Re: Certifications on resumes

[Craig Columbus]

I've actually seen more than one post that said CCIE required, CCNA 
preferred.  Go figure.
In my experience, CCNP doesn't get a lot of play in HR departments.  HR 
recognizes CCNA, but doesn't understand CCNP.
I've also seen a fair number of recruiters/HR confuse CCNA with CNA.
Bottom line?  I don't put any letters after my name, but I have a 
certifications section on my resume where I list each certification, spell 
it out, and put the date achieved...even an HR person should be able to see 
that the CCNA = Cisco Certified Network Associate, and that it was earned 
prior to my CCNP.

Craig

At 10:08 AM 1/26/2001 +, you wrote:
>Robert,
>You will find that some jobs advertised in a way that they are looking for
>people who are CCNA or CCIE ( so where is CCNP ) . It seems that some
>recruitment agency do not know the difference between CCIE and CCNA. I will
>put it the CCNA somewhere in your resume just to avoid that .
>
>Robert Padjen <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I was asked an interesting question this morning by a
> > friend who just passed their CCNP. Basically they
> > wanted to know if they should now remove the CCNA from
> > their resume or list both CCNA and CCNP.
> >
> > I took the position that (as I do) the CCNP implies
> > the CCNA, and therefore one would only list their
> > 'highest' within a track. A number of co-workers said
> > no, list it all.
> >
> > Please chime in with your position - unicast if your
> > just sending a vote and multicast if you are raising a
> > discussion. Sorry to those who feel this is an
> > improper use of the board.
> >
> > Thanks.
> >
> > =
> > Robert Padjen
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Auctions - Buy the things you want at great prices.
> > http://auctions.yahoo.com/
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recent CID takers pls comment

[Craig Columbus]

While scenarios can be interesting, don't expect any on CID 3.0.  It's not 
a very well written test, but it's certainly passable if you know the 
material on the review guide.

Craig

At 08:24 AM 2/7/2001 -0800, you wrote:
>I'm definitely with Howard on this one.  I plan on taking the CID within a 
>month and I would expect scenarios to be on the test.  How else would you 
>really test design skills?
>
>I'm more worried that the test is just a bad test overall.  I don't think 
>I've read a single good thing about any version of it.  Perhaps I'll wait 
>until the newest release is out and I've heard some comment on that before 
>I take it.
>
>If Cisco would bother to actually read the comments that people make on 
>beta tests, perhaps they could come up with a solid design exam.
>
> >
> > >Hi
> > >I read in a forum that the CID exam now is 200 questions in 120 mins !!
> > >I was told a month back that it was 100 questions.
> > >Pls clarify.
> > >(Hope those boring scenarios are not there.)
> > >regards
> >
> >
> > Why are scenarios boring?  Aren't those the principal things you will
> > deal with as a real-world designer?
> >
> > _
> > FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>Find the best deals on the web at AltaVista Shopping!
>http://www.shopping.altavista.com
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: The best place to put the access lists

[Craig Columbus]

I agree that access lists should be placed at the access layer.  However, 
I'd argue that a firewall is a minimum component of security, not a best 
solution for security.  Those companies that depend solely on a firewall 
for security could be in for a rude awakening.  Additionally, if security 
is mission critical, a PIX wouldn't be my recommendation.  It's decent at 
what it does, but lacks the ability to truly interrogate the network traffic.

Craig

At 10:16 AM 2/7/2001 -0600, you wrote:
>The best place for ACL's is at the access layer.  You want to deny or permit
>packets the outer-most level you have control of.  If you wait for their
>packets to get into the core of your network, then you have already
>compromised your network's security.  If you do it at the router that your
>customer connects to, you can deny things like routing protocols and subnets
>that need not penetrate your network.
>
>The best solution for security is a firewall.  If security is a mission
>critical application, a PIX should be used instead of ACL's.
>
>Kelly D Griffin, CCNA, CCDA
>Network Engineer
>Kg2 Network Design
>http://www.kg2.com
>
>
>- Original Message -
>From: "Piatnitchi Cristian" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, February 07, 2001 9:59 AM
>Subject: The best place to put the access lists
>
>
> > Hi all
> >
> > I need an advice. I have to choose between the set up
> > ACLs on the router and to set up ACLs on the servers's
> > swtich.
> >
> > Which one is the best solution and why ?
> >
> > Thanks in advance
> > Cristian Piatnitchi
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > 
> > http://1cis.com
> > Free E-mail Servers with unlimited mailboxes
> > 1st Class Internet Solutions
>
>
>http://1cis.com
>Free E-mail Servers with unlimited mailboxes
>1st Class Internet Solutions
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Another Wannabe (CCIE Written Passed)

[Craig Columbus]

I passed the CCIE Written this morning, so I guess I'm an official wannabe now.
For those of you still studying, here's some insight:
I prepared by going the CCDA, CCNA, CCNP, CCDP route (all 1.0 version).
I highly recommend reading Doyle - Routing TCP/IP, Halabi - Internet 
Routing Architectures, and Perlman - Interconnections, until you fully 
understand the content.  From other's I've spoken with, Caslow's Cisco 
Certification might also be a good addition.
I did a last minute review by reading the whitepapers at 
Certificationzone.com (thanks to all who contribute).  I wouldn't, however, 
recommend using these whitepapers as your only study methodology; they're 
more of a rapid overview of core content.
I found the test to be slightly easier than the CID3.0, though with 
different content.
Anything on the Cisco guidelines is fair game, though I suggest that you 
know your bridging (and all that goes along with it) cold.
All in all, it wasn't nearly as bad as I thought it would be.
Well, I'm off to start preparing for the lab now.

Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written to Lab correlation?

[Craig Columbus]

I'm curious if there's a correlation between the written score and the lab 
score.  For example, how many of you scored high on the written but have 
failed the lab?  If so, how close was it?  How many scored low on the 
written but passed the lab with a high number of points?  Just curious.

Thanks,
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lab location restriction?

[Craig Columbus]

Does anyone know if there's a restriction on where someone may take the 
standard R/S lab?  I'm getting ready to schedule mine, and if there's a 
backlog until August in the states, Australia looks promising.  I couldn't 
find any info on Cisco's site, other than all labs, worldwide, are pulled 
from the same pool.

Thanks,
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID 2.0 or 3.0

[Craig Columbus]

As far as I know, 2.0 is no longer available.  Be glad.  About 3 months 
ago, I went to take CID3.0.  I was mistakenly given CID2.0.  The test 
required 80% passing, consisted of 158 very poorly written questions, and 
was very very very heavy in SNA.  I failed with 76%.  As a result, Cisco 
stopped giving the CID exam for a couple of weeks while they figured out 
what happened.  They apologized for the mistake and gave me a voucher for 
the current 3.0 version.  When the CID exam registration reopened, I went 
and took the 3.0 exam and passed quite handily.  There was very little 
similarity between the two versions and 3.0, while difficult, was nowhere 
near as difficult as 2.0.

Craig

At 06:51 PM 2/24/2001 -0500, you wrote:
>Does anybody know if the 2.0 version of the test is still available or do I
>have to take 3.0. THANKS
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what is the average age of people in this stuff?

[Craig Columbus]

Wow Fred, that youthful antagonism really belies the immaturity of someone 
your age. :-)
Does anyone else get a humorous picture of a playground fight about to start?
I just love this list. :-)

Craig


At 05:31 PM 2/27/2001 -0500, you wrote:
> > > Andy,
> > > I'm in a situation that is similar to Dale's, and I disagree with some
> >of
> > > your comments. I'm 19 years old and currently working as a Jr. Network
> > > Engineer. I have A+, Net+, CCNA, CCDA, and 3/4 tests for the CCNP. I
> >also
> > > plan to take the CCIE written in 13 days. :)
> >
> >All I have to say is save this message, read it in a few years, and thanks
> >for backing up everything I said in its entirety.
>
>Instead of stating that I backed up everything in its entirety, why not cite
>specific examples to form a logical argument? Aint dat wut u adults normally
>do? Or am I too young to understand?
>
>Fred
> >
> >Regards,
> >andy
> >
> >
>
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multiplexing/Load balancing

[Craig Columbus]

Check the archives for my earlier post regarding this topic.  Inverse ATM 
multiplexing (where available) seems to be a very good option.  Frac T3 is 
another option.  Muxed T1 lines seem to be falling out of favor.

Craig

At 09:17 AM 2/28/2001 -0600, you wrote:
>You know I've never given this much thought I just assumed it was possible
>to multiplex serveral T1 lines.
>If I wanted a 10mb connection between to points and I had 6
>individual T1 lines can I/do I multiplex the lines or do I have to load
>balance between all six lines.  The later doesn't make much since to me
>because I'd have to have a Router with 6 WAN ports to support my a 10mb
>connection.  Maybe my thinking is all wrong on this.  Any help would be
>appreciated.
>
>Thanks,
>
>Keith
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: quick way to clear config totally

[Craig Columbus]

240V to the E0 interface. ;-)

Craig

At 05:21 PM 2/28/2001 -0500, you wrote:
>Is there a quick way to clear the entire config of a router?
>
>"setup" doesn't kill everything and I don't have the IOS to re-flash.
>
>any help is greatly appreciated since every way I've tried just doesn't
>take away everything, ie. access lists, etc...
>
>Thanks!!!
>
>Sincerely,
>
>Chris Kolp, CCNA
>Systems Engineer
>Neuron Broadcasting Technologies
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FW: Change in CCIE Lab Price

[Craig Columbus]

I find this quite annoying.  You can't tell me that with the increased 
volume of registrations Cisco isn't making more money than ever off the 
exam.  I assume that this is a feeble attempt to reduce the number of 
candidates scheduling the lab.  For those whose company is paying the bill, 
the extra $250 won't make any difference.  For those who are funding 
everything personally, it's just a burden; they've come too far to let the 
extra $250 stop them.  In any case, it just gives me that much extra 
incentive to pass on the first ($1000) try.

Just my $0.02...
Craig

At 07:07 PM 3/1/2001 -0800, you wrote:
>I just got this, which may be of interest to some...
>
>-
>
>March 1, 2001
>
>Dear CCIE Candidate,
>
>We are contacting you to confirm that you are currently scheduled for a
>CCIE lab exam and that we will soon be implementing some program
>changes that may have an impact upon you.
>
>After a rigorous evaluation of our current cost structure, we find it
>necessary to increase our CCIE Lab exam fee to reflect our current cost
>of doing business.  The present $1,000 lab fee has been in effect since
>the CCIE organization was first launched in 1993. Effective on April 1,
>2001, we will begin charging customers $1,250 US per lab attempt, (plus
>any applicable local taxes).
>
>Since you have already received an email confirmation from Cisco
>regarding the current lab fee of $1,000 US (plus any applicable taxes),
>we would be happy to honor that price as long as we receive payment no
>later than March 31, 2001.  If we receive payment from you following that
>date, the new lab fee will apply. If you decide to pay after April 1,
>2001 this email will also serve as a new confirmation.
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lab Swap Question

[Craig Columbus]

I see a lot of requests for lab swaps.  What's Cisco's policy on this?  How 
do they verify with both individuals that the swap is valid?
Lastly, anyone want to trade Sept. 30 RTP for an earlier 
date?  Nah...didn't think so. ;-)

Thanks,
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How would you Explain it.

[Craig Columbus]

I don't think it's fair to say that they don't have control of DNS or 
public IP space.  I've got a customer now leasing bandwidth in a very 
similar setup...a 10Mb fiber connection to a local switch.  These guys are 
assigned then assigned a /26 to use as they see fit.  Their DNS is 
maintained locally on the "public" side of the network.  They also have a 
router that NATs from the private internal network to the public block of IPs.
In your case, you have a /24 block available on which you host all of your 
network.  Assuming that your provider has the Ethernet MAN type service 
available, and you want them to use your current block and setup this 
service, you'd have to allocate one of your local addresses to them to use 
on their router's Ethernet interface, and then change your nodes to point 
to the new gateway.  You'd still have full control of DNS and your /24 IP 
allocation, though you'll have to work closely with the provider on policy 
decisions.
If your provider doesn't offer this service and you go with a new provider, 
you'll either have to readdress your network or implement NAT with 
non-RFC1918 addresses on your inside network (not recommended).  In either 
case, it's still possible for you to maintain control of your address 
allocations.

Craig

At 09:09 AM 3/3/2001 -0500, you wrote:
>I'm curious, if you're connected to a switch, then you don't have control
>over your public IP Addresses then such as DNS,... or is this mostly used
>for office to office links as opposed to a gateway to the internet?
>
>I guess the reason i'm wondering is we currently have an entire class C and
>we host our own DNS, web servers, ftp,... and I'm curious as to how this
>would affect our routings if we do go with such a service.
>
>
>Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > We upgraded our T1 WAN link that cost $1500 per month to a single-mode
> > fiber-optic 10-Mbps Ethernet MAN link that costs $700 per month. We just
> > have a switch at our site, no router even. Seriously. Our local
> > municipality has a Gigabit Ethernet single-mode fiber-optic ring running
> > around town, and they lease capacity on it. The city is connected to the
> > Internet via a Cisco 7200 and a Sprint T3 link. We piggy back onto that.
> >
> > And I'm in Southern Oregon, a supposedly rural area. It's happening in
> > other towns also. Sometimes I forget how lucky we are!
> >
> > Priscilla
> >
> > At 02:28 PM 3/2/01, Howard C. Berkowitz wrote:
> > > >I have a customer who wants to upgrade his 128K ISDN point to point
> > > >connections to at lease a 10mbps connection.  He is thinking along the
>lines
> > > >of LAN technologies.  He idea connection is a 1gb connection.  How
>would go
> > > >about explaining to this guy that he is out of his mind without
>damaging his
> > > >ego.  His the IT manager and thinks he's knowledgeable about networks.
> > >
> > >I wouldn't say he is totally out of his mind, if he's in a geographic
> > >area served by one of the bleeding edge Optical Ethernet providers.
> > >Very rare so far, but there are 100 or 1000 Mbps physical facilities
> > >over which the user pays for the amount of bandwidth he needs.  Most
> > >of the ones I'm aware of are in Europe.
> > >
> > >In the vast majority of locations, he is out of his mind.  Assuming
> > >he needs 10 Mbps, your choices include inverse multiplexed T1 and
> > >ATM, fractional T3, or 10 Mbps over OC-3 facilities. I had a design
> > >not too long ago where we were able to bring in some of the voice as
> > >well, and found that OC-3 was quite cost-effective.  It ran into a
> > >7200.  A 3600 is probably the lowest end router to consider.
> > >
> > > >
> > > >btw...
> > > >
> > > >I've gone ahead and gotten quotes on a t1 and t3 lines.  I know I can
>use a
> > > >2600 for the T1 connection but what is there a adapter for taking a
>clear
> > > >channel T3 for the 2600 or do I have to look at a 7000 series router.
> > > >
> > > >Thanks,
> > > >
> > > >Keith Townsend
> > > >www.townsendconsulting.com
> > >\
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet MAC <--> Token Ring MAC

[Craig Columbus]

Nope...you're right on the money...and with a pretty good explanation too!

Craig

At 02:34 PM 3/3/2001 -0500, you wrote:
>1) For each byte: abcdefgh
>
>2) Stick an axis right down the middle: abcd efgh (essentially separating
>the byte into two nibbles)
>
>3) Spin the byte around the axis: hgfe dcba
>
>4) Do this for each byte in the octet separately.  The order of the bytes
>doesn't change: 1.2.3.4 -> 1.2.3.4
>
>So, your example:
> .  1100.0110 0101.0100 0011.0010 0001 (which has five bytes,
>for some reason, so I'll ignore the last one)
>
>would translate into:
> . 0011 . 1010 0110. 1100 0010
>
>That's about it - I think.  If I'm wrong, someone please let me know - I've
>just started studying for the CCIE written, and this is all from memory of
>Rossi's paper (about a week ago :-).
>
>BJ
>
>
>
>- Original Message -
>From: Michael Snyder
>Newsgroups: groupstudy.cisco
>To: [EMAIL PROTECTED]
>Sent: Saturday, March 03, 2001 1:45 PM
>Subject: Ethernet MAC <--> Token Ring MAC
>
>
>What is the bit by bit method of going from a Ethernet Mac address to a
>Tokenring Mac address?
>
>I've read the paper's, I still can't do it, and I've been doing HEX for
>years.
>
>
>For example
>
>00.00.0c.65.43.21 Ethernet MAC would be?
>
> .  1100.0110 0101.0100 0011.0010 0001
>
>Next step is?
>
>a) reverse complete bit sequence?  1000 0100.1100 0010.1010 0110. 0011 .
>.
>b) reverse sequence in groups of four? 0001 0010.0011 0100.0101 0110.1100
> 
>c) Transpose bits in groups of four, per byte?  a.b ->b.a (seen this one a
>lot in programing)
>
>help?
>
>
>
>
>
>""perryb"" <[EMAIL PROTECTED]> wrote in message
>007901c0a011$52ec4d00$1e00a8c0@GOLDIE1">news:007901c0a011$52ec4d00$1e00a8c0@GOLDIE1...
> > Hi all,
> >
> > I'm goinf to diverge from the star/bus issue in Mr. Rossi's paper, and
> > direct everyones attention to what I believe could be a mistake (clerical
> > error) in the paper on the DLSW piece.
> >
> > Directly underneath Mr. Rossi's very first DLSW diagram, you see the RIF
> > values for "Router_A," and "Router_B."  Isn't the RIF show for "Router_B"
> > just a tad bit inverted and incorrect ?  Shouldn't it read
>"0630.00a1.0230"
> > instead?  The reason that I say this is because I had a "not so different"
> > question on a recent exam.  On this exam there were no "none of the above"
> > responses and only two possible valid RIFs.  The only plausable response
>was
> > in the order that I describe above.
> >
> >
> > Forgive me if this has already been pointed out before.
> > - Original Message -
> > From: <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, February 26, 2001 6:45 AM
> > Subject: RE: Lou Rossi's Token Ring paper
> >
> >
> > > I agree with Nigel. It should be a physical star and a logical ring.
> > >
> > > Cletus Ugwu
> > >
> > > -Original Message-
> > > From: Nigel van Tura [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, February 26, 2001 7:29 AM
> > > To: Bradley J. Wilson; [EMAIL PROTECTED]
> > > Subject: RE: Lou Rossi's Token Ring paper
> > >
> > >
> > > But Bradley
> > >
> > > If we connect all to the MAU as a central hub then it becomes a physical
> > > star and a logical ring inside the MAU.
> > >
> > > Or what ?
> > > Nigel van Tura
> > >
> > > -Original Message-
> > > From: Bradley J. Wilson [mailto:[EMAIL PROTECTED]]
> > > Sent: 24 February 2001 01:50
> > > To: cisco
> > > Subject: Lou Rossi's Token Ring paper
> > >
> > >
> > > I'm sitting here reading Lou Rossi's Token Ring paper, and right off the
> > bat
> > > I have a question:
> > >
> > > He says that token ring is "a physical ring and a logical bus" - but
>isn't
> > > this backward?  Isn't it a physical bus and a logical ring?  We're not
> > > physically connecting stations together in a ring - they're all plugged
> > into
> > > a MAU and the "ring" is a logical entity inside the MAU, isn't it?
> > >
> > > Thanks in advance,
> > >
> > > BJ
> > >
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Non

Re: ISDN with 1 Spid

[Craig Columbus]

As in the areas of the country that assign you 64k ISDN service?  In that 
case, you'll still need two SPIDS if you're using BRI; the 64k restriction 
just means that the provider doesn't support the multilink function.  Enter 
both SPIDs in your config.

With that said, what is the specific problem that you're encountering?  Is 
it that the interface won't come up?  Is it that the call won't dial?  Is 
it that the call dials, but won't authenticate?  Try using some of the more 
common debug commands for this scenario:  debug isdn events, debug isdn 
q931, debug isdn q921, debug ppp authentication, debug ppp negotiation, 
etc..  Only turn up the ones you need or you'll have so much information 
that it'll be difficult to sort through it all.

Good luck,
Craig

At 05:31 PM 3/3/2001 -0600, you wrote:
>What if you only one have B channel?
>
>""J Roysdon"" <[EMAIL PROTECTED]> wrote in message
>97q345$os1$[EMAIL PROTECTED]">news:97q345$os1$[EMAIL PROTECTED]...
> > Custom Centrex (sp?) ISDN groups often use single or even no SPIDs.  Try
> > specifying the SPID twice, or not at all.  Basically, the SPID is assigned
> > to both B channels.
> >
> > --
> > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> > Cisco resources: http://r2cisco.artoo.net/
> >
> >
> > ""John"" <[EMAIL PROTECTED]> wrote in message
> > 97pbsf$4n7$[EMAIL PROTECTED]">news:97pbsf$4n7$[EMAIL PROTECTED]...
> > > I have included a config I am deploying on a hub-and-spoke deployment
>via
> > > frame-relay.  I am having problems getting the ISDN interface to come up
> > > with only one spid.  I do not have a strong background in ISDN and would
> > > appreciate assistance to tell me where I am going wrong in my config.
> > >
> > > Thank you in advance for your help.
> > >
> > > Regards,
> > >
> > > John Huston
> > > [EMAIL PROTECTED]
> > >
> > > begin config===
> > >
> > > service timestamps debug uptime
> > > service timestamps log uptime
> > > service password-encryption
> > > !
> > > hostname me
> > > !
> > > enable password you
> > > !
> > > logging buffered 4096 debugging
> > > !
> > > username test password 0 test
> > > username me password 0 you
> > > !
> > > !
> > > !
> > > !
> > > memory-size iomem 25
> > > ip subnet-zero
> > > no ip domain-lookup
> > > ip dhcp excluded-address x.x.x.x x.x.x.x
> > > !
> > > ip dhcp pool primary
> > >network x.x.x.x x.x.x.x
> > >netbios-name-server x.x.x.x
> > >default-router x.x.x.x
> > >lease 5
> > > !
> > > isdn switch-type basic-ni
> > > !
> > > !
> > > !
> > > interface Serial0
> > >  ip unnumbered FastEthernet0
> > >  encapsulation frame-relay
> > >  no fair-queue
> > >  service-module t1 timeslots 23-24
> > >  frame-relay map ip x.x.x.x xxx broadcast
> > >  no shut
> > > !
> > >
> > > interface BRI0
> > >  description Backup ISDN interface
> > >  ip address x.x.x.x x.x.x.x
> > >  encapsulation ppp
> > >  dialer idle-timeout 30
> > >  dialer string xxx
> > >  dialer load-threshold 25 outbound
> > >  dialer-group 1
> > >  isdn switch-type basic-ni
> > >  isdn spid1 xxx
> > >  no cdp enable
> > >  ppp authentication pap callin
> > >  ppp pap sent-username me password you
> > >  no shut
> > > !
> > > interface FastEthernet0
> > >  ip address x.x.x.x x.x.x.x
> > >  no ip route-cache
> > >  speed auto
> > >  no fair-queue
> > >  no shut
> > > !
> > > router eigrp 20
> > >  network x.x.x.x
> > > !
> > > ip classless
> > > no ip http server
> > > !
> > > !
> > > map-class dialer 64k
> > > access-list 101 deny   eigrp any any
> > > access-list 101 permit ip any any
> > > dialer-list 1 protocol ip list 101
> > > !
> > > line con 0
> > >  exec-timeout 0 0
> > >  transport input none
> > > line aux 0
> > > line vty 0 4
> > >  password xxx
> > >  login
> > > !
> > > no scheduler allocate
> > > end
> > >
> > >
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN with 1 Spid

[Craig Columbus]

Ok...since the interface won't come up, I'd say it's pretty safe to assume 
that your problem isn't SPID related.  If the SPIDs are bad, the interface 
will still come up, but you'll see an error similar to the following when 
running a "sh isdn status":

Global ISDN Switchtype = basic-5ess
ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Spid Status:
TEI 64, ces = 1, state = 4(await init)
spid1 configured, no LDN, spid1 sent, spid1 NOT valid
TEI Not Assigned, ces = 2, state = 1(terminal down)
spid2 configured, no LDN, spid2 NOT sent, spid2 NOT valid
Layer 3 Status: 0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 1
CCB:callid=0x0, sapi=0, ces=1, B-chan=0, calltype = INTERNAL Total 
Allocated ISDN CCBs = 1

Since your interface won't come up, you're probably seeing a message 
similar to the following:
The current ISDN Switchtype = basic-ni1
ISDN BRI0 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
No Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
Total Allocated ISDN CCBs = 0

If this is the case, you're experiencing a physical level problem.  Check 
your cables, verify if you're connecting with a U or S/T interface, 
etc.  You may want to have the telco do a loopback to the smartjack.
For more info, refer to http://www.cisco.com/warp/public/112/chapter17.htm

Hope this helps.

Craig


At 10:46 AM 3/4/2001 -0600, you wrote:
>I cannot get the ISDN inteface to come up and using the same spid doesn't
>work either.  I guess the best thing to ask is:  How do I modify my config
>to use only one spid?

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CRC errors on ISDN Interface

[Craig Columbus]

You don't say what type of IDSN connection you have.  Is the customer 
connecting from one site to another (internal) site?  Are they connecting 
to an ISP?  Do you have control of both sides of the BRI (calling site and 
called site)?
Just off the cuff, I'd suspect that there's a bad line card at the CO.  If 
this is the case, it's totally possible for the telco tech guy to stress 
the line and still not see the problem.  Unfortunately, I've encountered it 
several times and it's often not easy to get a resolution.  The usual telco 
response is "We don't have a problem...we've tested the line and it has to 
be your equipment."  If you press them on the issue, they usually admit 
that they're testing the B channels, but not really looking at what the D 
channel is doingand sometimes it's an error that doesn't appear until 
the line has been operational for some time.  Ask them if it could be a 
problem at one of the COs (either at the calling site or the called site) 
and escalate it until you get someone willing to listen and actually check 
into your problem.
Good luckexperience says that you'll need it. ;-)  Let the group know 
how you make out.

Craig

At 01:38 PM 3/6/2001 -0500, you wrote:
>I have a problem with an ISDN circuit that keeps on dropping off. When I
>look at the BRI interface I see CRC errors. I have swapped out the patch
>cable going to the providers jack, I swapped out the router and the ISDN WIC
>but I still keep on getting the CRC errors. The provider has checked the
>line and they said the line is ok. This router keeps on dropping off and the
>customer is now getting upset. Any idea have any ideas what I can check or
>try next?
>
>Thanks
>_
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: The Internet core router

[Craig Columbus]

Is the exam actually more demanding, or is the content just different?  For 
example, whereas the CCIE concentrates on SNA, RSRB, and token ring, I'd 
imagine that Juniper concentrates more on ISIS, BGP, and MPLS.  Is this the 
case?  If not, in what way is the Juniper exam more difficult than the CCIE 
exam?

Craig


At 09:02 AM 3/14/2001 -0700, you wrote:
>I have taken the Juniper Internet Specialist Exam (multiple choice).  If
>you're looking for a comparison, then I can say that it is a lot more
>demanding than any of the Cisco Exams I have taken as of yet. (CCNP, CCIE
>Written).
>
>
>At 03:25 AM 3/14/01, you wrote:
> >yup there is http://www.juniper.net/training/certification/
> >
> >i wonder how tough is the exam.  anyone here took it?
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Deepak Sharma
> >Sent: Wednesday, March 14, 2001 2:20 PM
> >To: sipitung
> >Cc: Cisco group study
> >Subject: Re: The Internet core router
> >
> >
> >lol.anyone know if there is a Juniper cert out there?!?!
> >
> >sipitung wrote:
> >
> > > Hi, please have a look this site
> > >
> > > http://www.lightreading.com/testing/
> > >
> > > Have you any comment about this ? Let's us know your opinion.
> > >
> > > Thanx
> > > Si Pitung
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Sample CCNA test question..bogus?

[Craig Columbus]

John's right on track here.  When using the /19 notation with 172.16.0.0, 
you're referring to that specific network.  172.16.0.0/19 is not the same 
network as 172.16.64.0/19.
Reading this question a little bit differently, I can see that perhaps 
there is a typo...if the question used a /18 instead of a /19, then answer 
"A" would be correct.
If you want to make answer "D" correct, you either need to rephrase the 
question to "Which one is a valid host using 172.16.64.0/19?" or rephrase 
the question to "Which one is a valid host using 172.16.0.0/17?", which 
would allow for ALL of the answers to be correct.

Craig

At 10:13 AM 3/15/2001 -0700, you wrote:
>I disagree.  Valid hosts in 172.16.0.0/19 are:
>
>172.16.0.1 through 172.16.31.255
>
>I guarantee you that any other interpretation will make life miserable
>for you eventually, especially in a production environment where you
>actually use CIDR or VLSM.  A good example would be if you were running
>BGP in a production environment that actually connected to the internet.
>
>
>Let's say you were Joe's ISP and were assigned 172.16.0.0/19.  This is
>*very* specific...you can only advertise 172.16.0.1 through
>172.16.31.254.  Most likely, 172.16.32.1 through 172.16.63.254 is going
>to be assigned to someone else.  If you followed your logic and
>advertise the entire 172.16.0.0/16, you will be getting some nasty phone
>calls or nastygrams in your email box.  Companies tend to get a little
>upset with you if you start advertising their address block.
>
>In that spirit, I assume when a test question says something as
>specific as 172.16.0.0/19 that they *really* mean it.
>
>John
>
> >>> "Lowell Sharrah" <[EMAIL PROTECTED]> 3/15/01 9:54:56 AM >>>
>I believe that answer D is correct and here is why
>
>Vaslid hosts in the network 172.16.0.0/19 are as follows
>
>172.16.64.1-172.16.95.254
>172.16.128.1-172.16.159.254
>172.16.192.1-172.16.223.254
>172.16.32.1-172.16.63.265
>172.16.160.1-172.16.191.254
>172.16.96.1-172.16.127.254
>.255 is broadcast
>
> >>> "John Neiberger" <[EMAIL PROTECTED]> 03/15/01 11:19AM
> >>>
>I think I'll side with those who say there is no correct answer, but
>there is an answer that's closer to being correct than the others.
>:-)
>
>The question is asking for a valid host in the 172.16.0.0/19 range.
>Answer D is not in that range!  It is in the 172.16.64.0/19 network.
>Valid host addresses in the 172.16.0.0/19 range are:
>
>172.16.0.1 through 172.16.31.254
>
>I would agree that by making a subtle adjustment to the question,
>answer D is the only answer possible.  Given a /19 prefix length, the
>only possible host address given in the answers is D, which forces us
>to
>change the question to fit the answer.
>
>This just appears to be a poorly worded question that not only allows
>you to figure out the most-correct answer eventually but also forces
>you
>to deduce what the actual question is in the first place.In
>other
>words, it's a typical Cisco test question!
>
>Regards,
>John
>
> >>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 8:46:27 AM >>>
>d. 172.16.80.255
>
>This belongs to subnet 172.16.64.0 with host range of 172.16.64.1 -
>172.16.95.254.
>
>Arthur
>
>
> >From: "Bruce" <[EMAIL PROTECTED]>
> >Reply-To: "Bruce" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Sample CCNA test question..bogus?
> >Date: Thu, 15 Mar 2001 15:11:07 +1100
> >
> >Q. Which one of the following is a valid host using the address of
> >172.16.0.0 /19?
> >
> >a. 172.16.32.0
> >
> >b. 172.16.64.0
> >
> >c. 172.16.63.255
> >
> >d. 172.16.80.255
> >
> >
> >
> >Which one and why?
> >
> >(I say none of them. Am I going mad?)
> >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Paper CCXX ...LONG

[Craig Columbus]

Ok...before I even begin addressing this point, let me state that I think 
that there's value in obtaining certification and that I certainly admire 
everyone who's taken the time and money to better himself, or herself, 
through the certification process.  However, as someone who hires network 
people, I have a problem with paper certs and in this post, I'll explain 
why.  If you're going to flame me, at least read through the entire post 
first.  With that much said:

I think most of you are missing the point.  Let me rephrase this in the 
form of a question:

What is the point of becoming certified?

I think we can all agree that the point of becoming certified is so that an 
independent third party "certifies" our competency,  or level of 
understanding, in a field of study.  We desire this third-party 
acknowledgement so that peers and employers will understand, at a glance, 
that we have at least the minimum level of understanding to pass 
examinations of a certain difficulty.
So, given this set of parameters, what happens when those obtaining 
certification do not have the minimum skills, as defined by the 
certification process?  We must conclude that the certification process is 
not reliable, not valid, or both not reliable and not valid.  Is it the 
fault of those obtaining, or seeking to obtain, certification?  No.  It's 
the fault of the third-party certifier.  When this situation occurs, the 
certification process should be revised so that it's both reliable and 
valid, reducing the number of certified individuals who are incompetent as 
defined by the minimum standards of the level of certification in 
question.  It's at this point that we're faced with a reality 
check:  vendors don't particularly care that some of the certified 
individuals don't meet at least minimum standards.  Why?  They have a pool 
of individuals who have staked time and money on the certification process 
and won't readily abandon the desire to keep working.  To keep working, 
they have to make sure that their employer keeps the product on which 
they're certified in stock.  With little effort,  besides offering someone 
the satisfaction of obtaining the letters of certification, the vendor has 
gained a massive "indentured" sales force.

When hiring someone for an open position, I used to look at experience, 
certifications, formal education, and references, in that order.  I did 
this because experience showed what the candidate had done, certifications 
showed at least a certain amount of direct competency in a study area, 
formal education showed at least a certain broad level of knowledge, and 
references verified the experience.  Today I look at experience, formal 
education, references, and finally, certifications.  Why the 
change?  Because anymore, the certifications don't really tell me what a 
candidate knows; they're not a valid or reliable indicator of competency.

Who's to blame for the devaluation of certain certifications?  Certainly 
not the paper certs themselves.  While some argument could be made that 
those only in it for the money are at fault, I acknowledge that we're all 
looking for a better life and the paper certs see an opportunity and are 
taking it in an effort to better their lives.  Personally, I blame the 
vendors and the training centers.  Vendors need a certain "critical mass" 
of certified individuals to meet marketing objectives and have thus lowered 
the barrier to entry.  Training centers only care about making a buck off 
the current hot certification.  You've all heard the ads..."Get CCNA 
certified in 2 weeks and join the ranks of those making $70k a year!".  The 
training centers know the realities, but aren't about to advertise them 
since few people would enroll in a course if they realized that two weeks 
of training and a CCNA will get you only a foot in the door at a very low 
salary.

So, why bother with the certification at all?  A few reasons:
1) Given that all else is equal on two resumes, most employers generally 
bring in the certified person for an interview before the non-certified.
2) The market still looks for certifications, irrespective of knowledge, 
for some positions.  You've all seen the ads...CCNP required, CCNA 
preferred.  Some companies don't understand the process and don't want to 
understand the process.  All that matters is that the VP wants someone with 
a certification on the network team.
3)  The partner program is going to put more emphasis on having x number of 
certified individuals, at all levels of certification.

Bottom line?  Paper certs aren't going away.  I think they'll decline a bit 
as the economy slows and dumps more experienced people into the job market, 
but overall I think they're going to continue to become more common as long 
as people believe that you can get something for nothing.  As an employer, 
my only defense is to look for experience and a proven track record.  As an 
employee, my only defense is to back up the cer

Re: Thanks to all in the group!!! Passed my lab!!

[Craig Columbus]

Louie,

Congratulations!  How about posting an NDA-compliant story of your experience?

Craig

At 11:28 PM 3/18/2001 -0600, you wrote:
>I just wanted to say thanks to all of the participants of this group.  The
>knowledge, insight and even occasionally the opinions gleaned from this
>group have been an invaluable tool in the quest for my CCIE.
>
>As of today that quest has come to a successful conclusion.  Thanks to all!!
>
>Louie A. Belt
>CCIE #7054
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2500 wont save config

[Craig Columbus]

What happens when you do a wr mem?

At 10:36 AM 3/19/2001 -0500, you wrote:
>I have a 2500 router with 10.3 IOS and I cant save the config. Any
>suggestions?
>
>Wm. Spencer Plantier
>LAN Engineer
>(919) 474-1300 ext 0873 Office
>(919) 474-1056 Fax
>(919)696-8848 Cell
>[EMAIL PROTECTED]
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Firewall

[Craig Columbus]

What's your budget?  Most any firewall today includes a NAT feature.  A 
low-end PIX (506) is going to set you back roughly $1000.  If you've got 
the money to spend, you may want to look at Raptor or Checkpoint software 
based firewalls.  Or, you could combine the GUI interface with a hardware 
device by buying an appliance firewall (Nokia or SonicWall).

At 10:58 AM 3/19/2001 -0500, you wrote:
>What do people use for a Firewall that does NAT translation?  I know you
>can use a PIX but what's the cost on the low end?  Does anyone have any
>other recommendation if the cost of a PIX is too high?  Looking for a
>software or hardware solution. It'll be used for about 40 user department.
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: All positions are valid - Cisco Certs Becoming Paper CCXX

[Craig Columbus]

I suppose that this depends on the particular company.  Someone with 
approximately 1 year of experience and a CCIE means (because of the lab 
wait list) that the person completed their CCIE written with only 6-9 
months of experience and the lab with about 1 year's worth.  This person is 
either very bright, has a LOT of time and money for studying, or is lying 
about their CCIE status.
If I were hiring and this resume came across my desk, it would certainly 
pique my interest.  I'd first validate the CCIE number to make sure that 
the person isn't a liar, then I'd call them for an technical interview and 
see where they really stand technically.  That is to say, did another CCIE 
hand-feed them the exam until they knew only enough to pass.  If they were 
technically inept, or even technically average, I wouldn't offer them the 
job because this person would have obviously "cheated" to obtain their 
number and I don't want someone like that on my team.  If the person were 
technically brilliant (or at least obviously above average), then I would 
offer them a position with a salary slightly less than their experienced 
CCIE peers, with a conditional raise if they prove within a year that 
they're capable of making "experienced" decisions as well as technically 
correct ones.

Just my opinion...
Craig

At 07:44 PM 3/21/2001 +1100, you wrote:
>Let me ask a question relating to this topic. I'm only looking for opinions,
>not voicing one, so please hold back the flames =)
>
>What would a person be worth (dollar terms) if they have 1 year working in
>an entry/1st level NOC monitoring position, and they have attained their
>CCIE? Will they have shown enough to move into a 3rd level position, or will
>they just be a highly decorated 1st level support guy?
>
> From the job ads I see, it seems like experience of 3-5+ years is the
>requirement. The recruitment agencies will weed out people using this as one
>of their first criteria, and use CCIE as a desirable requirement.
>
>So what does that mean? Does that mean the person with the CCIE and 1 year
>experience would have to sit tight, and wait a couple more years?
>
>Albert
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > EA LOUIE
> > Sent: Wednesday, 21 March 2001 7:20
> > To: Allen May; [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: All positions are valid - Cisco Certs Becoming Paper CCXX
> >
> >
> > No way, Allen... you already cashed it in about 15 messages ago
> > on this thread
> > - no fair cashing in twice   ;-)
> >
> > and I actually think this has been a healthy thread.  There seem
> > to be these
> > camps, from what I've read:
> >
> > 1.  Certs add value regardless of a person's experience in
> > industry - it's a
> > willingness to learn.
> > 2.  Experience adds value and meaning to the Certs - it's an
> > enhancement to
> > your experience and something that is in written recognizable form.
> > 3.  Certs get your foot into the otherwise closed, air-tight door
> > - it's an
> > indication that the person is trained and knowledgeable to some
> > extent on the
> > techonology, and therefore less risky to hire than a
> > non-certified (possibly
> > experienced) person
> >
> > Thank goodness no one has presented the argument that Certs are a
> > bad thing
> > ;-)
> >
> > All of the positions have validity.  The original poster was
> > concerned about
> > VALUE DILUTION of the certs with all the folks who were "jumping on the
> > bandwagon" versus those of us who have been in the job and are
> > uncertified and
> > working on our certs.  This raised the issue of "what's more important or
> > holds more value... the Cert or experience?"  And that's been
> > tossed around
> > alot in the past 20 or so messages.  Value, fortunately, lies in
> > the eyes of
> > the hiring manager, so if you can convince HIM one way or
> > another, whichever
> > way you want to sway it, more power to you!
> >
> > (now I'm feeling like having a breath mint... hmmm.. what's up with that?
> > "It's two, two, two mints in one")
> >
> > LOL... I should be so jolly after a one-hour rolling blackout at
> > my office!
> >
> > -e-
> >
> > "Allen May" <[EMAIL PROTECTED]> wrote:
> > > I'm still ready to stop this thread and cash in on all the 2
> > cents thrown
> > > in.
> > > ;)
> > >
> > > Allen
> > > - Original Message -
> > > From: "Robert Padjen" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > Cc: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, March 20, 2001 10:55 AM
> > > Subject: RE: Cisco Certs Becoming Paper CCXX
> > >
> > >
> > > > I believe that there are two distinctions that should
> > > > be made - and that you may disagree with. At least for
> > > > the bachelors degree, the experience is just that -
> > > > well beyond the actual academics. In addition, the
> > > > focus of the GE portion of the program is to diversify
> > > > - humanities, science, language, amongst other

What is the current (non-beta) 640-025 CID version?

[Craig Columbus]

Just got back from the CID exam ...I'm wondering if I got the correct version.
The official Cisco exam objectives list shows CID 3.0.  My test report 
score sheet shows CID 2.0.
There were NO Stratacom questions on my test, NO windows networking 
questions, and MANY MANY MANY
SNA questions.  Test was 2 hours, 158 questions, passing set at 80% (I was 
very close, but SNA killed me).
I called Cisco and the lady on the phone said she thought the current 
version was 2.0, but that she'd have to escalate it and have someone call 
me back.
Did I get an old version of the exam or were the questions I got just the 
luck of the draw?

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem with CID 640-025. Read this if you have it scheduled.

[Craig Columbus]

I just got off the phone with Cisco and I have some interesting news.
Recently I posted a message asking about the current version of CID.  I 
knew the current version to be 3.0, with 100 questions over 2 hours.  I 
took the exam last Wed. (Nov. 22) and received CID 2.0, 158 questions over 
2 hours, 80% to pass.  To make a long story short, I escalated the case to 
Cisco because I knew that I had received the wrong test.  Cisco looked over 
things and agreed that I received the wrong test and gave me a voucher for 
a retest.  Further, I was just told that because of this problem, they're 
going to temporarily pull the test from both VUE (where I took the exam) 
and Prometric, until they get things sorted out.  I don't know when the 
suspension is going to go into effect, but suspect that it'll be 
immediately.  Since I want to take the test ASAP, I asked if they had an 
ETA for redeployment and was told that they're guessing two weeks, but that 
it's just a guess and that it could be sooner or later.
Anyone with the test currently scheduled should probably call the testing 
center and see if your exam has been postponed.

Thanks,
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Back-to-Back testing

[Craig Columbus]

You'll need to make a back-to-back cable first.  Pins 1&2 cross to pins 
4&5.  Config as you would for a true WAN, except have one router clock 
internal and one router clock line.

Craig

At 02:06 AM 12/11/2000 -0700, you wrote:
>Hi all,
>   I want to do a back-to-back connectivity testing between a 3660 and 
> 3640
>router using T1 Wan Interface cards.CAn anyone give me a sample config as to
>how to do it ??
>
>Thanks in advance.
>
>hari
>
>
>Get free email and a permanent address at http://www.netaddress.com/?N=1
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP Spanning Tree

[Craig Columbus]

Yep.  Seen this one.  I had a fairly large switched environment (Bay, not 
Cisco) where people were failing to obtain DHCP addresses.  Spanning tree 
was removed and the problem went away.

Craig

At 02:45 PM 12/16/2000 -0500, you wrote:
>The potential problem is spanning tree will shut down the link for the first
>thirty seconds (default) before passing traffic. If your computer is far
>enough along in the boot proccess and makes a dhcp request before the switch
>activates the port, the dhcp request will fail. Use portfast to prevent this
>problem. Portfast is fine so long as you are sure no switch will be
>connected to that port. This problem can be seen more frequently with PCMCIA
>NICS. The computer may not assert the link on the card until late in the
>boot process and then almost immediatly issue the DHCP request.
>""A. Ward"" <[EMAIL PROTECTED]> wrote in message
>91dluo$tgr$[EMAIL PROTECTED]">news:91dluo$tgr$[EMAIL PROTECTED]...
> > Has anyone had issues where DHCP limited the use of the Spanning tree =
> > protocol?
> >
> > Can you send me a lead to a white paper or give me any information on =
> > this issue?
> >
> > Thanks.
> >
> > A. Ward
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passed CID3.0 640-025

[Craig Columbus]

Today, exactly 1 month after I was given the wrong version of 640-025 (the 
2.0 version), I took the correct version (3.0) and passed with flying colors.
Compared to the 2.0 version, CID3.0 is a walk in the park.  The questions 
are not difficult, but the wording can be quite frustrating.  Without 
breaking NDA, let me say that there were several questions for which the 
answer was *completely* subjective.  I don't mind picking the best solution 
out of a list of good solutions...but I seriously get annoyed at having to 
take a 50/50 shot at guessing from two completely correct answers.   For 
those who will attempt the exam soon, read the Cisco exam blueprint for 
what to study.  If you don't deal with SNA,  X.25, and Appletalk on a 
regular basis, make sure you brush up.  Take your time and read the 
questions carefully.  Think about what Cisco is really asking.  Cisco 
allows 2 hours to complete the exam, and even going slowly and taking my 
time, I finished in about an hour.
Merry Christmas!

Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN (i still "really" dont KNow)

[Craig Columbus]

>Ran into a case of this recently.  Everything authenticated OK, but no IP 
>traffic would pass over some of the BRI interfaces.  Resolution was to add 
>the word broadcast to the dialer map statements.  I've never had to do 
>this before, so I assume that it's a bug in the version of IOS that the 
>clients were usingsorry, it escapes me what the IOS was...may have 
>been 12.0(8).  We ended up changing to 12.0.(7)T since it seems to be solid.


Craig

> >  Dear all,
> >
> >  i am setting up an end-to-end isnd connection between two routers using
>CHAP
> >  athuentication.i seem to make a connection but cant ping even the local
>side
> >  the show ip route shows it as directly connected interface,when i do show
> >  int bri 0 i see (spoofing)what actually does it mean and how to get rid
>of
> >  it ??i have checked the configurations and searched on net a lot
> >  configuration seems alright.if possible can someone send me a practical
> >  working config (offcourse ips and passwords omitted).??
> >
> >  i realy would appreciate it.following is a general skecth just for
>refernce.
> >
> >
> >  following is the configuration
> >
> >  Router 1:
> >
> >  hostname 3600-1
> >  username 2600-1 password google
> >
> >  int bri 0
> >  ip address 10.10.10.1 255.255.255.0
> >  encapsulation ppp
> >  dialer map ip 10.10.10.2  name 2600-1
> >  ppp authentication chap
> >  -
> >
> >  Router 2:
> >
> >  hostname 2600-1 password google
> >
> >  int bri 0
> >  ip address 10.10.10.2 255.255.255.0
> >  encapsulation ppp
> >  dialer map ip 10.10.10.1 name 3600-1 1267126
> >  ppp authentication chap

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A question regarding private addressing

[Craig Columbus]

OK.  I can accept that Microsoft (or Apple for that matter) would do 
something like this and then expect the world to revolve around 
them.  However, I'm confused as to the benefit.  Why would anyone want a 
non-assigned default IP address to appear on their network?  Do they really 
think that people will implement a non-RFC1918 compliant address space just 
to save configuration time?  (Actually, I can think of several cases where 
people might just go for this.)
How do Internet backbone routers (BGP ASs) deal with this traffic?
Let's say that I want to take the easy way out and I connect a small 
network to the Internet via an ISP.  I'm not running NAT, but I'm running 
the 169.254 addresses inside my network. If I've got a static route to an 
ISP public address, and we're not exchanging routing information, I can't 
see how this traffic would ever get back to my network.  If I'm exchanging 
routes with an ISP (via BGP or some other interior protocol), where and how 
do the 169.254 routes get filtered?  There has to be some mechanism, or 
there would be thousands of summary routes back to 169.254 showing up on 
the Internet table.
Any help in understanding this is appreciated.

Thanks,
Craig

At 03:27 AM 1/6/2001 -0800, you wrote:
>On May 28, 10:03am, Priscilla Oppenheimer wrote:
>}
>} Microsoft stole this from AppleTalk. Ironically, Apple doesn't care and in
>
>  MS made a draft RFC about it, which has expired, and there is a
>new draft by Apple (see my previous note).
>
>} fact has been using the Automatic Private IP Addressing scheme for a few
>} years. I think Microsoft themselves only started using it pretty recently.
>} (Windows 2000, you say?)
>
>  No, Windows 98 does it as well (not sure about Windows 95, but it
>would be a good bet).
>
>}-- End of excerpt from Priscilla Oppenheimer
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Calling all CCIEs for advice...Help!!!

[Craig Columbus]

Take the 100% Cisco job.  You'll see things in your day to day work that 
you'd never think to create in a lab and you'll see things that you *can't* 
create in a home lab.  Let me give you an example:
Our area code is switching to 10 digit dialing.  We have numerous customers 
connecting to our backbone via ISDN.  I sent one of my junior guys out to 
change the dialer entry on a 700 series router to 10 digits.  He changes 
the entry, reboots the router, and the circuit won't come back up.  He 
calls me and, he being rather inexperienced, I suspected he changed more 
than the dialer entry.  Since 700 series routers are a pain to deal with, I 
had him swap it for an 800 series.  I build a config and have him load it 
into the 800 series.  The circuit *still* won't come up.  We call the both 
Cisco TAC and the telco.  The local loop tests clean.  On a hunch, I have 
them test the local loop at our side of the connection.  The local loop 
tests clean.  Cause codes from the debug are inconclusive, but Cisco TAC 
verifies that there's nothing wrong with our equipment or configs.  I get 
more senior telco engineer on the line and we watch the end-to-end 
process.  He suspects that errors are being introduced on the D channel 
somewhere between our backbone ISDN router and the telco.  I replace the 
ISDN card in our router and the problem still exists.
Senior engineer suggests replacing linecard at the CO; his boss, also on 
the teleconference, overrules and says that they'll send a guy out to our 
site the next morning (because, afterall, they're the telco and it MUST be 
our problem).  24 hours later, the telco guy finally shows up to test the 
line.  Line tests clean.  I show the guy the router debugs and explain how 
it's not our equipment with the problem and how I don't care that the line 
tests cleanI want the CO linecard replaced.  He says that they can't do 
that if everything is clean.  I tell him that my customer is down, it's the 
only remaining option since everything else has been tested, and that it 
won't hurt to try it.  He gets approval to have the linecard changed.  When 
the linecard is replaced, the previously broken ISDN circuit connects 
immediately.  This is the type of debug and troubleshooting process that 
you'll never be able to create in a home lab.

Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP 2.0 completed and is a joke!!!

[Craig Columbus]

I haven't taken any of the 2.0 exams, but those I've spoken to who've taken 
1.0 and 2.0 concur with your assessment.  Why did Cisco "dumb-down" the 
tests?  Probably because they're trying to find that delicate balance 
between having enough certified people in the field to help sell their 
products and making the tests just difficult enough to ensure that the 
certified people aren't complete morons.  Remember, Cisco isn't creating 
certifications to help our careers...they're creating the certifications to 
drive their product placement in the marketplace.  If it's hard to find 
someone "certified" to maintain the equipment, a customer isn't as likely 
to buy the product.  Personally, I'd love to see Cisco make the exams much 
more difficult, but I can't see that it will ever happen.
The new CCNP track has made my job more difficult.  I can no longer take 
the CCNP cert to mean that the candidate actually knows anything about 
networking.  Therefore, all my candidates now get a comprehensive tech 
interview.  You'd be surprised the number of CCNPs that can't explain basic 
subnetting or the differences between distance-vector and link-state protocols.

Craig

At 04:55 AM 1/13/2001 +, you wrote:
>Hi there,
>
>I completed my CCNP 2.0 on 3rd Jan. 2001 (scores between 82-89%) within a
>space of 6 weeks.
>
>I feel the high standard from CCNP 1.0 to CCNP 2.0 exams has dropped
>considerably.  I failed my ACRC exam back in August and was forced to
>abandon it due to the expiry date.  ACRC was a good standard exam.  That was
>the true level of testing!  The passing score for the old CCNP 1.0 exams was
>79%, whilst now (for CCNP 2.0) it's a sheepishly low 69%.
>
>I managed to pass the new BSCN and CIT exams in under three weeks without
>ANY prior Cisco experience.  I feel the passing score should be increased to
>79% instead if 69%, otherwise CCNP 2.0 will end up flooding the market and
>decreasing it's value like Microsoft exams.
>
>I don't feel Cisco should be dropping their standards in Professional
>Certifications.
>
>Just my thoughts...What do you guys reckon?
>
>Regards.
>Ashfaq
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP 2.0 completed and is a joke!!!

[Craig Columbus]

Not so sure about the CCIE track.  I've heard that Cisco intends to keep it 
at a different level from the other tracks.
BTW, I've never met a CCIE who didn't know his stuff.  Is there such a 
creature?

Craig

At 08:22 AM 1/14/2001 -0800, you wrote:
>Hello all,
>
>I've heard expert, meaning knowlegable and very experienced, CCIEs say
>*exactly* the same thing about other CCIEs after interviews... i.e., "don't
>understand or can't explain basic concepts."  These people aren't morons,
>some folks just have different goals and views concerning their CCIE and
>networking carrers.
>
>I'd say that it's all very relative, some people have a passion for what
>they do and others don't.  Being that I just went through the entire 2.0
>CCNP track, I do agree that it was easier than I expected and the assessment
>that this "easement" is "sales driven," is probably very accurate.
>
>Nonetheless, I still hold a certain amount of respect for anyone
>successfully passing the CCIE certification - it's just not easy!  I believe
>that Cisco will soon "soften" the CCIE track as well - this is already
>becoming evident in the multi-rating CCIE system.
>
>my pennies
>
>- Original Message -
>From: "Craig Columbus" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Sunday, January 14, 2001 7:47 AM
>Subject: Re: CCNP 2.0 completed and is a joke!!!
>
>
> > I haven't taken any of the 2.0 exams, but those I've spoken to who've
>taken
> > 1.0 and 2.0 concur with your assessment.  Why did Cisco "dumb-down" the
> > tests?  Probably because they're trying to find that delicate balance
> > between having enough certified people in the field to help sell their
> > products and making the tests just difficult enough to ensure that the
> > certified people aren't complete morons.  Remember, Cisco isn't creating
> > certifications to help our careers...they're creating the certifications
>to
> > drive their product placement in the marketplace.  If it's hard to find
> > someone "certified" to maintain the equipment, a customer isn't as likely
> > to buy the product.  Personally, I'd love to see Cisco make the exams much
> > more difficult, but I can't see that it will ever happen.
> > The new CCNP track has made my job more difficult.  I can no longer take
> > the CCNP cert to mean that the candidate actually knows anything about
> > networking.  Therefore, all my candidates now get a comprehensive tech
> > interview.  You'd be surprised the number of CCNPs that can't explain
>basic
> > subnetting or the differences between distance-vector and link-state
>protocols.
> >
> > Craig
> >
> > At 04:55 AM 1/13/2001 +, you wrote:
> > >Hi there,
> > >
> > >I completed my CCNP 2.0 on 3rd Jan. 2001 (scores between 82-89%) within a
> > >space of 6 weeks.
> > >
> > >I feel the high standard from CCNP 1.0 to CCNP 2.0 exams has dropped
> > >considerably.  I failed my ACRC exam back in August and was forced to
> > >abandon it due to the expiry date.  ACRC was a good standard exam.  That
>was
> > >the true level of testing!  The passing score for the old CCNP 1.0 exams
>was
> > >79%, whilst now (for CCNP 2.0) it's a sheepishly low 69%.
> > >
> > >I managed to pass the new BSCN and CIT exams in under three weeks without
> > >ANY prior Cisco experience.  I feel the passing score should be increased
>to
> > >79% instead if 69%, otherwise CCNP 2.0 will end up flooding the market
>and
> > >decreasing it's value like Microsoft exams.
> > >
> > >I don't feel Cisco should be dropping their standards in Professional
> > >Certifications.
> > >
> > >Just my thoughts...What do you guys reckon?
> > >
> > >Regards.
> > >Ashfaq
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: subnetting and tcp/ip

[Craig Columbus]

Jennifer has it basically correct.  See my comments below for corrections.

Craig

At 04:21 PM 1/15/2001 -0600, you wrote:

>Ok, here we go...
>
>We will start with basics...all network addresses end in 0.

Sort of true.  All *classful* network addresses end in 0, but VLSM networks 
can end in other numbers.  For example, it's completely possible to have a 
network address of 200.200.200.64 if there are 2 or more bits of subnetting.

>Whether they have 1,2,3 zero's depends on whether it is a class A, a class 
>B, or a class C network
>address...
>class A   0-127, which is   x.0.0.0   , as long as the x, is between 
>0-127, it is a class A "network address".

Actually, 127.x is reserved for loopback.

>class B   127-191, which is x.x.0.0, as long as the "first x" is between 
>127-191, it is a class B "network address."
>class C  192-223, which is x.x.x.0, as long as the "first x" is between 
>192-223, it is a class C "network address."
>
>You don't need to worry about class D or E.  They are for experimental 
>purposes and they have the first number set in access of 223.

E is still experimental, but D is multicast and is frequently used.

>Network addresses are assigned by internic to companies and whether the 
>companies get a class A, B, or C depends on the size of the network and 
>availability .
>Gov agencies usually have A's.  Very large corps. usually have a B, and 
>everything else has a C.

Not necessarily true.  While there are many large companies with class A 
addresses, most addressing today is classless.  It's very common for large 
companies and government agencies to have contiguous blocks of class C 
addresses.  So, for lack of a better example, your network allocation may 
be 212.0.0.0/8.


>When companies get their network addresses, they can break them down into 
>private addressing for organization within their companies, and for ease of
>management.  And that's where the other numbers come from that you were 
>referring to.  BUT, the address class is determined by the first number, 
>or the first octette.
>If your number is in binary format, you add it up to figure out what the 
>class is. Do you know how to do that?  If not e-mail me.

Sort of.  The class is actually not determined by the first octet, but 
rather by the first 2 bits of the octet.  For example, routers base their 
classful distinction on the initial bit pattern of 00 (A), 10 (B), or 11 (C).

>Your address of 172.5.5.0, is a class B with a network address of 
>172.5.0.0.The 5 in the third octette is from within the company and is 
>the address of one of their
>subnets and is used by their router to direct traffic to that particular 
>subnet within their company.  Routers "out there" in the WAN side of the 
>world only use the
>network addresses for routing.  And you have to know what class it is, in 
>order to determine how many octettes are in the "network address" .  An 
>address of
>192.5.4.3 has a network address of 192.5.4.0, because it is a class C, and 
>therefore is of the form x.x.x.0
>
>The 4 addresses you have:
>
>130.5.32.0
>130.5.64.0
>130.5.160.0
>130.5.224.0
>
>All these addresses come from the same network, because their network 
>address is 130.5.0.0.  It is a class B of the form x.x.0.0  The other 
>numbers direct the traffic
>to different, specific parts of that network within the private company 
>that has the network number 130.5.0.0.  Those other numbers are derived 
>from by a process
>known as subnetting and that's a different lesson.
>
>Good Luck!
>Jennifer Cribbs


Hope this helps.

Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: wrong subnet

[Craig Columbus]

Hmm...depends on your meaning of correct.  The router is the last host IP 
in the network (10.1.244.0-10.1.245.255).  While most people put the router 
as the first IP (in this case 10.1.244.1), there's technically nothing to 
prevent someone from making it the last host...or the middle hostor any 
host in between.  Technically feasible?  Yep.  Poor choice?  In my opinion, 
yes.

Craig

At 08:18 PM 1/15/2001 -0500, you wrote:
>It may be legal but still not correct.
>
>One thing that seems a bit odd though, the gateway is generally a
>smaller number then the node.
>I've never seen it larger but hey I've seen stranger things.
>Natasha
>just a CCNA lol
>
>Eric Fairfield wrote:
> >
> > Looks legal to me.
> >
> > --
> > Eric Fairfield
> > CCIE #6413
> >
> > ""Dennis Ighomereho"" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > hello everyone,
> > > someone has just given me an IP address to use which i think the 
> subnet is
> > > wrong or know is wrong.can someone just confirm this.
> > >
> > > Ip address:10.1.245.253
> > > mask:  255.255.254.0
> > > gateway10.1.245.254
>
>Natasha Flazynski
>http://www.ciscobot.com
>My Cisco information site.
>http://www.botbuilders.com
>Artificial Intelligence and Linux development
>
>A bus station is where a bus stops.
>A train station is where a train stops.
>On my desk, I have a work station...
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: To Craig

[Craig Columbus]

No skin off my back :-).  Thanks Jennifer.  And, BTW, you have a right to 
be a bit touchy after last week.

Craig

At 09:07 PM 1/15/2001 -0500, you wrote:
>Craig,
>All that came out all wrong.  I am apologizing for acting like a "b".
>
>I am over sensative right now because of the things that happened last 
>week on
>this site.
>
>I really did come across in a bad way.  You didn't do anything wrong or say
>anything wrong, but I did.
>
>Sincerely,
>Jennifer Cribbs
>
>
>Have a Good Day!!
>Jennifer Cribbs
>[EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WAN switching Exam

[Craig Columbus]

I've not taken any of the WAN tests, but I know that Cisco Press has a book 
for the CCNA-WAN.

Craig

At 02:12 PM 1/16/2001 +0100, you wrote:
>Are there any good books for the CCNA Wan switching exam? Is it a useful
>cert in any case--ie are companies looking for it at all or even know it
>exists? The exam outline looked pretty much like CCNA with some of the stuff
>from CCNP thrown in but not much. Has anyone actually taken the test?
>
>thanks
>
>stu
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Patch Panels

[Craig Columbus]

In a nutshell, patch panels get rid of the spaghetti factor.  Let's say 
that you've got 500 drops coming into a datacenter.  Other than the mess of 
cables you'd have around every switch, you'd have to search heavily to 
figure out which cable is where.  When patch panels are in place, you 
arrange them in an orderly fashion so that you know where each drop is 
located.  For example, panel 1 may contain all drops from floor 1 in the 
building.  You eliminate a lot of mess because you only need patch those 
drops that are hot or in use.  If you change switches in the future, it's 
relatively easy to see which drops are being relocated.
When you punch down a drop, you're actually doing it at two locations:  the 
termination point at the wall jack, and the back of the patch panel.  You 
use a punch tool to perform this operation.  When completed, you have a 
RJ-45 jack at each end, ready to plug your cable into.
I suggest you look for a book entitled "LAN Wiring".  I believe that it's 
now in its second edition.

Craig

At 07:27 AM 1/17/2001 -0500, you wrote:
>Could someone please elaborate on patch panels, or point to some
>reading.
>I understand the use of panels when you have your switch/router in,
>say, rack1 and your devices in rack5, you then have patch panels in
>rack5 hardwired over to rack1.
>I'm missing the practicality in other cases:
>Your router/switches are in rack1 and you have them hooked up to patch
>panels also in rack1. Why not bypass the patch panels in this case?
>Wiring closets; you have hubs in the closet, wired to patch panels in
>the same closet. Again, why not bypass the panels?
>When a workstation needs to be "punched down", does that mean you need
>to hardwire a port on the patch panel to the hub, then run a line from
>workstation to the patch panel? Any info available on the "punch down"
>methodology?
>
>Any clarifications greatly appreciated.
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problems dialing into cisco 801

[Craig Columbus]

Do a "debug isdn events" and "debug isdn q931" on the 801.  Look for a 
cause code...it'll look something like "Cause i = 0x8090 - Normal call 
clearing", though your message is likely different.  Check Cisco's web 
site, http://www.cisco.com/warp/public/112/chapter17.htm, for cause code 
definitions and more information.  Shoot me an e-mail if you need more 
assistance.

Craig

At 09:05 PM 1/17/2001 +, you wrote:
>Hi,
>
>Im stumped with this problem. Got a 801 configured with dialer profiles,
>there are 2 dialers set up, they both work fine dialing out. The problem is
>when the other routers (a shiva and a 3620) try to dial in. I can see a
>connection coming in, but the 801 just seems to drop the call. With debug
>ppp authentication turned on i get nothing, so it doesnt even get to that
>stage. I have also debugged ppp negotition but all i get very little
>information from that. LCP comes up.then comes down again. It almost
>seems like the 801 is rejecting the calls, but i cannot see why.
>
>This is part the config from the 3620:
>
>interface BRI1/0
>  no ip address
>  encapsulation ppp
>  dialer pool-member 1
>  isdn switch-type basic-net3
>  isdn send-alerting
>  ppp authentication chap callin
>
>interface Dialer1
>  ip address xxx.xxx.xxx.xxx 255.255.255.252
>  encapsulation ppp
>  dialer remote-name cisco801
>  dialer pool 1
>  dialer string xx
>  dialer-group 1
>  ppp authentication chap callin
>
> From the 801:
>
>interface BRI0
>  no ip address
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer pool-member 1
>  isdn switch-type basic-net3
>  ppp authentication chap callin
>!
>interface Dialer0
>  ip address xxx.xxx.xxx.xxx 255.255.255.252
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer remote-name cisco3620
>  dialer string xxx
>  dialer pool 1
>  dialer-group 1
>  ppp authentication chap callin
>
>
>Thanks for any help,
>
>Neil
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sorta OT: More than T1, less than T3...

[Craig Columbus]

Ok..given a situation where you need more than T1 Internet connectivity 
(say 10Mb), but can't spring for a T3, how do you resolve the issue?  Do 
you buy multiple T1's and multiplex them?  If so, I assume that this 
requires cooperation with the ISP to de-mux on their site.  What Cisco 
equipment has proven reliable for this?  Is there a third-party solution 
that will take Cisco HSSI output into a bunch of multi-plexed T1s?  Is 
there a solution that I'm overlooking?

Thanks,
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sorta OT: More than T1, less than T3...

[Craig Columbus]

Thanks guys for all the good comments.  I'm going to look into the standard 
mux/imux stuff, but the ATM IMA solution sounds interesting.  How many out 
there have implemented this?   Is it reliable?  (ATM has been a bit flaky 
for me in the past.)  How does the cost per ATM line compare to standard T1 
per line?

Craig

At 06:06 PM 1/17/2001 -0800, you wrote:
>Check with you local carriers to see if they can provide you with ATM IMA
>service.
>
>This is pretty neat.  Cisco and other vendors have products which allow you
>to take in ATM lines in increments of 1.54 mbs ( T1 ). These are ATM
>circuits. For a Cisco 26xx router or above, you can purchase ATM IMA cards
>with 4 or 8 port capacity, meaning up to 12 mbs total bandwidth. As you add
>T1's the IMA multiplexes those into one fat pipe.
>
>The nice thing is this can grow with you.
>
>As with everything else in the data comm world, YMMV
>
>Chuck

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sorta OT: More than T1, less than T3...

[Craig Columbus]

In my area, the cost for about 8 T1s = cost for 1 T3.  It's the gray area 
(say 6 T1s) in between that had me scratching my head.  The price for the 
NM-4T1-IMA really isn't bad when compared to the price of the comparable 
number of T1 WICs.  Thanks for the lead Chuck.  Now, I have to figure out 
if there are any providers in the area.  I know the ones that I deal with 
on a regular basis don't offer itor if they do, they keep it under wraps.

Craig

At 07:33 PM 1/17/2001 -0800, you wrote:
>I believe that in Pac Bell territory, anyway, the break point is somewhere
>around 10 T1's, after which you  may as well get a T3
>
>Dan, for some reason I was under the impression that straight T1
>multiplexing had fallen out of favor, what with the advent of IMA. I know
>Cisco offers IMA for up to 12 mbs, and a 25 mbs ATM card for the 36xx and
>72xx  Have I been hanging around with the telco TSS's too long?
>
>Telco pricing structures are a whole newsgroup unto themselves.
>
>Chuck
>
>
>
>-Original Message-
>From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>Daniel Cotts
>Sent:   Wednesday, January 17, 2001 7:06 PM
>To: Craig Columbus; [EMAIL PROTECTED]
>Subject:RE: Sorta OT: More than T1, less than T3...
>
>Multiplexed T-1s are an option. Companies such as Larscom and Digital Link
>make inverse multiplexers that will combine up to 6 T-1s. I am used to the
>Digital Link box. It's output towards your LAN is either V.35 or HSSI.
>Larscom makes a box called an EtherSpan than converts HSSI to Ethernet. So
>you can use any router that has an Ethernet interface. Telco -> (2-6 T-1s)
>->Digital Link Inverse Mux -> HSSI -> Larscom EtherSpan -> Ethernet ->
>router.
>By time that you pay for all of those T-1s you might be approaching the cost
>of a T-3.
>
> > -Original Message-
> > From: Wojtek Zlobicki [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 17, 2001 7:15 PM
> > To: Craig Columbus; [EMAIL PROTECTED]
> > Subject: Re: Sorta OT: More than T1, less than T3...
> >
> >
> > Is fiber an option ?  Can you get a 10Mb feed from anyone ?  A 10 Meg
> > Ethernet feed from anyone ?
> >
> >
> > - Original Message -
> > From: "Craig Columbus" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, January 17, 2001 7:18 PM
> > Subject: Sorta OT: More than T1, less than T3...
> >
> >
> > > Ok..given a situation where you need more than T1 Internet
> > connectivity
> > > (say 10Mb), but can't spring for a T3, how do you resolve
> > the issue?  Do
> > > you buy multiple T1's and multiplex them?  If so, I assume that this
> > > requires cooperation with the ISP to de-mux on their site.
> > What Cisco
> > > equipment has proven reliable for this?  Is there a
> > third-party solution
> > > that will take Cisco HSSI output into a bunch of
> > multi-plexed T1s?  Is
> > > there a solution that I'm overlooking?
> > >
> > > Thanks,
> > > Craig
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE reading: TCP/IP by Doyle Vol.1 or 2

[Craig Columbus]

I haven't read Doyle's Vol2, but if volume1 is taken as an indicator, I'm 
sure it'll be a good reference.
I've read the others that you have on your list, with the exception of the 
Rossi book, and can confirm that you should have them on your shelf.
In addition, you really should obtain a copy of Interconnections by Radia 
Perlman.

Craig

At 09:29 AM 1/20/2001 -0600, you wrote:
>Hello,
>
>I am looking at obtaining the books that are "Required reading" for the
>CCIE lab, according to www.ccbootcamp.com. I have heard great things about
>their perpetration labs and plan to buy them as soon as I can get my lab
>pieced together from optsys.
>
>The books listed are:
>
>Internet Routing Architectures, Bassam Halabi
>CCIE Prof. Development Routing TCP/IP Volume I, Jeff Doyle
>Cisco Certification Bridges, Routers, and Switches for CCIE's, Caslow
>Cisco Lan Switching (CCIE professional development)
>Cisco Catalyst Lan Switching Louis R Rossi, Louis D. Rossi, Thomas Rossi
>
>
>I noticed the TCP/IP book by Doyle has a Volume 1 and Volume 2. The first
>book  seems to be the foundation book while the second one goes into BGP.
>Multicasting, etc.
>
>The Architecture book by Halabib is a must have, from everyone that has
>read it. It  seems to be heavy in BGP more than other exterior routing
>protocols. Is Doyle vol 2 worth reading back to front or are their better
>reads one the list for that information?
>
>Thanks,
>
>-Eric Gunn
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cabletron

[Craig Columbus]

Don't get me started.  I just took over a network with Cabletron 
routers/switches, mainly 200s, 600s, 700s, and 2000s.  Now, this is just my 
opinion, but they're better suited to be doorstops than 
routers/switches.  They're a pain to configure and manage and they're not 
exceptionally fast or stable.  I'm removing them from the network as fast 
as my budget will allow.
In my opinion, Cisco products (well, with the possible exception of the 
Cisco 700 series routers), are far superior.

Just my $0.02...your mileage may vary.

Craig

At 04:03 PM 1/21/2001 +, you wrote:
>Can someone give me some feedback on Cabletron hubs/switches.  It is good,
>bad, advantages, disadvantages and how it really compares to the Cisco
>Catalyst line of switches.  If you have cabletron switches would you upgrade
>to Cisco Catalyst switches or would you remain with cabletron.  Please
>responsd to this email address.  Thanks.
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Funky policy-based NAT question (LONG)

[Craig Columbus]

First, I apologize for the confusing post, but I'm scratching my head at 
the moment and could use another set of eyes.
I have a question about using different NAT pools, decided by policy based 
routing.
Everything I've read on Cisco's site seems to indicate that this will work, 
but for some reason, it's not.
Any advice on the subject is appreciated.

Nomenclature (obviously not the real addresses):
ISP1 addresses are represented by 1.1.1.x and 2.2.2.x.
ISP2 addresses are represented by 3.3.3.x.
Target addresses are represented by 4.4.4.x.

Explanation of what I want to do:
I have two distinct connections to the Internet, one off of Ethernet0/1 and 
the other off of Serial0/0.
NAT inside range is 10.1.1.x /24.
I want all clients connecting to addresses 4.4.4.1 and 4.4.4.2 to use a NAT 
pool associated with E0/1 and route through E0/1.  All other Internet 
traffic should use the NAT pool associated with S0/0 and route through S0/0.

The sample config below routes traffic appropriately, but only obtains the 
NAT addresses from the ISP1-pool no matter the destination.  The end result 
is that traffic outbound to ISP2 is natted to an ISP1 address...something I 
definitely don't want.

Pertinent Router Config:

interface E0/0
  description Private Inside
  ip address 10.1.1.1 255.255.255.0
  ip nat inside
!
interface Serial0/0
  description ISP 1
  ip address 2.2.2.1 255.255.255.252
  ip nat outside
!
interface E0/1
  description ISP2
  ip address 3.3.3.1 255.255.255.224
  ip nat outside
!
ip nat pool ISP1-pool 1.1.1.1 1.1.1.3 netmask 255.255.255.248
ip nat inside source route-map ISP1-map pool ISP1-pool
ip nat pool ISP2-pool  3.3.3.3 3.3.3.6 netmask 255.255.255.224
ip nat inside source route-map ISP2-map pool ISP2-pool
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route 4.4.4.1 255.255.255.255 3.3.3.2
ip route 4.4.4.2 255.255.255.255 3.3.3.2
!
access-list 100 permit ip any host 4.4.4.1
access-list 100 permit ip any host 4.4.4.2
access-list 101 deny ip any host 4.4.4.1
access-list 101 deny ip any host 4.4.4.2
access-list 101 permit ip any any
route-map ISP1-map permit 10
  match ip address 100
  match interface Ethernet0/1
route-map ISP2-map permit 20
  match ip address 101
  match interface Serial0/0

Thanks in advance,
Craig
  

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Companies requiring proof of previous salary

[Craig Columbus]

I absolutely disagree that there's nothing that can be done for a company 
that exhibits this type of behavior.  VOTE WITH YOUR FEET!!!  Remember, 
we're in a time when demand is high and skills are hard to find.  Tell the 
company that your previous salary has zero bearing on what you now 
expect.  If they just want to verify employment, give them the phone number 
of HR at your previous employer.  If they indicate that your new salary 
will be based on your old, that's fine...tell them where to go and then go 
get a job with their competitor.  Rememberthis type of corporate 
attitude will permeate your entire employment, not just the hiring 
process.  Do you really want to work in an environment like that?
The only situation I can imagine where you might actually need/want to 
comply with this level of invasiveness is if you're applying for a position 
requiring a security clearance (gov't or otherwise).  In that scenario, the 
pay information should not be used to compute your current salary, but 
rather as part of a comprehensive background investigation.

Just my $0.02
Craig


At 05:59 PM 10/8/2000 -0200, you wrote:
>There is nothing you can do...  If you want the job, then play their game.
>When interviewing for noticeably more in salary- it's safer to play offers
>(I have offer from XYZ, for XYZ).  @ my old company, I saw handful of people
>inflate their current salaries with the wrong potential employers.  Very
>rarely did I see them get the job, & they always walked away feeling as if
>they'd burned bridges.  Cisco was one of the companies I particularly
>remember checking in detail...
>
>The whole process is a card game, & you're still required to show a winning
>hand (most of the time) to win the game...
>
>Good Luck !!!
>Phil
>
>- Original Message -
>From: "Stephane Wantou Siantou" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Sunday, October 08, 2000 4:56 PM
>Subject: Companies requiring proof of previous salary
>
>
> >
> > Hey Guys,
> > I recently had an interview with a company that requires proof of
> > my previous salary.  I don't want to show them anything about my
> > previous salary.  How do you think I can go about it?
> > Thanks
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>**NOTE: New CCNA/CCDA List has been formed. For more information go to
>http://www.groupstudy.com/list/Associates.html
>_
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SNA: why tokenring?

[Craig Columbus]

Not to shift the subject, but if you need the consistent latency and 
reliability for multimedia, why not go with ATM?  The bandwidth available 
is better than Token ring and the cost isn't *that* much more.
In any case, SNA over Ethernet is no problem in a well-designed 
network.  As Priscilla stated, IBM has the market for most of the high-end 
hardware that utilizes SNA, IBM likes(d) token ring, and change is a hard 
thing to come by in the world of Big Blue.

Just my $0.02...
Craig

At 04:20 PM 10/12/2000 -0400, you wrote:
> > At 08:19 AM 10/12/00, Alldread AK2 Robert J wrote:
> >>I am just curious as to why SNA still runs on tokenring today.
> >
> > IBM got their foot in the door at many large companies and then closed the
> > door behind them. The end result is that many companies deployed all
> > IBM-developed technologies. If a company uses their network for
> > mission-critical applications, it takes a long time for the network to
> > evolve, since changes risk bringing the network down.
>
>It's actually more than that though. Token Ring and FDDI are token passing
>in nature and can have predictable response times. Ethernet is bursty by
>nature and, although good for most everybody needs, still has issues in the
>QoS or what I call Best Effort QoS, for what Token Ring already offers,
>which is consistent, predictable network response times.
>With SNA, that is very important.
>
>I have seen companies go through a lot of planning into putting Video
>Conferencing using H.323 over IP and it's still a headache. Where in the
>Token Ring world of 100Mb Token Ring ( yes it exists ), this is a lot easier
>as it already offers QoS-ing ( made that word up  ) and has done so for
>years.
>
> >>  Is there any
> >>reason that it cannot just hook right into an ethernet network??
>
>-->You can use Ethernet and although, a little harder to setup, but works OK
>provided you don't have an over saturated network and your support staff
>knows how it works. It still rears up every now and then.
>
> > SNA can run on Ethernet. IBM and other vendors support this. It's actually
> > somewhat common.
> >
> >>   I have
> >>read a few white papers on SNA, and I assume that because tokenring was the
> >>major LAN media back in the day, and because SNA uses RIF's to determine
> >>paths to other hosts, that SNA was built requiring the use of RIF's.  Is
> >>this correct??
> > Historically this is not correct. SNA has its own complex path
> > determination methods that were used on large "internetworks" long before
> > Token Ring and source-route bridging were ever invented. Long before LANs
> > were invented, come to think of it. SNA shipped in 1974, (though it didn't
> > catch on right away.) Token Ring's birth date is more like 1984.
> >
> > The Internetworking Technologies Handbook does a pretty good job with SNA.
> > SNA is surprisingly still common, as is Token Ring. (At least in Southern
> > Oregon where I live!? &;-)
>
>-->I do a lot of work for a Movie production company that uses Token Ring
>because of all of the Multimedia they do. We tried a lot of different
>Ethernet solutions but just couldn't get it to perform well.
>For most people, Ethernet works fine as most of the usual traffic is E-Mail,
>Web, file and print, which aren't latency sensitive.
>
>However, to multimedia rendering, video conferencing, Voice, SNA, etc, that
>are very latency sensitive, it makes a big difference.
>
>Sorry for the Token Ring speech.  and no, I don't sell it.
>
>Madge has a pretty decent paper on it:
>
>http://www.madge.com/Connect/Downloads/Documents/content.asp?Article=536&Sub
>Area=
>
>IMHO, it is a lot better than Ethernet but the price killed it.
>Sometimes, you do get what you paid for though  ;-)
>
>It's funny, I have seen companies put a lot of money into QoS strategies,
>that, had they just done Token Ring in the first place, would have cost them
>less and had less support issues in the long run.  
>
>Scotty
>
>
>
> > Priscilla
> >
> >
> >>thanx,
> >>
> >>skin-e
> >>
> >>_
> >>FAQ, list archives, and subscription info:
> >>http://www.groupstudy.com/list/cisco.html
> >>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>--
>Scott Nelson - Network Engineer
>Wash DC +1202-270-8968 & +1202-352-6646
>Los Angeles +1310-367-6646
>mailto:[EMAIL PROTECTED]
>http://www.bnmnetworks.net
>
>PGP Public Key:
>http://home.earthlink.net/~scottnelson/keys/srnbnm.txt
>--
>
>"The better the customer service, the sooner you get to speak
>with someone who can't help you."
>--

ATM QoS WAS Re: SNA: why tokenring?

[Craig Columbus]

Agreed.  I think my brain was on vacation when I read your original post; 
sorry for any confusion.  Chalk it up to a very long day. :-)
Anyway, I did some large scale video-conference setups a number of years 
ago and my only choice for reliability, CODEC to CODEC, was ATM.  We had 
excellent results with a multipoint Voice, Video, Data mux.

Craig

At 10:26 PM 10/12/2000 -0400, you wrote:
>You are not really going to get the full benefits of going ATM to the
>desktop until the Apps running on the client are ATM aware.
>
>Running LANE or doing 1483 is still not going to give you a good COS as you
>would be using AAL5 anyway, which is UBR.
>
>Some VTC ( Video Teleconferencing ) vendors are doing ATM, such as
>http://www.vtel.com  but are using native ATM to simulate B-ISDN over ATM
>and breaking it out before it hits the PC bus, into a CODEC.
>
>ATM is really good on the backbone though and you can have different PVC's
>going into the same router and make different paths. IE: one path/PVC/SVC
>for regular bursty data, another for multicast, another for VTC, another for
>H.323 voice/video, etc.
>
>Scott
>
>
>
> > Not to shift the subject, but if you need the consistent latency and
> > reliability for multimedia, why not go with ATM?  The bandwidth available
> > is better than Token ring and the cost isn't *that* much more.
> > In any case, SNA over Ethernet is no problem in a well-designed
> > network.  As Priscilla stated, IBM has the market for most of the high-end
> > hardware that utilizes SNA, IBM likes(d) token ring, and change is a hard
> > thing to come by in the world of Big Blue.
> >
> > Just my $0.02...
> > Craig
> >
> > At 04:20 PM 10/12/2000 -0400, you wrote:
> >> > At 08:19 AM 10/12/00, Alldread AK2 Robert J wrote:
> >> >>I am just curious as to why SNA still runs on tokenring today.
> >> >
> >> > IBM got their foot in the door at many large companies and then 
> closed the
> >> > door behind them. The end result is that many companies deployed all
> >> > IBM-developed technologies. If a company uses their network for
> >> > mission-critical applications, it takes a long time for the network to
> >> > evolve, since changes risk bringing the network down.
> >>
> >>It's actually more than that though. Token Ring and FDDI are token passing
> >>in nature and can have predictable response times. Ethernet is bursty by
> >>nature and, although good for most everybody needs, still has issues in the
> >>QoS or what I call Best Effort QoS, for what Token Ring already offers,
> >>which is consistent, predictable network response times.
> >>With SNA, that is very important.
> >>
> >>I have seen companies go through a lot of planning into putting Video
> >>Conferencing using H.323 over IP and it's still a headache. Where in the
> >>Token Ring world of 100Mb Token Ring ( yes it exists ), this is a lot 
> easier
> >>as it already offers QoS-ing ( made that word up  ) and has done so for
> >>years.
> >>
> >> >>  Is there any
> >> >>reason that it cannot just hook right into an ethernet network??
> >>
> >>-->You can use Ethernet and although, a little harder to setup, but 
> works OK
> >>provided you don't have an over saturated network and your support staff
> >>knows how it works. It still rears up every now and then.
> >>
> >> > SNA can run on Ethernet. IBM and other vendors support this. It's 
> actually
> >> > somewhat common.
> >> >
> >> >>   I have
> >> >>read a few white papers on SNA, and I assume that because tokenring 
> was the
> >> >>major LAN media back in the day, and because SNA uses RIF's to determine
> >> >>paths to other hosts, that SNA was built requiring the use of RIF's.  Is
> >> >>this correct??
> >> > Historically this is not correct. SNA has its own complex path
> >> > determination methods that were used on large "internetworks" long 
> before
> >> > Token Ring and source-route bridging were ever invented. Long before 
> LANs
> >> > were invented, come to think of it. SNA shipped in 1974, (though it 
> didn't
> >> > catch on right away.) Token Ring's birth date is more like 1984.
> >> >
> >> > The Internetworking Technologies Handbook does a pretty good job 
> with SNA.
> >> > SNA is surprisingly still common, as is Token Ring. (At least in 
> Southern
> >> > Oregon where I live!? &;-)
> >>
> >>-->I do a lot of work for a Movie production company that uses Token Ring
> >>because of all of the Multimedia they do. We tried a lot of different
> >>Ethernet solutions but just couldn't get it to perform well.
> >>For most people, Ethernet works fine as most of the usual traffic is 
> E-Mail,
> >>Web, file and print, which aren't latency sensitive.
> >>
> >>However, to multimedia rendering, video conferencing, Voice, SNA, etc, that
> >>are very latency sensitive, it makes a big difference.
> >>
> >>Sorry for the Token Ring speech.  and no, I don't sell it.
> >>
> >>Madge has a pretty decent paper on it:
> >>
> >>http://www.madge.com/Connect/Downloads/Documents/content.asp?Article=536 
> &Su

Re: Subnet mask question..

[Craig Columbus]

This is a matter of how the question was phrased.
If a class B address had 11 bits of subnetting, then the mask is 
255.255.255.224.  Why?
Because a class B address has NO bits of subnetting to begin with.  You 
take the binary,
..., and to that you add 11 bits, and 
you'll get:
...1110  or  255.255.255.224.

Does this help?

Craig

At 08:47 AM 10/14/2000 +, you wrote:
>Default netmask for class B is 255.255.0.0 with 11 subnet mask you will
>have /27
>ie 255.255.255.224
>
>it's bit confusing though..
>
>Nobody
>Keith Woodworth <[EMAIL PROTECTED]> wrote in article
><[EMAIL PROTECTED]>...
> >
> > Ive been at this for quite a while and the odd subnet question still gets
> > me.
> >
> > Boson question:
> >
> > IP address 172.16.3.57 w/ and 11-bit subnet mask. What are valid hosts?
> >
> > I think ok class B, but I look at 11 bits as 255.224.0.0
> > (.1110.0.0) which does not go with the choices of answers I
> > had.
> >
> > I got it wrong as the answer says an 11-bit mask is 255.255.255.224 when
> > using a class b address. Is the mask there not 27 bits? What am I missing
> > there? How do they get the above mask w/11 bits?
> >
> > The valid hosts were:
> >
> > 172.16.3.33-172.16.3.62, which I think is valid for a 27 bit mask
> >
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Possible Phony CCIE

[Craig Columbus]

I wouldn't drop it.  You don't want to accuse someone unnecessarily, but if 
someone at the CCIE program stated that the card was bogus, I assume that 
they did a name lookup and found he wasn't certified.  You may want to 
pursue this on two fronts: 1) contact the people employing this guy and 
tell them that you're concerned that he's misrepresented himself to them 
and that they should ask for his CCIE number and then follow up with Cisco 
to verify.  2) Contact your local Cisco rep (if you don't know where to 
find them, call Cisco and ask who covers your region) and let them know 
what's going on.  If you don't follow up on both fronts, you may find that 
Company A fires the guy and he turns around and goes to work at Company 
B.  If Cisco is aware, a cease-and-desist letter from their attorneys may 
be enough to stop his misrepresentation.

It really annoys me when people misrepresent themselves (I see it 
occasionally on resumes I receive).  The damage that someone like this can 
do to the CCIE reputation is enormous.  I have a great deal of respect for 
those people who have put themselves, and their families, through the 
wringer just to get the coveted CCIE number.  I personally would like to 
see the con artists loudly, and publicly, denounced as such.  Just be sure 
that you have all the facts before you say anything.  No one's reputation 
should be impugned without absolute proof of wrongdoing.

Just my $0.02...
Craig

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Possible phony CCIE

[Craig Columbus]

I wouldn't drop it.  You don't want to accuse someone unnecessarily, but if 
someone at the CCIE program stated that the card was bogus, I assume that 
they did a name lookup and found he wasn't certified.  You may want to 
pursue this on two fronts: 1) contact the people employing this guy and 
tell them that you're concerned that he's misrepresented himself to them 
and that they should ask for his CCIE number and then follow up with Cisco 
to verify.  2) Contact your local Cisco rep (if you don't know where to 
find them, call Cisco and ask who covers your region) and let them know 
what's going on.  If you don't follow up on both fronts, you may find that 
Company A fires the guy and he turns around and goes to work at Company 
B.  If Cisco is aware, a cease-and-desist letter from their attorneys may 
be enough to stop his misrepresentation.
It really annoys me when people misrepresent themselves.  The damage that 
someone like this can do to the CCIE reputation is enormous.

Just my $0.02...
Craig
At 03:55 AM 10/23/2000 -0400, you wrote:
>Greetings-
>
>
> I recently worked on a project with a fellow who claimed to be a 
> CCIE. He
>even gave me his card with the CCIE logo on it. At least I think it is the
>CCIE logo. It is a router symbol surrounded with laurels and has the words
>Cisco Certified Internetwork Engineer circling it as well. After asking this
>person a few questions, I became suspicious of his credentials due to his
>apparent lack of knowledge of the fundamentals. (I never asked for his CCIE
>number because I attempted verification only after I left the account). I
>faxed a copy of the business card he gave me (homemade BTW) to someone in
>the CCIE program at Cisco.  She told me the card is bogus and that she would
>send the card to the Cisco lawyers. That was three months ago and this
>person is STILL working on site there. What do you people think I should do
>now? Send e-mail to the persons that are contracting him there? He is
>charging a very high bill rate. The people he is working don't have enough
>knowledge to confirm his credentials. Should I let this go? Isn't part of my
>cert agreement with Cisco to protect the logo? I feel that Cisco isn't doing
>anything to protect us here.
>
>Mark Cohen
>CCNA, MCSE, MCP+I
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router Flight Cases

[Craig Columbus]

As someone who's owned and used the various makes of cases, I can recommend 
two: Anvil and SKB.
Anvil isn't the cheapest, but they're the best in my opinion.  SKB is also 
very good, but is plastic instead of wood or aluminum.  Don't let the 
plastic scare you off though...they make ATA and mil-spec stuff.  If you're 
going to be moving the equipment yourself, a standard case will do.  If 
you're going to be shipping the equipment, spring for the shock-mount case.

Just my $0.02...
Craig

At 09:52 AM 11/20/2000 -0600, you wrote:
>Hi, all,
>
>Y'all recall that I posted a few weeks ago for a router cabinet.  Well, I
>got some good leads, and then my circumstances have changed...again.   I
>will be spending alot of time in KC in a corporate apartment for the next
>2-8 months,  so rack mounting my routers at home won't do me any good.  I
>want to take them with me on the plane to my new quarters.
>
>Does anyone know where I can buy one of those flight cases with the 19 inch
>rack inside that are about 3-4 feet high, and can can hold about 8 2500
>sized routers? (The AGS will be staying at home.)   I plan on taking my
>routers with me so that I can while the hours away with study.  The case I
>am looking for is very similar to what the instructors use to transport
>their routers from class to class.   Most of us have seen them:  the
>instructor pops the top and inside are the cabled routers ready for use.
>
>I have been all over the web, and can not find exactly what I need.  I don't
>even know if flight case is the right word.
>
>
>TIA,
>
>Charles
>
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Locate IP Address on Internet [7:3611]

[Craig Columbus]

Kevin,

What do you mean by "get a handle" on?  Do you want to know where it's 
originating (geographically)?  Do you want to know the ISP that owns 
it?  Do you want to know what the machine name is and the OS that's running 
on the machine?
I know of a number of tools, many of which I'm sure you're familiar with, 
that will allow quite a bit of information to be gleaned from a given IP 
address.  Specify what you'd like to know and I'll give some suggestions to 
the list.

Thanks,
Craig

At 10:53 AM 5/8/2001 -0400, you wrote:
>Dear Group,
>
>I've seen this talked about now and then but I haven't had a need to use it
-
>until now.
>
>Say, 212.181.157.94 - a user on hotmail is starting to get abusive and the
>headers indicate the email originated from that address.
>
>What tools are available to get a handle on an IP address that is causing
>problems?
>
>Kevin Wigle
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3614&t=3611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WIC-1ENET on a 1720 (IOS release question) [7:4889]

[Craig Columbus]

Ben,

I put one of these in when the card first became available and found that, 
despite Cisco's website, many of the "later" releases did not support the 
card.  You'll probably need to experiment to see what IOS version supports 
the 1ENET.  I think I ended up installing
12.1.(3)XT since it was the only version I found that would reliably work.

Thanks,
Craig

At 02:53 PM 5/17/2001 -0400, you wrote:
>I have a 1720 that I need to put a WIC-1ENET card
>into.  On Cisco's website it said that 'IOS Release
>12.1(3)XT1 or later' is required.  Does 12.1.1(*)
>count as a later release?
>
>Ben
>
>__
>Do You Yahoo!?
>Yahoo! Auctions - buy the things you want at great prices
>http://auctions.yahoo.com/
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4971&t=4889
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question... [7:5248]

[Craig Columbus]

Sounds like a VPN is your best bet.
Should you decide to implement the VPN, you may want to consider whether 
you still need to maintain the modem pool on the Internet router.  Reducing 
this cost could help justify the cost of implementing a VPN solution.  A 
properly authenticated VPN user should be able to use any dial-up Internet 
connection to reach your LAN.

Craig

At 10:15 AM 5/21/2001 -0400, you wrote:
>Hey all, is it possible to translate public IP addresses (outside) to
>private IP addresses (inside) on a PIX firewall. Basically the exact
>opposite of what's usually performed on a firewall. We are going to have
>users dial in to our internet router and receive a Public IP address. They
>have to get through our firewall to gain access to our LAN. Is there a way
>to translate the Public IP address they will obtain into a private IP
>address used by our LAN so they can access it?  I thank you for your help...
>
>
>   -Rizzo
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5260&t=5248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX question... [7:5248]

[Craig Columbus]

I'm not clear on what you're asking.  Are you asking if the PIX can take a 
public IP and make it appear as a private IP on the internal network?  The 
answer is yes, although you certainly want to be careful with this and I 
can't say that this is a recommended config.  You'll need a config similar 
to the one below:

nat (outside)  1 0 0
static (inside,outside)  
 netmask 255.255.255.255
access-list  permit ip any host 

For more info, reference 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid274896

Thanks,
Craig

At 12:14 PM 5/21/2001 -0400, you wrote:
>We are aware of the VPN solution and that is our long term goal. However,
>for the moment, all I need to know is if it is possible to NAT from an
>outside (not trusted) interface to an inside (trusted) interface.
>
>  Thank you!
>
>   -Rizzo
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 11:44 AM
>To: Rizzo Damian
>Cc: [EMAIL PROTECTED]
>Subject: Re: PIX question... [7:5248]
>
>Sounds like a VPN is your best bet.
>Should you decide to implement the VPN, you may want to consider whether
>you still need to maintain the modem pool on the Internet router.  Reducing
>this cost could help justify the cost of implementing a VPN solution.  A
>properly authenticated VPN user should be able to use any dial-up Internet
>connection to reach your LAN.
>
>Craig
>
>At 10:15 AM 5/21/2001 -0400, you wrote:
> >Hey all, is it possible to translate public IP addresses (outside) to
> >private IP addresses (inside) on a PIX firewall. Basically the exact
> >opposite of what's usually performed on a firewall. We are going to have
> >users dial in to our internet router and receive a Public IP address. They
> >have to get through our firewall to gain access to our LAN. Is there a way
> >to translate the Public IP address they will obtain into a private IP
> >address used by our LAN so they can access it?  I thank you for your
>help...
> >
> >
> >   -Rizzo
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5274&t=5248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "network logon problems" [7:5271]

[Craig Columbus]

Has this ever worked?  Did the problem just recently occur?
If the user logs in with the cached credentials, verifies that he is able 
to access the correct network resources, logs off, logs back in, and still 
can't connect to the domain, then you can rule out spanning-tree 
calculations as the problem.
Is the domain in which the user accounts reside available and properly 
configured on each of the problem workstations?
I can only think of a few things that would cause this problem:
1)  The correct domain is not available, or does not (or is unable to) 
respond within the time-out for some reason.
2)  The correct domain is not configured properly in Windows.
3)  The switch port is blocking for some reason.

Craig

At 01:01 PM 5/21/2001 -0400, you wrote:
>HELP!!
>I have an issue where it appears that multiple users cannot login.  I
>receive the error "you will be logged on using a cached account" and once
>logged on, all network devices are available.  I have ensured that on the
>catalyst 3548XL, all ports have Port fast enabled and I have also enabled
>STP to try and overcome the problem with no success.  I have also moved the
>users to switches that have no issues and I still have the same problem.  I
>also did a ipconfig /release renew and replaced the nic card and did a cold
>boot and warm boot on the machines with no success.  All other user are fine
>and it is only affecting like 3 people.  I even set them to auto, auto and
>the switch to auto,auto and this did not work either.  I then tried 100 full
>and half and that did not work either.  I also do not have port security
>enabled.  It appears to be a network issue with the catalystr switches, but
>I am unsure as to the root of the problem.Don't know if this would do
>anything, but I did a NBTSTAT -RR from the command line as well.  Any help
>would be greatly appreciated.Thank you.
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5277&t=5271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX question... [7:5248]

[Craig Columbus]

I just realized that the config I sent through to the list didn't come 
through as I typed it.  Probably because the filter is set to take out 
certain characters.  Rizzo, hopefully you got the correct config in the 
message I sent you directly.

Using the static command should work, provided that it's coupled with the 
appropriate NAT command (to tell the router where to NAT and in what 
direction) and the correct access-list command (needed to tell the router 
to pass traffic from the particular public IP identified in the static
config).

In your particular case, you'll need to setup a static command and 
access-list for each IP address in your modem pool.

Refer again to the URL I sent in the previous message.  It has specific 
configuration commands to do exactly what you're trying to do.

Thanks,
Craig

At 01:32 PM 5/21/2001 -0400, you wrote:
>Actually it seems as if you understand exactly what I'm asking. Your idea is
>very similar to mine. However it didn't work unfortunately. Let me ask this
>another way, if you don't mind...You have an internet router which is
>directly connected to the external (un-trusted) interface of your PIX
>firewall. Basically I want to be able to access my internal LAN with private
>IP addresses from the Internet router with Public IP addresses. So I should
>be able to telnet onto my internet router and ping my privately held LAN.
>Forget about Security, I just want to know if it can be done. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no?   Thanks for any help in advance!
>
>
>
>   -Rizzo
>
>
>
>
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 1:12 PM
>To: [EMAIL PROTECTED]
>Subject: RE: PIX question... [7:5248]
>
>I'm not clear on what you're asking.  Are you asking if the PIX can take a
>public IP and make it appear as a private IP on the internal network?  The
>answer is yes, although you certainly want to be careful with this and I
>can't say that this is a recommended config.  You'll need a config similar
>to the one below:
>
>nat (outside)  1 0 0
>static (inside,outside)
>  netmask 255.255.255.255
>access-list  permit ip any host
>
>For more info, reference
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/exa
>mples.htm#xtocid274896
>
>Thanks,
>Craig
>
>At 12:14 PM 5/21/2001 -0400, you wrote:
> >We are aware of the VPN solution and that is our long term goal. However,
> >for the moment, all I need to know is if it is possible to NAT from an
> >outside (not trusted) interface to an inside (trusted) interface.
> >
> >  Thank you!
> >
> >   -Rizzo
> >
> >
> >
> >
> >-Original Message-
> >From: Craig Columbus [mailto:[EMAIL PROTECTED]]
> >Sent: Monday, May 21, 2001 11:44 AM
> >To: Rizzo Damian
> >Cc: [EMAIL PROTECTED]
> >Subject: Re: PIX question... [7:5248]
> >
> >Sounds like a VPN is your best bet.
> >Should you decide to implement the VPN, you may want to consider whether
> >you still need to maintain the modem pool on the Internet router. 
Reducing
> >this cost could help justify the cost of implementing a VPN solution.  A
> >properly authenticated VPN user should be able to use any dial-up Internet
> >connection to reach your LAN.
> >
> >Craig
> >
> >At 10:15 AM 5/21/2001 -0400, you wrote:
> > >Hey all, is it possible to translate public IP addresses (outside) to
> > >private IP addresses (inside) on a PIX firewall. Basically the exact
> > >opposite of what's usually performed on a firewall. We are going to have
> > >users dial in to our internet router and receive a Public IP address.
>They
> > >have to get through our firewall to gain access to our LAN. Is there a
>way
> > >to translate the Public IP address they will obtain into a private IP
> > >address used by our LAN so they can access it?  I thank you for your
> >help...
> > >
> > >
> > >   -Rizzo
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5290&t=5248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: "network logon problems" [7:5271]

[Craig Columbus]

Yes, but really what I was referring to was that the port will not pass 
traffic when it's trying to figure out the spanning-tree.  Since you're set 
to portfast, the port should immediately go to forwarding.
Since this is affecting only a few users on the network, I really can't see 
that STP is the issue.
My instincts say that this is probably not a network issue; that it's more 
likely a Windows issue.  However, there are some tests you can do to 
determine the point of failure:
1)  Hookup a sniffer to the switch in question, mirror the problem port(s), 
fire up the workstations, and watch the traffic.  Do you see the 
workstation trying to authenticate?  Do you see responses from the DC?
2)  If the DC is trying to respond, but the workstation isn't receiving the 
messages, look for errors on the switch ports.
3)  If all traffic looks normal and you're not seeing any errors, start 
looking at your Windows configuration and/or logins.  Make sure the users 
aren't selecting a domain that is no longer available on your network or 
something like that.

Thanks,
Craig

At 01:43 PM 5/21/2001 -0400, you wrote:
>Yes and it just started last week, so according to what you have said,
>spanning tree is ruled out.  Now when you say the port is blocking, are you
>referring to the port that station is connected to?
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 1:18 PM
>To: Robert Perez
>Cc: [EMAIL PROTECTED]
>Subject: Re: "network logon problems" [7:5271]
>
>
>Has this ever worked?  Did the problem just recently occur?
>If the user logs in with the cached credentials, verifies that he is able
>to access the correct network resources, logs off, logs back in, and still
>can't connect to the domain, then you can rule out spanning-tree
>calculations as the problem.
>Is the domain in which the user accounts reside available and properly
>configured on each of the problem workstations?
>I can only think of a few things that would cause this problem:
>1)  The correct domain is not available, or does not (or is unable to)
>respond within the time-out for some reason.
>2)  The correct domain is not configured properly in Windows.
>3)  The switch port is blocking for some reason.
>
>Craig
>
>At 01:01 PM 5/21/2001 -0400, you wrote:
> >HELP!!
> >I have an issue where it appears that multiple users cannot login.  I
> >receive the error "you will be logged on using a cached account" and once
> >logged on, all network devices are available.  I have ensured that on the
> >catalyst 3548XL, all ports have Port fast enabled and I have also enabled
> >STP to try and overcome the problem with no success.  I have also moved
the
> >users to switches that have no issues and I still have the same problem. 
I
> >also did a ipconfig /release renew and replaced the nic card and did a
cold
> >boot and warm boot on the machines with no success.  All other user are
>fine
> >and it is only affecting like 3 people.  I even set them to auto, auto and
> >the switch to auto,auto and this did not work either.  I then tried 100
>full
> >and half and that did not work either.  I also do not have port security
> >enabled.  It appears to be a network issue with the catalystr switches,
but
> >I am unsure as to the root of the problem.Don't know if this would do
> >anything, but I did a NBTSTAT -RR from the command line as well.  Any help
> >would be greatly appreciated.Thank you.
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5293&t=5271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question... [7:5248]

[Craig Columbus]

Actually, this can and does work.  I've set up at least one box this way 
during a network transition (not that it's a good idea, mind you).  In 
addition, the instructions, direct from Cisco, may be found in the URL that 
I previously posted.  Remember, the PIX passes what it's told to pass;  if 
the conf tells it to pass traffic, it passes traffic.

Thanks,
Craig

At 08:14 PM 5/21/2001 -0400, you wrote:
>hi Rizzo!
>
>You can not even telnet into your PIx from the outside interface, nor you
>can telnet into it without VPN or SSH.  Making the PIX work the way you want
>(in contrary to the usual way of NATing high security to Low security) won't
>work;   It's how PIXs are made & can not be modified to suite every needs.
>You might be looking at other routers to get your idea to work . but not
>PIX.  Any ideas, suggestions, corrects & comments; I would like to hear from
>you guys!
>
>Syson Suy
>
>If Life is a Game, These are the Rules:
>Experience is a hard teacher.
>She give the test first and the lessons afterwards.
>- Original Message -
>From: "Richie, Nathan"
>To:
>Sent: Monday, May 21, 2001 5:05 PM
>Subject: RE: PIX question... [7:5248]
>
>
> > I beg to differ.  I do not believe this can be done.  When the PIX
> > translates (either dynamically or statically), it takes a private IP
>address
> > (inside interface) and translates it to a Public IP address (outside).
>Then
> > the outside interface will process ALL packets for that Public IP address
> > and direct them to the internal source (private IP address).  So if you
>have
> > a static NAT, say for like this
> >
> > static (inside, outside) 99.99.99.99 10.1.1.1 netmask 255.255.255.255
> >
> > and on the router you have assigned the 99.99.99.99 to the dialup user,
>then
> > you have 2 devices on the LAN that are assigned the 99.99.99.99 address
>(the
> > router and the PIX)
> >
> > You translate an IP address from a more secure network to the less secure
> > network, in this case from the inside network to the outside network.  So
> > you would have to reverse the security settings, effectively opening up
>your
> > LAN to the world.
> >
> > You could do a couple of other solutions:
> >
> > 1)  VPN between router & PIX
> > 2)  Terminate clients inside the PIX
> > 3)  Create an IP pool on the router and allow full access with an
> > access-list (for this range of IP addresses) on the outside interface of
>the
> > PIX.
> >
> > This is my understanding of how the PIX and NAT translations work, but I
> > have not tested this to disprove it, so if I am in error and some has
>tested
> > this and I am wrong, please let me know.
> >
> > Hope this helps.
> >
> > Nathan
> >
> > -Original Message-
> > From: Darren Crawford [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, May 21, 2001 4:01 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: PIX question... [7:5248]
> >
> >
> > OK kids.  Allowing packets from a lower security level interface to a
>higher
> > security level interface requires a conduit or access list.  So yes, it
>can
> > be
> > done.  I wouldn't forget about security though.  ;^)
> >
> > D.
> >
> > At 01:50 PM 05/21/2001 -0400, Rizzo Damian wrote:
> > >Actually it seems as if you understand exactly what I'm asking. Your
idea
> > is
> > >very similar to mine. However it didn't work unfortunately. Let me ask
>this
> > >another way, if you don't mind...You have an internet router which is
> > >directly connected to the external (un-trusted) interface of your PIX
> > >firewall. Basically I want to be able to access my internal LAN with
> > private
> > >IP addresses from the Internet router with Public IP addresses. So I
>should
> > >be able to telnet onto my internet router and ping my privately held
LAN.
> > >Forget about Security, I just want to know if it can be done. The static
> > >mapping doesn't seem to work. Probably because it require a one-to-one
> > >mapping no?   Thanks for any help in advance!
> > >
> > >
> > >
> > >  -Rizzo
> > >
> > >
> > >
> > >
> > >
> > >-Original Message-
> > >From: Craig Columbus [mailto:[EMAIL PROTECTED]]
> > >Sent: Monday, May 21, 2001 1:12 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: PIX question... [7:5248]
> > >
> > >I'm not clear on what you're asking.  Are you asking if

Double-Nat troubles [7:5752]

[Craig Columbus]

I'm about to open a case with Cisco regarding this issue, but I'm curious 
if anyone out there has run into something similar:

Background:
A company is migrating networks.  For various reasons, the following 
network is in place.
Cisco 1720: has a fast ethernet connecting to the PIX, an ethernet 
connecting to the old network, and a Serial connecting to the Internet.
Ethernet0 Interface has address 1.1.1.3/24, routing all "old-network" 
traffic to 1.1.1.1.  This is also a NAT Outside interface.
Fast Ethernet0 has address 2.2.2.1/26, routing all inbound "new network" 
traffic to 2.2.2.2 (PIX Outside Interface).  This is a NAT Inside interface.
Serial 0 is the default-route for all destinations not found in the route 
table.

Problem:
When traffic is sent to a 1.1.1.x address, it gets translated properly into 
a 2.2.2.x address and routed to the PIX.  The PIX translates the 2.2.2.x 
address to a (static) 10.x.x.x address.  The traffic reaches the 
destination machine inside the network.  The machine then tries to respond 
to the original source.  The PIX recognizes and properly translates the 
traffic.  The Cisco 1720 does not translate any traffic where the 
destination can only be reached by using the default route.  If there is a 
specific route for the destination in the 1720 routing table, the 1720 
correctly translates and passes the traffic.  If I originate traffic that 
must use the default route from the 1720, the 1720 routes it correctly.
Now, I'm aware that the NAT will not work is there isn't a route to the 
destination in the routing table, or if there are access lists blocking a 
port.  There are no access-lists in use anywhere in this scenario, other 
than the one associated with NAT and the default route works correctly when 
NAT isn't involved.
Curiously, and this may or may not be important, I notice that I get a 
response to a 1.1.1.x address, but the router is only translating one 
way.  It appears, oddly enough, that the router is generating the ICMP echo 
response for the (virtual) 1.1.1.x address.
Is there an issue with double-NAT of which I'm not aware?

Thoughts?

Craig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5752&t=5752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Double-Nat troubles [7:5752]

[Craig Columbus]

Thanks for the reply Jason.

Actually, the routing was completely correct.  I spent 5 hours on the phone 
with TAC yesterday and they confirmed that it was a bug with the double 
NAT.  For some reason, IOS NAT, when presented with already NATed traffic, 
won't properly send the traffic to a default route.  Strangely enough, I 
was able to test another double-NAT situation, this time with two PIX 
boxes, and I had no issues at all.  As a workaround, I had to put policy 
routing in place with a bunch of statements for the servers that needed to 
"ACK" traffic from the old network.

Thanks again,
Craig

At 03:24 AM 5/25/2001 -0400, you wrote:
>What if you move the default route to toward the PIX?  I bet it works then.
>How is the router to know where to forward the packets just because there is
>a NAT in place?  The NAT happens as the packets go from one interace to the
>other, but that is still depending on routing taking place for it to know
>where to send it.  Why not just set up a static route toward the PIX for the
>old network?
>
>--
>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>""Craig Columbus""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm about to open a case with Cisco regarding this issue, but I'm curious
> > if anyone out there has run into something similar:
> >
> > Background:
> > A company is migrating networks.  For various reasons, the following
> > network is in place.
> > Cisco 1720: has a fast ethernet connecting to the PIX, an ethernet
> > connecting to the old network, and a Serial connecting to the Internet.
> > Ethernet0 Interface has address 1.1.1.3/24, routing all "old-network"
> > traffic to 1.1.1.1.  This is also a NAT Outside interface.
> > Fast Ethernet0 has address 2.2.2.1/26, routing all inbound "new network"
> > traffic to 2.2.2.2 (PIX Outside Interface).  This is a NAT Inside
>interface.
> > Serial 0 is the default-route for all destinations not found in the route
> > table.
> >
> > Problem:
> > When traffic is sent to a 1.1.1.x address, it gets translated properly
>into
> > a 2.2.2.x address and routed to the PIX.  The PIX translates the 2.2.2.x
> > address to a (static) 10.x.x.x address.  The traffic reaches the
> > destination machine inside the network.  The machine then tries to
respond
> > to the original source.  The PIX recognizes and properly translates the
> > traffic.  The Cisco 1720 does not translate any traffic where the
> > destination can only be reached by using the default route.  If there is
a
> > specific route for the destination in the 1720 routing table, the 1720
> > correctly translates and passes the traffic.  If I originate traffic that
> > must use the default route from the 1720, the 1720 routes it correctly.
> > Now, I'm aware that the NAT will not work is there isn't a route to the
> > destination in the routing table, or if there are access lists blocking a
> > port.  There are no access-lists in use anywhere in this scenario, other
> > than the one associated with NAT and the default route works correctly
>when
> > NAT isn't involved.
> > Curiously, and this may or may not be important, I notice that I get a
> > response to a 1.1.1.x address, but the router is only translating one
> > way.  It appears, oddly enough, that the router is generating the ICMP
>echo
> > response for the (virtual) 1.1.1.x address.
> > Is there an issue with double-NAT of which I'm not aware?
> >
> > Thoughts?
> >
> > Craig
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5896&t=5752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Double-Nat troubles [7:5752]

[Craig Columbus]

Truthfully, after spending 5 hours with a cell phone to my head I couldn't 
be bothered asking how a router would be aware of a double NAT.
The problem only occurred when an ACK was returning with a destination that 
had to be reached by the default route.  The correct sequence of NAT 
requires the NAT process to check for a route to the destination before 
performing the translation.  If there's a destination in the route table, 
translation is supposed to occur.  Once examined, it was clear that a 
packet entering the network was Natted once on the 1720 and again on the 
PIX, finally reaching the destination machine.  When the destination 
machine responded with an ACK, the PIX was translating correctly, but the 
1720 was only translating if there was a specific entry in the route table 
for the destination network.  If the destination required the packet to 
take the default route, no translation would occur and the packet was 
dropped.  The workaround required policy routing that looks at the source 
of the ACK and then sets the "ip next-hop" manually if the packet matches 
the rules.

Craig

At 07:44 AM 5/25/2001 -0700, you wrote:
>I agree with the other guy. How would any router "know" that a packet had
>already been natted?
>
>Does Cisco NAT set on of the IP or TCP obscure bits? What did Cisco say?
>
>Chuck
>
>-Original Message-
>From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>Craig Columbus
>Sent:   Friday, May 25, 2001 5:03 AM
>To: [EMAIL PROTECTED]
>Subject:Re: Double-Nat troubles [7:5752]
>
>Thanks for the reply Jason.
>
>Actually, the routing was completely correct.  I spent 5 hours on the phone
>with TAC yesterday and they confirmed that it was a bug with the double
>NAT.  For some reason, IOS NAT, when presented with already NATed traffic,
>won't properly send the traffic to a default route.  Strangely enough, I
>was able to test another double-NAT situation, this time with two PIX
>boxes, and I had no issues at all.  As a workaround, I had to put policy
>routing in place with a bunch of statements for the servers that needed to
>"ACK" traffic from the old network.
>
>Thanks again,
>Craig
>
>At 03:24 AM 5/25/2001 -0400, you wrote:
> >What if you move the default route to toward the PIX?  I bet it works
then.
> >How is the router to know where to forward the packets just because there
>is
> >a NAT in place?  The NAT happens as the packets go from one interace to
the
> >other, but that is still depending on routing taking place for it to know
> >where to send it.  Why not just set up a static route toward the PIX for
>the
> >old network?
> >
> >--
> >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> >List email: [EMAIL PROTECTED]
> >Homepage: http://jason.artoo.net/
> >
> >
> >
> >""Craig Columbus""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I'm about to open a case with Cisco regarding this issue, but I'm
>curious
> > > if anyone out there has run into something similar:
> > >
> > > Background:
> > > A company is migrating networks.  For various reasons, the following
> > > network is in place.
> > > Cisco 1720: has a fast ethernet connecting to the PIX, an ethernet
> > > connecting to the old network, and a Serial connecting to the Internet.
> > > Ethernet0 Interface has address 1.1.1.3/24, routing all "old-network"
> > > traffic to 1.1.1.1.  This is also a NAT Outside interface.
> > > Fast Ethernet0 has address 2.2.2.1/26, routing all inbound "new
network"
> > > traffic to 2.2.2.2 (PIX Outside Interface).  This is a NAT Inside
> >interface.
> > > Serial 0 is the default-route for all destinations not found in the
>route
> > > table.
> > >
> > > Problem:
> > > When traffic is sent to a 1.1.1.x address, it gets translated properly
> >into
> > > a 2.2.2.x address and routed to the PIX.  The PIX translates the
2.2.2.x
> > > address to a (static) 10.x.x.x address.  The traffic reaches the
> > > destination machine inside the network.  The machine then tries to
>respond
> > > to the original source.  The PIX recognizes and properly translates the
> > > traffic.  The Cisco 1720 does not translate any traffic where the
> > > destination can only be reached by using the default route.  If there
is
>a
> > > specific route for the destination in the 1720 routing table, the 1720
> > > correctly translates and passes the traffic.  If I originate traffic
>that
> > > must use the def

Re: ospf and eigrp [7:6634]

[Craig Columbus]

I don't think there's a correct answer to your question, as I could make an 
argument for either protocol if forced. However...
Personally I like OSPF in the core better than EIGRP for multiple reasons:
1)  It's not proprietary.  I can mix and match manufacturers.
2)  There are more technicians familiar with OSPF than with EIGRP (or at 
least that used to be the case).
3)  By designing stubby areas, totally stubby areas, and not-so-stubby 
areas properly, I can easily control the number of LSAs that flow through 
any given area of the network.
4)  OSPF is a very quiet protocol in a stable network.

One of my biggest complaints (and frankly it's not a very big one) is that 
the convergence time could be quite long (default 46 seconds) compared to a 
default 16 seconds for EIGRP.

as always, your mileage may vary.

Craig

At 01:19 PM 5/31/2001 -0400, you wrote:
>What are the pros and cons of running OSPF over EIGRP in the Core of the
>network? In relation to troubleshooting as well as convergence?
>
>The Network:
>Core - 4 fully meshed 3660's each connected to a Nokia/Checkpoint Firewall
>connected to 2600 border routers (connected to UUNet backbone).
>The border routers run BGP4, and the Core's run OSPF.
>Each Core router is connected to 8-14 satellite offices, a mix of 2500,
>2600, and 1600 series routers. Each of these 4 regions runs EIGRP and has a
>backup router connected to 2 cores.
>
>Thanks,
>Susan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6665&t=6634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco moving to a one day lab? [7:6735]

[Craig Columbus]

Kevin brings up a good point.  By reducing the number of people who are 
authorized to take the lab, the waiting list for the lab will shrink.  I 
think that it's time that Cisco bring the CCIE into the certification track 
with the other certs.  Personally, I found the CCIE written to be rather 
easy compared to the CID exam.
I don't think I'd let the CCNP/CCDP be the prerequisite however.  I think 
I'd rather keep the CCIE written qualifier as a separate, yet progressively 
more difficult exam, perhaps by keeping the current content, but adding 
more questions relevant to today's large scale networks.  The new order of 
certification might be CCNA, CCDA, CCNP, CCDP, CCIE Written, each 
certification being a prerequisite for the next.
I don't necessarily think that a change to the CCIE lab is in order, mainly 
since I've heard that while the number of people taking (or waiting to 
take) the lab has increased, the passing rate has pretty much stayed the
same.

Craig
At 04:35 PM 6/2/2001 -0400, you wrote:
>"This has somewhat lessened the difficulty of the process (as witnessed by
>the
>backlog of people taking the lab after breezing through the written)."
>
>When the "junior certs" were introduced, it was pondered whether they should
>be a pre-requisite to the CCIE written or as I have read before - make the
>CCNP/CCDP the pre-requisite for the lab.
>
>On a FAQ at one time, Cisco said that "eventually" the CCIE would become
>part of the career certification track which was to say that you would need
>to go through the junior certs before attempting the CCIE.
>
>With the onslaught of new study material, bootcamps, virtual racks et al, I
>think it is time that the CCIE written be retired and the CCNP/CCDP be the
>CCIE lab authorization.
>
>Or, because the CCIE written still has stuff that is not talked about much
>any more (if at all) in the current R/S curriculum, then a smaller CCIE
>written to cover those topics but integrate it into the present career
>track.  CCNA - CCNP/CCDP - CCIE Written - CCIE lab.
>
>This way, we could get rid of the idea of passing one exam and then clogging
>the calendar for the CCIE lab.  If you have to get from 4 - 7 exams before
>the lab, that would perhaps slow things down and maybe (just maybe) increase
>the success rate at the lab.
>
>Hopefully this would stave off any loss of respect for the cert and perhaps
>even increase it.
>
>
>Kevin Wigle
>
>
>- Original Message -
>From: "Louie Belt"
>To:
>Sent: Saturday, 02 June, 2001 09:33
>Subject: RE: Cisco moving to a one day lab? [7:6735]
>
>
> > Any CCIE or CCIE candidate worth his salt would want the lab to be
>tougher.
> > A number of study aids are now available that were not in the past.  This
> > has somewhat lessened the difficulty of the process (as witnessed by the
> > backlog of people taking the lab after breezing through the written).
> > Making it tougher is just a method of counterbalancing all of the
>increased
> > study aids and maintaining the value of the CCIE cert.
> >
> > If you truly want to obtain your CCIE then you should want it to be as
> > difficult as possible, otherwise where is the value in the cert?  If you
>are
> > not up to the challenge, then don't make the attempt.
> >
> > As for who should evaluate the CCIE program - most (not all)employers
> > couldn't begin to answer the questions about what is needed from a CCIE.
> > The biggest employer of CCIE's is Cisco (by far) so they should already
>have
> > an idea of what is needed.  Cisco has been respectful enough of the CCIE
> > population to also ask for their input and most have given it willingly.
> >
> > My main interested is in preserving the value of the CCIE cert.  I am
> > currently studying for my 2nd CCIE cert and still hope they make it
>tougher
> > (before I complete it).  I also hope they make the recertification tests
> > tougher as well.
> >
> > I'm up to the challenge - are you?
> >
> >
> > Louie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6990&t=6735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco moving to a one day lab? [7:6735]

[Craig Columbus]

You're correct that Cisco hasn't been in a big hurry to add lab 
facilities.  But, I'm not sure that I want additional facilities.
Part of the problem with the CCIE certification process is that there are 
only two tests and successful candidates are (usually) paid quite 
well.  Let's say that a candidate has to take the written 4 times to pass 
($1200) and the lab 4 times to pass ($5000).  For a net investment of 
$6200, the newly minted CCIE, even with EXTREMELY limited experience, 
should be able to increase his annual compensation by at least 
$10,000.  The long-term return on investment is, frankly, 
astounding.  Would only morons pass tests?  Of course not.  There will 
always be truly talented individuals who seek the CCIE cert.  Yet, how many 
times would a company have to hire a CCIE who passed via persistance rather 
than knowledge, before the company decided CCIEs weren't very 
knowledgeable?  I've seen this very situation happen with any number of 
certs, including CNE, MCSE, and CCNA.  I, for one, don't wish this to 
happen to the CCIE.
The solution to the problem is to limit the number of people allowed to 
take the lab.  One fair way to do this is to make the qualifications more 
stringent and to increase the waiting period between lab attempts.  My lab 
is coming up faster than I would like, but if I don't pass on the first 
attempt, I think it would be quite reasonable for Cisco to require a 6 
month wait before I could attempt the lab again.  Would it be frustrating, 
especially if I narrowly failed?  You bet.  But then again, it'd make it 
that much sweeter when I finally passed.

Just my $0.02...
Craig

At 01:40 PM 6/3/2001 -0400, you wrote:
>"By reducing the number of people who are authorized to take the lab, the
>waiting list for the lab will shrink"
>
>I can't argue with this statement.  However, as explained below, I don't
>think reducing the number of people authorized to take the lab is the
>solution.
>
>I'll say this once more, since no one has given me any feedback about this
>opinion (which I've posted before):
>
>The waiting list for the lab is longer now for 2 reasons:
>1)  More people are attempting the CCIE than a year ago or before.
>2)  Cisco, in large part, is responsible for this backlog for the lab
>because they have not created more lab exam locations to meet the rising
>demand.  If anything, they have somewhat created this backlog because they
>reduced the number of lab testing locations in North America from 3 to 2.
>The act of reducing the number of testing locations by 33% (assuming demand
>were constant, which I believe it has actually risen) would explain why the
>2 remaining locations are overrun with applicants.
>
>Given these two reasons, I'd like to hear feedback on whether or not people
>agree that this explains the backlog.  Furthermore, I'd like to hear
>comments on my assertion that, because these 2 things are mainly responsible
>for the backlog, that the CCIE written and lab do not need modification
>because their difficulty (or lack of on some people's opinion) is *not* the
>cause of the backlog to begin with.
>
>Comments are welcomed. (begged for actually =)  Priscilla, Chuck,
>Louie. speak up =)
>
>Mike W.
>
>PS:  I think that making CCNA -> CCNP a prerequisite for even taking the
>CCIE written would relieve some of the congestion in the waiting line for
>the lab and create a more rounded CCIE candidate.  I knew from the beginning
>that going for CCIE without CCNA/CCNP was an option, but I wanted a fuller
>understanding of networking, so I chose to do CCNA/CCDA/CCNP/CCDP before
>even attempting CCIE lab, so I could be a CCIE worthy the title.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6998&t=6735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Anyone have CISSP? [7:7832]

[Craig Columbus]

I'm looking for information from those of you who've earned the CISSP 
certification.  Does it complement your Cisco security skills?  Have you 
found that employers/clients recognize the cert?  Assuming that one already 
has the requisite knowledge, does the certification open enough new doors 
that it's worth the time and expense of obtaining it?

Thanks in advance,
Craig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7832&t=7832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab Retake Policy Question [7:8542]

[Craig Columbus]

Regarding the CCIE lab retake policy:

If one takes the lab and narrowly fails, the official waiting period to 
retake is thirty days.  Is there a separate queue for retake candidates, or 
do retake candidates have to re-register in the standard queue, with a 
waiting period of (currently) 8 months in some places?  My assumption is 
that someone retaking goes back to the end of the line.  Can anyone confirm?

Thanks,
Craig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8542&t=8542
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 506 [7:8799]

[Craig Columbus]

I've got a few in service in different locations and have not had any 
issues to date.
Are you plugged into a conditioned line?  Is the room climate controlled?

At 08:14 PM 6/15/2001 -0400, you wrote:
>I have been using the PIX 506 and have had hardware problems. The unit
>seems to loose power. The fan stays spinning, but all the LEDs go out and it
>doesn't function. When it is turned off and back it works for anywhere for
>10 to 5 hours, then needs to be power cycled again. I have had this problem
>with 3 PIX 506's. Cisco has been good about returning them. I just wanted to
>know if anyone else has experienced these problems.
>/Rick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8824&t=8799
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: network map for campus-size network [7:9199]

[Craig Columbus]

I know I'm not high-tech, but I still use Visio Enterprise.

Craig

At 12:07 PM 6/20/2001 -0400, you wrote:
>Hello,
>
>What product and processes would you recommend for documenting a campus
>network. I'm looking for advice on products, tools, and best practices for
>keeping a network map reasonably up-to-date. By campus network I mean a
>large set of LANs with maybe one or two WANs.
>
>I saw the info on NetCool, but it seems like overkill -- maybe more for
>large enterprises and service providers and more of an umbrella network
>management system rather than just solving the network map problem.
>
>I realize a lot of people let their network maps get out of date! But any
>advice from people who don't do that? ;-)
>
>Thanks
>
>Priscilla
>
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9208&t=9199
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed CCDA [7:10784]

[Craig Columbus]

Having taken both CID 2.0 (a VERY difficult test) and CID 3.0 (a somewhat 
difficult test), I can tell you that there are no scenario questions on 
either one.  There may be some questions that give a bit (a very small bit) 
of background, but nothing even close to the scenarios that are on the DCN 
exam.  To my knowledge, CID4.0 is yet to be released.  Is your 
brother-in-law quite sure he didn't take DCN?  Even if he registered for 
CID, it's conceivable that he got the wrong test.  Have him check his score 
report.

Craig

At 07:56 PM 7/3/2001 -0400, you wrote:
>Well, I believe that he took the CID in February or March of this year..
>
>I'm talking with my brother-in-law now about this (while I type =) and he's
>laying out in great detail about the case studies having multiple paragraphs
>about a company and it's infrastructure, etc... and then eventually asks
>questions about it.  To the point of where there are exhibits with scroll
>bars because they're so long...
>
>I believe you (Priscilla) when you say that the current CID doesn't use case
>studies.. But I also believe my brother-in-law when he carried on for a
>week about all of the case studies on his CID earlier this year..  Is it
>possible that somehow the testing center could've gotten by for a bit not
>updating the exam?
>
>"There has to be a logical explanation"
>
>Lemme know folks.. I can't for any reason think of how this could
>happen  When I mentioned this thread to him, he got upset because
>now he thinks that everyone here thinks he's lying about the case
>studies.  heh
>
>Mike W.
>
>"Priscilla Oppenheimer"  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I think CID is at 3.0 now. It has been for years. But Cisco beta-tested
>4.0
> > recently. Maybe it is live now. I don't think it has case studies, but I
> > could be wrong.
> >
> > I think your bro is confused. Maybe case study (scenario) means something
> > different to him? There are some questions that pose design requirements
>or
> > situations, but just in a sentence or two. There weren't any long
>exhibits.
> > I took it a while ago though.
> >
> > Priscilla
> >
> > At 06:05 PM 7/3/01, Michael L. Williams wrote:
> > >Uh.  that wasn't my brother that passed in 10 seconds =)
> > >
> > >I just can't imagine why he would recall sooo many questions from
>case
> > >studies if there were none..
> > >
> > >When were the exams changed?   Lemme know =)  I got CID a week from
> > >Friday
> > >
> > >Mike W.
> > >
> > >"Priscilla Oppenheimer"  wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Is that the same brother-in-law who passed in 3 minutes? ;-)
> > > >
> > > > Seriously, CID doesn't have scenarios. Unless maybe there's a new
>version
> > > > out?
> > > >
> > > > Priscilla
> > > >
> > > >
> > > > >-Original Message-
> > > > >From: Michael L. Williams [mailto:[EMAIL PROTECTED]]
> > > > >Sent: Tuesday, July 03, 2001 12:35 PM
> > > > >To: [EMAIL PROTECTED]
> > > > >Subject: Re: Passed CCDA [7:10784]
> > > > >
> > > > >
> > > > >My brother-in-law recently took the CID and said about 1/2 of his
100
> > > > >questions were based on case-studies (scenarios)...
> > > > >You musta just got the easy version =)
> > > > >
> > > > >Mike W.
> > > > >
> > > > >"Harrison, Michael"  wrote in message
> > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > > No scenarios on the CID test.  100 questions multiple choice.
>There
> > >is
> > > > >not
> > > > > > even multiple checkboxes "choose all that apply".  It is a very
> > > > > > straightforward test but do not underestimate it.  If you are
> > prepared
> > >it
> > > > >is
> > > > > > a VERY fast test.  If you are not I can imagine it will be a very
> > long
> > >2
> > > > > > hours.
> > > > > >
> > > > > >
> > > > > > -Original Message-
> > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: Tuesday, July 03, 2001 5:26 AM
> > > > > > To: [EMAIL PROTECTED]
> > > > > > Subject: Passed CCDA [7:10784]
> > > > > >
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > Just want to thank all of you for there feed backs.
> > > > > >
> > > > > > Passed CCDA today.  72 question, 755 to pass, scored something
>over
> > >850.
> > > > > > The exam itself is not too hard, but the way Cisco presents the
> > >scenario
> > > > > > questions is very
> > > > > > strange. About 4 scenarios are spread among the 72 questions.
What
>I
> > >mean
> > > > >is
> > > > > > you got 1 question on case 1, the next question on case 4, then
>some
> > > > > > non-scenario questions and so on.
> > > > > >
> > > > > > I only used Cisco's CCDA Study Guide. I missed some questions
that
> > >were
> > > > >not
> > > > > > mentioned in the book but found them in the CID one.
> > > > > >
> > > > > > Are there any scenarios in the CID one!!!
> > > > > >
> > > > > > Tarry
> > > > > >
> > > > > > --
> > > > > > GMX - Die Kommunikationsplat

Re: 3DES [7:34756]

[Craig Columbus]

A couple of questions regarding the original post and then some comments:

It was unclear to me from the original post why you need the DES/3DES.  Are 
you running end user VPN clients?  Router-router tunnels?  You need to 
consider the purpose of the encryption and the information it's intended to 
guard before deciding on the level.  I've got some clients (law enforcement 
agencies, brokerage firms, etc.) where I don't take any comfort from 
3DES.  On the other hand, I've got some small business clients that use 
encryption for interoffice links that transfer non-sensitive/low sensitive 
information.  For these guys, DES is plenty.

Craig


At 11:06 AM 2/8/2002 -0500, you wrote:
>The paranoid among us can think of other industries where industrial
>espionage might play a part. Insurance, medical, any industry where there
>are proprietary processes in place.
>
>Imagine if people had been able to hack Enron :->
>
>Chuck
>
>
>""Joel Satterley""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Here, here, as long as you re-key every so often, who's going to bother
??
> >
> >
> > ""Daniel Cotts""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > My opinion is that nobody is going to try to intercept and decrypt your
> > > traffic unless you deal in very large amounts of money. DES will keep
>the
> > > curious at bay. It is less processor intensive.
> > >
> > > > -Original Message-
> > > > From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, February 07, 2002 9:46 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: 3DES [7:34756]
> > > >
> > > >
> > > > I have been looking at routers/firewalls. I am thinking of going with
> > > > the 2611 with a ADSL card, I also want to get a 515. Our office is
not
> > > > that big yet, but I want to plan for the future. I see that
> > > > the Pix 515R
> > > > only does DES, but doesn't do 3DES. But when I buy the
> > > > router, I can get
> > > > it with 3DES. I am just kinda confused, where is the best place to
use
> > > > 3DES, on the firewall, or on the router? Or it doesn't
> > > > matter. The way I
> > > > see it, if I wanted to do 3DES on the firewall with the 515, I would
> > > > have to buy the 515UR, which is about 10K. I don't really need the
> > > > thoughput for 100,000 users just yet though. Any suggestions on this?
> > > >
> > > >
> > > >
> > > > Thanks in advance...
> > > >
> > > >
> > > >
> > > > Brian Zee MCSE, CCNA, A+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34860&t=34756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router Fan [7:34952]

[Craig Columbus]

Which leads perfectly into my next question.  Does anyone have, or know of 
a source, for Cisco "blanks" for the NM and WIC slots in the 
1600/1700/2600/3600 series?  Anyone have a bunch that they'd like to sell me?

Thanks,
Craig

At 08:00 AM 2/9/2002 -0500, you wrote:
> >Hi Guys
> >
> >I currently building my home lab, so far I ve 7 2500s routers and 2 2820
and
> >1 2924C XL what I would like to find out is if I disconnects the fans will
> >it damage the routers or the switches, the reason is just to do with the
> >noise factor, when they or all switch on it very noisy.
> >
> >--
> >Regards,
> >
> >Will
>
>
>You MUST keep the fans in use, or it may destroy the equipment.
>
>Several other cooling tips:
>
> If it's a modular router or switch, and has any empty slots, be
>sure to cover the empty slots with blank panels. Not doing so can
>interfere with the cooling air flow inside the box.  Picture the fan
>on the left side, the next-to-the-right slot empty, and the right
>slot with a card in it.  If you left the empty slot uncovered, the
>cooling air might rush out it and not reach the right card.
>
> There may be specific product recommendations on cooling. Offhand,
>the only one I can think of is if you put a FDDI card into the old
>4000 router, it had to go into the middle slot for cooling reasons.
>
> If the routers have cooling air entries or exits on the side,
>preferably stack them vertically. If you have to put them on a table,
>leave a foot or so between them.  Otherwise, there is danger that the
>hot air from one will be sucked into the cool air inlet of the next
>in line, and so forth.  I've seen a bunch of 2500s fail because they
>were pushed agains each other on a table.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34959&t=34952
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Secret Clearance? [7:4152]

[Craig Columbus]

Check the archives of the list.  This has been discussed many, many times.

Craig

At 11:04 AM 2/9/2002 -0500, you wrote:
>So how does one gain Secret Clearance?
>--- Jeff D  wrote:
> > The contractor has no say in it. If the government
> > says you need a clearance
> > to enter the building, then you have to have one,
> > period. Why waste your
> > time if you don't?
> >
> > Jeff
> >
> >  wrote in message
> > news:[EMAIL PROTECTED]...
> > > this Clearance thing is kind of funny.
> > > I think they should screen someone who is
> > qulaified for the position even
> > if
> > > they dont have the Clearance.
> > >
>
>
>=
>Paul M. Immo CCDP, CCNP, CCIE Written, MCSE
>(248)634-3362 Home
>(248)343-0440 Cell
>View my Resume online: http://briefcase.yahoo.com/paulimmo
>Imagination is more important than knowledge
>Albert Einstein
>
>__
>Do You Yahoo!?
>Send FREE Valentine eCards with Yahoo! Greetings!
>http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34971&t=4152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Console Connection Using Linux [7:35035]

[Craig Columbus]

Let me know if you find something that you like.  I ran Linux on my laptop 
for awhile and never found a terminal program that suited me.  I suppose I 
was spoiled from TeraTerm.  The few programs out there like minicom and 
seyon just didn't impress me.

Thanks,
Craig

At 12:38 PM 2/10/2002 -0500, you wrote:
>Guys
>
>I'm planning on migrate from windows to Linux but I cant seems to find a
>software to use to get a console connection "some thing like Hyper terminal
>or Secure CRT".
>
>cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35041&t=35035
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Question [7:37006]

[Craig Columbus]

Ok, I'll bite...

Don't start buying equipment yet.  The technical component of an ISP is 
only one very small part of a big picture.  If you're seriously thinking 
about starting an ISP, you first need to write a business plan that 
delineates your idea, your potential market, your competition, your 
management team, your organizational structure, your cashflow analysis, 
your initial funding, and your exit strategy.  This includes a full and 
honest SWOT (strengths, weaknesses, opportunities, and threats) 
analysis.  Once you've refined your plan, show it to people who know a lot 
more about running a business than you do.  Go visit SCORE (look them up in 
the phone book) and be prepared to rewrite everything you've written.  Once 
you've got a final product, then you're going to need funding.  Remember, 
you need to account for more than the technical equipment.  You'll have to 
consider rents, leases, insurance, utilities, payroll, taxes, etc.  Once 
you've got the funding, you can bring on qualified management and engineers 
(read experienced in this field) and let them decide on the particular 
equipment you'll need.
If this sounds like too much to tackle, then you're not ready to run your 
own business.  On the other hand, if you're financially well off (rich) and 
are determined to go forward anyway, I'll be glad to walk you down the path 
for a fee. ;-)

Good luck,
Craig

At 02:35 PM 3/1/2002 -0500, you wrote:
>Does anyone have a list of equipment for a company to become and ISP? I
>also want to buy a class of IP addresses and host them myself. Is there
>a link on Cisco to help someone like myself get started. Any help on
>this topic would be appreciated. I really don't know where to start 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37110&t=37006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP Question [7:37006]

[Craig Columbus]

Brian,

There are a million things to consider about setting up an ISP before you 
even need a book like ISP Essentials.  Knowing how to setup redundancy and 
shape traffic is great, but it's really not at the top of the priority list 
when talking about setting up something as complex as an ISP that'll serve 
thousands of customers (you will have thousands right?  I mean you're not 
going to waste a /20?).

Before you can begin estimating your technical costs, you first need to 
define your target market.  Will you have 10 customers or 10,000,000?  Are 
you looking more at a traditional ISP model of providing Internet access 
(your note says no at the beginning, but you mention modem board at the 
end, so I'm not clear) or are you looking more at an ASP model where you're 
only concerned about providing applications?
I guess what I'm saying is that there is no cookie cutter approach to 
building an ISP, ASP, or any other business.  Only after you've fully 
defined your operational parameters can you start filling in the 
blanks.  It's like asking, "How much will it cost me to build an 
airplane?".  There's really no easy answer to the question.
Rough cost areas to think about in terms of an ISP are:
IP space
ASN Registration
Physical space (NOC rents/leases)
Equipment costs (routers (12000 series or 2600 series?), switches (6509 or 
2924?), servers, perf monitors/tools, etc.)
Bandwidth costs (T1 or OC48?)
Personnel costs
Helpdesk costs
Licensing / membership costs
Insurance costs
Marketing costs (even if you're only providing intracompany services, there 
will be costs here)
Legal costs
Etc.
You may want to head over to NANOG (http://www.nanog.org/resources.html) 
and look through some of the ISP resources to fill in some of the blanks.

I hope this helps.

Craig




At 09:22 AM 3/4/2002 -0500, you wrote:
>OK, well first let me explain my idea for an ISP isn't to sell dial up,
>or internet access. I already sell devices that use a dial up. I work
>for a company so they worry about the business plan. I already checked
>out where to buy a block of IP addresses, the min you can buy direct is
>/20 or 4096 public IPs. I know it sounds like a strange idea for you to
>start my own ISP. Also I wanted to mention that Cisco press is coming
>out with a new book about Starting an ISP "ISP Essentials" in April. I
>am trying to find more out about the book. I know it has a lot of stuff
>about the features of IOS for ISPs. I guess the book is really what I
>need. I would also need my own ASN. The /20 block of registered IPs
>would not be routable, I assume because they are not attached to anyones
>ASN. So I would have to register my own ASN. And of course I would need
>a connection to an ISP backbone. Please don't think I am Ignorant and
>think it is as easy as buying a few routers. I am trying to come up with
>an estimate for how much it would cost to start an ISP. Like for
>instance the block of IPs would be $3000 a year, another cost would be
>the modem board, the routers etc. Thanks for your help.
>
>-Original Message-
>From: Schneider, Matt [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, March 03, 2002 5:49 PM
>To: [EMAIL PROTECTED]
>Subject: RE: ISP Question [7:37006]
>
>I'm in
>
>-Original Message-
>From: Craig Columbus
>To: [EMAIL PROTECTED]
>Sent: 3/3/2002 5:05 PM
>Subject: Re: ISP Question [7:37006]
>
>Ok, I'll bite...
>
>Don't start buying equipment yet.  The technical component of an ISP is
>only one very small part of a big picture.  If you're seriously thinking
>
>about starting an ISP, you first need to write a business plan that
>delineates your idea, your potential market, your competition, your
>management team, your organizational structure, your cashflow analysis,
>your initial funding, and your exit strategy.  This includes a full and
>honest SWOT (strengths, weaknesses, opportunities, and threats)
>analysis.  Once you've refined your plan, show it to people who know a
>lot
>more about running a business than you do.  Go visit SCORE (look them up
>in
>the phone book) and be prepared to rewrite everything you've written.
>Once
>you've got a final product, then you're going to need funding.
>Remember,
>you need to account for more than the technical equipment.  You'll have
>to
>consider rents, leases, insurance, utilities, payroll, taxes, etc.  Once
>
>you've got the funding, you can bring on qualified management and
>engineers
>(read experienced in this field) and let them decide on the particular
>equipment you'll need.
>If this sounds like too much to tackle, then you're not ready to run
>your
>own business.  On the other hand, if you're financially well

Stupid 2500 confreg question [7:37278]

[Craig Columbus]

Has anyone run into an issue where a 2500 series router won't respond to 
console input?
Here's the deal:
The PC is running 9600-8-N-1 and is connected to the 2500 console port.
The router has had nvram erased and is being booted for the first time.
Upon boot, the normal boot process is seen on the monitor screen.
When prompted to enter configuration dialogue, it's not possible to input 
anything on the router.  Typing does nothing and there is no response from 
the router.
If Ctrl-F6-Break is pressed during boot, the router goes to the > prompt, 
but after that, the router still won't accept any input from the console
port.

Has anyone experienced this issue?  Is this a config register problem?  If 
so, is there a fix other than experimenting with different settings on the 
PC side?  If not, does anyone have an answer?  Could it be bad boot ROM?

Thanks,
Craig




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37278&t=37278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid 2500 confreg question [7:37287]

[Craig Columbus]

The cable is good and scroll lock isn't on.  Same PC setup and cable work 
fine on other 2500 series.  I haven't run into this particular issue before.

Craig


At 11:50 AM 3/5/2002 -0500, you wrote:
>Have you tried a different cable?
>
>
>- Original Message -
>From: "Craig Columbus" 
>To: 
>Cc: 
>Sent: Tuesday, March 05, 2002 11:18 AM
>Subject: Stupid 2500 confreg question
>
>
> > Has anyone run into an issue where a 2500 series router won't respond to
> > console input?
> > Here's the deal:
> > The PC is running 9600-8-N-1 and is connected to the 2500 console port.
> > The router has had nvram erased and is being booted for the first time.
> > Upon boot, the normal boot process is seen on the monitor screen.
> > When prompted to enter configuration dialogue, it's not possible to input
> > anything on the router.  Typing does nothing and there is no response
from
> > the router.
> > If Ctrl-F6-Break is pressed during boot, the router goes to the > prompt,
> > but after that, the router still won't accept any input from the console
>port.
> >
> > Has anyone experienced this issue?  Is this a config register problem? 
If
> > so, is there a fix other than experimenting with different settings on
the
> > PC side?  If not, does anyone have an answer?  Could it be bad boot ROM?
> >
> > Thanks,
> > Craig
> > _
> > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > Please discuss commercial lab solutions on this list.
>_
>Commercial lab list: http://www.groupstudy.com/list/commercial.html
>Please discuss commercial lab solutions on this list.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37287&t=37287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid 2500 confreg question [7:37287]

[Craig Columbus]

Yeah, it looks like I'll end up going in that direction.  After exhausting 
Cisco and google, I was hoping that someone on the list could give me a 
quick answer.
I'm still not sure that it's not a bad boot ROM.  The boot ROM was recently 
upgraded, and although I'm told that it worked fine after the upgrade, I'm 
beginning to have my doubts.

Thanks!
Craig

At 12:40 PM 3/5/2002 -0500, you wrote:
>like Dave suggested before, put a break out on it and go from thereyou 
>may find that the serial port is expecting cts/rts and one of the pins are 
>severed.  I'm not sure what cisco requires to be 'live' on their 
>2500'san extremely half-assed search on google didn't yield anythign 
>too interestingbut I'm sure you can find it out there...  :)
>
>-Patrick
>
> >>> "Craig Columbus"  03/05/02 
> 12:17PM >>>
>The cable is good and scroll lock isn't on.  Same PC setup and cable work
>fine on other 2500 series.  I haven't run into this particular issue before.
>
>Craig
>
>
>At 11:50 AM 3/5/2002 -0500, you wrote:
> >Have you tried a different cable?
> >
> >
> >- Original Message -
> >From: "Craig Columbus"
> >To:
> >Cc:
> >Sent: Tuesday, March 05, 2002 11:18 AM
> >Subject: Stupid 2500 confreg question
> >
> >
> > > Has anyone run into an issue where a 2500 series router won't respond
to
> > > console input?
> > > Here's the deal:
> > > The PC is running 9600-8-N-1 and is connected to the 2500 console port.
> > > The router has had nvram erased and is being booted for the first time.
> > > Upon boot, the normal boot process is seen on the monitor screen.
> > > When prompted to enter configuration dialogue, it's not possible to
input
> > > anything on the router.  Typing does nothing and there is no response
>from
> > > the router.
> > > If Ctrl-F6-Break is pressed during boot, the router goes to the >
prompt,
> > > but after that, the router still won't accept any input from the
console
> >port.
> > >
> > > Has anyone experienced this issue?  Is this a config register problem?
>If
> > > so, is there a fix other than experimenting with different settings on
>the
> > > PC side?  If not, does anyone have an answer?  Could it be bad boot
ROM?
> > >
> > > Thanks,
> > > Craig
> > > _
> > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > Please discuss commercial lab solutions on this list.
> >_
> >Commercial lab list: http://www.groupstudy.com/list/commercial.html
> >Please discuss commercial lab solutions on this list.
> >>>>>>>>>>>>>  Confidentiality Disclaimer   This email and any files
transmitted with it may contain confidential and
>/or proprietary information in the possession of WellStar Health System, 
>Inc. ("WellStar") and is intended only for the individual or entity to 
>whom addressed.  This email may contain information that is held to be 
>privileged, confidential and exempt from disclosure under applicable law. 
>If the reader of this message is not the intended recipient, you are 
>hereby notified that any unauthorized access, dissemination, distribution 
>or copying of any information from this email is strictly prohibited, and 
>may subject you to criminal and/or civil liability. If you have received 
>this email in error, please notify the sender by reply email and then 
>delete this email and its attachments from your computer. Thank you.
>
>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37293&t=37287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Stupid 2500 confreg question [7:37313]

[Craig Columbus]

Thanks for the top Sean.  I found the article and it's the best lead so 
far.  I'll test this afternoon.

Thanks!
Craig

At 01:22 PM 3/5/2002 -0500, you wrote:
>Every so often we'll get in a 2501 router that'll not respond to teraterm,
>CRT, hyperterm, etc.  When we disable RTS/CTS - then we can get into the
>router.  Don't know the reason, my co-worker said he found some link on CCO
>about it.
>
>Sean
>- Original Message -
>From: 
>To: ; 
>Cc: ; 
>Sent: Tuesday, March 05, 2002 12:36 PM
>Subject: RE: Stupid 2500 confreg question
>
>
> > Try setting the flow control in Hyperterm to None, that should do the
>trick.
> >
> > Steve
> >
> > -Original Message-----
> > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > Sent: 05 March 2002 16:46
> > To: Craig Columbus
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: Stupid 2500 confreg question
> >
> >
> >  Yes, a few times.  Way back I hd that problem with hypeterm, switched
> > to terterm and things worked better.  I know have a couple of 2500's in
> > the lab that I cannot talk to via the console but that otherwise work
> > fine, I think they're just old and tired and I don't feeled inclined to
> > spend much time trying to figure out why though you may want to stick a
> > breakout box on the console and check the output.
> >
> >   Dave
> >
> > Craig Columbus wrote:
> > >
> > > Has anyone run into an issue where a 2500 series router won't respond
to
> > > console input?
> > > Here's the deal:
> > > The PC is running 9600-8-N-1 and is connected to the 2500 console port.
> > > The router has had nvram erased and is being booted for the first time.
> > > Upon boot, the normal boot process is seen on the monitor screen.
> > > When prompted to enter configuration dialogue, it's not possible to
>input
> > > anything on the router.  Typing does nothing and there is no response
>from
> > > the router.
> > > If Ctrl-F6-Break is pressed during boot, the router goes to the >
>prompt,
> > > but after that, the router still won't accept any input from the
console
> > port.
> > >
> > > Has anyone experienced this issue?  Is this a config register problem?
>If
> > > so, is there a fix other than experimenting with different settings on
>the
> > > PC side?  If not, does anyone have an answer?  Could it be bad boot
ROM?
> > >
> > > Thanks,
> > > Craig
> > > _
> > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > Please discuss commercial lab solutions on this list.
> > --
> > David Madland
> > Sr. Network Engineer
> > CCIE# 2016
> > Qwest Communications Int. Inc.
> > [EMAIL PROTECTED]
> > 612-664-3367
> >
> > "Emotion should reflect reason not guide it"
> > _
> > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > Please discuss commercial lab solutions on this list.
> > _
> > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > Please discuss commercial lab solutions on this list.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37313&t=37313
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Stupid 2500 confreg question resolution [7:37400]

[Craig Columbus]

Thanks to everyone who helped with this issue.  As it turned out, something 
strange had happened to the flash.  The flash chips were replaced with 
known-good chips and the problem went away.  Live and learn!

Thanks again,
Craig

At 02:29 PM 3/5/2002 -0500, you wrote:
>Thanks for the top Sean.  I found the article and it's the best lead so
>far.  I'll test this afternoon.
>
>Thanks!
>Craig
>
>At 01:22 PM 3/5/2002 -0500, you wrote:
> >Every so often we'll get in a 2501 router that'll not respond to teraterm,
> >CRT, hyperterm, etc.  When we disable RTS/CTS - then we can get into the
> >router.  Don't know the reason, my co-worker said he found some link on
CCO
> >about it.
> >
> >Sean
> >- Original Message -
> >From:
> >To: ;
> >Cc: ;
> >Sent: Tuesday, March 05, 2002 12:36 PM
> >Subject: RE: Stupid 2500 confreg question
> >
> >
> > > Try setting the flow control in Hyperterm to None, that should do the
> >trick.
> > >
> > > Steve
> > >
> > > -Original Message-
> > > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > > Sent: 05 March 2002 16:46
> > > To: Craig Columbus
> > > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > > Subject: Re: Stupid 2500 confreg question
> > >
> > >
> > >  Yes, a few times.  Way back I hd that problem with hypeterm, switched
> > > to terterm and things worked better.  I know have a couple of 2500's in
> > > the lab that I cannot talk to via the console but that otherwise work
> > > fine, I think they're just old and tired and I don't feeled inclined to
> > > spend much time trying to figure out why though you may want to stick a
> > > breakout box on the console and check the output.
> > >
> > >   Dave
> > >
> > > Craig Columbus wrote:
> > > >
> > > > Has anyone run into an issue where a 2500 series router won't respond
>to
> > > > console input?
> > > > Here's the deal:
> > > > The PC is running 9600-8-N-1 and is connected to the 2500 console
port.
> > > > The router has had nvram erased and is being booted for the first
time.
> > > > Upon boot, the normal boot process is seen on the monitor screen.
> > > > When prompted to enter configuration dialogue, it's not possible to
> >input
> > > > anything on the router.  Typing does nothing and there is no response
> >from
> > > > the router.
> > > > If Ctrl-F6-Break is pressed during boot, the router goes to the >
> >prompt,
> > > > but after that, the router still won't accept any input from the
>console
> > > port.
> > > >
> > > > Has anyone experienced this issue?  Is this a config register
problem?
> >If
> > > > so, is there a fix other than experimenting with different settings
on
> >the
> > > > PC side?  If not, does anyone have an answer?  Could it be bad boot
>ROM?
> > > >
> > > > Thanks,
> > > > Craig
> > > > _
> > > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > > Please discuss commercial lab solutions on this list.
> > > --
> > > David Madland
> > > Sr. Network Engineer
> > > CCIE# 2016
> > > Qwest Communications Int. Inc.
> > > [EMAIL PROTECTED]
> > > 612-664-3367
> > >
> > > "Emotion should reflect reason not guide it"
> > > _
> > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > Please discuss commercial lab solutions on this list.
> > > _
> > > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > > Please discuss commercial lab solutions on this list.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37400&t=37400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question on PIX 501 [7:38246]

[Craig Columbus]

You'll need to open any ports that you want passed, no matter the 
direction.  You can do this in bulk by specifying "access-list inside 
permit ip any any" and verifying that the access-list is applied to the 
inside interface with "access-list inside in interface inside".  This will 
allow outbound traffic from any inside host and allow established traffic 
to come back in and reach the originator.  You probably don't want to do 
this in practice since it's playing fast and loose with your security.

Hope this helps,
Craig

At 01:42 PM 3/14/2002 -0500, you wrote:
>Mark,
>
>My original question that I sent to the group somehow got lost.  Ole was
>kind enough to respond to a direct query regarding to some fun I am having
>with installing a Pix (501) for the first time.  My firewall background is
>SonicWall and Watchguard, both are very simple in configuration and work
>directly out of the box.
>
>I was under the impression it was pretty much plug and play, so I decided to
>test it by putting it between my PC and the rest of the LAN.  However, after
>the initial setup, the Pix passed no information through it.  So I went to a
>ping to start the troubleshooting.  The curious (to me) issue was that from
>the console or the PDM of the Pix I can ping network addresses on both sides
>of the Pix.  From the inside of the Pix, I cannot ping (or browse the web)
>through the Pix.  I cannot even ping the outside interface of the Pix from
>the inside interface.  The specific question is this ... is additional
>configuration of the Pix required to permit access from the inside interface
>to the outside interface and beyond?
>
>To expand on the topic you and Ole are discussing, is the use of the
>conduits (or access-lists) required for each and every type of service I
>want to send from the inside to the outside?  I have no problem researching
>the commands to learn how it is done, I just want to make certain I am on
>the right path.
>
>Thanks,
>
>Justin
>
>
>From: "Mark Odette II"
>Reply-To: "Mark Odette II"
>To: [EMAIL PROTECTED]
>Subject: RE: Question on PIX 501 [7:38246]
>Date: Thu, 14 Mar 2002 12:45:59 -0500
>
>Forgive me for not reading the book yet, as I've been quite busy too
>... but, I have a question in regards to the config line you gave.
>
>I've used the PDM so far to most of the configuration of my PIX, and it
>creates access-lists rather than conduits.  I know from others I've talked
>with, that Cisco is moving from conduits to access-lists on the PIX
>configs... this is the question
>
>I configure to allow ICMP any(Outside) any(Inside) = Echo Reply
>ICMP any(Outside) any(Inside) = Time Exceeded
>ICMP any(Outside) any(Inside) = Unreachable
>
>Does this do the same thing as what you were saying about "conduit permit
>any any X"??
>
>I think it does, but just want to make sure that I haven't opened up ICMP
>completely with it being initiated from the outside.
>
>Thanks!
>Mark
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Ole Drews Jensen
>Sent: Thursday, March 14, 2002 10:42 AM
>To: [EMAIL PROTECTED]
>Subject: RE: Question on PIX 501 [7:38246]
>
>
>Hi Justin,
>
>When you ping, you use the ICMP protocol.
>
>When A pings B, A sends ICMP echo-request (number 8) to B, and B sends ICMP
>echo-reply (number 0) back to A.
>
>The PIX does not allow ICMP traffic to come from the outside to the inside,
>so to change that, you will need to open up for ICMP number 0 (echo-reply).
>
>The command for that is:
>
> conduit permit icmp any any 0
>
>This is a good way to do it, because then you allow outside devices to reply
>to your request, but they are not allowed to do a PING themself. If you want
>PING to work both ways, simply use this command:
>
> conduit permit icmp any any
>
>Hth,
>
>Ole
>
>~~~
>   Ole Drews Jensen
>   Systems Network Manager
>   CCNP, MCSE, MCP+I
>   RWR Enterprises, Inc.
>   [EMAIL PROTECTED]
>~~~
>   http://www.RouterChief.com
>~~~
>   NEED A JOB ???
>   http://www.oledrews.com/job
>~~~
>
>
>
>
>-Original Message-
>From: Justin C [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, March 14, 2002 10:10 AM
>To: [EMAIL PROTECTED]
>Subject: RE: Question on PIX 501
>
>
>Ole,
>
>Thanks for the reply.  I understand being busy.  I normally try to solve
>these things all on my own, but I just don't have the available time.  I
>spent six hours on it yesterday.
>
>Justin
>
>
>From: Ole Drews Jensen
>To: 'Justin C'
>Subject: RE: Question on PIX 501
>Date: Thu, 14 Mar 2002 08:08:30 -0600
>
>I did receive the message - I do not know why groupstudy did not.
>
>I appologize for not getting back with you yesterday, but I am so busy these
>days, as there are many projects I have to finish.
>
>I will see if I can find a couple of minutes to read your entire e-mail fro

Re: please help **location migration** [7:40162]

[Craig Columbus]

See comments inline.  Basically, I think you need to explain your
restrictions.
My experience working with clients is that sometimes perceived 
restrictions, i.e - "We CAN'T do that!", really aren't restrictions at all, 
i.e. - "We don't WANT to do that because we really don't understand how it 
works and we're not comfortable."


Thanks,
Craig
P.S. - You appear to be in my area.  Shoot me an e-mail off-list and maybe 
we can sit down to discuss your issue if you're close to me.

At 05:49 AM 4/2/2002 -0500, you wrote:
>I work for a collocation and bandwidth provider and need help with an issue
>for a migration.
>
>We need to move about 30 servers from a offsite location to our data center.
>The move of the servers needs to be done over the period of a month.  We
>need to do this without changing the ip addresses of the servers.

Why can't you change the IP addresses?  Are there hardcoded applications?
Is time required for DNS cache expiration a problem?  Is the same provider 
servicing the offsite and onsite locations?  Is the IP block portable?

>so either
>through an internet connection or wan link (both possible) we need to share
>the ip block. It cannot be subnetted and must remain a single ip block.

So you need a single, non-subnetted IP block to be at two physically remote 
locations, but one logical location.
Why can't the IP block be subnetted?  Can it be summarized?

>We
>have ruled out the use of bridge groups across a T1 circuit and would like a
>better option than using a VPN. If you have any ideas please help.
>
>thanks for the help and all the useful post.  I have been in this group for
>about 6 months and have made very few posts but have benefited immensely
>from users in this group.  I thank you for that.
>
>Kevin Campbell MCSE, MCT, CCNP
>
>[GroupStudy.com removed an attachment of type application/ms-tnef which had
>a name of winmail.dat]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40170&t=40162
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP NAT Question [7:40470]

[Craig Columbus]

Go to www.cisco.com and search for NAT configuration.  You'll find all the 
detail you need.
Basically, you're going to setup a static map and match it to an 
access-list that allows ftp.

Craig

At 08:52 AM 4/4/2002 -0500, you wrote:
>Hi,
>
>I setup a 2600 router behind the ADSL modem. My question is, how can I FTP
>from outside which can convert the IP to my private LAN at home?
>
>For example,
>
>My public IP is 124.234.23.34/24
>My internal FTP server is 10.10.10.2/24
>
>If I FTP to 124.234.23.34, it can convert it to 10.10.10.2, how?
>
>
>Please advice.
>
>Thanks
>
>Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40478&t=40470
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2620 or 2610 [7:40603]

[Craig Columbus]

Sounds like someone put a 2620 board in a 2610 case.  Your gain.

Craig

At 10:45 AM 4/5/2002 -0500, you wrote:
>ok, here is one I have never heard.
>
>Router says 2610 on it.  Sh ver says 2620.  Router has ethernet interface
>(it says 2610), but ios makes you configure a f0/0 interface.
>
>Mac address for interface is 0002.16f8.2380
>
>I can find out through and oui serach that 000216 is cisco, but does anybody
>know how to check the last 6 or has anyone else seen this issue?  Unless my
>jedi training is incorrect, don't 261x's only have 10mb interfaces??
>
>thanks,
>bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40623&t=40603
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO questions [7:11275]

[Craig Columbus]

I don't know if this will work, but it's worth mentioning

The new partner application requires you to have CCO login.  If you don't 
have a login, you can't complete the application.
At the bottom of the application page is a "get login" button.  I haven't 
tried this, but you may be able to fill out the information and obtain very 
basic CCO access.
The page is http://www.cisco.com/warp/public/765/partner_programs/apply/
If anyone uses this to obtain CCO access, let me know.  I'm curious if it 
works.

Craig

At 10:39 PM 7/7/2001 -0400, you wrote:
>easiest way is to buy a single smartnet contract for one of your routers.
>:->
>
>I am unaware of Cisco providing CCO login just because you are a CCNP. I
>believe but am not certain that a CCO account is one of the CCIE privileges.
>
>At one time I had decent access because I was a member of the consultant's
>program, but Cisco seems to have let that one fall by the wayside.
>
>As an employee in good standing of a Cisco partner, I do have a CCO account.
>But I am not permitted to open TAC cases.
>
>Chuck
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>DNT
>Sent: Saturday, July 07, 2001 5:37 PM
>To: [EMAIL PROTECTED]
>Subject: Re: CCO questions [7:11275]
>
>
>I think in order to obtain an account on CCO, you must be a CCNP, CCIE, or
>reseller.
>
>Denny
>
>
>
>""Preston Kilburn""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a newbie question here.  What ways can one get a CCO login to
> > the CCO sight?  Do you have to own equipment or be a CCIE?
> > -P.Kil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11293&t=11275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Charges???? [7:15438]

[Craig Columbus]

You definitely need to check your contract.  I've got customers that pay 
per call, some that pay per minute/per channel, and some (most) that have 
unlimited usage (both channels) for flat fee.

Craig

At 02:57 AM 8/9/2001 -0400, you wrote:
>Hello Group,
>I have querry about ISDN lines.
>As you know that it consists of 2 B- Chanels for data transmissions but
>most of the time we use only one channel
>unless it is used for multilink. In such case are we being charged channel
>wise or per ISDN Link ? i.e if I am using 1 channel then i will be charged
>for 1 call and if I am using both the B-channels then I will be charged for
>2 calls ?
>Any help on this will be appriciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15453&t=15438
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: /31 subnet (now with info link) [7:27802]

[Craig Columbus]

With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast).  You save 
addresses with a /31.
Here's a link with more info:

http://www.ietf.org/rfc/rfc3021.txt?number=3021

Thanks,
Craig

At 08:32 AM 11/30/2001 -0500, you wrote:
>Maybe I'm missing something, but there are only 2 useable addresses in a
>/30, and only 2 interfaces participating in a point-to-point link, so how
>are there 50% of the addresses wasted.
>
>Steve
>
>
>""MADMAN""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Point to point connections, with a /30 you waste 50% of the
> > avaivalable addresses.
> >
> >   Dave
> >
> > Nicolas FEVRIER wrote:
> > >
> > > Hi group,
> > >
> > > I'm puzzled by the use of /31 subnets...
> > > Anybody can explain me the benefits of such a subnet on an interface ?
> > >
> > > Thanxx.
> > >
> > > Nicolas.
> > --
> > David Madland
> > Sr. Network Engineer
> > CCIE# 2016
> > Qwest Communications Int. Inc.
> > [EMAIL PROTECTED]
> > 612-664-3367
> >
> > "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27802&t=27802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: /31 subnet. [7:27742]

[Craig Columbus]

Actually, it does work with the correct platform and IOS version.
Here's the link.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31addr.htm


Craig


At 09:44 AM 11/30/2001 -0500, you wrote:
>It doesn't work in Cisco routers.
>
>""Carroll Kong""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Law of subnets is a tradeoff.  Bigger subnets, have higher
> > efficiency, at the cost of bigger broadcast domains.  Smaller subnets
have
> > abysmal efficiency, at the benefit of smaller broadcast domains.
> >  /31 is a new RFC proposed rule which eliminates the loss of
> > effiency of 50% to.. 0%.
> >  /30 has 2 usable addresses but loses 2 for broadcast and
> > network.  So, you need 4 ips to make the subnet, but you only can use
> > 2.  50% efficiency.  /31 is going to let you take 2, and use 2, and
ignore
> > the broadcast and network need.  This is ideal for point to point.
> >
> > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote:
> > >Maybe I'm missing something, but there are only 2 useable addresses in a
> > >/30, and only 2 interfaces participating in a point-to-point link, so
how
> > >are there 50% of the addresses wasted.
> > >
> > >Steve
> > >
> > >
> > >""MADMAN""  wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Point to point connections, with a /30 you waste 50% of the
> > > > avaivalable addresses.
> > > >
> > > >   Dave
> > > >
> > > > Nicolas FEVRIER wrote:
> > > > >
> > > > > Hi group,
> > > > >
> > > > > I'm puzzled by the use of /31 subnets...
> > > > > Anybody can explain me the benefits of such a subnet on an
interface
>?
> > > > >
> > > > > Thanxx.
> > > > >
> > > > > Nicolas.
> > > > --
> > > > David Madland
> > > > Sr. Network Engineer
> > > > CCIE# 2016
> > > > Qwest Communications Int. Inc.
> > > > [EMAIL PROTECTED]
> > > > 612-664-3367
> > > >
> > > > "Emotion should reflect reason not guide it"
> > -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27816&t=27742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco aironet question [7:30926]

[Craig Columbus]

What model and antenna are you using?  How thick is the vegetation?
I setup a building to building wireless link this summer using BR342s on 
each end, with a Yagi high-gain on one side and a omni high gain on the 
other.  The distance was approximately 400m through approximately 100m of 
tree canopy.  I get about 500kbit transfer rate at maximum gain, but it's 
completely reliable even through rain and snow.  The speed isn't a problem 
since the link is for Internet access only and I only guarantee 384kbit 
throughput for the WAN connection.  As usual, your mileage may vary.

Craig

At 10:11 AM 1/4/2002 -0500, you wrote:
>Will two Cisco Aironet Wireless Access points work through trees?  The two
>buildings are only 305m apart, but there are trees in between the two
>buildings.  In winter there are no leaves on the trees, so they have line of
>sight, but with leaves in the spring and summer, will it still work?
>
>Can the signal go through the trees?
>
>--
>RFC 1149 Compliant.
>
>
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30940&t=30926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: router cannot see host [7:31800]

[Craig Columbus]

I think we need more info.  In the meantime, here's a possibility:

When pinging from the workstation to the router, you're hitting a locally 
attached interface on the router (one on the same subnet).
When pinging from the router to the workstation, the ping is originating 
from an interface other than the one that is local to the workstation.
Try an extended ping from the router, specifying the locally attached 
interface as the source and see if the pings succeed.
If so, verify that both the subnet mask and the default gateway on the 
workstation are set correctly.

Craig

At 07:43 PM 1/13/2002 -0500, you wrote:
>I know this is a RTFM type question but for the life of me I cannot
>figure out why the router cannot ping the work station, but the
>workstation can ping and telnet to the router




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31803&t=31800
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wiping a config w/o en password [7:31838]

[Craig Columbus]

Perform password recovery and then do whatever else you want.

Craig

At 07:44 AM 1/14/2002 -0500, you wrote:
>Hi All,
>
> How do I trash a config on a 2611 w/o the en password.
>
>
>
>Thanks,
>
>Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31841&t=31838
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help !! 3620 + NM-1E2W + WIC-2T = trouble [7:31976]

[Craig Columbus]

According to Cisco's HW/SW compatibility matrix, you need one of the 
following IOS versions to support a WIC-2T on a 3620:

12.0(7)XK, 12.1(1)T, 12.1(5)YB, 12.2(1), 12.2(2)T, 12.2(2)XT

Don't assume that if you try a later version of IOS that it's definitely 
going to support your card.  Try to get one of the versions listed.


Craig

At 07:27 AM 1/15/2002 -0500, you wrote:
>I have a 3620 with 64 MB RAM 16 MB Flash. I installed module NM-1E2W and it
>works fine, but when I install the
>WIC-2T in either WAN slots it doesn't recognize it. The WIC-2T works on my
>1720 and 2610. I've tried 2 different IOS already
>(IOS 12.2 Enterprise Plus IPSec 56 and 12.1 IP Plus IPSEC 56). Any input
will
>be appreciated.
>
>Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31985&t=31976
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can the Pix do this? [7:32320]

[Craig Columbus]

The pix can easily do this.  Use one line for each outside address that you 
want the inside client to access.  You don't say what port you're 
contacting on the outside, but you should also limit contact by port.
For example:

access-list 101 permit tcp host 192.168.1.1 host 1.1.1.1 eq www
access-list 101 permit tcp host 192.168.1.1 host 1.1.1.2 eq www
access-list 101 permit tcp host 192.168.1.1 host 1.1.1.3 eq www
access-list 101 deny ip host 192.168.1.1 any

Hope this helps.   However, I recommend that you have your pix config 
reviewed by a security guru to verify that you haven't accidentally opened 
your network up.

Craig

At 12:45 PM 1/17/2002 -0500, you wrote:
>I have a Pix 515 running ver. 6.1. I have a host that will be made available
>to the public for a web-enabled product demonstration. Parts of the product
>are NOT located on my internal network, so host needs to cross the firewall
>to function properly. Can I add a line to my access list that will allow
>this particular host access ONLY to two or three different IP addresses, and
>deny it access to the rest of the www? Could someone give me a little help
>with the syntax? Would it be something like this:
>
>access-list 101 permit ip  255.255.0.0  255.255.255.0
>
>Can I put all the addresses that I want to allow the host to access in one
>line? Do I need 3 separate lines? Should I put a deny statement at the end?
>Will this even work? Am I high? Just kidding, thanks in advance.
>
>Kris.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32332&t=32320
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Upgrade Problem IOS to c2600-jk8o3s-mz.122-6a.bin [7:32577]

[Craig Columbus]

Did you test that the flash upgrade was successful before trying to upgrade 
to the new IOS?  Try booting to rommon, erasing the flash, and loading the 
known good image.

Craig

At 09:30 AM 1/19/2002 -0500, you wrote:
>My bootstrap is 11.3(2)XA4 of 2612 cisco router. After I remove 8M flash to
>16M flash and upgrade to 12.2-6 IOS,
>boot process cannot recogonize flash program occur.
>
>What is the problem!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32579&t=32577
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token Ring DB9 to RJ45 connector [7:33060]

[Craig Columbus]

You'll need media filters for the DB9 end of the connection and a MAU on 
the other.
Your overall connection will be:

Router->Media Filter->cable->RJ45 MAU (or switch)Hallo, I've got a Cisco
4000 with Token Ring modules. The T/R modules
>have DB9 connections, and my T/R cards have RJ45 connections.
>
>Does anyone know how I can connect these two ? Thanks, James
>___
>  http://www.webmail.co.za the South-African free email service
>
> Get up to R250 free at http://www.silversandscasino.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33074&t=33060
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Self-Employment [7:62442]

[Craig Columbus]

I think I've posted along these lines before, but it's important to
reiterate:

1) Working for yourself is a great idea.  It provides flexibility that no 
employer can offer.  You set the hours, you decide which clients to work 
with, you decide which projects to accept, you decide how much to charge, 
and you decide how much to pay yourself.
2) It's NOT EASY.  I can't stress this enough.  Between filing regulatory 
paperwork, keeping up with accounting, doing all marketing, going to sales 
meetings, etc., you'll find yourself working some very long 
hours...especially if you've got enough clients to stay busy.
3) Don't expect that you're going to work 40 hours a week, 52 weeks a 
year.  My experience is that 25 hours of billable is a FULL work week when 
coupled with all the other tasks of keeping a small business 
afloat.  Certain long-term projects will be the exception to this rule.
4) Make sure you've got enough cash to cover receivable cycles.  Some 
clients will pay on time...others will take 60-90 days.  Don't 
underestimate expenses...they'll come back to bite you when it's least 
convenient.  There's been more than once when I've had a AmEx payment due 
of many thousands of dollars and a big customer check was late 
arriving.  Trust me...it'll make you sweat if you don't have the cash on 
hand to cover.
5) Don't ever stop marketing, networking, and selling.  Since sales cycles 
can typically take 60-90 days, the time to find your next gig is while 
you're working on your current one.
6) Treat your customers well.  If they trust and respect you, they'll come 
to you first when they need assistance.  This repeat business is vital to 
staying afloat financially.
7) Refer to number 2.  It's NOT EASY.  When you work for yourself, the buck 
stops with you.  When there's a problem, you have to deal with it.  When 
there's a decision to be made, you have to deal with it.  When a customer 
complains, you have to deal with it.  If you're not prepared to deal with 
all aspects of running a business, you're not ready to go out on your own.
8) If you've read all of the above and you still have the entrepreneurial 
bug, I recommend that you go for it.  Working for yourself can be a huge 
hassle, but it's also tremendously rewarding.

Good luck!
Craig



At 03:29 PM 2/4/2003 +, you wrote:
>Along the same lines, how does one find such clients? Any services you use,
>techniques for finding potential clients?
>
>Hal
>- Original Message -
>From: "Mike Schlenger"
>To: "'Sam Munzani'" ; "steve r" ;
>"Jay Greenberg" ; ;
>
>Sent: Monday, February 03, 2003 5:42 PM
>Subject: RE: CCIE Self-Employment
>
>
> > Really? WHERE DO I SIGN?? :)
> >
> > Mike
> > Chicagoland CCIE #7079
> >
> > -Original Message-
> > From: Sam Munzani [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 03, 2003 4:12 PM
> > To: steve r; Jay Greenberg; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: CCIE Self-Employment
> >
> >
> > Rate depends on who is paying and how much do they have? :-)
> >
> > In chicago area $125/Hr is considered normal with 1 way travel time. If
>you
> > got a fortune 500 client, you can easily bump it up to $175/Hr. and they
> > will not argue about it.
> >
> > Sam
> >
> >
> > > CCIE self employed,
> > > well if you find another CCIE to partner with you can get silver
partner
> > > status, (and some other requirements too)
> > >
> > > If you are in the biz you should know...pix...vpn and some other stuff
>the
> > > hourly work is great but it depends on the clients locations...and the
> > > billing rate..
> > > Good luck in this market it may be better then being out of work like
my
> > > friend is (and he is a CCIE too)
> > > Bill at what you can get $100 to $200 an hour or more
> > > or less if its cash..
> > >
> > > Stephen
> > > - Original Message -
> > > From: "Jay Greenberg"
> > > To: ;
> > > Sent: Monday, February 03, 2003 12:14 PM
> > > Subject: CCIE Self-Employment
> > >
> > >
> > > > Any CCIEs on the list in business for themselves?  What's the money
> > > > like, what sort of companies do you work for?  Do you do short-term
or
> > > > long term contracts?  Hourly work?
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > > Jason Greenberg, CCIE #11021
> > > >
> > > > .
> > > .
> > .
> > .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62451&t=62442
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Re: Snort versus Cisco IDS [7:62939]

[Craig Columbus]

Having installed and worked with both products, I think that Cisco's 
offering is more comprehensive, but Snort is highly reliable and much
cheaper.
It doesn't have some of the features of the Cisco product (dynamic 
shunning), but for most small to medium sized businesses (like the kind I 
work with daily), Snort is more than sufficient given the cost.
On average, I can install a Snort sensor on dedicated hardware and FreeBSD 
for approximately $1000.  A single Cisco 4210 sensor install costs me about 
$5600.  If I need to scale to Gbit capability, I can install a Snort sensor 
for approx. $5000, compared to $18K for a Cisco 4250.

In summary, they're both decent products.  If you need a comprehensive 
system for large enterprise, then Cisco certainly has the edge over 
Snort...at least until you start talking about hardware-based, customized 
snort like that from Silicon Defense.  If you just need a solid IDS for 
small business and don't want to spend a ton of cash, then Snort is a great 
alternative and is usually my first recommendation.


At 05:06 AM 2/13/2003 +, you wrote:
>Someone told me in an authoritative voice today that Cisco doesn't recommend
>their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
>big part of SAFE?
>
>Of course, the person who said this doesn't understand that Cisco is a huge,
>chaotic organism, and that saying Cisco does something based on what one
>person does, doesn't make sense.
>
>But I'm just curious, what do you all recommend for intrusion detection? How
>do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
>complicated, requiring appliances or IDS cards in a switch and a console:
>
>Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that
>runs on UNIX (Solaris and HP-UX)
>
>Cisco Secure Policy Manager (v2.2+)Windows NT-based package
>
>Thanks.
>
>Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62959&t=62939
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]