OT Gibberish in email [7:74740]
Often in SPAM emails I get some sort of text that looks like this lmlbjot- qribr^jin(nezl(zvy -temwvnj Can anyone explain what this is? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74740t=74740 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF DR and BDR elections [7:73504]
That is the point I needed clarification on. Just seemed odd that the DR would not be established first, followed by the BDR. For a brief moment when the routers are first started, there is no DR, but there is a BDR. I wonder what the logic for that is. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] Technically, the BDR is elected first. If no router is claiming to be a DR, then the BDR will be immediately promoted to DR. Nonetheless, the end result is pretty much what the web page referenced below describes. Thanks, Zsombor mccloud mike wrote: The DR is elected first by highest priority, the tie breaker is highest RID. Then the process is repeated for the BDR. http://www.cisco.com/warp/customer/104/2.html#10.1 My understanding is that if the DR goes down then the BDR is promoted to DR and an election is held for the new BDR. This means that when the original DR comes back up it can not become DR until both of the current DR and BDR go offline. Cheers, Mike DeVoe, Charles (PKI) wrote: If I am understanding this correctly. There are no routers up in the network. I turn on 3 routers simultaneously at the same time. The routers will first select the BDR. They will then look for the DR. Since none exist, the BDR will be promoted to DR. Then another election will be held to find a new BDR. Is this correct? -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] The DR is not chosen from the remaining list. The DR is chosen from the list of routers that declared themselves designated routers (this is why a high-priority router that comes up late won't take over the DR role from an existing DR), or if no router declared itself DR, then the BDR will become DR (this is why a high-priority router that came up late won't necessarily become DR even if the existing DR dies). See RFC2328, Page 75 for more details. Thanks, Zsombor DeVoe, Charles (PKI) wrote: I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73597t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF DR and BDR elections [7:73504]
If I am understanding this correctly. There are no routers up in the network. I turn on 3 routers simultaneously at the same time. The routers will first select the BDR. They will then look for the DR. Since none exist, the BDR will be promoted to DR. Then another election will be held to find a new BDR. Is this correct? -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] The DR is not chosen from the remaining list. The DR is chosen from the list of routers that declared themselves designated routers (this is why a high-priority router that comes up late won't take over the DR role from an existing DR), or if no router declared itself DR, then the BDR will become DR (this is why a high-priority router that came up late won't necessarily become DR even if the existing DR dies). See RFC2328, Page 75 for more details. Thanks, Zsombor DeVoe, Charles (PKI) wrote: I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73557t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
OSPF DR and BDR elections [7:73504]
I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73504t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: CCNP MCSE hands on [7:73284]
Are you connecting through a hub or from pc to laptop using a crossover cable? Are the cables good? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 11:54 AM To: [EMAIL PROTECTED] Subject: CCNP MCSE hands on [7:73284] Hi all, I have recently passed the CCNP but have little experience. I have started working on the MCSE Win2K Server. I have tried to get hands on practice by networking my desktop and laptop, and maybe add from there. But I can't even get the two to talk. Could someone please give a little advice?? I can ping but the Win98 laptop says it has no access to the network, whatever that means. The Win2K desktop seems to be able to see the whole C:\ drive of the laptop. I have used the HELP file and read books. I have run out of ideas. -edgar San Diego, CA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73291t=73284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP MCSE hands on [7:73284]
Yup, realized that right after I hit send. I am used to troubleshooting things here. Have to double check everything a tech says he did. Had a guy one day tell me there was a network problem with a PC, everything at the PC checked out OK. I asked for the cable number, checked the database, check the switch port, and no activity. Went down to the machine, did a couple checks, decided to make sure the jumper cable was pushed in all the way. This is when I discovered that the cable wasn't even plugged in. Since then I check the obvious first. -Original Message- From: Duy Nguyen [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: Re: CCNP MCSE hands on [7:73284] He's able to see the c:\ on the laptop so its not physical. Reboot. refresh cache - Original Message - From: DeVoe, Charles (PKI) To: Sent: Thursday, July 31, 2003 12:25 PM Subject: RE: CCNP MCSE hands on [7:73284] Are you connecting through a hub or from pc to laptop using a crossover cable? Are the cables good? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 11:54 AM To: [EMAIL PROTECTED] Subject: CCNP MCSE hands on [7:73284] Hi all, I have recently passed the CCNP but have little experience. I have started working on the MCSE Win2K Server. I have tried to get hands on practice by networking my desktop and laptop, and maybe add from there. But I can't even get the two to talk. Could someone please give a little advice?? I can ping but the Win98 laptop says it has no access to the network, whatever that means. The Win2K desktop seems to be able to see the whole C:\ drive of the laptop. I have used the HELP file and read books. I have run out of ideas. -edgar San Diego, CA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73306t=73284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback Interface [7:73305]
I know the loopback interface is useful for assigning the router ID. Is there any other purpose? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73305t=73305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NOBODY emails [7:72997]
Hey!!! If nobody sends me an email did I really get an email at all? -Original Message- From: Vikram JeetSingh [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 7:38 AM To: [EMAIL PROTECTED] Subject: RE: NOBODY emails [7:72997] No, I won't think that these mails are sent by some person. I have a rule on my outlook application which sends all mails addressed to [EMAIL PROTECTED] to a specific folder, but this one is directly coming to my Inbox, so I feel that it will be a Server or mailing application (Majordomo I believe) bug, which is sending personally addressed blank mails to some or all the list members. Just my point though. Vikram -Original Message- From: Antero Vasconcelos To: [EMAIL PROTECTED] Sent: 7/25/03 3:51 PM Subject: RE: NOBODY emails [7:72997] I4m just beeing tired of that person. antero -Original Message- From: Taufik Kurniawan [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 25 de Julho de 2003 07:15 To: [EMAIL PROTECTED] Subject: Re: NOBODY emails [7:72997] I got .. about 10 emails At 03:56 25/07/2003 +, Puckette, Larry (TIFPC) wrote: Is anybody else receiving multiple emails from [EMAIL PROTECTED] that are empty?? Larry Puckette Network Analyst Temple Inland [EMAIL PROTECTED] 512-434-1838 Where there is no idol but money and power, there is no hope for integrity. -Original Message- From: Maximus [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 9:02 PM To: [EMAIL PROTECTED] Subject:RE: Vty access class [7:72990] I believe the standard ACL should be enough since your already specifying transport input ssh on line vty 0 4. Just my $0.02 Jablonski, Michael wrote: I'm having a bit of trouble with extended access-lists for vty access. Basically I'd like to setup an extended access list that only allows ssh access from certain IPs, but after creating the list and applying it to the VTY I lose access. But if I use a standard acl only allowing certain IPs it works fine... ip access-list extended local_shell permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 vty 0 4 access-class local_shell in transport input ssh Is the standard enough is the above over-kill? Thanx, mkj *** Este email assim como os ficheiros que possa ter em anexo sao confidenciais e para uso exclusivo da pessoa ou organizacao para o qual foi enviado. Se recebeu esta mensagem por engano por favor notifique a Compta atraves do endereco [EMAIL PROTECTED] Esta mensagem foi verificada pelo sistema MAILsweeper nao tendo sido encontrados virus. http://www.mimesweeper.com MAILsweeper - Modulo da suite MIMEsweeper, solucao de filtragem de conteudos comercializada pela Compta SA. A Compta SA detem o mais alto nivel de especializacao MIMEsweeper, tendo sido reconhecida pela Clearswift como Premier Partner. *** This message is confidential and may contain privileged information intended solely for the named addressee(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify Compta by emailing [EMAIL PROTECTED] quoting the sender and delete the message and any attached documents. This footnote confirms that this email message has been swept by MIMEsweeper for Content Security threats, including computer viruses *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73095t=72997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Practice lab [7:72731]
I am currently working towards my CCNP after getting my CCNA. Problem is I no longer have access to any routers. I can read the books and get the knowledge needed to pass the exams. But I also want the practical experience to go along with it. How does someone on a low budget get access to equipment to experiment and work on? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72731t=72731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: STP problem [7:70797]
We had a similar situation. Only in this case, the user was taking down internet access. Seems whoever configured the machine put the default gateway in as the users address. At the time we were running two protocols, decnet and tcp/ip. Decnet was the first one to be used. The only time there was a problem was when the user would try to access the internet. After a week of troubleshooting, we started looking at all of the PCs that had been installed recently. It was pure luck that we found it. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:35 PM To: [EMAIL PROTECTED] Subject: Re: STP problem [7:70797] Access points can be configured to do bridging and I wouldn't be surprised to discover that they don't do STP, especially low-end ones from the local KMart. A lot of low-end switches don't do STP either. So, the access point would have to be inserted into the network just right so that it caused a loop, but that's certainly possible. In that case all the looping broadcast traffic, not to mention looping unknown unicast traffic, could bring a network to its knees. I'm surprised so many people doubted his decription of the problem!? Anyway, finding it will be hard, though there's good advice from Tom and others. I think I would revert to an old-fasioned communications channel. Announce over the loud speaker that if you just connected a wireless access point, disconnect it now and report to the office! :-) Priscilla Tom Martin wrote: Chris, STP should be enough to avoid these types of problems. In order to cause a bridging loop the station would have to have both interfaces in the same VLAN and forward all L2 traffic except for BPDUs. Even if this were the case the wireless network (10-Mbps?) shouldn't be enough to bring the LAN to its knees (100-Mbps?). If you have STP enabled on all of your switches, I'm doubt that a single station is bringing the network down. Once you find the offending switch that you need to reboot, you can issue console commands to determine the root bridge and any blocked ports. Make sure that things are normal. You do have your root bridge set manually, don't you? :) To find out which port is causing the loop, take a look at the interface counters. You should see an unreal amount of traffic on the offending port (and the uplink to the core switch). When STP has been enabled I have only come across layer-2 loops twice. Once when a few HP switches had gone bad, and another time when a customer had configured channeling on one side but not the other (3500 series, no channel negotiation). In both cases I found that the problem was made worse with increasing traffic levels, and the problem also revolved around the same set of switches. The channeling problem was a bit more difficult to narrow down though, since it disabled MLS on the core switch and every segment appeared to have problems!!! I hope that helps, - Tom Christopher Dumais wrote: Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72467t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Lab Simulator [7:72167]
I have heard of the router sim from Sybex http://www.routersim.com Is this any good. -Original Message- From: Alan Ho [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 10:55 PM To: [EMAIL PROTECTED] Subject: CCNP Lab Simulator [7:72167] I am preparing for the CCNP certification. Anyone know of a good CCNP Lab Simulator? Please provide experience and details. Thanks Alan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72483t=72167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Security [7:70841]
What is SAFE??? -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: Re: Network Security [7:70841] At 3:18 PM + 6/20/03, annlee wrote: SAFE does start out with the explicit assumption that a Security Policy is already in place. A valid observation. Still, with this specific post, there doesn't seem to be either a threat assessment or a security policy, just a request for mechanisms (not even in an architecture like SAFE). To coin a phrase, what problem is the original poster trying to solve? FWIW, there is an example Security Polcy in the MCNS course book from Cisco Press -- Mike Wenstrom's book -- http://www.amazon.com/exec/obidos/tg/detail/-/1578701031/qid=1056122196/sr= 1-21/ref=sr_1_21/104-7746290-9333516?v=glances=books There are places where I disagree with how it's put together, but they really are more differeneces of style rather than substance. Annlee Howard C. Berkowitz wrote in message news:[EMAIL PROTECTED] As you've reminded me many times, Annlee, one really needs a security policy and a threat assessment before going into the details of the security architecture solution. SAFE doesn't give much guidance on policy formulation. I'm concerned with the goal statement of the original poster, Want to go for network security, e.g., protect against virus attack, when virus attack isn't even a network security issue -- it's a host issue. Arguably, worm, as opposed to virus attacks, are both host and network, because they can affect bandwidth. At 1:40 PM + 6/19/03, annlee wrote: Here's a good place to start -- http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solut i ons_package.html Pick a blueprint appropriate to your organization's size and the type of networking you do. SAFE is a mental architecture, as much as anything -- it's a think about the whole problem but solve it in increments kind of approach, I think. HTH Annlee milind tare wrote in message news:[EMAIL PROTECTED] Dear All, i hv following setup;- 2 6506 core switches having redundancy. 10 Nos. 3508 Distribution Switches. and 3500 series access's switches. in whole plant i hv 140 switches. want to go for network security. e.g. protect from virus attact , hacking so can anyone sugest me cisco product. please give me the URL also so i can study. Thanks Regards, milind Tare Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72327t=70841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: console port problem [7:72298]
Perhaps a copy of the running config would help -Original Message- From: star star7 [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: Re: console port problem [7:72298] i cannot use my console port to access one of my 2524 router as well as 1900 switch , they don't respond but i can telnet to them. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72329t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco back to back cable [7:71992]
Perhaps a copy of the configs would be helpful here. -Original Message- From: KW S [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 12:22 PM To: [EMAIL PROTECTED] Subject: cisco back to back cable [7:71992] Dear All I have a 2501 and 2505 and I am trying to set up a homelab..These 2 routers come with a cable which is a DB60(DTE) and the other end is a DB60(DCE).This is wat that is label on the cable. Anyway, I try to connect this cable to the serial interface of the 2 routers...and both the routers are showing serial is down and line protocol is down. I guess I have used the wrong cable...or maybe I have missed out something. Please comment.. Regards, kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72038t=71992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT: Friday Funnies [7:71825]
Better Question -- Why do we drive on parkways and park on driveways? -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 10:56 AM To: [EMAIL PROTECTED] Subject: Re: OT: Friday Funnies [7:71825] NO no no. You've got it all wrong (said in the voice of Hermione Granger from Harry Potter). That's when the we released the British from their bondage. They liked it so much that they fought us to stay. :-) Glad we're still friends. Have a great day. Twisted thought for the day: Can you consider fiber WIREless??? Dom 07/03/03 04:15AM Here is an early Friday Funny as I will be sulking tomorrow as we lost part of our Great British Empire on that date ;) [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71841t=71825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: wireless [7:71781]
Is Fiber considered wireless? -Original Message- From: Weaselboy [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 12:07 PM To: [EMAIL PROTECTED] Subject: Re: wireless [7:71781] I needed to pad out my resume with a few good certs before I renew my CCNP and start the CCIE track. Wireless is a hot topic, and these were two pretty easy one-test resume fillers (and kinda fun to play with). SE = (wireless) System Engineer FE = (wireless) Field Engineer Here are links to the CCO with descriptions of both (watch the wrap) http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/9E0-576.html http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/9E0-581.html I probably spent a total of three weeks to study for both (there's a lot of overlap). I posted the link for the book and bosons in another e-mail yesterday, but let me know if you didn't get it. Between reading the book and taking the boson, I had no problem. Make sure and take the SE first, because that's the easier one. The WB What CWNA book did you use? Cisco press? What's the title? What's SE ? FE ?? This is Cisco Cert ? right? -edgar CCNP of late On Wed, 2003-07-02 at 15:11, Edgar A. Howard wrote: I passed both the SE and FE exams first time out using the CWNA book and bosons. Between these two sources you should have everything you need. Take the SE first (its a little easier). The WB, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71843t=71781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Study Materials [7:71789]
I am looking for a good source for some CCNP Study Materials. Can anyone suggest some good books, practice exams, etc. Thank you for our support. Bartyls and James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71789t=71789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hybrid vs. Native [7:66766]
We have a 6509 and I have heard talk about native vs. Hybrid mode of operation. What is the difference? Is there a link to a white paper or something? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66766t=66766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hybrid vs. Native [7:66766]
So if I read this right, it is just a different set of commands. Are there operational differences? -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 3:44 PM To: DeVoe, Charles (PKI) Cc: [EMAIL PROTECTED] Subject: Re: Hybrid vs. Native [7:66766] DeVoe, Charles (PKI) wrote: We have a 6509 and I have heard talk about native vs. Hybrid mode of operation. What is the difference? Is there a link to a white paper or something? That question comes up periodically but the in a nutshell a 6500 in native mode is a big router, no catOS commands, and if you are familiar with 2900/3500 switch commands native switch layer 2 stuff will be familiar and of coarse the L3 commands are your regualr old IOS commands. Here is a snap shot of a 6506 running native: Native6506#sh ha Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY DEPLOYMEN T RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Wed 04-Sep-02 18:45 by eaarmas Image text-base: 0x40008C00, data-base: 0x41A68000 ROM: System Bootstrap, Version 12.1(4r)E, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY DEPLOYMEN T RELEASE SOFTWARE (fc1) Native6506 uptime is 5 weeks, 2 days, 43 minutes Time since Native6506 switched to active is 5 weeks, 2 days, 42 minutes System returned to ROM by power-on (SP by power-on) System image file is slot0:c6sup12-js-mz.121-13.E.bin cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. Processor board ID SAD05020HUX R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 8 Virtual Ethernet/IEEE 802.3 interface(s) 120 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 112640K/18432K bytes of memory. Configuration register is 0x2102 Native6506# Native6506#sh conf Using 8789 out of 391160 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Native6506 ! boot system flash slot0:c6sup12-js-mz.121-13.E.bin boot bootldr bootflash:c6msfc2-boot-mz.121-4.E1 no logging console enable password cisco ! ip subnet-zero ! ! ip tcp intercept mode watch no ip domain-lookup ! mls flow ip destination mls flow ipx destination ! redundancy mode rpr-plus main-cpu auto-sync running-config auto-sync standard ! ! ! interface Port-channel1 no ip address switchport switchport trunk encapsulation dot1q ! interface GigabitEthernet1/1 no ip address switchport switchport trunk encapsulation dot1q switchport trunk native vlan 64 ! interface GigabitEthernet1/2 no ip address shutdown ! interface FastEthernet3/1 no ip address duplex full speed 100 switchport switchport access vlan 301 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet3/2 ip address 121.1.1.2 255.255.255.0 duplex full speed 100 ! interface FastEthernet3/3 ip address 30.1.1.1 255.255.255.0 ip access-group 199 in duplex half speed 100 ! interface FastEthernet3/4 no ip address duplex half speed 10 switchport switchport access vlan 304 switchport mode access !interface Vlan1 no ip address shutdown ! interface Vlan64 ip address 172.28.64.23 255.255.255.0 ! interface Vlan302 ip address 79.79.79.1 255.255.255.0 ip access-group 199 in ! interface Vlan303 ip address 99.13.13.1 255.255.255.0 shutdown ! interface Vlan304 ip address 79.79.80.1 255.255.255.0 ! interface Vlan305 ip address 99.15.15.1 255.255.255.0 shutdown ! interface Vlan306 no ip address shutdown ! interface Vlan307 no ip address ! router eigrp 1 network 172.28.0.0 no auto-summary eigrp log-neighbor-changes ! router eigrp 100 network 99.0.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 I would rather have a German division in front of me than a French one behind me. --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66784t=66766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 different CCNP certifications [7:66547]
Since I just recently passed my CCNA I thought I would continue on up the ladder. In looking at the CCNP I see there are 2 ways to get it. 1. Take the BSCI 640-901, Switching 640-604, Remote Access 640-605 and Support 640-606 exams. OR 2. Take the Foundation exam 640-841 (combination of the BSCI, Switching and Remote Access exams) and the Support 640-606 exam. What is the difference and what is proffered? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66547t=66547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Log files [7:66070]
On Cisco routers and switches are there log files? How do I view them? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66133t=66070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Log files [7:66070]
On Cisco routers and switches are there log files? How do I view them? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66070t=66070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay [7:65658]
Disregard previous. After further review, I find the ping failed because I typed in the wrong ip. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65983t=65658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay [7:65658]
Disregard previous. After further review, I find the ping failed because I typed in the wrong ip. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65658t=65658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay question [7:65659]
I am working with the test out simulator. LAX 11.0.0.2--frame cloudsfo 11.0.0.1 In the frame relay module there is an exercise to connect 2 routers through a frame relay cloud. Initially, the LAX router is using inverse arp to do the mapping. A show frame map yields Serial 1 (up): ip 11.0.0.1 dlci 100 (0x64,0x1849, dynamic,broadcast,,,status defined,active After turning off the frame-relay inverse-arp and clearing the cache, I enter a static mapping frame map ip 11.0.0.1 100 now the show frame map yields Serial 1 (up): ip 11.0.0.1 dlci 100 (0x64,0x1849, static,CISCO, status defined, active With the dynamic mapping I can't ping the other routers interface (11.0.0.1). The static map successfully pings the other node. I understand how to set up it up. What I don't understand is why the static mapping works and the dynamic mapping doesn't. Can someone please explain this? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65659t=65659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Traceroute responses [7:65310]
I have been looking at the transcender exams to get a final brush up for the CCNA exam. In those exams there are questions about the routers response to things like trace and ping. I believe they are referring to ICMP messages. The response types they mention are things like the responses they use are !H, N, P, and U. I've never seen these before and was wondering where I could find the list of responses in this format. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65310t=65310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: is 10baseT dead? [7:65077]
What about htis. The server tries to dump data to the client over the 10M pipe. The client cannot accept it as fast as the server can put out. Having a slower line to the client in effect will cause degradation at the server. -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 11:02 AM To: [EMAIL PROTECTED] Subject: Re: is 10baseT dead? [7:65077] Scott, I think you have a great point, it seems that most of the computer technologies we have today are not taken full advantage of. However instead of taking the air out the sale's staff sales as it were ( no pun intended ). Why not suggest upgrade from the Idf's to the server farm. You could suggest Ether Channel to combine some of the runs you have put in ( I'm sure ) when you are upgrading your networks. This way you have more bandwidth to the server farm and fault tolerance. WOW now that's a selling point. Also it can be done with out raising up the costs on hardware to much. You can get duel interface NIC's for your servers that are fairly reasonable now. I am amazed at the push for processor speed now, I can think if very few people that NEED 3Ghz with 2Gb of RAM. However no one NEEDS a Jaguar eigther, some people just want it and if they can afford it so be it. Look at the situation this way at least if your going for over kill the network will perform well, that is better than underselling and then having your clients be upset because they are limited in the future. But hay that's just my 2 cents. Take it with a grain of salt. = ) Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65198t=65077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffer on Catalyst 6509 [7:64894]
You do this with the span command -Original Message- From: Eduardo Perestrelo [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 7:44 AM To: [EMAIL PROTECTED] Subject: Sniffer on Catalyst 6509 [7:64894] Hi, I have a Catalyst 6509 and need to sniff network. If possible enable one port to read all traffic to sniff ?! Thanks, Eduardo Perestrelo CCNA / CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64897t=64894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Basic Frame Relay question [7:64923]
I am looking at frame relay. As I understand it, the frame relay connection goes from the CPE to the service provider CO. My question is, does the destination device on the other side of the CO also need to run frame relay? Could they perhaps run ATM? My CPE CODest. CPE | Frame Relay|ATM | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64923t=64923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ipx [7:64341]
I am using the Sybex CCNA Trainer software. In the IPX section they refer to commands like sho ipx servers, show ipx route, etc. When I go to the router (running 12.1) and I do a show ?, no ipx anything is listed. Has the command changed? Does ipx need to be enabled to see these commands? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64341t=64341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: L3 Switching Huh???? [7:63728]
OK, let me try this again. I am trying to figure out the difference between conventional layer 3 routing and layer 3 switching. A little background. I am currently working towards my CCNA (have been for about 3 years). At any rate, everything I read and look at says that switching/bridging is a layer 2 function, routing is a layer 3 function. Either I don't have a good grasp of the OSI model, switching, routing, VLANs or all of the above. The network: Host A 10.1.1.2 MAC 00.AA Host B 10.1.2.2 MAC 00.BB |10.1.1.1 MAC 01.AA 10.1.2.1 MAC 02.BB| switch A---Router-switch B 10.1.1.0/2410.1.2.0/24 This is an ethernet network. Both segments are connected by a traditional router say a 2500. In this instance the router interfaces are subnet A 10.1.1.1, and subnet B 10.1.2.1 For simplicity, assume ARP cache is empty. Host A wishes to ping Host B End user on Host A enters - ping 10.1.2.2 The IP packet places the source address 10.1.1.2 and the destination address 10.1.2.2 into the packet. The IP protocol examines the IP address and based on the IP address determines this is in another subnet. An ARP request goes out for 10.1.1.1 (default gateway) and the MAC address is found. The DLL then places the source MAC address 00.AA and the destination MAC 01.AA into the frame. The frame then goes out the wire to the destination MAC. The router interface sees this frame as destined for itself. It de-encapsulates the frame removing the MAC addresses. The router then examines the IP address, based on the routing table it knows the destination port. The router leaves the same IP source (10.1.1.2) and destination (10.1.2.2) in the packet. The frame is rebuilt with the new MAC address of source 02.BB and destination 00.BB Host B grabs this packet and does it's thing. Now, if I replace the router with a 6509 switch, with routing, how does the process change? Said 6509 would be equipped with a 10/100 card so that the hosts are now directly connected. The router interface is now a virtual interface, there is no physical interface. Which is another question. How does the 6509 determine this virtual address? Am I correct? Inter VLAN communication cannot occur without a router. Switching is based on MAC address. Routing is based on IP address. I believe the term layer 3 routing is a marketing term, not scientific or engineering in nature. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63857t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2950 telnet access is lost after vlans [7:63789]
You will need routing between the VLANs. If this is done via the uplink you will also need to do some trunking. Hope this helps. -Original Message- From: J. Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: 2950 telnet access is lost after vlans [7:63789] I've lost some telnet access to my 2950 after implementing vlans. Before - Address 10.0.0.6 was available on vlan 1, which was the default vlan for all ports. telnet was possible into the switch from machines connected to any port. After - Created several vlans (5, 6, 7, and 8) and split the ports among them. Now when I do: switch(config)#interface vlan 5 switch(config-if)#ip address 10.0.0.6 255.255.255.0 switch(config-if)#no shutdown the vlan interface that was previously up shuts down and only boxes connected to the ports in vlan 5 are able to telnet into the switch. Is there a way to allow boxes on ports assigned to other vlans to telnet into the switch at 10.0.0.6? James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63858t=63789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
L3 Switching Huh???? [7:63728]
I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63728t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: L3 Switching Huh???? [7:63728]
The decision to send to the RP isn't really based on the VLAN is it?? I believe that the decision to send to the Routing Processor (RP) is indeed based on the VLAN. When a host wishes to communicate with another host, the IP on the host determines if the host is on the same subnet or not. If it is on the same subnet, it will send an ARP broadcast to determine the MAC address of the destination host. If the host is on another subnet, the ARP request will be for that of the default gateway (aka RP). The RP will strip out the source and destination MAC address and replace the destination with that of host B (or next hop) and place it's own MAC address in the source address. The IP addresses will not be changed. Switches and Bridges make decisions based on MAC address (layer 2). Routers make decisions based on IP address (layer 3). So is the RP making routing decisions based on the MAC address??? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 1:33 PM To: [EMAIL PROTECTED] Subject: Re: L3 Switching Huh [7:63728] Robert Edmonds wrote: Layer 3 switching combines the best of switching and routing in one platform. The main advantage here is speed. The way it works is, in a switch you have some kind of layer 3 routing engine (aka route processor, or RP). For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of the options available for the Cisco 6500 (and a couple of others, I think) switches. When the switch receives a packet bound for a different VLAN, it sends it to the RP. The decision to send to the RP isn't really based on the VLAN is it?? The decision is based on the MAC destination address, I would assume. A host in VLAN 1 wants to send to a host in VLAN 2. Because VLANs generally equate to IP subnets, the host knows that it must send to its default gateway, which is the RP. It ARPs for the RP and gets a MAC address. It sends the frame then with the destinaton MAC address set to the RP's address. The L2 switch looks just at MAC addresses. That's what makes it L2. It has learned that this MAC address belongs to the RP. (Learning the location of MAC addresses is a basic L2 function). Now the RP can do L3 switching. It looks at the IP destination address to determine where to send the frame. That's what makes it L3 (i.e. that it uses a L3 address for its decision). As far as switching, routing, forwarding, they all mean the same thing. As Kevin Banifaz said in one of the best, most concise answers that we have seen, Switching is the function of directing frames or packets from one port or interface to another. Someone said that switching isn't a technical term. What a shame. It certainly used to be a good engineering term. Network equipment developers borrowed the term from our forefathers and foremathers who worked on the high-tech equipment of the 1800s and 1900s. Railroad tracks switch trains. Electrical equipment switches current. Telephone equipment switches voice conversations. Bridges, switches, and routers switch frames. I must direct you all, once again it seems, to Webster's definition of switch, the noun: Main Entry: 1switch Pronunciation: 'swich Function: noun Etymology: perhaps from Middle Dutch swijch twig Date: 1592 1 : a slender flexible whip, rod, or twig 2 : an act of switching : as a : a blow with a switch b : a shift from one to another c : a change from the usual 3 : a tuft of long hairs at the end of the tail of an animal (as a cow) -- see COW illustration 4 a : a device made usually of two movable rails and necessary connections and designed to turn a locomotive or train from one track to another b : a railroad siding 5 : a device for making, breaking, or changing the connections in an electrical circuit 6 : a heavy strand of hair used in addition to a person's own hair for some coiffures If anyone else brings up this question, we may need to have definition 1 applied to them. Or, if we're nice, we'll use definition 6 on your behind instead. Or we'll say that you are definition 3. :-) Priscilla The RP makes the routing decision and puts an entry in the route cache for the switch. The first packet in a flow is routed and the rest are switched at wire speed, hence the increase in speed. That's kind of a simplified view, but I think it gets the general idea across. So, layer 3 switching is both routing and switching, but faster (usually, anyway). DeVoe, Charles (PKI) wrote in message news:[EMAIL PROTECTED] I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63779t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report
RE: Upgrading from Token Ring to Fast Ethernet [7:63374]
Just a thought. Could you create a VLAN and put both ports in the same VLAN? -Original Message- From: Marakalas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Upgrading from Token Ring to Fast Ethernet [7:63374] Hi All, I'm in the process of upgrading from Token Ring to Fast Ethernet at one of our client's sites. This upgrade won't be fork-lifted overnight and my concern is that that the client is not keen on doing the IP readdressing. I'll be deploying a Cisco 2513 router during the migration period and my question is as follows:- How do I leave the IP subnets configured on the Token Ring interface and have users connect to the Ethernet interface, and still be on the same IP subnet, if possible. Your assistance will be highly appreciated. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63377t=63374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Snort versus Cisco IDS [7:62939]
I do believe it is in the best interest of the Cisco engineers to also push their products. -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 10:35 AM To: [EMAIL PROTECTED] Subject: RE: Snort versus Cisco IDS [7:62939] The term team was meant to by inclusive of engineers as well as sales. I can assure you I have talked to many competent Cisco engineers, some of them who specialize in security, who do in fact recommend the Cisco IDS to their large clients. And yes, salespeople will obviously always push their product. Regards, Kent On Fri, 2003-02-14 at 07:15, DeVoe, Charles (PKI) wrote: 2) Has never talked to any of the Cisco teams that manage large global accounts Of course these are sales people. Sales people make their livelihood off of the sales. So obviously, they will push the product. Rule 1. Never trust a salesperson. Rule 2. Never Believe a salesperson. Rule 3. Never forget Rules 1 2. -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 4:39 PM To: [EMAIL PROTECTED] Subject: Re: Snort versus Cisco IDS [7:62939] On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Whomever told you this: 1) Is extremely naiive (one Cisco engineer told them something and they took it as gospel) 2) Has never talked to any of the Cisco teams that manage large global accounts I can tell you for a 100% fact that Cisco recommends their IDS very actively to their large global customers, I'm working on a Fortune 5 account right now and the Cisco team is heavily pushing a Cisco IDS deployment. If one of their engineers recommended snort, the AM would have them bound and gagged and thrown in a very dark basement. ;-) Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco IDS is a commercial, fully baked product in the sense that it has a lot of bells and whistles for the end-user market. Cisco is also developing custom hardware such as blades that slide into a Cat 6500, making for easy deployment and the ability to capture and process traffic at Gigabit speeds. Snort is much more of a tech geeks solution, although there are a lot of talented people writing code to increase its ease of use such. (things like ACID and Demarc) The bottom line is that snort will do the job in a lot of environments, but your going to need to have some very technical people to handle the care and feeding of the system. It is an open source solution and doesn't come with built-in support other than what you get through mailing lists. The Cisco IDS comes with TAC behind it. You pay more for more support baked into the process and a large amount of dedicated resources working on your issues. (it's the same old open source vs commercial product argument) For small environments where funds are very limited or for environments with highly technical but cheap labor (such as universities), snort is probably the better solution. For large enterprises, Cisco would probably be the better choice. Of course, YMMV, a lot depends on the environment, , that's my opinion, take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, disclaimer... Regards, Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63378t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Snort versus Cisco IDS [7:62939]
2) Has never talked to any of the Cisco teams that manage large global accounts Of course these are sales people. Sales people make their livelihood off of the sales. So obviously, they will push the product. Rule 1. Never trust a salesperson. Rule 2. Never Believe a salesperson. Rule 3. Never forget Rules 1 2. -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 4:39 PM To: [EMAIL PROTECTED] Subject: Re: Snort versus Cisco IDS [7:62939] On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Whomever told you this: 1) Is extremely naiive (one Cisco engineer told them something and they took it as gospel) 2) Has never talked to any of the Cisco teams that manage large global accounts I can tell you for a 100% fact that Cisco recommends their IDS very actively to their large global customers, I'm working on a Fortune 5 account right now and the Cisco team is heavily pushing a Cisco IDS deployment. If one of their engineers recommended snort, the AM would have them bound and gagged and thrown in a very dark basement. ;-) Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco IDS is a commercial, fully baked product in the sense that it has a lot of bells and whistles for the end-user market. Cisco is also developing custom hardware such as blades that slide into a Cat 6500, making for easy deployment and the ability to capture and process traffic at Gigabit speeds. Snort is much more of a tech geeks solution, although there are a lot of talented people writing code to increase its ease of use such. (things like ACID and Demarc) The bottom line is that snort will do the job in a lot of environments, but your going to need to have some very technical people to handle the care and feeding of the system. It is an open source solution and doesn't come with built-in support other than what you get through mailing lists. The Cisco IDS comes with TAC behind it. You pay more for more support baked into the process and a large amount of dedicated resources working on your issues. (it's the same old open source vs commercial product argument) For small environments where funds are very limited or for environments with highly technical but cheap labor (such as universities), snort is probably the better solution. For large enterprises, Cisco would probably be the better choice. Of course, YMMV, a lot depends on the environment, , that's my opinion, take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, disclaimer... Regards, Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63019t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Connections [7:62863]
There are 2 7200 routers that connect to different providers. Traffic ends up where it is supposed to. The problem is that we have intermittent slow response times and some applications that don't work properly over the internet. My suspicions are that some of the traffic is returning over the smaller 512K line and that is causing congestion. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 5:29 PM To: [EMAIL PROTECTED] Subject: RE: Internet Connections [7:62863] I think we need more info. Questions below... DeVoe, Charles (PKI) wrote: I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. One interface of what? The 7200? Does the 7200 connect to multiple border routers? Can you tell us more about that part of the topology? I suspect that something is not right with the border routers. Any thoughts or suggestions? It's very difficult to control how traffic comes back into your network over the Internet. Entire books by Berkowitz, etc. have been written on this topic. But it's not necessarily a problem. If the traffic all ends up at the 7200 and the 7200 is configured correctly with the static routes that you mentioned, the traffic should end up at the right place. What problem are you trying to solve? By the way, John makes a really good point about pinhole congestion. See his post too. Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62949t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet Connections [7:62863]
I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62863t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
long ack times [7:62867]
I have several users who are trying to run an application and often have problems. In using a sniffer on the packets I have found that some of the packets are experiencing long ack times. How does one troubleshoot this sort of problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62867t=62867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]