RE: Cisco Security Advisory: Cisco IOS Interface Blocked by [7:73707]
The Advisory affects *ALL* routers and switches running IOS versions below 12.3 The access-lists are a work-around / stop-gap measure until you upgrade your IOS to a release that has a fix for the vulnerability. However, with what I have seen and heard over the last few weeks, use the access-lists and *don't* upgrade your IOS without proper planning. I have seen some overzealous network engineers crash their routers by loading the wrong IOS for the hardware(DRAM/Flash) they currently have. HTH George Murage -Original Message- From: Mr piyush shah [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 [7:73471] Dear all Recently there was an article on Cisco Security Advisory which stated that all Cisco routers/switches having IOS as their operating system,their Interfaces will be blocked by IPv4 Packets.In this regard,i have a querry. Is it that all the router having IOS will be blocked or certain specific IOS ? Also they have given fixes at the bottom of that article which states about access-list,do one need to go ahead with implementation of these Acess-lists? Kindly help. Thanks in advance. Piyush Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73707t=73707 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Multicasting [7:72403]
It seems nobody has really answered this. To begin with, I agree that you do not need IGMP on the tunnels, only on Ethernet ports where there are possible receivers of the mcast traffic. In addition, it is not necessary that your SP runs mcast on his router since you are using GRE tunnels. PIM-DM uses SPTs so the moment it starts receiving (S,G) traffic from a mcast source it will send out the traffic to all interfaces on its outgoing interface list. For PIM-DM that is all interfaces that have multicast enabled and have a PIM-DM neighbour or a mcast receiver. So the first thing you need to do is check if you can see your PIM-DM neighbour at the other end of the SP cloud with the show ip pim neighbor command. Please keep us posted on how this progresses. Kind regards George Murage -Original Message- From: Doan Nguyen [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 11:44 PM To: [EMAIL PROTECTED] Subject: Re: Multicasting [7:72403] If you're using PIM Dense-Sparse mode you will need to designate an RP router because the DR needs to know where to send the (*,G) to join and the source DR needs to register the SA messages to the RP. What you can do for this case is R1-SP1---SP2-R2 make either R1 or R2 the RP. Assign a static RP-to-group mapping to the router that is not the RP to point to the one that is assigned the RP. If you're using static RP mapping then all you need on your tunnel interface is PIM-SM. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73719t=72403 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Logging ICMP on a PIX [7:73232]
Just out of curiosity, why do you want to log *all* ICMP traffic through your PIX? At logging level 4, you should see logs for selected ICMP traffic that is characteristic of a reconnaissance attack. Anyway, I hope you have a large disk(s) on your Syslog server :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: RE: Logging ICMP on a PIX [7:73232] Tried debug icmp trace And logged that information to console/syslog debugging level? Martijn 6.2 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.h tm#1028090 level Specify the syslog message level as a number or string. The level you specify means that you want that level and those less than the level. For example, if level is 3, syslog displays 0, 1, 2, and 3 messages. Possible number and string level values are: 0-emergencies-System unusable messages 1-alerts-Take immediate action 2-critical-Critical condition 3-errors-Error message 4-warnings-Warning message 5-notifications-Normal but significant condition 6-informational-Information message 7-debugging-Debug messages and log FTP commands and WWW URLs -Oorspronkelijk bericht- Van: Patrick Donlon [mailto:[EMAIL PROTECTED] Verzonden: woensdag 30 juli 2003 10:23 Aan: [EMAIL PROTECTED] Onderwerp: Logging ICMP on a PIX [7:73232] Do anyone know how to log ICMP traffic that is allowed through a PIX?? I can see denied ICMP no problem. I can log all my other traffic with logging trap debug set, but it can't see ICMP traffic passing through the firewall. Is this normally behaviour for 6.2(2)? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73275t=73232 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE # 12026 - Longish [7:73135]
Congratulations and thanks for the tips! -Original Message- From: Akusika Papaa [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 7:49 AM To: [EMAIL PROTECTED] Subject: RE: CCIE # 12026 - Longish [7:73135] Congratulation and great job. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of NKP Sent: Tuesday, July 29, 2003 11:11 AM To: [EMAIL PROTECTED] Subject: CCIE # 12026 - Longish [7:73135] Hi All , Its my turn to send the e-mail today . Tht subject says it all . It has been almost 8 months of rigorous preparation and I managed to clear it in the first lab attempt in Bangalore . My close friend and a study partner who had cleared his lab just a week before had given me a call when I reached back to the hotel after the lab , he had checked my results online and informed me before i could check the results. I am not a regular participator on this Forum , but here are some tips and pointers which I had used for preparation , which I would like to share with all of you without violating the NDA. 1) Create a Study Group of like minded Friends who are preparing for the labs , its been my friends who have elevated me to this level . We used to work on different scenarios of different practice labs from morning till night and compare our answers. We had a study group of 4 persons from different parts of India who used to stay with me in my vacant apartment , and I am highly obliged to all of my friends who have got me to this level . It would not have been possible without them . Try to meet as many CCIE's who have cleared or CCIEs who are pursuing there labs , ( without breaking NDA ) I have always learnt a new things from every candidate and CCIE's whom i have met as regarding there preparation strategy. 2) Some of the must have books for preparation are : a) Routing TCP/IP Part 1 and 2 by Jeff Doyle b) Troublehooting IP Routing Protocols - Gem of a Book , written by CCIE's in the TAC c) CCIE Practical Studies part 1 by Karl Solie d) Cisco OSPF Command and Configuration Handbook by William Parkhurst e) Cisco BGP 4 Command and Configuration Handbook by William Parkhurst g) CCIE Practical Studies Security ( by Dmitry Bokotey, etc...) h) Cisco CCIE lab Study Guide ( Hutnik and Satarlee) No matter how many books you invest in , it will always seem to be less. I have a collection of almost all the major published books of Cisco Press for the CCNP and CCIE R/s and Security , but there are still topics which you have to look for elsewhere . Some of the practice labs which we had referred to were of Ipexpert and ccbootcamp labs , but we did not do all the labs in them . 3) Build a Home Lab , You can practice for unlimited hours and work on different scenarios . Most of the equipments required have been listed here many times , so i wont go in details of them . 4) Rent online racks as well . We had mainly used racktimerenatals and bradshawlabs for practicing on ATM and 3550 . They are both good and cheap overall adding the total hours of the home lab and online racks , I must have practiced for more then 800 hours in the last 8 months. 5) DOC CD , know it inside out . During the last weeks of preparation I tried not to refer to any books and only refer to the DOC CD only for anything i did not know. Also know how to search for a topic on it , as you can not use the search on the home page on it . The Doc CD will be your best Pal in the labs . make this URL your homepage http://www.cisco.com/univercd/home/home.htm 6) The good thing in Bangalore is that they have practice labs which can be rented ot during the weekdays out here in which you get to use the same equipments at the premises of the testing lab , so I had booked that for 2 days last month and a day just before the exam , I felt more comfortable with the ambience over there and the phycological pressure of the first attempt was not there . 7) Lastly this groupstudy is an asset for all everyone preparing for the lab , I must have collected more then 500 to 600 postings in the past 4 to 5 months and created different folders in outlook as per the subjects and stored them for reference , I got to learn a lot from groupstudy and from @!#$.com , the posting of some of the regular lab trainers of CCIE are a boon in disguise . Go through each and every postings , even if they might not be relevant for exam point of view, they might be useful later on in the production environment. My lab was on Saturday,July 26th and i had reached one hour early at Cisco campus for the lab. It started right on time and the lab was straight and simple to configure . I had almost completed the lab by the lunch break , and it was over 30 minutes after the coming back from lunch. I then revised the whole test and found that there were a few errors and corrected them . Practice speed typing , use aliases , use other time savers which come only through practice
RE: Accesss List(deny ping) [7:72147]
Ok, I am a bit puzzled by what you are trying to achieve. If the ISDN link is a backup and your configuration is working properly the FR link and the ISDN should not be both up except when the FR link is restored and the ISDN link's has not been closed yet which is just a temporary condition. Moreover, as long as the FR link is up all traffic should be routed via this link; this includes the ping to 202.x.y.z. However, I worked on a setup where I had to test if the backup was working without bringing down the FR link. In this case the FR link and ISDN had to use two different networks, see the diagram below HQ LAN---Router-HQFR-FR---Router-A 172.18.0.0/16 | 172.16.0.1/30 172.16.0.2/30 | | l0=172.16.0.4/32 | |-ISDN---ISDN| 172.17.0.1/30 172.17.0.2/30 On router A I put a static route to 172.18.0.0/16 via 172.16.0.4/32 with a higher metric than the IGP metric to make it the less preferred route. The IGP advertises routes that are a longer match than the 172.18.0.0/16 static route. Then I put another static route to 172.16.0.4/32 via 172.17.0.1/30 The dialer map cmd uses the 172.17.0.1 IP so that the ISDN line is activated only when the less-preferable route is the only route available. However, to test the dial-up all you need to do is ping 172.16.0.4, from router A. This will always bring up the ISDN line. You can setup the same on Router-HQ, so that you have static route to a loop back interface on Router A, using 172.17.0.2 An access-list will not help as the FR link will always be chosen to forward the traffic and the ping packet will be dropped after the next-hop address has already been determined. I am not sure if you can achieve the same using PBR; I have never tired it myself. Any comments from the others? Regards George Murage -Original Message- From: Md Nazri [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: Accesss List(deny ping) [7:72147] hi all, I got one scenario, where we got 2 routers, one is A and another is HQ, connection between A HQ are via Frame Relay and ISDN as a backup. ISDN is using loopback address 202.x.y.z. Question: when both Frame Relay and ISDN are up, how do I create access list in router A to deny ping to 202.x.y.z via Frame Relay(Serial port) but only allow it via ISDN Bri port in router A. tq rgds nazri Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72233t=72147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help !!! [7:72096]
The cmd autoselect ppp instructs the interface to only start the ppp protocol if it detects incoming PPP packets. So the calling device must initiate the PPP negotiation. However, for this to work on the router, the async. interface must be set to allow the incoming connection to chose the type of session it wants to start. This is done using the async mode interactive cmd. This is useful where your asynch. interface is used to connect different types of incoming sessions such as PPP, SLIP, ARAP etc The default is async mode dedicated where the async. interface is set to start one type of network session such as PPP for all incoming calls. HTH George Murage P.S This is a pretty loose explanation but you can get the details from Cisco documentation CD - or from somebody on this list who has used the cmds recently :-) -Original Message- From: H T [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 2:11 PM To: [EMAIL PROTECTED] Subject: Help !!! [7:72096] what does it mean? and Why I am getting this message? TestR(config-line)#autoselect ppp %Autoselect w/o the interface command 'Async mode interactive' is useless Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72100t=72096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCDP requirements: pointless to do CID if you don't already [7:72032]
Hi, You do not need BCRAN to be CCNP. Just BSCI, Switching and CID. I am also trying to beat the 25th July deadline! Please see: http://www.cisco.com/en/US/learning/le3/le2/le37/le5/learning_certification_ type_home.html Thanks and regards George Murage -Original Message- From: MCMORDIE Shane (BMB) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:21 PM To: [EMAIL PROTECTED] Subject: CCDP requirements: pointless to do CID if you don't already [7:72027] Hi, I'm aiming at CCDP but I don't have BCRAN. Am I correct in thinking that there is no point in me registering for CID before registration finally ends on July 25th - because to go this route to CCDP, BCRAN is also needed - but is no longer available? Therefore better for me to forget CID and go straight to ARCH? Thanks, Shane DISCLAIMER This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. For further information about Proximus mobile phone services please see our website at http://www.proximus.be or refer to any Proximus agent. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72032t=72032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Port goes to Deactivated mode [7:72022]
I have experienced the same problem and would really like to see what the others have to say. While testing, I put my router with a BRI-1B-S/T card behind a PBX with an NTI card and the problem vanished. This led me to believe that the problem has something to do with the telco. I *think* the telco switch may not be able to detect, in a timely fashion that your isdn line is active, because European ISDN switches normally deactivate layer 1 or layer 2 of an idle isdn line. Removing and re-inserting the cable sort of resets the layers 1 and 2. Has the same effect as typing clear int brix/y on the router. Regards George Murage -Original Message- From: H T [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:49 PM To: [EMAIL PROTECTED] Subject: Re: ISDN Port goes to Deactivated mode [7:72022] Hi, can you show us your running config of both sides, so we can know where would be the problem? cheers, Heiman. Mr piyush shah wrote in message news:[EMAIL PROTECTED] Dear all I am having 128 kbps Leased Line with ISDN backup.As the Link goes Down ,ISDN should trigger,however in my case the ISDN link does not come up and goes to deactivated mode.What could be the problem .I have seen that upon removing the ISDN link and inserting back it gives the status as ACTIVE.What could be the problm? Kindly help as I am not able to use backup link due to this reason. I have attached herewitht the log of sh isdn status command for your kind pwerusal Thanks in advance. Regards Piyush router-1#sh ISDN status ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status: DEACTIVATED Layer 2 Status: TEI = 85, Ces = 1, SAPI = 0, State = TEI_ASSIGNED I_Queue_Len 0, UI_Queue_Len 0 Layer 3 Status: 0 Active Layer 3 Call(s) Activated dsl 0 CCBs = 0 The Free Channel Mask: 0x8003 Total Allocated ISDN CCBs = 0 Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72035t=72022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multimedia/Voice over VSAT [7:71706]
I can only comment about voice over VSAT. The propagation delay which could be anything from 600ms to 1200ms (depending on the VSAT configuration) makes the voice calls sound like long-distance international calls. So the users have to be aware of the you-talk-then-i-talk phenomenon. As for the asymmetrical path, that should really not be a problem, you should just ensure that your routing protocol is aware that the VSAT path consists on two simplex links connected to 2 different ports. I am assuming here that your VSAT uses a DVB-IP receiver for downlink traffic and an SCPC modem for uplink traffic. George Murage - jvd wrote: jvd, it's nice to have you on the list. It looks like you post using the Web site. A lot of people do GroupStudy via e-mail. They can't tell what your messages refer to. They seem like orphans. When posting from the Web, please press the Quote button first and then add comments, and your messages will arrive with some context. Thanks. Hello Pieter, As you know delay is one of the problems with VSAT. You can do nothing about hops to the satellite and back. What you need is some prioritization/QoS in your network for the voice traffic. There are various ways to do this. But is prioritization and QoS even worthy bothering with for traffic going to a satellite? Wouldn't that be sort of like priorizing which bus leaves the New York bus station first to avoid delay going to San Francisco? The few minutes saved by letting the San Fran bus leave before the Philadelphia bus are completely irrelvant compared the many days it takes to get to San Fran. On routers, the few nanoseconds saved by outputting voice first are irrelvant compared to the hundreds of milliseconds to reach the satellite. I don't have personal experience with AutoQoS but it's a new feature supported on the Cisco routers and switches - check it out: (you may need a CCO login) http://www.cisco.com/en/US/partner/tech/tk543/tk759/tk879/tech_protoco l_home.html My other suggestion is for if you want to get into the details to configure your equipment manually, is to have a look at the QDM (QoS Device Manager). This is a web based tool that is free from Cisco's website. http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps2063/index.h tml And then my final suggestion is to have a look at RSVP (Resource Reservation Protocol). This protocol will reserve bandwith for your application along the transmission path. Regards, Jans PS. Nice to see fellow SAfricans on the forum. I thought you were from Brazil?! Now I am curious! :-) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71773t=71706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multimedia/Voice over VSAT [7:71706]
I can only comment about voice over VSAT. The propagation delay which could be anything from 600ms to 1200ms (depending on the VSAT configuration) makes the voice calls sound like long-distance international calls. So the users have to be aware of the you-talk-then-i-talk phenomenon. As for the asymmetrical path, that should really not be a problem, you should just ensure that your routing protocol is aware that the VSAT path consists on two simplex links connected to 2 different ports. I am assuming here that your VSAT uses a DVB-IP receiver for downlink traffic and an SCPC modem for uplink traffic. George Murage - jvd wrote: jvd, it's nice to have you on the list. It looks like you post using the Web site. A lot of people do GroupStudy via e-mail. They can't tell what your messages refer to. They seem like orphans. When posting from the Web, please press the Quote button first and then add comments, and your messages will arrive with some context. Thanks. Hello Pieter, As you know delay is one of the problems with VSAT. You can do nothing about hops to the satellite and back. What you need is some prioritization/QoS in your network for the voice traffic. There are various ways to do this. But is prioritization and QoS even worthy bothering with for traffic going to a satellite? Wouldn't that be sort of like priorizing which bus leaves the New York bus station first to avoid delay going to San Francisco? The few minutes saved by letting the San Fran bus leave before the Philadelphia bus are completely irrelvant compared the many days it takes to get to San Fran. On routers, the few nanoseconds saved by outputting voice first are irrelvant compared to the hundreds of milliseconds to reach the satellite. I don't have personal experience with AutoQoS but it's a new feature supported on the Cisco routers and switches - check it out: (you may need a CCO login) http://www.cisco.com/en/US/partner/tech/tk543/tk759/tk879/tech_protoco l_home.html My other suggestion is for if you want to get into the details to configure your equipment manually, is to have a look at the QDM (QoS Device Manager). This is a web based tool that is free from Cisco's website. http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps2063/index.h tml And then my final suggestion is to have a look at RSVP (Resource Reservation Protocol). This protocol will reserve bandwith for your application along the transmission path. Regards, Jans PS. Nice to see fellow SAfricans on the forum. I thought you were from Brazil?! Now I am curious! :-) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71775t=71706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Computer for ISP [7:66736]
actually this is question i have to answer in my assignment. i am also not able to understand it correctly as its not clear. we can assume any server. can u help me in this Scott Roberts wrote in message news:[EMAIL PROTECTED] well georgeW, your questions seem a little hidden. what are you asking? why an ISP would need a server? for dns is the first example that comes to mind. btw, 4 more? scott George wrote in message news:[EMAIL PROTECTED] A computer is to be purchased for an Internet Service Provider (ISP) that is to be used as one of the server at the network backbone. What may be the role of this server for the ISP? Can this server be put for other server related applications? What will be configuration of this server giving reason for selection of various components ( economicaly wise and performance wise ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66824t=66736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Computer for ISP [7:66736]
A computer is to be purchased for an Internet Service Provider (ISP) that is to be used as one of the server at the network backbone. What may be the role of this server for the ISP? Can this server be put for other server related applications? What will be configuration of this server giving reason for selection of various components ( economicaly wise and performance wise ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66736t=66736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CCIP Announcement - This ends the speculation! [7:65912]
There has been some speculation on the fate of the CCIP track since the beta testing of exam 642-661 - Configuring BGP on Cisco Routers. Well, this is what Cisco has to say about it. Cisco Systems recently adjusted the CCIP (Cisco Certified Internetwork Professional) program to meet the changing needs of the service provider market. With this adjustment, the CCIP curriculum will follow in the CCDP and CCNP tradition of four exams and four courses. The elective approach will be phased out and the existing QoS course will be a part of the CCIP program. For those customers interested in pursuing the elective areas, the Cisco Qualified Specialist program will offer focused training and certification in multiple areas of high demand. http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast2 Question is what happens to those who have the old CCIP with an elective. Then there is an overlap in course material. A good portion of the BSCI course covers BGP, which is covered again in the new exam Configuring BGP on Cisco Routers. However, IMHO, I think the cert is welcome. By making MPLS and some advanced BGP concepts mandatory it is more reflective of the skills required in a SP environment. GM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65912t=65912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PDM Question [7:65954]
Hi there, I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4). I'd like to pop PDM on that system(s) and try that interface out. I'm a command line kind of guy, so am comfortable with CLI, but, I've heard that PDM is a worthy utility. Any words of wisdom on PDM installation? Best, G. Nations have recently been led to borrow billions for war; no nation has ever borrowed largely for education... no nation is rich enough to pay for both war and civilization. We must make our choice; we cannot have both. -- Abraham Flexner Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65954t=65954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Management VLANs, RealWorld [7:63162]
Hello again! Now is the/my time to play multi-vendor dot1q tagging. One vendor being Cisco, of course. Other vendors will be represented by a nameless nitial --- F at the high-end and S at the edge. We've all heard about a/the management VLAN, and I've certainly struggled with my little network over migration to that 192.168.x.x model of management VLAN addressing. (little: 20 sites/~200 nodes/site, gig-e fiber) I've a couple of Yea, but what about in the real world, there, bub? kind of questions. With less than 250 switches, now, should the management VLAN *remain* a flat network across the enterprise? Or, should each site, which are L3 segmented by the core router, have it's own 192.168.x.y/24 IP segment? This is a deceptively complex question, including things like DHCP servers, router availability, security, (Should VLAN 1 be the management VLAN at all?), bandwidth utilization (by user VLANs across the trunk, too.), vendor compatibility (but, here, F and S are capable of changing mgmt. VLANs), and, perhaps not entirely least (or last), ease of configuration and maintenance upon the hapless network administrative staff. I'd be interested to hear how the ole pros do it. And why. Best, Uncle G. ''It is no use saying, 'We are doing our best.' You have got to succeed in doing what is necessary.'' - Sir Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63162t=63162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Repost: Engineering Study Soapbox [7:63165]
Valentine's day marked the 20th anniversary of this event. I thought it might bear repetition. -- Upon learing by rote testing products: -- Here's a little story from the Bering Sea. Bear with me and you'll see why the 'thread' fits. The Anacortes, Washington fishing family had been very successful in the late 1980's. Early 1990 saw four brand-new crab boats ready to plunder the king crab population in an area the coast guard describes as 'the major leagues' compared to North Atlantic fishing ground weather conditions. Not too far out of Dutch Harbor, Alaska, two of those boats capsized, killing all 15 [14, gfh] crew members aboard, including the son of one of the surviving vessels. While the craft were carrying out a load of 800lb. 'pots, photos of the loaded boats before their doomed departure showed nothing visible to point toward load instability. Investigations, of course, followed. Over a year later, as the investigation was closing, without answers, almost as an afterthought, a shipyard worker approached one investigator. I don't know if it really matters, but we had some extra bottom paint, and we added an extra 12 inches around the hull of both boats, he told them. Anti-fouling bottom paint, to combat marine organisms, makes a very visible waterline on the hull of a vessel. Normally, this would be considered a 'bonus' for an owner. This time, however, was different. The engineering specifications had the craft designed with bottom paint to a certain level on the hull. The 25 year-old skipper had loaded the crab pots *to the waterline as indicated by the additional 12 inches of paint*. No one, not the planners, not the skipper, not the investigators, had thought that the paint-line, so visible in the after-the-fact photos, was so 'out of spec.' Twelve inches deeper on a 150 foot boat equals tons of additional displacement. The boats flipped like tops; there was not even time for a 'mayday'. There are a couple of lessons here. The first, and most obvious, is follow the engineering specifications without error. The second, and more relevant to this thread, was that the skipper was operating by rote. He apparently did not understand that the stability of the vessel was not due to a line in the water, but to exact engineering specifications that were inviolate physics. So, does learning to pass the CCxx test(s) require rote learning? Yes. Does that rote learning style make you a safe skipper? Probably not. Know your engineering, as much as possible. The Why's it do that? are perhaps more important than just knowing it does... Very best, G. VP OG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63165t=63165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to break out of the sequence when in write term or [7:61124]
try 'q'. I'm not sure if it works with 'no pager'. George -Original Message- From: eric nguyen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 10:35 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: how to break out of the sequence when in write term or show running in Pix firewall Hi All, My pix configuration is about 800 lines long. Everytime, I do a show running or write term and I would like to break somewhere in the configuration it is not possible for me to send the Control ^C to stop listing of the configuration. Control ^C works on both Cisco routers and switches but apparently not on Pix firewalls. Now I can use pager command to set the page break or no pager not to set the page break. However, in either case, it is not possible to send the break sequence to break out of the show running configuration. This is very frustrating. Why doesn't Cisco make this damn thing work? I am running version 6.2(2) - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61124t=61124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ccie is a rip off! [7:58458]
The CCIE written is not a certification, it is a qualification exam. No matter how dificult you think it is, if you can't pass the written you're not ready for the lab. --- wexo__la wrote: Someone should say this already : There is no experties-checking in any ccie written exam! The ccie is a rip-off! 50% memory questions (like what vip version is eprom-value:01e00 and other shit.. I got the official exam certification guide I am a ccip/ccdp/ccnp and I never got so miss-leaded! this book from july 2002 (very new) and it says (page 4) the exam is 100 question + does not include the fddi and many more ... it is missleading in many areas + the question and cd-test is 80% less hard then the actual test and it tells you that they are harder! i payed the price for getting the book for an idea of the test and i got the wrong idea! i think that cisco is doing something very wrong with this The material are quite broad and you can ask many hard questions on the technologies But there are so many of them about how many slots in this..?,what version support that..?,what ip precedence number is flush.. that gets you thinking cisco is not Concern about checking your experties but something complitly different - that gets people like us talking about the exams like it is something to brag about! [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58482t=58458 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Amazon routers [7:57802]
Does anyone have experience with Amazon routers from ACC? I need to put a 7206 in-line to replace a failing Amazon and the commands are difficult to match up to the Cisco world. Any help would eb appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57802t=57802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2980G config [7:56960]
Could someone post the show config or show port output from a 2980G? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56960t=56960 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tech Tips [7:55030]
George CCIE #9781 -Original Message- From: Persio Pucci [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 1:38 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Tech Tips Hey folks, where did the Tech Tips go that I cannot find it anywhere in the new Cisco site? Did anybody find it already? :( Regards, Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55030t=55030 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multicast scenario [7:50994]
What type of server would be good to set up a multicast scenario and test it out.? Apple server streaming video, or a advance 2000 server. What have you done. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50994t=50994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
and have nothing good to say about them. What sweet nothings would those be? On another, but similar, note, what 3d party GBICs for 1000LX single mode are out there for the Cat 3548 switches? And, are there any sweet nothings about using those in a Cisco platform? Very best, G. -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 2:55 PM To: [EMAIL PROTECTED] Subject: Cisco 1000TX GBICs [7:50316] Anyone have experience with the 1000TX GBICs from Cisco? We have used the stacking GBICs and have nothing good to say about them. The TX GBICs are over $100 less (retail). Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50403t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
switch command [7:50413]
Is their a command to view all the ip addresses connected to my switch. I do a show arp shows a couple Or how often does ip addresses get added to the switch? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50413t=50413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can reach host [7:50422]
I having problems pinging a host on a different vlan. However I can access other host that are connected to the same switch?? Trunking is enable What can I look for . the device is on native vlan , while I am on vlan 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50422t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can't Disable Spanning Tree on 2980G [7:50009]
Hi Folks, Is anybody willing to trade in a November Lab date this year for next February? Regards, George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50107t=50009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what does this command do? [7:50112]
IP host RouterB 191.8.150.1 191.8.2.1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50112t=50112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Looking for BSCN in PDF format [7:50039]
You should try half.com I seen it around $15 bucks used. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin O'Gilvie Sent: Monday, July 29, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: RE: Looking for BSCN in PDF format [7:50039] You tell him Juan, No pirates here!! Just techies trying to sail..Alot of us are just trying to swim..Or at least learning to float!! LOL!! From: Juan Blanco Reply-To: Juan Blanco To: [EMAIL PROTECTED] Subject: RE: Looking for BSCN in PDF format [7:50039] Date: Mon, 29 Jul 2002 20:09:19 GMT Jeff, Give us a break, on this group we are very negative to this type of behaviors, I just went and spent $120 in two books, I did not go to the movies, I did not go outI just went and bought the books because I need them, like myself most of the people in this group do the same thing, they sacrificed them self and buy whatever is require to learn the technology which will help them to move up to new levels, the same way the authors of many books whom worked very hard to put together a book that will help everyone. My advise to you is, in this field you can't be worried about how much a book cost.This is very costly field, very costly my wife is ready give the divorced and kick me out the house with my rack, routers, switches and course many, many books... Good luck in getting your BSCN'S PDF.. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bond, Jeffrey T Sent: Monday, July 29, 2002 1:29 PM To: [EMAIL PROTECTED] Subject: Looking for BSCN in PDF format [7:50039] Does anyone have a copy of BSCN in pdf format that they wouldn't mind sharing. thanks Jeff _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50217t=50039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
multicast address [7:50221]
Where can I find the multicast address , rip, irgp use.? I know Ospf is 224.0.5 224.0.6 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50221t=50221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nbar message [7:49466]
I get this message when I try to apply a policy to my fast Ethernet interface on a 7513 service-policy is supported only on VIP interfaces with DCEF enabled Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49466t=49466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: nbar message [7:49466]
Got it!!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven A. Ridder Sent: Tuesday, July 23, 2002 2:04 PM To: [EMAIL PROTECTED] Subject: Re: nbar message [7:49466] turn on dcef or cef. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I get this message when I try to apply a policy to my fast Ethernet interface on a 7513 service-policy is supported only on VIP interfaces with DCEF enabled Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49485t=49466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mop enable [7:49487]
This command I looked it up at Cisco web site and it says it's a maintenance operation protocol But what does it do exactly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49487t=49487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with vlan!! [7:49127]
I currently have just 2 vlan's in my network. The native 1 and vlan 2. I have a 7513 doing the routing with a fast Ethernet and 3500xl and 2900xl in my network. I have one vtp server and I added vlan 2 it works! . then I created another vlan 3 on the router with ip 10.0.4.1 isl encapsulation on it and add it to the vtp server. (3508xl) and name it lab , doesn't work! I have trunking all the way here is a diagram of my network (port1) 7513-3524trunking2900xl---trunking---2900xl-users on the 2900xl that the users are connected I place switchport access vlan 3 on all the ports and made it a client with the proper vtp domain.. The other 2900 xl that's connected to my 3524 is also a client with the correct vtp domain however when I do a show vlan I show vlan 3 but a different vlan name not lab my question is what im I doing wrong? Do I have to configure a vtp server for each vlan? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49127t=49127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Help with vlan!! [7:49127]
I got it to work!!! The only thing I had to change was on the transparent mode add the vlan and the name and it work, those this have to happen every time you add a new vlan to the switch network? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Arlante, Neil Sent: Thursday, July 18, 2002 10:40 AM To: [EMAIL PROTECTED] Subject: RE: Help with vlan!! [7:49127] did u tried these: is it really trunking betw 3524 and 2900xl, or betw different switches? sh trunk compare vtp revision numbers if they are the same...sh vtp domain see if vtp advertisements are sent and received... sh vtp statistics HTH, -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:44 PM To: [EMAIL PROTECTED] Subject: Help with vlan!! [7:49127] I currently have just 2 vlan's in my network. The native 1 and vlan 2. I have a 7513 doing the routing with a fast Ethernet and 3500xl and 2900xl in my network. I have one vtp server and I added vlan 2 it works! . then I created another vlan 3 on the router with ip 10.0.4.1 isl encapsulation on it and add it to the vtp server. (3508xl) and name it lab , doesn't work! I have trunking all the way here is a diagram of my network (port1) 7513-3524trunking2900xl---trunking---2900xl-users on the 2900xl that the users are connected I place switchport access vlan 3 on all the ports and made it a client with the proper vtp domain.. The other 2900 xl that's connected to my 3524 is also a client with the correct vtp domain however when I do a show vlan I show vlan 3 but a different vlan name not lab my question is what im I doing wrong? Do I have to configure a vtp server for each vlan? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49141t=49127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco command [7:49152]
Is their a cisco command that will show you the serial number of the router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49152t=49152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: FW: Help with vlan!! [7:49127]
The switches were set to client and only one was set to server,however when I added the vlan name to the server it did not propogate to the other switches I wonder why? How many vtp severs can I have in one domain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MADMAN Sent: Thursday, July 18, 2002 1:06 PM To: [EMAIL PROTECTED] Subject: Re: FW: Help with vlan!! [7:49127] You have to be either transparent or server mode to add a VLAN. Were you in client mode originally? Dave GEORGE wrote: I got it to work!!! The only thing I had to change was on the transparent mode add the vlan and the name and it work, those this have to happen every time you add a new vlan to the switch network? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Arlante, Neil Sent: Thursday, July 18, 2002 10:40 AM To: [EMAIL PROTECTED] Subject: RE: Help with vlan!! [7:49127] did u tried these: is it really trunking betw 3524 and 2900xl, or betw different switches? sh trunk compare vtp revision numbers if they are the same...sh vtp domain see if vtp advertisements are sent and received... sh vtp statistics HTH, -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:44 PM To: [EMAIL PROTECTED] Subject: Help with vlan!! [7:49127] I currently have just 2 vlan's in my network. The native 1 and vlan 2. I have a 7513 doing the routing with a fast Ethernet and 3500xl and 2900xl in my network. I have one vtp server and I added vlan 2 it works! . then I created another vlan 3 on the router with ip 10.0.4.1 isl encapsulation on it and add it to the vtp server. (3508xl) and name it lab , doesn't work! I have trunking all the way here is a diagram of my network (port1) 7513-3524trunking2900xl---trunking---2900xl-users on the 2900xl that the users are connected I place switchport access vlan 3 on all the ports and made it a client with the proper vtp domain.. The other 2900 xl that's connected to my 3524 is also a client with the correct vtp domain however when I do a show vlan I show vlan 3 but a different vlan name not lab my question is what im I doing wrong? Do I have to configure a vtp server for each vlan? -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49161t=49127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
boot sequence [7:49174]
If a router has the configuration setting ser to 0x102 , what would be the sequence? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49174t=49174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: cisco command [7:49152]
Try it on a mc3810v3 did not work -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:33 PM To: [EMAIL PROTECTED] Subject: RE: cisco command [7:49152] hi use the show diag command in previleged mode regards deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49173t=49152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: PIX Design Considerations [7:48979]
I would say place an internal router behind the pix so I can route Your internal network, or vlans's that's the way we design it here -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Reed Sent: Tuesday, July 16, 2002 7:19 PM To: [EMAIL PROTECTED] Subject: PIX Design Considerations [7:48979] Im still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didnt need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49022t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please help me with my new baby(Pix 501) [7:48760]
conduit permit icmp any any -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Juan Blanco Sent: Sunday, July 14, 2002 9:24 AM To: [EMAIL PROTECTED] Subject: Please help me with my new baby(Pix 501) [7:48760] Team, I just got my new baby Pix 501 (wow...how small it is, it looks like a toy)Below is my configuration, my problem is that Pat does not seems to be able to work, I have cable-modem and they only provided one ip, I am able to ping from the firewall to any pc on my LAN, I am able to ping from the firewall to any ip on the Internet but I am not able to ping from any PC on my LAN to any ip on the Internet, Be aware that this id the first time I am using a Cisco Firewall, This morning I got the book Cisco Secure PIX Firewall. Your help is very appreciated as always...Another question, The ios on this baby is the same on the high end firewalls, If I am able to learn as much as my brain can take will I be able to configure a high-end pix and feel comfortable. Thanks, (What I am doing wrong..) JB pixfirewall# show config : Saved : PIX Version 6.1(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password MTz0ptrM4U8gsjGv encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.74.11 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 192.168.74.11 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 dhcpd auto_config outside terminal width 80 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49024t=48760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nbar [7:49030]
Is nbar supported on layer 3 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49030t=49030 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: blocking spam with cisco routers [7:48971]
Thanks for your replies -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Queen Sent: Wednesday, July 17, 2002 2:47 PM To: [EMAIL PROTECTED] Subject: Re: blocking spam with cisco routers [7:48971] You'll need a mail relay program like Worldsecure(now Tumbleweed) that searches the content of the message before relaying it to the internal e-mail server. As others have stated, other e-mail servers will open smtp connections to your mail server in order to send mail. Most spammers change IP addresses constantly to avoid being blocked by devices such as routers. - Original Message - From: Nigel Taylor To: Sent: Wednesday, July 17, 2002 10:22 AM Subject: Re: blocking spam with cisco routers [7:48971] George, Priscilla brings up a good point in that this will not be easy. The most important issue here is as Priscilla pointed out, is going to revolve around the architecture of your networks or the network you use for connectivity(to the rest of the world). Some other questions that may apply are very specific to your email services. If you have your own domain and don't relay any mail for specific purposes, then this will help, however mail directly address to your domain's users will be delivered. The problem here is how do you determine who is allowed to send you email. This is somewhat of an impossible task because there's no real way of identifying your SMTP-specific Community of Interest (COI). The reason being that smtp(tcp) connections are made from any server-to-server(your server) for the delivery of mail. I'm sure your smtp requirements are much like the typical domain, in which filtering inbound mail falls outside the area of the routed network. It's one thing to filter a specific hosts or number of host to prevent the spread of a new virus. This would still only be accomplished through monitoring of existing smtp traffic flows, in which you could address the issue by resolving the source of the infected mail traffic. Again, the traffic is only identified based on a criteria which can now be tracked or filtered. Where I'm going with this is that the only effective way of containing spam is by identifying who is sending it and most importantly what subject lines are being used in the SPAM email received. This is important because you might not want to block or filter all mail inbound from hotmail.com so finding another way to identify the spam is very important. I'm not sure of the flexibility of Micro$oft's exchange to filter mail based on subject lines but, I know that sendmail(the best mail server) through the use of the cf file can aide in this process. There is assistance in the form of various programs that does do this type of filtering, however the need to providing the rules for the filter still falls within the area of monitoring and prevention Currently, we use Solaris on all of our mail servers(16 of them). We do relay mail for all or most of our users and with some scripting and MySql was able compile a database of the domains and subject lines of typical spam specific emails. All inbound email is processed through this script which will tag the spam email and forwards it into a separate mail server queue for profiling(to check the validity), before being forwarded to the user. We have just begun to use a program called SPAM Assassin which uses our daily updated list of spammers and subject lines. HTH Nigel P.S. Please note the use of Howard-isms in this email..:- - Original Message - From: Priscilla Oppenheimer To: Sent: Tuesday, July 16, 2002 10:50 PM Subject: Re: blocking spam with cisco routers [7:48971] Brad Ellis wrote: Yup, use an access list filtering IPs on port 25 (only allow yours through) Yes, but, other SMTP servers for legitimate reasons are also going to be opening TCP sessions to port 25 because they have e-mail to send to your users. It's not as easy as it sounds. I guess it depends on the ISP's network architecture too. We have a challenge where I work in that our users are on cable modems that connect to the cable provider (which isn't technically us). Their e-mail requests come into our network on the same interface that all Internet traffic comes in on. Priscilla thanks, -Brad Ellis CCIE#5796 (RS / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone h
dhcp and subinterfaces [7:49070]
If I have subinterfaces configured for my vlans' and I wanted a dhcp server for one vlan can I create the dhcp server and assign it to that subinterfaces pertaining the vlan in question. I don't have a server on that vlan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49070t=49070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
blocking spam with cisco routers [7:48971]
Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some links. Im behind a pix and would like to allow only my network to use smtp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48971t=48971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie written [7:48860]
Do they allow the use of a calculator I the ccie written exam? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48860t=48860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unable to access MS Outlook using IPSec Lan-to-Lan [7:48482]
We have an IPSec LAN-to-LAN connection between two Cisco VPN 3000 Concentrators and for some strange reason, MS Outlook is unable to connect to the Exchange server on the other side of the tunnel. All other traffic seems to travel fine, and we know for a fact that the mailboxes are accessible locally. Has anyone experienced such a problem and found a solution? George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48482t=48482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ipx question [7:48505]
How do you find the ipx address of a novell 4.11? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48505t=48505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mc3810? [7:48519]
Does the mc3810 support voice over ip as well as voice atm ,or just the mc3810 v3. What would be better to be to practice more this model or a 2600 series? The mc3810 on a standalone what parts are required? If I wanted only to to regular analog phones FXS interface? I a bit confiused as to the parts that are necessary? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48519t=48519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
calculating subnets? [7:48552]
Does anyone have some cool or useful links to calculate subnetting including broadcast . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48552t=48552 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix question [7:47556]
I have the 3des encryption disabled do I have to purchase a license to enable it? VPN-3DES: Disabled Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47556t=47556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Cisco VPN client and NAT [7:47430]
Yes linksys has that option, I ran into that problem Its under the advance option -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lidiya White Sent: Wednesday, June 26, 2002 9:34 PM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN client and NAT [7:47430] IP Security Through Network Address Translation Support http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/827/827rl nts/820feat.htm I think Linksys just has an option for a checkmark on IPSec through NAT. -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alex Lee Sent: Wednesday, June 26, 2002 8:20 AM To: [EMAIL PROTECTED] Subject: Re: Cisco VPN client and NAT [7:47430] So how does the Linksys or cisco 800 handles the IPSec thru PAT then ? Thanks. Alex Lee Lidiya White wrote in message news:[EMAIL PROTECTED]... PIX doesn't support IPSec transparency/IPSec over TCP. Concentrators do. It all depends on the device that is between your client and PIX, that is doing PAT. IPSec uses ESP protocol, that doesn't have ports, so how can you perform PAT (port address translation) for a protocol that doesn't understand port concept? Some routers can pass IPSec through the PAT (like Linksys, Cisco 800). So if the router/device that is doing PAT is IPSec aware, then you should be able to pass IPSec through. If not, then you have to make sure that one-to-one address translation happens for your VPN clients, not one-to-many (PAT)... Hope this helps... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47559t=47430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nbar command.... [7:47605]
I was configuring nbar for my network and when typing Match protocol I got this commands The one that I like the most and look for info on cisco site was Fastrack Has anyone used it here? Does anyone have a url or sample config.. arpIP ARP bgpBorder Gateway Protocol bridge Bridging bstun Block Serial Tunnel cdpCisco Discovery Protocol citrix Citrix Traffic compressedtcp Compressed TCP cuseemeCU-SeeMe desktop video conference custom-01 Custom protocol custom-01 custom-02 Custom protocol custom-02 custom-03 Custom protocol custom-03 custom-04 Custom protocol custom-04 custom-05 Custom protocol custom-05 custom-06 Custom protocol custom-06 custom-07 Custom protocol custom-07 custom-08 Custom protocol custom-08 custom-09 Custom protocol custom-09 custom-10 Custom protocol custom-10 dhcp Dynamic Host Configuration dlsw Data Link Switching dnsDomain Name Server lookup egpExterior Gateway Protocol eigrp Enhanced Interior Gateway Routing Protocol exchange MS-RPC for Exchange fasttrack FastTrack Traffic - KaZaA, Morpheus, Grokster... finger Finger ftpFile Transfer Protocol gopher Gopher greGeneric Routing Encapsulation http World Wide Web traffic icmp Internet Control Message imap Internet Message Access Protocol ip IP ipinip IP in IP (encapsulation) ipsec IP Security Protocol (ESP/AH) ipv6 IPV6 ircInternet Relay Chat kerberos Kerberos l2tp L2F/L2TP tunnel ldap Lightweight Directory Access Protocol llc2 llc2 napsterNapster Traffic netbiosNetBIOS netshowMicrosoft Netshow nfsNetwork File System nntp Network News Transfer Protocol notes Lotus Notes(R) novadigm Novadigm EDM ntpNetwork Time Protocol padPAD links pcanywhere Symantec pcANYWHERE pop3 Post Office Protocol pppoe PPP over Ethernet pptp Point-to-Point Tunneling Protocol printerprint spooler/lpd qllc qllc protocol rcmd BSD r-commands (rsh, rlogin, rexec) realaudio Real Audio streaming protocol ripRouting Information Protocol rsrb Remote Source-Route Bridging rsvp Resource Reservation Protocol rtpReal Time Protocol secure-ftp FTP over TLS/SSL secure-httpSecured HTTP secure-imapInternet Message Access Protocol over TLS/SSL secure-irc Internet Relay Chat over TLS/SSL secure-ldapLightweight Directory Access Protocol over TLS/SSL secure-nntpNetwork News Transfer Protocol over TLS/SSL secure-pop3Post Office Protocol over TLS/SSL secure-telnet Telnet over TLS/SSL smtp Simple Mail Transfer Protocol snapshot Snapshot routing support snmp Simple Network Mangement Protocol socks SOCKS sqlnet SQL*NET for Oracle sqlserver MS SQL Server sshSecured Shell streamwork Xing Technology StreamWorks player stun Serial Tunnel sunrpc Sun RPC syslog System Logging Utility telnet Telnet tftp Trivial File Transfer Protocol vdoliveVDOLive streaming video vofr voice over Frame Relay packets xwindows X-Windows remote access Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47605t=47605 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: frame relay question [7:47498]
Thanks now I get it -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck Sent: Thursday, June 27, 2002 12:12 PM To: [EMAIL PROTECTED] Subject: Re: frame relay question [7:47498] to the frame switch, each link can have the exact same dlci. if you have fooled with using cisco routers as frame switches, you will get the idea how this is possible. the programming instruction says ( in English ) any frames using this port are dlci xx and if they are incoming, send them out that port as dlci yy essentially, a frame PCV is a series of links, each of which has a unique identifier. cust_1---dlci_16--port_1_frameswitch_port_2dlci_397---port_7_framesw itch _port_9---dlci_120cust_1 cust_2---dlci_16--port_3_frameswitch_port_4dlci_397---port_8_framesw itch _port_8---dlci_120cust_2 the only thing that has to be unique in this situation is the port on the frame switch. along each link of the pvc, the dlci is unique only to that link. If any of these links were carrying multiple PVC's then there would be multiple and unique DLCI's for each PVC on that link. so yes, from the telco standpoint, it is far easier for the switch tech to use the same methodology, and far easier for the telco to have some standard practice. my experience is the telco's really hate it when customers start asking for unique dlci numbering systems. plus it is likely that it will take longer for your link to get working right, and you will have to spend time arguing with the switch tech. Kelly Cobean wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You know, this brings up a good question...My company has sites all across the country, and for every spoke site, we were able to get the exact same DLCI, and at the hubs, we were able to get a range of DLCI's in increments of 5 going out to each of the spokes. How is this possible? I completely understand that the DLCI is locally significant, and that it only defines the connection between the Frame switch and the customer CPE, but what are the odds of the exact same DLCI on so many different switches being available? Maybe there is something relevant to the fact that the carrier's network is actually using ATM that makes this possible? Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Sent: Wednesday, June 26, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: Re: frame relay question [7:47498] good questions. in theory, you may request any dlci you wish, so long as it is in the legal range for the carrier. this would be numbers 16 through 996? for some, or through 1004? for others in fact, if you have a good rapport with your carrier, and they in turn have their act together, this is common practice. OTOH, in my experience, telcos just want to get the work done, and they will configure the dlci starting with 16 because it's easy to remember. the switch techs just bang out their configs with no conscious thought intervention. if you have nothing fancy going on ( and it appears you don't ) the only required configuration on your router is setting the frame relay encapsulation, and setting the ip address. at that point the circuit will come up. you can check this using the show frame pvc, show frame lmi and show ip interface brief commands. lmi will detect and use the single pvc with no other tweaks required. if you have multiple pvcs on a circuit, you would, of course have to use frame map commands, or use point-to-point subinterfaces in conjunction with the frame interface-dlci command. best wishes. GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a newbie question, regarding frame-relay. When I order a frame relay circuit for two locations Do the telco provide the dlci? Or I make it up? Once the frame relay is installed on both locations I guess using the dlci numbers it makes the connection , besides the ip and all other stuff Can someone explain it please thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47607t=47498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame relay question [7:47498]
I have a newbie question, regarding frame-relay. When I order a frame relay circuit for two locations Do the telco provide the dlci? Or I make it up? Once the frame relay is installed on both locations I guess using the dlci numbers it makes the connection , besides the ip and all other stuff Can someone explain it please thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47498t=47498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]
Hi Kevin, Don't know if this will help but try rj45-8pin--T1-crossover-rj45-8pin.htm link found on page below: http://ftp.digi.com/support/techsupport/common/cables/async/ Let us know if it works. Regards, George. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Love Sent: 25 June 2002 01:50 To: [EMAIL PROTECTED] Subject: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332] Hey Team, I am trying to pass data through a WIC-1DSU-T1 to test it. In order to do this, I need to put a couple of modular routers back-to-back. I can handle the configuration if I can just get the right cable. I have cable and a crimper. Does anybody have any idea what pinout I would need to use to do this correctly? I have checked Cisco's web site and can't find anything. Thanks for your help! Kevin Love [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47386t=47332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Problem [7:47411]
I have two routers connect throgh an ISDN switch. System image file is flash:c2500-js56i-l.121-12.bin When I change the address to 135.11.35.0 /24 I can not ping. I verified that the call went through 11R3#ping 135.11.35.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 135.11.35.2, timeout is 2 seconds: . Success rate is 0 percent (0/5) R11R3#sh isdn act ISDN ACTIVE CALLS CallCalling Called Remote Seconds Seconds Seconds Charges TypeNumber Number NameUsedLeftIdle Units/Currency In 8995101 899520136 114 5 If I change the address to 135.11.35.0 /27 it works well and if I change to 135.110.35.0 /24 it works. I am puzzled any ideas? R11R3#sh run int bri0 Building configuration... Current configuration : 182 byte ! interface BRI0 ip address 135.11.35.1 255.255.255.0 dialer string 8995101 dialer-group 1 isdn switch-type basic-ni isdn spid1 8995201 8995201 isdn spid2 8995202 8995202 end R11R4#sh run int bri0 Building configuration... Current configuration : 182 bytes ! interface BRI0 ip address 135.11.35.2 255.255.255.0 dialer string 8995201 dialer-group 1 isdn switch-type basic-ni isdn spid1 8995101 8995101 isdn spid2 8995102 8995102 end HERE IS THE COMPLETE CONFIGURATION: R11R3#sh run Building configuration... Current configuration : 1967 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R11R3 ! enable secret 5 $1$LX3.$7TGAHxWdu5Zw8iWCkIHhf1 enable password lab ! username r4 password 0 r4 ! ! ! ! ip subnet-zero ip tcp synwait-time 5 no ip domain-lookup ip host R11R1 135.11.1.1 ip host R11R3 135.11.3.3 ip host R11R4 135.11.4.4 ip host R11R6 135.11.6.6 ip host R11R7 135.11.7.7 ip host R11R8 135.11.8.8 ip host R11R16 135.11.16.16 ! isdn switch-type basic-5ess ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco address 135.11.34.5 ! ! crypto ipsec transform-set tor7 esp-des ! crypto map toR7 10 ipsec-isakmp set peer 135.11.34.5 set transform-set tor7 match address 101 ! ! ! ! interface Loopback0 ip address 135.11.3.3 255.255.255.0 ! interface Loopback2 no ip address ! interface Ethernet0 ip address 135.11.56.3 255.255.255.0 crypto map toR7 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface Serial2 no ip address shutdown ! interface Serial3 no ip address shutdown ! interface BRI0 ip address 135.11.35.1 255.255.255.0 dialer string 8995101 dialer-group 1 isdn switch-type basic-ni isdn spid1 8995201 8995201 isdn spid2 8995202 8995202 ! router igrp 10 network 135.11.0.0 ! ip classless ip http server ! access-list 101 permit ip host 135.11.3.3 host 135.11.7.7 dialer-list 1 protocol ip permit ! alias exec ct config t alias exec sc show controllers serial alias exec sci show cdp interface alias exec scn sh cdp neighbor alias exec sip show ip route alias exec sipx show ipx route alias exec cip clear ip route * alias exec cib clear ip bgp * alias exec sib show ip bgp ! line con 0 exec-timeout 0 0 password lab logging synchronous login line aux 0 exec-timeout 0 0 password lab logging synchronous login line vty 0 4 exec-timeout 0 0 password lab logging synchronous login ! end R11R3# R11R4#sh run Building configuration... Current configuration : 2781 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R11R4 ! enable secret 5 $1$wnCW$4qHyuNAOZk3Z2FYnq7IUG0 enable password lab ! username cisco password 0 cisco username r3 password 0 cisco ! ! ! ! ip subnet-zero ip tcp synwait-time 5 no ip domain-lookup ip host R11R1 135.11.1.1 ip host R11R3 135.11.3.3 ip host R11R6 135.11.6.6 ip host R11R7 135.11.7.7 ip host R11R8 135.11.8.8 ip host R11R16 135.11.16.16 ip host R11R4 135.11.4.4 ! isdn switch-type basic-5ess ! ! ! ! ! interface Loopback0 ip address 135.11.4.4 255.255.255.0 ! interface Ethernet0 ip address 135.11.36.4 255.255.255.240 ! interface Serial0 ip address 135.11.14.4 255.255.255.224 ip rip send version 2 no fair-queue clockrate 64000 ! interface Serial1 bandwidth 64000 ip address 135.11.34.4 255.255.255.248 encapsulation frame-relay ip ospf priority 0 frame-relay map ip 135.11.34.3 403 broadcast frame-relay map ip 135.11.34.5 401 broadcast frame-relay lmi-type ansi ! interface Serial2 no ip address shutdown ! interface Serial3 no ip address shutdown ! interface BRI0 ip address 135.11.35.2 255.255.255.0 dialer string 8995201
rif calculator [7:47444]
I saw some time ago a link posted here for calculating rifs, would someone kindly e-mail it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47444t=47444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can some please explain me some of this commands [7:47140]
Im trying to configure authentication on my routers so far so good , however I would not like to have any type of authentication via console., just in case and also if the tacacs goes down I can still get in with local account I created.. so far if I place this on the console line =line con 0 no authentication none It would let me in , and if I place nothing I get promted for the username and password on my tacacs , but wont let me enter my enable password.? Maybe if I understood each line I could configure it better... aaa new-model aaa authentication login default group tacacs+ local aaa authentication login local local aaa authentication login no_tacacs none aaa authentication enable default group tacacs+ none aaa authorization exec default group tacacs+ none aaa authorization network default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+local Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47140t=47140 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: authentication and router [7:46932]
I wouldn't like any username prompt at the console -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Blair, Philip S Sent: Thursday, June 20, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: FW: authentication and router [7:46932] At the password prompt, if you enter your configured enable password you get access? Sounds like it's working as you have it configured, how did you want it to work? Philip -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: authentication and router [7:46932] I just configured my router to authenticate with cisco secure every works ok, except if I try to Console I get a password promt, and I stop cisco secure I get a password promt Now I tried to enter my enable password and wont work Am I missing something here aaa new-model aaa authentication login default group tacacs+ enable aaa authentication login local local aaa authentication login no_tacacs enable aaa authentication ppp default if-needed group tacacs+ aaa authorization exec default group tacacs+ local aaa authorization network default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ line con0 line authentication no_tacacs Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47141t=46932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
authentication and router [7:46932]
I just configured my router to authenticate with cisco secure every works ok, except if I try to Console I get a password promt, and I stop cisco secure I get a password promt Now I tried to enter my enable password and wont work Am I missing something here aaa new-model aaa authentication login default group tacacs+ enable aaa authentication login local local aaa authentication login no_tacacs enable aaa authentication ppp default if-needed group tacacs+ aaa authorization exec default group tacacs+ local aaa authorization network default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ line con0 line authentication no_tacacs Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46932t=46932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help with vpn and pix [7:46487]
Hi you all , imp trying to use this config from Cisco web site http://www.cisco.com/warp/public/110/pix3000.htmland I has some questions. Suppose if my network has for inside address 10.254.2.1 255.255.255.248 Those the vpn ip pool have to be in the same network as the inside address, because I only have one ip address left to use and would like tohave other users use the vpn tunnel Can I use another network like? 10.0.1.0 Which not use internally? This is a diagram of my network (10.254.2.2) (10.254.2.1)/27 7513pix--outside | LAN | Network 10.200.0.0 Now be looking at Cisco example they have a permit access-list which includes the inside network and they specify another network with a /24 mine is /27 do I have to re subnet? Imp kind of confused. Help.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46487t=46487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vpns [7:46259]
Im looking for a configuration example between a pix and a 2000 professional? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46259t=46259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FXS cards - 1751 [7:45977]
Guy, Any ideas why there are only to voice ports to be configured? Runcorn-1750sh ver Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-K8SV3Y7-M), Version 12.2(8)T1, RELEASE SOFTWARE (fc2) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sat 30-Mar-02 15:07 by ccai Image text-base: 0x80008108, data-base: 0x80F66930 ROM: System Bootstrap, Version 12.0(3r)T1, RELEASE SOFTWARE (fc1) Runcorn-1750 uptime is 0 minutes System returned to ROM by power-on System image file is flash:c1700-k8sv3y7-mz.122-8.T1.bin cisco 1750 (MPC860T) processor (revision 0x801) with 36864K/12288K bytes of memory. Processor board ID JAD06090DEV (2308858941), with hardware revision MPC860T processor: part number 0, mask 32 Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 1 ATM network interface(s) 4 Voice FXS interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x210 Regards, George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45977t=45977 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference between stacking and interconnecting switches [7:46061]
This may be a very basic question, but can someone explain what is the difference between stacking and interconnecting. I am looking into purchasing two Catalyst 2950T-24s. Now I know that you can connect the two catalysts using a crossover cable, but is that using the uplink port or any of the ethernet ports. Looking at some of the documentation for the 2950, I see references to stacking. I need to lay off the coffee George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46061t=46061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Using Catalyst 2950 switch [7:46062]
I want to use the Catalyst 2950T-24 in my Windows NT/2000 and Linux network. According to the specs, it states that it does provide 10/100 autosensing. I wanted to know if anyone has run into problem with the autosensing feature. Or should duplex be hardcoded? Thanks. George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46062t=46062 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPTP outbound through PIX [7:46078]
Is it possible to allow outbound connection to a Microsoft VPN Server (using MS PPTP) from a client machine behind a PIX 520 (IOS 5.2)? If so, what are the commands needed to configure the PIX. Diagram: client PC - PIX Internet --- VPN server Thanks. George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46078t=46078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix and vpn [7:45934]
I don't have a vpn accelerator card installed on my pix can I configure vpn ? Im trying to configure internet users ability to connect to my internal network Probably use this config http://www.cisco.com/warp/customer/110/pptpcrypto3.html any suggestions..? 0: ethernet0: address is 0090.2710.27df, irq 11 1: ethernet1: address is 0090.270d.c12c, irq 10 2: ethernet2: address is 0090.2710.46a2, irq 15 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Disabled Maximum Interfaces: 6 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45934t=45934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-list question? [7:45585]
If I wanted to apply a access list to allow only networks from 192.168.1.0 to 192.168.7.0 and apply it to the vty lines is this correct access-list 101 allow tcp 192.168.1.0 0.0.6.255 eq 23 any ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45585t=45585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Question on Pix and lossing internet conectivity [7:45465]
Im going to try it thanks!!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 5:36 PM To: [EMAIL PROTECTED] Subject: RE: Question on Pix and lossing internet conectivity [7:45465] i had the same problem; it has nothing to do with 5 c classes of ip or in my case 1 IP on the outside for X number of internal users. Either something is wrong with the pix 6.2 Code, or it has very aggressive timeouts. Some of the problems you will see are short time outs on downloads, AIM dying without explanation, and people not getting patted when going to the internet. this fixed my problem... (the timeout XLATE, didnt not fix it, but its there because i was not cool with the default of 3HRS) timeout xlate 6:00:00 timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 even if you have the default 0:00 (never timeout) it still does timeout like in one minute.. also nats dont work (really patting) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45567t=45465 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question on Pix and lossing internet conectivity [7:45465]
I recently upgraded my pix to version 6.2 and lately I noticed that some users behind the firewall Complain that they cant access the internet , or as we should say outside the firewall Now whats is interesting is that this problem can be fixed by issuing the following command Clear xlate Which as I understand clear all translations. Now I have a sufficient pool of outside ip's assign to all my users to be exact 5 class C's. Does anyone here know why this is happening? A particular command can be enter whitin the pix to fix this clearly this is a issue that has happen since I installed 6.2 And the only reason for that is because im planning to use N2h2 on the pix. Any comments would hep Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45465t=45465 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TAACS+ [7:45136]
Is there a way to allow only a certain group defined in your taacas config to access a router or a Cisco device. I'm asking this because im using taacas for my dialup users and would like to create another group like techs to have rights to access a Cisco device Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45136t=45136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ppp multilink over adsl????? [7:44704]
Guys, Will anybody know is ppp multilink is possible over an adsl link and does it work similar to isdn? Regards, George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44704t=44704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logic and Lab Rats [7:44653]
Shucks, folks, 'most everyone knows that the real world has its moments. Users. They generally provide considerable exposure to that which is perceived as real. 'Course, it's always nice to have a test-bed; but I think lab rat is a different definition. So, perhaps to lighten things up, here's a little ditty from the past. = Psychologists have recently decided to refrain from using white rats as experimental animals. So, instead, they decided to use lawyers. It seems the psycs wanted to avoid an emotional attachment... ;-) But, on real-world experience (get the thread!?), the psychological community found that there was a hidden advantage in the change. There are some things that white rats just won't do. Happy M-o-n-d-a-y Best, G. VP OCG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44662t=44653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with pix!! [7:44668]
Hi users I was wondering if can someone help me out this this problem I been experiencing Users behind the firewall can open a session on this web site http://www.oit.ohio-state.edu/userpass.html it has a link to a telnet session to a particular port 1607 I create an access-list allowing some networks to access this site and the application I then applied it to the inside interface but no luck. Here are some commands I did a nslookup to site itself to figure out the ip address 128.146.60.10 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44668t=44668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help..... QPM [7:44519]
Guys, Just wondering if any of you will like know where to download an evaluation copy of the Quality of Service Policy Manager? An immediate response will be very much appreciated. Regards, George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44519t=44519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CallManager - ip phone registration [7:44530]
Would anybody know of how resolve and ip phone which just wouldn't register to the CCM. I can ping from CCM server and all but it keep going on and on a registering. George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44530t=44530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco CallManager - ip phone registration [7:44530]
Thanks for your response. Checked the phones configs and it's all as expected i.e. IP's for cm server, tftp server etc are just fine. Any ideas?? -Original Message- From: Paul Beckman [mailto:[EMAIL PROTECTED]] Sent: 20 May 2002 17:39 To: 'George Siaw' Subject: RE: Cisco CallManager - ip phone registration [7:44530] Check you TFTP address. -Original Message- From: George Siaw [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 11:03 AM To: [EMAIL PROTECTED] Subject: Cisco CallManager - ip phone registration [7:44530] Would anybody know of how resolve and ip phone which just wouldn't register to the CCM. I can ping from CCM server and all but it keep going on and on a registering. George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44536t=44530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco CallManager - IP phone registration [7:44530]
The below were the error message spilling out of CM eventvwr. No matter how many times I resetted the phone, phone registration was rejected by CM. The resolution however was to search and delete any trace of this troublesome phone from CM and voila it worked as a clockwork. Thanks guys!! Error: DeviceTransientConnection - Transient connection attempt. Connecting Port: 2000 Device name [Optional].: SEP003094C28F86 Device IP address.: 192.168.0.137 Device type. [Optional]: 7 Reason Code [Optional].: 1 App ID: Cisco CallManager Cluster ID: xxx-ccm-Cluster Node ID: 192.168.0.65 Explanation: A connection was established and immediately dropped before completing registration. Incomplete registration may indicate a device is rehoming in the middle of registration. The alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection. Recommended Action: No action is required if this event was issued as a result of a normal device rehome.. -Original Message- From: Rogell, Dennis [mailto:[EMAIL PROTECTED]] Sent: 20 May 2002 18:44 To: 'George Siaw' Subject: RE: Cisco CallManager - IP phone registration [7:44530] Are your phones pointing to the correct call manager, the reason I am asking is in my cipt class someone had the phone pointing to the backup instead of the primary Dennis Rogell CNE,NNSS,NNSE, CCNP nextiraone Email : [EMAIL PROTECTED] Phone: (954) 846-5128 -Original Message- From: George Siaw [SMTP:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 09:51 To: [EMAIL PROTECTED] Subject: RE: Cisco CallManager - ip phone registration [7:44530] Thanks for your response. Checked the phones configs and it's all as expected i.e. IP's for cm server, tftp server etc are just fine. Any ideas?? -Original Message- From: Paul Beckman [mailto:[EMAIL PROTECTED]] Sent: 20 May 2002 17:39 To: 'George Siaw' Subject: RE: Cisco CallManager - ip phone registration [7:44530] Check you TFTP address. -Original Message- From: George Siaw [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 11:03 AM To: [EMAIL PROTECTED] Subject: Cisco CallManager - ip phone registration [7:44530] Would anybody know of how resolve and ip phone which just wouldn't register to the CCM. I can ping from CCM server and all but it keep going on and on a registering. George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44547t=44530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help..... QOS Policy Manager [7:44548]
Guys, I know the below message has already been pasted and I am however back at it as result of it's urgency. Would anybody know where or how I could get an evaluation copy of the above product? Your quick response will be very much appreciated. Thanks fellas. -Original Message- From: George Siaw [mailto:[EMAIL PROTECTED]] Sent: 20 May 2002 14:01 To: '[EMAIL PROTECTED]' Subject: Help. QPM Importance: High Sensitivity: Private Guys, Just wondering if any of you will like know where to download an evaluation copy of the Quality of Service Policy Manager? An immediate response will be very much appreciated. Regards, George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44548t=44548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
accessing server slow over t1 [7:44355]
Hi group I have an issue that has come up , and maybe someone can guide me in making a design much better. In my central office I have a ls1010 which connects to several 3810 mc at each campus , its basically an atm network. My question is how come when im at the campus it take like a minute to access my server in the central office. By the way to each location I have t1' and the ls1010 is in turn connected to a 7500 router via oc3 connection, which in turn has fast Ethernet cards that go to my lan , server, How can I speed the access of remote users? Should I use route maps? Guarantee bandwith? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44355t=44355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
as5200 question? [7:44379]
I created a local pool for my dialup users. However once the user dial in he does obtain an unique ip address but his gateway is the same and he is unable to ping any router or switch or server once inside the network How can I change the setting so that he gets a unique gateway? Any useful links? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44379t=44379 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: 2900 series swithc [7:44092]
This is what I have User Access Verification Password: MC-2916XL-56460en Password: MC-2916XL-56460#show version Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA, RELEASE SOFTWARE (fc 1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Thu 11-Dec-97 11:06 by rheaton Image text-base: 0x3000, data-base: 0x001A08D0 ROM: Bootstrap program is MALIBU boot loader MC-2916XL-56460 uptime is 17 weeks, 3 days, 7 hours, 18 minutes System restarted by power-on Running default software cisco WS-C2916M-XL (PowerPC403GA) processor (revision 0x11) with 4096K/1024K byt es of memory. Processor board ID FAA0204W019, with hardware revision 0x00 Last reset from power-on 16 Ethernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:E0:1E:DC:F9:80 Configuration register is 0xF MC-2916XL-56460# -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Cotts Sent: Monday, May 13, 2002 3:42 PM To: [EMAIL PROTECTED] Subject: RE: 2900 series swithc [7:44092] Do a sh ver and see what sort of OS is loaded. Then check out the Software Center on CCO for release notes and etc. I believe that you can update your OS on those switches to Enterprise gratis. Be sure to note how much DRAM you have. Older switches had 4MB, newer switches 8MB. Older switches are approx 14 inches front to back. Newer at about 10. All the above assumes that you have a 2900XL switch and not a 2901 or 2926. -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 2:37 PM To: [EMAIL PROTECTED] Subject: 2900 series swithc [7:44092] Im trying to trunk a 2900 switch but does not have the switchport option ? Can the 2900 series handle trunking? Or only the 2900 xl? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44149t=44092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: 2900 series switch [7:44092]
I figured pretty much why I can do trunking on this switch Imp running a very low ios and basically I cant upgrade because I have 4 mb of ram the minimum is 8 of dram -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 2:07 AM To: [EMAIL PROTECTED] Subject: FW: 2900 series swithc [7:44092] This is what I have User Access Verification Password: MC-2916XL-56460en Password: MC-2916XL-56460#show version Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA, RELEASE SOFTWARE (fc 1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Thu 11-Dec-97 11:06 by rheaton Image text-base: 0x3000, data-base: 0x001A08D0 ROM: Bootstrap program is MALIBU boot loader MC-2916XL-56460 uptime is 17 weeks, 3 days, 7 hours, 18 minutes System restarted by power-on Running default software cisco WS-C2916M-XL (PowerPC403GA) processor (revision 0x11) with 4096K/1024K byt es of memory. Processor board ID FAA0204W019, with hardware revision 0x00 Last reset from power-on 16 Ethernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:E0:1E:DC:F9:80 Configuration register is 0xF MC-2916XL-56460# -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Cotts Sent: Monday, May 13, 2002 3:42 PM To: [EMAIL PROTECTED] Subject: RE: 2900 series swithc [7:44092] Do a sh ver and see what sort of OS is loaded. Then check out the Software Center on CCO for release notes and etc. I believe that you can update your OS on those switches to Enterprise gratis. Be sure to note how much DRAM you have. Older switches had 4MB, newer switches 8MB. Older switches are approx 14 inches front to back. Newer at about 10. All the above assumes that you have a 2900XL switch and not a 2901 or 2926. -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 2:37 PM To: [EMAIL PROTECTED] Subject: 2900 series swithc [7:44092] Im trying to trunk a 2900 switch but does not have the switchport option ? Can the 2900 series handle trunking? Or only the 2900 xl? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44220t=44092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
where can i get this ios [7:44222]
I trying to upgrade my cisco 2900 switch and according to the documentation I need at least This ios 11.2(8)SA4 (Enterprise Edition) to be able to run trunking. However, on Cisco web site I can find it only up to ios 12.0 which I can't install because I don't have sufficient dram ,4mbs does someone here have this ios ?or where can I find it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44222t=44222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2900 series swithc [7:44092]
Im trying to trunk a 2900 switch but does not have the switchport option ? Can the 2900 series handle trunking? Or only the 2900 xl? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44092t=44092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ios question? [7:43882]
I use Cisco routers and switches throughout my hole network,. I been learning as I go and read the posts here so far I feel confident in operating certain hardware models .However, we I have a need to understand more is the ios, from what I read so far each model and depending on what you planning to configure you would need a certain ios, being that one would have the required flash and memory. My question is there are many ios out there for a particular model and most have for example 12.1(8a)E2 , whatever, which one should I choose, What does does number mean?. Can someone here explain me this, and if some one has some links that goes over basic stuff it would be great Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43882t=43882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix load balance? [7:42974]
Can you load balance to pix firewalls? Has anyone done this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42974t=42974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can this be done [7:43000]
I have an Nt server with a 350 pci wireless card and network connectivity .The nt box has a nic to the local network, I would like to share internet connectivity , via probably a proxy services? Has anyone done this before, or can point me to a link with a similar configuration thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43000t=43000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Can this be done [7:43000]
Turn routing on the proxy? Or on the wireless card, still confused -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Ramsey Sent: Wednesday, May 01, 2002 12:53 PM To: [EMAIL PROTECTED] Subject: Re: Can this be done [7:43000] Turn routing on, place the card into adhoc mode, place your other card into adhoc mode, set your ssid's/encryption/etc... you should be good to go... -Patrick GEORGE 05/01/02 02:34PM I have an Nt server with a 350 pci wireless card and network connectivity .The nt box has a nic to the local network, I would like to share internet connectivity , via probably a proxy services? Has anyone done this before, or can point me to a link with a similar configuration thanks Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43020t=43000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
n2n2 and pix [7:42852]
Has anyone here used filtering with the pix, particular the filtering product n2n2? Wanted to inquiry as far as performance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42852t=42852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wanted!! Cisco CallManager 3.1 or 3.2 S/W for H/lab [7:42539]
Please reply directed. I am interested in purchasing a proper CCM CDs preferably with the installation books. Will pay for shipment and I am UK based. George. P.S. Anybody sat the 3.2 exams? Your views please. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42539t=42539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MBA or CCIE [7:41809]
Sagely advice from some good sources, especially the last one. --- Try not to become a man of success, but rather try to become a man of value. - Albert Einstein Recognition is the greatest motivator. - Gerard C. Eakedale Sometimes one pays most for the things one gets for nothing. If I had my life to live over again, I'd be a plumber. - Albert Einstein The advantage of a classical education is that it enables you to despise the wealth which it prevents you from achieving. Russell Green The man who starts out simply with the idea of getting rich won't succeed; you must have a larger ambition. - John D. Rockefeller I'd like to live as a poor man with lots of money. - Pablo Picasso Money often costs too much. - Ralph Waldo Emerson The best way to become boring is to say everything. - Voltaire It's good to shut up sometimes. - Marcel Marceau Happy Friday! Best, G. VP OGC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41958t=41809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: ip/tv [7:41758]
Hi Larry did you have a chance to send the info to you ip/tv manager . he can contact me directly George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Wednesday, April 17, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: ip/tv [7:41758] George, I'll get the info for you from my IPTV studio manager. He runs several hundred iPTV servers for the main campus. As soon as I hear from him I'll forward it along... Larry Letterman Cisco Systems [EMAIL PROTECTED] - Original Message - From: george gittins To: Sent: Wednesday, April 17, 2002 11:01 AM Subject: ip/tv [7:41758] I work for a school district and the person who had my position was working in setting up ip/tv .However when i got aboard the capture card is missing i only posses the software. my question is , and for larry letterman , can i buy a regular video capture card so i can install ip/tv.will this work? George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41978t=41758 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WANTED!!!! Cisco CallManager Starter Kit [7:41755]
Guys, I have had to revise my earlier request owing to a slight change in my requirement. The Cisco callmanager starter kit will suffice what I will like to achieve in a home lab. So, if anyone has any to sell, by all means reply directly to me. Cheers - George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41755t=41755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip/tv [7:41758]
I work for a school district and the person who had my position was working in setting up ip/tv .However when i got aboard the capture card is missing i only posses the software. my question is , and for larry letterman , can i buy a regular video capture card so i can install ip/tv.will this work? George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41758t=41758 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WANTED!! MCS-7822/ COMPAQ DL320 [7:41630]
Guys, I urgently need to buy a secondhand callmanager kit and just wondering if any of you have one to sell or point me in the right direction. Thanks - George. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41630t=41630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Beta Announcement [7:41340]
What do you need it for? Wanna see if you are still sharp? You must have got tired of changing light bulbs. I ain't heard from Rob since he left. Guess he is having fun in New Mexico or wherever he is. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 14, 2002 1:39 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Written Beta Announcement [7:41340] How much are the beta exams ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41455t=41340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IE Written [7:41321]
I live in the metroplex. There is work to be had in Dallas. The criteria for getting it is more difficult. By all means go for the CCIE. It takes 6-18 months for the sharp people and if it takes longer don't let it get you down. One of the best engineers I know took 7 attempts to pass the lab and the worst CCIE I know passed the first time. However, don't think that being a CCIE is the end of your troubles. CCIE will lend a little credibility and open some doors, it is still the experience that counts. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: IE Written [7:41321] I hope no one jumps on me about this but I am in Dallas and as most of you know the market here is horrible. And that is an understatement. I am wanting to go for my IE written in about 3 months but I only have a year of experience. I know that is not enough by Cisco standards but it may be my only option right now for another job. What do ya'll(had to throw that in) think my chances are? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41357t=41321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
aironet access point 340 [7:41339]
Wondering where i can find links to where i can configure the access point through the console with command line? George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41339t=41339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip/tv [7:40845]
im discussing here at my company to deploy ip/tv . has anyone tried it what do i need. i was reading at cisco web site that you need a nt server which will have the digitizer card... George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40845t=40845 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]