Cisco 2621 Window NLB...Slightly off topic [7:72496]
Quick question for the group. I have a 2621, 1 of the FA ports connected to a hub. from there, I have 2 servers running win2K's network load balancing. Pretty simple config to cluster 2 web servers with a VIP and virtual mac based on that VIP. For the life of me, I cannot get one of the web servers to repond to requests... So, my question would be, has anyone deployed this before? And, run into problems because of the router ? Thanks, Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72496t=72496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
I was on a conference call with Cisco and the Cisco rep felt we were overreacting by rushing to change our code right away, He said that the packet was extremely difficult to create and the person would have to be a genius to make it. Duncan At 04:33 PM 7/17/2003 +, Priscilla Oppenheimer wrote: Oscar wrote: Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet lots and lots of IOS versions are affected http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml Thanks for the link. It's scary. Of course, with the proper ACLs, a router wouldn't be affected, but probably lots of routers don't have the proper ACLs. Anyone know the details? The advisory just says this: A rare, specially crafted sequence of IPv4 packets which is handled by the processor on a Cisco IOS device may force the device to incorrectly flag the input queue on an interface as full, which will cause the router to stop processing inbound traffic on that interface. This can cause routing protocols to drop due to dead timers. I think Cisco was right not to publish the details about these rare, specially crafted packets, but does anyone have the details? Maybe if you can get to the bugtracker, the details are in there. Thanks Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72510t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re[2]: Automatic cutover between wireless and satellite [7:72345]
All good points and ideas. I am in the process of adding the wireless aspect to the present satellite setup. I'll keep you all posted on my progress. Thanks, Duncan Exactly, the physical interface would never go down, even if out of range. That's why I suggested creating a tunnel interface over the wireless, and use that as the default route. If you go out of range the tunnel interface should go down (because it can't reach the other router), and a higher administrative cost static default would then switch you over to using the satellite. You could use a dynamic routing protocol also, but the likelihood of having a dynamic routing protocol working with multiple ISP vendors is slim. Not necessarily due to whether it is technically possible or not, but more to do with egos, policy, and other political issues. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Geoff Kuchera [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:35 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Automatic cutover between wireless and satellite internet [7:72296] The only way I can think of to do this would be to use a routing protocol with weighted routes. Because you are using an access point the wireless connection will look to you like an ethernet. This being said the interfaces will never go down. The way you may be able to solve this would be to use a routing protocol that sends hello packect across the wireless network. This would then detect when you get out of range and then switch routing to the satellite. You could use a floating static to do the routing so you don't have to send routing packets across the satellite network. (this would be very much like a dial-backup type of solution. -Geoff Kuchera The router has 802.11b? Not exactly clear on your setup, but you could try something like creating a tunnel over the 802.11b. If the tunnel goes down (out of range of the 802.11b wireless) then you switch over to using the satellite... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Duncan Wallace [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 6:22 PM To: [EMAIL PROTECTED] Subject: Automatic cutover between wireless and satellite internet [7:72270] Has anyone run into an scenario like this before. I have a router that is mobile. It is connected to a workgroup switch of a few laptops. I have two other interfaces (internet connections) that are connected to a satellite (128k) and an 802.11b access point. What I want to do is utilize the satellite link when I am out in the field. When I return to my base area, I would like it to automatically cutover to the wireless link, as well as back to the satellite when I roam away from the base area. (I get charged by the minute for my satellite, plus the wireless is faster) I feel like this should be pretty easy, but for the life of me can't figure out how to proceed... Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Thanks, Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72345t=72345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Automatic cutover between wireless and satellite internet [7:72270]
Has anyone run into an scenario like this before. I have a router that is mobile. It is connected to a workgroup switch of a few laptops. I have two other interfaces (internet connections) that are connected to a satellite (128k) and an 802.11b access point. What I want to do is utilize the satellite link when I am out in the field. When I return to my base area, I would like it to automatically cutover to the wireless link, as well as back to the satellite when I roam away from the base area. (I get charged by the minute for my satellite, plus the wireless is faster) I feel like this should be pretty easy, but for the life of me can't figure out how to proceed... Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72270t=72270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: wireless [7:71781] - WLANFE [7:71802]
Definitely agree...I used Building a Cisco Wireless LAN, CWNA, plus, luckily I had an 1100 to play with. Know the basics, but also know the products (AP's and the interface, antennas, and client cards) HTH Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] hello all i want to know ,,how is Cisco wireless exam 9E0-581 WLANFE, what abt the study material or books is any one who already took this exam pls tell me the details abt this.. thanx a lot in advance VijayAnand Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71802t=71802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can anyone tell what ITM means?! [7:71601]
Internet traffic management (ITM) solutions like the Platform/Cisco offering, in our judgment are a key part of essentially all Web services, said Peter Christy, principal, Collaborative Research the leading Internet infrastructure industry analysts. Any information worth making available on the Internet is worth delivering with a high quality of service and high availability. Cisco is the clear market leader in ITM products today. Platform Computing brings a unique competence in the co-ordination of heterogeneous clusters of computers. The partnership is a compelling offering for many of today's sophisticated Web operations. At 03:07 PM 6/29/2003 +, Zsombor Papp wrote: Don't know what it stands for (probably something about Internet, Technology, and Multimedia) but found a document that said it was a thirty hour multimedia CD-ROM introducing networking technology to the novice and selling for $50. HTH, Zsombor At 06:35 PM 6/28/2003 +, james kong wrote: I have read Routing and Switching Written Exam (350-001)Study Suggestions. This item is on the list---ITM from the Cisco Connection Training CD (DOC-CCTCD) Order ITM online.will U tell me the mean of ITM?Thank you very much!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71629t=71601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCDA CCDP [7:70637]
Hello all - I am thinking about adding the CCDA and CCDP to my cisco cert arsenal. I was wondering what books the group would recommend for 640-861 and 640-901 (I believe these are the latest tests...) Thanks, Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70637t=70637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Certification question [7:69898]
I am searching on the web site, but cannot seem to find an answer...I will continue to look, but figured I would pose the question here in the mean time. I currently hold a CCNA and CCNP, if I pass the CCDA and/or CCDP will that re-up my CCNx Certification ??? Thanks in advance, Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69898t=69898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Certification question [7:69898]
I am searching on the web site, but cannot seem to find an answer...I will continue to look, but figured I would pose the question here in the mean time. I currently hold a CCNA and CCNP, if I pass the CCDA and/or CCDP will that re-up my CCNx Certification ??? Thanks in advance, Duncan Wallace Sr. Systems Engineer Pacific Star Communications 15714 SW 72nd Ave. Portland, OR 97224 Work:503-403-3000 Cell:971-506-8164 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69924t=69898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hacking challenge [7:66720]
Easy, show them RFC 3514 and let them know you would need a firewall to block the Evil bit...cash, check or charge? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetwinc/104-99 01005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66770t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Getting out of hand?? [7:65676]
How is the industry supposed to keep up with this?? Cisco also announced today highly prestigious certification support across the entire PIX Family of security appliances. Certifications earned include the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and both ICSA Labs firewall and IPSec certifications. These certifications provide customers with independent and objective validation that a company's product meets certain levels of quality and reliability, and are among the industry's most respected and stringent criteria for certification. Providing customers broad certification support across the Cisco PIX family within a common operating system increases operational efficiencies and lowers support and management costs. Duncan Maccubbin US Network Support, Cable and Wireless CCNA, CCNP, CSS1, MCSE4 Work (703)287-6975 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65676t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wireless LAN Support Exam [7:65625]
Jeffrey - Thanks for the info. I am going for the new exam, so maybe the class would be in order. Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Reed Sent: Tuesday, March 18, 2003 3:52 AM To: [EMAIL PROTECTED] Subject: RE: Wireless LAN Support Exam [7:65625] Duncan, I'm not sure if you're talking about the new exam or the old one that you could take in the privacy of your office (aka open book test). I haven't taken the new exam yet, but will in about 30-45 days. I'm sure it's going to be more difficult than the old test and hopefully updated. The old test had some questions and none of the answers were correct, which was a little frustrating. For the new test, I would highly recommend going to a Cisco training partner and take the Wireless SE course. The stuff on the old test was nearly impossible to find in manuals or marketing material found on Cisco's web site. I suspect the new test will be the same. Good luck! Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Duncan Wallace Sent: Monday, March 17, 2003 10:22 PM To: [EMAIL PROTECTED] Subject: Wireless LAN Support Exam [7:65625] I was wondering if anyone out there has attempted the Wireless LAN Support yet, and if so, what study materials you used (other than the web site). I have been going over the CWNA for a solid background, but was looking for something with more of a Cisco flavor. Thanks in advance, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65715t=65625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wireless LAN Support Exam [7:65625]
Good idea, I'll check out the Bosons. I also just got Building Cisco Wireless LANs, a bit old, but should give me some good direction. Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: JJ Angleton [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 7:28 AM To: Duncan Wallace; [EMAIL PROTECTED] Subject: Re: Wireless LAN Support Exam [7:65625] I passed both cisco wireless exams in the last few month. I've got some practical experiance with the equipment, so I read everything I could find on the CCO and downloaded the bosons, which turned out to be great. Make sure to take design first, and support second. Duncan Wallace wrote: I was wondering if anyone out there has attempted the Wireless LAN Support yet, and if so, what study materials you used (other than the web site). I have been going over the CWNA for a solid background, but was looking for something with more of a Cisco flavor. Thanks in advance, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] _ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65716t=65625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless LAN Support Exam [7:65625]
I was wondering if anyone out there has attempted the Wireless LAN Support yet, and if so, what study materials you used (other than the web site). I have been going over the CWNA for a solid background, but was looking for something with more of a Cisco flavor. Thanks in advance, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65625t=65625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lost area on CCO [7:62511]
I used to be able to order ROMS and Documentation under entitlement from the old CCO page. I can't seem to find it anymore. Can anyone point me to it on the new page? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62511t=62511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62110t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62114t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62120t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to stop SYN Flood with Pix firewall? [7:61891]
If it wasn't for those Crappy Windows machines, we would have jobs. -Original Message- From: d tran [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 9:18 PM To: [EMAIL PROTECTED] Subject: Re: How to stop SYN Flood with Pix firewall? [7:61891] I am not sure how many Packets/Sec hping2 generate but I don't think 100BaseT was saturated because the whole thing is connected to a Cisco 2924-XL Enterprise switch (running 12.05(T)) IOS. Furthermore, while machines on 172.16.1.0/24 network have problem connecting to the linux web server via NATed address 172.16.1.71, they have NO problems surfing the Internet or any other network. In fact, I am writing you this email as my other two linux servers are sending SYN flood to the web server and the CPU on the Pix firewall is at 99%. You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT Przemyslaw Karwasiecki wrote:How many packet per second hping2 generates? If it saturates 100BaseT, maybe you had just reached performance limit of PIX520? I am not trying to say that PIX will not handle traffic in proximity of 150,000-200,000 pps. I simply don't know that. But, if it needs to analyze 150,000 SYN packets per second, I can easily imagine that it will crawl. BTW -- very interesting experiment. Przemek (fighting with udp 1434 now) On Sat, 2003-01-25 at 16:40, d tran wrote: Guys, I have the following scenario: I have a pix 520 firewall (750MHz with 512MB of RAM) in the lab. The inside interface is 10.100.0.254/24 and the outside interface is 172.16.1.253/24. I have a linux server residing on the inside network with IP 10.100.0.71 running Apache Server and it is NATed to the outside with IP 172.16.1.71. I would like to make this web server availabe to outside world. My pix configuration looks like this: static (inside,outside) 172.16.1.71 10.100.0.71 access-list 100 permit tcp any host 172.16.1.71 eq 80 access-list 100 deny ip any any access-group 100 in interface outside floodguard enable Now on the outside network I have two linux servers, (172.16.1.67 and 172.16.1.7), running hping2 program that is capable of generating a lot of SYN connection to address 172.16.1.71. Now, when I run the hping2 program, I am seeing the cpu utilization on the firewall reaching 99% like this: pix1(config)# sh cpu usage CPU utilization for 5 seconds = 99%; 1 minute: 98%; 5 minutes: 98% However, the connection is less than 200 pix1(config)# sh conn count 125 in use, 7926 most used Other machines on the 172.16.1.0/24 network have problem reaching the webserver, 172.16.1.71, when hping2 is bombarding the webserver with SYN Flood. Fair enough, I decided to modify the access-list 100 to limit both the maximum connections and half-open connections to 500 and 250, respectively, as follows: static (inside,outside) 172.16.1.71 10.100.0.71 255.255.255.255 500 250 and I do clear xlate after that. That didn't help. The cpu utilization is still 99% and machines on the outside network still have problems accessing the website. My question is this. How do I defend against SYN flood like this? From what I've heard, Cisco Pix has an improved TCP intercept to defend against SYN attack. Why is it not working in my case? To make the matter worse, the CPU also reaches 99% when hping2 SYN flood port 22 even though the firewall does not allow port 22 to 172.16.1.71. I am testing with both version 6.2(2) and 6.3(0) build 131 on this Pix520 firewall. I would like to know how to defend against not only SYN flood but also from other attacks. It looks to me like Pix is not doing its jobs. Regards, DT - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61944t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DTE/DCE [7:60240]
Thank you Scott. You have given me exactly what I am looking for and have made it a lot clearer. For completeness I have found another URL that is immensly helpfull (http://home.tiscali.be/tim.vloeberghs/network/modem.html). Duncan s vermill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Duncan wrote: Hi I am busy studying for the CCNP Remote Access exam and am really stuck on the modem signalling bits. I think that the key to my problem is that I don't understand the definitions of a DCE DTE properly and how they relate to the EIA/TIA-232 cabling pinouts. (which for some unknown reason you must learn) I hate learning anything parrot fashion, I would rather understand it. I have looked through the archives and there are some pretty useful pointers but I am still not all the way there. Does any one have a comprehensive description that they can point me to, preferably with examples of set-ups and how it all relates to the OSI model. Thanks Duncan I forgot to address you question about how it all relates to the OSI model. I've always thought of specs such as 232, 422, etc. as being entirely physical-layer specs (max p-t-p voltage, impedance, connector body, etc). However, given the interaction that takes place over the signals that we just discussed, I suppose an argument could be made that there is some layer 2 taking place. To a limited extent, I guess you could say that there is some arbitration for the circuit taking place. I wonder if any of the group's big brains will weigh in on that... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60287t=60240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DTE/DCE [7:60240]
Hi I am busy studying for the CCNP Remote Access exam and am really stuck on the modem signalling bits. I think that the key to my problem is that I don't understand the definitions of a DCE DTE properly and how they relate to the EIA/TIA-232 cabling pinouts. (which for some unknown reason you must learn) I hate learning anything parrot fashion, I would rather understand it. I have looked through the archives and there are some pretty useful pointers but I am still not all the way there. Does any one have a comprehensive description that they can point me to, preferably with examples of set-ups and how it all relates to the OSI model. Thanks Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60240t=60240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS to FW1 VPN [7:59517]
Hi all I have set up a VPN between a Checkpoint FW1 (v4.1 sp3) and a Cisco 827. The tunnel installs correctly and I can connect from the FW1 subnet to the Cisco subnet but not the other way around. When I try to connect from the Cisco subnet I can see the packets enter the access list that defines the tunnel but I see no entry on the FW1 log. Conversely I see the logging fine when I connect from the FW1 subnet to the Cisco end. Is there anything that I am missing? I have included some debug from the Cisco router. Thanks Duncan Saltley-EM-827#sh crypto ip sa interface: Dialer1 Crypto map tag: Saltley, local addr. 195.137.x.x local ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0) current_peer: 194.201.x.x PERMIT, flags={origin_is_acl,} #pkts encaps: 74, #pkts encrypt: 74, #pkts digest 74 #pkts decaps: 38, #pkts decrypt: 38, #pkts verify 38 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x path mtu 1500, media mtu 1500 current outbound spi: 6B50AEB9 inbound esp sas: spi: 0x33A426D2(866395858) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Saltley sa timing: remaining key lifetime (k/sec): (4607996/3237) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x6B50AEB9(1800449721) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Saltley sa timing: remaining key lifetime (k/sec): (4607991/3237) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: local ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0) current_peer: 194.201.x.x PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x path mtu 1500, media mtu 1500 current outbound spi: 0 inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: Saltley-EM-827#sh crypto is sa dst src state conn-id slot 194.201.x.x 195.137.x.x QM_IDLE 5 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59517t=59517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 Study Materials [7:59113]
Are there any Study guides such as exam-cram for CSS1 exams? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59113t=59113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCRAN 640-505 [7:58871]
Having taken the original Remote Access exam and 640-605 with both books, there is a difference. Since I passed the 605 exam with the certification guide it can be done. It seemed to me the certification guide assumes you know remote access and you just want to brush up. It didn't really put a lot of effort into explaining things. I felt the 604 certification guide was much better. I did look at the 604 blue print and saw ATM was not on it so I skipped that chapter in the 604 book and there were no questions on ATM. I looked at the 605 blue print and I did not see the 700 on there and skipped that chapter and it was on the exam...go figure. -Original Message- From: Dion [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 6:34 AM To: [EMAIL PROTECTED] Subject: BCRAN 640-505 [7:58871] Would the CCNP remote Access exam certification guide for 640-505 by Brian Morgan and Craig Dennis be enough to pass the 640-605 exam? The book is kind of short compared to the BCRAN book. Thanks in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58971t=58871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP/DP recertification [7:58564]
Recert is made up of questions from all the exams. -Original Message- From: jeff sicuranza [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 04, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: CCNP/DP recertification [7:58564] Folks, I just received my 6 mos. heads up for my CCNP. My CCNP expires in May of 03 and my DP in June of 03. My second and hopefully last CCIE lab date is on for 7/30 but can be pushed out into September. Are there any re-certification books that specifically cover the recert. exam? Or, is the exam just a rehash of the same stuff with a few newer items in it? Has anyone taken these re-certifications exams yet? Any tips.. Greatly appreciated... With work and the CCIE stuff should I even bother to re-certify??? Regards... /JS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58609t=58564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP/DP recertification [7:58564]
CCIE does renew CCNP. -Original Message- From: Siddiqi Kenan [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: RE: CCNP/DP recertification [7:58564] Hi there, First of all, the questions for the re-cert exam are from all the 4 exams individual subject matter. Secondly, as far as my knowledge extends, CCNP and CCIE are 2 different tracks. In the sense that getting ur CCIE doesn't renew your CCNP certification. And if it expires, you lose the option of giving only the recertification exam. This information is to the best of my knowledge. I suggest confirm with www.cisco.com and please let us know if anything differs. Good luck with ur lab attempt/exams... Cheers, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58636t=58564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco routers and MRTG [7:56794]
Note that this is in bytes per second while most network speeds are specified in bits per second. This number specifies 100 megabits per second (100 Mbps) and is divided by 8 to get 12.5 megabytes per second (12.5 MBps). -Original Message- From: Firesox [mailto:sando2;attbi.com] Sent: Monday, November 04, 2002 7:29 AM To: [EMAIL PROTECTED] Subject: Cisco routers and MRTG [7:56794] Folks, I am using MRTG to pull cisco Router's snmp mibs. On ehternet interface the graph shows the max speed of 1250.0K which is only 1.25 meg and on Fastthernet is shows as 12.5 megs. I am wondering why they don't show 10 meg and 100 megs respectively and starting to suspect how accurate MRTG is. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56802t=56794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access list on dialer interface [7:56584]
Hi all I am having a strange problem with an access-list on a dialer interface. Although the access list is applied to the interface it does not seem to be denying the packets. specified. Is there something odd about access-lists on dialers that I have missed? Below us the config in question: interface Dialer2 description X ip address 10.252.248.1 255.255.255.252 ip access-group 101 in no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 900 dialer map ip 10.252.248.2 name XXX dialer load-threshold 20 either dialer-group 1 no peer default ip address no cdp enable ppp authentication ms-chap chap ! ! access-list 101 permit tcp any host 10.7.1.1 eq telnet access-list 101 deny ip any any log Any ideas? Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56584t=56584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access list on dialer interface [7:56584]
Pat I have discovered the reason, a little more complex that I first imagined. Isn't it always. The router was configured with Legacy DDR which meant that inbound calls where only using the first dialer. I changed it to use 'dialer pool-member x' on the PRI interface with 'dialer pool' in the dialers. There where a few little changes but this fixed the problem as the call was now coming into the correct interface (dialer2) and thus assigning the access list. Thanks for your help. Duncan Patrick Donlon wrote in message news:200210311232.MAA07738;groupstudy.com... Could be the direction of the traffic, your acl is applied to incoming traffic only, try outgoing instead cheers Pat Duncan wrote in message news:20021033.LAA31424;groupstudy.com... Hi all I am having a strange problem with an access-list on a dialer interface. Although the access list is applied to the interface it does not seem to be denying the packets. specified. Is there something odd about access-lists on dialers that I have missed? Below us the config in question: interface Dialer2 description X ip address 10.252.248.1 255.255.255.252 ip access-group 101 in no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 900 dialer map ip 10.252.248.2 name XXX dialer load-threshold 20 either dialer-group 1 no peer default ip address no cdp enable ppp authentication ms-chap chap ! ! access-list 101 permit tcp any host 10.7.1.1 eq telnet access-list 101 deny ip any any log Any ideas? Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56590t=56584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall Reporting [7:56596]
Guy I use a perl script that is well designed and free. It was originally designed for FW1 but I think that there is a Pix converter. Find it at http://www.ginini.com/software/fwlogsum/ Duncan Lupi, Guy wrote in message news:200210311450.OAA32379;groupstudy.com... I am looking for a firewall reporting package that can handle a large number of units for under 200 dollars per firewall per year, the reports will be generated from a standard syslog output from the firewalls. I really just need basic reporting functionality, like bandwith usage by IP address, bandwidth usage totals, and website hits. Does anyone know of a product other than WebTrends, they are really expensive. Guy H. Lupi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56597t=56596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows Load balancing [7:56244]
Has anyone had any experience in implementing Windows load balancing a server cluster ? I have always used hardware based load balancers so I am somewhat new to the MS flavor. I have a 2621 router and I am wondering if it is capable of the following. This is just some preliminary information gathering, so I thought I would throw it out to the group while I do my own research. What Windows 2000 Advanced Server says: If Network Load Balancing clients are accessing a cluster through a router when the cluster has been configured to operate in multicast mode, be sure that the router meets the following requirements: * Accepts an ARP reply that has one MAC address in the payload of the ARP structure but appears to arrive from a station with another MAC address, as judged by the Ethernet header * In multicast mode, accepts an ARP reply that has a multicast MAC address in the payload of the ARP structure This allows the router to map the cluster's primary IP address and other multihomed addresses to the corresponding MAC address. If your router does not meet these requirements, you can also create a static ARP entry in the router. Cisco routers require a static ARP entry because they do not support the resolution of unicast IP addresses to multicast MAC addresses . Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56244t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows Load balancing [7:56244]
I have been playing with them all for awhile now (F5, Alteon, Local Director, Etc.). I finally settled on Alteons products (I like the hardware based products). Unfortunately, I have a side contract, and they are concrete on using Windows Load balancing...Wait 'til they see the licensing on multiple Adv. Servers. I'll let you know how it turns out. As for the Alteon, Easy to setup and use and monitor. Good tech support too. Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: John Chang [mailto:johnec;umich.edu] Sent: Thursday, October 24, 2002 3:50 PM To: Duncan Wallace Subject: Re: Windows Load balancing [7:56244] I read through MS's info on it and I thought it was chatty and wouldn't want to put it on a separate network. Use 2 nics, 1 for load balancing chatter. What hardware load balancing device have you used and how well did it work and how much approximately? Any I should stay away from? Thanks! At 08:48 PM 10/24/2002 +, Duncan Wallace wrote: Has anyone had any experience in implementing Windows load balancing a server cluster ? I have always used hardware based load balancers so I am somewhat new to the MS flavor. I have a 2621 router and I am wondering if it is capable of the following. This is just some preliminary information gathering, so I thought I would throw it out to the group while I do my own research. What Windows 2000 Advanced Server says: If Network Load Balancing clients are accessing a cluster through a router when the cluster has been configured to operate in multicast mode, be sure that the router meets the following requirements: * Accepts an ARP reply that has one MAC address in the payload of the ARP structure but appears to arrive from a station with another MAC address, as judged by the Ethernet header * In multicast mode, accepts an ARP reply that has a multicast MAC address in the payload of the ARP structure This allows the router to map the cluster's primary IP address and other multihomed addresses to the corresponding MAC address. If your router does not meet these requirements, you can also create a static ARP entry in the router. Cisco routers require a static ARP entry because they do not support the resolution of unicast IP addresses to multicast MAC addresses . Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56253t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AAA in console [7:54282]
Ryan - This is a great link for that, and a great overall document to have... Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Thursday, September 26, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: AAA in console [7:54282] How can I configure authorization on the console port? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54287t=54282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Crash, any ideas? [7:52457]
Cache Error Exception This type of crash occurs when the router detects bad parity. It is either a transient problem, or a hardware failure. Refer to Processor Memory Parity Errors for troubleshooting. http://www.cisco.com/warp/public/122/crashes_pmpe.html -Original Message- From: Mark Hammontree [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 9:51 PM To: [EMAIL PROTECTED] Subject: Router Crash, any ideas? [7:52457] *** Cache Error Exception *** Cache Err Reg = 0xa0200118 data reference, primary cache, data field error , error not on SysAD Bus PC = 0xbfc0edc0, Cause = 0x8800, Status Reg = 0x34408007 Hello all, I have put together a nice lab to help prepare for my CCIE, plus my classroom lab. I have a Cisco 4700 M Router, and when it boots up the above message endlessly scrolls accross the screen. It seems that both of my 4700's are having this problem now. Does anyone have any clue as to what could be the problem? Thanks in advance for any advice. Mark Hammontree RS Lab Date April 2nd 2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52480t=52457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router IOS Upgrade bug in 12.1 images [7:52489]
Have you tried BOOT SYSTEM TFTP and then manually deleting the file? I had an old 2501 I had to do that on that had a 10.x image on it. Duncan -Original Message- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 01, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Router IOS Upgrade bug in 12.1 images [7:52489] I've done this before, and it's not like it's real tough, but. I am trying to upgrade my IOS images. Neither the Router Software Loader, not the good old copy tftp: flash: is working. RSL gives me some odd message the copy function never asks if I want to erase the current image on the flash - it just starts to copy, then stops, with a message that there is not enough rook on the destination device. sample output of my process: Router_7#copy tftp flash: NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] Address or name of remote host []? 192.168.1.49 Source filename []? c2500-js56i-l.121-5.T10.bin Destination filename [c2500-js56i-l.121-5.T10.bin]? %FR-5-DLCICHANGE: Interface Serial0 - DLCI 201 state changed to DELETED %FR-5-DLCICHANGE: Interface Serial0 - DLCI 202 state changed to DELETED %FLH: c2500-js56i-l.121-5.T10.bin from 192.168.1.49 to flash ... System flash directory: File Length Name/status 1 16294768 c2500-jos56i-l.121-11.bin [16294832 bytes used, 482384 available, 16777216 total] Accessing file 'c2500-js56i-l.121-5.T10.bin' on 192.168.1.49... Loading c2500-js56i-l.from 192.168.1.49 (via Ethernet0): ! [OK] %Error: Image size exceeds free space %FLH: Flash download failed F3: 16002988+291748+1049272 at 0x360 As you can see - no asking to erase. I suspect this is a problem with the particular image. I had no problem upgrading a different router with a different image. Unfortunately, just about all my routers have this identical image in place. Anyone seen this? got a fix? CCO searches have not been regarding. TAC won't talk to me even though I work for a major partner. Apparently my management made some procedural changes, and I can't locate anyone internally who can help me out. They apparently have lives :- thanks much -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment z Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52490t=52489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AAA Authentication [7:51668]
No problem, this will explain it(watch the wrap): http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt1/index.htm -Original Message- From: Robert D. Cluett To: [EMAIL PROTECTED] Sent: 8/19/02 4:29 PM Subject: AAA Authentication [7:51668] I am going to install some sort of accounting and privlidge managment on an access server. Essentially I want to restrict certain commands from being used and log the amount of time that a user has used the system. Is there a method or application that will best suit this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51676t=51668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: scariest IOS image name [7:51251]
How about xp9040.939 ... Enterasys code :) -Original Message- From: Neal Rauhauser [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: scariest IOS image name [7:51251] Yes, this is a real image that I downloaded for real work - can anyone top it? c1700-bk8no3r2sy7-mz.122-8.T5.bin -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51252t=51251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP support 640-606 [7:49837]
Although there aren't supposed to be any stupid questions, this type is very close. There isn't one test. There is a huge pool of questions and everyone's exam is different. The bonehead below that did not read the NDA may have had 4 appletalk and 6 IPX question but the next guy might not get any. You might get 10 drag and drops and 8 BGP questions. I've got an idea, read and understand the whole book and then take the test. Amazingly at that point it won't matter what type of questions they are asking. I know my ideas are radical but give it a shot. Duncan -Original Message- From: crow [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 28, 2002 8:04 AM To: [EMAIL PROTECTED] Subject: Re: CCNP support 640-606 [7:49837] hi sunsil!! i passed the 606 4 weeks ago with 958, no simulations, 4 appletalk and about 6 ipx questions, many troubleshooting scenarions including client connectivity. frame-relay and isdn too. 2 drag and drops. no bgp,eigrp or ospf questions. good luck crow sunil sunilindia schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is this the new version toug, I have no hand's on experence in trouble shooting, I am planning to write this monday CCNP support, how many questions will be on simulation , are they really tough? Thank you Sunil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49944t=49837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list for steaming audio [7:49817]
Be careful with this kind of thinking. More and more holes in IM are showing up everyday. If you let IRC on your network then you are asking for trouble. As for streaming audio, have you looked at the % of bandwidth they use? If you have a fairly utilized pipe or (like most companies) are paying for bandwidth then that is a consideration. Just my $0.02. Duncan -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 10:59 AM To: [EMAIL PROTECTED] Subject: Re: access-list for steaming audio [7:49817] I haven't been keeping up with NBAR, but they may have some pdm's to block the streaming audio apps. NBAR was built for stuff like that, but I don't feel there's a need to block this type of stuff. Same with IM. Let the users have some use of their PC and increase productivity. Spencer Plantier wrote in message news:[EMAIL PROTECTED]... Which ports need to be blocked for streaming video and audio. Thanks = Spencer Plantier Internet Solutions Engineer Cell 919-696-8848 __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49880t=49817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: All this talk about IDS.... [7:46690]
As for #3 all the info you need is at www.snort.org. -Original Message- From: Maximus To: [EMAIL PROTECTED] Sent: 6/15/02 12:16 PM Subject: All this talk about IDS [7:46690] I've decided to take the plunge. 1.Has anyone ever successfully installed Snort on a 2000 box? 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down Winpcap, but I did. 3.Either way I'm just a newbie to Snort(IDS) and can't find a down and dirty guide to get started... Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46698t=46690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone seen this? [7:45664]
My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45664t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone seen this? [7:45664]
No, the Whois shows it belonging to BBN planet. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:04 AM To: 'Maccubbin, Duncan'; [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] First question: Is 4.0.0.3 a valid address on your network? -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 9:01 AM To: [EMAIL PROTECTED] Subject: Anyone seen this? [7:45664] My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45675t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone seen this? [7:45664]
Host is just the name of the IDS location. Yes, it would have to generating inside my network and since I don't own that network it is being pushed out to the internet. Once it heads out to the internet the IDS sees it. Sadly, my network is fairly large and flat so I don't have many places I can catch it with an ACL. It is always the same address and it happens in bursts but not at the same times. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 12:05 PM To: [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] I can ping and trace to that address. 1654 ms48 ms48 ms l0.washdc3-cmb1.bbnplanet.net [4.0.0.3] What is the meaning of the Host: in your IDS output? It would seem that the true source of the packet would be within your own network. - Else how would it get there? Again, it would seem to be local to the IDS or from a location that had a default route to the IDS location. Can you set up access-lists on various router ports that would log traffic with those addresses? I'm assuming that it is the same ip address each time. -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 10:12 AM To: [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] No, the Whois shows it belonging to BBN planet. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:04 AM To: 'Maccubbin, Duncan'; [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] First question: Is 4.0.0.3 a valid address on your network? -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 9:01 AM To: [EMAIL PROTECTED] Subject: Anyone seen this? [7:45664] My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45678t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS and boson [7:45499]
1 -Original Message- From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 12:50 AM To: [EMAIL PROTECTED] Subject: MCNS and boson [7:45499] Can anybody tell me which boson exam is the best out of 3 test exams available regarding MCNS??? I am gonna purchase any one of the 3 and i m confused, can anybody help? Shoaib __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45512t=45499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 2 Test Tool [7:43484]
Not sure what equipment you are using but starting with CAT OS 6.1: Layer 2 Traceroute The Layer 2 Traceroute utility allows you to identify the physical path that a packet will take when going from a source to a destination. The Layer 2 Traceroute utility determines the path by looking at the forwarding engine tables of the switches in the path. -Original Message- From: Lowell Sharrah [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: Re: Layer 2 Test Tool [7:43484] cisco's CDP but you must have all cisco devices for this to work. Seelinger Bruce 05/07/02 08:40AM Does anyone know of a layer 2 connectivity test tool - something the equivalent of a MAC address based ping tool, (yes - I know that ping uses ICMP at layer 3, but you get the idea). Basically, have a bridged network where we want to perform a simple test to see if certain MAC filters are working appropriately. Need to probe a target node based on it's MAC address and see if it responds. Searched the net pretty extensively but no luck. Any ideas? Thanks in advance for the help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43504t=43484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Intusion Detection and IT Security [7:40337]
I've learned quite a bit reading various security sites like cert.org, sans.org and securityfocus.com. The Ciscopress book Managing Cisco Network Security isn't bad if you don't mind looking at it as the world according to Cisco. Learning what IDS machines (snort.org, the Dragon website at enterasys...)look for is a good tool as well. You can even download shareware IDS systems to see what they do. You will get the best and fastest training when you have to stop a DDoS attack at 2 am one night though :). Duncan -Original Message- From: [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: Intusion Detection and IT Security [7:40337] Does anyone have a suggestion on good books for learning about Intrusion Detection and IT Security for a beginner? The books don't necesarily have to be Cisco based, but more on the basics of Intrusion Detection and IT Security concepts and tools used. Thanks in advance _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40342t=40337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX commands help [7:39558]
Wouldn't syslog answer all of his issues? -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 1:56 PM To: [EMAIL PROTECTED] Subject: RE: PIX commands help [7:39558] As I can see that the first question has already been answered, so let me answer the next two. show conn This command shows active connections. http server enable http 172.16.1.1 255.255.255.255 These two commands enable the http server and allows only workstation 172.16.1.1 to access it. When running PDM, you're accessing the http server in the PIX, so by restricting the http access, you're automatically restricting the PDM access. HTH, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: John Green [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:13 AM To: [EMAIL PROTECTED] Subject: PIX commands help PIX questions how to find the time/date when the config file was last modified. (to find if any one else has tampered with it) how to find who is telnetted into the pix or who is using the PDM into the pix how to configure a particular IP address to be allowed to manage pix via the PDM and no one else is allowed __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39562t=39558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7204 vxr bootflash [7:38777]
Another issue is that Cisco has several images out there that are too big for the bootflash: directory. If you want them to fit they need to be about 2.9MB or less. Duncan -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 10:34 AM To: [EMAIL PROTECTED] Subject: Re: 7204 vxr bootflash [7:38777] Not all the images have a parallel boot image. I just try and insure that the boot image is current enough to recognize all the PA's so that if you end up in boot mode you'll have a chance to access the router and download new IOS in necessary. Dave Patrick Donlon wrote: Whoops just read my post, I meant to say bootflash not bootrom Cheers -- email me on : [EMAIL PROTECTED] Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All just wondered if anyone knows where I can find some information about boot rom versions. I'm looking at loading an image of IOS on a new 7204 and I'd like to know what version I should use for the boot rom cheers Pat -- email me on : [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38809t=38777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
For that small of a network SNORT would be fine and it costs quite a bit less. -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:32 AM To: [EMAIL PROTECTED] Subject: Should I buy IDS ? [7:36053] I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36055t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kazaa / morpheus blocking / rate-limiting [7:34529]
Those are some bandwidth hogs. I knocked down incoming/outgoing traffic on 1214 and used a sniffer to catch the internal offenders. Keep in mind you will probably have GNUTella running around as well which opens a port on the PC. If you do a port scan on the PC in question you will see the GNUTella port open. GNUTella is a bandwidth hog too. -Original Message- From: bergenpeak To: [EMAIL PROTECTED] Sent: 2/5/02 5:13 PM Subject: kazaa / morpheus blocking / rate-limiting [7:34529] Hi, Wondering if anyone has been using ACLs to block or rate-limit Kazaa/Morpheus traffic. I'd be interested in how well this worked. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34562t=34529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN simulator [7:33841]
Hi Brad I'm responding publicly because that's what you do all the time. I can't believe how two faced someone can be. They say everything will come out in the wash and I hope it does. I had good response from the previous email because people are beginning to doubt. I don't want to be funny but the term used car salesman comes to mind. Please note that I am not a competitor of Network Learning, Optsys or CCbootcamp. I know Brad that your business interests are hidden in Group studies like this one and that image is very important, well let me remind you that storm is approaching. I'm not aware of other competitors using fake email accounts because there are none and I have only witnessed under-handed tactics coming from one well known source on this list. By the way what does publically mean. If you can't do the time then don't do the crime. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Ellis Sent: 01 February 2002 18:48 To: [EMAIL PROTECTED] Subject: Re: ISDN simulator [7:33841] Duncan, Hi! Actually, we have never offered Rik ANY form of compensation. Rik has just been one of many happy customers of ours. While other competitors of ours use yahoo accounts, fake email accounts, post spam, etc, we always post using our real names and dont use any under-handed tactics. When there are questions about our products or services, we answer them. I call that customer service, not shameless plugs. It's interesting that you work with Capewave, a competitor of ours, and that you are badmouthing us. Im not sure that PDS would approve of your post but we'll copy Paul F. (at PDS) on it and see what he says. This thread has really gone off on a tangent, if you wish to respond, please email me offlist, as I will not respond publically to any future responses to this post/email. Or feel free to call me, 248-299-7789. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] Duncan Stuart wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How much are you getting paid to be brad's personal PR man. Why don't you reply to individuals instead of replying to the whole group. By the way your preferred vendor is not quite as squeaky clean as you would think and like the rest of us to think. These guys actually employed some extremely unprofessional business ethics to bring you this simulator. I can tell you exactly how much they buy the product for and just how badly they are ripping you off. Cheers and best wishes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rik Guyler Sent: Friday, February 01, 2002 2:11 AM To: [EMAIL PROTECTED] Subject: RE: ISDN simulator [7:33841] Shameless plug? Absolutely! No shame in how Brad does business. :-} Maybe he does have a financial interest but who cares? I have learned over the years to listen to him...he is usually right. His simulator is as inexpensive as you will find and I know he wouldn't offer it if it didn't do the job just fine. I have no financial interest here. I'm just a very satisfied customer standing up for my preferred vendor! Rik -Original Message- From: c1sc0k1d [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 4:41 PM To: [EMAIL PROTECTED] Subject: Re: ISDN simulator [7:33841] Of course Brad forgot to mention he has a financial interest in his recommendation as he is affiliated with the company so his recommendation is not without bias. Here's some of your options. I'll leave out his as he already made a shameless plug. ISDN emulator on the NET http://208.1.40.80/ica/isdnsim.nsf www.brooktrout.com/pages/product_info/pi_data_wan/pdf/multiport.pdf www.diem.com/BT90001.htm http://www.tele-products.com/ http://www.arca-technologies.com/solohome.html http://www.conway-engineering.com/ 5105307682 http://www.acacia-net.com/ http://www.taskit.com/ http://www.monitor.co.at/monitor/498/story/isdnsim.html http://www.digitechinc.com http://www.ertmsales.com/products/search/viewcart.cfm?Page=1QtyNA= Brad Ellis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ronald, If you want the lowest price simulator available, you should go with the simline2. It has S/T interfaces so it goes nicely with 2503s, 2504s, etc. Paul B. (the owner of groupstudy) also bought one of these for his home lab. I believe he posted about it somewhere. Check the archives: www.groupstudy.com If you want more detailed information on the simline2 you can visit www.cheapisdn.com thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc Ronald James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... just wondering anybody knows which isdn simulator is best for home lab in terms of functionalities and pricing? hope this is not violating nda, but very inte
RE: ISDN simulator [7:33841]
How much are you getting paid to be brad's personal PR man. Why don't you reply to individuals instead of replying to the whole group. By the way your preferred vendor is not quite as squeaky clean as you would think and like the rest of us to think. These guys actually employed some extremely unprofessional business ethics to bring you this simulator. I can tell you exactly how much they buy the product for and just how badly they are ripping you off. Cheers and best wishes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rik Guyler Sent: Friday, February 01, 2002 2:11 AM To: [EMAIL PROTECTED] Subject: RE: ISDN simulator [7:33841] Shameless plug? Absolutely! No shame in how Brad does business. :-} Maybe he does have a financial interest but who cares? I have learned over the years to listen to him...he is usually right. His simulator is as inexpensive as you will find and I know he wouldn't offer it if it didn't do the job just fine. I have no financial interest here. I'm just a very satisfied customer standing up for my preferred vendor! Rik -Original Message- From: c1sc0k1d [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 4:41 PM To: [EMAIL PROTECTED] Subject: Re: ISDN simulator [7:33841] Of course Brad forgot to mention he has a financial interest in his recommendation as he is affiliated with the company so his recommendation is not without bias. Here's some of your options. I'll leave out his as he already made a shameless plug. ISDN emulator on the NET http://208.1.40.80/ica/isdnsim.nsf www.brooktrout.com/pages/product_info/pi_data_wan/pdf/multiport.pdf www.diem.com/BT90001.htm http://www.tele-products.com/ http://www.arca-technologies.com/solohome.html http://www.conway-engineering.com/ 5105307682 http://www.acacia-net.com/ http://www.taskit.com/ http://www.monitor.co.at/monitor/498/story/isdnsim.html http://www.digitechinc.com http://www.ertmsales.com/products/search/viewcart.cfm?Page=1QtyNA= Brad Ellis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ronald, If you want the lowest price simulator available, you should go with the simline2. It has S/T interfaces so it goes nicely with 2503s, 2504s, etc. Paul B. (the owner of groupstudy) also bought one of these for his home lab. I believe he posted about it somewhere. Check the archives: www.groupstudy.com If you want more detailed information on the simline2 you can visit www.cheapisdn.com thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc Ronald James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... just wondering anybody knows which isdn simulator is best for home lab in terms of functionalities and pricing? hope this is not violating nda, but very interest to see whether real ccie lab use isdn simulator or isdn lines?? if it's a simulator, which brand? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34025t=33841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Used Ports [7:32427]
Does anyone know of a site that has a list of what ports various programs use? I'm not taking about the port assignment lists like the one at iana.org. I want a list that tells me what ports AIM, MSN, Quakeuse. iana says port 1471 is for csdmbase, what the heck is that? Anyhow, any help is appreciated. Thanks, Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32427t=32427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NTP Question [7:29770]
Can use both: ntp 123/tcpNetwork Time Protocol ntp 123/udpNetwork Time Protocol -Original Message- From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: NTP Question [7:29770] A friend of mine was doing a PIX installation on the edge of a W2K environment. He was trying to allow NTP through the PIX but it would not go. He found that, since he was using an inbound ACL, the packet would eventually reach the explicit deny. According to his research, he had to allow port 123 (NTP) in his ACL in able to allow it through the firewall, even though it was established. The question that has since been unanswered: Does NTP use UDP or TCP or both? Any ideas? ccie1ab (chuck) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29775t=29770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to change the serial port IP of remote end [7:28665]
You could also TFTP up and new config with the changed IP address or if you have Cisco Works or some other SNMP enabled product you could use that to change it. -Original Message- From: Debbie Westall [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 8:59 AM To: [EMAIL PROTECTED] Subject: Re: how to change the serial port IP of remote end [7:28665] Rajneesh, You have two choices that I'm familiar with: 1. Using out-of-bound management, dial in to the router on the remote end and change the IP addres. Than change the host end. or 2. If you dont have a modem on the router at the remote end, telnet into the remote end of the router, change the IP addresss. You will lose connectivity to that remote immediately. Then change the IP on the host end. This is very risky, if you fat finger the IP on the remote end you will not have any connectivity at all, without power cycling the router. Good Luck Debbie Westall --- Rajneesh Yadav wrote: Hi all, I want to change serial IP of my both the router one is placed in UK.so my question is,can i change it remotely and how its possible.please if anyboby can help me out. Regards Rajneesh [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28672t=28665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: # of VLANs [7:28425]
I have to disagree here. We had a fairly loaded 7200 fail due to having too many sub-interfaces. I dug around on Cisco's site and found a document that broke down the amount of memory each sub-interface used. (no, I can't find it now) We actually got quite a few more than they had it rated for but there are memory concerns all the same. If your 2600 doesn't have a lot of memory it will be limited. How many sub-interfaces you talking about? How much memory does the box have? You may want to consult Cisco if you are going over 50 or so. Just my $0.02. Duncan -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 2:00 PM To: [EMAIL PROTECTED] Subject: Re: # of VLANs [7:28425] I take part of that back, there is an IDB limit but I'm sure your not looking at serveral hundred subinterfaces are you?!? dave NetEng wrote: How many sub-interfaces can I create for VLAN routing on a router, lets say a 2600 series? I can't find anything at cisco. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28447t=28425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 boot-image [7:25866]
7200 boot images are a tricky thing. I'm not sure of your wording below but the boot image is for the router to boot off of. After the router boots of off the boot image then it loads the main IOS image. The big thing I look for is if the boot image supports all the cards that are in the router. That way if the main image fails I know all the cards will work. Make sure you get an image taht fits in the boot directory (4mb) as Cisco desided to make several images that won't fit in there when they expand. You can still use those images but you will have to put them in the main flash area and use a boot system command. No, you don't have to have the boot image and main image being the same version. I'm sure if you search Cisco's website under 7200 boot image you will find all the info you need. Duncan -Original Message- From: JP To: [EMAIL PROTECTED] Sent: 11/11/01 9:12 PM Subject: 7206 boot-image [7:25866] All, I know the boot-image of 7206's onboard flash memory is a backup in case the primary IOS on flash cards fails. It only includes software to configure basic IP information. If this is right, I think I can just upgrade the IOS on the flash card, as the boot-image should basically be same. I noticed that there is a boot-image for each IOS, I assume we do not make them match each other, is this right? Thanks JP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25940t=25866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network monitoring tools [7:19597]
Hi People, Can anyone recommend a network monitoring tool that also provides a good reporting facility. Most of the monitored technology is Cisco. regards Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19597t=19597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ios features [7:12945]
-Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: ios features [7:12945] Does anyone remember the link that allows you to search for a IOS version based on a feature, say DHCP. Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12946t=12945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on Cat5k [7:12836]
The WS-X5010 will not do ISL. The WS-X5213A is what you are after. It is 12 ports 10/100 with ISL support. -Original Message- From: Munoz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 1:29 PM To: [EMAIL PROTECTED] Subject: Question on Cat5k [7:12836] I am looking to purchase a Catalyst switch for my department to play with. I have found the deal from Optsys with Cat5k Sup1 and WS-X5010 Blade but am wondering about the capabilities of the switch.. Apparently the WS-X5010 is 24pt 10MBS as mentioned to me by Brad.. Assuming that I have a router with FastEthernet capabilities to run ISL, would the switch be able to handle this since the blade is not able to run 100mbs? I just want to make a good purchase for our lab.. At this time, we do not have any catalyst equipment. Thanks all for your help! Mike Munoz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12843t=12836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on Cat5k - The answer [7:12847]
No confusion, he asked about the 10mbps ports. They couldn't do what he asked. I told him which blade did. Yes, he can trunk through the Sup port. He needs to makes sure they are TX and not FX though...unless his router has FX. -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 2:15 PM To: [EMAIL PROTECTED] Subject: FW: Question on Cat5k - The answer [7:12847] I think there is some confusion here. The sup module has 100mbps ports, so you hook up the hosts to the 10mbps ports and the trunking port comes off the sup. Works great... --- Dennis -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 10:56 AM To: [EMAIL PROTECTED] Subject: RE: Question on Cat5k [7:12836] The WS-X5010 will not do ISL. The WS-X5213A is what you are after. It is 12 ports 10/100 with ISL support. -Original Message- From: Munoz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 1:29 PM To: [EMAIL PROTECTED] Subject: Question on Cat5k [7:12836] I am looking to purchase a Catalyst switch for my department to play with. I have found the deal from Optsys with Cat5k Sup1 and WS-X5010 Blade but am wondering about the capabilities of the switch.. Apparently the WS-X5010 is 24pt 10MBS as mentioned to me by Brad.. Assuming that I have a router with FastEthernet capabilities to run ISL, would the switch be able to handle this since the blade is not able to run 100mbs? I just want to make a good purchase for our lab.. At this time, we do not have any catalyst equipment. Thanks all for your help! Mike Munoz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12850t=12847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Insight [7:11803]
I disagree. I've run into many recruiters and HR people that knew they needed a CCNA and did not know what a CCNP is. If you are looking for a job you should put them all down so you don't get weeded out. Now he needs to get the CCIE Written cert :). Duncan -Original Message- From: Dennis H [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:02 AM To: [EMAIL PROTECTED] Subject: Re: Insight [7:11803] You don't need to mention CCNA when you reference being CCNP it's implied as you must pass CCNA to become CCNP. If you reference them both it appears like you're only focused on certs and probably lacking experience. men u wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... CCNP,CCNA,MCSE Looking for work in Montgomery, Alabama over 6 yrs exp in field. Any help will be appreciated. Resume upon request. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11916t=11803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is it really worth it? CCIE [7:5725]
Question, Is it the experts that kill networks in real life? (probably) When does it become worth it?... How about the period (today) where companies are paying vast amounts of money for CCIE's to be part of their network team. That's when it becomes worth it. If you are good enough then prove it, 2 days out of your life to do a lab test is not a long time. I spent a little more than 7 years of my life at university doing a PHD in Physics but was unable to get a job so went into IT (was all that education worth it), some might argue that it was. Certifications will always exist and if it sells then you got to have one. I believe in the contracting market it is important to combine the experience with recognised certification. = Original Message From Robert Padjen = Chuck - I always enjoy the positions you present. You are correct, although I am concerned with the posture that a CCIE is an expert-regardless of the title on the certification. My issue is that an expert would know better than to create a small network with OSPF, RIP, BGP, EIGRP and IGRP, while then killing themselves to fix it. In the same vain, a test, and success on that test, would at best show mastery of the materials on that test. The hard and soft skills needed to be an expert in this field are well beyond any certification exam. For example, I work as an expert witness in legal matters. I carry the title 'expert' as I am knowledgeable, certified, published and practiced in the area of expertise. Even with all this, I need to learn and integrate legal concepts and technical ones in order to do the job well. My perception of the CCIE (and other certs) is that many networkers feel that its a one-time deal. I got a 840/1000 - I'm hot *$@. ;) This is the construct that bothers me the most. In the absence of a better alternative it's what we have, but it still concerns me and I think as an industry we can do better. --- Chuck Larrieu wrote: As someone who has devoted a bit of time and more than a couple of dollars pursuing certification, and as someone who has failed one lab attempt, and as someone who collects good advice from CCIE's and others, I can no longer resist opening my big mouth on this. The CCIE Lab exam is a test. Nothing more. Nothing less. It has nothing to do with good practice. It has nothing to do with real world. Consider: Cisco wants you to be able to redistribute between any two protocols. How do you test this, given the constraints of the lab? Cisco wants you to understand routing protocol behaviour. How do you test that? Do bizarre redistribution requirements and constraints provide just such a means? Cisco wants you to understand the implications of NMBA on Cisco routers. How do you test that? Cisco wants you to understand how OSPF works? How do you test that, particularly in conjunction with NMBA? Cisco wants you to understand how routing works. How do you test a candidate's real understanding if you can fake your way through by using static routes? Cisco wants you to understand a number of alternative solutions to a number of problems. So they create scenarios which require a number of __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- The Totalise Email system, probably the most flexible email system in the world. To register for an account goto http://www.totalise.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6116t=5725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router as TFTP Server [7:5426]
You may want to put in a static to where you want to go until you are done with the upgrade. Duncan -Original Message- From: Kelly D Griffin [mailto:[EMAIL PROTECTED]] Sent: 22 May 2001 14:24 To: [EMAIL PROTECTED] Subject: Router as TFTP Server [7:5426] I have configured a 2500 as a tftp server and have it connected via a WAN link in my lab to another 2500. I can ping across the circuit in both directions, but when I attempt a tftp transfer I get this: R2#copy tftp flash NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] System flash directory: File Length Name/status 1 6418792 igs-j-l.110-13 [6418856 bytes used, 1969752 available, 8388608 total] Address or name of remote host [1.1.1.1]? 1.1.1.1 Source file name? c2500-d-l.120-9.bin Destination file name [c2500-d-l.120-9.bin]? Accessing file 'c2500-d-l.120-9.bin' on 1.1.1.1... Loading c2500-d-l.120-9.bin from 1.1.1.1 (via Serial0): ! [OK] Erase flash device before writing? [confirm] Flash contains files. Are you sure you want to erase? [confirm] Copy 'c2500-d-l.120-9.bin' from server as 'c2500-d-l.120-9.bin' into Flash WITH erase? [yes/no]yes %SYS-5-RELOAD: Reload requested %FLH: c2500-d-l.120-9.bin from 1.1.1.1 to flash ... System flash directory: File Length Name/status 1 6418792 igs-j-l.110-13 [6418856 bytes used, 1969752 available, 8388608 total] Accessing file 'c2500-d-l.120-9.bin' on 1.1.1.1... Loading c2500-d-l.120-9.bin ... [timed out] [failed] I can ping across the circuit from the tftp server router while the timeouts are occurring. The 1.1.1.1 address is the address of Loopback0 on R1. I am running EIGRP for routing and do not have a default route statement in either router. Any ideas? Kelly D Griffin, CCNA, CCDA Network Engineer Kg2 Network Design 877.418.4025 http://www.kg2.com http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5437t=5426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Congrats [7:4044]
I had heard of a Vietnamese couple where the husband got the CCIE and then taught his wife and she got it too. Could have been the other way around too :). Duncan -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 2:41 PM To: [EMAIL PROTECTED] Subject: RE: Congrats [7:4044] There is a Vietnamese CCIE working as a SE for Cisco in the Northern Virginia area. Her husband is also a CCIE. I do not know if he is Vietnamese. Good luck in your studies. -Original Message- From: Frank Kim [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: Congrats [7:4044] I'm proud of you. Go Vietnamese! I'm taking my lab this November also. I hope I will be the second Vietnamese person who will send out such good news to the group. -Frank On Thu, 10 May 2001, DUNG H. LE wrote: May 7-8, 2001 - RTP Lab facility This was attempt 2. I changed my study habits from attempt 1, and therefore testing technique, for my attempt 2 (you perform like you practice..right?). It paid off. The change was to monotonously ping every interface IP / IPX address from every router. I made a list of the addresses and ran through all of them from every router. I believe this lack of attention to detail is what did me in on attempt one. Time management was key. If I didn't know the config off the top of my head, I skipped it. This allowed me to complete the entire day 1 portion 3 hours early. I had 4 areas that I needed to think about, so I saved them for last. I methodically approached each of the 4 areas, knocked out each requirement, and had 1 hour left to do the testing above. My strategy was that no matter what, I would take the last hour to test thoroughly, I just happened to get my 4 items done. Day 2 was the same way...although only 3 hours for the first part, I still had 45 minutes to test it all. Troubleshooting was by far the most nerve-racking experience. I had a trouble ticket list and was told to find as many problems as I could and document/fix them (one liners). Unexpectedly I had to troubleshoot a different network than the one I had spent a day and a half configuring. 3 hours was the time limit to learn a new topology, IP scheme, protocol intent, and then fix as much as possible. I don't feel like I was ready for this, and must have just kept calm enough to manage it. The waiting is a nerve killer. You wait before the lab starts about an hour for everything and everyone to get ready. You wait all night long for status on day 1's score. You wait after day 2 build out...1.5 hours for me to find out if you made it to troubleshooting. Then you wait while they add up the points and spit a number out of the computer or not. Howard was the best!!! Comic relief goes a long way to ease my stress, and he delivered. I was very comfortable in the RTP environment. Study material used / frequency: Caslow 2nd edition - read it cover to cover once. Ccbootcamp labs - practiced daily (almost and minus weekends) for 4 months 4-6 hours per day on a rack of equipment that was very similar to the real thing. I was very comfortable with what was required of me for day 1 and 2 build out. In retrospect I would have practiced a bit more on troubleshooting. I was not comfortable with this at all and could have used some familiarity with strategy and tactic on this part. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4055t=4044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quality Labs
I am looking for some quality labs to practice with. Perhaps someone who has taken the CCIE lab recently can comment on some prep labs they have used that they thought were good. I'd rather not buy 10 bad practice labs to get one good one. Duncan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP !
Muhammed, A 1600 will support BGP4 in the IP PLUS feature set. I have the IOS version, IOS name and most of them have the memory needs inside the parenthesis. Here they are, good luck. Duncan 12.1(7) c1600-sy-l.12.1-7 (4/12) c1600-sy-mz.12.1-7 (N. A./4) 12.1(6) c1600-sy-l.12.1-6 (4/12) c1600-sy-mz.12.1-6 (N. A./4) 12.1(5) c1600-sy-l.12.1-5 (4/12) c1600-sy-mz.12.1-5 (N. A./4) 12.1(5)T c1600-sy-l.12.1-5.T (4/12) c1600-sy-mz.12.1-5.T (N. A./6) 12.1(5)T4 c1600-sy-l.12.1-5.T4 (N. A./) c1600-sy-mz.12.1-5.T4 (N. A./) 12.1(4) c1600-sy-l.12.1-4 (4/12) c1600-sy-mz.12.1-4 (N. A./4) 12.1(3) c1600-sy-l.12.1-3 (4/12) c1600-sy-mz.12.1-3 (N. A./4) 12.1(3)T c1600-sy-l.12.1-3.T (4/12) c1600-sy-mz.12.1-3.T (N. A./6) 12.1(2) c1600-sy-l.12.1-2 (4/12) c1600-sy-mz.12.1-2 (N. A./4) 12.1(2)T c1600-sy-l.12.1-2.T (4/12) c1600-sy-mz.12.1-2.T (N. A./6) 12.1(1) c1600-sy-l.12.1-1 (4/12) c1600-sy-mz.12.1-1 (N. A./4) 12.1(1)T c1600-sy-l.12.1-1.T (4/12) c1600-sy-mz.12.1-1.T (N. A./6) 12.0(9) c1600-sy-l.12.0-9 (4/8) c1600-sy-mz.12.0-9 (N. A./4) 12.0(8) c1600-sy-l.12.0-8 (4/8) c1600-sy-mz.12.0-8 (N. A./4) 12.0(7) c1600-sy-l.12.0-7 (4/8) c1600-sy-mz.12.0-7 (N. A./4) 12.0(7)T c1600-sy-l.12.0-7.T (4/8) c1600-sy-mz.12.0-7.T (N. A./4) 12.0(6a) c1600-sy-l.12.0-6a (N. A./) c1600-sy-mz.12.0-6a (N. A./) 12.0(6) c1600-sy-l.12.0-6 (4/8) c1600-sy-mz.12.0-6 (N. A./4) 12.0(5) c1600-sy-l.12.0-5 (4/8) c1600-sy-mz.12.0-5 (N. A./4) 12.0(5)T c1600-sy-l.12.0-5.T (4/8) c1600-sy-mz.12.0-5.T (N. A./4) 12.0(4) c1600-sy-l.12.0-4 (4/8) c1600-sy-mz.12.0-4 (N. A./4) 12.0(4)T c1600-sy-l.12.0-4.T (4/8) c1600-sy-mz.12.0-4.T (N. A./4) 12.0(3b) c1600-sy-l.12.0-3b (4/8) c1600-sy-mz.12.0-3b (N. A./4) 12.0(3) c1600-sy-l.12.0-3 (4/8) c1600-sy-mz.12.0-3 (N. A./4) 12.0(3)T c1600-sy-l.12.0-3.T (4/8) c1600-sy-mz.12.0-3.T (N. A./4) 12.0(3)T2 c1600-sy-l.12.0-3.T2 (N. A./) c1600-sy-mz.12.0-3.T2 (N. A./) 12.0(14) c1600-sy-l.12.0-14 (4/8) c1600-sy-mz.12.0-14 (N. A./4) 12.0(13) c1600-sy-l.12.0-13 (4/8) c1600-sy-mz.12.0-13 (N. A./4) 12.0(12) c1600-sy-l.12.0-12 (4/8) c1600-sy-mz.12.0-12 (N. A./4) 12.0(11) c1600-sy-l.12.0-11 (4/8) c1600-sy-mz.12.0-11 (N. A./4) 12.0(10) c1600-sy-l.12.0-10 (4/8) c1600-sy-mz.12.0-10 (N. A./4) -Original Message- From: Muhammed Khalilullah [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 11, 2001 9:51 PM To: [EMAIL PROTECTED] Subject: BGP ! Hi All, I just wanna know if 1600 routers support BGP. If yes, then which IOS version and what are the memory requirements. I've heard that BGP is rather a platform dependent routing protocol. Is this true? I've tried 12.0 IP and IP/PLUS versions and it says 'Unknown Routing Protocol' in response to the command 'Router BGP xxx' : Thanks in advance, Muhammad Khalilullah CCNP, MCSE __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccbootcamp
Duncan -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, February 26, 2001 1:40 PM To: [EMAIL PROTECTED] Subject: Re: ccbootcamp I used the nantech.com CCIE prep labs over the last week, and they seem closest to the real thing. The big advantage they have over the ccbootcamp labs is the way they are worded...The wording makes you think of the appropriate solution for any given task, as opposed to just asking you to configure specific features. Arinze Your observation about the wording is fascinating. I may be involved in setting up a commercial remote lab service, and, in any case, supervise scenario development for CertificationZone. The problem you are describing also applies to practice exam development as well as lab practice. It is my impression that the CCIE lab, at least, really does focus on specific features rather than best solution -- I'm thinking of comments I've heard such as static routes being forbidden in many scenarios. Such a focus does make sense, in a way, for Cisco -- it's easier to train proctors to evaluate more constrained solutions. But my own feeling is that scenarios that make you think about solutions are better from an educational standpoint -- definitely for real-world preparation, and secondarily for exam preparation. What's the feeling of people on this list? Do you prefer scenarios that mimic the lab as closely as possible (without violating NDA), scenarios that exercise problem analysis, or a mixture of the two with clear identification of the scenario designer's intention? Am I representing the lab reality correctly? From: "sparkest pig" [EMAIL PROTECTED] Reply-To: "sparkest pig" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ccbootcamp Date: Sat, 24 Feb 2001 03:00:52 I just wonder that how close is the ccbootcamp to the real exam? i am planning to write the lab exam and hope to get some lab practise. i heard that lab 8 of the ccbootcamp is very challenging and is a good representation of the real lab exam. How about other lab of the ccbootcamp? And besides ccbootcamp, where can I get labs that are equally (or more) challeging? Is fatkid also very challenging? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF command
network 192.168.100.0 0.0.0.255 area 0.0.0.1 Will the router take the 0.0.0.1 as area 1? Is there a good reason to do this? Thanks in advance, Duncan Maccubbin Senior Network Engineer - ICS LLC CCNA, CCNP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP CCIE
managing it and not working in the field. He has lost touch with the technology and feels he can't pass the test. He isn't that concerned about it. I can't see the sense in letting it lapse but I see it as one less CCIE out there when I get mine. -Original Message- From: Fowler, Joey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 23, 2001 10:18 AM To: [EMAIL PROTECTED] Subject: RE: CCNP CCIE I thought it was notable, that 315 CCIE's have let there certification expire for over one year. If you went through all the work to get it, why would you let it lapse... -Original Message- From: J Roysdon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 6:35 PM To: [EMAIL PROTECTED] Subject: Re: CCNP CCIE I don't know that the carrier certs are published anywhere publicly accessible. CCIE is updated regularly: http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_present.html 5278 CCIEs currently _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth Monitoing tool
Any ideas on Bandwidth billing. We have multiple projects who don't want to pay for bandwidth if they are not using it. I think its called consumption based billing. Original Message From "William Gragido" [EMAIL PROTECTED] = Well Arvind, I would reprobate if I did not point out the fact that VitalSuite (which is the industry leader in Performance Managent Tools over 40% and is also where the QIP product can found to boot!), is an excellent tool for managing bandwidth, monitoring SLAs, etc. Have you checked it out yet? If not here is a link that you and the group may find interesting: http://www.lucentnps.com/software/ Take a look and see if this is something you are interested in, I would be curious to get your opinion on it as the entire groups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Yadav, Arvind K (CAP, GECIS) Sent: Monday, December 18, 2000 8:57 PM To: [EMAIL PROTECTED] Subject: Bandwidth Monitoing tool Importance: High Anybody is having a idea, which one is the best tool for WAN bandwidth monitoring tool on basis of how much bandwidth utilise by an application, perticular protocol, and User or group of users. Thanks in advance Arvind _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Totalise - the Users ISP -- To become a member and a shareholder visit http://www.totalise.net --- "Tired of paying inflated UK prices!! Get a better deal on your new car visit http://www.eurekar.com" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: % Warning: cannot change link type
then tried to delete it and bring it back up as a point-to-point. You will get this error with 11.x IOS. Delete the interface and restart the router. That should enable you to change the frame type to multipoint. Good luck, Duncan -Original Message- From: les flack [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 13, 2000 8:56 AM To: [EMAIL PROTECTED] Subject: % Warning: cannot change link type Help, I have a 3600 @ 11.3 which is running as a frame switch on some ports and I am trying to configure some of the other ports as routed point-to-point sub-ints. But when configuring the second sub int I get the following. frsw1(config)#int s0/0.1 point-to-point frsw1(config-subif)#exit frsw1(config)#int s0/0.2 point-to-point % Warning: cannot change link type Which results in the following configuration interface Serial0/0 no ip address no ip mroute-cache encapsulation frame-relay ! interface Serial0/0.1 point-to-point no arp frame-relay ! interface Serial0/0.2 multipoint no arp frame-relay Any ideas? Les _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Your comments please
I have it. It is fairly simple. I did the whole thing in about an hour. I didn't think it was worth the $200. -Original Message- From: Marshal Schoener [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 9:56 AM To: 'George Siaw'; [EMAIL PROTECTED] Subject: RE: Your comments please Where can I find this, "CCIE Expert Labs Simulator" The only simulator's I've seen so far are low quality and under-developed :-) thanks -Original Message- From: George Siaw [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 4:17 AM To: [EMAIL PROTECTED] Subject: Your comments please Importance: High Hi Everybody, If anyone has used CCIE Expert Labs Simulator, IP Routing: Cisco Interactive Mentor I will appreciate your view? Regards, George. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS Transfer Protocol ???
Multiprotocol Label Switching (MPLS) is a high-performance method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply simple labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 6:31 AM To: [EMAIL PROTECTED] Subject: MPLS Transfer Protocol ??? Has anyone heard of this. An prospective employer mentioned it in an interview. The search engine brings back Minneapolis information :-) Thanks !!! Phil ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to pronounce? router
I can verify this. We had a guy here last week from London. He kept talking about updating the roots in the rooter. Took me a minute to figure out what he was talking about. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 9:50 AM To: 'Ajaz Nawaz'; [EMAIL PROTECTED] Subject: RE: How to pronounce? router Take a look here: http://www.dictionary.com/cgi-bin/dict.pl?term=router The funny thing is that it can be pronounced different ways. I, being from Denmark, have used the word both there and in Houston, Texas where I have lived for the last four years, and both places I have always used and heard it pronounced "rau-dor". I have never heard it pronounced "roo-ter" - not even at Hooters :-) Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] -Original Message- From: Ajaz Nawaz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: How to pronounce? router How should one pronounce - ROUTER In England most say - rooter I know in the US most say - rau ter Paul Borghese wrote: In Boston it is: Tkaas In New York it is: "Who wants to know?" In New Jersey it is pronounced TACACS but you need to give not just your Username and Password but also what exit. In Georgia it is pronounced Tacacs but you need to add a "ya' all" to the end and the password is always peach. In San Francisco it is pronounced: Tacacs.com Paul Borghese ""Cthulu, CCIE Candidate"" [EMAIL PROTECTED] wrote in message 8nvemd$p0t$[EMAIL PROTECTED]">news:8nvemd$p0t$[EMAIL PROTECTED]... Here's the way new Texans pronounce it... Tacacs = 'TIE- kax" RADIUS = "Ray Dee Us" HTH, Charles ""Victor Jia"" [EMAIL PROTECTED] wrote in message 8nvea4$noh$[EMAIL PROTECTED]">news:8nvea4$noh$[EMAIL PROTECTED]... Can anyone tell how to pronounce the words TACACS, RADIUS? Anywhere can I find the pronounciation of all those abbreviations? Thanks. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SDSL statement : True or False ?
Sigh, why do ppl make such assumptions? Actually, Netopia tries to make their equipment work with everyone they can. When I worked with one of the larger DSL ISPs in the DC area they were very helpful. You could call them with an issue and if they could fix the issue without a major overhaul they would. I know, for example, their T1 router supports Cisco HDLC. Duncan -Original Message- From: Oz [mailto:[EMAIL PROTECTED]] Sent: Friday, August 11, 2000 10:17 AM To: [EMAIL PROTECTED] Subject: Re: SDSL statement : True or False ? I think some comes down to a control issue the ISP's don't want you playing with their Dslam etc and also they get very sweet deals on the last mile stuff. So why should they and there are compatability issues I forget right now what the issue was Als look at it from netopia's point why should they try to work with cisco if they don't they get to place stuff all the way to the end. If they do their sales end at the demark. It's called marketing , I have had this problem and created a need for a firewall after the netopia so lost a router and gained a firewall. Not a bad trade (heh) Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T3 circuit connectivity
Something to consider. Although the 3600 can support a HSSI port you need to think about how much throughput will be going through the router. We had a 3640 with about 80 BGP entries and about 50 lines of ACL on it with 128MB of RAM. It had 10-12MB sustained throughput on one of its interfaces and it would shut the interface down every few hours due to overflowing. Cisco said that we could use it a little longer with 256MB of RAM but that the 3640 really just can't handle that much sustained throughput. Heck, it ran 60% cpu utilization all the time. IMHO, if you really need the T3 then the 3600 may not be the right router for the situation. We replaced the 3640 with a 7513 and it runs at 5% now. For all the T3s we get now we don't use anything less than a 7000 series. Just my $.02 Duncan At 09:32 PM 7/27/00 -0500, D Stevens wrote: All, We are installing a T3 circuit (point-to-point between 2 local sites)and looking for 2 routers that support a T3 interface. Have only found the 7000 series, does the 2600/3600 series support a T3 interface. Also, should a multiplexor/channelized be used for the connection? I believe they may break out around 10 channels for phone but this is still up in the air. I have not handled a T3 before, just a regular T1 interfaces. Any suggestions or whitepapers would greatly be appreciated. Thank you in advance for the tips and feedback. [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCDP certification question
Sigh, is it too much to ask to go to Cisco's website and see that you need to take both tests: http://www.cisco.com/warp/customer/10/wwtraining/certprog/lan/programs/ccdp.html At 12:15 PM 7/17/00 -0400, Lonnie Paschall wrote: Clayton is correct. You only have to take the CID exam. ""Clayton Dukes"" [EMAIL PROTECTED] wrote in message 02ae01bfeff6$4e498ea0$[EMAIL PROTECTED]">news:02ae01bfeff6$4e498ea0$[EMAIL PROTECTED]... The CCNP and CDDP are gotten from taking the core (3 tests or the FRS) and the CIT and CID. If you have taken the Core or the FRS and the CIT, you have your CCNP, after that, you only need to take the CID to get your CCDP. - Original Message - From: Adam Wang [EMAIL PROTECTED] To: Cisco Study Group [EMAIL PROTECTED] Sent: Monday, July 17, 2000 9:02 AM Subject: CCDP certification question Hi, I have a question about CCDP certification. After I got a CCNP, do I still need to take the CCDA plus the CID exam, or I only need to take the CID exam to become a CCDP. Thanks. Adam ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secondary IP address
We are changing our network IP layout and we use secondary IPs to transition. Duncan At , [EMAIL PROTECTED] wrote: What are the advantages of using a secondary IP on and ethernet interface ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco/CoVad un bridge
A much easier way is to request a bridge and use a dual ethernet router. You can then put your IP on the outside interface of the router. This way you don't need to request additional IP addresses (which they might charge for) and you won't have to pass through 2 routers. FYI- Netopia is a pretty good router. That company is on top of things and they have an excellent website. At 04:41 PM 7/5/00 -0400, Chris Stocker wrote: I have used a dual ethernet behind the Netopia router w/o any problem. Just get a public address for the ethernet side of the netopia and a public address to put on the outside ethernet interface. And then use NAT on the inside, if you can't get enough public addresses. Also start the VPN session from the inside Ethernet. Hope this helps. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Finnesey Sent: Wednesday, July 05, 2000 2:47 PM To: '[EMAIL PROTECTED]' Subject: Cisco/CoVad un bridge Is anyone using a Cisco router with CoVad un bridge ? I need to setup an VPN with IPSEC and I need to start the VPN in the router and all CoVad will sell me is Netopia. Ryan V. Finnesey Network Administrator @tmosphere Interactive 1375 Broadway, 11th floor New York, NY 10018 212 827 2507 phone 212 827 2525 fax [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 ===
Simple PIX question
I hate to ask this but how do I put a secondary ip address on the inside interface of a PIX 515? I could not find it on CCO and there doesn't appear to be a secondary command. Thanks, Duncan === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Backup Interface
Look Here: http://www.cisco.com/warp/public/793/access_dial/britobribackup.html At 07:59 PM 6/20/00 +0800, Daniel Ma wrote: I am trying to backup an serial interface using Bri port. However I go through the BRI interface configruation commands, I could not find the command "backup interface" Can any one help me on how to configure it? And for Bri interface should I configure normal DDR? I am using one cisco4700M and one cisco2503, IOS 11.3. Thanks in advance. Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems Services Pte Ltd ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ======= Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Backup interface question
Greetings all, I was in the Cisco configuration Cookbook looking at backup interface and came up with some questions. Here are the configurations they gave: Router 1: ! hostname router1 ! username router1 password foo username router2 password bar isdn switch-type basic-ni1 ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 ! interface Serial0 ip address 192.168.1.1 255.255.255.0 backup interface BRI0 backup delay 5 30 ! interface BRI0 ip address 192.168.10.1 255.255.255.0 encapsulation ppp dialer idle-timeout 300 dialer map ip 192.168.10.2 name router2 broadcast 5551212 dialer map ip 192.168.10.2 name router2 broadcast 5551313 dialer load-threshold 128 dialer-group 1 isdn spid1 40855578781010 5557878 isdn spid2 40855579791010 5557979 ppp multilink ppp authentication chap ! router igrp 1 network 172.16.0.0 network 10.0.0.0 ! dialer-list 1 protocol ip permit ! - Router 2: ! hostname router2 ! username router1 password foo username router2 password bar isdn switch-type basic-ni1 ! interface Ethernet0 ip address 10.10.10.1 255.255.255.0 ! interface Serial0 ip address 192.168.1.2 255.255.255.0 ! interface BRI0 ip address 192.168.10.2 255.255.255.0 encapsulation ppp dialer idle-timeout 300 dialer map ip 192.168.10.1 name router2 broadcast dialer map ip 192.168.10.1 name router2 broadcast dialer load-threshold 128 dialer-group 1 isdn spid1 40855512121010 5551212 isdn spid2 40855513131010 5551313 ppp multilink ppp authentication chap ! dialer-list 1 protocol ip permit ! -- My question is about this line: dialer map ip 192.168.10.1 name router2 broadcast dialer map ip 192.168.10.1 name router2 broadcast They are the same line. What did they leave off here? If you type it in the way they have it you get: adw-gw(config-if)#isdn spid2 1101070002 %isdn spid2 not allowed for 5ESS BRI custom I assume this is caused by the incorrect line above. Seems funny they would say router2 since they are already on router2. Or is this cause due to me using the basic-5ess? Duncan === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 ===
isdn t203 10000
I've seen this in configurations but no one explains what it is. Any takers? Duncan === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall Syslog server
http://www.cisco.com/cgi-bin/tablebuild.pl/pix At 01:08 PM 6/9/00 +0200, Mauro Conosciani wrote: Hi everybody!!! does anyone know where it's possible to download the PFSS ??? I had a quick tour in the CCO but.no way to get it?? I know It's a no charge sftwre. Cheers ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PAT vs NAT
I'm wondering what NAT gives me over PAT. On my PIX I believe it can do 65,000 translations on PAT. If I have 100 users behind it what is the advantage of using NAT? Duncan === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lab set up..
I might get a 2620 and a 29xx series switch so I could do ISL VLANs. As for the equipment, look at www.grandstore.com. Duncan At 11:11 AM 5/20/00 +1000, Brandon Peyton wrote: Hi guys I have finally saved up some more money and wanting to finally get a home lab instead of always going to work to practice. What different things should i get? 2 routers 26xx switch 1900 hub and the appropriate cables? or what would you suggest Course if you could direct me to the place that would have the best deals (not an auction site) for used cisco equipment that would determine what i can get as well... Thanks, Brandon ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: acl performance matrix
Well Art, the second you use an ACL you give up all hope of wire speed. You can go to this article: http://www.nwc.com/1004/1004ws22.html They have a study on a 7513. Duncan At 08:29 AM 5/10/00 -0500, Art Davis wrote: At what time does syslogging of an ACL cause the logging to cease and/or performance degradation of the wire speed? I'm looking for a matrix that says x number of ACL hits per second causes throughput to drop by percentage y. The equipment I have in mind is a 7507 with 128 Mb of memory and a 6509 w/ MSM and 64 MB memory. Arthur Davis, CCNP, MCSE Network Administrator Corporate Router Support Get free email and a permanent address at http://www.netaddress.com/?N=1 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] === Duncan Maccubbin | [EMAIL PROTECTED] Senior Network Engineer MCP+I,MCSE,CCNA,CCDA,CCNP CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8039 === ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]