Re: First learning experience. [7:27653]
There are 4 places to go for the R/S lab in AP for guys like us in HK: Tokyo, Beijing, Singapore and Sydney. The backlog in BJ is pretty long, you might think about SG or Tokyo. Though I took mine at Sydney, for twice. Gary CCIE#8256 c.h.ip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ryan Ngai Hon Kong wrote: Hi all, Just want to tell you all that I finally attempted my first lab on 28/11. What an experience for 2 years in networking line (newbies) after completing all my NA/NP certification and finally now turning to the lab. I knew I didn't do a good job there though the result have not been released yet (which took a couple of days), it's my first learning experience. finally, did you take the lab exam in Hong Kong? I have thought that I need to travel to BeiJiang or Singpoare to take the lab test.. Regards, c.h.Ip (for me, it still a long way to go. I think i can make my first lab attmept in 18 or 24 months, as now on the way of NP DP exams, and seeking study parther...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27666t=27653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Win2K CA with Cisco Router [7:27147]
First, get a copy of SCEP at http://corporate.windowsupdate.microsoft.com/en/default.asp. Search scep under Win2K. Setup your CA as Standalone CA, install IIS SCEP. If you need, type certutil -vroot to generate web pages. When you successfully setup SCEP, you should be able to see the CA fingerprint and password for your SCEP session at http://ca_server/certsrv/mscep/mscep.dll. This is also the enrollment URL you should type in your router. Follow the Cisco guide to request cert and authenticate. You will need to check your cert password at the URL above. Make sure few things: 1. Clock is set to GMT and both clocks on CA and router match. 2. You need enrollment mode ra and crloptional on the router. 3. You may need http://ca_server:80/certcrv/mscep/mscep.dll, the port 80 on older 12.0 IOS. HTH Gary CCIE#8256 NKP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi , I am trying to get a Win2K Advanced Server with a CA server installed in it to generate a key from its CAuthority. It generates key for any request that is coming from any Microsoft client on the LAN , but it is not accepting any request from Cisco Router , with the IOS of Ipsec , is there any configuration or any additional utiltity . I have given the commands of : ip host cert-author 10.19.54.46 cry key gen rsa usage as given in details on : http://www.cisco.com/warp/customer/707/19.html Could anyone guide me if I am missing anything as I am new on Cico Security thanks in advance Navin Parwal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27150t=27147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE One Day Lab FAIL [7:27029]
Mine is 60-70 wpm. But the key point is, I used i instead of sh ip ro, b instead of sh ip bgp, o instead of sh ip ospf, t instead of conf t etc. Therefore, a sh ip bgp sum would be b sum, or sh ip ospf nei would be o nei. I know you get what I mean. Build a list of aliases so that this becomes a nature to you help a lot. Though the side effect is that I would type i to show the routing table very naturally, even at work where those routers have not been setup with these aliases. Also, know the option down cool. I found that those fast-pace one would not rely on the online help by typing ?. That way you will save a lot of time for fixing other critical issues rather than figuring out what can be match/set in a route-map. HTH Gary Joseph Ezerski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... For those that finished with an hour or so to spare, do you mind posting what your estimated typing speed is? I know it sounds funny, but I work with someone who can type 120 words a minute and it seems to make all the difference in a tight time situation like the lab. Thanks in advance, -Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McCallum, Robert Sent: Tuesday, November 20, 2001 5:45 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: CCIE One Day Lab FAIL O.k. I sat the exam last week and failed but by not a lot. Silly mistakes killed me. For those of you who have still to experience the one day lab then please read ahead. Mostly everyone on this list stated that there was no time to do the lab or check anything. I found this to be so untrue it was unreal. Most people on the lab finished with an hour to go and I had more time than this to check and try to get the annoying things that didn't work to work (although I failed to get two things working)... So from that, my advice is if you are stuck on something, move on and work your way through the workbook. Once you get to the end you should have plenty time to fix (if you can) the problems you left. From my experience of Brussels everything was there. The proctors turned up when they should, answered any questions you asked, there were icons for each element you had to configure, there was paper, there were pens, pencils, sharpeners and erasers. Lunch was horrible although I don't think anyone was to bothered about lunch, so if you are a person who cannot go without lunch bring a packed lunch with you (just don't put your answers in your lunch box !!). All in all enjoy the experience and READ the questions (even the smallest detail). I am resetting in Feb next year and I reckon the pressure will really be on then. Most people fail 1st time anyway is what I can say this time but next time ?? Robert McCallum Ext 730 3448 DDI : 01415663448 Mobile : 07818002241 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27037t=27029 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HELP! Wildcard masks [7:25728]
Not explained in bits, but that is what I always tell ppl a clean way to do: 2 things: subnet mask, wildcard mask. You should be well comfortable with what a subnet mask is. So, take the host mask, 255.255.255.255. When you want a wildcard mask, subtract subnet mask from the host mask decimal by decimal. e.g. to deny a class C network, your netmask is 255.255.255.0, host mask - netmask = 0.0.0.255, which is your wildcard mask. therefore the list look like: access-list 1 deny 192.168.1.0 0.0.0.255 And thus a wildcard mask corresponding to 255.255.128.0 would be 0.0.127.255. HTH Gary Joseph Haynes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was wondering if anyone could assist me in better understanding wildcard masks. Perhaps a website or book you came across during your studies. Any assistance would be most appreciated. I plan to take my test in a month and I am having problems with this aspect. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25729t=25728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPM for IDS [7:24727]
Have you checked their Host ID, Host Name, Org name and Org ID? Did you define your sensor in CSPM correctly? Make sure PostOffice (UDP 45000 by default) all the way goes through. Gary Wong Jim Bond wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I'm trying to setup CSMP. On Netranger side, I got sync NOT received error. Network connection is good. What might be the problem? Thanks a lot. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24774t=24727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPM for IDS [7:24727]
Have you checked their Host ID, Host Name, Org name and Org ID? Did you define your sensor in CSPM correctly? Make sure PostOffice (UDP 45000 by default) all the way goes through. Gary Wong Jim Bond [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I'm trying to setup CSMP. On Netranger side, I got sync NOT received error. Network connection is good. What might be the problem? Thanks a lot. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24727t=24727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSVPN or CSIDS [7:24509]
Haven't gone thru' CSIDS yet. As of CSVPN, should be easier though I also scored 918 in CSPFA while 887 in CSVPN. Need to know down cool all thing related to IKE/IPSec. CA is also important. These include configuration on VPN3000, IOS and PIX. Know the concentrator is also the key. Good luck. Regards, Gary Wong PS. Down to the last one IDSPM on Wednesday. waleed hassabu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... any one have passed recently the CSVPN or CSIDS exams today... what kind of difficulty any fill in commands as CSPFA .. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24514t=24509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: i need help. please.... [7:24472]
Comment inline. Regards, Gary Wong xie rootstock wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... two routers can reach each other by serial with encap ppp, but the potocol is down after plus pap authentication, why? 2505#debug ppp n? negotiation 2505#debug ppp n PPP protocol negotiation debugging is on 2505# ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x610E3A91 PPP Serial0: received config for type = 3 (AUTHTYPE) value = 0xC023 acked PPP Serial0: received config for type = 5 (MAGICNUMBER) value = 0x61235F42 acked PPP Serial0: state = ACKsent fsm_rconfack(0xC021): rcvd id 241 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x610E3A91 2505# [Resuming connection 1 to b ... ] [Connection to b closed by foreign host] 2505# ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x610E4543 PPP Serial0: received config for type = 3 (AUTHTYPE) value = 0xC023 acked PPP Serial0: received config for type = 5 (MAGICNUMBER) value = 0x61236A00 acked PPP Serial0: state = ACKsent fsm_rconfack(0xC021): rcvd id 243 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x610E4543 PPP Serial0: Unsupported or un-negotiated protocol. Link = arp 2505#x ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x610E58AD PPP Serial0: received config for type = 3 (AUTHTYPE) value = 0xC023 acked PPP Serial0: received config for type = 5 (MAGICNUMBER) value = 0x61237D92 acked PPP Serial0: state = ACKsent fsm_rconfack(0xC021): rcvd id 246 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x610E58AD 2505#xun all ^ % Invalid input detected at '^' marker. 2505# ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x610E61BB PPP Serial0: received config for type = 3 (AUTHTYPE) value = 0xC023 acked PPP Serial0: received config for type = 5 (MAGICNUMBER) value = 0x612386BC acked PPP Serial0: state = ACKsent fsm_rconfack(0xC021): rcvd id 248 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x610E61BB 2505#un all ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x610E6C11 PPP Serial0: received config for type = 3 (AUTHTYPE) value = 0xC023 acked PPP Serial0: received config for type = 5 (MAGICNUMBER) value = 0x6123911E acked PPP Serial0: state = ACKsent fsm_rconfack(0xC021): rcvd id 250 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = 0xC023 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x610E6C11 All possible debugging has been turned off 2505#no debug all All possible debugging has been turned off 2505#sh int s0 Serial0 is up, line protocol is down Hardware is HD64570 Internet address is 192.168.100.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Listen Closed: ccp, ipcp, osicp, ipxcp, xnscp, vinescp, deccp, bridgecp, atalkcp lex, cdp, nbfcp, llc2, appn Last input 00:00:01, output 00:00:01, output hang never Last clearing of show interface counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/64/0 (size/threshold/drops) Conversations 0/1 (active/max active) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 2 packets/sec 5 minute output rate 0 bits/sec, 2 packets/sec 35003 packets input, 635469 bytes, 0 no buffer Received 291 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 36918 packets output, 723020 bytes, 0 underruns 0 output errors, 0 collisions, 3002 interface resets 0 output buffer failures, 0 output buffers swapped out 531 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up DCD=up DSR=up DTR=up RTS=up CTS=up DCD=up DSR=up DTR=up RTS=up CTS=up end --More-- 2505#sh run Building configuration... Current configuration: ! version 11.1 service tcp-keepalives-in service tcp-keepalives-out service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2505 ! enable secret 5 $1$cnq3$HaNKpm6dSxvAs4eJS1Yno. enable password 7 030752180500 ! username rootstock password 7 02050D480809 username 2505 password 7 02050D480809 I doubt why no username 1603 here as the peer router is send
Re: VPN and IPsec [7:23339]
For case 1, try having an encrypted GRE tunnel between HQ/Office1 and HQ/Office2. Simply run any routing protocol on these 2 tunnel interfaces and the LANs. For case 2, this should work if you make a static route pointing out for building tunnels, and having the default route pointing to your GRE tunnel interface. Regards, Gary Wong CCIE #8256 Jacek Malinowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have some problems with my Ipsec configuration. My configuration is like: Internet---HQ---Internet--Office1 | |InternetOffice2 Between HQ and Office i want to use VPN connection with Ipsec. How should I make connection between Office1 and Office2? Is it possible to do this through HQ or I have to do this through another Ipsec session Office1-Office2. I want that Office1 and Office2 should go to Internet through HQ. How should I do this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23342t=23339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 7400 router... [7:12275]
I attended a seminar before at Cisco HK. The information I was given is that this new router is positioned as a broadband router. In terms of performance, it is equipped with PXF which will do certain kind of QoS speed up (if you do) and its based board is actually a 7200. GE interfaces are built-in, which provides connectivity to GE backbone. (but not line rate) I have some presentation slides which may give a better overview of the product. I can email you if you need. Gary Chuck Larrieu interesting. obviously designed to fill that niche of customers who don't need more than a single ATM or DS3 link, for example. Depending on pricing, this will make it easier to sell customers on the advantages of higher bandwidth without the sticker shock of moving from a 36xx to a 72xx ( not to mention those unused slots that always drive customers nuts ) thanks for pointing this out. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McMasters, Eric Sent: Friday, July 13, 2001 7:56 AM To: [EMAIL PROTECTED] Subject: Cisco 7400 router... [7:12275] I was just wondering if anyone out there has had a chance to work on this new box. I was poking around CCO yesterday and this seems like a very cool router, but I was just curious if anyone has actually worked with it. It looks like it is using the same NPE processor that you can get with the 7200 and it uses the same PAMs, but is it as stable? According to CCO the thing is only 12in. deep which would put it on the scale of a 2600 series router. Pretty cool to pack that much power and flexibility into a small box. Anyway, thanks for any information you may have!! Eric Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12283t=12275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: quest. for AAA / VPDN experts [7:10535]
B4 answering what is going wrong, could you see anything in the RADIUS log? That should give some hints. Gary nrf I am trying to set up a L2F VPDN, using CiscoSecure for Windows (acting as a Radius server). I have yet to actually get the VPDN up. I believe that the problem has something to do with the Radius configuration on Ciscosecure. I say this because when I configure it as a Tacacs+ server, the VPDN settings all work perfectly. This indicates to me that the NAS and the home gateway are set up correctly, and Ciscosecure is set up correctly, when using Tacacs+. But when I shift everything to Radius (both the aaa settings on the router and the network settings on Ciscosecure), all hell breaks loose. Shift it back to Tacacs+, and everything is fine again. So, has anybody ever successfully done a VPDN using Radius (not just Ciscosecure, but any kind of Radius)? If so, could you just provide a walkthrough of how to do it - what AV pairs to use, etc.? Note, I am not interested in being pointed to a bunch of sample CCO configs, because I have already read them, and have copied them, and they seem not to work. I am interested in finding somebody who has actually done a VPDN w/Radius and can confirm that it works. Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10551t=10535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed Support 2.0;Another CCNP
Yes. I am one of the CCNPv2 by this sequence. And yet Cisco will renew your CCNA to v2 automatically. -- Gary Wong ""Jason Roysdon"" [EMAIL PROTECTED] ¼¶¼g©ó¶l¥ó 904kls$lkl$[EMAIL PROTECTED]">news:904kls$lkl$[EMAIL PROTECTED]... How about this: CCNA v1 Routing v2 Switching v2 Remote Access v2 Support v2 CCNP v1 or 2? Is CCNA a pre-requisit and not actually part of the CCNP cert, so I'm guessing CCNP v2. -- Jason Roysdon, CCNA, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "STRAND Scott" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It is CCNP 1.0. Because ACRC is one of the old exams I am only a 1.0 CCNP..:-(.but like I mentioned I will probably take the BSCN and upgrade to 2.0 sometime soon. Besides, I would feel lost if I wasn't studying for a Cisco exam!! --Scott RANMA wrote: ACRC ? It is changed to BSCN in CCNP 2.0 what is your certificate version? CCNP 1.0 or CCNP 2.0 ? Ken ^_^ "STRAND Scott" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Passed Support 2.0 last wednesday with a score of 832. This was the only one of the 5 exams that I thought was poorly written. Halfway through the test I was starting to get upset because the questions were vague to say the least..but if you have studied hard and know your show and debug commands you'll be OK. Cisco really shouldn't require you to sign a NDA for this exam, who in their right mind could remember these weird questions?? :-) Here is how I passed: Used the Cisco-Press CIT book (OK) Used the exam cram book. (also OK) Used Boson test #2 (helpful, I reccommend it) Used Priscilla's flash cards (very helpful) Here's how I rate the exams from 1 to 10 with 10 being the most difficult: CCNA - 4 ACRC - 7 BCMSN - 5 BCRAN - 5 Support - 6 I consider myself a CCNP Version 1.75 because of the ACRC test. I know that makes me only a 1.0 so I'll probably take BSCN to get to 2.0. Oh well, I'll take it. I've read *alot* of study books during this process and here are two "must reads" IMHO: Routing TCP/IP - By Jeff Doyle (Never would have passed ACRC without this one) Cisco Lan Switching - Kevin Hamilton and Kennedy Clark --Scott Strand SWIFT Senior Network Analyst CCNP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]