FW: EMUTEL LITE setup

[David Wolsefer]

The spids are most likely configured in the emutel lite already since they
come from the factory with a default setting depending upon which version of
the emutel lite you have. The default ISDN switch is a basic-ni1 if I
remember correctly. Obviously, if you got an emutel lite with a European
siwtch type, then you won't have any spids to worry about. I thought it was
a breeze to set up the emutel lite because there was essentially no
configuration. If you don't have the manual, download it from the emutel web
site to get what the default spids are. You may not need NT1s depending upon
whether your 2503s have U interfaces or S/T interfaces. I am assuming you
must have S/T since you are using the NT1s.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dennis Laganiere
Sent: Monday, February 19, 2001 12:08 PM
To: [EMAIL PROTECTED]
Subject: EMUTEL LITE setup


I'm going to configuring my ISDN test bed this evening and I've got two
2503's, two NT1's and an EMUTEL LITE ISDN simulator.  I think I've got the
routers set-up right, the NT1 seems to be just a plug in thing, but I'm not
looking forward to configuring this ISDN simulator.  It looks like by
default the SPIDs are disabled, and there's probably a bunch of other
settings that need to be set properly.  Can anybody save me several hours of
frustration by letting me share your experience in setting up this box?  Let
me know...

--- Dennis

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access-list for DDOS attack

[David Wolsefer]

Here is what I use:

I place the following commands under the unprotected interface facing the
Internet. The syntax for the command is as follows:

rate-limit {input | output} [access-group [rate-limit] acl-index] bps
burst-normal burst-max conform-action action exceed-action action

The numbers mean the following:

bps
 Average rate in bits per second. The value must be in increments of
8 kbps. In the example below, 100 is the average rate in  bps.

burst-normal
 Normal burst size in bytes. The minimum value is bps divided by 2000. In
the example below, 150 is the normal burst size.

burst-max
 Excess burst size in bytes. In the example below, 200 is the excess
burst size.


Here is a practical example of how I like to configure rate limits:

! Allow UDP to occupy no more than 2 Mb/s of the pipe.
 rate-limit input access-group 150 100 150 200 conform-action
transmit exceed-action drop
 ! Allow ICMP to occupy no more than 575 Kb/s of the pipe.
 rate-limit input access-group 160 496000 55 575000 conform-action
transmit exceed-action drop

! Rate limit (CAR) ACLs for UDP and ICMP.
access-list 150 permit udp any any
access-list 160 permit icmp any any

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Yee, Jason
Sent: Monday, November 20, 2000 10:20 PM
To: '[EMAIL PROTECTED]'
Subject: access-list for DDOS attack




hi ,

Anyone knows what the parameter in using CAR to rate limit ICMP packets
means , for example :


interface abc

rate-limit output access-group 200 200 512000 786000 transmit
exceed-action drop

access-list 200 permit icmp any any echo-reply



what does the 200, 512000, 786000 means ?


thanks

Jason

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Switch Type basic-net3 - Question- Chuck or Priscilla any input?

[David Wolsefer]

This is typical behavior for the basic-net3 switch. You won't see active
until the call is placed, then everything will be normal.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Raul F. Fernandez
Sent: Thursday, December 07, 2000 9:20 AM
To: [EMAIL PROTECTED]
Subject: ISDN Switch Type basic-net3 - Question- Chuck or Priscilla any
input?


Dear folks,

I would like to do some research on the strange behavior of the switch =
type basic-net3.

Usually when a show ISDN status command is done and an ISDN BRI is =
correctly configured

it will show the physical layer as "ACTIVE" unless backup interface =
commands are in use.

When backup commands are in use the output of the show isdn status show =
the physical

layer as "DEACTIVATED". This switch type is used in Europe has the =
behavior of showing the=20

physical layer as "DEACTIVATED" and no backup commands are being used. =
This causes some

confusion where I work at. Anyway, I would like to research this further =
but seems like the CCO

is only interested in how to enter this switch type in a router =
configuration and other sources which

I have looked are very sketchy on information on the switch capabilites. =
Any information

would be appreciated.

Sincerely,

Raul




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Switch Type basic-net3 - Question- Chuck or Priscilla any input?

[David Wolsefer]

The routers in question were 7206s located in Paris. I saw more of this
exact behavior on some other routers in Europe, but can't remember which
ones. Here is the relevant portion of the config for the router in question.
I don't have a good explanation for this behavior, but when I asked, I was
told that it occurred because they were not using a true basic-net3 switch,
they were using some sort of emulation instead.

Regards,

David Wolsefer, CCIE #5858

isdn switch-type basic-net3
!
username SYDNEY password 7 0 
username STOCKHOLM password 7 1 
!
interface BRI3/6
 ip address X.X.X.X 255.255.255.0
 ip accounting output-packets
 encapsulation ppp
 no ip mroute-cache
 dialer idle-timeout 600
 dialer enable-timeout 10
 dialer wait-for-carrier-time 90
 dialer map ip Y.Y.Y.Y name STOCKHOLM 001234567890
 dialer-group 2
 ppp authentication chap
 ppp chap hostname foo
 hold-queue 75 in
!
dialer-list 2 protocol ip permit

-Original Message-
From: JULIO CESAR GARCIA ALCANTAR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 07, 2000 2:43 PM
To: David Wolsefer
Cc: Raul F. Fernandez; [EMAIL PROTECTED]
Subject: RE: ISDN Switch Type basic-net3 - Question- Chuck or Priscilla
any input?


Can you send us configuration example, what model of cisco router are you
using
thanks
Julio Garcia

On Thu, 7 Dec 2000, David Wolsefer wrote:

> This is typical behavior for the basic-net3 switch. You won't see active
> until the call is placed, then everything will be normal.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Raul F. Fernandez
> Sent: Thursday, December 07, 2000 9:20 AM
> To: [EMAIL PROTECTED]
> Subject: ISDN Switch Type basic-net3 - Question- Chuck or Priscilla any
> input?
>
>
> Dear folks,
>
> I would like to do some research on the strange behavior of the switch =
> type basic-net3.
>
> Usually when a show ISDN status command is done and an ISDN BRI is =
> correctly configured
>
> it will show the physical layer as "ACTIVE" unless backup interface =
> commands are in use.
>
> When backup commands are in use the output of the show isdn status show =
> the physical
>
> layer as "DEACTIVATED". This switch type is used in Europe has the =
> behavior of showing the=20
>
> physical layer as "DEACTIVATED" and no backup commands are being used. =
> This causes some
>
> confusion where I work at. Anyway, I would like to research this further =
> but seems like the CCO
>
> is only interested in how to enter this switch type in a router =
> configuration and other sources which
>
> I have looked are very sketchy on information on the switch capabilites. =
> Any information
>
> would be appreciated.
>
> Sincerely,
>
> Raul
>
>
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How Big a router for Full BGP routes?

[David Wolsefer]

I like to use a 7206 with 256Mb memory as a minimum although I do have
numerous 3640s doing full routes with 128 Mb memory. I like to use the 7206
because I can use some additional security measures without maxing out the
CPU. I use numerous access lists and bgp prefix lists to increase security.
I find that on the 3640s my CPU usage is already about 50%.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ryan LaTorre
Sent: Saturday, December 09, 2000 9:03 AM
To: Groupstudy
Subject: Re: How Big a router for Full BGP routes?



This is being discussed more and more often. The organization I work for is
just about to do out part to make the Internet Routing Table 1 route larger.
We have had a legacy Class C block for years, but never used it. Over the
next couple weeks I'll be setting it up to advertise across a couple
different ISPs.

Like someone further down in the thread stated as well, I'm only planning to
receive the routes that originate from the AS's that I peer with. For all
other traffic, I'll just use a default route...

- Original Message -
From: "Chuck Larrieu" <[EMAIL PROTECTED]>
To: "Cisco Mail List" <[EMAIL PROTECTED]>
Sent: Friday, December 08, 2000 9:26 PM
Subject: How Big a router for Full BGP routes?


> According to this afternoon's Bates Report, there are over 95,000 routes
> being advertised across the internet, at least from the vantage point of
the
> gentleman doing the reporting.
>
> I bring this up because a week ago, the reporter saw 93,000 routes.
>
> Historically, in September 1996 there were about 40,000 routes advertised.
> In September 1998 that number was around 50,000.
>
> I gotta wonder how much of this increase is due to people multiple homing
> with different ISP's so they can "load balance across the internet"? :->
>
> In any case, for those who ask "how big a router do I need to handle the
> full internet routing table?" the answer may well be "how many months do
you
> want to keep the same unit in service?"
>
> Can you imagine what this would be without CIDR?
>
> The Tony Bates website is at:
>
> http://www.employees.org/~tbates/cidr.plot.html
>
>
> Chuck
> --
> I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life
as
> it has been is over ( if you hope to pass ) From this time forward, you
will
> study US!
> ( apologies to the folks at Star Trek TNG )


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Behavior of Cisco PAT/NAT?

[David Wolsefer]

You will want to use the overload parameter. Here is the syntax, notice that
the overload parameter is optional:

ip nat inside source {list {access-list-number | name} pool name [overload]
| static local-ip global-ip}

Here is what overload does:

"You can conserve addresses in the inside global address pool by allowing
the router to use one global address for many local addresses. When this
overloading is configured, the router maintains enough information from
higher-level protocols (for example, TCP or UDP port numbers) to translate
the global address back to the correct local address. When multiple local
addresses map to one global address, the TCP or UDP port numbers of each
inside host distinguish between the local addresses."

Regards,

David Wolsefer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Benjamin Walling
Sent: Monday, December 11, 2000 7:52 AM
To: [EMAIL PROTECTED]
Subject: Behavior of Cisco PAT/NAT?


If I set up a NAT pool of only 1 address, the router/pix uses PAT.  Under
PAT, I can have 65K hosts (or connections from hosts) connecting to the
internet.

If I set up a NAT pool of more than 1 address, the router/pix uses NAT.
Under NAT, I can have 1 host per address in the NAT pool.

Does this sound right?  I have two available address to get my users out
with.  If I put them both in a pool, will I only get two out at a time, or
will it allow 65K connections per address in the pool?  The documentation
seems fuzzy on this.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Interface backup

[David Wolsefer]

If you specify a physical interface such as bri 0, then the physical
interface is placed into standby and is unusable for any other purpose. The
way you get around this problem is to use dialer profiles so that the
logical dialer interface is placed into standby instead, leaving the actual
physical interface free to use for another purpose.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Groupstudy
Sent: Wednesday, December 27, 2000 10:21 AM
To: [EMAIL PROTECTED]
Subject: Interface backup


Once you make a BRI interface a backup to say a serial interface, does =
it lock it down so that it is not useable for any other purposes?

eg:
interface serial 0
 backup load 60 5
 backup interface bri 0

Cheers.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: questionmark in netbios accesslist

[David Wolsefer]

You need a CTRL-V first.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dezso Csonka
Sent: Wednesday, January 10, 2001 5:17 PM
To: [EMAIL PROTECTED]
Subject: questionmark in netbios accesslist


Hi,

I have a problem with typing a "?" on the CLI when i try to set up a =
netbios acceslist. The CLI interpreter believes that i want help but i =
just want to type "AB?C". But as soon as i type "?" the CLI gives me =
help. I know there is special key sequence before typing ? but i have =
forgotten it.

Pls help.

Thanks

Dezs

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISIS over frame-relay troubles.....

[David Wolsefer]

What you need to do is use tunnels with frame relay to fix this. You have
the cause exactly right too. There is no equivalent to the ip ospf network
command.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Nigel Taylor
Sent: Friday, January 12, 2001 1:11 AM
To: Cisco Group Study; CCIE_Lab Group Study
Subject: ISIS over frame-relay troubles.


Hi All,
   I'm just trying to get a handle on ISIS over frame relay.  It =
would seem that because there's no comparable command to the "ip ospf =
network" under ISIS that this limits the configuration options over =
frame-relay.  It's noted that cisco serial interface with frame-relay =
encapsulation defaults to a multi-point interface. For some reason I =
can't get ISIS neighbor adjacencies being formed using a full mesh =
frame-relay cloud.=20

I'm using the configuration example in Doyle's Routing TCP/IP, pg. 652.  =
I replaced the ethernet segment between the L2 devices(London, Rome, and =
Brussels) with frame-relay.  In my frame-relay configurations I'm able =
to ping all points of the cloud but I'm unable to get adjacencies to =
form.  All routers are configured with physical interface(multi-point, =
being the default) but I still get encapsulation failure when observing =
the "debug isis adj-packets".  Now I've got this to work when the =
devices are configured using  point-to-point sub-interfaces in a partial =
mesh(hub and spoke topology) and the  hub configured for individual =
p-t-p's for each pvc.

I am however trying to simulate the ethernet segment I'm replacing.. I'm =
I thinking way "out the box" here or is this possible"

For reference there's a basic example on pg. 678 of Doyle's book that =
covers the frame-relay issue I'm trying to resolve...


Thanks All,

Nigel.

___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX vs CheckPoint

[David Wolsefer]

This is what you want:

http://www.roble.com/docs/fw1_or_pix.html

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Imran Obaidullah M
Sent: Friday, January 12, 2001 4:23 AM
To: '[EMAIL PROTECTED]'
Subject: PIX vs CheckPoint


Hi friends,

I have few basic questions,

1. If I can implement NAT and Access policy on normal router which has 2
ethernet interfaces then how PIX improves the perfomance as an dedicated
Firewall(If Iam not implemeting VPN).

2 Which is the best firewall and more reliable. What are the perfomance
difference between the PIX and CheckPoint.

Please send me the details

Thanks

imran

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Config help required

[David Wolsefer]

Just enter the following commands to remove the parts you don't need. You
can even cut and paste it from the enable mode after typing config t

interface Serial0
description Frame-Relay 56K
frame-relay inverse-arp IP 17
frame-relay inverse-arp IP 21
frame-relay inverse-arp IP 22
frame-relay inverse-arp IP 23
frame-relay inverse-arp IP 26
frame-relay inverse-arp IP 27
frame-relay inverse-arp IP 30
frame-relay inverse-arp IP 31
frame-relay inverse-arp IP 32


Once you have done this, save the config with the write command and then
reload your router and all the deleted DLCIs will disappear.

Regards,

David Wolsefer

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX vs CheckPoint

[David Wolsefer]

Jim,

I would be very interested in your view points. I am not a PIX zealot or
anything, this was just the best article I have. Perhaps you could respond
in detail with a different viewpoint.

Regards,

David Wolsefer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Brown
Sent: Friday, January 12, 2001 10:34 AM
To: 'Mark'; [EMAIL PROTECTED]
Subject: RE: PIX vs CheckPoint


I've been watching this thread and I have kept quiet. The article listed
below is obviously biased. CheckPoint has its issues but none of them are
performance related. The only bad things I have to say about the product is
in relation to support, which doesn't exist, and licensing.

CheckPoint is #1 in spite of themselves. CheckPoint can handle up to ~80Mb
of throughput, if you need more then maybe you should look at some other
solution, otherwise they are all on the same field in regards to speed. They
typical shop doesn't need more than 80Mb of throughput.

The NT GUI is free, you must purchase the Motif GUI.

Nobody, and I mean Nobody, beats their GUI interface. It is the same no
matter what platform you are running on.

The Nokia/CheckPoint appliance is the best of both worlds. It is a
prehardened, highly tested OS on super performance hardware. You just drop
and insert that baby and you are ready to go. We use NT and Nokia's IPSO,
and if I could do it all over again we would only use Nokias.

Their stock is strong despite the recent gut punch the technology sector has
encountered. They have a great product with terrible customer service. This
may come back to haunt them, but in the mean time they are the best in my
opinion.

I could argue/discuss each point in the link below, but I won't bore anyone.
If someone would like more details or a realistic view on CheckPoint
capabilities you can contact me offline.

-Original Message-
From: Mark [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 12, 2001 10:54 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX vs CheckPoint


Not a bad article in here but just a little more.  I have both the
Checkpoint 4.1 and the Pix 525.  I bought the 525's because I was tiered of
dealing with Checkpoint.  CKP is terrible at customer support and licensing,
and I am not saying this from just my experience.  I was in the classes
recently and all the folks there expressed the same issues.  Support is
expensive and not so bad with Pix.  Remember that with CKP you rely on the
box and OS you run and that has been a performance problem for us. In
addition you had better know how to harden the box with CKP.  I guess my
opinion is that a hardware device is almost always a better solution. Dollar
for Dollar the PIx is the better solution.

Good Luck
ML
"Imran Obaidullah M" <[EMAIL PROTECTED]> wrote in message
F149A24C5121D211A9710004AC4419C801B4BAF5@RSINTS002">news:F149A24C5121D211A9710004AC4419C801B4BAF5@RSINTS002...
> Hi friends,
>
> I have few basic questions,
>
> 1. If I can implement NAT and Access policy on normal router which has 2
> ethernet interfaces then how PIX improves the perfomance as an dedicated
> Firewall(If Iam not implemeting VPN).
>
> 2 Which is the best firewall and more reliable. What are the perfomance
> difference between the PIX and CheckPoint.
>
> Please send me the details
>
> Thanks
>
> imran
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco versus Juniper at the corelayer

[David Wolsefer]

Definitely! Try running a GSR heads up VS an M40, load 
them up with a smartbits, and you will be impressed. Of course you will rarely 
get fired for choosing Cisco. Cisco is a safe choice. Go read the white paper on 
the architecture available on the Juniper web site. Look at some of the people 
at Juniper as well, i.e. Jeff Doyle, Chuck Semeria (SP?), etc. I am not sure, 
but I think Dave Katz might be writing the Juniper code. Ever wonder why some of 
the earlier IOS versions such as 11.2 are so stable? Look who wrote the code. There are a number of people who are not 
loyal to manufacturers, but are loyal to who is writing the 
code.
 
Regards,
 
David 
Wolsefer
 
 -Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sanjay 
DalalSent: Monday, September 25, 2000 12:13 PMTo: 
[EMAIL PROTECTED]Subject: Cisco versus Juniper at the 
corelayer
Hello All : 
  Lately, I am hearing a lot of waves about Juniper routers such as m20, 
  m40,... etc. as the core router being used by ISP's, rather than  Cisco 
  7000 series or 12000 series routers. Does anyone have info on this 
  matter... 
  Is Cisco being challenged by JUNIPER at the core end... 
  Any info would be appreciated. 
  Sanjay **NOTE: New CCNA/CCDA List has been formed. For more information go 
  to http://www.groupstudy.com/list/Associates.html 
  _ UPDATED Posting Guidelines: 
  http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription 
  info: http://www.groupstudy.com Report misconduct and Nondisclosure violations 
  to [EMAIL PROTECTED] 

RE: how many ls1010s in the lab?

[David Wolsefer]

How 
many ls1010s are in the lab is irrelevant. They are not listed on the equipment 
list for the lab so you will not be responsible for configuring them. Any 
configuration required on the ls1010s will be performed by the proctor. To 
answer your question though, I suspect it varies from location to location, some 
having just one, others having more than one.
 
Regards,
 
David 
Wolsefer, CCIE# 5858

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of R. D. ZhangSent: 
  Tuesday, September 26, 2000 12:37 PMTo: 
  [EMAIL PROTECTED]Subject: how many ls1010s in the 
  lab?
  Hey, All
   
  I plan to take the lab in Nov., but I don't know 
  how many ls1010 within the ccie lab. Could you tell me something about 
  it? i.e. one or two.
   
  Thanks,
   
  R.D.

My impressions of Juniper from the test lab

[David Wolsefer]

The juniper M20,M40, and M160 are serious routers in the core IP routing
world because they simply outperform the 12000GSR. Although I did not test
them against the latest and greatest GSR, we ran tests with the M40 heads up
against a few older model GSRs. Needless to say, the Juniper is very
impressive. We took a smartbits and started loading up the links up to
OC-48. The M40 handled the load extremely well at wire speed with no packet
loss. The GSR, on the other hand, started dropping packets at about 50% of
that load. Does this mean the performance couldn't be improved on the GSR?
No, not at all. These GSRs were not tuned at all. They were straight out of
the box (so to speak). I think that the bottom line is that we, as
engineers, need to be prepared to work with both products. I like Junos and
love IOS. You will not get fired for recommending either product. I believe
that pricing is competitive for both products as well.

Regards,

David Wolsefer

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: High Availability. (Maybe OT)

[David Wolsefer]

Kevin,
 
What 
you want to do is use multiple NICs on each server, connecting one NIC to each 
switch. If you need a 5 9s type of design, then you need to use 4 NICs with one 
NIC connecting to 2 different blades on each switch. In addition, if you need 
redundancy at the application layer, then you need clustering software. This 
does indeed work with Solaris. You should also investigate using the Arrowpoint 
switches for local and global load balancing. They will also solve problems such 
as maintaining stateful connections with cookies and SSL.
 
Regards,
 
David 
Wolsefer CCIE#5858

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin WelchSent: 
  Friday, October 13, 2000 1:08 AMTo: 
  [EMAIL PROTECTED]Subject: High Availability. (Maybe 
  OT)
  I am trying to figure out how to impliment a 
  redundant network design.  The problem I keep running into is the 
  connection to the server.  I can provide Access redundancy through the 
  use of two switches.  I can provide some level of server redundancy via 
  the use of 2 NICs or 2 Servers.  The problem is how to provide 
  application layer redundancy.  I have been able to prove the network 
  itself is redundant, but connectivity to servers seems to be where I am having 
  trouble with my studies.
   
  From my understanding I cannot do etherchannel 
  accross switches, and more over, I remember that etherchannel does not 
  provide redundancy because if one link goes down the whole channel goes 
  down.  Please correct me if this is wrong.  
   
  Example:
    Realizing that the expectation that a 
  server stay up all the time would still be a single point of failure.  In 
  the event of a network failure on a switch, how do I provide network access to 
  the Server.  
   
  Proposed is to connect the server via a second 
  NIC or second port on a dual or quad NIC to a secondary access switch.  
  
   
  Problem, maintaing the same layer 3 address 
  accross both switches in the advent that one link should fail, the server 
  maintains reachability.
   
  Giving that in this case I would be talking about 
  a solaris system, I have thought about using simple scripts to watch for the 
  interface to go down and reconfigure.  I am curious if anyone knows of 
  any hardware/software solutions for doing this?   I am guessing that 
  I am not the first person to ask for something like this.
   
  -- Kevin

RE: IPX Problem

[David Wolsefer]

You need a desktop or enterprise image. It seems you only have an IP IOS
image.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Shane Stockman
Sent: Friday, November 03, 2000 11:38 AM
To: [EMAIL PROTECTED]
Subject: IPX Problem


This might seem silly but I am trying to enable ipx routing on my router and
it just keeps telling unrecog command , even though I am in global config
mode.When I do a ipx ? , i get unrecog command in global config mode.Same
with apple

IOS (tm) 1600 Software (C1600-Y-L), Version 12.0(3), RELEASE SOFTWARE (fc1)


Thanks


_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Flapping and Dampening

[David Wolsefer]

Flapping refers to a link going up and down.

Dampening is a BGP feature used to minimize the instablility caused by a
flapping link. A route that is flapping receives a penalty of 1000 for each
flap. When the accumulated penalty reaches a configurable limit, BGP
suppresses advertisement of the route even if the route is up. The
accumulated penalty is decremented by the half-life time. When the
accumulated penalty is less than the reuse limit, the route is advertised
again (if it is still up).

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Duane Morgan
Sent: Thursday, November 16, 2000 1:27 PM
To: [EMAIL PROTECTED]
Subject: Flapping and Dampening


Would someone be so kind as to explain these too terms, in english?

While I'd honor references to where I can get definitions, instead of just
uses in context. I'd greatly appreciate a translation into laymen's terms
of these two definitions.

Thank you.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: The single best book for CCIE Routing Switching [7:4216]

[David Wolsefer]

The single best book for the written is probably Radia Perlman's
Interconnections, in my opinion. The single best source, however, is the
Cisco documentation CD. If you get the exam blueprint and use the CD to make
sure that you understand the basics of every topic, you may pass. The
blueprint is very important. Make sure you follow it in your studies. It is
difficult to pass the exam with only a single source. For example, if you
want to study Token Ring, download the Rossi's excellent paper on it at
their web site. Fred Ingham also has an excellent paper in the groupstudy
archives for Token Ring. Find whatever sources you need to understand the
topics in the blueprint.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Keith Sergeant
Sent: Friday, May 11, 2001 12:41 PM
To: [EMAIL PROTECTED]
Subject: The single best book for CCIE Routing Switching [7:4216]


Hi,

I am looking for a single book I can read that will give me a complete
overview of the written test.  I realize that no one book can have every
subject covered in the level of detail required.  Once I know a complete
list of topics on the test I can investigate each subject in greater detail
via the CCO and other books.

Thanks,

Keith Sergeant
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4222&t=4216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Migration EIGRP-OSPF [7:5724]

[David Wolsefer]

Yes,

We laid in OSPF over EIGRP since the administrative distance of EIGRP is 90
and OSPF is 110. We were then able to check the OSPF databases on each
router to make sure that all routes are advertised correctly. The final step
was to remove eigrp. This results in some downtime, but it was easier to
schedule a block of downtime and cut over.


Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dyson Kuben
Sent: Thursday, May 24, 2001 5:59 AM
To: [EMAIL PROTECTED]
Subject: Migration EIGRP-OSPF [7:5724]


anyone out there ever migrated a large-scale network from EIGRP to OSPF?
Would you be able to share your experiences?

Thanks,

Dyson
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6319&t=5724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Training Advice wanted [7:9550]

[David Wolsefer]

John,

I think that the CIT class would be a good choice for you given your
limitations. We used to send all of our engineers to the CIT class and
everyone liked the class and thought it was good. I do not know if your boss
would allow it or not, but Mentor Technologies BGP/OSPF workshop would also
be a good choice.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Friday, June 22, 2001 11:33 AM
To: [EMAIL PROTECTED]
Subject: Training Advice wanted [7:9550]


My boss would like to send me to another class and I'm having a hard
time deciding which courses I'd like to take.  The problem is that I
don't want to cover a lot of material that I already know, and the class
has to be relevant to our environment to be considered.  Because of that
I can't take CATM or MCNS.  I've already covered the CCNP/DP level
material but I'm wondering if some of the classes would still be
beneficial, specifically CIT and CID.

Since I'm planning on tackling the CCIE lab, I'm wondering if CIT would
be a good choice.  Those of you who have taken CIT, would you recommend
it?

How about CID?  That's not as relevent to my immediate goal as CIT but
I'm still interested in taking it.  I've read a lot of materials on
these topics but I know that it really helps to have it all packaged
together and presented at once.

I see that Global Knowledge has an advanced switching class based on
the 6000 series switches.  That's starting to look pretty good since
we're going to be buying some of those later this year or sometime next
year.

Hmm I've already taken SNAM and I'll probably get a CIP class after
I learn some more SNA/VTAM configuration.

I'd love to take some CCIE lab prep classes but there's no way my
employer would pay for those.

Any suggestions from those of you who've taken some of these courses?
I'm leaning toward taking CIT but I'd be interested in hearing your
thoughts.

Okay, enough rambling!  Thanks in advice for your advice

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9576&t=9550
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lab Equipment - Does anyone ACTUALLY know??? [7:10531]

[David Wolsefer]

The exact equipment varies from rack to rack and from location to location.
You shouldn't waste time trying to build an exact duplicate because at best,
you can only build an exact duplicate of a single rack at a single location.
What you do need to do is make sure that you understand every type of
equipment on the official equipment list on the Cisco web site. Don't take
this for granted or you might be in for a surprise when you have to confront
a Catalyst 3920 token ring switch or an older 4500. If you have only use the
newest gear, you may be in for a suprise with older gear. Have you ever had
to use the mode 10baseT command on newer equipment because the router thinks
you are using AUI? I don't think so, but this simple type of error can cause
you to waste valuable time.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Nuts
Sent: Saturday, June 30, 2001 6:54 PM
To: [EMAIL PROTECTED]
Subject: Lab Equipment - Does anyone ACTUALLY know??? [7:10531]


Hi all,
I have been trying to figure out for a couple of months as to what
route/switch models would one actually see on the lab? Does anyone actually
know or people like Chuck etc. who have already been there, can you share
this with us without violating NDA!!
Mentor has their setup for their ECP classess which I found different from
the web-site somewhere in NC that someone posted a couple of weeks back! Who
knows??
Can anyone advise.
Thanks!!
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10718&t=10531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 6500 & Alteon [7:10895]

[David Wolsefer]

Explanation   This message indicates that the native VLAN is different from
the one set on at least one of the neighboring ports; [dec]/[dec] is the
module number/port number of the offending port.

Action Check the native VLAN settings. If the VLAN configuration does not
match, set it appropriately. If no apparent mismatch is found, contact your
technical support representative.

Looks like the VLAN on the Cat6500 is not the same as the VLAN on the
Alteon.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ralph Filippelli
Sent: Tuesday, July 03, 2001 1:32 PM
To: [EMAIL PROTECTED]
Subject: Catalyst 6500 & Alteon [7:10895]


I am receiving an error message on my Cat 6500
%CDP-4-NVLANMISMATCH:Native vlan mismatch detected .
It is connected to an Alteon AD2..

Any Ideas

Thanks

__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10897&t=10895
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help with 2509 [7:10869]

[David Wolsefer]

Do you have transport input all configured under line 1 8? Sorry, I may have
missed part of the thread. Post your config.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jonathan Hays
Sent: Tuesday, July 03, 2001 3:09 PM
To: [EMAIL PROTECTED]
Subject: Re: Help with 2509 [7:10869]


Anwar,

Your config looks fine and it does look like reverse telnet is hanging on
lines 1,2, and
3.

I think I understand that you have already tried standard cable-swap
troubleshooting but
let me run through it for you. Might as well be thorough.

Plug line 6 (which works) into the console port of 2523A (now on line 1) and
see if the
2523 console starts working. If it does, you know that the console I/O on
the 2523 is
NOT the problem.

Next see if octal cable line 1 can be plugged into the 2513B (now on line 6)
and start
working - if not, then you know for sure that octal cable line 1 is not
working.  (If it
DOES work you have a really tough problem to solve)

Check the RJ-45 connector on line 1. Also pull the entire octal cable off
and look for
bent pins on the router end.

Do you have another octal cable you can swap with this one?

HTH,

Jonathan


Anwar Ladhani wrote:

> My fault
>
> the address is 24.181.149.225
>
> Anwar
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Kevin Wigle
> Sent: Tuesday, July 03, 2001 3:20 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Help with 2509 [7:10869]
>
> connection refused...
>
> Kevin Wigle
>
> - Original Message -
> From: "Anwar Ladhani"
> To:
> Sent: Tuesday, July 03, 2001 2:56 PM
> Subject: Help with 2509 [7:10869]
>
> > Hi all
> >
> > I just got a 2509 and configured it as an access server and the
following
> > problems have come up :
> >
> > I connected all the eight ports of the octal cable to various routers,
> > the ports 1,2 and 3 are not working but ports 4 through 8 work fine. I
> have
> > interchanged the routers i.e. connected other routers which I could
telnet
> > in to using ports 4 through 8 to the ports 1,2 and 3( of course I
changed
> > the configuration in the access server too) and confirmed that the
problem
> > is with the access server. The routers that do not work with 1,2 and 3
> work
> > fine with 4,5,6,7 and 8 ( with proper configuration ).
> >
> > Can some body help me with this problem ? I very much doubt that this is
a
> > physical problem because the octal cable is new.
> >
> > You can telnet in to my 2509 by using the ip address 24.181.148.225
> password
> > 123 and abc, and check the configuration.
> >
> > Anwar
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Anwar Ladhani
> > Sent: Tuesday, July 03, 2001 12:35 PM
> > To: [EMAIL PROTECTED]
> > Subject: test [7:10853]
> >
> >
> > test
> >
> > _
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> > _
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10915&t=10869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS White Paper Announcement [7:40035]

[David Wolsefer]

Galina Pildush is publishing an MPLS white paper today on
www.certificationzone.com. You better hurry though because it will only be
available free for today only. This should be an excellent source for those
studying for the C&S exam. As a CCIE and JNCIE, Galina knows MPLS well.

Regards,

David Wolsefer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40035&t=40035
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what's wrong with CCIE today? [7:13151]

[David Wolsefer]

While I agree that a lot of engineers could use more Unix skills (myself
included), the CCIE in routing and switching does not test skills for
running Unix TACACs servers. The CCIE in ISP-DIAL, however, is a different
matter entirely since the ISP-Dial CCIE tests the ability to configure Cisco
Secure under Windows NT and Solaris. Many R&S CCIEs are not from a carrier
background, but many are. When I worked at a major carrier, I never had to
configure the Tacacs server. There was a seperate team for that. I did,
however, frequently configure Tacacs+ on routers and switches. I have yet to
have a single customer request to tunnel X-application through Secure Shell
(SSH). A CCIE is not an all knowing being. All that you can really infer
from a person's CCIE status is that he/she knows routing and switching
reasonably well on the 3600s, 2600s, 2500, Cat 5000s etc. I do think that
even though a CCIE (R&S) might not know how to configure a Tacacs server off
the top of their head, they should have the skills to research the
appropriate documentation, get help from TAC, and configure things given a
reasonable amount of time. I would also like to point out that there are
many people out there calling themselves CCIEs these days. Did you verify
with Cisco that these people are really CCIEs? Why didn't you ask these
people about their Tacacs knowledge before you hired them if this was
important to you? Finally, this post is off topic. Why is it even posted to
a Cisco certification mailing list without "OFF TOPIC" in the subject.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sean Young
Sent: Friday, July 20, 2001 4:15 PM
To: [EMAIL PROTECTED]
Subject: what's wrong with CCIE today? [7:13151]


What's wrong with CCIEs today?  I know that I am making a general
assumptions; however,this is the second time that it has happend to the
company that I work for.  We have several tacacs servers that use to
authenticate users.  These tacacs servers are running on a combination of
Linux and Solaris platforms.  While I was away at the Networker
Conference, one of our tacacs servers (solaris) die due to hardware
failure and the amazingly the tacacs process on the Linux die.  Because
of this, everyone has to login to the routers and switches via local
account.  We hire these CCIEs to maintain the network while I am away for
a few weeks.  None of these CCIEs have any background with tacacs servers
running on Unix platforms.  As to our problems, the simple to do is just
to restart the tacacs process byfirst:  "killall tac_plus" and second
"/usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg" but these CCIEs guys
have absolutely no clues.  Furthermore, they don't even know how to use
editing in Unix (i.e vi or emacs) and ended up screwing up my tacacs
configuration files.  We have a few employees that need tacacs account
but these CCIEs guys have no clues how to addnew users to a configuration
file which if anyone has done tacacs on the unix platform know that you
just modify the configuration file tac_plus.conf and restart tacacs
process.   These CCIE guys say that they come from a windows environment
so they don't have too much with Unix platforms.  I also notice that a
lot of CCIEs these days lack the Unix skills that are required for the
Service Providers environment.  Most don't even know how to tunnel
X-application through Secure Shell (SSH).  I still remember those days
when Cisco Engineers are very well verse in both unix and routers
skills.  I long for those days again. Comments anyone?



Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13157&t=13151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Good choices for IDS [7:13630]

[David Wolsefer]

Why not use SNORT if cost efficiency is a major concern? Personally, I like
a combination of several IDS systems including SNORT and Recourse
Technologies Mantrap and Manhunt.

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Frank Kim
Sent: Tuesday, July 24, 2001 2:59 PM
To: [EMAIL PROTECTED]
Subject: Good choices for IDS [7:13630]


Hi guys,
I need to find a good and cost efficient IDS solution.  Please
advise.  Please also give me your opinion about BMC Patrol as
well.  Thanks.


-Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13662&t=13630
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lab Dress

[David Wolsefer]

Title: RE: Lab Dress





Dress doesn't matter. Dress comfortably. The only thing I would caution is that the room in Brussels was cold to me, so bring a sweater or jacket.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Benton
Sent: Saturday, July 22, 2000 4:35 PM
To: [EMAIL PROTECTED]
Subject: Lab Dress



I have what sounds to me to be a stupid question (I
know, I know...no such thing as a stupid question)
that I haven't seen addressed before. Does it matter
what you wear into the lab? I want to be comfortable,
which to me is jeans, t-shirt, and ballcap. I guess
what I'm getting at is, since the proctor has some
discretion, will you start out on the wrong foot if
you're not dressed in at least business casual? I know
the lab is supposed to be based on pure ability, and I
hope something as silly as how you're dressed would
not affect the outcome or the helpfullness of the
proctor. But then again, I've run across many people
who seem to  judge your level of seriousness about
things based on how you're dressed. Any insight?
Scott


__
Do You Yahoo!?
Get Yahoo! Mail  Free email you can access from anywhere!
http://mail.yahoo.com/


___
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab

RE: Paper Vs hands on

[David Wolsefer]

Many people have made important points, but I would like to add a key one.
You must move to where the jobs are. I had great difficulty finding a job in
Maine, yet when I moved to the Washington D.C. area I couldn't even return
all the calls I received requesting interviews. In Maine, I received some
interviews, but did not receive many offers. In Washington D.C., I received
an offer from pretty much every company I interviewed with. The demand for
skilled workers here is tremendous. I can guarantee that someone with A+,
MCP, etc will be able to get some sort of a position from which to start.
Since the companies tend to be larger here, i.e. AOL, Sprint, etc, there
will be opportunities to move out of a helpdesk position and progress.

My .02

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, May 28, 2000 4:44 PM
To: [EMAIL PROTECTED]
Subject: Paper Vs hands on


Let's talk about this for a minute or two, just to clear something that has 
been inside of me for a while, since i joined this group about a year ago I 
hear lots of you say 
" get experience", like it is somenthing you just go to the grocery store
and 
buy it, if it was like that, i would gather as much money as i could, to buy

the most i can.
Take me for example, I have been parking cars for 7 years now at $ 7.50 
an hour,
In 1997, because i wanted to improve my way of life, i started buying and 
studying books, first I got my A+ cert, Then my MCP, right now i only need 2

electives to have the MCSE, then i got my Network+, then my CCNA, from the 
ccnp i passed the acrc and the cit, I bought all the cisco books for the 
ccnp, the ccda,ccdp,ccie, i even took the ccie written , of course i failed,

but it is a good experience, and i think the acrc is a harder exam, but the 
ccie is a more broader exam.
going back to the main topic, I started studying because nobody would 
hire me because i do not have neither the knowledge nor the experience that
i 
needed, now I have, not all the knowledge but some, as far as the A+ goes i 
feel confident, i have asembled and sold over a few years maybe 100 
computers, as far as my troubleshooting skills i feel more than good, as far

as the rest goes, i have a small network at home, not with routers, because
i 
cannot afford them, i have 4 workstations and 2 servers, so i practice a
lot.
Since i joined this group i hear you people talking about getting 
experience, about paper Vs hands on, AT first nobody hires you because you
do 
not have the knowledge or the experience, then somehow you manage to get
some 
knowledge, 
but then again, this time nobody hires you because you do not have the 
experience, and you people talk about it , the so much appreciated
experience 
, like it is so easy  
to get
I have posted my resume all over, willing to start with anything, but 
whoever calls, the first question is, Where have you worked before?, how
long 
have your worked in the industry?, as soon as I tell them my experience is 
with a small network i have at home, they think for a minute or two, thet 
said i call you back, but they never do.
I have spent Ks of dollars, and i am convinced that it is not worth , to

keep spending more in the sense of trying to get a better life, it is almost

impossible; in the sense of getting knowledge is a good thing to do, but up 
to certain limits.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: [Fwd: Morning]

[David Wolsefer]

Scott, it depends. Let me clarify and see if this helps. You only need to
turn off split horizon with eigrp on the hub router if and only if you are
using a point-to-multipoint subinterface on the hub router. If all your
interfaces are point-to-point (which they probably should be), then you will
not have a split-horizon problem. Let me know if you have further questions
and we can clear them up. BTW, you do not need to turn off split horizon on
point-to-point subinterfaces, only multipoint subinterfaces. 

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Livingston
Sent: Tuesday, June 06, 2000 1:16 PM
To: [EMAIL PROTECTED]
Subject: [Fwd: Morning]


can someone help out here please? THANKS!
subject:
   Morning
   Date:
   Tue, 06 Jun 2000 07:50:00 -0500
  From:
   Scott Livinston <[EMAIL PROTECTED]>
To:
   [EMAIL PROTECTED], Jon Helmer <[EMAIL PROTECTED]>





This is reference to Mr. David Wosefer's white paper about Frame Relay..

David,

We are currently running a small F.R. network over here and something
you wrote contradicted what we currently have in operation..  Currently
we have a hub and spoke topology, 3 spokes to be exact... we are an IP,
partial meshed network running subinterfaces and EIGRP.. You mentioned
in your paper that you need to turn off ip split-horizon on the
subinterfaces if the spokes are to know about the other spokes
networks.. Well in our case we don't have ip split horizons turned off
and the spokes know about all other spokes... How could this be? I had
my lead engineer look @ this and we both cant figure out this
discrepancy between what you published and what we are currently running

over here... If you get some time could you please show me where i might

be lost? Thanks for your help!

--
Scott M. Livingston
Network Engineer (CCNP)
12851 Foster
Overland Park, KS 66213
800.888.7535
913.402.7844 x1056
913.814.7849 Fax

"Make every swing as if it were your last"
-Gary Schroer
--

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay limitations question

[David Wolsefer]

Here is an excerpt from my frame relay paper on CerticationZone.com which
explains this:

Historically, IOS has had a limit of 300 interfaces per router chassis,
including both hardware and software-defined interfaces and subinterfaces.
Some recent IOS versions may raise this to 700-1000 on specific platforms.
This limit, which is based on the number of internal Interface Data Blocks
(IDB), may not be reachable due to memory restrictions on certain routers.
For example, a Cisco 2500 keeps its interface buffers in shared I/O memory. 

Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David Smith
Sent: Thursday, June 08, 2000 10:49 AM
To: Study group (E-mail)
Subject: Frame Relay limitations question


Hi all,

I am doing some projections for growth in our companies FR cloud.  I was
checking the limitations of routers when I came across this article.  The
link is below.

http://www.cisco.com/warp/public/125/26.html

The following is directly from the article.  The last part is what I have a
question about.  Does anybody know where the limitations per router platform
come from?  The article seems to be missing some information about why the
2500 can only support 60 DLCIs, the 4000 can support 120, etc.
  
Thanks in advance,
Dave

DLCI Limitations
Subinterfaces count toward the practical upper limit of 230 Interface
Descriptor Blocks (IDBs). In other words, Cisco IOS currently doesn't
support more then 230 interfaces on the router (real or virtual) unless you
have an ISP Geeks Image which has 1024 IDBs. How many DLCIs can one
configure per physical interface? How many DLCIs can one configure in a
specific router? These two questions are frequently asked. Disappointingly,
the answer is, "it depends." 
DLCI address space: Approximately 1000 DLCIs can be configured on a single
physical link, given a 10-bit address. Because certain DLCIs are reserved
(vendor-implementation-dependent), the maximum is about 1000. The range for
"cisco" LMI is 16-1007. The stated range for ANSI/ITU is 16-992. These are
the DLCIs carrying user-data. 
LMI status update: The LMI protocol requires that all permanent virtual
circuit (PVC) status reports fit into a single packet and generally limits
the number of DLCIs to less than 800, depending on the maximum transmission
unit (MTU) size. 
MTU= 4000 bytes   Max DLCIs app= (MTU bytes - 20 bytes)/ (5 bytes/DLCI) 
(4000-20)/5 = 796
Default MTU on serial interfaces is 1500 bytes, yielding a maximum of 296
DLCIs per interface. Please note that these numbers vary slightly, depending
on the LMI type. The maximum DLCIs per router (not interface) platform
guideline, based on extrapolation from empirical data established on a Cisco
7000 router platform, are listed below: 
*   Cisco 2500: 1 X T1/E1 link @ 60 DLCIs per interface = 60 total 
*   Cisco 4000: 1 X T1/E1 link @ 120 DLCIs per interface = 120 total 
*   Cisco 4500: 3 X T1/E1 links @ 120 DLCIs per interface = 360 total 
*   Cisco 4700: 4 X T1/E1 links @ 120 DLCIs per interface = 480 total 
*   Cisco 7000: 4 X T1/E1/T3/E3 links @ 120 DLCIs per interface = 480
total 
*   Cisco 7200: 5 X T1/E1/T3/E3 links @ 120 DLCIs per interface = 600
total 
*   Cisco 7500: 6 X T1/E1/T3/E3 links @ 120 DLCIs per interface = 720
total 
Note: These numbers are guidelines only, and assume that all traffic is
fast-switched. 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FR lmi-type and subinterfaces

[David Wolsefer]

You can configure LMI type on the physical interface, not on the
subinterface. You are also correct that lmi type is auto-detected if IOS is
version 11.2 or above. I have found the auto-detect feature to be reliable,
but some others feel differently. It has worked every time for me though. I
like to use auto-detect because I had a case where the translations people
went and arbitrarily changed LMI type on the frame-relay switches from Cisco
to CCITT, which brought down those routers with LMI hard coded, but those
using auto-detect made the change with no problem.

Regards,

David Wolsefer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Omer Shommo
Sent: Sunday, June 11, 2000 10:05 PM
To: Cisco Group Study
Subject: FR lmi-type and subinterfaces


Hello,

I remember something that says I cannot configure LMI type If subinterfaces
are used. Please let me know if this is true, I 
might be wrong.

BTW lmi type is auto-detected if using Cisco IOS version 11.2 and above


Omer








_
NetZero - Defenders of the Free World
Click here for FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]