Hardening Ports? [7:40852]
Hello, all :-) I was hoping one (or many) of you could help me with a question I have: how do I lock-down ports on a server? I know how to lock them down on firewalls and routers, but how to do it on a server is my question. I know it's a general question but any assistance would be most appreciated. Truly, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40852&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Thank you, Sam. Your instructions were clear and simple to follow. I was refering to a Windows system. I gave it a try and already idenitified open ports (which I also learned from using WS PingPro). I will now attempt to close/end some services. Thanks again. Charlie ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Which operating systems? > > On windows the most common way to to disable services from the control > panel. Do a netstat -an to see which ports are open. Then you can shutdown > services that have those ports open. > > On UNIX/LINUX you can do the same netstat -an. Most of the services can be > disabled in inetd.conf or xinted.conf. Just comment them out and restart > inetd daemon. Also services are started from startup scripts which are in > different locations on different versions of UNIX and Linux. > > ""Charlie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, all :-) > > > > I was hoping one (or many) of you could help me with a question I have: > how > > do I lock-down ports on a server? I know how to lock them down on > firewalls > > and routers, but how to do it on a server is my question. I know it's a > > general question but any assistance would be most appreciated. > > > > Truly, > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40855&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Patrick -
I was refering to TCP/IP ports. Thanks for your reply. Sam's message came
in very handy and answered my question as well. Thanks again.
Charlie
""Patrick Ramsey"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> do you men ethernet ports or tcpip ports?
>
> Ethernet ports are done in the driver autonegotiate/speed/duplex settings
>
> locking down tcpip ports is entirely different. TCPwrappers will wrap
> daemons and applications under *nix... not so sure there is an equivalent
> for microsoft or novellTCPWrappers just handles the negotiation really
> between the client and daemon.
>
> -Patrick
>
> >>> Charlie 04/08/02 03:50PM >>>
> Hello, all :-)
>
> I was hoping one (or many) of you could help me with a question I have:
how
> do I lock-down ports on a server? I know how to lock them down on
firewalls
> and routers, but how to do it on a server is my question. I know it's a
> general question but any assistance would be most appreciated.
>
> Truly,
> Charlie
> >>>>>>>>>>>>> Confidentiality DisclaimerThis email and any files
transmitted with it may contain confidential and
> /or proprietary information in the possession of WellStar Health System,
> Inc. ("WellStar") and is intended only for the individual or entity to
whom
> addressed. This email may contain information that is held to be
> privileged, confidential and exempt from disclosure under applicable law.
If
> the reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized access, dissemination, distribution or
> copying of any information from this email is strictly prohibited, and may
> subject you to criminal and/or civil liability. If you have received this
> email in error, please notify the sender by reply email and then delete
this
> email and its attachments from your computer. Thank you.
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40858&t=40852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Dude!!! Thanks for the info. TCP/IP Filtering is EXACTLY what I was looking for. Thanks a whole lot. Charlie ""Chee Kin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can also try using the IP Filtering feature from Windows NT/2000. It > should be under the advanced configuration for TCP/IP. > > cheekin > > - Original Message - > From: "Charlie" > To: > Sent: Tuesday, April 09, 2002 4:40 AM > Subject: Re: Hardening Ports? [7:40852] > > > > Thank you, Sam. Your instructions were clear and simple to follow. I was > > refering to a Windows system. I gave it a try and already idenitified > open > > ports (which I also learned from using WS PingPro). I will now attempt to > > close/end some services. Thanks again. > > > > Charlie > > > > ""sam sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Which operating systems? > > > > > > On windows the most common way to to disable services from the control > > > panel. Do a netstat -an to see which ports are open. Then you can > shutdown > > > services that have those ports open. > > > > > > On UNIX/LINUX you can do the same netstat -an. Most of the services can > be > > > disabled in inetd.conf or xinted.conf. Just comment them out and restart > > > inetd daemon. Also services are started from startup scripts which are > in > > > different locations on different versions of UNIX and Linux. > > > > > > ""Charlie"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hello, all :-) > > > > > > > > I was hoping one (or many) of you could help me with a question I > have: > > > how > > > > do I lock-down ports on a server? I know how to lock them down on > > > firewalls > > > > and routers, but how to do it on a server is my question. I know it's > a > > > > general question but any assistance would be most appreciated. > > > > > > > > Truly, > > > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40927&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40929&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router telnet access.. [7:57574]
I cannot see the 172.24.1.0 0.0.0.255 in your ACL. It seems to be missing !! ""Stephano Mwendo"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hallo guys, > > I have applied the following access list 3 for the line vty 0 4 in order to > limit telnet access to the router for internal PCs; > > (config)#access-list 3 permit 172.17.1.0 0.0.0.3 > > (config)#access-list 3 permit 172.19.1.0 0.0.0.255 > > (config)#access-list 3 permit 172.21.1.0 0.0.0.255 > > (config)#access-list 3 permit 172.23.1.0 0.0.0.255 > > (config)#access-list 3 permit 172.25.1.0 0.0.0.3 > > (config)#access-list 3 deny any > > (config)#line vty 0 4 > > (config-line)#access-class 3 in > > (config-line)#transport input telnet > > > > the problem is that I am still having networks at 172.24.1.0 telneting the > router! > > Can someone help please, > > Thanks in advance. > > > > > > > > - > Do you Yahoo!? > Yahoo! Web Hosting - Let the expert host your site Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57704&t=57574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Question... [7:58200]
""Jeff Specoli"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone know how to advertise a default route (without using static routes) > to only one OSPF router. e.g. > > You have > > RTRA > |AREA0 > | > |AREA0 > RTRB > |AREA1 > | > |AREA1 > RTRC > > > On RTRB you want to advertise a default route to RTC C and only RTC C > without using static routes... > > Thanks... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58223&t=58200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Question... [7:58200]
On the originating router: router ospf 1 default-information originate always On the routers which don't accept the advertissement: router ospf 1 distribute-list 10 in access-list 10 deny 0.0.0.0 0.0.0.0 access-list 10 permit any ""Jeff Specoli"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone know how to advertise a default route (without using static routes) > to only one OSPF router. e.g. > > You have > > RTRA > |AREA0 > | > |AREA0 > RTRB > |AREA1 > | > |AREA1 > RTRC > > > On RTRB you want to advertise a default route to RTC C and only RTC C > without using static routes... > > Thanks... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58224&t=58200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access lists + static routing [7:58543]
n_guide_chapter09186a00800d9816.html This would be helpfull. I found it by searching the key words "configurring access lists". ""Geert Loonbeek"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello > I'm looking for a good and free of charge study guide on access lists/ > static routing. I'd like to take the 640-607 cisco CCNA exam. > > Is there anybody who has some info on these topics. > > Thanks > > Geert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58549&t=58543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: access lists + static routing [7:58543]
Thanks, I understand now! Here it is: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuratio n_guide_chapter09186a00800d9816.html ""B.J. Wilson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys, a reminder: you cannot begin a post to the mail list with an URL. > Type a line of text first, then paste the URL. The filters are designed to > look for an URL at the top of the post, to filter out spam. > > BJ > > > ---Original Message--- > From: Charlie > Sent: 12/04/02 10:24 AM > To: [EMAIL PROTECTED] > Subject: Re: access lists + static routing [7:58543] > > > n_guide_chapter09186a00800d9816.html > > This would be helpfull. I found it by searching the key words "configurring > access lists". > > > ""Geert Loonbeek"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello > > I'm looking for a good and free of charge study guide on access lists/ > > static routing. I'd like to take the 640-607 cisco CCNA exam. > > > > Is there anybody who has some info on these topics. > > > > Thanks > > > > Geert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58553&t=58543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BR0:1 DDR: No callback negotiated [7:59277]
Hi, Take a look at this: Configuring ISDN Caller ID Callback http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuratio n_guide_chapter09186a0080087218.html#xtocid91368 ""John Tafasi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have two isdn routers r2 (callback client) and r5 (callback server). > without callback configuration r2 will connect to r5 successfully. With the > callback configuration added, r5 will disconnect the call and will not > callback r2. Can some one figure out what is wrong with my configuration? I > have included configuration of both routers and the result of debug dialer > on r5. It seems to me that r2 is not negotiating callback. > > R5-2503#show debug > Dial on demand: > Dial on demand events debugging is on > R5-2503# > 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up > R5-2503# > Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated > Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call > 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, > call lasted 2 seconds > 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down > R5-2503# > Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call > R5-2503# > 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up > R5-2503# > Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated > Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call > 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, > call lasted 4 seconds > 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down > R5-2503# > Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call > > > R5-2503#show run > > hostname r5-2503 > ! > interface BRI0 > ip address 10.10.10.2 255.255.255.0 > ip access-group 101 in > encapsulation ppp > dialer callback-secure > dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 > dialer-group 1 > isdn switch-type basic-ni > isdn spid1 0835866201 > isdn spid2 0835866401 > cdapi buffers regular 0 > cdapi buffers raw 0 > cdapi buffers large 0 > ppp callback accept > ppp authentication chap > ppp chap hostname r5 > ppp multilink > ! > ! > map-class dialer eng > dialer callback-server username > - > > hostname r2-2516 > ! > interface Dialer1 > ip address 10.10.10.1 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer remote-name r5 > dialer string 8358662 > dialer pool 1 > dialer-group 1 > ntp broadcast > pulse-time 0 > ppp callback request > ppp chap hostname r2 > ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59286&t=59277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
--- John Nemeth <[EMAIL PROTECTED]> wrote: > On Jul 6, > I wouldn't be so quick to say that. A lot of companies > want/need > the best, i.e. Cisco gear, but their budgets are somewhat tight. > Cisco > support is generally considered to be very good. But, one of the > complaints I frequently hear is the cost of it, as well as the > equipment. However, the latter problem has much improved. New > equipment is considered to be capital expenditure and is much > easier to > handle then yearly on-going expenses. This is obviously an opinionated subject but, in mine, the reason Cisco equipment is relatively expensive is not necessarily because of it's performance. The strongest argument for Cisco kit in any bid I've seen is the level of support (i.e. the TAC). There are plently of other vendors who have equivalent products that are widely regarded as faster, more stable and cheaper than Cisco kit but when the chips (and your network) are down, try getting someone at Lucent/Juniper/Foundry to pick up your case within a few minutes and be on the phone to you and connected to your equipment to troubleshoot until that problem is fixed. In short, if you have Cisco kit, get a contract! It's worth every penny. --- John Nemeth <[EMAIL PROTECTED]> wrote: > On Jul 6, 12:09pm, "Howard C. Berkowitz" wrote: > } > } To be honest, I hate to see product bashing on this list. I > cringe > } when I see people starting out with "I have this bug in my > production > } network." My first reaction is "and what did the TAC say about > it?" > } > } If the response is "I don't have a support contract," my > response is > } "then you deserve the problems you have." It's one thing for > someone > } not to buy support for a home lab, but anyone (except possibly > } high-level resellers) who doesn't is a fool. > > I wouldn't be so quick to say that. A lot of companies > want/need > the best, i.e. Cisco gear, but their budgets are somewhat tight. > Cisco > support is generally considered to be very good. But, one of the > complaints I frequently hear is the cost of it, as well as the > equipment. However, the latter problem has much improved. New > equipment is considered to be capital expenditure and is much > easier to > handle then yearly on-going expenses. > > } Perhaps I'm in a bad mood today about negativism, if that isn't > } circular logic. It's far too easy to slam anonymously on this > and > > I don't think so; although, it might be recursive. > > }-- End of excerpt from "Howard C. Berkowitz" > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PLEASE HELP !!! Automatic dialing (Second Chance)
The only way to do it would be to configure dialer-watch to monitor a network that does not exist. The only problem is that the link will never go down afterwards and you'll have a very expensive leased-line.. I think an important question here is "why?", or "what is the problem you are trying to solve?" (I think I've heard that somewhere before) --- Timothy Metz <[EMAIL PROTECTED]> wrote: > I haven't worked with the 800 but here are a few things that can > cause > unwanted dialing: > > dns lookups > routing table updates > ntp time sync > > Anyone know if the 800 supports NTP?? That or routing updates would > be your > best bet to get it to dial after a power failure/cycle > > Tim > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > > Amnesia > > Sent: Wednesday, February 28, 2001 9:54 AM > > To: [EMAIL PROTECTED] > > Subject: PLEASE HELP !!! Automatic dialing (Second Chance) > > > > > > > > PLEASE HELP > > > > > > Hi all !!! > > > > Has somebody configured a Cisco 800 series > > in order to make an "automatic-dial" when the > > router has booted up??? > > > > It must be done without external help as Internet > > browsers asking for webpages, mail clients asking > > for new mail, etc. I wanna know if it possible to make it > > work as soon as possible. I haven't found anything > > related to this in cisco web-documentation. > > > > Anybody can help me ! > > > > Thank you very much in advance. > > > > Miguel Angel Romero Arcas > > Dpto. Técnica de Sistemas > > CESSER Informática y Organización, S.L. > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PLEASE HELP !!! Automatic dialing (Second Chance)
As long as you don't mind the ISDN link being active at all times then you can configure dialer-watch to monitor a network that does not exist. Be careful which IOS you are using, dialer-watch is broken up until 12.1(2). The dialer-watch config looks like this ! dialer watch-list 1 ip 10.255.255.0 255.255.255.0 ! interface dialer1 dialer watch-group 1 ! Just make sure that your router can never see the 10.255.255.0 network. Cheers! --- Amnesia <[EMAIL PROTECTED]> wrote: > > > The problem is that a have customer who wants > the router makes automatic connect to Internet > without sending to the router any packets, Internet > browsing, getting e-mail, etc. > > He has a web server in his office and don't have > a leased line (I suppose the permanent isdn link > it's named so in America) but a isdn link subscribed > with the telecom operator for a plane price, not for > conection time, only a total amount for the whole month, > nothing more, so he wants the link always be up and ready > for receving http petitions from his own clients. > > I hope you were able to understand me what I'm trying > to explain and I'm sorry for my (Spanish) English. > > TIA, best regards. > > Miguel Angel Romero Arcas > Dpto. Técnica de Sistemas > CESSER Informática y Organización, S.L. > > - Mensaje original - > De: "Charlie Hartwell" <[EMAIL PROTECTED]> > Para: "Timothy Metz" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Enviado: miércoles, 28 de febrero de 2001 11:45 > Asunto: RE: PLEASE HELP !!! Automatic dialing (Second Chance) > > > The only way to do it would be to configure dialer-watch to monitor > a network that does not exist. The only problem is that the link > will > never go down afterwards and you'll have a very expensive > leased-line.. > > I think an important question here is "why?", or "what is the > problem you are trying to solve?" (I think I've heard that > somewhere > before) > > --- Timothy Metz <[EMAIL PROTECTED]> wrote: > I haven't worked with > the 800 but here are a few things that can > > cause > > unwanted dialing: > > > > dns lookups > > routing table updates > > ntp time sync > > > > Anyone know if the 800 supports NTP?? That or routing updates > would > > be your > > best bet to get it to dial after a power failure/cycle > > > > Tim > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of > > > Amnesia > > > Sent: Wednesday, February 28, 2001 9:54 AM > > > To: [EMAIL PROTECTED] > > > Subject: PLEASE HELP !!! Automatic dialing (Second Chance) > > > > > > > > > > > > PLEASE HELP > > > > > > > > > Hi all !!! > > > > > > Has somebody configured a Cisco 800 series > > > in order to make an "automatic-dial" when the > > > router has booted up??? > > > > > > It must be done without external help as Internet > > > browsers asking for webpages, mail clients asking > > > for new mail, etc. I wanna know if it possible to make it > > > work as soon as possible. I haven't found anything > > > related to this in cisco web-documentation. > > > > > > Anybody can help me ! > > > > > > Thank you very much in advance. > > > > > > Miguel Angel Romero Arcas > > > Dpto. Técnica de Sistemas > > > CESSER Informática y Organización, S.L. > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Callback btw router and win
OK, you've got a nice combination of ppp-callback, ms-callback, and ISDN (CLI) callback all combined in that config. You need to just have ms-callback so remove the "class test" stuff from the dialer sting and also the "dialer caller 123 callback" line, then change the "dialer remote-name" to "test". That ought to do it. If you change the username section to "username test callback-dialstring "" password x" the remote client will be prompted for a callback number. Good luck! Charlie --- Tomaz Klemencic <[EMAIL PROTECTED]> wrote: > Hi all ! > > I am trying to connect win2000 station to cisco 2600 and to use > callback. I > get connected, authenticated and > callback doesn`t happen. Station stays connected as if there was no > callback > configured on the router. If I remove dialer callback-secure > command from > dialer interface, call gets rejected and the "number of incoming > call > rejected for callback" under sh dial are incremented. Does anybody > have any > sugestions or maybe working config for this situation ? Here is my > config: > > username test callback-dialstring 123 password xxx > ip subnet-zero > isdn switch-type basic-net3 > ! > nterface BRI1/1 > no ip address > no ip directed-broadcast > encapsulation ppp > dialer pool-member 2 > isdn switch-type basic-net3 > ppp authentication ms-chap chap > ! > interface Dialer3 > ip unnumbered Loopback1 > no ip directed-broadcast > ip nat inside > encapsulation ppp > dialer remote-name dostop > dialer idle-timeout 100 > dialer callback-secure > dialer string 123 class test > dialer caller 123 callback > dialer pool 2 > dialer-group 1 > peer default ip address pool dostop > ppp callback accept > ppp authentication ms-chap chap > ! > ip local pool dostop 192.168.31.1 192.168.31.2 > ! > map-class dialer test > dialer callback-server username > dialer-list 1 protocol ip permit > > - > Tomaz Klemencic > Hermes Plus, d.d., PE Celje > Kersnikova 19, 3000 Celje > +386-3-4284022 > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want my Money! - Cisco Certs Becoming Paper CCXX
Oh man! These ruined dotcom CEO's are even in here scrabbling for change. --- Allen May <[EMAIL PROTECTED]> wrote: > I'm still ready to stop this thread and cash in on all the 2 cents > thrown > in. > ;) > > Allen > - Original Message - > From: "Robert Padjen" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, March 20, 2001 10:55 AM > Subject: RE: Cisco Certs Becoming Paper CCXX > > > > I believe that there are two distinctions that should > > be made - and that you may disagree with. At least for > > the bachelors degree, the experience is just that - > > well beyond the actual academics. In addition, the > > focus of the GE portion of the program is to diversify > > - humanities, science, language, amongst others. This > > is one of the limitations to the Cisco (and other) > > certifications as the certifications present a myopic > > view. > > > > The second distinction is that I would contend neither > > represents more than the sum of its components, and > > that value is perceived. For example, if I graduated > > Stanford with a 2.1 GPA, as opposed to San Diego State > > with a 4.0, which school would be a better hire? Few > > resumes I see have the GPA, and, regardless, a lot of > > folks use the name... > > > > > > --- [EMAIL PROTECTED] wrote: > > > This issue is turning thisgs upside down from point > > > of view. > > > > > > I would like to tell you my opinion. If CCNA, NP, > > > DA, DP and IE written > > > are not worth then your Bachelors and Graduate > > > studies worth the same. Just > > > papers. > > > > > > I learn to configure a cisco router before knowing > > > all the cisco stuff. > > > I have a CCDA, CCNP and going for the complete set > > > CCDA, CCNP and CCIE complete. > > > > > > I knew frame relay,atm, sna, dlsw, sdlc, ppp, ipx, > > > switching, etc before > > > taking any cisco course. I took all cisco traning > > > path version 11.2 and > > > just recently obtain my degrees and working for the > > > big one. > > > > > > What will be your opinion Do I know something or I > > > am just papers? > > > > > > You sould be carefull on your opinion about this > > > things, all the knowledge > > > since a long time ago has been paper, No one has > > > achieve glory after years > > > of practice and experience. > > > > > > I was thinking that you are trying to do the same > > > that the shareowners are > > > doing with the internet economy, you are devaluating > > > the value of the Certifications, > > > why don't you do the same with the college and and > > > graduate degrees, they > > > are very similar just studying and passing examns > > > not real life thing until > > > you pass all the levels (semesters and big exam > > > thesis). > > > > > > Giga Internetworking > > > > > > Fer Saldana > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > > = > > Robert Padjen > > > > __ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCMSN - exam question
I'm not sure if you have been on the BCMSN course (I hope you have if you have a copy of the notes!) but that was certainly sufficient for me. Of all of the CCNP exams, the BCMSN fitted the course notes the best. It's difficult when people ask questions like this because we don't know how much experience they have, you could have been designing and installing Catalyst based LAN solutions for years. Cheers Charlie --- ciscosis <[EMAIL PROTECTED]> wrote: > my appologies if this has been asked before i couldn't find > precisely = > what I wanted to know in the Archives > > > Question:- > > Are the course notes sufficient to pass the (640-504) switching > exam.=20 > could anyone recomend additional reading if they are not? =20 > > TIA=20 > > > > > Ciscosis - A severe mental disorder, with or without organic > damage, = > characterized by derangement of personality and loss of contact > with = > reality and causing deterioration of normal social functioning. > Known to = > be caused by too much cisco study=20 > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Good IOS images
OK, I think the words "it depends" were written specifically for this question. When you go to the Cisco IOS planner page look for images with the letters "GD" after them. This means General Deployment and you'll find a lot of ISP's and large corporates use these because they are considered stable. Around the 12.0(13) or 11.2(22) releases should be GD (I can't remember exactly). On the other hand, if you are just using this for a bit of practise at home then get the very newest image that your memory can handle (12.2(1) should be out now) so you can play with all of the latest shiny, spinny features that won't work properly yet. Cheers Charlie --- "Belt, Louie" <[EMAIL PROTECTED]> wrote: > > Louie > > -Original Message- > From: Roberts, Timothy > To: '[EMAIL PROTECTED]' > Sent: 3/20/01 1:15 PM > Subject: Good IOS images > > > What is a goof IOS image in the 11.3 class and the 12.0 class for > the > 2501 > series? > Thanks > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: about the LED status
As long as that link is OK the LED will stay on. Now, a quiet word about the NDA When you take these tests Cisco get a bit upset if you go around repeating the questions - and so do people who already have CCNP. You clicked an "accept" button before the test started that had in the small-print "you will not disclose any of the test material to anybodyever". I know, I know, nobody EVER reads that stuff but still. Say, if you had asked "I was wondering what the LED status would be in this situation" that would be OK(ish) ;-) Cheers Charlie --- gary <[EMAIL PROTECTED]> wrote: > hi guys: > > i did the BCMSN test today,it is more diffcult than i think.i meet > a question: > the catalyst 5500 connect catalyst 2924 with UTP line. the LED > light will be on always > on both side. or catalyst 5k LED light will be off after 20 second. > or catalyst 2924 LED light will be off after some seconds. > > **NOTE: New CCNA/CCDA List has been formed. For more information go > to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP route cache
That is true and it's always enabled by default. Check the bugs for fast switching 'cos it has quite a few issues with NAT, ISDN, Frame Relay (sub-i/f), ISL on Fast Ethernet (sub-if again) and some other stuff too. --- "Yee, Jason" <[EMAIL PROTECTED]> wrote: > if I am not wrong ip route-cache enable fast-switching while no ip > route-cache disables fast-switching and drops to process switching > > > so that's really a matter of enabling switching types between > interfaces > > hope this helps > > Jason Yee > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of > Tony Russell > Sent: Wednesday, November 08, 2000 11:04 PM > To: '[EMAIL PROTECTED]' > Subject: IP route cache > > > Can someone describe why I would want to use the ip route-cache (or > no ip > route-cache) command. I've found references on the Cisco site > about how to > use it, but not why. > > Tony Russell > Network Engineer > IBEAM Broadcasting > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aggregating Multiple ISDN lines [7:1691]
With your config you need "dialer in-band". The other 2 options are only used for Dialer Profile configurations. Cisco have made this command confusing, I always understood that ISDN circuits had "out of band" dialers (ie. the D-Channel) but the "dialer in-band" command is now used with legacy dialer configs to specify that Dial on Demand Routing will be used on that interface. Damn those Californians. Cheers Charlie --- Amit Gupta wrote: > Hi, > > I am upgrading the bandwidth of my ISDN link which is > used as backup.I am adding another ISDN line to have a > bandwith of 256kbps ( 2 lines ) > I am currently using ddr with floating static routes > and the remote router dials at our end when the > primary link is down. > > I plan to use the foll config at the remote end > int dialer1 > encap ppp > ip address ... > dialer string > dialer string > dialer group 1 > dialer load threshold 1 either > ppp multilink > > int bri0 > dialer rotary group 1 > encap ppp > > int bri1 > dialer rotary group 1 > encap ppp > > And a similar config at the local end ( excluding > dialer string commands) > > > As soon as I try to configure the dialer load > threshold 1 either command on the dialer interface, I > get a message that " Configure dialer in band, dialer > pool or dialer remote name first" > Am I missing something in the config or do I have to > add dialer in band... > > Need your valuble comments / remarks > > Amit > > > > > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1692&t=1691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hi,how can i realize the ppp call back? [7:4146]
PPP callback from a PC client is slightly different, it is generally called "MS-Callback". You can find example configs here:- http://www.cisco.com/warp/public/793/access_dial/async_ppp.html If this is ISDN you should ignore the chat-script stuff, if it is a modem you, er, shouldn't... Cheers Charlie --- Leo Shen wrote: > in the access server: > ppp callback acce > and in the client : > ppp callback requ > maybe,i can realize the ppp callback,but if the client is a pc > whose os is > win98,how can I realize the callback? > thanx Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4150&t=4146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6385]
> In closing... so since I am Unix, (Solaris), experienced and > certified, AND > Microsoft experienced and certified, does this mean I need to run > out and > get some Prozac right quick I think, maybe, that an overdose of Prozac may have contributed to the start of this whole argument --- Jon Krabbenschmidt wrote: > This reminds me of an argument my two boys, 3 and 5, had earlier > this week. > On swore that their bike was faster. I tried to explain that there > is the > length of legs, mechanics of the bikes, and age, (experience), that > added to > the difference. I was making the point that the bikes, though > physically > different, were in the end basically the same, (different platforms > that > achieve the same purpose). Well I ended up walking away. > > Last time I checked this was a group that was focused on network > engineering. Hummm this is OS independent. Seems to me our job > is taking > all the stuff Sys Admins have, and all the stuff that > Infrastructure has, > and all the stuff internal support has, and make it talk. We don't > care > whether it is Unix, NT, CPM, Apple, or an old VIC20. Our job is to > make the > stuff play well together. > > My hat goes off to Alan and Peter, as well as some others, for > their very > civilized, and educational discourse on BGP/OSPF. I can only hope > to be > where these people are some day. > > In closing... so since I am Unix, (Solaris), experienced and > certified, AND > Microsoft experienced and certified, does this mean I need to run > out and > get some Prozac right quick > > Jon > > -Original Message- > From: Shawn Goodson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 29, 2001 11:56 PM > To: [EMAIL PROTECTED] > Subject: Re: another OT: why you UNIX guys look down on we NT guys? > [7:6378] > > > With all that extra money maybe you could get a writing class, or a > spell > checker ? > > - Original Message - > From: "Jim Bond" > To: > Sent: Tuesday, May 29, 2001 4:14 PM > Subject: Re: another OT: why you UNIX guys look down on we NT guys? > [7:6335] > > > > Oh yeah?! I'm win2000 roll out project manager for a > > fortune 500 company. I make $150 per hour. Hope you > > can figure out, SMART Unix guy. > > > > And Chuck, no problem. I just don't like some people > > (like SMART Russ) knows a little than others then show > > off that much. > > > > > > > > --- Russ Kreigh wrote: > > > We look down upon you because you have to brag about > > > how much you make. > > > > > > > > > - Original Message - > > > From: "Jim Bond" > > > To: > > > Sent: Tuesday, May 29, 2001 7:40 PM > > > Subject: another OT: why you UNIX guys look down on > > > we NT guys? [7:6323] > > > > > > > > > > UNIX guys, > > > > > > > > I make $240K per year, how much you make? Why you > > > guys > > > > look down on us??? I don't get it... > > > > > > > > > > > > Jim > > > > NT guy Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6385&t=6385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6386]
> In closing... so since I am Unix, (Solaris), experienced and > certified, AND > Microsoft experienced and certified, does this mean I need to run > out and > get some Prozac right quick I think, maybe, that an overdose of Prozac may have contributed to the start of this whole argument --- Jon Krabbenschmidt wrote: > This reminds me of an argument my two boys, 3 and 5, had earlier > this week. > On swore that their bike was faster. I tried to explain that there > is the > length of legs, mechanics of the bikes, and age, (experience), that > added to > the difference. I was making the point that the bikes, though > physically > different, were in the end basically the same, (different platforms > that > achieve the same purpose). Well I ended up walking away. > > Last time I checked this was a group that was focused on network > engineering. Hummm this is OS independent. Seems to me our job > is taking > all the stuff Sys Admins have, and all the stuff that > Infrastructure has, > and all the stuff internal support has, and make it talk. We don't > care > whether it is Unix, NT, CPM, Apple, or an old VIC20. Our job is to > make the > stuff play well together. > > My hat goes off to Alan and Peter, as well as some others, for > their very > civilized, and educational discourse on BGP/OSPF. I can only hope > to be > where these people are some day. > > In closing... so since I am Unix, (Solaris), experienced and > certified, AND > Microsoft experienced and certified, does this mean I need to run > out and > get some Prozac right quick > > Jon > > -Original Message- > From: Shawn Goodson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 29, 2001 11:56 PM > To: [EMAIL PROTECTED] > Subject: Re: another OT: why you UNIX guys look down on we NT guys? > [7:6378] > > > With all that extra money maybe you could get a writing class, or a > spell > checker ? > > - Original Message - > From: "Jim Bond" > To: > Sent: Tuesday, May 29, 2001 4:14 PM > Subject: Re: another OT: why you UNIX guys look down on we NT guys? > [7:6335] > > > > Oh yeah?! I'm win2000 roll out project manager for a > > fortune 500 company. I make $150 per hour. Hope you > > can figure out, SMART Unix guy. > > > > And Chuck, no problem. I just don't like some people > > (like SMART Russ) knows a little than others then show > > off that much. > > > > > > > > --- Russ Kreigh wrote: > > > We look down upon you because you have to brag about > > > how much you make. > > > > > > > > > - Original Message - > > > From: "Jim Bond" > > > To: > > > Sent: Tuesday, May 29, 2001 7:40 PM > > > Subject: another OT: why you UNIX guys look down on > > > we NT guys? [7:6323] > > > > > > > > > > UNIX guys, > > > > > > > > I make $240K per year, how much you make? Why you > > > guys > > > > look down on us??? I don't get it... > > > > > > > > > > > > Jim > > > > NT guy Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6386&t=6386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Information about Nortels Shasta 5000 [7:10809]
Apart from "it's big, beige and heavy" I guess you could try Nortel's website http://www39.nortelnetworks.com/products/5000BSN/ It uses internally defined "ISPs" which create a new router process for every customer profile (not too good for CPU load). The customer then has access to change settings such as security, QoS, web-redirects and access the OOB logs themselves. It is 95% GUI driven but does have a CLI written by some ex-cisco bods so it will be familiar to most people - to be honest tho you'll just put an IP address in there and then go to the GUI. It has a 10G switch fabric but has that annoying limitation that only linecards in certain slots can use that bandwidth. My opinion of the software - flaky. Avoid OSPF. Just MO tho. Cheers Charlie --- "Scheld, K100, DA" wrote: > Hi list, > > any information about Nortels Shasta 5000? > > THX > > Mit freundlichen Gr|_en > > Siegfried Scheld > > T-Systems > Computing Services > IV-Netz-Zentrum Bielefeld > NPR6 Netzplanung LAN > Darmstadt > Hilpertstr. 31 > 64295 Darmstadt > Tel.: 06151/908-4105 > Fax: 06151/908-8578 > Mobil:0175/9357211 > Raum: A2.193 > eMail: > > Web: http://www.t-systems.de > > Nicht weil die Dinge schwierig sind, wagen wir sie nicht, > sondern weil wir sie nicht wagen, sind sie schwierig! [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10829&t=10809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 350 APs and Security Concerns [7:35686]
Does anyone know which software versions of the Aironet 350 APs use added "Hashing" to help resolve the weaknesses discovered in the RC4 algorithm? Is version 11.07 safe from the Berkley and Fuhrer attacks? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35686&t=35686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 350 APs and Security Concerns [7:35686]
Thanks Tom, So all versions before 11.10T don't use "hashing" in addition to the RC4 algorithm? (11.08T1, 11.07a, 11.06.a, 11.05a etc...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35699&t=35686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 350 Wireless Security Question [7:38051]
How safe am I if I'm using the aironet 350 Series access points running the following: -version 11.10T -EAP authentication with a Radius server -MIC enabled -Broadcast Key Rotation -WEP with key hashing Does anyone know any good links that give a 'very' detailed explanation of how the 'WEP key hashing' works? Also, does Cisco have any VPN-based or one-time password wireless solutions available? I mean, it seems like everyday... I get a different answer as to which wireless security models are secure and which aren't. Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38051&t=38051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 350 Wireless Security Question [7:38051]
I think I just answered my own question. Just found an excellent link... Here it is if anyone is curious: http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38060&t=38051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco links for IS-IS study required, please [7:11305]
The IS-IS paper by Peter Van Oene at http://www.certificationzone.com is very good as well. You do need to subscribe to get it but with all of the other papers, test questions and labs that you get it's well worth it. Cheers Charlie --- Remmert Veen wrote: > Hey Pete, > > I've got a collection of whitepapers and presentations on IS-IS > (even a > Cisco-presentation on advanced IS-IS). Should you be interested, > drop me an > e-mail at [EMAIL PROTECTED] > > Rgds, > Remmert [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11433&t=11305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Still having BRI stress! [7:11653]
The config looks fine but we will need a bit more info to help. The error message isn't much use on it's own, so if you do "show isdn status", then run "debug isdn q931", "debug isdn q921" and "debug dialer", then try to make a call it should give you more information. If you have any trouble deciphering the output then paste it all in an email to the group and we'll try to help out some more. Cheers Charlie --- Uche Ishionwu wrote: > Hello,... >I changed my configuration somewhat, and removed a module. But > my cisco > 2620 still wont dial out.!!.can someone look at the > configuration and > the error out put and let me know what may still be the > cause.(Layer 1. and > layer 2. -isdn events- are ok, but theres still no connection) >-Uche. > config---> > > > oks>en > Password: > oks#sh conf > Using 1496 out of 29688 bytes > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname oks > ! > no logging console > no logging monitor > enable secret 5 $1$IU9Q$qYwqs3CXuKmsl1y1GjcM30 > enable password oks > ! > username msn password 0 msn > ! > ! > ! > ! > memory-size iomem 15 > ip subnet-zero > no ip domain-lookup > ! > isdn switch-type basic-net3 > ! > ! > ! > interface FastEthernet0/0 > ip address 192.168.0.2 255.255.255.0 > no ip directed-broadcast > duplex auto > speed auto > ! > interface BRI0/0 > description OKS testing interface! > no ip address > no ip directed-broadcast > encapsulation ppp > dialer pool-member 1 > dialer pool-member 2 > isdn switch-type basic-net3 > ! > interface Dialer1 > description connected to ELSATEST > ip address 192.168.8.2 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer pool 1 > dialer wait-for-carrier-time 90 > dialer string 00192658 > dialer hold-queue 10 > dialer-group 1 > ppp authentication chap > ! > interface Dialer2 > ip address 192.168.8.3 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer pool 2 > dialer wait-for-carrier-time 90 > dialer string 00192658 > dialer hold-queue 10 > dialer-group 2 > no cdp enable > ppp authentication chap > ! > ip classless > ip route 0.0.0.0 0.0.0.0 Dialer1 > no ip http server > ! > access-list 99 permit any > dialer-list 1 protocol ip permit > dialer-list 1 protocol ipx permit > dialer-list 2 protocol ip list 99 > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > password uche1 > login > ! > no scheduler allocate > end > > oks# > > 00:13:236223201280: ISDN ERROR: Module-CCBRI Function-_Go > Error-Event > receive > d for an unrecognized call. Data- B6, 0 [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11662&t=11653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Still having BRI stress! [7:11653]
Unfortunately, "debug isdn events" is widely regarded as broken, the information it gives can be inaccurate. Besides, if the problem isn't simple (maybe a misconfigured telco switch at the far end - we'd need cause codes to diagnose that) then we'd only be sending Uche back off to do more work. I think it's better to get too much info than too little. Cheers Charlie --- Fomes Iain wrote: > Just do debug isdn events it gives you all that in one go. When > you do > Show ISDN status check that you have a TEI number and the Multiple > frame IS > established. If not your ISDN line is knackered. > > regards > Iain Fomes > [EMAIL PROTECTED] > > > > > > > -Original Message- > > From: Charlie Hartwell [SMTP:[EMAIL PROTECTED]] > > Sent: 10 July 2001 09:39 > > To: [EMAIL PROTECTED] > > Subject:Re: Still having BRI stress! [7:11653] > > > > The config looks fine but we will need a bit more info to help. > The > > error message isn't much use on it's own, so if you do "show isdn > > status", then run "debug isdn q931", "debug isdn q921" and "debug > > dialer", then try to make a call it should give you more > information. > > If you have any trouble deciphering the output then paste it all > in > > an email to the group and we'll try to help out some more. > > > > Cheers > > > > Charlie > > > > --- Uche Ishionwu wrote: > Hello,... > > >I changed my configuration somewhat, and removed a module. > But > > > my cisco > > > 2620 still wont dial out.!!.can someone look at the > > > configuration and > > > the error out put and let me know what may still be the > > > cause.(Layer 1. and > > > layer 2. -isdn events- are ok, but theres still no connection) > > >-Uche. > > > config---> > > > > > > > > > oks>en > > > Password: > > > oks#sh conf > > > Using 1496 out of 29688 bytes > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname oks > > > ! > > > no logging console > > > no logging monitor > > > enable secret 5 $1$IU9Q$qYwqs3CXuKmsl1y1GjcM30 > > > enable password oks > > > ! > > > username msn password 0 msn > > > ! > > > ! > > > ! > > > ! > > > memory-size iomem 15 > > > ip subnet-zero > > > no ip domain-lookup > > > ! > > > isdn switch-type basic-net3 > > > ! > > > ! > > > ! > > > interface FastEthernet0/0 > > > ip address 192.168.0.2 255.255.255.0 > > > no ip directed-broadcast > > > duplex auto > > > speed auto > > > ! > > > interface BRI0/0 > > > description OKS testing interface! > > > no ip address > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool-member 1 > > > dialer pool-member 2 > > > isdn switch-type basic-net3 > > > ! > > > interface Dialer1 > > > description connected to ELSATEST > > > ip address 192.168.8.2 255.255.255.0 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool 1 > > > dialer wait-for-carrier-time 90 > > > dialer string 00192658 > > > dialer hold-queue 10 > > > dialer-group 1 > > > ppp authentication chap > > > ! > > > interface Dialer2 > > > ip address 192.168.8.3 255.255.255.0 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool 2 > > > dialer wait-for-carrier-time 90 > > > dialer string 00192658 > > > dialer hold-queue 10 > > > dialer-group 2 > > > no cdp enable > > > ppp authentication chap > > > ! > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 Dialer1 > > > no ip http server > > > ! > > > access-list 99 permit any > > > dialer-list 1 protocol ip permit > > > dialer-list 1 protocol ipx permit > > > dialer-list 2 protocol ip list 99 > > > ! > > > line con 0 > > > transport input none > > > line aux 0 > > > line vty 0 4 > > > password uche1 > > > login > > > ! > > > no scheduler allocate > > > end >
RE: Still having BRI stress! [7:11653]
Sorry - missed a bit. "Multiple Frame Established" is the most desirable state for layer 2 to be in but "TEI Assigned" is not necessarily a problem. A lot of telcos power down the d-channel if the connection hasn't been used for a while, the router will then report TEI Assigned but this will go back to Multiple Frame Established when a call is attempted inbound or outbound. ___ Unfortunately, "debug isdn events" is widely regarded as broken, the information it gives can be inaccurate. Besides, if the problem isn't simple (maybe a misconfigured telco switch at the far end - we'd need cause codes to diagnose that) then we'd only be sending Uche back off to do more work. I think it's better to get too much info than too little. Cheers Charlie --- Fomes Iain wrote: > Just do debug isdn events it gives you all that in one go. When > you do > Show ISDN status check that you have a TEI number and the Multiple > frame IS > established. If not your ISDN line is knackered. > > regards > Iain Fomes > [EMAIL PROTECTED] > > > > > > > -Original Message- > > From: Charlie Hartwell [SMTP:[EMAIL PROTECTED]] > > Sent: 10 July 2001 09:39 > > To: [EMAIL PROTECTED] > > Subject:Re: Still having BRI stress! [7:11653] > > > > The config looks fine but we will need a bit more info to help. > The > > error message isn't much use on it's own, so if you do "show isdn > > status", then run "debug isdn q931", "debug isdn q921" and "debug > > dialer", then try to make a call it should give you more > information. > > If you have any trouble deciphering the output then paste it all > in > > an email to the group and we'll try to help out some more. > > > > Cheers > > > > Charlie > > > > --- Uche Ishionwu wrote: > Hello,... > > >I changed my configuration somewhat, and removed a module. > But > > > my cisco > > > 2620 still wont dial out.!!.can someone look at the > > > configuration and > > > the error out put and let me know what may still be the > > > cause.(Layer 1. and > > > layer 2. -isdn events- are ok, but theres still no connection) > > >-Uche. > > > config---> > > > > > > > > > oks>en > > > Password: > > > oks#sh conf > > > Using 1496 out of 29688 bytes > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname oks > > > ! > > > no logging console > > > no logging monitor > > > enable secret 5 $1$IU9Q$qYwqs3CXuKmsl1y1GjcM30 > > > enable password oks > > > ! > > > username msn password 0 msn > > > ! > > > ! > > > ! > > > ! > > > memory-size iomem 15 > > > ip subnet-zero > > > no ip domain-lookup > > > ! > > > isdn switch-type basic-net3 > > > ! > > > ! > > > ! > > > interface FastEthernet0/0 > > > ip address 192.168.0.2 255.255.255.0 > > > no ip directed-broadcast > > > duplex auto > > > speed auto > > > ! > > > interface BRI0/0 > > > description OKS testing interface! > > > no ip address > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool-member 1 > > > dialer pool-member 2 > > > isdn switch-type basic-net3 > > > ! > > > interface Dialer1 > > > description connected to ELSATEST > > > ip address 192.168.8.2 255.255.255.0 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool 1 > > > dialer wait-for-carrier-time 90 > > > dialer string 00192658 > > > dialer hold-queue 10 > > > dialer-group 1 > > > ppp authentication chap > > > ! > > > interface Dialer2 > > > ip address 192.168.8.3 255.255.255.0 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer pool 2 > > > dialer wait-for-carrier-time 90 > > > dialer string 00192658 > > > dialer hold-queue 10 > > > dialer-group 2 > > > no cdp enable > > > ppp authentication chap > > > ! > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 Dialer1 > > > no ip http server > > > ! >
RE: Still having BRI stress! [7:11653]
There is no fault with your ISDN line but there was no interesting traffic for the router to bring the link up - the 2 messages were for CDP on the physical interface and a broadcast (probably a routing protocol). They are not able to activate the link. You need to ping across to the other side of the Dialer1 connection while those debugs are running - we should be able to see what the problem is then. --- Uche Ishionwu wrote: > Debug ppp seems to be issuing no results. However this the outcome > of the > other debug querries. > > oks# > oks#sh isdn st > Global ISDN Switchtype = basic-net3 > ISDN BRI0/0 interface > dsl 0, interface ISDN Switchtype = basic-net3 > Layer 1 Status: > ACTIVE > Layer 2 Status: > TEI = 108, Ces = 1, SAPI = 0, State = > MULTIPLE_FRAME_ESTABLISHED > Layer 3 Status: > 0 Active Layer 3 Call(s) > Activated dsl 0 CCBs = 0 > The Free Channel Mask: 0x8003 > > oks#deb isdn ? > L2-Sock-Proc ISDN L2 Socket Process packets > eventsISDN events > q921 ISDN Q921 packets > q931 ISDN Q931 packets > > oks#deb isdn ev > ISDN events debugging is on > oks#deb isdn q92 > ISDN Q921 packets debugging is on > oks#deb isdn q93 > ISDN Q931 packets debugging is on > oks# > oks# > 03:20:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > oks# > 03:20:31: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:20:176093659136: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:20:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:20:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:4294967296: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:21:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:90194313216: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:21:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:176093659136: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:21:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:21:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:11: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:31: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:176093659136: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:22:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:22:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:4294967296: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:23:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:90194313216: ISDN BR0/0: TX -> RRp sapi = 0 tei = 108 nr = > 82 > 03:23:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:21: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:41: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:23:51: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:24:01: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > 03:24:11: ISDN BR0/0: RX RRf sapi = 0 tei = 108 nr = 82 > > ___ > > > oks#debug dialer > Dial on demand events debugging is on > oks#debug dialer ev > Dial on demand events debugging is on > oks#debug dialer p > Dial on demand packets debugging is on > oks# > 03:29:12: BR0/0 DDR: cdp, 342 bytes, outgoing uninteresting (no > dialer-group > def > ined) > 03:29:12: BR0/0 DDR: sending broadcast to default destination -- > failed, not > con > nected [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11675&t=11653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO questions [7:11275]
It depends who you are and who you work for, each CCO login can have a different profile for access to different areas such as bugsearch tools, upgrade planners, field notices, online forums, technical documents, case studies...the list goes on. Cisco are generally quite nice if you have a genuine reason to have your CCO access upgraded they can change it for you quickly. --- Donald B Johnson jr wrote: > Besides the software what does a login to CCO get you, which public > access > doesn't? > > > > > - Original Message - > From: "Michael L. Williams" > To: > Sent: Monday, July 09, 2001 7:02 PM > Subject: Re: CCO questions [7:11275] > > > > He is neither of those. (in sales or has a contract) He > simply > finished > > CCNP/DP and BAM got an e-mail with CCO login.. strange. > > I'm more than willing to believe that this was a fluke and that > getting > > CCNP/DP doesn't gain you a CCO login and I'm not trying to > belabor the > > point. Just letting y'all know what happened. > > > > Mike W. > > > > "Patrick Ramsey" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > You need to be in sales or have a contract with Cisco for > support. > > > > > > -Patrick > > > > > > >>> "Michael L. Williams" 07/09/01 02:34PM >>> > > > "Kevin Wigle" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > from various posts.. > > > > > > > > Quite often rumours are based in fact (like at one time > needing CCNA > to > > > get > > > > CCDA... :-) ) > > > > > > > > 1.You do not get a CCO login account from CCNP/CCDP > status. > > > > > > How is it possible that one, who has only CCNP/DP, has not even > attempted > > > CCIE written much less CCIE lab, and has never "signed up" for > CCO > login, > > > received via e-mail a valid CCO login from Cisco? Just > wondering as I > > know > > > someone in that exact situation. > > > > > > I realize the CCIE is the "end all" to some people, but the > fact of the > > > matter is someone who is CCDP has the higest level design cert > from > Cisco, > > > and how in the world does Cisco expect them to design and setup > (in a > test > > > environment or otherwise) and configure good networks without > access to > > IOS > > > images and other CCO stuff? Geez. it's not like this stuff > is a > > matter > > > of national security. > > > > > > Mike W. [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11699&t=11275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can anyone help an aspiring CCNP? [7:11920]
HSRP is a _router_ function but it is there to add extra functionality for a LAN. Also, I seem to remember HSRP being covered in the BCMSN course - possibly something to do with running multiple instances of HSRP over different VLANs. Read into that what you will, all I'm saying is that HSRP is quite simple, easy to configure and it is worthwhile knowing it whether or not you are going to have a switching exam soon. Enjoy! Charlie --- Dennis H wrote: > HSRP is a function of routing, not switching. Therefore I would > expect it > is not in the switching exam. I would expect to see it in the > routing exam. > > > ""Sam Sneed"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Does anyone who passed CCNP switching know if HSRP is covered on > the exam? > > Its not an objective on the Cisco site, but both Cisco Press and > Lammle > > dedicate a whole chapter to it. Thanks... > > > > Sammy [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11947&t=11920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Low BRI througput [7:12078]
It would be interesting to see the document that recommends that action - after all, WFQ is designed to help with low bandwidth links without the need for complicated config. It is more likely that it is recommended to turn off WFQ when using ppp multilink across the ISDN connection. This is probably to avoid any unnecessary fragment delay which could lead to malformed packets and retransmissions. So in answer to your question, there is no real connection between BRI performance and WFQ but cisco probably recommend disabling WFQ to avoid other problems. Cheers Charlie --- Mohammed Saro wrote: > Dear Sir > Cisco recommends for low throughput for the ISDN BRI to verify > that fair > queuing is not enabled can anyone tell me the relationship between > fair > queuing and BRI throughput ? > > Best Regards, > Mohammed Saro > Network Engineer > GEGA NET > Tel: +202-4149771 Ext:111 [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12090&t=12078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: isdn status [7:12599]
The first call failed because there were no available b-channels at the remote end (0x82A2). >From this information I cannot see why layer 1 is going down - try running "debug isdn q921" and "debug bri" to see if that gives any clues - it is most likely to be a telco problem though. Cheers Charlie --- Omer Ehsan Dar wrote: > Hi all, > these contarary messages from to commands ahve me stumped once it > says > that layer 1 is working and then it says that it isnt. Could > anybody > tell me what the problem is??? > Omer > > 2503#sh isdn stat > The current ISDN Switchtype = basic-ni1 > ISDN BRI0 interface > Layer 1 Status: > ACTIVE > Layer 2 Status: > TEI = 76, State = MULTIPLE_FRAME_ESTABLISHED > TEI = 77, State = MULTIPLE_FRAME_ESTABLISHED > Spid Status: > TEI 76, ces = 1, state = 5(init) > spid1 configured, spid1 sent, spid1 valid > Endpoint ID Info: epsf = 0, usid = 1, tid = 1 > TEI 77, ces = 2, state = 5(init) > spid2 configured, spid2 sent, spid2 valid > Endpoint ID Info: epsf = 0, usid = 3, tid = 1 > Layer 3 Status: > 0 Active Layer 3 Call(s) > Activated dsl 0 CCBs = 1 > CCB: callid=0x0, sapi=0, ces=1, B-chan=0 > Total Allocated ISDN CCBs = 1 > 2504#ping 172.16.71.1 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 172.16.71.1, timeout is 2 > seconds: > > ISDN BR0: TX -> SETUP pd = 8 callref = 0x05 > Bearer Capability i = 0x8890 > Channel ID i = 0x83 > Keypad Facility i = '8358661' > ISDN BR0: RX Cause i = 0x82A2 - No channel available > ISDN BR0: Setup was rejected, cause = 22. > Success rate is 0 percent (0/5) > > BRI unit 0 > D Chan Info: > Layer 1 is DEACTIVATED > idb 0xBB2F0, ds 0xCB6E8, reset_mask 0x8 > buffer size 1524 > RX ring with 2 entries at 0x2101600 : Rxhead 1 > 00 pak=0x108E34 ds=0x407EDC4 status=D000 pak_size=0 > 01 pak=0x0CBA78 ds=0x403E1C0 status=F000 pak_size=0 > TX ring with 1 entries at 0x2101640: tx_count = 0, tx_head = 0, > tx_tail > = 0 > 00 pak=0x00 ds=0x00 status=00 pak_size=0 > 0 missed datagrams, 0 overruns, 0 bad frame addresses > 0 bad datagram encapsulations, 0 memory errors > 0 transmitter underruns > 0 d channel collisions > B1 Chan Info: > Layer 1 is DEACTIVATED > idb 0xC0628, ds 0xCB7C0, reset_mask 0x0 > buffer size 1524 > RX ring with 8 entries at 0x2101400 : Rxhead 0 > 00 pak=0x0CC87C ds=0x40410C8 status=D000 pak_size=0 > 01 pak=0x0CC6AC ds=0x4040A10 status=D000 pak_size=0 > 02 pak=0x0CC4DC ds=0x4040358 status=D000 pak_size=0 > 03 pak=0x0CC30C ds=0x403FCA0 status=D000 pak_size=0 > X ring with 4 entries at 0x2101440: tx_count = 0, tx_head = 0, > tx_tail = > 0 > 00 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 01 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 02 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 03 pak=0x00 ds=0x00 status=7C00 pak_size=0 > 0 missed datagrams, 0 overruns, 0 bad frame addresses > 0 bad datagram encapsulations, 0 memory errors > 0 transmitter underruns > 0 d channel collisions > B2 Chan Info: > Layer 1 is DEACTIVATED > idb 0xC5960, ds 0xCB890, reset_mask 0x2 > buffer size 1524 > RX ring with 8 entries at 0x2101500 : Rxhead 0 > 00 pak=0x0CE6D0 ds=0x4047C48 status=D000 pak_size=0 > 01 pak=0x0CE500 ds=0x4047590 status=D000 pak_size=0 > 02 pak=0x0CE330 ds=0x4046ED8 status=D000 pak_size=0 > 03 pak=0x0CE160 ds=0x4046820 status=D000 pak_size=0 > 04 pak=0x108524 ds=0x407CC2C status=D000 pak_size=0 > 05 pak=0x108354 ds=0x407C574 status=D000 pak_size=0 > 06 pak=0x108184 ds=0x407BEBC status=D000 pak_size=0 > 07 pak=0x107FB4 ds=0x407B804 status=F000 pak_size=0 > TX ring with 4 entries at 0x2101540: tx_count = 0, tx_head = 0, > tx_tail > = 0 > 00 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 01 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 02 pak=0x00 ds=0x00 status=5C00 pak_size=0 > 03 pak=0x00 ds=0x00 status=7C00 pak_size=0 > 0 missed datagrams, 0 overruns, 0 bad frame addresses > 0 bad datagram encapsulations, 0 memory errors > 0 transmitter underruns > 0 d channel collisions > > 2504#ping 172.16.71.1 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 172.16.71.1, timeout is 2 > seconds: > > ISDN BR0: Outgoing call id = 0x8007 > ISDN BR0: Event: Call to 8358661 at 64 Kb/s > ISDN BR0: Activating.. > %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 73 changed to > down > ISDN BR0: received HOST_DISCONNECT_ACK > ISDN BR0: Error: Unexpected Disconnect_Ack - callid 8007.. > ISDN BR0: Physical layer is IF_DOWN >
Re:What is no Free B-channels [7:12775]
I expect the total load on your 2 active calls is above 40% so the router is trying to activate a third channel. Obviously you don't have 3 channels with a BRI so you get this error message. Do you have another BRI interface in the same dialer pool/rotary-group that is not shutdown? If you do and the second BRI is not connected to anything then that would explain this behavour. If not, then I thought the router would be smarter than that - it should know that there are only 2 channels for each BRI. HTH Charlie --- "[EMAIL PROTECTED]" wrote: > Hi everybody, I have 2 routers connected using ISDN line.Router A > dials out > to Router B in multilink mode wherein the 2nd call gets generated > when the > traffic reaches 40% > dialer load-threshold 100 outbound > Using command sh isdn active ,I can see 2 calls generated on 2 B- > channels > but at the same time I am getting messages like this continiously > when I > am putting terminal monitor on. > > > 0:36:10: ISDN BRI1/0: isdn_is_bchannel_available: No Free > B-channels > 0:36:12: ISDN BRI1/0: isdn_is_bchannel_available: No Free > B-channels > 0:36:14: ISDN BRI1/0: isdn_is_bchannel_available: No Free > B-channels > 0:36:16: ISDN BRI1/0: isdn_is_bchannel_available: No Free > B-channels > > > > Can anyboby explain what this message indicates? > Also somestime the calls are not initiated on router A end ,what > could be > the reason ? > > > Regards > Bware [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12779&t=12775 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fw: callback [7:13326]
You need to use a technique called "MS-Callback" it is documented on the Cisco website in the access-dial cookbook area. It is also documented here http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_c/dccalldd.htm#xtocid75233 Sorry about the wrap. Cheers Charlie --- kostas aggelakis wrote: > Hello, > Has anyone tried to make ppp callback between > a router (1601) and microsoft windows pc over an isdn BRI line? > I will appreciate any help! [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13328&t=13326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to keep the clock always correct in a router? [7:13470]
With the smaller routers (700 up to 3600) you do not get an internal battery to keep the clock correct when the router reboots. You will need to use an NTP server for these. If you have access to the internet then there are plenty of public domain NTP servers that are free to use (just search in Google), if you have no internet access then you will have to configure an NTP server on your network. Most Unix platforms come with an inbuilt NTP server and I am pretty sure that you can get 3rd party software for NT machines to do the job. Good luck! Charlie --- Derric Gu wrote: > Everytime when I reload the router, its clock will be changed to > year 1993. > And the time of the router is important for vpn, how can I keep the > clock of > the router always correct? > > Derric Gu [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13473&t=13470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Communicatoins and Services [7:14800]
Hi Michael, I am interested in the Optical path but I'm not 100% sure about it just yet. The certifications area on CCO gives some good links for reading material for both paths and I believe they are both still in beta.The blueprint for the Dial C&S is due in August. It is worth noting that the C&S qualification written exam (equivalent to the Drake) is the only time when the specialisation will come into effect - the lab will be 100% based on "general" networking. Regards Charlie --- Michael Damkot wrote: > Hea group, I was curious if anyone is planning to pursue their CCIE > in > communications and services, specializing in either Optical or > Cable. I > plan to do both and would like to exchange information if at all > possible. > > -- > Michael Damkot CCNP > Technical Trainer > Network Support Engineer II [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14805&t=14800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP!! The Cisco Code & Windows XP [7:16604]
I might be repeating someone else here - I haven't followed the thread completely. The vulnerability you are talking about is documented in this field notice... http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml You have to be VERY careful when putting XP on your Cisco switched LAN, make sure you have new code and/or new SUP's. The 802.1x authentication option is also available on Win2k but it is disabled by default, on the XP beta it is enabled by default (not sure if the final release will be the same). It seems to boil down to STP ports in "blocking" mode forwarding the 802.1x packets. It has the potential to bring down a segment in double-quick time, just ask Xerox, apparently just one curious engineer's PC managed that trick, they now have a strict "NO XP!" policy on their network (allegedly). Regards Charlie --- Chuck Larrieu wrote: > I did a little more checking on this. there is a known issue with > XP clients > and Catalyst 5000 switches with EARL 1 and certain software > revisions. I may > be misunderstanding this completely, but it is an issue with the > interaction > of the Cat 5K and XP when 802.1x port authentication is enabled. > that got me > to reading on 802.1x authentication. interesting. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of > Brian > Sent: Tuesday, August 21, 2001 6:40 PM > To: [EMAIL PROTECTED] > Subject: RE: HELP!! The Cisco Code & Windows XP [7:16604] > > > perhaps boss heard about the mstcp thread... > > Brian "Sonic" Whalen > Success = Preparation + Opportunity > > > On Tue, 21 Aug 2001, Chuck Larrieu wrote: > > > I'm sure you've had your fair share of smart remarks by now. So I > won't > add > > my own. I will remark that in fairness to your boss, there is > probably > > something he has heard or read which caused him to look for > reassurance. > > > > for example, is there a concern with VPN compatibility of > operation using > > Win XP VPN client software? is there a security concern based > upon > published > > writings about the XP TCP stack? > > > > if the question is "will Cisco routers pass traffic generated by > XP > > machines?" the answer is "sure. why not" after all, there is > nothing in an > > IP or a TCP header that indicates the type of host OS that > originates the > > packet. as long as the traffic is contained in valid packets, the > router > > will pass process them. knowing that, may I recommend you sit > down with > the > > boss and ask what his concerns are. what has he read? what has he > heard? > why > > would he think there is reason to be concerned? hell, he could be > a victim > > of MBBW ( Management By Business Week - where the president of > the company > > saw something in Business Week Magazine over the weekend and on > Monday > > morning told your boss to investigate and come back with report. > ;-> > > > > ( and yes, I know some bosses are "she" ) > > > > Chuck > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > > Ray Smith > > Sent: Monday, August 20, 2001 5:38 PM > > To: [EMAIL PROTECTED] > > Subject: HELP!! The Cisco Code & Windows XP [7:16604] > > > > > > Guys, > > > > After my boss delegated me to research all I can about what is > need to > > upgrade if necessary our Cisco routers and switches to work with > Windows-XP, > > I was only able to assert from information on the web that there > is a bug > in > > the switch software that is incompatible with XP. > > > > Does anyone here know of any valuable information that can help > me with > > compiling an educated assessment of this research? Is anyone out > there > > knowledgeable of this issue either from personal experience or > from > > literature? I would really appreciate some feedback. > > > > The only problems that I have actually heard of thus far is that > which > > occurred during the beta test that brought down one of Xerox's > network. I > > understand that there is a patch that is available as a fix, in > addition > to > > the option of upgrading the Switch code. My question is: - > > > > a). Does the incompatibility only exist with the Switch software > or with > the > > router IOS as > > well? > > > > b). Is the patch the best way of dealing with the problem? > > > > I appreciate any help that I can get
Re: VPN [7:16948]
--- Mahesh wrote: > Hi > Can any one tell me the best stuff for VPN,s > thanks and regards > > -- > Mahesh Chandra > Where do I start? OK, do you mean training, documentation, case studies, hardware, software, encryption.. What I'm trying to say is - can you give a bit more detail? Better than that - what is the problem you are trying to solve(tm)? Regs Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16952&t=16948 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I: PSTN and ISDN call in on a PRI [7:17505]
You can use this as a guide for your config - just replace the BRI config with your PRI stuff. http://www.cisco.com/warp/public/471/bri_3640.html The Digital Modems are designed to accept analogue (PSTN) calls through the digital ISDN circuit. When a call comes into the ISDN interface it can see that it is an analogue or digital call by checking the "bearercap" field. If the call is analogue then your 3600 will switch the call over to the Mica modem banks. This is all done in software so the Mica modems have no external connections. If you need to support pure PSTN calls then you will need Microcom modems which are just traditional modems but I'm sure you will find the Mica modems are a good solution. Keep an eye on CCO for field notices about this solution, there have been a lot of software issues with the Mica Modem firmware and the 12.1 IOS releases and you will need to find a good "blend". last I heard 12.1(5)T and 2.7.2.0 were recommended but that was a few months ago and v.92 has arrived since then. Good luck! Charlie --- Picciani Francesco Saverio wrote: > > We have a 3600 Cisco router with a PRI and 30 digital modems. > > We are not sure that the router is able to accept both PSTN and > ISDN call > > in (if possible witch is the right configuration). > > The hardware configuration of the router is the following: > > > > > > > > > > > > > Thanks [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17511&t=17505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3 envelopes [7:17666]
Well, John Chambers is the CEO of Cisco Systems so I don't think he's at all bothered about the career of this "Tom Chambers" you mention. Speaking of John Chambers - I expect he's quite happy at the moment. Since Cisco announced a restructure program (the details of which elude me) the share price has risen slightly and the long term outlook is better. I hope they do manage to turn it around because Cisco are often seen as the yard arm as far as telecomms prospects go and that's my business too! I kinda like my job so good luck to them. Anyway, apart from being out of date and incorrect, it's quite a funny story. ;) Regards Charlie --- netm thru wrote: > A CEO resigned from a company and left the new CEO 3 > envelopes. The new one asked the old one what they > were for. He replied open them one at a time when > times get tough. A few months later when times were > tough the new CEO opened an envelope and it said > "Blame the economy" so he did. A quarter later when > things were still bad he opened the second envelope. > It said "Restructure". > A couple of quarters later he opened the third > envelope. It said "Leave 3 envelopes". > How long before Tom Chambers leaves his 3 envelopes? > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! > Messenger > http://phonecard.yahoo.com/ [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17694&t=17666 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
You want "ppp authentication chap callin" so that the router will only authenticate incoming ppp connections but not outgoing. HTH. Charlie --- Cisco Lover wrote: > Hi Guys... > > Any Idea how to setup one sided chap???that is only one router is > sending > challenge?? > > > Thanks for the help.. > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18063&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One Sided Chap????? [7:18056]
On the end that is establishing the ppp session (dialing up maybe?) you will need "ppp chap hostname xxx" and "ppp chap password xxx" in the interface config. On the receiving end you need "username xxx password xxx" in global config. That should do it. Regards Charlie --- Cisco Lover wrote: > Hi Charlie,, > > Thanks for the help.. > > So, the rest of the commands will remain the same??I mean we still > have to > put ppp authentication chap and USERNAME+PASSWORD set on both > sides?? > > Cisco Lover > > >From: Charlie Hartwell > >Reply-To: [EMAIL PROTECTED] > >To: Cisco Lover , [EMAIL PROTECTED] > >Subject: Re: One Sided Chap? [7:18056] > >Date: Fri, 31 Aug 2001 13:01:24 +0100 (BST) > > > >You want "ppp authentication chap callin" so that the router will > >only authenticate incoming ppp connections but not outgoing. > > > >HTH. > > > >Charlie > > > > --- Cisco Lover wrote: > Hi Guys... > > > > > > Any Idea how to setup one sided chap???that is only one router > is > > > sending > > > challenge?? > > > > > > > > > Thanks for the help.. > > > > > > > _ > > > Get your FREE download of MSN Explorer at > > > http://explorer.msn.com/intl.asp > >[EMAIL PROTECTED] > > > > > >Do You Yahoo!? > >Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > >or your free @yahoo.ie address at http://mail.yahoo.ie > > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18075&t=18056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sent email to this [7:29737]
**" This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. " No confidentiality or privilege is waived or lost by any " mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of Vodafone. This email has been checked for viruses. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29737&t=29737 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN dialer watch VS floating static routes [7:31609]
When configuring an ISDN backup for a frame relay circuit do most people typically use "dialer watch" or "floating static routes". In my scenerio, it's for an eigrp network and a single router. I've seen the following article on Cisco's website: http://www.cisco.com/warp/public/123/backup-main.html However, all things being equal, which one would you use? Thanks in advance, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31609&t=31609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN dialer watch VS floating static routes [7:31609]
Thanks for the advice Benjamin and Jenny. It sounds like you have to be careful when implementing dialer watch. (Especially, if you only want to bring up the link for 'interesting traffic'. I guess since 'dialer watch' is fairly new most people have 'floating static routes' in place. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31813&t=31609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MD5 encrypting vty passords [7:33533]
Is there any way to MD5 encrypt vty passords? If so, how? If not, why not? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33533&t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Address Management Software
I use a product called Optivity Net-id which is very useful for this purpose. Go from the http://support.baynetworks.com site for more info. Please remember that this newsgroup is primarily dedicated to the pursuit of Cisco accreditation - your post is a bit outside of the sort of questions we deal with. Cheers Charlie --- Carlos Patriawan <[EMAIL PROTECTED]> wrote: > Hi Guys, > > Is there any "good" IP Address Management Software for > very large-scale ISPs and create an optimized network ? > > Cheers, > > Carlos Patriawan, CCNA, CCIE (Written) > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Deleting a DLCI
It depends how your frame-relay has been configured. It will be the same command you used to set it in the first place preceded by a "no". It is usual to use the "frame-relay interface-dlci ### ietf/cisco" command to define it but some strange people still configure frame-relay maps. Cheers Charlie --- "Chris C. Burton" <[EMAIL PROTECTED]> wrote: > How can you delte an active DLCI number from a sub interface on a > Cisco 1601 > router? > > Chris > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BSCN - ACRC??
I don't know the exact details because Cisco aren't releasing exam objectives for the BSCN. What I can tell you is that the pass mark will be lower as it is a newer exam, it is likely to have more BGP than you can see in the ACRC notes but the flipside is that there's probably less "legacy" protocol questions - IPX will remain a bit but Appletalk and SRB should be completely gone. I'd recommend doing the BSCN - I *just* passed the ACRC a few weeks ago but I was thinking in terms of trying the BSCN if I failed it. 790 is tough to get. Good luck. Cheers Charlie --- Ingo Peitler <[EMAIL PROTECTED]> wrote: > Hello group! > > My Question: > > What is the difference between the Exams ACRC and BSCN? Is it > possible to > take the BSCN -Exam with the Knowledge of the ACRC Course? > > Need the Answer very fast > > Thanks PI __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Interview Question - OSPF
This of course leaves the way open to get your non-technical HR person to ask bizarre, embarrasing or just plain impossible questions. "So, Mr Berkowitz, could you please explain when a static RIP route would be useful between autonymous systems?" "Mr Lammle, when you've wired the left-handed wedgie-strap to the Cisco trouter port, what's the next step to getting true voice over avian-carrier signalling?" "Assuming you are in the correct mode, what is the command to enable bidirectional?" Oh, how we would larf... --- "Carrico, Robert" <[EMAIL PROTECTED]> wrote: > I believe people analyze these types of questions too much. > > I would say "You have to run something besides OSPF and RIP would > be > feasible" > > My answer is based on I'm running IP and IPX, so I choose RIP for > my IPX > implementation. What it boils down to is your explanation. These > types of > questions are general and a conversation or thread can go on > forever in the > different answers. However, not with a HR type that has a list of > 10 > technical questions to ask you. He writes down your response and > explanation and gives it to the technical manager to interpret your > responses. > > The difficult part is you have to be sure to explain how you > interpreted the > question. In most cases the person doing the first round interview > cannot > elaborate on the question because they don't necessarily understand > the > question or know the answer. > > -Original Message- > From: pedro quezada [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 24, 2000 10:17 PM > To: [EMAIL PROTECTED] > Subject:Re: Interview Question - OSPF > > Would you think it this way . > his question was can ospf and rip coexist in the same > network ? > > I would have answered yes; because it is true you can run > both protocols in > the same network. > > why would you? > .remeber that ospf does support desktop protocols such as > ipx and appletalk > . > > PQ > > > > "Dave" <[EMAIL PROTECTED]> wrote in message > 8ggg89$33d$[EMAIL PROTECTED]">news:8ggg89$33d$[EMAIL PROTECTED]... > > If they are both advertising the same networks, then you > are correct. > > > > -- > > Dave > > CCNP/CCDP/CCAI > > ""Billy Monroe"" <[EMAIL PROTECTED]> wrote in > message > > 8gei4j$67u$[EMAIL PROTECTED]">news:8gei4j$67u$[EMAIL PROTECTED]... > > > Hello: > > > > > > An interviewer asked if I could enable RIP and OSPF on > the same network. > > > I answered that it is possible to overlap protocols, but > it is not > > > recommended. I said that OSPF has an Administrative > Distance lower than > > RIP, > > > so OSPF will be the procotol in use. > > > > > > Is that a correct answer ? > > > > > > Thanks, > > > > > > Billy > > > > > > > > > > > > ___ > > > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > --- > > > > > > ___ > > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: > http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > --- > > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: This officially sucks :)
You might want to make sure that [EMAIL PROTECTED] is in the "to:" field and not the "cc:" field - these are dropped to help keep down the spam levels. Cheers Charlie --- Aaron Prather <[EMAIL PROTECTED]> wrote: > actually, thats not it :) > i always respond to mailto:[EMAIL PROTECTED] > > unless i want just to talk to one person specifically > > Aaron > > > - Original Message - > From: Jorge Rodriguez > To: Aaron Prather ; [EMAIL PROTECTED] > Sent: Wednesday, May 31, 2000 10:23 PM > Subject: Re: This officially sucks :) > > > When you respond to a message respond to ALL, not just one > person. I am prety sure that's what the problem is. > > > - Original Message - > From: Aaron Prather > To: [EMAIL PROTECTED] > Sent: Wednesday, May 31, 2000 9:03 PM > Subject: This officially sucks :) > > > I hate when i post a really good response to someone's > question, and the list eats my post and it never gets to > everyone Does everyone else have this problem??? What can I/We > do to solve this problem? > > Thanks, > > Aaron > __ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: My UPS is up and running
> He's the one that went into shock when I told him the nurses > refused to let me have my Palm Pilot. His comment was that if > anyone did that to him, he wasn't sure he could survive. Hmm, a cardiologist that *likes* his Palm Pilot? That worries me - he sounds far too comfortable using technology with a short battery life. I'm sure your pacemaker will last the course though ;-) All the best - and try not to worry about the feeling of being "assimilated". I'm sure the borg had nothing to do with pacemaker technology. Cheers Charlie --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > Thanks, everyone, for the all of the expressions of concern. I am > now on high-availability battery backup, with my pacemaker > installed > and running Heart Standby Routing Protocol. Hospital from hell, > but > the results seem good, and I will see the sane and > computer-literate > cardiologist today. He's the one that went into shock when I told > him the nurses refused to let me have my Palm Pilot. His comment > was > that if anyone did that to him, he wasn't sure he could survive. __ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FastEtherchannel using Compaq Servers
This is very true - take the trunking off the ports you wish to run FEC on, you're not connecting to another switch and I'm sure that the Compaq server isn't much interested in other VLAN traffic. When you get this going you'll have to set the port channels to "on" - the compaq cards don't use PAgP so the wont negotiate the connection. You will also notice the lack of feedback on the FEC connection for the same reason. While I'm wittering on FEC isn't brilliant - it load shares across the ports based on source MAC address only so any host making a connection to the server will always use a single port. This means that you'll only ever get a true per-session bandwidth of 100M. It's a shmae it's not round-robin. Cheers Charlie --- Dir <[EMAIL PROTECTED]> wrote: > You do not need trunking on the ports to get them to work > together... it's a > channel you need to configure. Since your subject includes > FastEtherChannel, > I presume you already knew this? But you do not mention it in your > message? > Sometimes there is a confusion between trunking and channeling. The > first > one is to transport traffic of multiple VLANs over one link. The > later one > is to group several physical links together into a logical link > with a > greater capacity. > Do you have a channel configured which includes the two ports > connected to > the Compaq? > > Hope this helps, > Dirk > > "Lex Luther" wrote in message <8jq8lc$94b$[EMAIL PROTECTED]>... > >Hello Everyone, > >One of my students has a compaq server with 2 nics, each > configured on the > >Cisco 6500 switch. The Trunking is 802.1Q > >Both ports are configured identically but only one port works. > Both ports > >are to work together to achieve the throughput speed. > >Spanningtree is off as it is supposed to and full duplex is turned > on. > > > >Can anyone help or have suggestions? > >--Lex > > > > > >___ > >UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > >FAQ, list archives, and subscription info: > http://www.groupstudy.com > >Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > >--- > > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3640 router freezing up
Hang on a mo... if you put 12.0(7)T on there you'll lose any Fast Ethernet interfaces you have. I have found 12.0(7)XK1 to be the most complete/unbuggy IOS for 3640's. To be absolutely sure use the beautifully named "hardware - software compatibility matrix" at http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi Cheers Charlie --- Brad Ellis <[EMAIL PROTECTED]> wrote: > 12.0(9) is buggy. try running 12.0(7)t. however make sure you > have enough > DRAM/FLASH to handle this IOS. > > -Brad > "Andrew Larkins" <[EMAIL PROTECTED]> wrote in message > 8F5F72F80EF5D311ADE600A0C9DCF86251E753@UBDCCOMJHBEX">news:8F5F72F80EF5D311ADE600A0C9DCF86251E753@UBDCCOMJHBEX... > > Good day all, > > > > I have another issue here. I have a 3640 router at a client site > which is > > running IOS 12.09 desktop plus. The routing process is EIGRP - > for IP and > > IPX. The problem I have is that this router is occassionally > freezing up. > It > > becomes totally unmanageable, but a reboot will fix this. Our > monitoring > > station (HP Openview) goes totally red. I heard from someone a > while back > > that this may be because of the IPX EIGRP process, but find this > hard to > > believe as a similar router has no problems. I am not able to get > any > > information from the router at the time of crash. > > > > I think the hardware may be suspect. Any idea's?? > > > > Andrew Larkins > > BCom, CCNA > > Usko Communications > > Tel: +2711 800-9300 > > Fax: +2711 800-9495/6/7/8/9 > > Cell: +2783-656-7214 > > Email: [EMAIL PROTECTED] > > OR [EMAIL PROTECTED] > > > > > > "This message may contain information which is confidential and > subject to > > legal privilege. If you are not the intended recipient, you may > not > peruse, > > use, disseminate, distribute or copy this message. If you have > received > > this message in error, please notify the sender immediately by > email, > > facsimile or telephone and return and/or destroy the original > message." > > > > > > > > ___ > > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: > http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > --- > > > ___ > UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: > http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Configure QoS on Cat3550 [7:66055]
Hi,All Configure WRR queuing strategy on Cat3550 as the following: mls qos interface fa0/1 switch mode access mls qos band 2 3 2 3 Then "show queueing interface fa 0/1",the system always show me "queueing strategy: none" instead of "weighted-round-robin" as expected.But I'm sure the WRR queuing strategy is working.So I wonder if the "show queueing" command is still valid on Cat3550.(on Cat6500,it's ok) By the way,how to show the traffic distribution among the queues?The command"show mls qos inter fa 0/1 statics" can only show you the traffic of seperate DSCP,instead of seperate queues. Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66055&t=66055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UDLD Questions [7:66461]
Will UDLD prevent duplex mismatches from occurring on end user devices? (Disabling a ports that are detected to be mismatched) Or does UDLD only work between switches? Thanks in Advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66461&t=66461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDLD Questions [7:66461]
Very good explanation Priscilla. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66466&t=66461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-list logging rate-limited [7:66520]
Two quick questions: I've configured an access-list to only permit certain tcp and udp ports above 1024. At the end of the access-list I have the following commands: access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log Question 1: Do I even need the "deny tcp" and "deny udp" statements since I also have a deny ip statement? Question 2: When I perform a port scan through the router it logs some of the events but it seems to miss the majority of them giving me the following error message: "%SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 packets" Is access-list logging rate-limited by default? Is there anyway for me to ensure everything gets logged? I'm not sure if I understand? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66520&t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list logging rate-limited [7:66520]
I found the answer to question 2: "It's not usually a good idea to configure logging for access list entries that will match very large numbers of packets. Doing so will cause log files to grow excessively large, and may cut into system performance. However, access list log messages are rate-limited, so the impact is not catastrophic. Access list logging can also be used to characterize traffic associated with network attacks, by logging the suspect traffic." http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080120f48.shtml#rec_acc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66529&t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone written CSI 9E0-131 Cisco Safe? [7:69520]
It's kind of a pain. I just passed it. Read the Safe whitepaper very carefully. Pay attention to the way it's worded... The exam is very picky with some questions and a bit vague on others. The 2 Boson practice tests help out a lot. I would highly recommend using them to study with. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69585&t=69520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Re-certification [7:69556]
I've noticed that the simulation questions perform terrible and sometimes lock up when run on low-end computers. They need to raise the minimum PC requirements for Prometric test centers in my opinion. Don't be afraid to email Cisco about any problems with the exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69619&t=69556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can anyone break this Cisco 4912G password? [7:40505]
I just ran both of the hashes against a 20Mb wordlist using John the Ripper with no luck. (Looks like you might have to perform some password recovery.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40753&t=40505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
What is the best way to secure a Aironet 350 from hackers? ***Keep it unplugged. ***Seriously though, LEAP is a good option if you want ease of use and pretty good security. It can be brute-forced if there isn't a user lock-out policy though. (You also need a Cisco ACS server or LEAP-compatible RADIUS server available.) The Cisco safe whitepaper mentioned earlier is an excellent reference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44295&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 804 missing interface [7:18806]
Hi Chris, Sorry to tell you this but you have a 4 port hub - not 4 real interfaces so you won't be able to address them individually. Regards Charlie --- 416South wrote: > can anyone guide me into the right direction with adding additional > ethernet > interfaces to my 804 router. It has 2 BRI interfaces with 4 > ethernet ports > but I can only view 1 of the ethernet interfaces > int 0 and both BRI interfaces > > I've tried to alter the config file on and off the router. ie. > notepad with > no success. > > Thanks in advance > > Chris [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18810&t=18806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLANs over WAN links ? [7:18911]
Wouldn't it be possible to use traditional transparent bridging across the WAN link? I can't think of any problems with it but I haven't tried it with .1q before. Worth labbing anyway --- MADMAN wrote: > It;s called LANE, don't go there ;) > > Dave > > Fuller Michael wrote: > > > > Is it possible for VLANs in the same VTP domain to span WAN links > ? > > If so, how can this be acheived ? > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18982&t=18911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A plan to rebuild.... [7:19611]
and most of them, unless they are > breaking Canadian laws, are getting American dollars from ma and pa > at home to spend here. > > When the railways of France, Germany and India were breaking down > through age, it was the Americans who rebuilt them. > > When the Pennsylvania Railroad and the New York Central went broke, > nobody loaned them an old caboose. > > Both are still broke. You should see the state of the railway system in the UK, it's atrocious. Would anyone mind lending us a few billion so fix it? > I can name you 5000 times when the Americans raced to the help of > other people in trouble. > > Can you name me even one time when someone else raced to the > Americans in trouble? Yes, you remember the holiday you have called "Thanksgiving"? Research it. (apologies for the sarcasm) The major nations of this world all help each other in many ways, some obvious and some invisible. If the US chooses to decline our offers of help what else can we do? > I don't think there was outside help even during the San Francisco > earthquake. Help was offered from Europe and again was turned away - the US, quite rightly, wants to demonstrate it's interior strength by handling these situations alone, more power to them. > Our neighbors have faced it alone, and I'm one Canadian who is > damned tired of hearing them get kicked around. > > They will come out of this thing with their flag high. And when > they do, they are entitled to thumb their nose at the lands that > are gloating over their present troubles. Yes, they will come out of this with the flag held high, they will rebuild and be stronger and more vigilant in the future. I would like you to indicate ANY nation (certain areas of the Middle East excepted) that feels anything but sorrow, horror and grief about the events of this week. Also, please don't forget that many of the dead are not American. Hundreds will be British and thousands more will be European, Japanese, Indian. etc > I hope Canada is not one of those." > > Stand proud, America! This is one of the best editorials that I > have ever read regarding the United States. It is nice that one man > realizes it. > > I only wish that the rest of the world would realize it. > > We are always blamed for everything, and never even get a thank you > for the things we do. > > I would hope that each of you would send this to as many people as > you can and emphasize that they should send it to as many of their > friends until this letter is sent to every person on the web. I > SURE HOPE THAT A LOT MORE READ IT, SO SEND IT ON > > Lora Arndt > 236-1B-10 > EHS&R - Specialty Material Markets Group > Tel: 3-1976 > Fax: 3-1958 It is a shame that the author sees America as cut off from the rest of the world - I can assure everyone that it is not the case. I am sorry that someone felt the need to write this drivel, particularly at such a sensitive time. All of our thoughts are with the suffering souls in New York and Washington and their family and friends wherever they may be. Thanks Charlie Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19816&t=19611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New Lab Exam Format. [7:20152]
Hi Cisco Lover, This is the mail that came out of Cisco about this - I hope it answers your question... Hello, My name is Lorne Braddock and I manage Cisco's CCIE program. I wish to address any rumors you may have heard about a so called "one-day" CCIE certification lab. The apparent absence of background information on our new exam's enhanced quality and content has resulted in unwarranted concerns about it's duration. The CCIE Program team has been working hard to redesign, and greatly improve our nine year old, performance based, certification format. We have several objectives in mind including improved: efficiency, relevance, effectiveness and challenge. We also want to properly position the CCIE level certification content with that of the CCNA and CCNP certification tracks which came into being well after the CCIE expert level program was established. From the standpoint of our exam architecture, we needed to migrate toward a model that will scale to demand and position us to take advantage of innovative delivery options that better utilize technology and reduce the need for travel. Primary among all these objectives is our determination to maintain the legendary quality that is implicit in the CCIE name and reputation. We began the process by identifying those aspects of our current CCIE lab exam that are effectively covered in Cisco's CCNA and CCNP certification programs. We also identified those skills that are tested several times within the current exam. Content was evaluated based upon the objective of ensuring that we were sufficiently covering all relevant topics. Where appropriate, we shifted some of the lab's more fundamental, but still necessary, questions into a new and expanded qualification exam. The objective here is to do a better job of screening out candidates who would have passed the current written qualification test with no realistic hope of passing the lab exam. After strengthening the written qualification exam, eliminating duplication and lower level tasks, we discovered that adding an additional hour of lab time would allow us to deliver a higher quality CCIE lab exam in one expanded day. The overall testing process is reduced by far less than a day yet there is no longer a need for customers to invest in a second travel day. There is no single consideration more important then the quality and efficiency of this new exam so we have engaged several highly respected industry notables in our beta testing process. It's too early for me to announce the outcome of that process but I will say that the initial signs look very good. We hope for and expect to get their constructive criticism and plan to implement changes where necessary. If all goes well we will be in a position to move forward with this improved format in August. In review, our new testing format is a vast departure from our traditional approach in that it takes into account the existence of Cisco's CCNP and CCNA certification programs. There is no longer a need for the CCIE exam to certify a customer's proficiency in the area of intermediate networking skills. Our charter is to certify at the expert level and we now assume that, if the customer has passed our enhanced written qualification exam, their fundamental skills exist. By designing this recognition into our lab exam, we can eliminate time consuming questions that test and give points for demonstrating lower level skills. If the customer does not have those skills, they will simply fail the lab due to their inability to deal with the pace and complexity of the enhanced CCIE lab exam. Solid trouble shooting skills are also a required part of the customer's ability to master the enhanced lab exam so there is no longer the need to devote an entire section to trouble shooting. An individual who knows what they are doing will find our enhanced lab exam quite challenging. Someone who has yet to fully develop their skills will find it impossible. The net result of this format is greater efficiency in testing coupled with greater respect for our customer's time and resources. We see that as a win for everybody. Most people who are worried about the new CCIE lab exam format are concerned about the ongoing integrity of our program. Rest assured that no one cares more about the integrity of the CCIE program than we do. This new CCIE lab exam embodies the best of what we have learned over the nine years this program has been in existence and, from that perspective alone, it's the best of the breed. Importantly however, this new format also positions us to do some innovative things going forward that would not be possible without these changes. The revised and improved format will position us to handle the kind of exponential growth the CCIE program is seeing without having to make another significant program change for years to come. Proof is always in the pudding so I welco
Re: Help on NAT [7:20880]
Probably not a lot. You need to have inside and outside interfaces so the router knows when to translate packets. Check the NAT section here... http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt2/1cipadr.htm Follow those instructions there and you can't go wrong ;) Cheers Charlie --- Ramesh c wrote: > Hey gurus, > > I am using NAT in my setup and I find only these entires related to > NAT...what is really happening here? > > interface Ethernet0/0 > ip address 10.1.1.1 255.255.255.255 > ip nat inside > > interface serial0 > ip address xxx...(Connected to Internet) > > Anyone can help? > > > > > > > Make a difference, help support the relief efforts in the U.S. > http://clubs.lycos.com/live/events/september11.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20881&t=20880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PRI to BRI BACKUP [7:21136]
An alternative method... If you configure the PRI using a dialer profile for every remote site and make each Dialer interface the backup route (using floating statics) or backup-interface for the remote sites you can instruct the interface to use a maximum of 2 channels. I'm not going to go into dialer profile config here - it's easy to find on cisco.com but the command you need in the Dialer Interface config is "dialer max-calls 2". Alternatively you can configure "dialer pool-member # max-link 2" on the physical interface. they do the same job but there are reasons why you may need to use one rather than the other. Have a go at it and let us know if you still have problems. regards Charlie --- Tim Booth wrote: > Michael, > > You need to configure your PRI interface and I believe create one > to many > channel-groups on that interface as needed; One for every pair of > lines that > will run to your remote sites, so say 13 channel-groups. > > Hope this helps, > Tim Booth > - Original Message - > From: "michael" > To: > Sent: Wednesday, September 26, 2001 8:54 AM > Subject: PRI to BRI BACKUP [7:21136] > > > > Dear all, > > > > could somone help me with my following question how to configure > > ISDN PRI to BRI ? > > > > I would like to configure the following szenario: > > > > 1 central site : 1x PRI > > 13 remote site: 1x BRI > > > > If our frame goes down or one of the PVC to the remote site i > would like > to > > activate ISDN Backup with 128kb from the centrale site to the > remote side > > and the other way arround. > > But how it is possible to configure the central site using 128kb > (2 > > timeslots) for calling the remote site ? I have got 30B Channels > (30 > > timeslots) on the central side. > > > > Please help me > > > > best regards [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21159&t=21136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID: AS400 [7:25037]
Just a little answer... yes (but not a very big one) --- John Tafasi wrote: > Hello Group, > > Just a little question. Is AS400 an IBM mainframe computer? > Nokia Game is on again. Go to http://uk.yahoo.com/nokiagame/ and join the new all media adventure before November 3rd. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25039&t=25037 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 1200 [7:59310]
What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59334&t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
If your not going to run 802.11a then there might not be a significant advantage to going with the 1200 series AP. However, hospitals normally have a lot of long hallways that are perfect for using a patch antenna. (A lot of times you can cover an area with one diversity 6.5dBi patch that might take 2 1100 series APs to cover otherwise.) The external antennas would probably be the biggest advantage of going with the 1200 series vs a 1100 series for you. Other than that... there aren't very many differences. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59335&t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
Forgot to ask... what country are you from? I know some countries put restrictions on the power and antennas that are available. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59336&t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLANFE [7:59278]
When was the WLANFE 9E0-581 exam first available? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59337&t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
What's more difficult? a) Memorizing configuration scenerios and commands on a Cisco router b) Understanding Calculus, Differential Equations, Numerical Analysis, Chemistry, Physics and Electrical Engineering well enough to create a "meaningful" experiment. One of my friends is working on his masters in Physics right now. What he's working on makes the CCIE look like a walk through the park. Seriously, what if the recommended reading list for the CCIE exam looked like this: Physics I and II Calculus I,II,III Differential Equations Mechanics Circuit Analysis I and II Linear Systems Thermodynamics Quantum Mechanics Optics Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59579&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LEAP/ACS configuration [027] Session-Timeout [7:48301]
PROBLEM/QUESTION Users are currently authenticated by an ACS server when remotely accessing the network through a VPN. So their user accounts have been created and there is currently no value for [027]Session-Timeout RADIUS attribute. What will happen if I modify the [027]Session-Timeout RADIUS attribute for LEAP? Will the user's VPN sessions timeout? Basically, I want the same user to be able to be authenticated when remotely accessing the network (without their session timing out) and use LEAP for wireless authentication. Is there a way to do this? How is this normally setup? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48301&t=48301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ADSL routers [7:51250]
the 827 can do many things, including 3DES and firewall feature set, but supports only RIP and EIGRP -->No fair, mine doesn't support EIGRP. Only RIP. The 827 looks like it supports all of the routing protocols but when you enter them it always reads "unknown routing protocol". (Except for RIP.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51489&t=51250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Quietest Cisco Switch [7:53800]
I'm looking to buy a switch for my apartment. (Right now, the 2950T 24port 10/100/1000Base-T looks promising.) However, the amount of noise this thing produces is a concern. I want to put it in my living room (Actually, it's the only room... I live in a studio.) so I can't have this thing cranking away while I'm trying to watch a movie, have a date over (Ya, it does happen sometimes... it's a miracle.) or when I'm trying to go to sleep. Does anyone know which switches are the quietest? I would like it to support the enhanced image. Anyone else run into this problem? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53800&t=53800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Quietest Cisco Switch [7:53800]
***they're all VERY quiet when you unplug 'em! :-> -->Very very true, but what's the fun of having a killer home network unless you put it to good use. For example, right now, I'm hosting 2 websites and let my friends VPN-in and download/upload interesting freeware applications. :)(Stuff like SuperScan and Netstumbler... or whatever is interesting at the time.) -->I also have distributed.net running on all my home machines. I guess I could set them up to periodically update? -->My current Linksys switch is pretty quiet. I guess I do have a couple of options, none of which are ideal for me... but I'll figure something out. Thanks for input everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53809&t=53800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Keeping my head up [7:71800]
There is no shame in failing a Cisco written test these days (not that there ever was). I passed the CCIE Lab on the second attempt and a few months later failed the Cisco Pix Firewall Exam again and again (after having always passed Cisco written tests on the first try.) The Cisco written tests these days are tough, tough, tough. ***I will agree. All of the certification exams are much more difficult than before... and now that the dot.com bubble is over a lot less people are taking them now. (In my first attempt at the CCIE lab in May there were only 3 people there.) In my opinion, the number CCNPs, CCDPs etc. will go down significantly in the next few years. It seems like we are slowly getting back to having people in the field who actually 'like' solving these types of problems. Salaries have gone down... and with that many people have decided it's not worth the effort... while others still stay because they actually like the challenge.Thomas Larus wrote: Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72441&t=71800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: wireless security and VPN software? [7:73988]
What type of applications do they need to support? What devices and OS's do they need to support? -Watch out for PDAs. Most PDAs have limited support for VPN clients. What type of users are they? (Techie or basic AOL users?) These are the main questions in my opinion. VPNs aren't so bad. I know quite a few enterprises that are currently using VPN solutions for wireless. I honestly don't think most users notice the performance hit. Also, some VPN clients can be setup very seemlessly so there aren't multiple logins. I would also look into PEAP, EAP-TLS and LEAP. PEAP is pretty secure if setup correctly. The PEAP client is already built into WinXP and PPC 2003. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73998&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
One more quick note on using VPN solutions. If your using a VPN solution with a Cisco AP be sure to enable PSPF. Everyone misses that setting... but it's important. :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74049&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
Very true. The clients are the most vulnerable before the VPN session is established. Without PSPF enabled clients can attack other clients on an access point. Even with PSPF enabled an attacker could put up a rogue with the same SSID and WEP key if used and try to attack/trojan the client. It's interesting though, the new IOS firmware has crypto map statements available. I wonder if Cisco will eventually allow VPN sessions to terminate directly on the access points. That would be pretty cool. Much like what Colubris does right now. Reimer, Fred wrote: > > Hmm, PSPF definitely sounds interesting, but I'd recommend > requiring the > integrated Cisco firewall in the VPN client, and not allowing > split > tunneling. > > Also, there is apparently a working group working on VPN > multicast... > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA > 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary > information which > may be legally privileged. It is intended only for the named > recipient(s). > If an addressing or transmission error has misdirected the > email, please > notify the author by replying to this message. If you are not > the named > recipient, you are not authorized to use, disclose, distribute, > copy, print > or rely on this email, and should immediately delete it from > your computer. > > > -Original Message- > From: Charlie Wehner [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: wireless security and VPN software? [7:73988] > > One more quick note on using VPN solutions. If your using a > VPN solution > with a Cisco AP be sure to enable PSPF. Everyone misses that > setting... > but it's important. :) > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74074&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
QoS Exam 642-641 [7:74081]
Taking this bad boy tomorrow... and advice? All of the new exams seem to be quite a bit more painful than the old ones. Or at least more difficult in my opinion... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74081&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: QoS Exam 642-641 [7:74081]
Yea! I passed. It was pretty easy though. (No tricks or hazy questions in this test.) I guess I'm still bitter after having to take the Safe Exam 2x to pass. Now onto the CCNP recert which I hear is quite fun. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74132&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: QoS Exam 642-641 [7:74081]
I used the knowledgenet QoS training course and Boson #1 QoS practice test to study for the test. (I probably could have gotten away with just using the knowledgenet QoS training course though.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74142&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Not sure if this what there looking for but in my MCNS book they have the following threat types: Security Threat Types: -Reconnaissance -Unauthorized access -Denial of Service -Data Manipulation The 4 remote users designs are the following: Software accessRemote user with a software VPN client and personal firewall software on the PC Remote-site firewall optionRemote site is protected with a dedicated firewall that provides firewalling and IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device (i.e. DSL or cable modem). Hardware VPN client optionRemote site using a dedicated hardware VPN client that provides IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device Remote-site router optionRemote site using a router that provides both firewalling and IPSec VPN connectivity to corporate headquarters. This router can either provide direct broadband access or go through and ISP-provided broadband access device. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74313&t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... "Well, I depends on what you mean by this term." I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74377&t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
