry level positions, such as > help desk, because you don't have any actual work > experience. Employers don't really consider "lab" as > work experience. Hope this helps. > > Good luck, > > > --- park jeongwoo <[EMAIL PROTECTED]> wrote: > > Hi group members. > > I need your help. > > I am having a hard time on finding a job. > > I recently got ccnp certification and looking for > > the > > entry level of job for network engineer. > > I am living in San Francisco, and graduated from > > college less than a year ago. > > I have less than a year of network experience that I > > got from school computer lab. > > I had a harder time finding a job before I became > > ccnp. So I studied hard believing that ccnp would > > get > > me somewhere at least as a entry level network > > engineer. Now I am kind of confused and disappointed > > with the fact that I am still having a hard time > > finding a job even with ccnp certification. > > I feel like I need more cisco certifications such as > > ccda, ccdp. > > Would these certification ever help me find job? > > It is really discouraging that cisco certification > > doesn't help me much find a job at this point, > > because > > I am also pursuing ccie too. I have to ask myself > > what > > is the point of getting cisco certification. > > Lots of CCNAs are having a job. Why not ccnp? > > > > Could somebody tell me why it goes like this, and > > what > > I should do? > > Am I looking for wrong job? > > > > I will appreiciate your input. > > > > jeongwoo > > > > __ > > Do You Yahoo!? > > Yahoo! Photos - Share your holiday photos online! > > http://photos.yahoo.com/ > > > > _ > > FAQ, list arc
Re: CCNP 2.0 completed and is a joke!!!
I depends what your ultimate goal is, whether it is the CCNP or CCIE. I see CCNP as a stepping stone towards CCIE. If you got your CCNP without any prior Cisco experience, in my opinion there's going to be more work involved for your CCIE. -- > From: Ashfaq Aslam <[EMAIL PROTECTED]> > To: Cisco Group Study <[EMAIL PROTECTED]> > Subject: CCNP 2.0 completed and is a joke!!! > Date: Saturday, January 13, 2001 3:55 PM > > Hi there, > > I completed my CCNP 2.0 on 3rd Jan. 2001 (scores between 82-89%) within a > space of 6 weeks. > > I feel the high standard from CCNP 1.0 to CCNP 2.0 exams has dropped > considerably. I failed my ACRC exam back in August and was forced to > abandon it due to the expiry date. ACRC was a good standard exam. That was > the true level of testing! The passing score for the old CCNP 1.0 exams was > 79%, whilst now (for CCNP 2.0) it's a sheepishly low 69%. > > I managed to pass the new BSCN and CIT exams in under three weeks without > ANY prior Cisco experience. I feel the passing score should be increased to > 79% instead if 69%, otherwise CCNP 2.0 will end up flooding the market and > decreasing it's value like Microsoft exams. > > I don't feel Cisco should be dropping their standards in Professional > Certifications. > > Just my thoughts...What do you guys reckon? > > Regards. > Ashfaq > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What is a Cisco 3801?
Hi all, I've been doing some research on the 3801, I don't think Cisco even knows it has it. I just wanted to know what sort of router it is, and what it is capable of. Is it worth getting for a home lab? Regards, Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2511 Boot up message
Hi All, I've got a 2511 that is booting up this strange message. It keeps repeating the System Bootstrap message, and I have to Control-break it to show you the register value. Does anyone have any ideas? Is it just a config problem, or is there hardware problems? Thanks in advance. Albert Here is the output: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address: 0x21003EE at 0x111756E (PC) System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address: 0x21003EE at 0x111756E (PC) System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 2048 Kbytes of main memory Abort at 0x10E1DB6 (PC) >o Configuration register = 0x2102 at last boot Bit#Configuration register option settings: 15 Diagnostic mode disabled 14 IP broadcasts do not have network numbers 13 Boot default ROM software if network boot fails 12-11 Console speed is 9600 baud 10 IP broadcasts with ones 08 Break disabled 07 OEM disabled 06 Ignore configuration disabled 03-00 Boot file is cisco2-2500 (or 'boot system' command) > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2500 xmodem flash transfer
Hi, Could anyone point me to some info on transfering IOS images to/from a 2500? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 xmodem flash transfer
Is there no way to up/download IOS images in 2500 without transceivers? I'm trying to up/download images and have had no luck playing with the xmodem. I've got a 2600, and that has the xmodem command. -- > From: Circusnuts <[EMAIL PROTECTED]> > To: william yuwono <[EMAIL PROTECTED]>; Albert Lu <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: 2500 xmodem flash transfer > Date: Thursday, January 18, 2001 5:55 PM > > Are you sure this will work ??? I know the 2500 & the 4000's ROM's do not > allow for this... > > Phil > - Original Message - > From: "william yuwono" <[EMAIL PROTECTED]> > To: "Albert Lu" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, January 18, 2001 9:57 PM > Subject: Re: 2500 xmodem flash transfer > > > > If you a using xmodem command, you can follow the step like below: > > > > 1. Change console speed of router to the highest speed its supported. > > 2. After changes the speed, changes your hyperterm speed > > to the console's speed. > > 3. type xmodem -c at the rommon promt of router. > > 4. clik transfer> send file, then specify your image > > name and location > > 5. Wait until it transfer all to the router and programmed > > to the flash. and after that it will reset > > automatically. > > > > I hope that help. Corect me if i am wrong. > > > > Regards, > > > > William > > > > > > - Original Message - > > From: Albert Lu <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, January 18, 2001 12:46 AM > > Subject: 2500 xmodem flash transfer > > > > > > > Hi, > > > > > > Could anyone point me to some info on transfering IOS images to/from a > > > 2500? > > > > > > Thanks > > > > > > Albert > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers in my lab
Hi all, Take a look at what I've got in my lab consisting of 12 routers. 3x2503 2511 2501 2521 2502 2504 2x2610 2x2620 Have I over done it? Are there scenarios in the CCIE that may need all this? What should I keep what should I get rid of? Thanks Albert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers in my lab
I'm thinking of getting rid of 1x2503 2x2610 1x2502 1x2504 And using that money to get Cat5000 and ISDN simulator. I'm also considering a couple of 2513, do I really need 2513 if so do I need 2 or can I go with 1? I know people who's done CCIE with just 6-7 routers, I'm not sure how I can make use of more than that either. BTW. My aim is to be able to do most of the CCBootcamp labs. -- > From: Ole Drews Jensen <[EMAIL PROTECTED]> > To: 'Albert Lu' <[EMAIL PROTECTED]>; [EMAIL PROTECTED] > Subject: RE: Routers in my lab > Date: Saturday, January 20, 2001 2:45 AM > > I would keep them all unless you're in acute need of money. Even though I'm > many frequent flyer miles away from the CCIE, I do believe that you can not > have to much equipment to practice on. > > If it were for the CCNA only, 1,2 or 3 2500's should be plenty. > > You might want to get rid of a some of the 2500's and get different routers > instead, plus a switch or two. You can keep buying stuff from now to > Christmas, the only thing that stops you are the amount of money you can > afford to spend on this. > > If I was a multi-millionaire and for some reason still wanted to study for > these Cisco tests, I would buy every model they have ever made and setup a > whole house as a lab. > > But, I'm not, so I currently only have four 2500's to play with, but that's > kind of okay for now. I would have liked a Cat5000, but that's a little too > heavy for my wallet. > > Hth, > > Ole > > > Ole Drews Jensen > Systems Network Manager > CCNA, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > http://www.CiscoKing.com > > NEED A JOB ??? > http://www.oledrews.com/job > > > > > -Original Message- > From: Albert Lu [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 19, 2001 9:37 AM > To: [EMAIL PROTECTED] > Subject: Routers in my lab > > > Hi all, > > Take a look at what I've got in my lab consisting of 12 routers. > > 3x2503 > 2511 > 2501 > 2521 > 2502 > 2504 > 2x2610 > 2x2620 > > Have I over done it? Are there scenarios in the CCIE that may need all > this? What should I keep what should I get rid of? > > Thanks > > Albert > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AGS/MGS Questions [7:506]
Hello Group, I got a few questions in regards to AGS/MGS routers for a home lab 1. For most home lab scenarios, is 4 serial interfaces enough? Or is it worthwhile to get more interfaces and cables to hook up 4+ routers to the FR switch? 2. In regards FR switches, am I missing anything with using an MGS rather than a 2500 series router? I am referring to the IOS functionality, since MGS support 11.x or something, not 12. 3. Are AGS cards compatible with MGS? If I wanted to add a token ring interface to an MGS, what do I look for? 4. If an MGS router has an ethernet and token ring interface, can that do everything a 2513 can do in terms of bridging traffic from ethernet to token ring? 5. Are there any cheaper alternatives to buying the cables for the MGS at pacific cable? Maybe I could get the connectors and make one myself? I haven't had much luck in locating connector kits for HDB60 and DB26. Thanks for anyone's help and any other advice. Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=506&t=506 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Books - Opinions plz [7:1073]
Hello group, I would like people's opinion of the following titles for the CCIE 'Written' (not lab) CCIE Routing and Switching Exam Cram by Thomas M., II Thomas, Henry Benjamin CCIE: Cisco Certified Internetwork Expert Study Guide by John Swartz, et al All-in-One CCIE Study Guide by Roosevelt Giles CCIE Prep Kit 350-001 Routing and Switching (Exam Guide) CCIE Routing and Switching Exam Prep By Corolios Group I'm already going to add Caslow, Doyle, Halabi, Perlman, Clark(Lan Switching) to my collection. I'm not looking for the ultimate guide, just want to weed out the bad ones to make a good choice. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1073&t=1073 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 800 IOS CLI [7:1172]
Hello group, I just have a quick question about the Cisco 800 router's CLI. Is it the same as the 700 with the SET and CLEAR commands? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1172&t=1172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN PPP Callback Example [7:1209]
Hello Group, I'm having a little problem trying out the PPP callback example in the BCRAN book on page 126. One of the problem is the section: map-class dialer dial1 dialer callback-server username dialer hold-queue timeout 60 <=*** The line I indicated won't work. There is no "hold-queue" option available. The second problem is when I'm entering "dialer callback-secure" for one of the async interface, and the IOS replis "%Configure a "dialer in-band" first". I'm trying these commmands on a 2511 with IOS Version 12.0(9) Enterprise. Any feedback would be great. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1209&t=1209 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reverse Telnet out of AUX [7:1220]
Hi Group, Is it possible to reverse telnet out of the AUX port? I've configured reverse telnet out of other lines in a 2511, and I was wondering if I could use the AUX since it seems like just another line. Actually what I'm trying to do is to try and reverse telnet from another router out of the AUX, and into the 2511 as though a phone call was made from the other router into one of the 2511 lines. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1220&t=1220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Reverse telnet [7:1328]
Maybe you could have 2 r4 sessions? =) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > A.Strobel > Sent: Friday, 20 April 2001 12:27 > To: [EMAIL PROTECTED] > Subject: Reverse telnet [7:1328] > > > When setting up reverse telnet, it is good to match the > connection with the > router number: > 1 for r1 > 2 for r2 > > > 6 for r6 > > > What is the trick to have connection 6 to go to r6 even if there is no r5? > > Tks. > > A. Strobel > > > > > Get free email and a permanent address at http://www.amexmail.com/?A=1 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1330&t=1328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Async, Dialers and Line Confusion [7:1488]
Hello Group, I'm getting a little confused about configuring Async, Dialers and Lines. I've been reading the BCRAN book and looking at the sample config http://www.cisco.com/warp/public/779/smbiz/service/configs/async/async_ip_st atic_aux.htm I'm not sure how to configure 'Line' for modems. There are a few ways of doing it that I have seen, using 'modem autoconfigure discovery', setting speed/stopbits/flowcontrol, and specifying a modem type from the modemcap. I'm confused by the various ways, and would like to know what really is necessary. Secondly, the relation between Lines and Async interfaces are abit blurry for me as well. From my knowledge, Lines are used to configure modem related stuff and Async are used to config higher level things such as ppp and dialer. Am I close? Finally, I see in the config from the Cisco site that they use an Async interface and a Dialer interface. I was trying to configure the Async interface and putting the 'dial map' command in the Async interface, and now I see it in the Dialer interface. Isn't Dialer interfaces only necessary if you want to bundle multiple Async/BRI interfaces together into one logical Dialer interface? I must say that Line/Async/Dialer configs are the most longest, confusing and least intituitive for something this simple. Most of the time I remember most of the configs that are necessary, but sometimes miss out on a few which makes it not work. Anyone have any tips they wish to share to help remember, or is it just something I will get a hang of after awhile? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1488&t=1488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2439]
I thought that only transport input telnet (or all) is needed, rather than transport output as well. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Sunday, 29 April 2001 2:15 > To: [EMAIL PROTECTED] > Subject: Re: 500-CS...HELP!! [7:2414]..here is my 500-CS config > [7:2433] > > > Here is my script..anybody see any errors? > TIA, > Rob H. > > Using 1299 out of 32512 bytes > version 9.1 > ! > hostname CS500 > ! > enable-password gabby > ! > ! > ! > ! > ! > ! > interface Ethernet 0 > no ip address > shutdown > no lat enabled > no mop enabled > ! > interface Loopback 0 > ip address 1.1.1.1 255.255.255.255 > ! > --More-- > ! > ! > ! > ! > ip name-server 255.255.255.255 > ip host R1 2003 1.1.1.1 > snmp-server community > ! > ! > line vty 0 4 > login > line con 0 > transport input > transport output > line 1 > no exec > monitor > transport input telnet > transport output telnet > line 2 > no exec > transport input > --More-- > transport output > line 3 > no exec > transport input telnet > transport output telnet > line 4 > no exec > transport input > transport output > line 5 > no exec > transport input > transport output > line 6 > no exec > transport input > transport output > line 7 > no exec > transport input > transport output > line 8 > --More-- > no exec > transport input > transport output > line 9 > no exec > transport input > transport output > line 10 > no exec > transport input > transport output > line 11 > no exec > transport input > transport output > line 12 > no exec > transport input > transport output > line 13 > no exec > transport input > --More-- > transport output > line 14 > no exec > transport input > transport output > line 15 > no exec > transport input > transport output > line 16 > no exec > transport input > transport output > line vty 0 > password gabby > line vty 1 > password gabby > line vty 2 > password gabby > line vty 3 > password gabby > line vty 4 > --More-- > password gabby > ! > end > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2439&t=2439 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to study for CIT [7:2463]
Hello Group, I'm currently starting on my final CCNP exam, which is CIT. This seems like quite a strange beast to study for, compared to the other exams which focused on configuration. It seems like it mainly concentrates on show and debug commands. If that is true, how in depth do I need to know the show and debug outputs? I'm using CIT book by Laura Chappell, and Chapter 2 is one big chapter (100pages). It seems like it's missing from the actual CIT course. Am I correct? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2463&t=2463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Alcatel OmniPCX [7:2695]
Hello Group, Does anyone have knowledge/experience with Alcatel's OmniPCX boxes? I would like to know what they are. Was this product from the acquisition of Newbridge Networks? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2695&t=2695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN BRI up but does not ping [7:2712]
I personally think that using dialer profiles are better than hard coding the interface. It is also true that there is no dialer-list command to dial for interesting traffic, and you don't have a route to use the bri interface so it wouldn't know when to dial. Wouldn't you need a dialer map command for interfaces, rather than specify dialer string? Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Shoaib Waqar > Sent: Tuesday, 1 May 2001 6:15 > To: [EMAIL PROTECTED] > Subject: ISDN BRI up but does not ping [7:2712] > > > I am getting trouble in ISDN bri link. I have a > Central site Router 3640 with 12.1.8 IP/IPX plus IOS. > the route has 4 port BRI module. The remote site is > having 2503, all u know that it has 1 port BRI. remote > site is running 11.2.1 version of IOS. The call is > placed using simple DDR commands as: > > Cisco 3640 Router > = > Int bri 2/0 > ip add 130.1.1.1 255.255.255.0 > encap ppp > dialer idle-timeout 300 > dialer fast-idle 300 > dialer string > dialer-group 1 > > Remote site (2503): > === > > Int bri 0 > ip add 130.1.1.2 255.255.255.0 > encap ppp > dialer idle-timeout 300 > dialer fast-idle 300 > > In this scenario, a/c to customer need, the central > site is placing call.When the call has placed, and we > see the debug output, it shows all the debug of ppp > negotiations and ISDN events as correct, with the > install route at the end. When i run 'show isdn > status' it shows me all layers up with one active > layer 3 call also. Also 'show isdn active' gives me > successful call to remote site. So nothing seems to be > wrong with config. THE problem is that after > connectivity when i try to ping from central site the > remote site ip address, it times out. I took the 'show > ip route', and it gives me only connected routes but > dont show me the remote LAN network address of each > site which it should give as i m running EIGRP at both > sites. The primary link is working correctly as i have > an SCPC 128K link between the two sites as well and > showing correct routes. The switch type in pakistan > normally we use is basic-net3 (SIEMENS switch). Can > anyone plzz help me, where is the issue?? i have tried > everything, dialer profiles and all. but nothing seems > to be working, i cant ping the other side thru BRI. > > Shoaib > CCNP,MCSE > > > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2722&t=2712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN BRI up but does not ping [7:2712]
Try using debug dialer events to see if the dialing actually takes place when you ping. If the dialer doesn't come up, then it could be a dialer problem. If it does come up, and dialing fails, then it could be an isdn problem. Albert > -Original Message- > From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 1 May 2001 9:54 > To: Albert lu > Cc: [EMAIL PROTECTED] > Subject: RE: ISDN BRI up but does not ping [7:2712] > > > I have tried dialer profiles, legacy DDR with dialer > mao statement and with floating static route too, but > still same result, could not ping the neighbor. > Offcourse there is a dialer-list statement to initiate > call: > > dialer-list 1 protocol ip permit > > Shoaib > > > > --- Albert Lu wrote: > > I personally think that using dialer profiles are > > better than hard coding > > the interface. It is also true that there is no > > dialer-list command to dial > > for interesting traffic, and you don't have a route > > to use the bri interface > > so it wouldn't know when to dial. > > > > Wouldn't you need a dialer map command for > > interfaces, rather than specify > > dialer string? > > > > Albert > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Shoaib Waqar > > > Sent: Tuesday, 1 May 2001 6:15 > > > To: [EMAIL PROTECTED] > > > Subject: ISDN BRI up but does not ping [7:2712] > > > > > > > > > I am getting trouble in ISDN bri link. I have a > > > Central site Router 3640 with 12.1.8 IP/IPX plus > > IOS. > > > the route has 4 port BRI module. The remote site > > is > > > having 2503, all u know that it has 1 port BRI. > > remote > > > site is running 11.2.1 version of IOS. The call is > > > placed using simple DDR commands as: > > > > > > Cisco 3640 Router > > > = > > > Int bri 2/0 > > > ip add 130.1.1.1 255.255.255.0 > > > encap ppp > > > dialer idle-timeout 300 > > > dialer fast-idle 300 > > > dialer string > > > dialer-group 1 > > > > > > Remote site (2503): > > > === > > > > > > Int bri 0 > > > ip add 130.1.1.2 255.255.255.0 > > > encap ppp > > > dialer idle-timeout 300 > > > dialer fast-idle 300 > > > > > > In this scenario, a/c to customer need, the > > central > > > site is placing call.When the call has placed, and > > we > > > see the debug output, it shows all the debug of > > ppp > > > negotiations and ISDN events as correct, with the > > > install route at the end. When i run 'show isdn > > > status' it shows me all layers up with one active > > > layer 3 call also. Also 'show isdn active' gives > > me > > > successful call to remote site. So nothing seems > > to be > > > wrong with config. THE problem is that after > > > connectivity when i try to ping from central site > > the > > > remote site ip address, it times out. I took the > > 'show > > > ip route', and it gives me only connected routes > > but > > > dont show me the remote LAN network address of > > each > > > site which it should give as i m running EIGRP at > > both > > > sites. The primary link is working correctly as i > > have > > > an SCPC 128K link between the two sites as well > > and > > > showing correct routes. The switch type in > > pakistan > > > normally we use is basic-net3 (SIEMENS switch). > > Can > > > anyone plzz help me, where is the issue?? i have > > tried > > > everything, dialer profiles and all. but nothing > > seems > > > to be working, i cant ping the other side thru > > BRI. > > > > > > Shoaib > > > CCNP,MCSE > > > > > > > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! Auctions - buy the things you want at great > > prices > > > http://auctions.yahoo.com/ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2731&t=2712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN BRI up but does not ping [7:2712]
Could you give the full configuration listing. The partial config is not enough to debug with. Albert > -Original Message- > From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 1 May 2001 10:15 > To: Albert lu > Cc: [EMAIL PROTECTED] > Subject: RE: ISDN BRI up but does not ping [7:2712] > > > Yes i also have used an access-list to prevent eigrp > to initiate call, and it dials on a ping event, as > shown by the 'deb dialer events' > > shoaib > > > --- Albert Lu wrote: > > Try using debug dialer events to see if the dialing > > actually takes place > > when you ping. If the dialer doesn't come up, then > > it could be a dialer > > problem. If it does come up, and dialing fails, then > > it could be an isdn > > problem. > > > > Albert > > > > > -----Original Message- > > > From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, 1 May 2001 9:54 > > > To: Albert lu > > > Cc: [EMAIL PROTECTED] > > > Subject: RE: ISDN BRI up but does not ping > > [7:2712] > > > > > > > > > I have tried dialer profiles, legacy DDR with > > dialer > > > mao statement and with floating static route too, > > but > > > still same result, could not ping the neighbor. > > > Offcourse there is a dialer-list statement to > > initiate > > > call: > > > > > > dialer-list 1 protocol ip permit > > > > > > Shoaib > > > > > > > > > > > > --- Albert Lu wrote: > > > > I personally think that using dialer profiles > > are > > > > better than hard coding > > > > the interface. It is also true that there is no > > > > dialer-list command to dial > > > > for interesting traffic, and you don't have a > > route > > > > to use the bri interface > > > > so it wouldn't know when to dial. > > > > > > > > Wouldn't you need a dialer map command for > > > > interfaces, rather than specify > > > > dialer string? > > > > > > > > Albert > > > > > > > > > -Original Message- > > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > > > Shoaib Waqar > > > > > Sent: Tuesday, 1 May 2001 6:15 > > > > > To: [EMAIL PROTECTED] > > > > > Subject: ISDN BRI up but does not ping > > [7:2712] > > > > > > > > > > > > > > > I am getting trouble in ISDN bri link. I have > > a > > > > > Central site Router 3640 with 12.1.8 IP/IPX > > plus > > > > IOS. > > > > > the route has 4 port BRI module. The remote > > site > > > > is > > > > > having 2503, all u know that it has 1 port > > BRI. > > > > remote > > > > > site is running 11.2.1 version of IOS. The > > call is > > > > > placed using simple DDR commands as: > > > > > > > > > > Cisco 3640 Router > > > > > = > > > > > Int bri 2/0 > > > > > ip add 130.1.1.1 255.255.255.0 > > > > > encap ppp > > > > > dialer idle-timeout 300 > > > > > dialer fast-idle 300 > > > > > dialer string > > > > > dialer-group 1 > > > > > > > > > > Remote site (2503): > > > > > === > > > > > > > > > > Int bri 0 > > > > > ip add 130.1.1.2 255.255.255.0 > > > > > encap ppp > > > > > dialer idle-timeout 300 > > > > > dialer fast-idle 300 > > > > > > > > > > In this scenario, a/c to customer need, the > > > > central > > > > > site is placing call.When the call has placed, > > and > > > > we > > > > > see the debug output, it shows all the debug > > of > > > > ppp > > > > > negotiations and ISDN events as correct, with > > the > > > > > install route at the end. When i run 'show > > isdn > > > > > status' it shows me all layers up with one > > active > > > > > layer 3 call also. Also 'show isdn active' > > gives > > > > me > > > > > successful call to remote site. So nothing > > seems > > > > to be &g
ATM Module for 2600 [7:3032]
Hi Group, I would like to know if there was an ATM module for the 2600, specifically to use for Lab study. I saw one on Cisco website, it looks like a BNC connector so I'm not sure what's going on. Thanks for your help =) Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3032&t=3032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
"enable password level" command [7:3277]
Hi Group, Could someone give me an explanation and "best practise" in production networks for the "enable password level" command? I know that it is between 1-15, with level 1 the lowest and 15 the highest level for most access. Are the levels 2-14 user configurable? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3277&t=3277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone have an ISDN simulator they want to sell? [7:3424]
Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3424&t=3424 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mentortech BGP & OSPF Course [7:3483]
Hello Group, Could someone who has done the above course give their opinion on the course content. How does it compare with reading Halabi and Doyle? I know it is a instructor led course so the material is more spoon fed than self study. Are the course materials covering more, or covering the same content in a more approachable manner? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3483&t=3483 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed CCIE Written but NOT doing lab [7:3568]
I believe Cisco Certs aren't the same as the other vendor's Certs, in that for MS/Novell/Lotus alot of them require knowledge with their products. As newer versions of the OS/App comes along, your previous knowledge will be less relevant. Alot of the knowledge for Cisco Certs involve understanding of protocols that are not part of the Cisco standards (eg. IETF, IEEE, ANSI, etc). Although they too get revised, this revision affects other vendors not only Cisco. So whatever you learn for the CCIE will most unlikely get wasted compared to learning vendor technoligies like NT and Novell. If IETF had a certification, CCIE would be pretty close. The list of people you mentioned have had extensive experience in the industry, that is why they are doing well. I believe they have worked on some major projects, which allowed them the experience they have. How I see myself using the Cisco Certs is by showing a level of competence that will allow me to work on some major projects in the future. However, without the Certs I would probably have to wait another 5-10 years to prove myself. Where I want to be is a freelance CCIE, travelling around working project by project. I guess I need a few big breaks for me to get that opportunity, and I believe having a CCIE will allow me to at least get a break =). (Any freelancing CCIE's willing to give some advice, feel free to email =)) Don't worry, be happy!! Nothing to fear... one day you'll tell your grandkids about the 'recession' of the early 2000s after the big bubble burst =). (btw. US is technically not in recession, so mind how you use that word) Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, 8 May 2001 7:31 > To: [EMAIL PROTECTED] > Subject: Passed CCIE Written but NOT doing lab [7:3568] > > > Memo from Steve Skinner of PricewaterhouseCoopers > > Start of message text > > Guys, > > on saturday i passed my CCIE written ,just Horray for me ... > But i have decided not to go for the lab?..WHY?. > > well i have been in the industry for 8yrs..and i have spent most of that > time chasing Cred`s, > First it was novell > Then it was Microsoft > then i side-swiped into Lotus > Now it is Ciscoand throughout all that time .as soon as i get these > cred`s they seem to to be worth as much as they were. > an articale taken from "the Times" about two weeks ago by a top london > recuritment agent > > "At this present time ,even though we(England) are in a resonable > period of > growth ,i presently have 5 of the most sort after network expert CCIE > awatiing work" > > this got me thinkinghow many CCIE does the world need. > > And more importantly HOW much work it there for CCIE`s, > > take this senario ... i presently work for a company that has over 12,000 > employees in the UKwe have 1500 cisco switches and routers running > OSPF.BGP.ISDN,SMDS., > yet we have only ONE CCIE...this begs the question how many org`s are > there out there to support all us IE.for economic means only why employ an > IE if you only need (or can get away with) an NP who spent the time the IE > did on his lab X-triaing into FOUNDRY and VOIP...? > if we take this list for example there are plenty of people who are > extremly advanced in there skill > > Howard,Pris,Chuck,Thomas,MR roysdonthese guys and more don`t SEEM to > need the IE...maybe they have made the right choice..??? > > this question is scaring me just a bit > > also, > if i spend $4,000 on a test lab $1,200 per shot at the real thing ,then i > actuallly pass ,if an organisation the size of mine only needs > one ...?what > will the return on my investment B...?? will there b so many IE out > there that i can`t find work because i am deemed to expensive?? > > i think i will do the following > > CCDP ,Secuirty/pix stuff then foundry. > > your thought`s and advise please > > steve ...MCSE,CCNA,CCNP,CCDA,CCIe written > > VVSAF...Very Very Scared About the Future > > > > > > - End of message text > > The principal place of business of PricewaterhouseCoopers and its > associate > partnerships is 1 Embankment Place, London WC2N 6NN where lists of the > partners' names are available for inspection. All partners in the > associate > partnerships are authorised to conduct business as agents of, and all > contracts for services to clients are with, PricewaterhouseCoopers. The UK > firm of PricewaterhouseCoopers is authorised by the Institute of Chartered > Accountants in England and Wales to carry on investment business. > PricewaterhouseCoopers is a member of the world-wide > PricewaterhouseCoopers organisation. > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confident
RE: CCIE prep - review lab inventory and budget [7:3908]
You prices for each router seem $100 less than they are selling out there. Correct me if I'm wrong. Here's a suggestion.. maybe an MGS for FR switch and maybe as a 2513 aswell. Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Fred Danson > Sent: Thursday, 10 May 2001 10:20 > To: [EMAIL PROTECTED] > Subject: Re: CCIE prep - review lab inventory and budget [7:3908] > > > If your $4000 budget isn't going to move, you always have other options. > Another factor here is- how long you are willing to wait? Every once in a > while you can find someone to buy direct from. They might not know the > street prices or miight not care how much they get for their equipment. > Either way, you win. > > If I had $4000 to create a Lab from scratch, I would probably shoot for a > setup like this: > > $2509- $800-$900 > $2523- $800-$900 > $2502- $400-$450 > $2501- $500-$550 > $2503- $550-$650 > $2504- $425-$525 > hub&mau- $30-$40 > > Total- $3505 - $4015 > > Use the rest to buy cables, and mabye another 2501/2502. Take > your time when > purchasing from ebay. You can sometimes find very good deals! > Also, look for > deals that include cables & high dram/flash. They don't normally > influence > the price much. You might even be able to sell back some of the flash to > save yourself some money. > > When you're on a limited budget like $4000, your strategy is > quantity, not > quality. If you spend half the cash to buy a 2901, you wouldn't > have enough > cash left to get a decent (IGP/BGP, DLSW, ect.) lab going. You > also should > look to create a lab that will scale for you in the future. Even > though you > don't have an ISDN simulator now, you have the routers available > in case you > decide to purchase one in the future. > > I think the next step for a lab like this, money permitting, > would be to buy > an ISDN simulator. They are a little cheaper than a 2901, and > they let you > do a lot more. > > I wouldn't even consider buying a switch. Once you have the > money, go ahead > and get a 2901/5000 (the prices for these 2 don't differ much). > For now, you > can get a hub or 2. If you need VLANS, buy more hubs. > > Add a 2513 and you could do most of the fatkid labs! > > Fred > > > > >From: "EA Louie" > >To: "Fred Danson" > >Subject: Re: CCIE prep - review lab inventory and budget [7:3908] > >Date: Wed, 9 May 2001 23:27:55 -0700 > > > >dang, that's almost 2x my budget... g... I guess I'd better look > >for > >better deals - maybe go to work for an 'almost-ready-to-fail' dot-com??? > >:-) > > > >thanks Fred, that was a great response. > > > >Eric > > > >- Original Message - > >From: "Fred Danson" > >To: > >Sent: Wednesday, May 09, 2001 4:01 PM > >Subject: Re: CCIE prep - review lab inventory and budget [7:3908] > > > > > > > I have a similar setup, here's what mine cost me (without shipping)- > > > > > > 2501- $550 > > > 2502- $404 > > > 2503- $630 > > > 2504- $540 > > > 2511- $900 > > > 2523- $900 > > > Cat1800 Token Switch- $300 > > > 4000 w/2 ethernet, 1 token, 2 serial, 4 BRI- $1000 > > > ISDN Simulator- $1800 > > > > > > Total- $7024 (without shipping) > > > > > > I bought all of my equipment from ebay. Where are you > planning on buying > > > yours from? Also, why would you need 4 hubs when you have a > switch? You > > > could easily make the switch act like a number of hubs by creating > >VLANS. > > > > > > If you have any questions, feel free to email me. > > > > > > Fred > > > > > > >From: "EA Louie" > > > >Reply-To: "EA Louie" > > > >To: [EMAIL PROTECTED] > > > >Subject: CCIE prep - review lab inventory and budget [7:3908] > > > >Date: Wed, 9 May 2001 18:09:22 -0400 > > > > > > > >I'm getting ready (or in Texas, I'd be "a-fixin to git > ready") to build > >a > > > >CCIE > > > >lab prep setup, both for personal use and for the use of my local > > > >studygroup. > > > >Here's what I've identified - if I'm missing anything, please let me > >know. > > > > > > > >Here's the strategy I'm going to take for the equipment: > > > > > > > >1-2511 --- console server (w/ octal cable) > > > >1-2503 --- ISDN > > > >1-2504 --- ISDN > > > >1-2514 - dual eth > > > >1-2515 - dual t/r > > > >1-4000 w/NP-4T and NP-1E or NP-2E, and a BRI interface or two if they > >exist > > > >(F/R switch) > > > >1-2924-XL > > > >teltone isdn simulator > > > >3 token ring MAUs > > > >3 token ring media filters > > > >4 AUI-10BT transceivers > > > >4 Ethernet hubs > > > >6 60-pin DTE-DCE cables > > > >a bunch of Cat5 cables > > > >rack > > > >rackmount kits (or shelves) > > > >and a partridge in a pear tree ;-) > > > > > > > >I'm budgeting about $4000 and if an additional 2501 falls into my > > > >possession > > > >by accident, > > > >so be it ;-) > > > > > > > >That should provide most of what's needed and enough of the interface > >types > > > >required to > > > >practice configurations (especially desktop protocols and iBGP/eBGP). > >I'd > > > >love a Cat5k too, but I can't
RE: CCIE #7354 - for Jeff McCoy [7:3998]
What the hell is wrong with you?? Are you 12 years old? If you really want to know, you should ask nicely. This isn't the alt.celebrities.britney newsgroup. Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Q > Sent: Friday, 11 May 2001 4:10 > To: [EMAIL PROTECTED] > Subject: Re: CCIE #7354 - for Jeff McCoy [7:3998] > > > Heh, y3ah, enough about me now, what are the answers to the questions? > (Inexperienced may continue to attack, but I still am curious as to the > answer) > > Thanks. > > Q > > "simonis" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Q wrote: > > > > > > Yeah, but what do u do for a living? And do you have any real > experience > > and > > > to what extent? Survey says! > > > > > > Q > > > > > > Survey says... you're a twit. > > > > *PLONK* > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4127&t=3998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Certificationzone [7:4279]
Hi Group, Just wondering if anyone has a subscription to Certificationzone.com, would likt to discuss their opinion offline. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4279&t=4279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DDR Problems [7:1521]
Hello Group, I'm currently having problems with DDR, and was hoping someone could take a look at my config. I'm trying to get it to dial through my modem when any IP traffic are detected, but I've tried pinging many times with no result. I've also tried debug dialer to see if there is any thing going on, and it's giving me no results. Any help would be appreciated. Thanks Albert Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BranchA ! enable secret 5 $1$yznA$yGDVg7d22bM1FvzAJveaP0 ! username CentralA password 0 cisco ! ! ! ! ip subnet-zero no ip domain-lookup ip host modem 2065 11.1.1.1 ! isdn switch-type basic-5ess isdn voice-call-failure 0 chat-script blah "" "atdt" OK ! ! ! interface Loopback69 ip address 11.1.1.1 255.255.255.0 no ip directed-broadcast ! interface FastEthernet0/0 ip address 10.218.0.1 255.255.255.0 no ip directed-broadcast duplex auto speed auto ! interface Serial0/0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial0/1 no ip address no ip directed-broadcast shutdown ! interface BRI1/0 no ip address no ip directed-broadcast encapsulation ppp shutdown dialer idle-timeout 300 dialer-group 1 isdn switch-type basic-5ess ppp authentication chap ! interface BRI1/1 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface BRI1/2 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface BRI1/3 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface Async65 no ip address no ip directed-broadcast encapsulation ppp keepalive 10 dialer in-band dialer rotary-group 0 async default routing async mode dedicated fair-queue 64 16 0 ! interface Dialer0 ip address 10.130.1.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer in-band dialer wait-for-carrier-time 180 dialer map ip 10.130.0.2 name CentralA 0414184780 dialer map ip 255.255.255.255 name CentralA 0414184780 dialer-group 1 ppp authentication chap ! ip nat translation timeout never ip nat translation tcp-timeout never ip nat translation udp-timeout never ip nat translation finrst-timeout never ip nat translation syn-timeout never ip nat translation dns-timeout never ip nat translation icmp-timeout never ip classless ip route 10.115.0.0 255.255.255.0 10.130.0.2 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line aux 0 login modem InOut transport input all transport output none stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 password cisco login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1521&t=1521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: who said CCIE make big bucks? [7:5393]
Well, if that is you. Then maybe it's time to move on to bigger and better things =) Albert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jim Bond > Sent: Tuesday, 22 May 2001 4:41 > To: [EMAIL PROTECTED] > Subject: who said CCIE make big bucks? [7:5393] > > > $29/hr... > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5398&t=5393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does 3660 & Cat4k Ship with 23inch rack mount? [7:6435]
Does 3660 & Cat4k Ship with 23inch rack mount? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6435&t=6435 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Catalyst 5000 10/100 12port module for sale in Australia [7:6591]
Hi Group, I've got the above module I want to sell from my lab, preferably to someone in Australia. Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6591&t=6591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Selling Cisco 2503 in Original Box w/ all accesories [7:6875]
Hi Group, I've got a 2503 router in original packaging with all docs & accessories. Make me an offer, a serious offer =). (Not sure about memory specs, will check) Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6875&t=6875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Forwarding to Cisco [7:7555]
Hello Group, I'm currently trying for a temporary solution to get my network up and running. Basically all the telcos are late with the WAN links, so I'm trying to make use of dialup in order to configure servers in the network. The setup I'm trying to achieve is by using a computer to dial out and forwarding all traffic to a Cisco router connected to it. Reason for this is that ISPs use dynamically allocated IP addresses, and dialer interfaces require IP address hard coded into the config. This would not work, hence requiring the intermediate computer to dial out for me, since that would accept dynamic IP address allocated, and the LAN interface to the Cisco router has a static IP. I've tried NAT, and that works fine except I'm also trying to get a GRE tunnel through. It seems like GRE tunnel doesn't like to go through the NAT. So I'm looking for other suggestions. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7555&t=7555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How can I run 2 subnets within 1 network? [7:7967]
Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7967&t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I run 2 subnets within 1 network? [7:7967]
What do you mean with primary and seconday ip address for the interface? Aren't you only limited to 1? Could I subinterface the WAN link to the other router for each subnet? The net effect would be the whole network running with 2 subnets, separate from each other. Albert > -Original Message- > From: Bob S [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 12 June 2001 12:59 > To: Albert lu; [EMAIL PROTECTED] > Subject: Re: How can I run 2 subnets within 1 network? [7:7967] > > > I think you are asking if you can have two different subnets in one > interface? the answer is yes, one primary ip address for one > subnet and a > secondary ip address for the the second subnet. I beleive you > can then use > extended ACL to prevent the other network into talking to another > network. > Another thing you can do is to subinterface the router's fastethernet > interface and trunk to the switch and again use extended ACL to > prevent the > intervlan communication. > > > >From: "Albert Lu" > >Reply-To: "Albert Lu" > >To: [EMAIL PROTECTED] > >Subject: How can I run 2 subnets within 1 network? [7:7967] > >Date: Mon, 11 Jun 2001 09:39:39 -0400 > > > >Hello group, > > > >I'm trying to get ideas for a network design. > > > >Essentially, there would be two networks, lets say 172.0.0.0 network and > >the > >192.0.0.0 network. What I'm looking to accomplish is to have about 8 > >routers > >interconnected together, and both networks would run through > them. However, > >each network is not allowed to learn about the other. That is, if I'm in > >the > >172 network, I cannot ping hosts in the 192 network. > > > >Each router would have a switch, that would separate the two > networks into > >two vlans, so hosts in one vlan cannot reach the other. It gets > complicated > >when the traffic needs to be routed to another router. > > > >I hope I made sense, if I didn't, then please feel free to email me. > > > >Regards, > > > >Albert > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7993&t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco Memory for Sale (Sydney) [7:40650]
Hello Group, Just wanted to sell some leftover memory I have: 2x 8MB Flash for 2600 1x 16MB DRAM for 2500 Prefer Sydney buyers as shipping would be cheapest. Make me a serious offer. Thanks Albert Lu CCIE #8705 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40650&t=40650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Working Frame Relay Point-to-Point Config [7:13245]
Hello Group, Could someone point me to (or send me) a working config for a Frame switch and routers attached to it, using point-to-point connections. I'm currently stuck on this for my routers, as the PVCs are there but in a deleted state. I probably should have included my configs in this email, but I'm not at my routers at the moment, and I'm sure it's something simple that I have missed. Thanks for your help. Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13245&t=13245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redundant Route Reflectors [7:14075]
Hello Group, I've been doing some research on BGP Route Reflectors. What I'm looking to design is a topology where all sites are Route Reflector clients to a site which is designated as the Route Reflector. All sites have dual routers for redundancy, including the site designated as the Route Reflector. So what I'm trying to work out is how the BGP topology will look like, and who will need to be clients with who. The obvious solution is to make all sites to be Route Reflector clients of both routers in the site designated as the Route Reflector. If one of the Route Reflector routers goes down, the other one will still have all the other sites as Route Reflector clients. Or if one of the dual routers of the Route Reflector clients goes down, the other router will still be a route reflector client. I was hoping there was a simpler solution where both Route Reflector clients don't have to be clients of both routers. Could only one router of the Route Reflector client be the client, and have that router transfer BGP routes to the other router? It would be great if I was pointed to some sources. I've got Halabi's BGP book, so feel free to reference that book for examples. Thanks Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14075&t=14075 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Problems [7:15236]
Hello group, I'm having a little trouble with my ISDN config. Now, this is what I'm getting after a single ping. It looks like it's telling me "Mandatory IE missing". Could someone please take a look. Thanks Albert ! interface BRI0 ip address 196.1.1.1 255.255.255.0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer map ip 196.1.1.2 name RouterB broadcast dialer-group 1 isdn switch-type basic-ni ppp authentication chap ppp multilink ! no ip classless ! dialer-list 1 protocol ip permit ! ! RouterA#ping Protocol [ip]: ip Target IP address: 196.1.1.2 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 196.1.1.2, timeout is 2 seconds: 21:05:10: ISDN BR0: TX -> SETUP pd = 8 callref = 0x65 21:05:10: Bearer Capability i = 0x8890 21:05:10: Channel ID i = 0x83 21:05:10: Called Party Number i = 0x80, '' 21:05:10: ISDN BR0: RX CONNECT pd = 8 callref = 0xCC 21:05:10: Channel ID i = 0x8A 21:05:10: ISDN BR0: RX DISCONNECT pd = 8 callref = 0x65 21:05:10: . Success rate is 0 percent (0/1) RouterA#Cause i = 0x80E034 - Mandatory IE missing 21:05:10: ISDN BR0: RX RELEASE_COMP pd = 8 callref = 0x65 21:05:10: ISDN BR0: RX RELEASE pd = 8 callref = 0xCC 21:05:10: ISDN BR0: RX <- RELEASE_COMP pd = 8 callref = 0x4C 21:05:10: Cause i = 0x8090 - Normal call clearing _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15236&t=15236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What is the quickest way to reload a router? [7:15247]
Hello group, A quick question. What is the quickest way to reload a router to it's default config. I use "erase nvram" and then "reload". Is there a way of doing this without doing the reload which can take a long while. Thanks Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15247&t=15247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
'ppp authentication chap callin' ?? [7:15603]
Hello group, I've got a quick question, which I can't seem to find on the CD. What is the difference between 'ppp authentication chap' and 'ppp authentication chap callin'? The 'callin' option is described to authenticate remoted on incoming calls only, but isn't authentication done on incoming calls anyway? If I didn't use the 'callin' option, it would authenticate incoming and outgoing calls? Why would there be a need to autenticate outgoing calls? I hope I haven't confused anyone. =) Thanks Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15603&t=15603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ASBR ROUTER [7:62570]
You can either use default-information originate, or put a default static route and redistribute that into OSPF. This will cause all traffic that is not part of your internal network to be routed out via the ASBR, hence all Internet traffic will route out through the ASBR. Hope that helps, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of hanan Sent: Thursday, February 06, 2003 8:56 PM To: [EMAIL PROTECTED] Subject: ASBR ROUTER [7:62570] HELLO Could you please help me? I want to configure Cisco router series 2600 to enable OSPF and configure it as autonomous system border routers (ASBR) in one single area; the router has 2 interfaces one connected to ISP and the second one to my internal network that use OSPF protocol Can you tell me the commands that I must use exactly? Best regards Hanan.mawla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62572&t=62570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging VPN UP/DOWN status [7:62631]
Hello Group, I've got a situation where I need to keep track of my IPSEC VPN connectivity to see how often it goes up and down. I prefer to use syslog, and have the VPN log messages when it does go down/up rather than SNMP. It seems like by default, there are some logging messages logged but I'm not sure what they are. I don't really want to turn on debugging, because there is too much info to log and it would overrun my logging buffer. Also, this is a VPN using crypto map, there is no GRE interface I can keep track of. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62631&t=62631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Partial Connectivity [7:62639]
Hi, You mentioned that you were doing static nat on the router, this could effect it if the vpn client terminates on the router. The ip addresses that you have statics for is translated to the global IP address, and doesn't go through your vpn, since the access-list in your crypto map doesn't identify it as traffic needing to be encrypted. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dain Deutschman Sent: Saturday, February 08, 2003 3:49 AM To: [EMAIL PROTECTED] Subject: VPN Partial Connectivity [7:62639] Hi, When connecting a vpn via VPN Client 3.x I am able to ping only certain addresses... 192.168.1.180 Server 192.168.1.10 LAN Station But Not Others... 192.168.1.1 Inside Interface Of PIX 192.168.1.2 Mail Server 192.168.1.3 CSU/DSU management address I have a vpn setup as follows: Vpn Client--INTERNET--1721Router--PIX--LAN *The 1721 router is doing static nat to the outside interface of the pix. The vpn terminates at the pix. *I'm using vpngroup to assign ip info to the client. * The LAN ip scheme is 192.168.1.0/24 where the first 9 addresses are left out of the local dhcp pool *The vpn client is getting assigned from local-pool range 192.168.2.1-50 *I have a route on the pix "route inside 192.168.2.0 255.255.255.0 192.168.1.1 *The inside interface of the pix is 192.168.1.1 Here is my config... PIX(config)# wr t Building configuration... : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname PIX fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 pager lines 24 interface ethernet0 10baset interface ethernet1 10baset mtu outside 1500 mtu inside 1500 ip address outside 172.16.2.2 255.255.255.240 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool NEWMEX 192.168.2.1-192.168.2.50 pdm history enable arp timeout 14400 global (outside) 1 172.16.2.3 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 conduit permit icmp any any echo-reply conduit permit icmp any any echo route outside 0.0.0.0 0.0.0.0 172.16.2.1 1 route inside 192.168.2.0 255.255.255.0 192.168.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 1 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup vpn address-pool NEWMEX vpngroup vpn dns-server x.x.x.y x.x.x.z vpngroup vpn default-domain domain.com vpngroup vpn split-tunnel 101 vpngroup vpn idle-time 1800 vpngroup vpn password telnet timeout 5 ssh timeout 5 dhcpd address 192.168.1.10-192.168.1.42 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd enable inside terminal width 80 Cryptochecksum:a71ebfc24ae Any ideas?? I'm sort of stumped at this point. Thanks! -- Dain Deutschman CCNP, CSS-1, CCNA, MCP, CNA Data Communications Manager Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62684&t=62639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP connection drops after 11 minutes [7:62855]
Hi Jason, Can you explain further about your issue? Is there a firewall in place? When you are saying running a query on IE5, you mean you are doing HTTP to a server somewhere in your network? Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Dimagiba Sent: Wednesday, February 12, 2003 9:14 PM To: [EMAIL PROTECTED] Subject: TCP connection drops after 11 minutes [7:62855] Hello everyone, it's been a while since I last posted a message on this board > My question is: I currently experience a session timeout after 11 minutes running a query on IE5. I was thinking it may be the MTU size being set incorrectly on the router. I may be wrong but has anyone ever came across this in their network? What are the things to check for? Any suggestion will be greatly appreciated. Thanks, jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62858&t=62855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ingress ACL for internet routers [7:63118]
Hello Group, I'm currently trying to refine security for my Internet routers by developing my ingress ACL. My routers aren't ISP routers, they are more of a gateway/border router for your standard enterprise which connects to the ISP. I know that the ISP may use some filtering on their end, but doing ingress filtering again on your router is always a good idea. Reading through MCSN and SAFE whitepapers, they pretty much suggest filtering for RFC1918 and RFC2827, which I don't think is enough for a production router. Also, you guys might suggest to use a firewall. The point of the gateway/border router is to function as the router that connects to the Internet before the firewall, so it is used in tandem with the firewall. Any sort of ACL to only permit certain ports for accessing backend servers should only be added on the firewall. Here are a couple of links I've been referring to for developing my ACL: http://www.cymru.com/Documents/icmp-messages.html http://www.cymru.com/Documents/secure-ios-template.html If you look at the ACL that the link above had, it is huge, does anyone think it is relevant for my requirements? What about the null0 routes, I would imagine that it's only useful for the ISP routers since they are routing ISP traffic and need to black-hole those routes. Here is the current ACL I'm using access-list 150 remark Inbound Packet Filter from Internet access-list 150 remark Limit ICMP messages access-list 150 deny icmp any any log-input fragments access-list 150 permit icmp any any echo access-list 150 permit icmp any any echo-reply access-list 150 permit icmp any any packet-too-big access-list 150 permit icmp any any source-quench access-list 150 permit icmp any any time-exceeded access-list 150 deny icmp any any log-input access-list 150 remark Deny invalid IP sources access-list 150 deny ip 0.0.0.0 0.255.255.255 any log-input access-list 150 deny ip 10.0.0.0 0.255.255.255 any log-input access-list 150 deny ip 127.0.0.0 0.255.255.255 any log-input access-list 150 deny ip 169.254.0.0 0.0.255.255 any log-input access-list 150 deny ip 172.16.0.0 0.15.255.255 any log-input access-list 150 deny ip 192.168.0.0 0.0.255.255 any log-input access-list 150 deny ip 192.0.2.0 0.0.0.255 any log-input access-list 150 deny ip 224.0.0.0 15.255.255.255 any log-input access-list 150 deny ip 240.0.0.0 7.255.255.255 any log-input access-list 150 deny ip 248.0.0.0 7.255.255.255 any log-input access-list 150 deny ip host 255.255.255.255 any log-input access-list 150 remark Permit all other traffic access-list 150 permit ip any any A couple of things I can think of in improving my ACL is firstly by logging all the ICMP traffic that I'm denying. Currently, I'm denying all other ICMP traffic that doesn't match the traffic I permitted, and logging it. In my production routers, I'm seeing my logs haved logged quite a few ICMP denies, I think it would be a good idea to log all the different ICMP message types that has been denied just to see what is being sent to my network that is being denied. eg. access-list 199 permit icmp any any host-redirect Secondly, maybe increasing the number of non-valid ip address ranges coming in, and using Turbo ACL. Has anyone had experience with Turbo ACL? What about egress ACL, should I consider an egress ACL? Maybe just to permit traffic from my network to go out the network, just in case someone within tries to spoof traffic? I'm trying to keep the ACL as generic as possible, so I can use it for all different routers that connects to the Internet, and add any changes as needed to tailor for each different network. Thanks in advance for your suggestions. Regards, Albert Lu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63118&t=63118 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Site-to-Site and Remote Access VPN on PIX? [7:63100]
Kim, It will work, I've done it before. It is true that you can only have 1 crypto map per interface, but you can have multiple ISAKMP/IPSEC policies for different tunnels in that crypto map. However, for dynamic crypto map used for remote access VPN, what happens is that the dynamic crypto map is just like the normal crypto map in the way it's defined, but you hook up the dynamic crypto map to the crypto map which is applied to the interface. Check out the link below. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config /ipsecint.htm One limitation I encountered with client VPN on a PIX is that you won't be able to use local authentication, since PIX doesn't support local usernames/password like the IOS. So you just login with groupname and password. Although you can hook it up to a ACS server to do your extended authentication to specify different users. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Seng Sent: Sunday, February 16, 2003 4:26 AM To: [EMAIL PROTECTED] Subject: Site-to-Site and Remote Access VPN on PIX? [7:63100] Greetings, Can I configure the PIX to do both site-to-site and Remote access VPN at the same time? I think it is impossible since I can only apply only one crypto map to the outside interface. Can someone confirm? Kim. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63119&t=63100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix + router, design issue [7:63244]
Hi, Normally, the CPE router would be the border router that gives you the global IP address range to access. However, in this case it looks like you essentially have 2 border routers. You can get your border router to route the global ip range to the PIX, so the PIX outside interface will have a global IP address. But that would mean you have to break up the subnet the ISP has allocate you. If you have a large range, it may be ok, but if it's a small range (eg. /28), then you will waste IP addresses by doing that. A solution would be to do NAT on your border router, and everything behind the border router will be private IP address range. That would also mean your PIX will not be doing any NAT, so use either nat 0 or statics depending on your purpose. If I were you, I would get rid of the border router. I'm not sure what advantages it is going to have in using it. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 8:42 PM To: [EMAIL PROTECTED] Subject: pix + router, design issue [7:63244] I have a case with a customer that I am installing a PIX and a border router for, He want4s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. - -- -- - - -- -- - - -- -- - PIX 213.100.1.10 Border RouterCPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63254&t=63244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
I thought the PIX can do content filtering if hooked up with websense? Doesn't it use WCCP to do this. Sonicwall says it can do inbuilt anti-virus, content filtering. But it looks like its a subscription based service so it's not really your firewall doing these functions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 8:42 AM To: [EMAIL PROTECTED] Subject: RE: Firewall/PIX help [7:63167] The PIX does have IDS capabilities, but very rudimentary. no anti-virus or content filtering. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63306&t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic thru PIX [7:63347]
Hi, You say you can't ping through pix. I imagine you mean from a PC on the inside network to the internet address on the outside network. Did you check your xlate table if it's doing the translation? (ie. show xlate). I also notice that you have a VPN, make sure that the address you ping isn't in the subnet that you define for the VPN nat0 and for interesting traffic. Looking at your ping results, it looks like you can ping hosts in the inside and outside interfaces. So you just have to figure out why your pix is stopping your traffic. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tunji Suleiman Sent: Thursday, February 20, 2003 4:27 PM To: [EMAIL PROTECTED] Subject: Traffic thru PIX [7:63347] Hello All, Can someone pls tell me how I can allow pings and other traffic thru the PIX? I've added both access-list and conduits for testing. Can ping from pix to a test PC on LAN, to Internet router and to UUNet DNS but not from test PC thru PIX as per below: PIX# wr t Building configuration... : Saved : PIX Version 6.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password J470/UhJVN.5DRKT encrypted passwd J470/UhJVN.5DRKT encrypted hostname PIX domain-name pixdomain.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 10.250.77.3 testpc name 66.120.182.121 gateway access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.0.0 access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.249.0.0 255.255.0.0 access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0 255.255.255 .0 access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.249.48.0 255.255.24 0.0 access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.250.3.0 255.255.255 .0 access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.249.32.0 255.255.24 0.0 access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.255.0 access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.249.64.0 255.255.240.0 access-list arlington permit ip 10.250.77.0 255.255.255.0 10.250.2.0 255.255.255 .0 access-list arlington permit ip 10.250.77.0 255.255.255.0 10.249.16.0 255.255.24 0.0 access-list richmond permit ip 10.250.77.0 255.255.255.0 10.250.75.0 255.255.255 .0 access-list aclout permit icmp any any pager lines 24 logging console debugging interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 66.120.182.122 255.255.255.248 ip address inside 10.250.77.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 66.120.182.123 netmask 255.255.255.248 nat (inside) 0 access-list nat0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group aclout in interface outside conduit permit icmp any any conduit permit tcp any any route outside 0.0.0.0 0.0.0.0 gateway 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 10.250.78.3 255.255.255.255 inside http 10.250.77.2 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set strong3 esp-3des esp-sha-hmac crypto map cmap 1 ipsec-isakmp crypto map cmap 1 match address oxfordhub crypto map cmap 1 set peer 217.33.153.3 crypto map cmap 1 set transform-set strong3 crypto map cmap 2 ipsec-isakmp crypto map cmap 2 match address ipalcohub crypto map cmap 2 set peer 216.37.39.66 crypto map cmap 2 set transform-set strong3 crypto map cmap 3 ipsec-isakmp crypto map cmap 3 match address arlhub crypto map cmap 3 set peer 206.154.225.2 crypto map cmap 3 set transform-set strong3 crypto map cmap 4 ipsec-isakmp crypto map cmap 4 match address arlington crypto map cmap 4 set peer 65.204.31.2 crypto map cmap 4 set transform-set strong3 crypto map cmap 5 ipsec-isakmp crypto map cmap 5 match address richmond crypto map cmap 5 set peer 195.172.96.66 crypto map cmap 5 set transform-set strong3 crypto map cmap interface outside isakmp enable outside isakmp key address 217.33.153.3 netmask 255.255.255.255 isakmp key address 216.37.39.66 netmask 255.255.255.255 isakmp key address 208.171.213.2 netmask 255.255.255.255 isakmp key address 65.204.31.2 netmask 255.255.255.255 isakmp key address 195.172.96.66 netmask 255.255.255.255 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 10.250.77.0 255.255.255.0 inside telnet
RE: ADSL and PIX puzzle [7:63458]
Hi, Ideally, you should have the 827 using 'ip unumbered' on the ADSL (dialer) interface, so that it uses the ethernet interface as the ip address. This will allow the outside interface of the PIX to be in the public ip address range that you are allocated, no need for subnetting as suggestted as this will waste IP address. Once that is done, just do your standard NAT on you PIX with statics for your webservers etc, etc. If that isn't possible, then will have to do NAT on the router, and put statics on the router. The PIX will be doing no translation, so you can either use nat0 or static (you might need both), I prefer statics. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of dlci_16 Sent: Friday, February 21, 2003 12:34 PM To: [EMAIL PROTECTED] Subject: ADSL and PIX puzzle [7:63458] Hello networkers, I am trying to "conjure up" a working config for an ADSL link with static IPs for a 827 series router, these public IPs are supposed to point to, say a webserver, that sits behind a pix firewall (which is directly connected to 827 router4s ethernet interface), problem is when I try to come up with a working config. I find myself getting into trouble. (The catch is, I need the webserver behind that pix.) Now this gets me using NAT twice to get a public IP from the internet through the router past the pix and into my webserver, I know it doesn4t sound right and obviously does not work either ;), Any help/clue/criticisms are most welcome ;) Ok, What it looks like so far: [internet] >[router] ->[pix] ->[lan/webserver] [827series]->[506E]--->[lan/webserver] IP addresses: For internet access I have 200.10.10.136 mask 255.255.255.0 Public IPs: 200.10.15.184 255.255.255.248 (for example) Public IP for my webserver is 200.10.15.189 Router 827: -- ! int eth0 ip address 192.168.0.200 255.255.255.255.0 ip nat inside ! int atm0 no ip address dsl operating-mode auto ! int atm0.1 point-to-point no ip address pvc 0/35 pppoe-cliente dial-pool-number 1 ! int dialer1 ip address 200.10.10.136 255.255.255.0 ip nat outside dialer pool 1 ! ip nat inside source list 1 interface dialer1 overload ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable access-list 1 permit 192.168.0.0 0.0.0.255 ! ip route 0.0.0.0 0.0.0.0 interface dialer1 ! PIX 506E: - ! nameif eth0 outside security0 nameif eth1 inside security 100 ! ip address outside 192.168.0.201 255.255.255.0 ip address inside 192.168.1.21 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 192.168.0.200 1 ! global (outside) 1 192.168.0.202-192.168.0.248 nat (inside) 1 192.168.0.0 255.255.255.0 ! name 192.168.1.30 webserver ! static (inside,outside) 200.10.15.189 webserver ! access-list acl_out permit tcp any host 200.10.15.189 eq 80 ! access-group acl_out in interface outside ! Maby I am going about this the wrong way, maby there is still hope just by tweaking my static nat translation at the router. If you have reached this far, thank you for your time and effort. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63493&t=63458 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi, I'm just curious about your multi-vendor solution. It must cost quite alot in order to have 3 IDS running. What about redundancy, if you are using dual switch/router/fw/ids, you would have a total of 6 IDS. Being able to detect attacks with multiple IDS is one thing. What action can it take once the IDS detects an attack? Logging it into the syslog server is not enough. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 7:53 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Sean, I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and Snort on the server themselves. You can never be paranoid enough about these sort of things. Each vendor has different exploits etc, so by implementing a multi vendor path to your critical servers, you protect yourself from any signle vendor specific exploit! Sean Kim wrote: > > Hello all, > > My company is thinking about installing an IDS (dedicated > appliance type) for our network. > As far as I know, the Real Secure and the Cisco IDS are two > biggest names out there. So I checked out the documents and > white papers provided by the each company, but I couldn't > really come up with what the differences are between them, and > which one is better suited for our network. > > Can anyone voice their opinion about these two IDS? > > Thanks, > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63500&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > which one is better suited for our network. > > > > Can anyone voice their opinion about these two IDS? > > > > Thanks, > > > > Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63508&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Hi Troy, I'm interested in how you are doing monitoring on the security side of things. I'm aware of netforensics that can correlate FW/Router/IDS logs in real-time to tell you about attacks. My personal opinion of the product is that it's a beefed up syslog server with an oracle database in the backend to pump out reports. It's a good solution if you can afford it, otherwise you would have to develop your own scripts to pick out the syslog messages that is relevant. I think the ideal way of responding to security alerts is through a 24x7 cover, and have someone make changes on firewalls where necessary. I'm not too sure about the IDS modifying the FW's ACL in real time, sounds it could potentially be used by someone to DOS. What are people's experience in this, I would be intersted to know? Yes, you're right that most of the security systems are used to stop script kiddies, since exploits that get released have already been known by the more 'elite' hacking/cracking community for weeks/months before it was released. So the best you can do is to do your best to stop the mass herd of script kiddies, and the rest is a numbers game. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 1:51 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Albert, We have 24x7 cover so that response time is pretty quick. (and a very well defined escalation procedure). However at the end of the day you are right, I believe that no systems are secure, what we do is try to stick up as many deterants as possible to make it not worth while, and for the cracker to try and find a more easily exploited system. Further more, the majority of cracking alerts are as a result of script kiddies, and if 10 other systems show up as exploitable before ours, then that is half the war won. Albert Lu wrote: > > Hi Troy, > > Must be some secure site, reason I was interested is that I had > a discussion > with someone else before in regards to multi-vendor IDS > solutions and how > effective they might be. > > So if you mostly rely on manual action, and an attack came in > after hours, > how quickly can you respond to your alerts? Since for some > attacks, a half > hour response time could cause your site to be down (eg. > slammer virus). If > that was the case, even if you had all the vendor's IDS, it > will be useless. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 10:57 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > As with most things, you need to way up costs againts your > requirements. IN > our case, security is absolutely essential, so having a > multivendor security > solutions (and indeed fully redundant) is costly, but we see it > as > justified. > > With regards to action during attacks etc. We mostly rely on > manual actions > as we dont want to inadvertently block legitimate traffic (for > example if an > attack came from a spoofed IP). For automatic action, you can > make use of > Ciso Policy manage, which has the ability to dynamically > rewrite ACL's, on > Pix's, Routers, and indeed Cat's. according to data from IDS. > So for > example, if you where really paraniod (like we are),. you could > have pix's > as the first firewall, with IDS on the inside / dmz etc (using > IDSM or > standalone IDS), tie these together with Policy manager .. then > taking a > further step into your network, a set of Nokia Fw1 NG, along > with further > Nokia IDS solutions on the inside, and tied together using the > enterprisef > software! > > > > Albert Lu wrote: > > > > Hi, > > > > I'm just curious about your multi-vendor solution. It must > cost > > quite alot > > in order to have 3 IDS running. What about redundancy, if you > > are using dual > > switch/router/fw/ids, you would have a total of 6 IDS. > > > > Being able to detect attacks with multiple IDS is one thing. > > What action can > > it take once the IDS detects an attack? Logging it into the > > syslog server is > > not enough. > > > > Albert > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Friday, February 21, 2003 7:53 PM > > To: [EMAIL PROTECTED] > > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > > > > Hi Sean, > > > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > > IDS, and > > Snort on the server themselves. You can never be paranoid &
RE: ADSL Between Head Office and Remote Branch [7:63711]
Hi, Is this correct? Has anyone tried this before? If it's true, then it will really be great!! Imagine being able to replace frame relay, vpn for a office thats nearby and not have to pay a service provider on a regular basis for port/pvc/cir charges. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 6:32 PM To: [EMAIL PROTECTED] Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] As Skarphedinsson told me before about the G.SHDSL 828, he was completely right. Cisco 828 and SOHO 78 G.SHDSL routers offer an affordable broadband WAN access solution that can be carried over existing copper telephone lines (Dry one). The routers provide a symmetrical WAN connection at speeds up to 2.3 Mbps with a 20,000-foot distance limitation. G.SHDSL standard allow two G.SHDSL routers to directly connect with copper wiring in a back-to-back configuration. This back-to-back scenario allows two Cisco 828 or Cisco SOHO 78 G.SHDSL routers to connect without a DSLAM or IP DSL Switch between the units. Ismail Al-Shelh Thanks for to Troy, Skarphedinsson, Steve Wilson and all. -Original Message- From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 8:52 AM Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] I have read the MXL-2300 Brochure its really not complicated like Cisco DSL products cause to be honest I have lost in Cisco site searching for the right product to implement my solution , I am still interested to look for the equivalent product from Cisco, but if I did not find it then I will go for MXL-2300. Thanks for help. Ismail Al-Shelh -Original Message- From: Troy Leliard [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:31 PM To: [EMAIL PROTECTED] Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] What you want to do is possibleinfact I demo'd something similar. I used the MXL-2300 from tut systems ... http://www.tutsys.com/mtu/products/ethernetworking/mxl_2300/index.cfm at anything under 3.5km you can get about 2MB. I haven't tried it this using any cisco kit, Ismail Al-Shelh wrote: > > I think I have to refine my question to be clearer > > Again > > I want to connect my branch office with my head office (1.5Km) > away via DSL > without any external service provider (phone company). > > > Two dry copper wires are laid physically from the Head Office > to the Branch > office. > > > Is this design going to achieve my goal: > > > Clients PC--Ethernet-dsl router-dry pair of copper > wiresdsl > router---Ethernet--Clients PC. > > Ismail Al-Shelh > > Thanks for your help. > > > > -Original Message- > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 4:11 PM > To: [EMAIL PROTECTED] > Subject: ADSL Between Head Office and Remote Branch [7:63711] > > I want to connect my branch office with my head office (1.5Km) > away via ADSL > without any external service provider. > Two copper wires are laid physically from the Head Office to > the Branch > office. > > > Is this design going to achieve my goal? > > Clients PC--Ethernet--837 ADSL-pair of copper wires837 > ADSL---Ethernet--Clients PC > > > > Ismail Al-Shelh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63852&t=63711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL Between Head Office and Remote Branch [7:63711]
Found it on cisco.com http://www.cisco.com/warp/public/cc/pd/rt/800/prodlit/apcnf_an.htm Sounds great!! If only it could do multipoint rather than only point-to-point, I guess you can't expect too much from a copper pair. Maybe cisco can come out with router with multiple g.shdsl interface. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 6:32 PM To: [EMAIL PROTECTED] Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] As Skarphedinsson told me before about the G.SHDSL 828, he was completely right. Cisco 828 and SOHO 78 G.SHDSL routers offer an affordable broadband WAN access solution that can be carried over existing copper telephone lines (Dry one). The routers provide a symmetrical WAN connection at speeds up to 2.3 Mbps with a 20,000-foot distance limitation. G.SHDSL standard allow two G.SHDSL routers to directly connect with copper wiring in a back-to-back configuration. This back-to-back scenario allows two Cisco 828 or Cisco SOHO 78 G.SHDSL routers to connect without a DSLAM or IP DSL Switch between the units. Ismail Al-Shelh Thanks for to Troy, Skarphedinsson, Steve Wilson and all. -Original Message- From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 8:52 AM Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] I have read the MXL-2300 Brochure its really not complicated like Cisco DSL products cause to be honest I have lost in Cisco site searching for the right product to implement my solution , I am still interested to look for the equivalent product from Cisco, but if I did not find it then I will go for MXL-2300. Thanks for help. Ismail Al-Shelh -Original Message- From: Troy Leliard [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:31 PM To: [EMAIL PROTECTED] Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] What you want to do is possibleinfact I demo'd something similar. I used the MXL-2300 from tut systems ... http://www.tutsys.com/mtu/products/ethernetworking/mxl_2300/index.cfm at anything under 3.5km you can get about 2MB. I haven't tried it this using any cisco kit, Ismail Al-Shelh wrote: > > I think I have to refine my question to be clearer > > Again > > I want to connect my branch office with my head office (1.5Km) > away via DSL > without any external service provider (phone company). > > > Two dry copper wires are laid physically from the Head Office > to the Branch > office. > > > Is this design going to achieve my goal: > > > Clients PC--Ethernet-dsl router-dry pair of copper > wiresdsl > router---Ethernet--Clients PC. > > Ismail Al-Shelh > > Thanks for your help. > > > > -Original Message- > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 4:11 PM > To: [EMAIL PROTECTED] > Subject: ADSL Between Head Office and Remote Branch [7:63711] > > I want to connect my branch office with my head office (1.5Km) > away via ADSL > without any external service provider. > Two copper wires are laid physically from the Head Office to > the Branch > office. > > > Is this design going to achieve my goal? > > Clients PC--Ethernet--837 ADSL-pair of copper wires837 > ADSL---Ethernet--Clients PC > > > > Ismail Al-Shelh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63854&t=63711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL Between Head Office and Remote Branch [7:63711]
Sounds interesting. I'm looking at the IntelliPop 5000. It looks like it's doing VDSL, and limited to 4000ft. This is probably only suitable for utilising copper pairs within a building. But it pipes data at up to 26Mbps. Cisco's G.SHDSL goes alot further but with lesser bandwidth. Does anyone know if there's a DSL NIC that can go into your PC, rather than having a CPE device? Also, I'm not too familiar with DSL, but does it allow a splitter facility which you can split your line for voice and data? Any ideas how much the Tutsys product costs? Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 9:36 PM To: [EMAIL PROTECTED] Subject: RE: ADSL Between Head Office and Remote Branch [7:63711] NON Cisco, but hey .. tutsytems have a MTU pop (Multi Tenant User), basically its not multipoint but a chasis that can terminate numberous SDSL connections over existing copper pair. The use an eample of puytting one of these in the basement of a tenant appartment, then using the existing copper (telephony), you can provide access to all the users in the block (they need to have a splitter, but thats it!). Then you would have a single WAN (eg T1) from the chassis to a provider. Making use of dark copper / fibre (ie no signalling etc), is a great way to provide cheap point-to-point links between sites (within the distance limitations). Albert Lu wrote: > > Found it on cisco.com > > http://www.cisco.com/warp/public/cc/pd/rt/800/prodlit/apcnf_an.htm > > Sounds great!! If only it could do multipoint rather than only > point-to-point, I guess you can't expect too much from a copper > pair. Maybe > cisco can come out with router with multiple g.shdsl interface. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 6:32 PM > To: [EMAIL PROTECTED] > Subject: RE: ADSL Between Head Office and Remote Branch > [7:63711] > > > As Skarphedinsson told me before about the G.SHDSL 828, he was > completely > right. > > > Cisco 828 and SOHO 78 G.SHDSL routers offer an affordable > broadband WAN > access solution that can be carried over existing copper > telephone lines > (Dry one). The routers provide a symmetrical WAN connection at > speeds up to > 2.3 Mbps with a 20,000-foot distance limitation. > > > G.SHDSL standard allow two G.SHDSL routers to directly connect > with copper > wiring in a back-to-back configuration. This back-to-back > scenario allows > two Cisco 828 or Cisco SOHO 78 G.SHDSL routers to connect > without a DSLAM or > IP DSL Switch between the units. > > Ismail Al-Shelh > > Thanks for to Troy, Skarphedinsson, Steve Wilson and all. > > > > -Original Message- > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 8:52 AM > Subject: RE: ADSL Between Head Office and Remote Branch > [7:63711] > > I have read the MXL-2300 Brochure its really not complicated > like Cisco DSL > products cause to be honest I have lost in Cisco site searching > for the > right product to implement my solution , I am still interested > to look for > the equivalent product from Cisco, but if I did not find it > then I will go > for MXL-2300. > > > Thanks for help. > > > Ismail Al-Shelh > > > -Original Message- > From: Troy Leliard [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 7:31 PM > To: [EMAIL PROTECTED] > Subject: RE: ADSL Between Head Office and Remote Branch > [7:63711] > > What you want to do is possibleinfact I demo'd something > similar. I > used the MXL-2300 from tut systems ... > > http://www.tutsys.com/mtu/products/ethernetworking/mxl_2300/index.cfm > > at anything under 3.5km you can get about 2MB. I haven't tried > it this > using any cisco kit, > > Ismail Al-Shelh wrote: > > > > I think I have to refine my question to be clearer > > > > Again > > > > I want to connect my branch office with my head office (1.5Km) > > away via DSL > > without any external service provider (phone company). > > > > > > Two dry copper wires are laid physically from the Head Office > > to the Branch > > office. > > > > > > Is this design going to achieve my goal: > > > > > > Clients PC--Ethernet-dsl router-dry pair of copper > > wiresdsl > > router---Ethernet--Clients PC. > > > > Ismail Al-Shelh > > > > Thanks for your help. > > > > > > > > -Original Message- > > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, Febr
Cisco FWM vs Netscreen 5000 [7:63949]
Hello Group, Can someone give me some comparisons between the Cisco 6500 Firewall Module, compared to the Netscreen 5000. I understand the Netscreen allows for virtual firewalls separated via VLAN or IP addresses. Looking at the 6500 Firewall Module, it looks like it can do something similar to the Netscreen but it is just one firewall instance and you define different interfaces via the VLANs created. Does that mean it's a single Xlate table shared between all the interfaces? How does the Netscreen work, does it have multiple instances of the firewall with separate configs? Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63949&t=63949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco Accessories for Sale [7:66600]
Hello Group, I have some bits and pieces to sell that can be useful for a home lab: 1xEmutel Lite ISDN Simulator 2x WIC-1T modules 1x NM-4A/S module 5x Back-to-Back cables 5x Ethernet Transceivers (for 2500 routers) 7x 8MB Flash for 2500 1x 32MB DRAM for 2600 1x 16MB DRAM for 2600 2x 16MB Flash for 2600 Contact me with an offer if interested. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66600&t=66600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: CCIE Lab for Sale [7:40980]
Hello Group, I have the following equipment for sale from my Lab after passing my CCIE: Cisco 2503 16Flash/16DRAM Cisco 2503 16Flash/16DRAM Cisco 2503 16Flash/16DRAM Cisco 2501 16Flash/16DRAM Cisco 2501 16Flash/16DRAM Cisco 2509 16Flash/16DRAM Catalyst 5000 WS-5009 Supervisor Engine I WS-5213a 12 RJ45 port 10/100 Ethernet Module WS-5213a 12 RJ45 port 10/100 Ethernet Module WS-5010 24-Port 10BaseT Module (will provide 1 breakout cable) WS-X5155 ATM LANE Module Prefer buyers in Australia. Make me a serious offer. Albert Lu CCIE #8705 [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40980&t=40980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Routers for Sale/Exchange [7:44336]
I've got some 2500 routers left for sale or exchange: 2501 2503 2509 I'm looking to exchange for a good PC or Laptop. Let me know if your interested. __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44336&t=44336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Looking for token ring MAU Sydney [7:24120]
Hello Group, Sorry for the OT message. Just wanted to know if there's anyone in Sydney looking to get rid of token ring equipment at a reasonable price. I'm looking for a couple of MAUs with 4 cables, a couple of Token Ring PC cards, and maybe a PCMCIA Token Ring card. Basically, I need something for my 2x2502 so I can hook up a PC at one end and another at the other to do some bridging, DLSW scenarios. Thanks Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24120&t=24120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP4 and Multiple Providers [7:55918]
Harold, >From my quick look at this product, it seems to use DNS changes for failover onto another ISP and keeping connectivity. It works different than how BGP would for redundancy, with some limitations. BTW. How much does this product cost? Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of Harold Monroe Sent: Wednesday, October 23, 2002 5:08 AM To: [EMAIL PROTECTED] Subject: RE: BGP4 and Multiple Providers [7:55918] You might want to check out this company www.fatpipeinc.com We have two T1's load balanced (with two different providers - XO & WorldCom) using their hardware/software device and no BGP needed! -Original Message- From: Brian (273954) [mailto:brian@;nextmill.net] Sent: Friday, October 18, 2002 5:24 PM To: [EMAIL PROTECTED] Subject:BGP4 and Multiple Providers [7:55918] We are bringing in a second DS3 line into our Cisco 7206 v12 router and was hoping for some general advise. Our current provider is a 9mbps DS3 from Genuity. We are bringing in a seconds DS3 from PAJO at 6mbps for redundancy and to bring the usage down on the Genuity line. My question is what commands do I need to look into when I have the BGP4 setup on the router in order to handle the flow of traffic properly? 90% of our traffic is OUTBOUND (up to the internet) and we need to balance this traffic between the 9mbps and 6mbps connections. From what I am told this won't be an automatic process but something I will have to tweak on occation depending on if traffic demands change between the connections. How am I best going to control this outbound flow of traffic? My idea was that when one connection is using a high % I can manually modify a metric of some sort to make the router believe that that connection is not as preferred as it once was and start sending a little of the traffic over the other connection instead. Am I being realistic here? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56117&t=55918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco 2600 FacePlate Replacement? [7:56451]
Hi Group, As most of you might know, the 2600 faceplate is quite a poorly designed piece of c***. I have a 2620 router that has a broken faceplate, and was wondering if there was anyway of getting it replaced, or even fixed (special screws maybe?). Thanks in advance. Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56451&t=56451 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: AVVID Discussion Group [7:56670]
Hello Group, I was wondering if anyone know of any good and active discussion groups mainly focusing on Cisco's AVVID. The groupstudy groups tend to be dealing mainly with certification questions, with sprinkling real-world issues. What I would like to be involved in is a discussion of the full project lifecycle of a AVVID rollout. I know that AVVID is very general which incoporates such things as voice, video, data, security, qos, datacentre, vpn, etc. I've recently been reading Cisco's "Solution Reference Network Design Guide" white papers which gives quite alot of good insight of the various AVVID architectures. It would be great to see discussions based on these, to improve on these and also to improve our knowledge-base. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56670&t=56670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IP Phones: CP-30VIP [7:58183]
Hello Group, Just wondering if anyone was familiar with the CP-30VIP IP Phones and how they are different to the current 7000 series phones. I was looking at using them to learn IP Telephony, just wondered if they would be ok. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58183&t=58183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco Accessories for Sale [7:59231]
Hello Group, I have some bits and pieces to sell that can be useful for a home lab: 5x Back-to-Back cables 5x Ethernet Transceivers (for 2500 routers) 7x 8MB Flash for 2500 1x 32MB DRAM for 2600 1x 16MB DRAM for 2600 2x 16MB Flash for 2600 2x WIC-1T modules 1x NM-4A/S module Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59231&t=59231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
