RE: AES license [7:62905]
Yea, and in the pix guide it also list proposed part numbers for the AES. It is about as free as 3DES is (which is not free). I wonder if AES is enabled in my 6.3beta version? Hmmm? Probably not... -Original Message- From: Jim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 5:09 AM To: [EMAIL PROTECTED] Subject: AES license Hi all, With PIXS OS 6.3 coming out with AES does anyone know what the license requirements for it will be? Free for AES or $$ like for 3DES? Any word on this for IOS w/o the need for the AIM? thanks, JT ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62905t=62905 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Howdy to All [7:59521]
I have not met anyone who liked the new Cisco site. I have tons of errors and problems, I don't know what language the site is done in but it pretty bad. When you try to contact Cisco about it, and no one gets back to you. And when they do contact me back, they don't know why the error is occurring. I would rather have the site designed like a command prompt then to have the same thing 17 places on each page. Sometimes I am tempted to load the old site, but then I get old information. How many people have to complain before they change this? Try something else, whatever you are using is not working. I have seen teenagers make a better interface then this. On the first page, you have drop downs, which contain the same things as the links. And the +/- is annoying too. Cisco tends to try to use the underdog technologies when it doesn't have to do directly with network equipment. They need to stop getting cute with this stuff because it is very annoying. I also just got a new Cisco document CD, like 5 out of 10 of the links do not work. It would be very easy to figure this out and correct the problem. And don't get excited if you find any links to PDF on the document CD, most of them are missing. Ever hear of a QA department? -Original Message- From: David Ristau [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 8:43 AM To: [EMAIL PROTECTED] Subject: Howdy to All [7:59521] Just wanted to give a general shout out to all, I'm new here, figured I'd need some help with some study issues. been a CCNA for about 2 1/2 years, looking to pass CCNP exams by August 2003, been working on switching as my first exam. needed a place to vent, looking around here yesterday I cam across a (not known by me) exam 640-901, a little research found it a replacment routing exam, thats ok, oh crap, I'm still studying for the 640-50x exam series. I hate the new cisco site, can't find any good certification material, I actually had to search google and the first links were to cisco web sie exactly what I needed, ciriculum for the 640-60X exam series. looking at the curiculum for the 640-604 switching exam, there is nothing on HSRP or ATM Lane, could this be true ? they are quite complex concepts, the exam looks mich easier if these 2 subjects are left off, though multicast will still be a bear. anyway, just wanted to say hi to everyone, and I look forward to participating and helping out whenever I can. have a good day !!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59530t=59521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3550 study strategy - ANY ?? [7:59000]
Sorry I have been really busy. Actually I need both 3550 switches in production because we have to deploy our app. I am designing (with some help) an e-commerce site. The site consists of two T1 lines, Pix firewall, both switches and Load balancers. Someone from the group is helping me with the design and setup. The one thing I was told about is Round Robin Routing which will be used on the 3550. The challenge was to use bandwidth of both T1s and have them redundant, but to re-route the traffic if any device (besides the router or T1) should fail, it should route the traffic to the other T1. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59375t=59000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 study strategy - ANY ?? [7:59000]
OK I guess everyone in this study group is running their Cisco routers from their houses? OK, I won't post anything about this project. I thought some of the things I was doing with the 3550EMI might be in the CCIE exam for some people. -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:35 AM To: [EMAIL PROTECTED] Subject: Re: 3550 study strategy - ANY ?? [7:59000] so can you title this post something other than study strategy since this is a commercial endeavor? hey - NRF - the real issue is the number of people unwilling to buy the cow because they can get free milk at the study group food and network design bank :- ( reference to another thread ) -- TANSTAAFL there ain't no such thing as a free lunch or maybe there is! Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry I have been really busy. Actually I need both 3550 switches in production because we have to deploy our app. I am designing (with some help) an e-commerce site. The site consists of two T1 lines, Pix firewall, both switches and Load balancers. Someone from the group is helping me with the design and setup. The one thing I was told about is Round Robin Routing which will be used on the 3550. The challenge was to use bandwidth of both T1s and have them redundant, but to re-route the traffic if any device (besides the router or T1) should fail, it should route the traffic to the other T1. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59391t=59000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing Firewalls [7:59183]
OK I figured this one out with some help :) I just need to get the 4 Port DMZ card and designate two of the interfaces as IN using security levels. The failover has a DMZ card too, so I can failover all 4 interfaces in an emergency. Plus 1 Port for the failover. Thanks to the people helping me offline, these scenarios are getting really complex. My next task is figuring how to take two T1s and make them act as a single unit while providing redundancy. Thanks :) -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: RE: Load Balancing Firewalls [7:59183] Actually, management change the diagram on me :( T1---3640---515UR with failover T1---3640---^ Both T1s going into a single 515UR with a standby unit. I figured out the first scenario, I just thought of it as it as being in different locations and use global load balancing on the LBs. This second scenario I don't know if it is possible, I would have 2 IPs coming from the e0/0 on the router, into only 1 Pix interface which I don't know if it is possible -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: Load Balancing Firewalls [7:59183] I have just been given the task of setting up a website with load balancing. T1 --- 3640Pix 515 UR+4E--Load balancer T1 --- 3640---Pix 515 UR+4ELoad balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59297t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balancing Firewalls [7:59183]
I have just been given the task of setting up a website with load balancing. T1 --- 3640Pix 515 UR+4E--Load balancer T1 --- 3640---Pix 515 UR+4ELoad balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59183t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing Firewalls [7:59183]
Actually, management change the diagram on me :( T1---3640---515UR with failover T1---3640---^ Both T1s going into a single 515UR with a standby unit. I figured out the first scenario, I just thought of it as it as being in different locations and use global load balancing on the LBs. This second scenario I don't know if it is possible, I would have 2 IPs coming from the e0/0 on the router, into only 1 Pix interface which I don't know if it is possible -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: Load Balancing Firewalls [7:59183] I have just been given the task of setting up a website with load balancing. T1 --- 3640Pix 515 UR+4E--Load balancer T1 --- 3640---Pix 515 UR+4ELoad balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59187t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 study strategy - ANY ?? [7:59000]
I have 2 3550's EMI layer 3 if you want me to send you command/configuration examples. I am still working on allowing netbios traffic between some VLANS. I been working on some other stuff. I have to do a sh ip route, and check the routing tables to see if everything is setup correctly. Brian -Original Message- From: J M [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 7:09 PM To: [EMAIL PROTECTED] Subject: RE: 3550 study strategy - ANY ?? [7:59000] I am also preparing for the lab and it is my goal to get as much configuration experience with the 3550 as possible. I know you said dont say everything but the more prepared you are the better. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59073t=59000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 labs [7:59096]
The cisco config manual for 3550 is good, I can send it to you. -Original Message- From: Jim Tickle [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: 3550 labs [7:59096] I've got access to a couple of 3500's for a few weeks, and I wanted to do some intense playing. Does anybody have any good materials or URLs for playing with these? Thanks... The Tick - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59099t=59096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help [7:59112]
Router Setup This may be a very simple question, but I set up my router and I cannot access the internet. Here is the configuration file. I tried the command IP Route 0.0.0.0 0.0.0.0 x.x.x.x as well, with no luck. Sigh Also does anyone have any links for configuration PDF for 3600 routers? version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 _/ enable password ! ip subnet-zero ! ! ip name-server 12.127.17.72 ! ! ! ! interface Ethernet0/0 ip address 12.104.49.161 255.255.255.224 no ip mroute-cache half-duplex ! interface Ethernet0/1 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/2 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/3 no ip address no ip mroute-cache shutdown half-duplex ! interface Serial2/0 bandwidth 1544000 ip address 12.124.201.146 255.255.255.252 encapsulation ppp no ip mroute-cache ! ip default-gateway 12.104.49.161 ip classless ip http server ip pim bidir-enable ! ! line con 0 line aux 0 line vty 0 4 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59112t=59112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help [7:59112]
Here is show int Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 000b.461f.1820 (bia 000b.461f.1820) Internet address is 12.104.49.161/27 MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 987 packets input, 90674 bytes, 0 no buffer Received 709 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 1331 packets output, 178902 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Serial2/0 is up, line protocol is up Hardware is DSCC4 with integrated T1 CSU/DSU Internet address is 12.124.201.146/30 MTU 1500 bytes, BW 1544000 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of show interface counters 02:02:22 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158000 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1683 packets input, 61508 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1652 packets output, 94856 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up -Original Message- From: Ehab [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:07 PM To: Brian Zeitz; [EMAIL PROTECTED] Subject: RE: help [7:59112] Check your serial interface status: Sh int s2/0 If not up contact your isp, they got to help you out. Ehab -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Zeitz Sent: 12 December 2002 22:50 To: [EMAIL PROTECTED] Subject: help [7:59112] Router Setup This may be a very simple question, but I set up my router and I cannot access the internet. Here is the configuration file. I tried the command IP Route 0.0.0.0 0.0.0.0 x.x.x.x as well, with no luck. Sigh Also does anyone have any links for configuration PDF for 3600 routers? version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 _/ enable password ! ip subnet-zero ! ! ip name-server 12.127.17.72 ! ! ! ! interface Ethernet0/0 ip address 12.104.49.161 255.255.255.224 no ip mroute-cache half-duplex ! interface Ethernet0/1 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/2 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/3 no ip address no ip mroute-cache shutdown half-duplex ! interface Serial2/0 bandwidth 1544000 ip address 12.124.201.146 255.255.255.252 encapsulation ppp no ip mroute-cache ! ip default-gateway 12.104.49.161 ip classless ip http server ip pim bidir-enable ! ! line con 0 line aux 0 line vty 0 4 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59120t=59112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help [7:59112]
146 was assigned by the ISP -Original Message- From: Walker, James - Is [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:15 PM To: Brian Zeitz; [EMAIL PROTECTED] Subject: RE: help [7:59112] Try: interface Serial2/0 ip address 12.124.201.145 255.255.255.252 -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 1:50 PM To: [EMAIL PROTECTED] Subject: help [7:59112] Router Setup This may be a very simple question, but I set up my router and I cannot access the internet. Here is the configuration file. I tried the command IP Route 0.0.0.0 0.0.0.0 x.x.x.x as well, with no luck. Sigh Also does anyone have any links for configuration PDF for 3600 routers? version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 _/ enable password ! ip subnet-zero ! ! ip name-server 12.127.17.72 ! ! ! ! interface Ethernet0/0 ip address 12.104.49.161 255.255.255.224 no ip mroute-cache half-duplex ! interface Ethernet0/1 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/2 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/3 no ip address no ip mroute-cache shutdown half-duplex ! interface Serial2/0 bandwidth 1544000 ip address 12.124.201.146 255.255.255.252 encapsulation ppp no ip mroute-cache ! ip default-gateway 12.104.49.161 ip classless ip http server ip pim bidir-enable ! ! line con 0 line aux 0 line vty 0 4 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59122t=59112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help [7:59112]
Me = dumb :O OK thanks, I was confused with my default gateway. Another command I forget is dialer-list 1 protocol ip permit I can ping my ISP's DNS now, but I can't ping any websites and I cant ping my LAN interface from the internet. I tried the name-server command with no luck. -Original Message- From: Brian Zeitz Sent: Thursday, December 12, 2002 2:20 PM To: [EMAIL PROTECTED] Subject: RE: help [7:59112] 146 was assigned by the ISP -Original Message- From: Walker, James - Is [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:15 PM To: Brian Zeitz; [EMAIL PROTECTED] Subject: RE: help [7:59112] Try: interface Serial2/0 ip address 12.124.201.145 255.255.255.252 -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 1:50 PM To: [EMAIL PROTECTED] Subject: help [7:59112] Router Setup This may be a very simple question, but I set up my router and I cannot access the internet. Here is the configuration file. I tried the command IP Route 0.0.0.0 0.0.0.0 x.x.x.x as well, with no luck. Sigh Also does anyone have any links for configuration PDF for 3600 routers? version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 _/ enable password ! ip subnet-zero ! ! ip name-server 12.127.17.72 ! ! ! ! interface Ethernet0/0 ip address 12.104.49.161 255.255.255.224 no ip mroute-cache half-duplex ! interface Ethernet0/1 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/2 no ip address no ip mroute-cache shutdown half-duplex ! interface Ethernet0/3 no ip address no ip mroute-cache shutdown half-duplex ! interface Serial2/0 bandwidth 1544000 ip address 12.124.201.146 255.255.255.252 encapsulation ppp no ip mroute-cache ! ip default-gateway 12.104.49.161 ip classless ip http server ip pim bidir-enable ! ! line con 0 line aux 0 line vty 0 4 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59126t=59112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router setup [7:59009]
I was setting up a few 3640 routers with build in CSU/DSU, instead of doing the usual on the serial interface. ( I felt like playing around) Config t Int S2/0 Autodetect PPP Bandwidth 154000 Then I got nothing on my Line Protocol. Then I did an Encapsulation PPP (on the S2/0 interface.) And the interface came up. Does the Autodetect PPP command not work, or is this for something totally different. I also noticed you can do both commands together on the interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59009t=59009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 PPOE Verizon [7:58796]
I know there is a document called PPPOE on 501 or 506 on Cisco site. According to Cisco 515 doesn't support it, but others say they have it working. The document said SOHO on it. Keep in mind it might help to have the latest PIX image to support this. That can be downloaded with a CCO account. These commands Fred is giving you will work fine though. -Original Message- From: Fred Wittenberg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: Re: PIX 501 PPOE Verizon [7:58796] The below example would be for a group named 'colonial: vpdn group colonial request dialout pppoe vpdn group colonial localname USER_NAME vpdn group colonial ppp authentication pap vpdn username USER_NAME password * HTH, FW - Original Message - From: Mark W. Odette II To: Sent: Monday, December 09, 2002 12:07 PM Subject: RE: PIX 501 PPOE Verizon [7:58796] Search CCO for PIX CONFIG and PPPOE... The key to your answer will be with VPDN Group definitions. HTHs, Mark -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 10:01 AM To: [EMAIL PROTECTED] Subject: PIX 501 PPOE Verizon [7:58796] Any one of you every use PIX 501 with Verizon DSL modem, which uses PPOE. How we can specify and user name and password in PIX 501 so that it can connect with Verizon DSL modem. -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59010t=58796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3550EMI [7:58127]
I did the following on my 3550, I am trying to learn. I just got the Cisco Switch field manual. I don't see any information on Clustering switches, which was a disappointment. Here goes VLAN DATABASE Vtp transparent Vlan 1 name vlan1 Vlan 2 name vlan2 Exit Config t No ip http server Ip routing Int vlan1 Ip address 192.168.0.1 255.255.255.0 Int vlan2 Ip address 192.168.1.1 255.255.255.0 Int fast 0/1 Switchport access vlan 1 Int fast 0/2 Switchport access vlan 2 Exit Wr When I try to add fast 0/1 to VLAN1 , it states that fast 0/1 is not a switching port. Is it because it says no ip route cache? I think from playing with the switch, I put some commands in that are preventing me from doing this series of commands. Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(11)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Wed 28-Aug-02 09:33 by antonino Image text-base: 0x3000, data-base: 0x005C6390 ROM: Bootstrap program is C3550 boot loader switch2 uptime is 4 weeks, 4 days, 3 hours, 31 minutes System returned to ROM by power-on System restarted at 11:24:16 UTC Fri Oct 25 2002 System image file is flash:c3550-i9q3l2-mz.121-11.EA1/c3550-i9q3l2-mz.121-11.EA1.bin cisco WS-C3550-24 (PowerPC) processor (revision B0) with 65526K/8192K bytes of memory. Processor board ID CHK0609W0SL Last reset from warm-reset Running Layer2/3 Switching Image Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface 24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) The password-recovery mechanism is enabled. 384K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:08:E3:FD:AC:00 Motherboard assembly number: 73-5700-08 Power supply part number: 34-0966-02 Motherboard serial number: CAT0609005N Power supply serial number: LIT054500YD Model revision number: B0 Motherboard revision number: A0 Model number: WS-C3550-24-SMI System serial number: CHK0609W0SL Configuration register is 0x10F -- show running-config -- Building configuration... Current configuration : 2660 bytes ! ! Last configuration change at 11:58:20 UTC Fri Oct 25 2002 ! NVRAM config last updated at 11:59:01 UTC Fri Oct 25 2002 ! version 12.1 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers ! hostname switch2 ! enable secret 5 enable password ! ip subnet-zero ! cluster enable Cluster1 0 cluster member 1 mac-address 0008.e3fd.1080 ! spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address spanning-tree portfast ! interface FastEthernet0/2 no ip address spanning-tree portfast ! interface FastEthernet0/3 no switchport ip address 192.168.0.222 255.255.255.0 spanning-tree portfast ! interface FastEthernet0/4 no ip address spanning-tree portfast ! interface FastEthernet0/5 no ip address spanning-tree portfast ! interface FastEthernet0/6 no ip address spanning-tree portfast ! interface FastEthernet0/7 no ip address spanning-tree portfast ! interface FastEthernet0/8 no ip address spanning-tree portfast ! interface FastEthernet0/9 no ip address spanning-tree portfast ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address spanning-tree portfast ! interface FastEthernet0/12 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/13 no ip address spanning-tree portfast ! interface FastEthernet0/14 no ip address spanning-tree portfast ! interface FastEthernet0/15 no ip address spanning-tree portfast ! interface FastEthernet0/16 no ip address spanning-tree portfast ! interface FastEthernet0/17 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/18 no ip address spanning-tree portfast ! interface FastEthernet0/19 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/20 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/21 no ip address spanning-tree portfast ! interface FastEthernet0/22 switchport trunk encapsulation isl no ip address spanning-tree portfast ! interface FastEthernet0/23 no ip address spanning-tree portfast ! interface FastEthernet0/24 no ip address spanning-tree portfast ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 192.168.1.50 255.255.255.0 no ip route-cache ! ip
3550-24 Vlan [7:58128]
I deleted all my Vlans by deleting the VLAN.DAT file. Is there any commands for deleting all the port settings. I want to reset all my ports to factory settings. Will a write erase, erase my stored IOS files? I want to keep my images on the switch, but get rid of everything else. Someone said boot up with the mode switch held in and delete config.txt? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58128t=58128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550-24 Vlan [7:58128]
I deleted the config.text on the router, and started over, it now works. Now I need to fire out how to allow SQL to communicate across the 2 VLANS. Brian Building configuration... Current configuration : 2286 bytes ! ! Last configuration change at 14:48:14 UTC Tue Nov 26 2002 ! NVRAM config last updated at 14:49:38 UTC Tue Nov 26 2002 ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 enable password ! clock timezone UTC -5 ! vlan 2 name vlan2 ip subnet-zero ip routing ! vtp mode transparent ! spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 2 no ip address ! interface FastEthernet0/7 switchport access vlan 2 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface FastEthernet0/13 no ip address ! interface FastEthernet0/14 no ip address ! interface FastEthernet0/15 no ip address ! interface FastEthernet0/16 no ip address ! interface FastEthernet0/17 no ip address ! interface FastEthernet0/18 no ip address ! interface FastEthernet0/19 no ip address ! interface FastEthernet0/20 no ip address ! interface FastEthernet0/21 no ip address ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 switchport trunk native vlan 2 no ip address spanning-tree portfast ! interface FastEthernet0/24 no ip address ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 192.168.0.1 255.255.255.0 ! interface Vlan2 ip address 192.168.1.1 255.255.255.0 ! ip classless ip http server ! ! ! ! line con 0 line vty 0 4 password login line vty 5 15 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58130t=58128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550-24 Vlan [7:58128]
I did the command IP routing, both VLANS have routing enabled. Thanks for the help, I will continue on. I know routing is layer 3, just not sure how I can allow a port across the subnets. I have a SQL server on VLAN1 and one on VLAN2. I will continue researching... -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 3:19 PM To: [EMAIL PROTECTED] Subject: Re: 3550-24 Vlan [7:58128] Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I deleted the config.text on the router, and started over, it now works. Now I need to fire out how to allow SQL to communicate across the 2 VLANS. route? set up a routing process on the switch and add the two vlans to the process. the other choice is fallback bridging, but SQL isn't a bridged protocol. I suppose if you were doing strict netbios/netbeui then the L3 would not matter, and fallback bridging would work. Brian Building configuration... Current configuration : 2286 bytes ! ! Last configuration change at 14:48:14 UTC Tue Nov 26 2002 ! NVRAM config last updated at 14:49:38 UTC Tue Nov 26 2002 ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 enable password ! clock timezone UTC -5 ! vlan 2 name vlan2 ip subnet-zero ip routing ! vtp mode transparent ! spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 2 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 2 no ip address ! interface FastEthernet0/7 switchport access vlan 2 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface FastEthernet0/13 no ip address ! interface FastEthernet0/14 no ip address ! interface FastEthernet0/15 no ip address ! interface FastEthernet0/16 no ip address ! interface FastEthernet0/17 no ip address ! interface FastEthernet0/18 no ip address ! interface FastEthernet0/19 no ip address ! interface FastEthernet0/20 no ip address ! interface FastEthernet0/21 no ip address ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 switchport trunk native vlan 2 no ip address spanning-tree portfast ! interface FastEthernet0/24 no ip address ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 192.168.0.1 255.255.255.0 ! interface Vlan2 ip address 192.168.1.1 255.255.255.0 ! ip classless ip http server ! ! ! ! line con 0 line vty 0 4 password login line vty 5 15 password login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58148t=58128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550EMI [7:58127]
Actually this setup worked after I deleted the config.text and stared over. Thanks :) -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: Re: 3550EMI [7:58127] you need to use the command switchport prior to using the command switchport access etc go figure -- TANSTAAFL there ain't no such thing as a free lunch Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I did the following on my 3550, I am trying to learn. I just got the Cisco Switch field manual. I don't see any information on Clustering switches, which was a disappointment. Here goes VLAN DATABASE Vtp transparent Vlan 1 name vlan1 Vlan 2 name vlan2 Exit Config t No ip http server Ip routing Int vlan1 Ip address 192.168.0.1 255.255.255.0 Int vlan2 Ip address 192.168.1.1 255.255.255.0 Int fast 0/1 Switchport access vlan 1 Int fast 0/2 Switchport access vlan 2 Exit Wr When I try to add fast 0/1 to VLAN1 , it states that fast 0/1 is not a switching port. Is it because it says no ip route cache? I think from playing with the switch, I put some commands in that are preventing me from doing this series of commands. Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(11)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Wed 28-Aug-02 09:33 by antonino Image text-base: 0x3000, data-base: 0x005C6390 ROM: Bootstrap program is C3550 boot loader switch2 uptime is 4 weeks, 4 days, 3 hours, 31 minutes System returned to ROM by power-on System restarted at 11:24:16 UTC Fri Oct 25 2002 System image file is flash:c3550-i9q3l2-mz.121-11.EA1/c3550-i9q3l2-mz.121-11.EA1.bin cisco WS-C3550-24 (PowerPC) processor (revision B0) with 65526K/8192K bytes of memory. Processor board ID CHK0609W0SL Last reset from warm-reset Running Layer2/3 Switching Image Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface 24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) The password-recovery mechanism is enabled. 384K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:08:E3:FD:AC:00 Motherboard assembly number: 73-5700-08 Power supply part number: 34-0966-02 Motherboard serial number: CAT0609005N Power supply serial number: LIT054500YD Model revision number: B0 Motherboard revision number: A0 Model number: WS-C3550-24-SMI System serial number: CHK0609W0SL Configuration register is 0x10F -- show running-config -- Building configuration... Current configuration : 2660 bytes ! ! Last configuration change at 11:58:20 UTC Fri Oct 25 2002 ! NVRAM config last updated at 11:59:01 UTC Fri Oct 25 2002 ! version 12.1 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers ! hostname switch2 ! enable secret 5 enable password ! ip subnet-zero ! cluster enable Cluster1 0 cluster member 1 mac-address 0008.e3fd.1080 ! spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address spanning-tree portfast ! interface FastEthernet0/2 no ip address spanning-tree portfast ! interface FastEthernet0/3 no switchport ip address 192.168.0.222 255.255.255.0 spanning-tree portfast ! interface FastEthernet0/4 no ip address spanning-tree portfast ! interface FastEthernet0/5 no ip address spanning-tree portfast ! interface FastEthernet0/6 no ip address spanning-tree portfast ! interface FastEthernet0/7 no ip address spanning-tree portfast ! interface FastEthernet0/8 no ip address spanning-tree portfast ! interface FastEthernet0/9 no ip address spanning-tree portfast ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address spanning-tree portfast ! interface FastEthernet0/12 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/13 no ip address spanning-tree portfast ! interface FastEthernet0/14 no ip address spanning-tree portfast ! interface FastEthernet0/15 no ip address spanning-tree portfast ! interface FastEthernet0/16 no ip address spanning-tree portfast ! interface FastEthernet0/17 no ip address duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/18 no ip address spanning-tree portfast ! interface FastEthe
3550 switch [7:56285]
Hello I am new to working with the 3550-24, I upgraded to the EMI layer 3. That worked fine, I used a TAR file and did an overwrite. What I want to do is make a router from 192.168.1.x to 192.168.0.x to connect 2 networks. The problem is when I put in the subnet mask on the 192.168.0.x its giving me the error, invalid subnet. I tried 255.255.255.0 and 255.255.0.0 with no luck. I am using the 800 pages Cisco configuration guide, and I just ordered the Field Manual for Cat switches from Cisco Press. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56285t=56285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ADSL Vs. SDSL [7:54909]
I have 2 Verizon DSL lines, one is 1.5M down/128k up. The second is 768k/768k up and down. They both have dynamic IPs. My question is; Are these both ADSL lines? My boss thinkins the one 768k/768k is SDSL. I dont think it is, first of all, both lines have the same modem. If the one like was ADSL, and the other was SDSL there would be a different kind of modem. Or does SDSL require a modem at all? These are both Verizon lines, but i am confused on the naming. On my order it says they are both ADSL lines. Any input would be appreciated, is my boss right, or am I right? According to verizon's website ( I don't take this as the final word however) What is the difference between DSL technologies such as SDSL, ADSL, IDSL, etc.? Most small businesses are connected to an asymmetric (ADSL) line. ADSL matches the Internet utilization of most users by providing higher downstream capacity for browsing or downloading. Symmetric DSL (SDSL) is a variation of ADSL, but provides the user with the same speed for both downstream and upstream applications. Verizon Online Business DSL portfolio of DSL speeds provides our Business customers with solutions that meet their specific Internet application needs. Ok that being said, why can i use the same modem on the ADSL line and the SDSL line. Why do they make specific modems for SDSL if they are both the same technology? Thanks, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54909t=54909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Interface Cards Question [7:54236]
What is the maximum amount of FE ports can you have on a 3640. If I had 3 open slots, could I put in three Cisco 4-Port Enet Modules? CIS-NM-4E Or, is it limited like the PIX to X amount of interfaces? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54236t=54236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dumb question IPV6 [7:53712]
Can anyone give a guess to when IPV6 will be implemented in the US? 2007? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53712t=53712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dumb question IPV6 [7:53712]
I am for IPV6, I think with e-commerce applications, and because there is a trend to use internet enabled devices. I know it would be confusing for system engineers, just when everyone understood IPV4 I know there are some updated troubleshooting tools, ICMP as well. I think critical mass will push this into reality. I guess it's just like the story with shipping port workers who do not want to use computerized shipping methods to make the process 4x faster like the rest of shipping ports in the world (Singapore,HK) . I think you can put off technology, but they can't hold it back. Eventually, Mexico will build a larger, better high tech computerized shipping port, and people will complain about jobs going to Mexico. Then the shipping dock will shut down, and we will have all these people laid off complaining. I guess we have to do things the hard way when it comes to technology. If it didn't hurt the US economy and businesses so bad, I would be laughing about it. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 1:40 PM To: [EMAIL PROTECTED] Subject: RE: dumb question IPV6 [7:53712] Brian Zeitz wrote: Can anyone give a guess to when IPV6 will be implemented in the US? 2007? IPv6 is already in use on Internet 2, which is pretty prevalent at universities. More info here: http://www.internet2.edu/html/about.html Other than Internet 2, it's hard to say. Workarounds like NAT and CIDR kind of make IPv6 not necessary, even though NAT is a horrid solution from a technical standpoint. The experts don't agree on when, if ever, the migration to IPv6 should happen. Some attendees at IETF meetings are adament that it's time to plan for the conversion now. Others scoff at the entire idea. Others seem irritated that the problem wasn't fixed with good solutions that were presented almost 10 years ago before the Internet exploded. So, it's fraught with political problems, not just technical. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53731t=53712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3640 [7:53752]
A list was just handed to me of parts ordered in my company; 2 - 3640 routers 2 Cisco 4-Port Enet Modules CIS-NM-4E 2 Cisco 2PT Wan IF Card CIS-NM-2W 2 Cisco 1PT-T1 DSU/CSU CIS-WIC-1DSU-T1 1 Cisco 1 Port T1/ISDN-PRI w/CSU MOD CIS-NM-1CT1-CSU 1 Cisco 12 port digital Modem module CIS-NM-12DM other; 2 Cisco Pix CIS-PIX-4FE Judging by this list, I guess I am getting a T1 CAS and a PRI line also. Does this part list look right? It looks as if I could support two T1 lines, and a PRI line as well with this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53752t=53752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Upgrade [7:53747]
I think you need to set up at TFTP server on a PC to server the file from. I heard there were issues with 6.22, I might try 6.3 once I get my CCO contract numbers right again. -Original Message- From: Robert Edmonds [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 4:34 PM To: [EMAIL PROTECTED] Subject: PIX Upgrade [7:53747] To upgrade the PIX to a newer software version, do you just do copy tftp 172.16.6.100/pix622.bin flash and then reload? Sounds like I'm missing something. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53755t=53747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dumb question IPV6 [7:53712]
Yes, it was me that said 2007. Seems the courts want to push the deadline on updating TV signals before the due date, maybe IPV6 will follow. In the past people have pushed to use certain technology, now its time for us to sit back, because technology is starting to take over by itself. Meaning that companies are going to be forced to use it, or suffer loss to the competition. I know Microsoft and Cisco equipment is IPV6 ready, lets just all switch to IPV6 (insert a date here). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 3:00 PM To: [EMAIL PROTECTED] Subject: RE: dumb question IPV6 [7:53712] Hopefully it won't be as bad as your analogy with the shipping port workers, which is even more fraught with political issues. The balance of power between the workers and management has a history of being way off balance, one way or the other, with technological changes being marred by work stoppages and violence. It's a precarious situation. (I had the job in the 1980s of replacing one of the highest-paid longshoreman with an automated crane. Boy was that a challenge, not helped by the fact that our management made us install it before the bugs were worked out.) Anyway, the conversion to IPv6 won't be that bad I don't think. Someone asked about a timeframe. (Was it you?) I think it will be beofre 2007. Five years from now, who knows where we'll be? ;-) Priscilla Brian Zeitz wrote: I am for IPV6, I think with e-commerce applications, and because there is a trend to use internet enabled devices. I know it would be confusing for system engineers, just when everyone understood IPV4 I know there are some updated troubleshooting tools, ICMP as well. I think critical mass will push this into reality. I guess it's just like the story with shipping port workers who do not want to use computerized shipping methods to make the process 4x faster like the rest of shipping ports in the world (Singapore,HK) . I think you can put off technology, but they can't hold it back. Eventually, Mexico will build a larger, better high tech computerized shipping port, and people will complain about jobs going to Mexico. Then the shipping dock will shut down, and we will have all these people laid off complaining. I guess we have to do things the hard way when it comes to technology. If it didn't hurt the US economy and businesses so bad, I would be laughing about it. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 1:40 PM To: [EMAIL PROTECTED] Subject: RE: dumb question IPV6 [7:53712] Brian Zeitz wrote: Can anyone give a guess to when IPV6 will be implemented in the US? 2007? IPv6 is already in use on Internet 2, which is pretty prevalent at universities. More info here: http://www.internet2.edu/html/about.html Other than Internet 2, it's hard to say. Workarounds like NAT and CIDR kind of make IPv6 not necessary, even though NAT is a horrid solution from a technical standpoint. The experts don't agree on when, if ever, the migration to IPv6 should happen. Some attendees at IETF meetings are adament that it's time to plan for the conversion now. Others scoff at the entire idea. Others seem irritated that the problem wasn't fixed with good solutions that were presented almost 10 years ago before the Internet exploded. So, it's fraught with political problems, not just technical. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53760t=53712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Contract Center [7:53509]
When I try to log into the Serice contract center on Cisco.com, I get=20 =20 Exception: null StackTrace: java.lang.NullPointerException at CSA.CSAMenu.getParentItemId(CSAMenu.java, Compiled Code) at CSA.aoCSACommonData.setMenuId(aoCSACommonData.java, Compiled Code) at CSA.aoCSADispatch.getAppSpecificSettings(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSADisplay.getContractPage(aoCSADisplay.java, Compiled Code) at CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at java.lang.reflect.Method.invoke(Native Method) at CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at java.lang.reflect.Method.invoke(Native Method) at CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSAMainImpl.runApplication(aoCSAMainImpl.java, Compiled Code) at CSA.uoCSADispatchImpl.action(uoCSADispatchImpl.java, Compiled Code) at CORP.uoAppTransition.action(uoAppTransition.java, Compiled Code) at CORP.uoApplicationServer.runApplication(uoApplicationServer.java, Compiled Code) at CORP.uoAppFrame.runApplicationWithEnvDecode(uoAppFrame.java, Compiled Code) at CORP.uoAppFrame.runApplicationWithBinEnv(uoAppFrame.java, Compiled Code) at CORP.uoCCFRequest.run(uoCCFRequest.java, Compiled Code) at CORP.CCFThread.run(CCFThread.java, Compiled Code) at java.lang.Thread.run(Thread.java, Compiled Code)=20 =20 Does anyone else have problems with this? I have contracts, but I add them and nothing happens. Very frustrating. I can't update my Pix because without the contract entries, I can't get to the software center. I tried emailing the address, got no response. I think they need to hire some new programmers at Cisco. And this is supposed to be the NEW SCC? Also after you log in, click on help, you get a Page not found. This is a disgrace. =20 [GroupStudy.com removed an attachment of type image/gif which had a name of image001.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of image002.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of image003.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53509t=53509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Novell and Pix 515 firewall [7:53125]
Does anyone know what ports I need to open on a Pix firewall for Novell Boardermanager VPN Client 3.6 to work? I need UDP and TCP. I am guessing it uses 2010 for UDP tunnel, and UDP 17 for IP header, and TCP 353 for data. I am having trouble, I think I may need to do port forwarding. Thanks Brian Zeitz MCSE, CCNP Network Engineer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53125t=53125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS SLB [7:52089]
Is there any way to make IOS SLB work on a 3550? I think that if these switches are going to be tested in the CCIE exam, they should allow the feature to be used. Ill IOS SLB only work on a 6500 and 7000 series? There is no way to play with SLB on smaller routers and switches is there? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52089t=52089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS beta exam [7:51784]
I am going to go take this now. There isn't a passing score if I understand it, they determine the passing score for betas when all the results are in in 12 weeks. Tomorrow VPN and the next day Pix, fun ;) -Original Message- From: Brian Zeitz Sent: Tuesday, August 20, 2002 4:52 PM To: 'Simer Mayo' Subject: RE: MCNS beta exam I am going to go take this now. There isn't a passing score if I understand it, they determine the passing score for betas when all the results are in in 12 weeks. Tomorrow VPN and the next day Pix, fun ;) -Original Message- From: Simer Mayo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 2:31 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: MCNS beta exam What is the passing percentage/ score for the MCNS and CSPFA beta exams? Thanks __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51784t=51784 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
802.1x Security on a 3550 [7:51645]
Has anyone heard/used this yet? It allows you to authenticate users/Pass with a Radius Server using a 3550 switch (or higher end cat switch). This is an awesome idea to implement security on the LAN. I am planning on implementing it soon, don't get too excited, because unless you are running Windows XP clients, you cant use 802.1x yet. Windows 2000 will also support 802.1x soon. I happen to run all my clients on XP, if you are not on XP you might want to start thinking about it. Windows XP is the only client that supports 802.1x. This could be another great test question for the CSS1 betas. Man I love these 3550 switches, and XP :-) Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51645t=51645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX Novell [7:51303]
He may need to encapsulate the IPX into TCP/IP. Cisco only supports IP on the VPN3000 concentrator. Maybe a good test question for us taking the CSS1 exams. The VPN 5000 will support IPX. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51365t=51303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX amp; Novell [7:51303]
If you believe any of this, you can spend $1.50 and own some of the Novell Company (stock market). About the cost of a candy bar? My experience with Novell you need to spend a lot of effort to get anything to work, and there support is non-existant. I have heard of even hardcore Novell shops switch to a different OS, after trying Novell 5 with horror stories. Everything about Novell works with broadcasts that flood the network. They are considered a step up from Apple networks though, in the unnecessary traffic they create. Recently, I was told I needed to make a VPN connection to another company using ADSL, the problem is that Novell Client will not work with ADSL. It may work now in Novell 6 client. There was a long laundry list of work arounds, and modifications you had to do to get it running. I really don't have this kind of patience, so I think they dropped the idea of getting a VPN connection into Novell. Some of the fixes were playing games with the MTU size to get it to work. The problem with that, is the rest of my network is using the ADSL line. I think you will find issues with using Pix Firewall with Novell. Novell requires so many modifications to make it work, that you will compromise performance and security (i.e. compatability mode), if you can get it to work at all. With major security Vulnerabilities like Denial of Service issues with the Novell VPN. I find a lot of people like Novell (and other obsolete OS's) because they have good memories of running the 3.xx box on a 386. Maybe back then it was worth mentioning. Now, it is full of security holes, and bugs that are in the Novell OS which no one bothers to fix. At this point, they are just struggling to keep the lights on at Novell. Novell got IPX from Xerox anyway, not so innovating at all. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 7:35 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX Novell [7:51303] Not junk at all. :-) I think it's impressive that Novell continues to innovate. Comments below: Don Queen wrote: What version of Netware are you running on the server? If it 5 or 6, it's native IP, so basically you're sending IP traffic out of the Pix, which should work. It sound as if your problem may be with the packet actually coming back into the Pix. Do you have any rules that may be preventing the server from responding back to the client? Here is the information from Novell's website listing the port that Novell uses TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for Pure IP connectivity. The following ports are used for communication. TCP 524 - NCP Requests - Source port will be a high port (1024-65535) UDP 524 - NCP for time synchronization - Source port will be a high port UDP 123 - NTP for time synchronization - Source port will be the same UDP 427 - SLP Requests - Source port will be the same (427) TCP 427 - SLP Requests - Source port will be the same (427) TCP 2302 - CMD - Source port will be a high port UDP 2645 - CMD - Source port will be the same (2645) I thought I would add to this the decoding of the acronyms: NCP sort of obviously NetWare Core Protocol, the classic client/server protocol that Novell has used for almost 20 years. SLP is for Service Location Protocol, a protocol for finding services that may catch on, although admittedly it is mostly Novell and Apple making a big deal of it. RFC 2608 defines the current version of SLP, version 2. I think I read somewhere that Novell uses the older version. It's defined int RFC 2165. They use different multicast addresses which could be an issue. CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port 2645. I hadn't heard of it using TCP port 2302. Note that all of these ports might not be necessary for every implementation. The original poster needs to tell us what his problem is, if anything. Maybe he was just getting info. Priscilla Not bad for junk as you call it. - Original Message - From: Brian Zeitz To: Sent: Tuesday, August 13, 2002 2:02 PM Subject: RE: Cisco PIX Novell [7:51303] Usually people set up a web interfaces for this. I don't really know the Novell Junk, but I would start by upgrading the client to Novell 6, if you even want to attempt VPN, if that's what you are trying to do. If the server is on the DMZ, you want cut though proxy (probably doesn't work with Novell). If you server is on the internet, you don't want to transmit your passwords over the internet in clear text so you need VPN. Save yourself a lot of headaches and trouble and switch to Microsoft or Unix. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 1:24 PM To: [EMAIL PROTECTED] Subject: Cisco PIX Novell [7:51303] We have a Cisco PIX 525. The Novell 5.1 user/client is behind the firewall. The server is outside
RE: CCNP 50x Exam objectives [7:51370]
Usually I would suggest to look in your 50x books, they usually have outlines there. Here is a link that has 50x if you look. I think they still use the 50x for the foundation. http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exams/640-509.html -Original Message- From: Karl Thrasher [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 12:31 PM To: [EMAIL PROTECTED] Subject: CCNP 50x Exam objectives [7:51370] Does anyone, by any chance, still have a copy of the CCNP 50x exam objectives? I would like to make a line-by-line comparison of those to the CCNP 60x exam objectives. Thanks, Karl. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51373t=51370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP 50x Exam objectives [7:51370]
If you have not figured out how to get the 506, it is here. I simply replaced 503, with 506. http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exams/640-506.html -Original Message- From: Karl Thrasher [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 12:31 PM To: [EMAIL PROTECTED] Subject: CCNP 50x Exam objectives [7:51370] Does anyone, by any chance, still have a copy of the CCNP 50x exam objectives? I would like to make a line-by-line comparison of those to the CCNP 60x exam objectives. Thanks, Karl. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51374t=51370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX Novell [7:51303]
My point about the VPN concentrator was in a different email. I was mentioning the VPN concentrator for those taking the CSVPN test for the CSS1. Maybe I should have changed the heading, to make it politically correct. I am sure people going for the VPN test will appreciate this if they see it on their exam. I was trying to get this conversation back on what we are all here for, Cisco related products. Your point about analyzing user requirements is mute. There was not enough detail to perform an evaluation. That would be the answer to this question. I was just taking a shot in the dark, just like everyone else. This would be a bad example to see if someone could analyze network requirements. If it was a credible question, this would apply. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: Cisco PIX Novell [7:51303] Brian Zeitz wrote: He may need to encapsulate the IPX into TCP/IP. Cisco only supports IP on the VPN3000 concentrator. Maybe a good test question for us taking the CSS1 exams. The VPN 5000 will support IPX. It might be a good design question to see if the test-taker can analyze user requirements. He didn't say anything about having a VPN concentrator. In fact, he's not trying to do a VPN, I don't think. He's just trying to get ordinary client/server traffic to work through the PIX 525. Also, he's using IP, not IPX. On the other hand, I have to somewhat agree with some of your other message about NetWare being overly complex and requiring too much tinkering to get it working. I tried to find an answer to the actual question on the Novell Web site and the servers were excruciatingly slow to start with and there was nothing useful on the particular question (of getting NetWare client to talk to NetWare 5.1 server with IP as the preferred method across a PIX firewall). The original poster said that the client talks to a Directory Agent (DA) first. This implies that Service Location Protocol (SLP) is in use, but that multicasts are not required for finding services. A DA minimizes the requirement for multicasts. SLP user and service agents can find the DA via multicast, (if they don't hear from it first), but once they do find the DA, they can send unicasts directly to the DA. It sounds like the client is finding the DA fine and the DA is giving the client a server to use, but then the failure occurs. Is there a way for him to avoid SLP and specify the actual server? Can't he just do this with an IP address (or name assuming DNS is working?) I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-) Thanks Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51383t=51303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Concentrators Novell [7:51384]
Which concentrator are you referring to? The 3000? Cisco says the 3000 doesn't support IPX. -Original Message- From: Christopher Dumais [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: RE: Cisco PIX Novell [7:51303] We have done some testing through this same concentrator. If you do not have SLP implemented on your NW5.x environment, you need to put the IP address of your logon server in the preferred server filed of the client. Your client need to be set up for IP/IPX or just IP for this to work. IP only works faster. We were able to successfully logon, access files, and print through the concentrator. Hope this helps! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Priscilla Oppenheimer 8/14/02 1:37:17 PM Brian Zeitz wrote: He may need to encapsulate the IPX into TCP/IP. Cisco only supports IP on the VPN3000 concentrator. Maybe a good test question for us taking the CSS1 exams. The VPN 5000 will support IPX. It might be a good design question to see if the test-taker can analyze user requirements. He didn't say anything about having a VPN concentrator. In fact, he's not trying to do a VPN, I don't think. He's just trying to get ordinary client/server traffic to work through the PIX 525. Also, he's using IP, not IPX. On the other hand, I have to somewhat agree with some of your other message about NetWare being overly complex and requiring too much tinkering to get it working. I tried to find an answer to the actual question on the Novell Web site and the servers were excruciatingly slow to start with and there was nothing useful on the particular question (of getting NetWare client to talk to NetWare 5.1 server with IP as the preferred method across a PIX firewall). The original poster said that the client talks to a Directory Agent (DA) first. This implies that Service Location Protocol (SLP) is in use, but that multicasts are not required for finding services. A DA minimizes the requirement for multicasts. SLP user and service agents can find the DA via multicast, (if they don't hear from it first), but once they do find the DA, they can send unicasts directly to the DA. It sounds like the client is finding the DA fine and the DA is giving the client a server to use, but then the failure occurs. Is there a way for him to avoid SLP and specify the actual server? Can't he just do this with an IP address (or name assuming DNS is working?) I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-) Thanks Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51384t=51384 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New Cisco Optical Specialist Cert [7:51377]
Yes, and No. I would be very interested in optical switching, but the cert I am not sure of. I would be interested in taking some free beta exams for this maybe. I have also asked Cisco press for a book on optical networking, and content switching. I am more concerned about learning the material then the exams. All these specialist exams, with a 2 year expiration, it's going to be hard to keep up eventually. CCNP is every 3 years, CSS1 is every 2 years, Content Switching 2 years, Optical 2 years, Internet Specialist 2 years. I would be spending all my time at the testing center in the future. I will find a way to prove I know what I am talking about rather then doing the carrot and stick routine with the certifications. And recently Cisco raised the price of the exams to $125. They should have lowered the price on the ones you need to recertify in 2 years. I think CCNP should be 5 years, not 3 years, not that I can't pass the exams again easily, its just the point. I don't think the foundation exam is free either, at least Microsoft gave me a free voucher to upgrade my MCSE to 2K. I want to learn optical switching, and keep on top of it. I looked at other optical switching books, but I am not sure which ones relate to Cisco. Can anyone recommend a good thick optical switching book that would be available now? -Original Message- From: dre [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 1:48 PM To: [EMAIL PROTECTED] Subject: New Cisco Optical Specialist Cert [7:51377] Anyone taking any interest in this? Does anyone even use any of the Cisco optical products? PAD PAD PAD http://www.cisco.com/warp/public/10/wwtraining/whats_new/ http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/optical/ http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exam s/9E0-611.html -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51386t=51377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSPFA Beta Exams [7:51246]
Any questions you are not sure of, say 3080. It is the most powerful concentrator they sell. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 3:17 PM To: Brian Zeitz; [EMAIL PROTECTED] Subject: RE: CSPFA Beta Exams [7:51246] Your going to be shocked. At least with the CSPFA. I take the CSVPN test tommorrow. Something that shocked and concerned me with the outline for the CSVPN class is that they focused on the Concentrator product line more than the Router VPN configuration. I don't know if the test will follow that or not ( but I will tommorrow ) but from my experience, Lan 2 Lan should hold equal weight. We have a couple of the 3030's so I am building all kinds of sample configs and doing testing on all the bells and whistles, but Im going to be in a workd of hurt when 3002 questions come up. I don't have access to those so it's the guessing game for me.. Like you said though, its free so you cant go wrong. It also helps me review for the CCIE Lab that I have in a little over a month! Im starting to cross my fingers now for that fateful day. Thanks Larry -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: RE: CSPFA Beta Exams [7:51246] I am scheduled for all three, VPN, MCNS, and CSPFA. I scheduled them the 20th, 21st, and 22nd. Because I needed a few days to study for these suckers. I cant go wrong for free! Here is my trick, I have all 3 CSS1 books, I just go to the back of the book and look at all the question an answers. Starting with chapter 1, and go to the end. If I don't understand what they are talking about, or a term, like ACS, I just look it up. I pretty much did this in a few hours. I did this for all 3 CSS1 books so far, then I took a look at the Boson exams, they were a no-brainer for the most part. Besides this, I am familiar with networking and security. Some of the new technology, like the 3005 concentrator is in your VPN book, if you opened it. With the pix, there is a lot of common sense questions I am sure they will ask like how many interfaces does a pix have?. Ans: depends on the model. Wow, how hard! I usually would give these exams a lot more time, if I was actually paying for it. The time from the announcement, until the time you needed to register, was only seconds. These free beta exams fill up quick. I remember the CCNA 2.0 beta which was cheap, or free. It filled up from all the other countries in the world registering first, by the time it came to the USA, for VUE to open its lines, all the seats were filled. They made a special exception for loud mouth people like me though. I think the masses are taking MCNS, I don't think that many are taking VPN and CSPFA. But if you waited til now, they are probably filled by people who just wanted to say they took these. Note: I have not taken any of the exams yet, so I am not breaking any NDA. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 4:33 PM To: Cisco CCIE Mailing List ([EMAIL PROTECTED]); Cisco Security Mailing List ([EMAIL PROTECTED]) Subject: CSPFA Beta Exams Just curious if anyone else has taken this exam yet? Wanted to see if your opinion of it is the same as mine! This being the first beta I have taken for Cisco, I can only hope the other 2 are better! Thanks Larry __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51258t=51246 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX Novell [7:51303]
Usually people set up a web interfaces for this. I don't really know the Novell Junk, but I would start by upgrading the client to Novell 6, if you even want to attempt VPN, if that's what you are trying to do. If the server is on the DMZ, you want cut though proxy (probably doesn't work with Novell). If you server is on the internet, you don't want to transmit your passwords over the internet in clear text so you need VPN. Save yourself a lot of headaches and trouble and switch to Microsoft or Unix. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 1:24 PM To: [EMAIL PROTECTED] Subject: Cisco PIX Novell [7:51303] We have a Cisco PIX 525. The Novell 5.1 user/client is behind the firewall. The server is outside the firewall. What do I need to do make the client be able to sign into the server? We have it configured so that anyone in the inside can do any ip to the outside? The Netware client is set to use IP as the preferred method. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51312t=51303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - First Look - Troubleshooting Campu [7:51301]
If you want to know about 3550s, download the software cisco config guide free, it is huge (800 pages). I don't know much about Certification zone, but I cant give them a plug here. Also, if you still want to know more, Cisco is coming out with a book that covers that very subject, and other Cat switches and the COS and IOS. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 4:32 PM To: [EMAIL PROTECTED] Subject: RE: Off Topic - First Look - Troubleshooting Campu [7:51301] Thank-you very much, Larry and Chuck, for the recommendation of Troubleshooting Campus Networks. Hopefully it will help with both real-world issues and issues that appear in the Cisco Support exam, (not that those aren't real-world. ;-) I look forward to learning more about the 3550 switches, Chuck. I hear that you and Leigh Anne Chisholm are working on a paper on that topic for CertificationZone.com. (I don't think that I'm revealing anything private.) That should be great! You're right that it's hard to publish a book that has all the latest developments in our field. In addition to 801.1t STP amendments, I think 802.1W (rapid spanning tree convergence) holds lots of promise, but I wasn't able to cover it in much detail. But that's why the book has a Web site too. Better get to work on some new white papers. ;-) The Web site is here: http://www.troubleshootingnetworks.com/ Priscilla Larry Letterman wrote: I agree, the book is good... I have not read all of it yet...but so far its another good work by Priscella and her co-author... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck's Long Road Sent: Monday, August 12, 2002 10:07 PM To: [EMAIL PROTECTED] Subject: Off Topic - First Look - Troubleshooting Campus Networks [7:51290] Folks, it is always a pleasure to read a well written technical book, and Troubleshooting Campus Networks is no exception. Priscilla Oppenheimer and co-author Joseph Bardwell have created an outstanding book, one which will occupy a place of honor on my bookshelf, right next to Top Down Network Design. This book goes into a lot of detail, making it an excellent choice for study and for life with real networks. Examples abound. As does good advice for design and troubleshooting. For example, in the chapter on switching, the authors point out good reasons why one should NOT directly link two core switches in a typical core / distribution / access design. Having seen many such designs where high level engineers with years of good experience have done just that, with the belief that more redundancy is better, it is nice to read a solid explanation of the opposite. From what I have read so far, I am guessing that the actual writing was locked down six months ago. There is no discussion of the Cisco 3550 line of switches, no discussion of 802.1t STP extensions, and no discussion of 802.1q tunneling, for example, which if nothing else serves to show how fast this business continues to change. For those who think I am sucking up, you are absolutely right. I am. But only because I am thankful for the advice and guidance that PO has given to me and to many others on this list, both directly and indirectly. I want to ensure that the flow of good advice continues. :- So check it out http://www.amazon.com/exec/obidos/ASIN/0471210137/ref=pd_rhf_p_1/002-339 4114 -4544058 watch the wrap This is most definitely a book for those looking for good solid information for work and for study. You will most definitely find both here. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51326t=51301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Notes on salaries [7:51052]
With more applications becoming internet ready everyday. With rapid changed in technology, with companies using the internet in new ways. With files getting larger, requiring more bandwidth, with video apps becoming more commonplace, with common users using and editing streaming video/Tivo. With DSL speed increasing, with the predictions of the 2nd coming of the internet boom. With Voice over IP becoming more standard, with XML ready to come onboard to integrate the web. With handhelds and wirless internet ready to break. Also, thousands of new companies are waiting to implement their internet ideas, the economy is just not stable enough for them right now. Someone needs to support this stuff! Too many new technologies to mention. I would say that the few left standing though the hard times, which we are experiencing now, will be paid seven fold. There are too many reasons to mention why to get Cisco certified. Just like investing, it takes time and patience. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51229t=51052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ADSL routers [7:51250]
Can anyone suggest a good router to get for ADSL? I want to utilize a full IOS, and not a dumbed down version. Or should I just go with a 2600 with an ADSL card. This firewall will be for a home connection, but I am the type to mess around with the routers, try to do different things with Pix firewalls, security, servers and whatnot. I know netgear routers work well for some people, but I want to use my router as something functional and as educational at the same time. What would be the cheapest way to go for an ADSL router, with full IOS capabilities. Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51250t=51250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSPFA Beta Exams [7:51246]
I am scheduled for all three, VPN, MCNS, and CSPFA. I scheduled them the 20th, 21st, and 22nd. Because I needed a few days to study for these suckers. I cant go wrong for free! Here is my trick, I have all 3 CSS1 books, I just go to the back of the book and look at all the question an answers. Starting with chapter 1, and go to the end. If I don't understand what they are talking about, or a term, like ACS, I just look it up. I pretty much did this in a few hours. I did this for all 3 CSS1 books so far, then I took a look at the Boson exams, they were a no-brainer for the most part. Besides this, I am familiar with networking and security. Some of the new technology, like the 3005 concentrator is in your VPN book, if you opened it. With the pix, there is a lot of common sense questions I am sure they will ask like how many interfaces does a pix have?. Ans: depends on the model. Wow, how hard! I usually would give these exams a lot more time, if I was actually paying for it. The time from the announcement, until the time you needed to register, was only seconds. These free beta exams fill up quick. I remember the CCNA 2.0 beta which was cheap, or free. It filled up from all the other countries in the world registering first, by the time it came to the USA, for VUE to open its lines, all the seats were filled. They made a special exception for loud mouth people like me though. I think the masses are taking MCNS, I don't think that many are taking VPN and CSPFA. But if you waited til now, they are probably filled by people who just wanted to say they took these. Note: I have not taken any of the exams yet, so I am not breaking any NDA. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 4:33 PM To: Cisco CCIE Mailing List ([EMAIL PROTECTED]); Cisco Security Mailing List ([EMAIL PROTECTED]) Subject: CSPFA Beta Exams Just curious if anyone else has taken this exam yet? Wanted to see if your opinion of it is the same as mine! This being the first beta I have taken for Cisco, I can only hope the other 2 are better! Thanks Larry __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51246t=51246 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 [7:50532]
I just signed up for all three Cisco Security exams! I thought this was a joke, but it is true! Managing Cisco Network Security Cisco Secure Pix Firewall Advanced Cisco Secure Virtual Private Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50532t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 Beta [7:50536]
The 3 Cisco Security test I was talking about are from the Free Beta. I forgot to say that. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50536t=50536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS1 [7:50532]
I sent it to you already! OR A LIMITED TIME FREE CISCO SECURITY CERTIFICATION BETA EXAMS Use these Promotional Codes to take them for free From August 2nd through 22nd, the first 300 candidates to take each of these 3 new Cisco security certification BETA exams can do so AT NO COST: Managing Cisco Network Security (MCNS), Cisco Secure PIX Firewall Advanced (CSPFA), and Cisco Secure Virtual Private Networks (CSVPN). Please share this opportunity with your coworkers, customers and Partners. Registration for these BETA exams starts August 2nd. Candidates must reference the following PROMOTIONAL CODES to take the BETA exams for free ---MCNS BETA exam #641-100, CODE: mcnsbe ---CSPFA BETA exam #9E1-111, CODE: cspfab ---CSVPN BETA exam #9E1-121, CODE: csvpnb To register, contact one of the following testing centers: Prometric: US and Canada: 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit http://www.prometric.com. VUE: U.S. and Canada call 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit www.vue.com. The testing centers will need your social security number and some demographic information before scheduling your exam. You will receive the results of your test approximately 8-12 weeks after the BETA period has ended. A passing score on a BETA exam can be applied toward the relevant Cisco security certifications. The finalized versions of these exams will go-live October 1st and will be available worldwide at their regular cost. So be sure to take advantage of this opportunity to take these exams at no cost! BETA Exam Description: The MCNS 641-100 BETA exam is the final step in preparation for the October 2002 launch of the revised MCNS exam. It focuses on the new material included in the new MCNS 3.0 course releasing August 2002. The MCNS 3.0 course fully replaces the existing MCNS 2.0 course. Content covering the PIX Firewall has been removed and several new IOS Firewall and IPSec features have been added. In addition to these new chapters and labs, all content focuses on the IOS software version 12.2.8T, CS ACS 3.0 for Windows 2000 Server, as well as the new Cisco Unified 3.0 IPSec Client. BETA Exam Description: The CSPFA 9E1-111 BETA exam is the final step in preparation for the October 2002 launch of the revised CSPFA exam. It focuses on the new material included in the new CSPFA 3.0 course releasing August 2002. The CSPFA 3.0 course updates CSPFA 2.1 and includes new lab exercises (Configuring Object Grouping, Configuring Command-Level Authorization, and Configuring a VPN with the PIX Device Manager), how to upgrade an activation key, how to use NAT 0 ACLs, how to configure secure remote access to your PIX Firewall, and how the PIX Firewall works with common applications. Labs focus on PIX Firewall software version 6.2, and content covering the Cisco IOS Firewall feature set have been removed. BETA Exam Description: The CSVPN 9E1-121BETA exam is the final step in preparation for the October 2002 launch of the revised CSVPN exam. It focuses on the new material included in the new CSVPN 3.0 course releasing August 2002. The CSVPN 3.0 course fully replaces the existing CSVPN 2.0 course. Content covering Cisco PIX Firewall-VPN and IOS-VPN theory has been removed and the course now focuses on the Cisco VPN 3000 Concentrator release 3.5 software, new Cisco VPN 3002 features, as well as installation and configuration of the Cisco VPN 3.5 Software Client (on Windows 2000 platforms) and installation and configuration of the Cisco VPN 3002. __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50553t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
Cisco made mine, if they send me IBM I would put it right back in the box and send it back for a refund. IBM's equipment is junk and has no quality. I doubt Cisco would do something silly like that. IBM comes up with great concepts, ill give them that, but no ability whatsoever to execute them to final production. -Original Message- From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1000TX GBICs [7:50316] I'm not sure if Cisco makes their own GBICs. The LX ones that came from Cisco with our 6509's are from IBM. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hartnell, George Sent: Thursday, August 01, 2002 1:06 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1000TX GBICs [7:50316] and have nothing good to say about them. What sweet nothings would those be? On another, but similar, note, what 3d party GBICs for 1000LX single mode are out there for the Cat 3548 switches? And, are there any sweet nothings about using those in a Cisco platform? Very best, G. -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 2:55 PM To: [EMAIL PROTECTED] Subject: Cisco 1000TX GBICs [7:50316] Anyone have experience with the 1000TX GBICs from Cisco? We have used the stacking GBICs and have nothing good to say about them. The TX GBICs are over $100 less (retail). Ken Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50454t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL - unable to reach URL's [7:50068]
What OS is he using? XP has the PPPoE stuff built in it. Just like you add a dial up connection, you can add a ADSL connection. -Original Message- From: Derrick Monahan [mailto:[EMAIL PROTECTED]] Sent: Monday, July 29, 2002 6:10 PM To: [EMAIL PROTECTED] Subject: ADSL - unable to reach URL's [7:50068] I have been setting up a DSL connection for a home user, but he is currently unable to reach ANY website. I am able to ping IP addresses of servers on the internet and get a reply. But, neither IE nor Netscape is able to reach a single page (via IP or Name). The DHCP servers gives his adapter an IP address and gateway of the same address. The subnet is a /24. He is using the PPPoE adapter and no router or firewall exists at his site. I hardcoded the DNS server addresses to ensure DNS name resolution, but this did not fix anything. If you have any recommendations please reply. This should be a simple task to complete, but obviously I am missing something. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50259t=50068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardware requirement for Cisco CallManager [7:50142]
I mean 2 different versions, Compaq/HP and IBM. I stand corrected. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 11:22 PM To: [EMAIL PROTECTED] Subject: Re: Hardware requirement for Cisco CallManager [7:50142] I'm not sure there are any certified HP servers for CM. Last I checked, there weren't. Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yea, I think there is 2 different versions, Compaq and HP. I think you need to pick the version up front. I have Compaq DL380s and DL360s, these are the fastest servers I have ever seen. Esp for the size, 1U, and its great that it comes with insight manager for free. I don't like IBM, I think there products are junk and they can never get a concept off the ground. You wont be sorry if you go with Compaq, most people I talk to who use CallManger say use Compaq hands down. Someone offered me this software, but having Compaq servers in my living room would be a bit too much ;) The DL360 must be certified, because that is what most people use. I couldn't find the info on the site. -Original Message- From: Chris Charlebois [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 2:57 PM To: [EMAIL PROTECTED] Subject: RE: Hardware requirement for Cisco CallManager [7:50142] CallManager 3.1 and higher is certified on Compaq DL320, DL380, and IBM series 340, for sure. I assume that DL360, also, although I have no first-hand knowledge of that, and I beleive some HP server (I think even a Dell). These are just the servers that are supported using the Sperion Installation Utility for the OS. In actualality, you can run an OS patch on any server running W2K Server and then install CallManager itself on top. The manufacturer isn't nearly as important as the performance. That being said, I wouldn't install even a lab CallManager on anything less than P3-700 with 512 memory. Production *should* be over a gigahertz with a GB of memory. And I would recommend installing any other apps on the CallManger server, either. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50264t=50142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS Exam Papers [7:50278]
I say to be honest, if you use a boson test, or any other software and you directly benefit off that software, then you should buy the product. People are honest for the most part, if you are directly benefiting off some piece of software, then send the money in. We are an MSDN site, and if you want to set up a lab to test Exchange 2000 SP3 at home, in a lab, I do not see a problem with it. Esp. if you are going to reformat the server when you are done. This is not illegal; because that is what a development, set is used for. Cisco does not have a development program, as far as I am aware. I have a licensed copy of IOS firewall for my 2501, but I am not sure what Cisco policy is for using Firewall IOS for training use (non-production environment). Maybe Cisco could make some IOS that are for training only? Like an IOS development kit. I also thought about this. If someone stole my car, it is gone. However, what if someone made a copy of it, and drove it around? I guess they should pay licensing fees to Pontiac, for all those workers and their families who helped build first car. On the other hand, for the car they did not build, because someone was using a copy of mine. Licenses are very tricky, they have to write everything in the book to cover themselves. (kind of like my health benefits) I am honest, but sometimes is not possible not to break a licensing agreement by accident. I think if you benefit from the product, you should pay. If you steal the boson tests, and pass your CCNP, then that is not right. That being said, no one should throw stones. Everyone is human. However, to directly benefit off someone else's material with no intention to pay, I do not think you should walk with your head up if you did that. If you do not pay in cash, you pay in other ways walking around with a guilty conscience. You are welcome to use this common sense approach on metering your software usage. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50278t=50278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
I have two them on (2) 3550-24s, the fiber ones, and they work fine. CDW tried to say I needed just one. Don't ask! Ha ha. I think you can do 1 GBIC if you chose copper. They seem to be working flawlessly so far. They could have just embedded this 180$ GBICs in the switch. Lets see, 180x2 for the Fiber GBIC, 2x 1500 for the EMI upgrade Hello :) 3500$ later, I can use the switches ;) -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 5:55 PM To: [EMAIL PROTECTED] Subject: Cisco 1000TX GBICs [7:50316] Anyone have experience with the 1000TX GBICs from Cisco? We have used the stacking GBICs and have nothing good to say about them. The TX GBICs are over $100 less (retail). Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50327t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3550 EMI [7:50128]
This may be a newbie question so please forgive. It is my understanding that when you go between VLANS on a subnet, traffic goes in the port to one VLAN, then it goes though the router, then to the other VLAN. I think this is true. If I were to upgrade the Switch to layer 3, would I be able to do routing between VLANS and subnets without a router? Can it work as a router, as a totally independent unit. (meaning upgrading to the EMI (layer 3). Thanks, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50128t=50128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPPOE/ADSL on a PIX [7:50133]
I know 6.2(2) supports PPPoE, but has anyone successfully used it on a PIX 515 or any other model Pix? The documentation says it only is supported on the 506 and 501. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50133t=50133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Technical Writing Books [7:50165]
I am working on my Masters degree in IT, one of the core courses is on technical writing. I got tired of the goose chase and the money to keep up with the certifications, and I know that a degree will be with me forever. Once I prove I can get my M.S., it will not expire. Disclaimer: I do hold a CCNP :) I like the fact that some of these companies I can just walk in the door with 0 experience and show this piece of paper. I have 10 years experience in networking, but that is besides the point. Who knows what the requirements will build up to with the job market like it is. To help you out, here are the two main books for my technical writing class which are required: Communicating Technological Information (2ND 98) * Required* -ISBN:0137612710 - Pattow, Donald 71$ Pocket Guide to Technical Writing (2ND 01) * Required* -ISBN:0130261025 - Pfeiffer, William S. New: $14.00 Available Also my company has a technical writing department, because we are making a product here. So I have some good examples of how to do documentation and other tasks. Sorry to get OT from Cisco Products, I was replying to someone's question about technical writing, and though that maybe the information would be helpful to others. Please contact me directly if you need any help on IT related issues, Technical Writing, Production management. I can answer your questions because I have to do this anyway. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50165t=50165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardware requirement for Cisco CallManager [7:50142]
Yea, I think there is 2 different versions, Compaq and HP. I think you need to pick the version up front. I have Compaq DL380s and DL360s, these are the fastest servers I have ever seen. Esp for the size, 1U, and its great that it comes with insight manager for free. I don't like IBM, I think there products are junk and they can never get a concept off the ground. You wont be sorry if you go with Compaq, most people I talk to who use CallManger say use Compaq hands down. Someone offered me this software, but having Compaq servers in my living room would be a bit too much ;) The DL360 must be certified, because that is what most people use. I couldn't find the info on the site. -Original Message- From: Chris Charlebois [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 2:57 PM To: [EMAIL PROTECTED] Subject: RE: Hardware requirement for Cisco CallManager [7:50142] CallManager 3.1 and higher is certified on Compaq DL320, DL380, and IBM series 340, for sure. I assume that DL360, also, although I have no first-hand knowledge of that, and I beleive some HP server (I think even a Dell). These are just the servers that are supported using the Sperion Installation Utility for the OS. In actualality, you can run an OS patch on any server running W2K Server and then install CallManager itself on top. The manufacturer isn't nearly as important as the performance. That being said, I wouldn't install even a lab CallManager on anything less than P3-700 with 512 memory. Production *should* be over a gigahertz with a GB of memory. And I would recommend installing any other apps on the CallManger server, either. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50173t=50142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Qwest DSL [7:50176]
That's why their stock is selling for less then a candy bar. Is there something special about Quest? Just use the DSL modem, and I believe any ethernet interface will work. -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Qwest DSL [7:50176] Does any know if you can use the WIC-1ADSL module to connect to Qwest's DSL network (business class service)? Ive asked them and they are clueless. Erich Kuehn Sr. IP Engineer Backbone Communications [EMAIL PROTECTED] www.bbcominc.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50181t=50176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 EMI [7:50103]
I think you forgot a zero. Everything thinks you typed 500$ -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:13 PM To: [EMAIL PROTECTED] Subject: Re: 3550 EMI [7:50103] Where can I buy this switch for $500.00 as someone posted this a few days ago?? Thank you. From: Chuck Reply-To: Chuck To: [EMAIL PROTECTED] Subject: Re: 3550 EMI [7:50103] Date: Tue, 30 Jul 2002 14:28:31 GMT just getting into it. 1500 pages of documentation to read :-O They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output of the router ? BGP is expected to be released real soon now, but according to Cisco people I've spoken to, it will not be a full featured release. Limitations as to the number of routes processed and stored, for example ( due to the physical limitations of the switch ) I.e. don't expect to get full BGP routes over your DSL connection. Chuck Symon Thurlow wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone played with the new 3550 EMI switches? They report layer 3 routing etc. Symon _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50188t=50103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Qwest DSL [7:50176]
Yea, they might be dynamic IP, then you would be stuck with running client side DHCP. The reason it is so cheap, as a court order, worldcom and Quest are allowed to keep there internet customers. All ADSL's need a modem as far as I know. -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:42 PM To: [EMAIL PROTECTED] Subject: RE: Qwest DSL [7:50176] There is nothing real special about qwest, this price seems right, and only 19 business days for an install, Do you have any other recommendations? I need to put this into a colo rack and cant spare anymore space for a DSL modem. E -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: Qwest DSL [7:50176] That's why their stock is selling for less then a candy bar. Is there something special about Quest? Just use the DSL modem, and I believe any ethernet interface will work. -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Qwest DSL [7:50176] Does any know if you can use the WIC-1ADSL module to connect to Qwest's DSL network (business class service)? Ive asked them and they are clueless. Erich Kuehn Sr. IP Engineer Backbone Communications [EMAIL PROTECTED] www.bbcominc.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50189t=50176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Just passed support, and completed CCNP [7:48035]
Yea, I didn't like this test, because I had big problems with Cisco wording on this. Like using the wrong names for things, and using combination of words that are not the correct description of things. Not using the official names of troubleshooting technologies. The CIT book terms they use, and the terms on the test are not even the same. I am playing with words to protect myself from violating the NDA. That's just it, it's a catch-22, we cant say what is wrong with the test exactly, so Cisco cant fix it. Happy 4th, Be Safe Brian MCSE,CCNP -Original Message- From: Dan Penn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 03, 2002 1:02 PM To: [EMAIL PROTECTED] Subject: Just passed support, and completed CCNP [7:48035] Well, I just passed support and completed CCNP in one not-so-swift move. Without breaking the NDA I will say many of the questions were VERY nondescript as to what they were asking for. I really believe I passed because I got some lucky guesses on some of the questions. I read MANY of the questions repeatedly without ever finding out what they meant. Dan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48048t=48035 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content Switching [7:47572]
I looked around, there are no books available for this? I don't even see any coming out. A few questions. While doing Load Balancing on a CS11000, if you use Sticky sessions. Say you set a session to stay on one server for 300 seconds. If the server has a failure during that 300 second session, is it then transferred to another server, or is the user just dropped? Also, I was reading about Firewall sandwichining for the CS11000, having 2 content switches I the DMZ and 2 on my inside network. Is it difficult to replicate the data from the DMZ to the inside? Are these ment do this? I don't own one of these yet. We are doing load balancing with some hardware devices that seem to always want me to specify the web servers to point to a gateway (the load balancer interface). This puts some retraints on my design. Also seems to want to use NAT no matter what. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47572t=47572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Slightly OT [7:47142]
Our company purchased some load balancers, they seem to want to use NAT in every configuration. I don't think it's a great idea to run NAT on an intranet (which is what our app is going to be). Can anyone suggest a good load balancer that is good for running on an intranet? Maybe I should be looking at cisco. The device we are using is Coytote Load Balancer, Do you think a web switch would be better? Seems this device is really for dual network design, not an intranet application. I guess I should be looking at cisco content switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47142t=47142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cut though proxy on Pix a Really OT question [7:46887]
Does anyone know if the Cut-though proxy feature on a Pix allows you to save your username and password. Like in a cookie? I would like to use this feature for my web servers on the DMZ, they already use a logon and password. Also, I am not sure how cut-though proxy would work on a load-balancer configuration. The really OT question: Does in the group know if you Chinese windows (any version) has an option of displaying Pin Yin? I am trying to get up to speed on Mandarin, and this would help if I could find something to do this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46887t=46887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: [nsp] DS3 vs. Multiple DSL [7:46915]
Save a lot of money and go with 180 modems at 56k! ADSL is no where near as stable; I don't think they make a device that does combines then 2 ADSL lines. Depends what your doing, this is probably not a good idea. Especially if you doing VPN, or any other kinds of 2 way communications. Cisco has just come out with a new DSL router, but the features for ADSL are still very new. You need a modem for each line, Maybe you could use a switch with layer 3 capabilities to do routing. A lot of times when you get ADSL you don't get an real IP, but a dynamicly assigned IP. Some ISP don't let you use 2 IPs on the same line. DNS is an issue. There are too many reasons to mention not to do this. But a good idea would be to get 1 ADSL line, and test your applications. I have 2 ADSL lines, and personally I would trade them in for a T1 any day of the week. ADSL is good for home users, and for maybe like a development environment. If you try to combine ADSL lines on 1 router, I think your going to come into even more issues. Again, depending on what you're doing at your site. What type of traffic you have, like is it time sensitive etc. Brian -Original Message- From: Hassan, Shehzad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 12:36 PM To: Cisconsp (E-mail) Subject: [nsp] DS3 vs. Multiple DSL Would appreciate if anyone help me understand or point to links (technical/design issues) if someone opts to replace his DS3 with scores of ADSL lines (cost is a major factor, router interfaces etc) Thanks SH Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46915t=46915 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX SQLNET question [7:46918]
I opened a TAC case to ask what the difference was between the SQLNET command and opening a port for Microsoft SQL. Here is what the reply was. The reason there is a SQLNET command is because Oracle traffic is not NAT compliant and Microsoft SQL 2000 traffic is NAT compliant Just figured I would share. Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46918t=46918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IDS on windows 2000 [7:46723]
Hi, I cam across a guide for installing Snort on windows 2000 step-by-step, I will gladly FTP it to you. It's a nice powerpoint presentation. Does the group have an FTP site I could put this presentation on? This is a step-by-step guide for installing Snort on an IIS5/2000 box. If you have 2000, you could install VM ware and run, Linux, XP, Free BSD, .NET server, 2000 Server, Novell, or any other OS you can imagine. Or all of them at the same time. Brian -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 15, 2002 5:49 PM To: [EMAIL PROTECTED] Subject: RE: All this talk about IDS [7:46690] As for #3 all the info you need is at www.snort.org. -Original Message- From: Maximus To: [EMAIL PROTECTED] Sent: 6/15/02 12:16 PM Subject: All this talk about IDS [7:46690] I've decided to take the plunge. 1.Has anyone ever successfully installed Snort on a 2000 box? 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down Winpcap, but I did. 3.Either way I'm just a newbie to Snort(IDS) and can't find a down and dirty guide to get started... Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46723t=46723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SQLNet Command on Pix Firewall [7:46568]
I have a Pix firewall 515UR, I was reading about the SQLNET command, seems like this is for Oracle. What about for Microsoft SQL 2000? Also I am thinking of using Cut though Proxy from inside to DMZ to get to my web server on the DMZ, I am just wondering how this is going to work with my load balancers. I have a Web server cluster, with a virtual IP. I don't think the load balancer will allow me to access the servers directly. Also if anyone has any sample configurations of where SQL 2000 should go in an e-commerce site. I read cisco's site, there is tons of documentation on where you Mail Servers, or DNS servers go. But not much on Database servers. Thanks in advance. Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46568t=46568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3550-24 Question [7:46572]
I have a Catalyst WS-C3550-24 switch with the default IOS 12.1(8) EA1b. I would like to do Layer 3 switching; I think I read that I need to upgrade the IOS. Does anyone know what the cost is to upgrade this switch to have layer-3 capabilities? Thanks Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46572t=46572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550-24 Question [7:46572]
I just checked with CDW, its 1500$ for the upgrade for the SMI to EDI for the 3550. Which brings me to my next question. If I have 2 switches, in a cluster, do I need a license for both. Man, $3000 to do layer 3 switching! -Original Message- From: jeff sicuranza [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 10:42 AM To: [EMAIL PROTECTED] Subject: RE: 3550-24 Question [7:46572] I had the same queston so I opened a TAC case to get an answer. Here is my first response for those interested... *** NOTES LOG 13-JUN-2002 16:26:43 PST, emailcio, Action Type: Action *** Technology(T1): LAN Switching Sub-Technology(T2): Cat3550 Problem Summary(T3): Upgrading Software and Working with Configuration Files Software Version: 12.1 Router Node/Name: Contract: xx Problem Description: We have just purchased a Cisco WS-C3550-24-SMI switch. Can I just go to the CCO Software center and download the following to upgrade my unit from SMI to EMI? c3550-i5q3l2-tar.121-9.EA1c.tar c3550 EMI IOS Image and CMS Files Is the above the download the CD-3550-EMI= product? What is the CD-3550-EMI= and how do I optain it, if required, to upgrade my switch to EMI? Thank you.. Please contact customer via email: [EMAIL PROTECTED] Email: [EMAIL PROTECTED] Phone: 516-796-9607 Urls shown to the user : http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1216ea1/3550sc g/swiosfs.htm http://www.cisco.com/public/sw-center/sw-lan.shtml http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1216ea1/3550sc g/swtrbl.htm *** EMAIL OUT 13-JUN-2002 16:57:09 PST, jerlim, Action Type: Email Out *** Send to: Jeff, Hi my name is TAC GUY and I'm the engineer that is working on your case C806967. I see you are interested in installing the EMI software on your 3550. While you can download it from CCO you may need to contact your SE or our Entitlement group to get approval or purchase the software. The software that you listed in the case notes would be the correct software to install. If you have any questions please do not hesitate to email or phone me. Thanks, TAC GUY *** STATUS CHANGE 13-JUN-2002 16:57:09 PST, jerlim, Action Type: *** I will follow-up with the SE to see what the deal is.. Unless in the meantime does somebody want to try the file I have listed above? Thanks... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46587t=46572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IDS Questions [7:46639]
I read that the 2600 router (or definitely higher model routers) have IDS built in, but if you bought any Pix Firewall it wouldn't have IDS. Am I mistaken on this? So the most people who want IDS who cannot afford / justify (just yet) and IDS box are using Snort? I have a pix 515UR, and if I read correctly, it has the capabilities to interface to an IDS box, but it is not an IDS box itself. Also, if I use Snort as an IDS, will the pix be able to recognize it? Maybe Microsoft will come out with a tool of this nature, which is free (not really free, but included with OS) like some of the built in components in 2000. If I have some misinformation here, I have not read my 1000 page IDS book as of yet, but I am working on MCNS. I found a document that will allow me to install Snort on Windows 2000, that is my current plan for implementing IDS. Can anyone give me the pros and cons of Snort Vs. Cisco IDS system? What other alternatives should I be looking at. My company does not really need an IDS as of yet, but I am doing this just for fun and for learning about security/IDS. Hope my pro-Microsoft attitude is OK in the group. I like working on routers and security, and don't spend a lot of time tweeking around with Operating Systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46639t=46639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: It's Official - CCNP 6xx series [7:45867]
If it's a joke, why do you put CCNP after your name? I didn't think of it as a joke when I took the CCNP. I think it's a good program to learn certain networking concepts. I think there are very important concepts in the CCNP that are important to know for CCIE and for everyday Cisco networking tasks. -Original Message- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 11:20 PM To: [EMAIL PROTECTED] Subject: RE: It's Official - CCNP 6xx series [7:45867] The CCNP exams are a joke they are that easy, and if havent changed for 6xx then I'm really disappointed in Cisco. I guess you know a lot more than the industry that recognized these certs. I must assume that you have your CCIE since the NP was so easy for you. Instead of all crying, just go and sit the exam. Who cares if your registered for 5x or 6x, you honestly thing they are different? I sure as hell hope you aren't a teacher, or a CCSI - you need to rethink your attitude in addressing people, like many of us in this group, that are here to learn (notice you are subscribed to groupSTUDY.com) Bill Creighton CCNP Senior System Engineer iDEN CNRC Packet Data -Original Message- From: Kris Keen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 11:56 PM To: [EMAIL PROTECTED] Subject: Re: It's Official - CCNP 6xx series [7:45867] Instead of all crying, just go and sit the exam. Who cares if your registered for 5x or 6x, you honestly thing they are different? The CCNP exams are a joke they are that easy, and if havent changed for 6xx then I'm really disappointed in Cisco. Is BRI and PRI different in how they are composed? No, do you Cisco will ask you what they are composed of, be it in 5x or 6x ? Yes. Are they different? No. Go and sit the exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46055t=45867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Booo! CSS1 [7:45498]
I am going for the CSS1, I probably could pass it in a short about of time. Instead, I am getting hands on experience with security, and getting all the theory as well. Not just for the CSS1, but for real world security stuff. Security is a journey, not a final destination. I think you need emphasize more on the real world hands on networking. And not how many people passed a test. A CSS1 is not going to be a magic pill, you have to understand how PIX, IDS and serity stuff works in a real world environment, with hands on. You also have to prove this when you get that security job. I think you got your CSS1 for all the wrong reasons. Because a book came out, that bummed you out? You should work that much harder on your security skills, instead of comparing yourself to everyone else. Those of us with true networking skills do not worry about what entry-level people are studying. And some of us even help out the newer people, kind of how other people in this newsgroup/internet probably did for you while you were going for your CSS1. How about specializing in some other newsgroup. Thank you -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 12:50 AM To: [EMAIL PROTECTED] Subject: Booo! CSS1 [7:45498] Man this bums me out. Lammle has a CSS1/CCIP book coming out. Soon everyone will be trying to get this cert and it will become a paper cert. All of my hard work will look like nothing. :-( Man, I need to specialize in something that people just don't want to study. For a few moments in time I had it here in Japan but once this book comes out, even more clones will appear. Soon I can get a CSS1 with my soba and Sushi down at the 7/11. Booo! Theo hmmm forensics.and I already have training scheduled and materials herehum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45547t=45498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIP - who is doing this one? [7:45166]
OK agreed that the CCNP has been made from topics pulled from CCIE. But when the CCNP already exists, to make a similar track to it, that is what doesn't make sense. I don't think the CCIP was necessary; it's only my humble opinion. What about switching? The knowledge that someone gained from the CCNA is good enough for CCIP candidates? If the CCIP and CCIE were in place already, I would have said the same thing about CCNP. But it's the other way around. What's next, take the switching exam from the CCNP, add a few electives and make it another cert? How about troubleshooting CIT? And make it something else? Why not add IS-IS to the CCNA and call it CCIPA. I guess it is apparent that I am not a big fan of this mix-n-match stuff. Especially when it overlaps with an exam that is exactly the same material. This is just my opinion of the CCIP, I realize for some it may be valuable for one reason or another. Comparing the CCIE to the CCNP, yes I agree that the CCIE is harder then the CCNP in both the routing and switching part. There are just more topics in the CCNP and CCNA, and not covered in as much detail as the CCIE is. I wasn't really arguing that. -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 11:29 PM To: [EMAIL PROTECTED] Subject: Re: CCIP - who is doing this one? [7:45166] Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It's like they pulled a few random topics from the CCIE (and CCNP) and made a cert out of it. I don't think many people are buying it. I agree, but that wouldn't make the certification invalid as such. Take CCNP for example. Since CCIE was around first, couldn't it be said that it looks like they took topics (routing, switch, remote access, troubleshooting) and made a cert out of it (CCNP). And that would be a (mostly) true statement. But anyone who has done CCNP and at least the CCIE written can testify that the depth of knowledge of the CCIE can't touch any single CCNP exam. I mean, CCIE written required you to know OSPF/BGP/EIGRP but nowhere (IMHO) near the detail as the CCNP Routing exam. Especially the switching. The CCIE written should challenge anyone's switching knowledge that has passed the BCMSN exam.. Having said that, I think (although I'm not personally pursuing it) that the CCIP, with it's focus on MCAST, QoS, and MPLS, is going to be a much more detailed exam track similar to the way CCNP was compared to CCIE. I think the depth of knowledge on each subject will not be touched by that required for CCNP/CCIE (except the Routing CCNP exam, which as pointed out, is virtually identical to the CCNP routing exam except for IS-IS). I don't think the little bit of Multicast learned in CCNP switching (which is more than required for CCIE written, IMHO) would be adequate to pass the MCAST exam. Etc etc. To summarize, I'm personally not going for CCIP, but I could see how employers in the right environment (i.e. using MPLS, Multicast, etc) might perfer someone with a deeper background in those topics as opposed to a CCNP or even a CCIE.. My 2 cents. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45451t=45166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIP - who is doing this one? [7:45166]
I don't know anyone doing the CCIP, a few reasons. People who pass BCSN are not going to turn around and take the same test again and pay for it (BSCI. I know IS-IS is an extra section. If you are going to take the time to learn IS-IS and MPLS well, just do CCIE. CCIP is too closely related to other certs, and it is not really well known yet. Beside the cert, the material is not unique. Cisco should allow people to get credit for BCSN, and take some of those electives and make them part of the core. If you are doing projects with MCAST+QOS and MPLS, just buy a few books and read about it. I have not seen any demand for people with CCIP, maybe I am not looking in the right place. I am doing the CSS1, it is very clear with what you need to know. All 4 test are useful and clear, they do not cross over with any other tracks, and it prepares you for the CCIE Security. Most of the stuff in this security cert is stuff you should know anyway. The content and cable certs look good to, but CCIP doesn't really have any appeal to me. However, I will give a suggestion. How about requesting another group for the specialization tracks? I don't think anyone will be doing it in 2005 or 2010 unless the track is changed. It needs to be more unique. It's like they pulled a few random topics from the CCIE (and CCNP) and made a cert out of it. I don't think many people are buying it. Brian MCSE, CCNP -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 4:10 PM To: [EMAIL PROTECTED] Subject: Re: CCIP - who is doing this one? [7:45166] Neal Rauhauser 402-301-9555 wrote: I'm back to reading groupstudy after an eighteen month abscence. My CCNP/CCDP certs which I finished 12/2000 and 1/2001 are working wonders career wise, but I am doing a lot of carrier type stuff now and I've lined up projects that pretty much cover the BSCI, MCAST+QoS, and MPLS tests for CCIP - no reason not to get it done if I am going to do the reading anyway. I am curious to know the stats - how many people have completed this cert? I'm sorry to see there are no responses in this thread. Maybe that's a sign we should give up on CCIP study groups for now and wait till there's more interest in it after, say, 2005 or even 2010. :-( -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45394t=45166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DHCP problems [7:44825]
I am having an issue with a 3550-24 Cisco switch and a windows 2000 Network. DHCP is not working correctly, I get sephamore timeouts on a lot of the workstations. I set the port and the servers to 100M Full. Is there anything else I should be looking for? Could there be something preventing DCHP from working right, maybe it is not allowing a broadcast. Maybe it is something simple, I guess this is a newbie question :-) thanks for your help in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44825t=44825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP problems [7:44825]
Yes, the DHCP server is. Portfast is not enabled on any of the devices or servers. It's a simple LAN setup. Yes everything should be on VLAN1 since I didn't change anything \on the switch. Also, everything is on the same subnet. The scope is set, the workstations DO get them eventually. But I get a lot of errors in their event logs, and they have problems logging in sometimes. Something must not be set right. Thanks for your help. Maybe I need to read up on portfast. -Original Message- From: Davis, Scott [ISE/RAC] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 12:02 PM To: Brian Zeitz; '[EMAIL PROTECTED]' Subject: RE: DHCP problems [7:44825] Is your DHCP server connected to this switch and are the workstations in question and the DHCP server on the same subnet/VLAN. If not you need to use ip helper addresses on the L3 device between them. Are any workstations able to get DHCP addresses from the server? Is the DHCP scope active? -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 9:20 AM To: [EMAIL PROTECTED] Subject: DHCP problems [7:44825] I am having an issue with a 3550-24 Cisco switch and a windows 2000 Network. DHCP is not working correctly, I get sephamore timeouts on a lot of the workstations. I set the port and the servers to 100M Full. Is there anything else I should be looking for? Could there be something preventing DCHP from working right, maybe it is not allowing a broadcast. Maybe it is something simple, I guess this is a newbie question :-) thanks for your help in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44859t=44825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A new cert, CCCE [7:44549]
Maybe Cisco discovered there is more to networks then just switching and routing:) Other people may not recognize the certs by name, but they are a great guide to get a diversified skillset. Maybe someone needs to specialize, and learn that for there job, for instance content switching. I have chosen to do the specializations with my CCNP. I use certifications as a guide for my career learning, not really contest, or trying to prove something. And, believe it or not, I am one of those people who would like to have a wide array of skills and CCNP, then just CCIE. I will say that I am planning on going CCIE, but Security instead of RS. -Original Message- From: Eric Rogers [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 3:25 PM To: [EMAIL PROTECTED] Subject: Re: A new cert, CCCE [7:44549] I can just see it now. I have 6 different CCx certs and that's equal to CCIE. -NOT! I mean outside this group and other's like who really knows about these type of certs? Mgr's., HR, Clients - I don't think so... Are they gearing up for a CCIE Voice track I wonder with all this VoIP stuff coming down the pipe and these new jr.cert tracks? Now there's a world of politics onto itself in the enterprise arena. Data group taking over Telco group... :-0 Eric - Original Message - From: MADMAN To: Sent: Monday, May 20, 2002 11:04 AM Subject: A new cert, CCCE [7:44549] This was sent to me by a friend. Though a bit sarcastic it made me pause for a second and realize you could assemble on hell of a sig file with CC preceeding it Dave Pretty soon you are going to need to be a CCCE (Cisco Certified Certification Expert)just to understand what all the different certifications stand for! Dear , Expand your Cisco IP telephony expertise in design, support and operations. Cisco is offering two new Cisco Qualified Specialists focused certifications, the Cisco IP Telephony Design Specialist and the Cisco IP Telephony Operations Specialist. The certifications will be available on May 14, 2002. A Cisco IP Telephony Design Specialist must have a valid CCDA certification, and pass the EVVOD exam 9E0-411 and DQoS exam 9E0-601. This focused certification is based on knowledge and/or course completion of Enterprise Voice over Data Design (EVoDD), and Deploying Quality of Service (DQoS). The Cisco IP Telephony Operations Specialist must have a valid CCNA certification and pass the IPTT 9E0-421 and DQoS exam 9E0-601. This certification is based on knowledge and/or course completion of Troubleshooting, and Deploying Quality of Service (DQoS). The recommended training for the Cisco IP Telephony Design Specialist is the EVoDD course, and the DQoS course, which map to the corresponding same-named exams. The recommended training for the Cisco IP Telephony Operations Specialist is the Troubleshooting course and the DQoS course, which map to the corresponding same- named exams. All courses are available through Cisco Learning Partners and on the Partner E-Learning Connection. Visit http://www.cisco.com/warp/public/10/wwtraining/ecampaign/misc for the latest details or visit the Cisco Learning Locator at http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=I ncSe archForm for a complete schedule of available courses. Both focused certifications are valid for two years. These new focused certifications add to the knowledge of a Cisco IP Telephony Support Specialist. The Cisco IP Telephony Support Specialist provides the solid foundation in Cisco voice and Cisco CallManager technology needed for the new troubleshooting and design focused certifications. Cisco Partner Reminder: To use your Cisco Career Certification or Cisco Qualified Specialist focused certification toward any Cisco Partner Specializations, you must read and accept the terms of the Cisco Career Certifications Agreement. Failure to complete this step prohibits processing of any certifications or specializations applications. Completion of the Cisco IP Telephony Design Specialist certification fulfills the requirements for the system engineer role in the IPT-Revised Partner Specialization. And the Cisco IP Telephony Operations Specialist certification fulfills the requirements for the operations specialist role in the IPT-Revised Partner Specialization. Design, implement, and support a Cisco IP telephony solution today. Visit: http://www.cisco.com/warp/public/10/wwtraining/ecampaign/misc -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44561t=44549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix 515 on ADSL Help! :) [7:44346]
Well, I upgraded my pix 515 to 6.2. I am kind of new to firewalls, besides I can't use the PDM. This version of PDM does not officially support PIX 6.2(1). Please upgrade PDM., I guess this is a good reason to learn the command line in pix. I cant ping theISPs DNS servers from the PDM. Any way to test if my Username and password is working for ADSL ? My ISP (verizon, requires a U/P for PPPoE, I am not sure if it is accepting the password. The modem lights are all green. Anyhow, it's saying UP/UP, and I have the link up, but I am not sure how to check if my PPPOE password is working. I am using CHAP, maybe this is not right. I donno, it looks like its working, but I cant get outside, even if I use the DHCP Server feature. I am also wondering if failover is going to work with ADSL, which is another issue. Keep in mind I am not sure if the 515 will even work with ADSL as someone pointed out, it may not be supported although I am running Pix 6.2(1) My question is how can I test that my PPPoE required Username and password are correct, and I am authenticated. I am now working on getting Debug PPPoE to see maybe if I can find out if this is working. Any pointers would be helpful. mydev# show vpdn username vpdn username vez2bxe password mydev# show vpdn group verz1 vpdn group verz1 request dialout pppoe vpdn group verz1 localname vez2vbxe vpdn group verz1 ppp authentication chap mydev# show vpdn pppinterface PPP virtual interface id = 1 PPP authentication protocol is CHAP Server ip address is 10.10.26.10 Our ip address is 151.22.13.12 Transmitted Pkts: 1096, Received Pkts: 1109, Error Pkts: 0 MPPE key strength is None MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0 MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0 Rcvd_Out_Of_Seq_MPPE_Pkts: 0 mydev(config)# show int e0 interface ethernet0 outside is up, line protocol is up Hardware is i82559 ethernet, address is 0.000. IP address 151.22.13.13, subnet mask 255.255.255.255 MTU 1492 bytes, BW 1 Kbit half duplex 1410 packets input, 84908 bytes, 0 no buffer Received 464 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1305 packets output, 272926 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 1 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/1) software (0/1) vesdev.com(config)# mydev# show vpdn %No active L2TP tunnels %No active PPTP tunnels PPPoE Tunnel and Session Information (Total tunnels=1 sessions=1) Tunnel id 0, 1 active sessions time since change 6015 secs Remote MAC Address 00:00:00:xx 1010 packets sent, 1023 received, 12641 bytes sent, 0 received Remote MAC is 00:00: Session state is SESSION_UP Time since event change 7687 secs, interface outside PPP interface id is 1 1010 packets sent, 1023 received, 12641 bytes sent, 0 received usage: debug pppoe {error|packet|event} Usage: [no] debug icmp trace [no] debug packet [src [netmask ]] [dst [netmask ]] [[proto icmp]|[proto tcp [sport ] [dport ]] |[proto udp [sport ] [dport d_p]] [rx|tx|both] [no] debug sqlnet [no] debug crypto ipsec|isakmp|ca [no] debug dhcpc detail|error|packet [no] debug dhcpd event|packet [no] debug vpdn error|event|packet [no] debug ppp error|io|uauth|chap|upap|negotiation [no] debug pppoe error|packet|event [no] debug ssh [no] debug h323 h225|h245|ras asn|event [no] debug fover [no] debug rtsp [no] debug fixup [no] debug rip [no] debug pdm history [no] debug ssl [cipher|device] [no] debug dns [no] debug sip [no] debug skinny [no] debug access-list [no] debug radius [session|all|user ] [no] debug ntp [adjust|authentication|events|loopfilter|packets|params| select|sync|validity] [no] debug ils [no] debug igmp [no] debug mfwd mydev# mydev# debug pppoe usage: debug pppoe {error|packet|event} Usage: [no] debug icmp trace [no] debug packet [src [netmask ]] [dst [netmask ]] [[proto icmp]|[proto tcp [sport ] [dport ]] |[proto udp [sport ] [dport d_p]] [rx|tx|both] [no] debug sqlnet [no] debug crypto ipsec|isakmp|ca [no] debug dhcpc detail|error|packet [no] debug dhcpd event|packet [no] debug vpdn error|event|packet [no] debug ppp error|io|uauth|chap|upap|negotiation [no] debug pppoe error|packet|event [no] debug ssh [no] debug h323 h225|h245|ras asn|event
Security Books [7:44347]
I have most of the Cisco security books now. MCNS, PIX, VPN, CIDS etc. etc., the one book I don't have is Cisco Secure Internet Security Solutions. Looking though the table of contents, it looks like some of the same stuff from the books I already have. Do you think this book is worth getting if I already have these other security books? This is listed for the reading list for CCIE Security as well. Also I don't see any books for CCIE Security in particular, would it be possible for Cisco to make a library for people perusing this track? Or maybe the books I have for CCNP CSS1 are some of the same books needed for CCIE Security. Any suggestions for a book list for someone who would be attempting a CCIE security written exam? Of course I am also have/doing hands on stuff, and lab work. I know there are some guides from CCbootcamp, i guess that is what most people are using. I was also looking at the Open Cable book, not that I am working on that, just thought it would be neat to learn some things about the TV/Cable industry in my spare time J Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44347t=44347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BeachFrontDirect.com [7:44048]
Beachfront - don't bother, anyone passing the CCNA/CCNP can write a better piece of testing software themselves. Software is buggy, very lame. Make some 3x5 cards, you will be better off. Besides being buggy, they brag about how many questions are in there software. You are kinda buying in bulk here, no quality. You might want that when buying paper towels at a Sam's Club, but not when buying software for your career. STS - Generic test, they are ok. Maybe just buy 1 and see if you like it first. You get what they advertise, but you wont be wowed by them. -Original Message- From: Mike Sweeney [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 3:26 PM To: [EMAIL PROTECTED] Subject: RE: BeachFrontDirect.com [7:44048] When I did my MCSE, I tried it. It had errors and I ended back with Trancenders. Just my opinion MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44099t=44048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuring Pix with EnterNet DSL [7:43302]
Yes, I still have to use the PPPoE password and username. I don't like it, but does that make it more secure? What does it use for security if you don't use PPPOE? Someone is coming in today from corporate, talking about us connecting to their VPN connection. I have no idea what system they are talking about (checkpoint, microsoft?), but it should be interesting over ADSL as well. I know ADSL does not stay up all the time. Maybe I need some keepalives to make this work. I never tried VPN over ADSL. Yea, I actually have 2 ADSL lines, both get dynamic IPs. I use dynu.com to map my IP to may domain name. works well so far. One line is right into a cheapy router, which, on the router I give it the PPPOE name and pass. I use port forwarding on the router, plus a firewall. On the other ADSL line, I have the Pix hooked up. It is not working yet cause its only 6.1(2). I am also getting another Pix 515 at another site which ill have access too. Maybe do some VPN-VPN stuff. I would think 6.2 just ads the VPDN command. I know the 515 is not considered a SOHO, but maybe that's why its not listed. I am going to try it, and find out. When I first started playing with the pix, it had the VPDN command on 6.1(2), but it only had PPTP and some other stuff, but not PPPoE. A couple of questions I wanted to throw at you. If I have 1 IP, say I use PPPOE on the outside interface, and that is my only IP. Say its 172.168.x.x. Then I use on my DMZ card 10.10.1.1, is the Pix doing nat at that point to the DMZ? Or maybe just forwarding? Is the best case scenereo for speed to use the same subnet as your router on the DMZ? Does the pix use Nat from the outside to inside? If I use a router, I would have to do Nat there, then across the pix, nat again, and on my load blancers Nat again. (this might slow stuff down) and I mean if it wasn't on the DMZ. I was also looking up the difference between having a 4 port DMZ card, vs a 1 port. I guess the benefits would be. 4-port, faster, you can make 4 subnets. You can lock down each interface, like only allow HTTP. Better security. Am I missing any? I was also reading how Nat not configured right on a firewall can change the Hash algorithms. I think eventually I will switch to a T1. We bought some load balancers, and I was surprised that they did NAT too. Coyotote Point (really FreeBSD). I think other web switches don't use nat, so now I am wondering if it was better to get a web switch, then this FREEBSD device that does nat. (mind you it was assigned to me, I didn't pick this platform). I went to school for Alteon Web switches a few years ago, they seemed really good. I don't know who is the best now. I am getting up to speed on all this stuff. I am doing the basic pix firewall course now, and reading the book. I also got the brand new Advanced Pix firewall course the 2nd version, just released. Brian Zeitz MCSE, CCNP -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 4:59 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Brian... I'd be interested to hear what your results are... as the documentation for 6.2 says that it only supports PPPoE/DHCP connections on the 501 and 506 models of PIX. If you get it to work on the 515, that would be good to know. Since you changed GSPs, does that mean that you don't have to worry about PPPoE, and you just simply get a Dynamic IP straight off the wire?? Only reason I ask is, I have SWB DSL, and it's the Enhanced service, which simply means I get 5 static IPs assigned to me. The technical difference for my CPE connecting to them, whether it be a Cisco Router or the PIX, is that I don't have to configure the User ID/Password Authentication stuff anymore which was something I had to do with the Basic Service, and it was dependent upon PPPoE. Anyway... let us know how you do! Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im
RE: Pix load balance? [7:42974]
Load balancing is supposed to be done on content switches according to what I am reading. I cannot be done on the firewall withing the site, nor can it be done with different ISPs. Brian Zeitz MCSE, CCNP -Original Message- From: Gaz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 6:58 AM To: [EMAIL PROTECTED] Subject: Re: Pix load balance? [7:42974] What's the reason? I'm not disputing the fact, just wondering what the limitation is. I take it that the limitation is only that it cannot do stateful failover with two active PIXes? Cheers, Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yeah, I asked the same questions last month. They can not. If you really need firewall and Load balancing, FW-1 is the way to go. Theo CSS1, CCNP, CCSE Patrick Sent by: [EMAIL PROTECTED] 05/06/2002 06:28 AM Please respond to Patrick To: [EMAIL PROTECTED] cc: Subject:Re: Pix load balance? [7:42974] No. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you load balance to pix firewalls? Has anyone done this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43501t=42974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS exam material [7:43505]
There is a CBT from Cisco for this exam. Boson also makes a test for it (please no flames) -Original Message- From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: MCNS exam material [7:43505] Hi Guys, I am planning to give my MCNS exam, I have got the Cisco Press MCNS book from Michael Wenstrom. Does anybody know some more material which will be helpful in clearing this exam? Any sort of help will be highly appreciated. Thanks Shoaib __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43509t=43505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix load balance? [7:42974]
Dumb question, does any of these devices use nat? I just read that pix to DMZ interface uses dNat, not sure if that is faster. I was reading my Alteon Web Switch book last night, it says you CAN do nat, but I don't know if layer 4-7 switches actually DO nat normall. If it's a switch, it should be switching right, the translation gets done in layer 4. kinda confused. -Original Message- From: Gragido, William [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 12:09 PM To: Brian Zeitz; [EMAIL PROTECTED] Subject: RE: Pix load balance? [7:42974] The best way to load balance is to use an application layer (layer 4-7) switch. I am not too familiar with Cisco's offering of this technology (sadly), but have worked extensively with Foundry's ServerIrons and they are excellent devices! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Tuesday, May 07, 2002 8:50 AM To: [EMAIL PROTECTED] Subject: RE: Pix load balance? [7:42974] Load balancing is supposed to be done on content switches according to what I am reading. I cannot be done on the firewall withing the site, nor can it be done with different ISPs. Brian Zeitz MCSE, CCNP -Original Message- From: Gaz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 6:58 AM To: [EMAIL PROTECTED] Subject: Re: Pix load balance? [7:42974] What's the reason? I'm not disputing the fact, just wondering what the limitation is. I take it that the limitation is only that it cannot do stateful failover with two active PIXes? Cheers, Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yeah, I asked the same questions last month. They can not. If you really need firewall and Load balancing, FW-1 is the way to go. Theo CSS1, CCNP, CCSE Patrick Sent by: [EMAIL PROTECTED] 05/06/2002 06:28 AM Please respond to Patrick To: [EMAIL PROTECTED] cc: Subject:Re: Pix load balance? [7:42974] No. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you load balance to pix firewalls? Has anyone done this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43528t=42974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT test info [7:43399]
Yea, I would love to talk about what is wrong with this test, but I would be violating the NDA. It's a catch-22. Maybe they will fix the wording in the 600 series. -Original Message- From: NetEng [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: CIT test info [7:43399] took the CIT test today, 79 ?'s with 90 minutes and 69x to pass. not too bad of a test other than than the horrible wording of the questions. (did M$ write this exam for them?) Anyway, I passed and am now among the ranks of ccnp's. CID in a couple of weeks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43401t=43399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuring Pix with EnterNet DSL [7:43302]
I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im going to hook it up to the DSL line. This is just for development. Eventually I will get real cisco routers. Also I had verizon change my ADSL Global Service provider. I was having some routing problems within verizons network. Now I have Qwest, and everything is cool. So ill try the pix with the new GSP. If anyone wants to contact me about ADSL or pIx 515 stuff, feel free. -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Ronnie- I assume you are referring to the fact that your DSL is PPPoE DSL (You have to install the EnterNet DSL software on your computer if you want to access the DSL Gateway and connect to the internet (which also means you use a User Name/Password combination to connect) correct!?! If so, what model PIX do you have? The 501/506 models support PPPoE under 6.2.1. The following link should get you started http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ pixc lnt.htm Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Higginbotham Sent: Saturday, May 04, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Configuring Pix with EnterNet DSL [7:43302] I am new to the Pix setup has anybody configured a PIX with EnterNet DSL setup. Any config help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43403t=43302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 [7:43405]
I started a yahoo group called CSS1 if anyone is interested. Currently it has 1 member, me :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43405t=43405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix questions [7:43241]
I am setting up a Pix 515 Unlimited I got the failover unit. If I want to use the 4-port DMZ card, do I need one for each chassis? What about a 1 Port? If I do need on each, how would you configure a web server to be redundant as well? I know you cant use the Same IP on both cards.. Is there some special software that you need to use to load balance between the DMZ interfaces? Maybe like a virtual IP? Also, what does Pix stand for, is it an Acronym for something? Or just the name of the proprietary embedded OS? Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43241t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To The Experts and Gurus [7:42996]
Knowing what to areas to study for a certification and knowing day-to-day real life scenarios are two different things. A CCIE could just study what is needed for the test, but there is no human being that knows everything about every area of networking, its impossible. Take any 2 people in networking; each will know something the other doesn't. Don't even post that garbage here. That wasn't a joke. If you don't like the list, get off of it. You are trying to antagonize people. If you are not posting helpful information, then just keep your lame post to yourself. You don't know everything so be quiet. Never mind about CCIE, I think ignorant people who post junk like this shouldn't be allowed to post. Thanks to all of your helpful people in the group. This is a great group, and its an invaluable tool to some of us. I really hope we can avoid the sour grapes posts, and direct those people to there own newsgroups. Or we could start a newgroups for them sourgrapes@ciscostudy. Brian Zeitz MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43115t=42996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT exam [7:43100]
CIT was easy, I got a 950 the book is so straight forward (Cisco press). But I think there are some wording mistakes. Routing was the hardest for me because it was my first exam. Switching was interesting to me, so it was not hard, but not easy. Then there was BCRAN. Hmmm. I thought I knew everything they asked, but only walked away with an 890. However, I was in panic mode for the whole exam. The most challenging thing about this exam, was navigating the 30 command list on this 7 monitor on the 8088 they gave me. Then I had difficulty going back and forth to triple check spelling. I am the type to make typos, I make tons of typos. Being the paranoid type of person I am, I was sweating about the time. Most test I get them done very quickly, the you know it, or you don't approach. Computers cost 300$ now, would it kill the testing center to have a few newer PCs. I alone have spent at least 2000$ in this one testing center I go to. They take no pride in the testing center either, trash at the stations, machines not started. Or at a It is now safe to turn of your computer prompt. To make matters worse, the day I was going to take BCRAN, I scheduled it for a Sunday at 7PM so I would have plenty of time before the exam to gather thoughts. They call me at 9am, Hello, could you come in early to take your exam, we would like to go home early tonight, we are closing the testing center early. I had to go in a different time then I was scheduled for the exam. I could have made a lot of trouble for them, but I just came in early and tried not to get upset about it. If I wanted to, I am sure I could get them in a lot of trouble for this, but I am not the type to try to do that. Anyway, after putting the pressure on myself, I finally got the CCNP now. I don't think my employer recognizes what this certification is, but it's one more step in the right direction. My plans are to work on the CSS1, but I am going to spend a lot of time hands on with the 515 we just got in and other actual equipment. I am taking some recovery time after this series. Brian Zeitz MCSE,CCNP -Original Message- From: D. Tharp [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: RE: CIT exam [7:43100] This was the last exam I took to finish the CCNP and I found it easier than I expected. It is helpful to take this exam last because it does have a lot of material learned in preparing for other exams. To give you an example I only got a 780 on the routing exam (which I thought was the hardest) and scored a 931 on the CIT. I just think by the end of my studies I knew much more about the material and had a much greater understanding for it. If you take this exam last, you should have a much better time with it. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43126t=43100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Gigabit GBIC for 3550 [7:42680]
If I wanted to connect 2 Cisco 3550 switches together, would I need 1 Gigabit stacking GBIC or 2? I think I need 2 of them. I am trying to find out exactly what I need to hook together (2) 3350 (24 port) with 2 GIG ports. The part number im looking at is CIS-WS-X3500-XL, is this all I would need? Any help would be appreciated... Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42680t=42680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MCNS exam [7:42432]
Can anyone tell me the best way to prepare for this exam? I think ill just get the 1000 page Cisco book, and the boson exams. Any guidance would be appreciated, am I on the right track? I don't think there are too many choices for study material for this exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42432t=42432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Another CCNP [7:42248]
Congratulation, man I only got a 946 on the CIT! I am getting ready to take BCRAN then I will join you. After that CSS1, and my Masters Degree simultaneously :) -Original Message- From: Michalis Palis [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 2:49 PM To: [EMAIL PROTECTED] Subject: Another CCNP [7:42248] Hello all. I pass CIT today with the amazing score of 965/1000 and become a CCNP. Thank you all for your help.. __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42255t=42248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Stupid Question time [7:41465]
I have an un-bias opinion. For some of us who have already done a few exams, Boson is the only choice. Do you have test software for PIX, VPN, CVOICE etc.? I don't really use boson, I use books. But for CSS1, I might need to use them, just to get an idea if I have any weak spots. There is no 1 source for any exam. I have heard the term, you get what you pay for. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: RE: Stupid Question time [7:41465] Everybody else is bad except Network Learning, because you work for Network Learning and have written materials for CCXX productions? This is what I call an unbiased, honest opinion!! A Strobel Quoting Kaminski, Shawn G : CCxx Productions, and soon, Network Learning. Disclaimer: I have written materials for CCxx Productions and am working on stuff for Network Learning -Original Message- From: Michael L. Williams [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 8:18 AM To: [EMAIL PROTECTED] Subject:Re: Stupid Question time [7:41465] Name one alternative that's cheaper AND offers the flexibility, options (like toggling the score meter, showing answers ONLY when you're wrong WITH references to published explanations of the answers), and quality (not so say I've never seen a wrong answer on a Boson exam, but way better than the quality of a Brainbuzz cramsheet, etc). I don't mean my above comment in a smart ass way, because I'd really be interested in an alternative, but to simply pop into the group and make such statements without even a single URL or name of what you consider much better and less expensive doesn't lend much credibility to what you say. Mike W. Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What the hell, get them all. In fact, buy two sets since money seems to be no object to any of you. :-) I still can't understand all the hype over Boson when there are much better and less expensive alternatives out there. Hell, I've even written materials for Boson/Quizware but still feel that everyone could pass their exams using less expensive methods. Just my opinion because this forum is for helping people out. So look around a little before rushing out to buy the almighty overpriced Boson. Sorry, just a little grumpy this morning. I think I just realized how underpaid I really am! Just thankful to have a job right now, though! Shawn K. -_-_-_ Mail3000 gives you 30 Megs of Email space free -_-_- This mail sent through http://mail3000.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41649t=41465 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: packet size [7:41079]
OK, maybe not token ring, your right. I just read it about Ethernet in a few different places. Don't take my word for things, I am just a humble CCNA :) Very soon to be CCNP, taking CIT soon. I found this information on a few sites on the internet, not RFCs. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 8:17 PM To: [EMAIL PROTECTED] Subject: RE: packet size [7:41079] At 06:00 PM 4/10/02, Brian Zeitz wrote: Well, maybe the reason why its 64 bytes, is because of CSMA/CD parameters call for 64 bytes. Would this make sense? No, it doesn't really make sense if you think in layers. ;-) And in fact, I'm sure I've seen a smaller IP packet than 64 bytes on Token Ring. What makes you think the minimum IP packet is 64 bytes? I haven't seen this in RFCs, but maybe you found such a thing. Now what about CRC? Is that extra bits, or is CRC part of CSMA/CD. The CRC is extra bits. It is not related to CSMA/CD, although a frame damaged by a collision will have a CRC error. I am asking a lot of questions today :O Looking at some of this, I am surpised how little Doyles Vol 1 and 2 TCP/IP mention this stuff. It's layering. TCP/IP doesn't care about CSMA/CD. CSMA/CD is handled by the data-link layer. Maybe its more for the CCIE outline. It is indeed. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 5:18 PM To: [EMAIL PROTECTED] Subject: RE: packet size [7:41079] The minimum size for an Ethernet frame is 64 bytes. This includes the Ethernet header and FCS, but not the preamble or inter-frame gap. The minimum Ethernet frame size has to do with the ability of a sender to recognize a collision reflecting back from the other side of a maximum-sized Ethernet segment, while still sending the frame. The minimum size for Token Ring is 18 bytes, if I recall. This includes the header and FCS, but not the starting or ending delimiter or the frame status byte. I didn't know IP had a minimum, although RFC 791 does say that Every internet destination must be able to receive a datagram of 576 octets either in one piece or in fragments to be reassembled. Priscilla At 04:05 PM 4/10/02, Larry Letterman wrote: 64 bytes ... Priscilla is this correct... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Wednesday, April 10, 2002 12:32 PM To: [EMAIL PROTECTED] Subject: packet size [7:41079] Oops I found the answer, I thought it was over 500, cause I was looking at IPV6 specs. Minimum Packet Size According to Ethernet specifications, the size of a packet should be between 64 Bytes and 1518 Bytes. Therefore, the minimum packet size is 64 Bytes. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41179t=41079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: packet size [7:41079]
I found a cheet sheet on cisco's site. Heh. http://www.cisco.com/warp/public/105/encheat.html -Original Message- From: Kevin Cullimore [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 6:52 PM To: [EMAIL PROTECTED] Subject: Re: packet size [7:41079] I had always thought that 576 was referring to the minimium value for the maximium packet size, due to the predominant layer 2 technologies in use at the time. Does anyone know differently? - Original Message - From: Priscilla Oppenheimer To: Sent: Wednesday, April 10, 2002 5:17 PM Subject: RE: packet size [7:41079] I didn't know IP had a minimum, although RFC 791 does say that Every internet destination must be able to receive a datagram of 576 octets either in one piece or in fragments to be reassembled. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41182t=41079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: packet size [7:41079]
Your right Priscilla :) Yea, your also right about the different layers, because at layer 3, you could have 0. I found that 802.5 has no min packet size IEEE 802.3 networks have a minimum packet size that depends on the transmission rate. For type 10BASE5 802.3 networks the minimum packet size is 64 octets IEEE 802.4 networks have no minimum packet size. IEEE 802.4 networks have a maximum packet size of 8191 octets including all octets between the frame control and the FCS inclusive http://www.freesoft.org/CIE/RFC/1042/10.htm -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 8:17 PM To: [EMAIL PROTECTED] Subject: RE: packet size [7:41079] At 06:00 PM 4/10/02, Brian Zeitz wrote: Well, maybe the reason why its 64 bytes, is because of CSMA/CD parameters call for 64 bytes. Would this make sense? No, it doesn't really make sense if you think in layers. ;-) And in fact, I'm sure I've seen a smaller IP packet than 64 bytes on Token Ring. What makes you think the minimum IP packet is 64 bytes? I haven't seen this in RFCs, but maybe you found such a thing. Now what about CRC? Is that extra bits, or is CRC part of CSMA/CD. The CRC is extra bits. It is not related to CSMA/CD, although a frame damaged by a collision will have a CRC error. I am asking a lot of questions today :O Looking at some of this, I am surpised how little Doyles Vol 1 and 2 TCP/IP mention this stuff. It's layering. TCP/IP doesn't care about CSMA/CD. CSMA/CD is handled by the data-link layer. Maybe its more for the CCIE outline. It is indeed. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 5:18 PM To: [EMAIL PROTECTED] Subject: RE: packet size [7:41079] The minimum size for an Ethernet frame is 64 bytes. This includes the Ethernet header and FCS, but not the preamble or inter-frame gap. The minimum Ethernet frame size has to do with the ability of a sender to recognize a collision reflecting back from the other side of a maximum-sized Ethernet segment, while still sending the frame. The minimum size for Token Ring is 18 bytes, if I recall. This includes the header and FCS, but not the starting or ending delimiter or the frame status byte. I didn't know IP had a minimum, although RFC 791 does say that Every internet destination must be able to receive a datagram of 576 octets either in one piece or in fragments to be reassembled. Priscilla At 04:05 PM 4/10/02, Larry Letterman wrote: 64 bytes ... Priscilla is this correct... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Wednesday, April 10, 2002 12:32 PM To: [EMAIL PROTECTED] Subject: packet size [7:41079] Oops I found the answer, I thought it was over 500, cause I was looking at IPV6 specs. Minimum Packet Size According to Ethernet specifications, the size of a packet should be between 64 Bytes and 1518 Bytes. Therefore, the minimum packet size is 64 Bytes. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41183t=41079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: About IOS question [7:41031]
Dumb question but, You are talking about a router IOS? Or maybe you want to know if PPPoE works on Pix? I know pix supports it in like 6.2. For Routers, of course you have to have the correct interface, and I believe they sell special IOS versions just for ADSL. Any idea on what model router? If it's a 12,000 I don't think they have it ;) Also if you looking to make a firewall with PPPoE, don't plan on using a dynamic IP. I have found in my experience using DHCP on an interface with a firewall is like mixing fire and ice. If you have DCHP use a normal router with client side DCHP, and then use the other interface to bind your packet filters to. -Original Message- From: Ricky Chan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 9:46 AM To: [EMAIL PROTECTED] Subject: About IOS question [7:41031] Hi, Does anyone know which IOS version can support PPPoE + NAT + Firewall function. Please let me know. Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41185t=41031 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]