ACS / TACACS+ authentication [7:14175]
Hi All, I've got some questions for people with Cisco ACS experience. We're using ACS to authenticate dial-up users into our network. Using TACACS+ within this product we push out an IP address from an address pool configured within the ACS software. Dependant on the group to which the user belongs, the IP pool is varied. This is done to let the users get through the firewall they encounter soon after the access router - different users get different access rights through the firewall based on their IP address. Everything is working perfectly with a single dial-in access router (NAS). However we are looking to add a second NAS. This is where my headaches start. The problem is that as far as I can see, the ACS software is not going to be aware of which NAS I am coming in on. Therefore it is going to give me an IP address from the same IP pool, regardless of my actual location. This is a problem in an environment where my firewall only uses static routes. Ie: it is only going to be able to send traffic for the addresses in an IP pool to one of the two NAS devices that I have hanging off the firewall. Am I missing something about the functionality of the ACS software? Or should I pull back the management of IP pools to the NAS and allow the ACS software only to perform basic authentication? Please note - the introduction of routing protocols such as RIP or OSPF is not an option. I am not going to permit my firewall to trust external sources of routing information. Also, the introduction of an additional routing device between the NAS devices and the firewall is not an option (budgetary constraints, plus its a pretty ugly solution). Any thoughts much appreciated. Thanks, Dave Steele CCNP, CCDP. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14175t=14175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID beta results! [7:93]
Whoo-hooh! I called Prometric here in the UK this morning and they stated that their system said I had passed. I enquired about the mailout of the test results - after much confusion the operator decided to print out a test results 'reprint' and mail it to me. As for the actual Cisco paper stating that I am a CCDP, I'll just have to wait for Cisco to mail it out. YMMV. Dave Steele, CCNP CCDP (probably) ""Chris H"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All right, this is outright ridiculous... Memo to Cisco: I am never taking another Cisco beta exam What a waste of time... Will feedback and good beta testers start to go downhill because of the long wait? Something to think about. Oh, BTW, don't say that the results will be available on a specific day, and then back out. That not only irritates the beta testers, but the folks at Prometric who have to field the same calls over and over. From: "GNOME" Reply-To: "GNOME" To: [EMAIL PROTECTED] Subject: Re: CID beta results! [7:59] Date: Tue, 10 Apr 2001 11:26:09 -0400 sigh...still no news :( "Andrei Hladki" wrote in message 9ai62b$q73$[EMAIL PROTECTED]">news:9ai62b$q73$[EMAIL PROTECTED]... Dear Andrei, Thank you for contacting Cisco's Certifications Training Team. The CID Beta 641-520 will be available on Cisco's Tracking System on April 9th, 2001. We thank you for your continued patience and apologize for any inconvenience the dealy may have caused you. If you have any further questions, please feel free to contact us. Best regards, The Cisco Career Certifications Training Team FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=201t=93 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID BETA
I have just got a response from Cisco about the CID Beta: ... Thank you for patiently waiting for the CID (641-520) Beta results. The results will be available on 4/9/2001. All score reports will be mailed to the candidates directly from the testing vendor. ... So it would appear that the wait is nearly over! Dave. ""F.G.J. Ruiz-Alaniz"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think that Novell has the best grasp on things out of all the certification programs (too bad they have never invested the same level of foresight into their marketing department). They first do an alpha test for a new course. When the results come in they can weed out obviously confusing and ambiguous questions without having to deal with a curve. One time I had one with at least 8 stupid typos, and more than a few really screwed up questions, none of which made it to the beta. No one gets any certification credit for the alpha since it's never graded, but it gives us a heads up on what the exam objectives are like. Sometime between two and six weeks, depending on how well the alpha was put together, they publish the beta. There they follow pretty much the same procedures everyone else does to curve an exam. I've always found their beta exams to be of a higher quality because of the extra step. Another thing they do differently is they will revise each product exam with a new test version and go through the beta process again. I hope Cisco will be revising their exams every couple of years, since that's how often they want us to recertify. The other option is horrible. I don't think it's right how everyone's favorite monopoly does it, by shoving in a couple of raw, often times, ambiguous, badly written questions in the middle of someone's paid, live exam. I understand they have to reseed the testing pool, but isn't there a better way? I might be wrong on my critiques, maybe other companies have in-house alpha and beta exams in a small scale, privately, or in their corporate campus, but I've never heard of it, have any of you? Just recently, someone on a Novell educational forum on cnenet inquired on the results of a beta that was overdue, and the moderator got an answer for us from the testing people themselves. I posted a large thank you message for how serious they handle their education department, and someone from their testing group personally replied on the board and assured us the results would be posted soon. (The Netware 5.1 advanced admin exam revision had to go into beta twice because the first time one of the simulations crashed and prevented many of us from finishing the exam) I realized Cisco needed help in their training department when they changed their beta exam policy on the 5th week of waiting for the Foundations exam from 6-8 weeks to 8-12 weeks. It took them a little over 12 weeks to publish beta results for an exam that's supposed to be made up of questions from the live exams. For the CCNA 2.0 CCNP 2.0 exams, the beta test takers had to wait at least 2 weeks from the time their respective exam went live. I've convinced myself that Cisco takes this time to validate the pass rate they've established. The test results couldn't have just been sitting on someone's hard drive waiting to be sent to Prometric for that time. At best, hopefully their training department will read our suggestions and critiques, or someone who has always wanted to know how the beta exam process works will come across this thread and learn something. F.G.J. Ruiz-Alaniz MCSE, CNEx3, CCNP And if I might add a reply to Priscilla's latter comment that we don't want them to give us a flawed test. You're absolutely right. With all the comments we gave them that the exam was not well-written (to put it mildly) they're kind of stuck since they can't just throw the test out, since they took our money and HAVE to give us something. Here's a new suggestion, which I don't know if they'll even read: They could do a beta retake with a refined, exam. It will never happen, I know Does anyone know the size of their test sample? I think Microsoft's is 500 and Novell's is 300. On 25 Mar 2001 15:47:27 -0500, in groupstudy.cisco [EMAIL PROTECTED] (Priscilla Oppenheimer) wrote: Maybe they laid off the people working on it. Just kidding. Seriously, the Cisco training department has always worked at about 1/100,000,000 the speed of Internet time. Analyzing the results of a beta test is time-consuming, though, and sometimes there are arguments on the meaning of the results. The test writers must go through and weed out questions that everyone got right, even the obvious newbies. (Newbies and experts are defined by the test results, so it's an iterative process.) They must eliminate questions that nobody got right. They must eliminate questions that the newbies got right but the experts got wrong. Then they
Re: SNMP set - tool?
Thanks a lot for that - It does exactly what I was after. For anyone interested, here is a brief overview of what I had to do to get it working: After installing the application, I grabbed all of the Cisco MIBs (http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml) and threw them in the MIBs directory of GetIF. I set up the router in the parameters tab (IP, SNMP community strings), then entered the command in the bottom of the MBrowser tab: .1.3.6.1.4.1.9.2.1.55.$.$.$.$, s (string), then the name of the file to write to on the tftp server. Rgds, Dave. ""Greg"" [EMAIL PROTECTED] wrote in message 95eqn3$q7e$[EMAIL PROTECTED]">news:95eqn3$q7e$[EMAIL PROTECTED]... I use GetIF 2.2 to do exactly what you are trying to do and it works great. Regards, Greg Weise CCNA, CCDA "David Steele" [EMAIL PROTECTED] wrote in message 95epv6$lag$[EMAIL PROTECTED]">news:95epv6$lag$[EMAIL PROTECTED]... I'm looking for a tool that'll allow me to perform SNMP set commands, specifically to allow me to get a router to tftp it's running config to a tftp server of my choosing, per the Cisco document: http://www.cisco.com/warp/public/477/SNMP/11.html (this document is designed for HP Openview users) My company has only provided me with What's Up Gold, which seems to be a viewer (get) tool only. OV / CiscoWorks are out of the question, and no, I don't have access to a Macintosh to run the SNMP program that has been mentioned recently for that platform. I actually only have access to Win NT :( Can anyone recommend a freeware or similar application that will allow me to perform SNMP queries? Effectively all I need is a command line tool, as I know the exact format of the command that I wish to run. Any and all thoughts are welcome. Rgds, David Steele CCNP, CCDA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SNMP set - tool?
I'm looking for a tool that'll allow me to perform SNMP set commands, specifically to allow me to get a router to tftp it's running config to a tftp server of my choosing, per the Cisco document: http://www.cisco.com/warp/public/477/SNMP/11.html (this document is designed for HP Openview users) My company has only provided me with What's Up Gold, which seems to be a viewer (get) tool only. OV / CiscoWorks are out of the question, and no, I don't have access to a Macintosh to run the SNMP program that has been mentioned recently for that platform. I actually only have access to Win NT :( Can anyone recommend a freeware or similar application that will allow me to perform SNMP queries? Effectively all I need is a command line tool, as I know the exact format of the command that I wish to run. Any and all thoughts are welcome. Rgds, David Steele CCNP, CCDA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID Beta - anyone taken it yet?
I'm due to take it in about three hours and am doing some last minute study. Just wondering if anyone had any general (NDA-friendly) tips / gripes about it. TIA, Dave. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID Beta report
Hi all, Just completed the CID Beta. Naturally I am not certain if I passed, as I have to wait for about 10 weeks, however I am pretty confident. I walked out of the beta exams in January and Febuary for some CCNP stuff feeling pretty despondant but eventually passed those exams, so I think that this one will come through OK. Hard facts, for those of you who treasure them: 184 questions 180 minutes no marking questions and going back later I finished it in about 100 minutes. I studied using the Sybex text for CID 3.0 and Boson's first test set. I only had time to do the questions from the text to highlight the areas that I was lacking in, then spot reading those areas. I also only had time to complete two of the four test sets from Boson, but I still think I got my money's worth. The exam questions were mostly reasonable - there were a few trick questions (probably more than that, I just didn't spot them :) and much more of a focus on the technology (as opposed to the platform) than the old test's study guides imply. Lots of stuff on security issues, a good testing of WAN technologies, including some acronym questions that blew me out of the water (in an area that I do not have direct exposure to). Some good questions on your understanding of how various routing protocols interact. Oh, and I gotta say, there was one really cool question - I nearly laughed out loud when I read the joke answer stuck in the middle of it. If you take the test you'll spot it, I'm not going to spoil it for you (and I'm not going to skate that close to breaking the NDA). Based on what I saw today, I think that Cisco are about to produce an exam that will stand the test of time much better than the existing CID 3.0. Rgds, Dave Steele CCNP CCDA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]