RE: CID help needed [7:37854]

[Hire, Ejay]

go to www.cisco.com  Click technical documents.  Look 1/2 way down on the
left hand side.  "Internetwork Design Guide.".

top down network design is also a good book, (you'll have to buy it) and the
internetworking case studies are helpful in finding the cisco way of doing
things.

-eh

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 11, 2002 8:45 AM
To: [EMAIL PROTECTED]
Subject: CID help needed [7:37854]


Hi all,

I'm searching for the Cisco Internetwork Design Manual. Can somebody
point me out where to find it ?  Or mail it to me ?

Cheers and thanx in advanced

Ronald

The Netherlands




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37857&t=37854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP beta passing score : [7:37644]

[Hire, Ejay]

By definition, a beta exam will not have a set passing score.  They will
evaluate the responses they get from the test takers and manipulate the
weight and scale to get the expected pass rate.

-Original Message-
From: Charles McKnight [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 1:30 AM
To: [EMAIL PROTECTED]
Subject: CCNP beta passing score : [7:37644]


If there is 150 questions and a 3 hour time limit for the CCNP v3
beta exams any idea what a passing score would be? I plan to take
the beta switching exam. Just wondering if anyone knows?


Thanks...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37653&t=37644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab - San Jose [7:37444]

[Hire, Ejay]

Yeah, that's the one.  I knew it was on some tv person street.

-Original Message-
From: ashish [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 4:25 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Lab - San Jose [7:37444]


nopes.. there is motel 6 right on brokaw and north 1st street intersection
and it is nearest to cisco san jose location.

- Original Message -
From: Darrell Newcomb 
To: 
Sent: Thursday, March 07, 2002 12:21 PM
Subject: Re: CCIE Lab - San Jose [7:37444]


> Ejay,  I think you mean the one in Sunnyvale on Mathilda just off 101?
> With a Burger King and Hobbee's right there as well.  Wish I had a URL
> to share, but would seem like a good place to stay.
>
> Darrell
>
> "Hire, Ejay" wrote:
> >
> > There is a $50/night motel 6 with a denny's in the parking lot that is
> > okay.I can't remember the name of the street it's on, but it's only
about 2
> > mi. from the hq.
> >
> > -Ejay
> >
> > -Original Message-
> > From: timothy thielen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, March 07, 2002 12:57 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: CCIE Lab - San Jose [7:37444]
> >
> > If you test date is a long way off, or you are close by, start walking
now.
> > Remember to pack food and supplies for cold and warm weather.  Also, a
rain
> > poncho may be wise.
> >
> > Carry or search for a cardboard box (the only approved Homeless/bum
shelter
> > approved for use within San Jose).  Find a space to sleep either near
the
> > cisco compound or near a light-rail station.
> >
> > Transportation from Box to Cisco:  Take the light-rail.  USUALLY nobody
> will
> > even check for a ticket.  If the transit police DO check, at least you
have
> > a better place to sleep tomorrow night.
> >
> > Seriously, though, things are not cheap in San Jose. BUT, the do have an
> > abundance of Starbucks Coffee Installations, where jack-booted
> > Caffiene-Nazi's are likely to force you to consume the People's Drink.
> >
> > --Tim
> >
> > James wrote:
> > >
> > > Hello,
> > >
> > > I hope to get some advice from those who attempted the
> > > lab in San Jose. I have a lab scheduled soon and hope
> > > that someone can let me know where to stay at the best
> > > rates, travel arrangements from hotel to Cisco, etc..
> > > any information is greatly appreciated.
> > > Thank you
> > >
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Try FREE Yahoo! Mail - the world's greatest free email!
> > > http://mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37652&t=37444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: non unique mac addresses [7:37508]

[Hire, Ejay]

Isn't there a command like "standby use-bia xxx.." where you can
specify the MAc to use?

-Ejay

-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 2:16 AM
To: [EMAIL PROTECTED]
Subject: RE: non unique mac addresses [7:37508]


yes, along the line you mentioned, the new sup-II/MSFC-2
will only have 16 hsrp groups available...which means the
groups will have to be re-used...


Larry Letterman
Cisco Systems
[EMAIL PROTECTED] 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
ashish
Sent: Wednesday, March 06, 2002 6:53 PM
To: [EMAIL PROTECTED]
Subject: non unique mac addresses [7:37508]


Hi,
Today only I came to know that HSRP uses the following MAC address on all
media except Token Ring:
.0c07.ac**   (where ** is the HSRP group number)
No wonder why I saw non unique mac addresses on cisco boxes.

Now my problem is that I am working on an application which assumes that
each cisco box will have a unique mac address,
set aside multicast and broadcast mac addresses.

Can anyone help me out and let me know other scenarios where cisco boxes use
such common mac addresses as in HSRP.

Thanks,
Ashish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37565&t=37508
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab - San Jose [7:37444]

[Hire, Ejay]

There is a $50/night motel 6 with a denny's in the parking lot that is
okay.I can't remember the name of the street it's on, but it's only about 2
mi. from the hq.

-Ejay

-Original Message-
From: timothy thielen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 12:57 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Lab - San Jose [7:37444]


If you test date is a long way off, or you are close by, start walking now. 
Remember to pack food and supplies for cold and warm weather.  Also, a rain
poncho may be wise.

Carry or search for a cardboard box (the only approved Homeless/bum shelter
approved for use within San Jose).  Find a space to sleep either near the
cisco compound or near a light-rail station.

Transportation from Box to Cisco:  Take the light-rail.  USUALLY nobody will
even check for a ticket.  If the transit police DO check, at least you have
a better place to sleep tomorrow night.

Seriously, though, things are not cheap in San Jose. BUT, the do have an
abundance of Starbucks Coffee Installations, where jack-booted
Caffiene-Nazi's are likely to force you to consume the People's Drink.

--Tim


James wrote:
> 
> Hello,
> 
> I hope to get some advice from those who attempted the
> lab in San Jose. I have a lab scheduled soon and hope
> that someone can let me know where to stay at the best
> rates, travel arrangements from hotel to Cisco, etc..
> any information is greatly appreciated.
> Thank you
> 
>  
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37564&t=37444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Voice over IP [7:37298]

[Hire, Ejay]

If you are ebay shopping, you can get a 3810 for cheaper than the 2600's or
3600's.

Use this Ebay search (no quotes) 
"+cisco (3810,mc3810) -nokia -singer -att -at&t"

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 1:07 PM
To: [EMAIL PROTECTED]
Subject: Voice over IP [7:37298]


Greetings all,

What is the minimum equipment I need to setup/test VoIP?  I've a lot
26XX and 36XX routers around here.  Any suggestions would be great.

ThanksNabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37428&t=37298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Starter [7:37283]

[Hire, Ejay]

Ebay is a good place to shop.  Also, if you get the unusual conigurations of
things, you can usually save some $.  I.e.  If you want to work with Isdn,
look at a  2516.  It's a 2503 with a built in hub.  Because it's not so
easily recognized, you can get it cheaper.  Also, take a look at the MC3810
's.  Tjhey are a great (cheap!) way to work with voice because most people
don't think about them.  For switching, look at the 12xx switches.  They are
set based like the 5k, and you can trunk them to a 4x00 if you use the fddi
port.

Anyway, good luck.

-Ejay
-Original Message-
From: Danie Strydom [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 1:04 PM
To: [EMAIL PROTECTED]
Subject: CCIE Starter [7:37283]


Dear All, I've recently started active study on CCIE and have limited
experience but CCNP knowledge on Cisco kit. I'm in the process of buying
what I need and I need some advice on where to start and would like to find
out how you guys started out.  What do I need for my home lab? I've looked
at auctions on Ebay, is it alright to buy second-hand? Is there IOS upgrades
available free from Cisco? If any of you know a good link to a specific
equipment list I need I'd be very grateful, I've had a look on the Cisco
Routing and Switching Lab equipment list but they only had the following -
no real specifics:
   2500 series routers 
   2600 series routers 
   3600 series routers 
   4000 and 4500 series routers 
   3900 series token ring switches 
   Catalyst 5000 series switches

I can only afford up to 3600 series routers, what can I do about the rest?

Thank you for your help and I think this is a great group.

Kind Regards,

Danie Strydom

London, UK



-
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37306&t=37283
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix NAT - Two to one [7:37179]

[Hire, Ejay]

On a cisco router, you use the Extendable command.  not sure about the pix.

-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 3:07 PM
To: [EMAIL PROTECTED]
Subject: Pix NAT - Two to one [7:37179]


Hi all,

Has anybody tried NAT'ing two outside addresses to one internal (DMZ)
address on the same port (80) in some way.
Not too difficult to get round, as I can get the DNS of one site changed and
use the single address outside to single inside.
The advantage would be that when the web sites are separated, to two
machines inside, I would like to be able to change the pix settings
immediately rather than change DNS and wait a couple of days for DNS to
propagate.
I'm sure there may be some simple way of doing it, but I couldn't find it
whilst playing about today.

Any ideas welcome.

Thanks,

Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37194&t=37179
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem of upgrading IOS for a router at remote site [7:36977]

[Hire, Ejay]

Can you get the router to boot from the tftp server before fiddling with the
flash?  Then you can fiddle with the flash and if you blow it then you get
another shot...  I'm also a big fan of "reload in 60".

Here are my handy dandy remote router tips.

#1. handy-dandiest tool in the universe.  A 28.8k baud line powered pocket
modem jumpered to only connect at 9600 baud with a 50 foot phone cord and a
cable to connect it to the CONSOLE port  (Instructions to non-tech user:
Connect the big end to your router's console port.  Unplug your fax machines
phone line and plug the phone cord into it.  What is your fax number?)

#2. Reload in 60

#3. copy running-config flash:old-config

#4. Copy runn-start --- Copy tftp flash:newconfig  --- reload in 5 --- copy
flash:newconfig running-config ...  (If your newconfig doesn't work, then
reboot back to the old config in 5 minutes.)

Anybody got any others?


-Original Message-
From: Tony Medeiros [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 01, 2002 9:47 AM
To: [EMAIL PROTECTED]
Subject: Re: Problem of upgrading IOS for a router at remote site
[7:36966]


Never ???  Thats a hard call when unless your company has lots of free
frequent flyer miles.  There are ways to make sure you don't blow it.

1. Test your new image on a router with simular hardware configuration if
possible.  That way you don't boot it on an incompatable OS.

2. If you have the room in flash, keep the old image.

3." line vty 0 4"
"no exec-timeout" This will keep you telnet session alive.  Or, hit
the space bar once in while to keep it from timing out

I have upgraded remotely many times and never blown it.  However, it isn't
without risk.  I always cross my fingers !!

Tony M.
#6172

- Original Message -
From: "Sujal G. Ajmera" 
To: 
Sent: Friday, March 01, 2002 5:33 AM
Subject: RE: Problem of upgrading IOS for a router at remote site [7:36957]


> Yes, I have faced this problem.
>
> My unsolicited advice - NEVER upgrade an IOS across a WAN link.
>
> Good luck.
>
> Sujal
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Friday, March 01, 2002 6:43 PM
> To: [EMAIL PROTECTED]
> Subject: Problem of upgrading IOS for a router at remote site [7:36954]
>
>
> Hi group,
>
> I run into a big problem when upgradeing IOS for a router at remote
> site. I used "copy tftp: flash:" command on a Cisco 2620 router via
> telnet. It first erased the existing IOS from the flash and then start
> to copy the image from my tftp server, which is also running on my
> laptop. But the router will close the telnet session after certain
> period of idle time, and surprisingly close the tftp session as well. It
> ends up that the router's flash memory has no valid IOS stored!
>
> There is no technical staff on that remote site, and it is more than a
> thousand KMs away so I couldn't use a console cable to directly attach
> to it. I repeated the above several times, watched those "!" going
> on until the telnet session closed, and have to pray that there is no
> power surge happened to that router before I find a solution!
>
> Anyone faced this problem before? Please help!
>
> Tony
> --
>
>
>
>
> __
> Your favorite stores, helpful shopping tools and great gift ideas.
> Experience the convenience of buying online with Shop@Netscape!
> http://shopnow.netscape.com/
>
> Get your own FREE, personal Netscape Mail account today at
> http://webmail.netscape.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36977&t=36977
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP and Select path for a AS [7:36947]

[Hire, Ejay]

This isn't a complete solution though, as you've done nothing to influence
the traffic that is coming back into your network.  In addition to the steps
mentioned below, you will want to AS-Path prepend your the connection that
you want to use as the backup.  This will get 99% of the traffic to come
back to you via the preferred link.  The only reason it isn't a 100%
guarantee is because some AS's may implement a policy that overrides your
as-path prepend.  

I can help you set this up if you need assistance.

Ejay Hire
CCNA, CCNP
434-591-4564
[EMAIL PROTECTED]

-Original Message-
From: Georg Pauwen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 01, 2002 7:58 AM
To: [EMAIL PROTECTED]
Subject: RE: BGP and Select path for a AS [7:36947]


Hola Alfredo,

si tienes dos connexisnes a la misma destinacisn (CarrierA y CarrierB), me
parece que lo mejor que puedes hacer es configurar el atributo 'weight'.
Puedes usar listas de acceso, route maps, o el 'neighbor weight command'.
Hay un ejemplo muy bien en el sitio web siguiente:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm#xtocid20439
19

Busca por 'BGP Decision Algorithm', entonces 'Weight Attribute'.

Recuerdos,

Jorge

Hi Alfredo,

if you have two different connections (CarrierA and CarrierB) to the same
destination, it would be best to configure the weight attribute.
You can use either access lists, route maps, or the 'neighbor weight
command' to achieve this. There is a very good example on the Cisco site, go
to:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm#xtocid20439
19

Look for 'BGP Decision Algorithm' and then for the 'Weight Attribute' link.

Regards,

Georg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36970&t=36947
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: [INFOCON] - UNIRAS Briefing - 54/02 - Cisco - Data Leak [7:36825]

[Hire, Ejay]

- -BEGIN PGP SIGNED MESSAGE-

Cisco Security Advisory: Data Leak with Cisco Express Forwarding Enabled

Revision 1.0

For Public Release 2002 February 27 08:00 (UTC -0800)

- - 
--

Summary
===

All Cisco devices running Cisco IOS. and having Cisco Express Forwarding
(CEF) enabled can leak information from previous packets that have been
handled by the device. This can happen if the packet length described in
the IP header is bigger than the physical packet size. Packets like these
will be expanded to fit the IP length and, during that expansion, an
information leak may occur. Please note that an attacker can only collect
parts of some packets but not the whole session.

No other Cisco product is vulnerable. Devices that are having fast
switching enabled are not affected by this vulnerability.

The workaround for this vulnerability is to disable CEF.

This advisory is available at the http://www.cisco.com/warp/public/707/
IOS-CEF-pub.shtml.

Affected Products
=

All Cisco IOS releases that are supporting CEF are vulnerable. In order to
trigger this vulnerability CEF or dCEF must be enabled on the device. The
vulnerable Cisco IOS releases are (this is not an exhaustive list):

  * 11.1CC
  * 12.0, 12.0S, 12.0T, 12.0ST
  * 12.1, 12.1E, 12.1T
  * 12.2, 12.2T

No other Cisco products are affected.

Details
===

When a router receives a packet where MAC level packet length is shorter
than is indicated by the IP level, the router will "extend" the packet to
the size indicated by the IP level. This extension will be done by padding
the packet with an arbitrary data. The issue here is that padding may
contain data from a previous packets that has not been erased.

Although it is possible to trigger this vulnerability on command, it is
not possible to predict what information would be collected this way. It
is not possible for an attacker to selectively capture desired packets
(for example, packets with username and password combination).

This vulnerability is specific to CEF. Fast switching is not affected by
it.

This vulnerability is documented as Cisco Bug ID CSCdu20643. For the Cisco
IOS 11.1CC image, this vulnerability is described as Cisco Bug ID
CSCdp58360.

Impact
==

By sending malformed packets, and capturing them after they have been
processed by CEF, an attacker may find a remnants of a previous packets in
them. The remnant data may contain whatever the previous packet has
carried. That may be parts of a document, mail or any other content.

Note that in an interactive session such as typing a password, characters
are sent one by one in separate packets. That drastically lowers the
probability that all packets will be captured. In addition, it is almost
certain that typed characters will be overwritten by the contents of the
attacking packets.

Software Versions and Fixes
===

Each row of the table describes a release train and the platforms or
products for which it is intended. If a given release train is vulnerable,
then the earliest possible releases that contain the fix and the
anticipated date of availability for each are listed in the "Rebuild",
"Interim", and "Maintenance" columns. A device running any release in the
given train that is earlier than the release in a specific column (less
than the earliest fixed release) is known to be vulnerable, and it should
be upgraded at least to the indicated release or a later version (greater
than the earliest fixed release label).

When selecting a release, keep in mind the following definitions:

Maintenance

Most heavily tested and highly recommended release of any label in a
given row of the table.

Rebuild

Constructed from the previous maintenance or major release in the same
train, it contains the fix for a specific defect. Although it receives
less testing, it contains only the minimal changes necessary to effect
the repair.

Interim

Built at regular intervals between maintenance releases and receives
less testing. Interims should be selected only if there is no other
suitable release that addresses the vulnerability, and interim images
should be upgraded to the next available maintenance release as soon
as possible. Interim releases are not available via manufacturing, and
usually they are not available for customer download from CCO without
prior arrangement with the Cisco Technical Assistance Center (TAC).

In all cases, customers should exercise caution to be certain the devices
to be upgraded contain sufficient memory and that current hardware and
software configurations will continue to be supported properly by the new
release. If the information is not clear, contact the Cisco TAC for
assistance as shown in the following section.

More information on Cisco IOS software release names and abbreviations is
available at http://www.cisco.com/warp/public/620/1.ht

RE: TWO ISP AND ONE FAILURE [7:36371]

[Hire, Ejay]

You'll have to coordinate with your ISP's if you want to run BGP.  To enable
the feature on the 1000's, you have to upgrade to an IP Plus IOS.

-Ejay

-Original Message-
From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 26, 2002 12:13 AM
To: [EMAIL PROTECTED]
Subject: Re: TWO ISP AND ONE FAILURE [7:36371]


Hey guys
The toplogy is this:
ISP (65)(ISP 169)
[R1] [R2]
||
||
\--/
   |
   [HOST]
IP:169...
IP: 65.
The server have two IPs

And i thnik tha with BGP i got the solution but is the combitanion of both
protocol HSRP and BGP.
So i'm goig to telle you something more intersting. The router are Ciscos
1000 series so coulden't find  the way to configure the BGP, becasue it say
that don't know BGP protocol.

Thanx  a lot to all of the member of this list interested in help.

Sincerily
Yassel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36493&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TWO ISP AND ONE FAILURE [7:36371]

[Hire, Ejay]

Because R1 and R2 are not connected to the same ISP, he has to change his IP
address to use the other connection. (because he isn't using BGP to announce
his netblock reachable through both connections).  HSRP can't change his IP.


I've been thinking about it, and there is a (scrapped together
junkyard-wars) way to make this work.  You can HSRP the two routers and have
the backup router NAT the other ISP's IP to a Ip that is valid for it's
connection.  This is a ugly solution, and only works for SMTP incoming mail
transfers from other servers. (because of DNS's MX record priority feature).
Another strike against it is if one of the links fails, all of the SMTP
sessions in Progress will drop, and the remote (sending) mail server will
have to re-initiate.

...
Isp1 - Ip Range 1.1.1.0/28 (0-15)
Isp2 - Ip Range 2.2.2.0/28 (0-15)
Mail server is configured for the ip of 1.1.1.2, with a default Gateway of
1.1.1.1
Both routers are a member of an HSRP group and listen on 1.1.1.1
R1 is the HSRP primary, tracks the serial link, and preempts.  
R2 is the HSRP backup, and preempts if r1's serial link fails.
R2's ethernet interface is IP nat inside, and the t1 interface is ip nat
outside.  R2 has a single static nat entry that translates 1.1.1.2 to
2.2.2.2..
ip nat inside source static 1.1.1.2 2.2.2.2
The DNS records are configured as follows
domain.com. MX  10  1.1.1.2
domain.com. MX  20  2.2.2.2

Now, Looking at all of the above and understanding that this doesn't fix
clients trying to connect to the server with POP3 or SMTP directly from
outlook or eudora...  Do you think this is a good solution? ... (no)  

BGP is the right answer to this customers needs.

Sadly, I know someone is going to look at this and start pushing it to
customers as a solution.  

-Ejay

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 2:51 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: TWO ISP AND ONE FAILURE [7:36371]


I'm not sure I understand your point.  Assume the following topology:

[R1] [R2]
   ||
   ||
   \--/
  |
  [HOST]

The two border routers are R1 and R2 and each have a connection to an
ISP.  HSRP is configured to track the WAN link.  The default gateway on
the host is the HSRP standby ip address.  If either WAN link goes down,
the relevant router--because it is tracking the WAN link--will notify
the other router that it is no longer eligible and the other router will
take over.

Why are you saying that the perceived uptime to the host would not
increase using this method?  As I see it, unless both links go down, the
downtime would be quite minimal.

Thanks,
John 

>>> "Hire, Ejay"  2/25/02 11:24:23 AM >>>
Come on guys, Think about it for a minute.  Do you really think the
router
is failing, or is his downtime caused by the wan link?  HSRP won't
significantly increase your uptime if the wan link is failing and he
has to
manually change his server's IP/default gateway to switch to the other
link.

A diferent way to think of it...  If you had a car with no brakes and
a
broken tail-light, which would you fix first?

-Ejay


-Original Message-
From: Ladrach, Daniel E. [mailto:[EMAIL PROTECTED]] 
Sent: Monday, February 25, 2002 11:48 AM
To: [EMAIL PROTECTED] 
Subject: RE: TWO ISP AND ONE FAILURE [7:36371]


Run HSRP between the two cisco routers and then point your default
gateway
to the VIP address.

Daniel Ladrach
CCNA, CCNP
WorldCom


-Original Message-
From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]] 
Sent: Monday, February 25, 2002 10:11 AM
To: [EMAIL PROTECTED] 
Subject: TWO ISP AND ONE FAILURE [7:36371]


Hello i have a frecuent porblem with one of my isp, i have two cisco
routers
and each one to different isp. Frequentily i have to change the gateway
of
one of my servers, because one isp is failure.
I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i
could
do the change automatically to the other active isp.
It happening me right now. And when i have to do that i have to reset
one of
my servers.. :S. Is a costs operatrion its a mail server.
So if somebody knows how to resolve between routers with different isp
each
one, how to route accross the other good gateway.

Thnx in advance
Yassl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36428&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dialup mac address [7:36394]

[Hire, Ejay]

You can assign them a specific IP and/or privledges based on username using
radius.

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 12:29 PM
To: [EMAIL PROTECTED]
Subject: dialup mac address [7:36394]


hey group

I've got a 3640 with a couple'a pri's and two modem banks... I want to give
vendors access to very specific servers through a firewall... (netscreen) 
My original thought was to place the vendor's mac address for it's dialup
adapter in dhcp and assign it the same ip every timethen base the ACL's
to each server on the vendor ip address...

All the searching I have done on the web say dialup adapters have generic
mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out
specfic ip's to vendors?  How do isp's keep up with leases if this is the
case?

-Patrick


>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36408&t=36394
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TWO ISP AND ONE FAILURE [7:36371]

[Hire, Ejay]

Do not say that a 2500 will not work for BGP.  It will work just fine for a
default-only or partial-routes setup, and I'm sure more than one member of
this group has set it up.

-ejay

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 11:05 AM
To: [EMAIL PROTECTED]
Subject: Re: TWO ISP AND ONE FAILURE [7:36371]


chances are bgp will not be availablefirst..he has to have the address
space...second...if he didn't plan for it before hand, he's probably got a
couple'a 2500's or 2600's Try running bgp on a 2500. (unless of
course he uses the same isp for both connections and they work with him on
setting up redundancy)  But at that point he still would not have his own
asn for bgp...

-Patrick

>>> "sam sneed"  02/25/02 10:46AM >>>
You would want to use both HSRP and BGP in this case. HSRP will solve the
problem of changing the default gateway on the clients when a link fails.
BGP will be used for fault tolerance at the ISP side. Here is a sample doc I
got form the cisco site:

http://www.v-man.net/support/pdf/hsrp_bgp.pdf 

""Yassel Omar Izquierdo Souchay""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello i have a frecuent porblem with one of my isp, i have two cisco
routers
> and each one to different isp. Frequentily i have to change the gateway of
> one of my servers, because one isp is failure.
> I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i
could
> do the change automatically to the other active isp.
> It happening me right now. And when i have to do that i have to reset one
of
> my servers.. :S. Is a costs operatrion its a mail server.
> So if somebody knows how to resolve between routers with different isp
each
> one, how to route accross the other good gateway.
>
> Thnx in advance
> Yassl
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36407&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TWO ISP AND ONE FAILURE [7:36371]

[Hire, Ejay]

Come on guys, Think about it for a minute.  Do you really think the router
is failing, or is his downtime caused by the wan link?  HSRP won't
significantly increase your uptime if the wan link is failing and he has to
manually change his server's IP/default gateway to switch to the other link.

A diferent way to think of it...  If you had a car with no brakes and a
broken tail-light, which would you fix first?

-Ejay


-Original Message-
From: Ladrach, Daniel E. [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: RE: TWO ISP AND ONE FAILURE [7:36371]


Run HSRP between the two cisco routers and then point your default gateway
to the VIP address.

Daniel Ladrach
CCNA, CCNP
WorldCom


-Original Message-
From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: TWO ISP AND ONE FAILURE [7:36371]


Hello i have a frecuent porblem with one of my isp, i have two cisco routers
and each one to different isp. Frequentily i have to change the gateway of
one of my servers, because one isp is failure.
I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could
do the change automatically to the other active isp.
It happening me right now. And when i have to do that i have to reset one of
my servers.. :S. Is a costs operatrion its a mail server.
So if somebody knows how to resolve between routers with different isp each
one, how to route accross the other good gateway.

Thnx in advance
Yassl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36406&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TWO ISP AND ONE FAILURE [7:36371]

[Hire, Ejay]

Hi.  

To maintain uninterrupted services even if one of your ISP's Fail, you need
to run BGP.  I created a "basics of BGP" document on [EMAIL PROTECTED],
and I'm posting it here.  I am a consultant looking for work, if you decide
to implement BGP, I would like to help.

---Begin crosspost---

1.  Talk to your ISP's and see if they will let you peer with them.  This
isn't a question that the average helpdesk person is going to be able to
answer, so you may have to work your way up the food chain.  If the answer
is no, then select a new ISP.

2.  Apply for a Autonomous Sytem Number from Arin.  This Requires ARIN
membership ($500 one-time, $30 annual).  If you are not in the continental
US, substitute RIPE or APNIC for ARIN.

3.  Acquire a minimum of a /24 (256 Ip's) from at least one of your ISP's.

4.  Acquire the following information from each of your ISP's.
 4a. Ip Address of the Peer
 4b. AS# of the peer
 4c. Authentiaction (if any)

5.  Provide each of your ISP's with the following info.\
 5a. Your Peer IP address
 5b. Your AS#
 5c. Authentication (if any, not reccomended)
 5d. The Subnets you will be advertising (Some ISP's filter the incoming
advertisements.  Why?  Lookup "Blackhole-ing".)

6.  Configure BGP on your router.  (Imho, preferably cisco.)
 6a.  Assuming you want to do load balancing, (as best as possible)
  6a1.  If you have less than 32 mb of Ram, then accept only each providers
default route.
  6a2.  If you have less than 64 mb of Ram, then accept routes from each
provider with a as-path of 1 hop or less and each providers default route.
  6a3.  If you have more than 64mb of Ram, Accept Full routes from each
provider and let the router select the shortest AS-path.  Monitor your
memory usage and maintain at least 12 mb free at any given time.
 6b.If you have a primary and a secondary link, and want to prefer one
over the other, or want more control over traffic entering and exiting, then
use one of the following stratigies.
  6b1.  As-Prepend to cause the internet to prefer one link or the other
  6b2.  Set the (Cisco Specific) weight on the preferred link
  6b3.  Filter to accept summary routes only from one provider
  6b3.  Use BGP's metrics to reccomend preferences to your ISP's

It Seems like a lot, but really it's not that bad.  If anyone needs help
with this, E-mail me off list.  The ISP I work for is expiring and I will be
glad to help you out.  (As an advisor (free advice), or as a
contractor(Price varies from negotiable to negligible.))

Thanks,
Ejay Hire
[EMAIL PROTECTED]
434-591-4564

... Have router will travel!

---End Crosspost--


-Ejay Hire
[EMAIL PROTECTED]
434-591-4564










-Original Message-
From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: TWO ISP AND ONE FAILURE [7:36371]


Hello i have a frecuent porblem with one of my isp, i have two cisco routers
and each one to different isp. Frequentily i have to change the gateway of
one of my servers, because one isp is failure.
I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could
do the change automatically to the other active isp.
It happening me right now. And when i have to do that i have to reset one of
my servers.. :S. Is a costs operatrion its a mail server.
So if somebody knows how to resolve between routers with different isp each
one, how to route accross the other good gateway.

Thnx in advance
Yassl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36387&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help me answer this question [7:36295]

[Hire, Ejay]

C.  A firewall has the capability of blocking traffic from certain sites.

A.  This is incorrect because the firewall cannot distinguish between a
SEC-filed Annual report placed on a public internet website and a
Work-in-progress-next-year's-Annual-Report placed on an intranet website on
the same server.


-Original Message-
From: Love Cisco [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 22, 2002 10:16 PM
To: [EMAIL PROTECTED]
Subject: Please help me answer this question [7:36295]


1. Which of the following customers can probably meet their security
requirements with a simple firewall system?
A. Company ABC wants to make sure customers can see public marketing data
but not proprietary sales figures.
B. University ABC want to make sure students can see but not change their
grades in administrative database.
C. Company XYZ wants to make sure employees do not download software from
unauthorized site.
D. University XYZ wants to make sure that public central software developed
at the university stops working after a period of time if the user does not
pay shareware fees.
=
I think C is right. But some people think A.

What do you think? Why?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36383&t=36295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT Detection Utility [7:36248]

[Hire, Ejay]

The only way to do it would be to look for out of baseline utilization
patterns, and investigate them.

On the security policy ...
How does a guy in a dorm with a linksys router performing NAT impose a
security risk?
-Original Message-
From: Kwame [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 22, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: NAT Detection Utility [7:36248]


Anyone know of a tool for detecting NAT activity on the network. I work in a
large university and we've instituted a policy against nat especially in the
dorms due to some very serious security breaches. Is there anything out
there that can remotely detect a nat operation? Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36261&t=36248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT frustration [7:35928]

[Hire, Ejay]

This is an easy one.  You only have one usable Ip address... Right?  The IP
nat inside source static  command is mapping all ports through on the
one usable ip to the DNS server, making it the only machine with internet
access.  Remove it and 
ip nat inside source static udp 192.168.3.2 53 209.x.x.x 53 
or if you are using a 12.x ios, and expect your Ip to change again in the
future.. Use
ip nat inside source static udp 192.168.3.2 53 interface ethernet 0 53

Also, your Access list/overload statement will work, but it's more
complicated than it should be.  This will work just fine..
access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 interface ethernet 0 overload.

Good Luck, Contact me off-list if you need more help.

Thanks,
Ejay Hire
Lan/Wan Engineering Contractor (Available)
434-591-4564



-Original Message-
From: Tim Booth [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 19, 2002 11:56 PM
To: [EMAIL PROTECTED]
Subject: NAT frustration [7:35928]


Dear listers,

  I am frustrated. I had this working perfectly, then my isp decided to
change my ip address, then I had to change my configs and now it's not
working. What I want to do is have NAT running on my 2511, be able to
telnet into it, and have my dns server behind the nat in a private
network. I was instructed earlier to have this partial config (IOS ver.
12.1(10) ):
Interface ethernet0
Ip address 209.x.x.x
Ip nat outside
!
Interface s0
Ip address 192.168.1.1
Ip nat inside
!
!! Maps nat translation process
Ip nat inside source list 101 interface Ethernet0 overload
!! For dns server mapping
Ip nat inside source static 192.168.3.2 209.x.x.x 
!
!! Removes external address from nat process
Access-list 101 deny ip host 209.x.x.x any 
!! Allows internal translation
Access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
Ip route 0.0.0.0 0.0.0.0 e0 permanent
Ip route 192.168.3.0 255.255.255.0 serial 0 permanent
!
end !! EOF
  With the dns server mapping, nat forwards *all* outside traffic bound
directly to the 209.x.x.x interface to 192.168.3.2; so pings from the
interface don't work, and telnets to the interface don't work.  I had it
working where it would only forward appropriate packets to the dns
server, and also allow telnetting from the outside to the 2511. I must
be missing something. 

  With or without the dns mapping all the private network clients are
translated correctly. Telnet works fine from the inside. My
understanding is that with cisco's NAT ALG, DNS translation is seamless
*and* you still should be able to use that nat address for telnetting
into the router. I'm not sure why it was working before, if it isn't
supposed to work like this.

  Any ideas? Am I forgetting something that is obvious?

Confused,
Tim Booth
MCDBA, CCNP, CCDP, CCIE written
-
Those who would give up essential liberty to purchase a little temporary
safety deserve neither liberty nor safety.
Benjamin Franklin, 1759




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35995&t=35928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what is wrong with the job market ? [7:35611]

[Hire, Ejay]

Hey, In my spare time I do blacksmith work.  You'd be surprised what
stuff'll go for on Ebay. :)

-Original Message-
From: Tom [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 18, 2002 10:29 PM
To: [EMAIL PROTECTED]
Subject: RE: what is wrong with the job market ? [7:35611]


Back in the 1800's a Blacksmith was a well paid man, highly respected and
had a skill few did.  What about that guy that made buggy whips around 1905?
Where is he now?

Let's face it.  Skills like ours are only valueable when few have them.
Once too many people have them, they get devalued.  Eventually working in IT
will be a "regular" job, without great pay and benefits.

Ride it out if you still have a good job, but make sure you save up for when
you don't.

Tom


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
nrf
Sent: Monday, February 18, 2002 9:50 PM
To: [EMAIL PROTECTED]
Subject: Re: what is wrong with the job market ? [7:35611]


""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> That article taked about 1 problem, the problem almost every company had -
> grabing too much land and equipment with no customers or sustainable
> revenue.  But that's also the problem every dot-bomb had.  Thankfully the
> buble burst, the madness ended and took out the garbage.  No company would
> stay in business that way.  This dosen't mean that their services weren't
> wanted.  Most every home who has a dial-up, most buisinesses that don't
have
> DSL in their area are still waiting for the right company/technology to
come
> by and at the right price.

I'm afraid I have to disagree.  The simple fact is that in many cases, the
services were in fact not wanted, at least at the price points they were
offered at, but then of course if they were offered at lower price points,
there would have been even less profit than there already was.  And the fact
is, despite all the hype from New Economy providers, there is not a huge
outcry of demand for high-speed access.   There is some demand, but nowhere
near the demand that a lot of people thought there would be.

I used to believe otherwise.  Because I'm always doing stuff on the Net, and
therefore I rely on my broadband, I assumed that there must have been
ravenous demand for broadband connections.  I assumed that everybody was
like me.  Wrongo.  The fact is that there is only a small subset of the
population that is tech and computer savvy and can honestly feel the
difference between a broadband link and standard dialup, certainly enough
that they would feel the need to pay extra for broadband.

The numbers say otherwise.   In the past, broadband was not widely
available, but not this is not so.  It is estimated that well over 70% of
households within the US have access to some kind of broadband
(cable/DSL/satellite/fixed wireless). (70% of all U.S. households have
access to high-speed cable, and I'm not even talking about the other kinds
of broadband -
http://www.ntia.doc.gov/ntiahome/broadband/comments2/Napster.htm, )  Yet a
sobering fact is that even where broadband is available, consumer demand has
been low:  "...even where there is deployment of broadband infrastructure,
there has been low consumer uptake...Groups such as the Consumer Energy
Council of America and the National Cable Television Association have also
noted the slow uptake of consumer use of DSL and cable modems even where
currently deployed."
http://www.digitaldividenetwork.org/content/stories/index.cfm?key=10

Perhaps the most sobering is the Hart/Winston study that states:   ' "The
bottom line is that among people who are most likely to subscribe to
high-speed Internet access, the obstacles are price and lack of appeal,"
said Hart, CEO of Hart Research. "Forty-eight percent have no interest
regardless of price and another 21 percent are willing to pay at most $20
per month. If you cannot win over the people who are currently using the
Internet, consumer acceptance of high-speed access will be slow and
limited..."  '
http://www.comptel.org/press/nov29_2001_voices.html

If you still need convincing, then flip things around.  If there really is
this huge groundswell of demand for broadband access, then ..."...why have
only 10 percent of those with access to broadband purchased it?"
(http://www.theneteconomy.com/article/0,3658,s=916&a=19232,00.asp).   In the
United States, basic phone uptake rates are at 99% or so, basic cable TV is
about 70%, uptake, digital cable TV is about 25% uptake, and cellphone
uptake is at least 25% (uptake defined to be those people who can get who
choose to get it).  So why is broadband uptake so low.  You would think that
if people were beating down the doors for broadband, that uptake would be
much much higher than it is.Or, as Stephen Ricchetti said it best:
"Overwhelmingly, people think it's a bad deal at current costs," Ricchetti
said. "What we are looking at is a demand issue, not a supply issue"
http://www.thenete

RE: IP's and ISP going out of business [7:35850]

[Hire, Ejay]

Nope, not unless they buy the encompassing IP block from the Upsstream ISP,
or the out of business ISP if it is portable space.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 19, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: IP's and ISP going out of business [7:35850]


If a company has a block of public IP's assigned to them via their ISP, and
that ISP goes out of business, can a company transfer those IP's to a
different ISP?  I don't think so, but maybe I'm wrong.

--
RFC 1149 Compliant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35855&t=35850
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access-group ## in or out? [7:35578]

[Hire, Ejay]

I Just posted this in the associate group, but I'll cross-post it here.
The context was that the chap wanted to block smtp traffic from a specific
external subnet.

Visualize it.  Let's assume your connection to the internet looks like this.
Mailserver --- Ethernet0 (Router) Serial 0 --- ISP --- Badpeople

The "source" of the traffic you want to block is badpeople.  Pretend you are
the router.  You want to block traffic from badpeople (SOURCE) that is going
to your mailserver (Destination) and you want to block it as it travels IN
(Inbound) from your ISP (Serial 0).
-access-list 101 deny xx.xx.xx.0 0.0.0.255 123.123.123.123 eq 25
-access-list 101 permit any any
-interface serial 0
-access-group 101 in

Alternately, you could let the traffic cross you (the router) and block it
as it travels OUT (outbound) of the Ethernet port (E0) towards the mail
server.  It would be a waste of router resources to let it cross the router
before being dropped, but if this was a very busy router with many ports and
a dedicated port to the mail server then it might be an option.
-access-list 101 deny xx.xx.xx.0 0.0.0.255 123.123.123.123 eq 25
-access-list 101 permit any any
-interface Ethernet 0
-access-group 101 out

Additionally, Traffic travels in both directions.  I can't think of a reason
why you'd want to, but you could block traffic as it leaves the mail server
(source) headed back to badpeople (destination).  This traffic would travel
In the ethernet port (ethernet 0 access-group xxx in) and Out the serial
port (serial 0 access-group xxx out).  You don't block traffic this (if
possible) because you don't know what port the outbound tcp connection will
be on.

-Ejay

I'm a CCNA and CCNP and I'm looking for full-time or Contract work, please
contact me off-list if you have any openings or suggestions.


-Original Message-
From: none ya [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 15, 2002 9:03 PM
To: [EMAIL PROTECTED]
Subject: access-group ## in or out? [7:35578]


Would someone please give me a simple explanation/example that will clarify
when to use "in" or "out" when you apply an ACL to a router interface?
Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35737&t=35578
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dening telnet access [7:35628]

[Hire, Ejay]

I have more information on this.

On my 11.0.22 Ios AGS, an inbound access-list has no effect on Telnet
traffic.  The access-class has to be applied on the vty 0 x interface.
On the 12.0 Ios 25xx's on r1r2.com, an inbound access-list STOPS Telnet
traffic.  (For Both for the interface Ip, and a loopback ip.)

I am assuming that this is a "feature" that Cisco fixed sometime in the last
1.5 year.

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 18, 2002 1:05 PM
To: [EMAIL PROTECTED]
Subject: Re: Dening telnet access [7:35628]


I know it does.  I have, even fairly recently, locked myself out of a
router via an inbound access list applied to an interface,DOH:(  Try
again and if it doesn't work I would like to see the config.

  Are you sure the interface on which you applied the access list is the
interface you were telneting to/thru??

  Dave

Patrick Ramsey wrote:
> 
> really?  I have had no luck using inbound acl's to control telnet to the
router...I always have to use acc's on the vty's
> 
> Is there a trick to this?
> 
> -Patrick
> 
> >>> MADMAN  02/18/02 12:16PM >>>
> Actually telnet packets are processed by inbound access-list.  Now if
> your refering to outbound access-lists then you would be correct.
> 
>   Dave
> 
> "Hire, Ejay" wrote:
> >
> > Because telnet packets destined for the router are not normally
processed
> by
> > access-lists.  (i don't understand why not, but hey...)
> >
> > instead do this
> >
> > access-list y deny xx.xx.xx.xx xx.xx.xx.xx
> >
> > line vty 0 n (n = the results of a ?, usually 4)
> > access-class y
> >
> > -Original Message-
> > From: McHugh Randy [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, February 16, 2002 4:49 PM
> > To: [EMAIL PROTECTED]
> > Subject: Dening telnet access [7:35628]
> >
> > Access list problem:
> >
> > Why does this extended access list not work to deny telnet access
applied
> to
> > the internet interface on a 2514?
> >
> > Extended IP access list 199
> > deny tcp any any eq telnet
> >
> > interface Ethernet0
> >
> > ip access-group 199 in
> >
> > I have alot more statments than this and of course the statement
> > access-list 199 permit ip any any
> >
> > to take care of the implicit deny all , but I can still access the
router
> > from the internet through telnet.
> > Anyone have any ideas what else might be needed to prevent of selectivly
> > allow telnet access to my router.
> > Thanks,
> > Randy
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
> 
> "Emotion should reflect reason not guide it"
> >>>>>>>>>>>>>  Confidentiality DisclaimerThis email and any files
transmitted with it may contain confidential and /or proprietary information
in the possession of WellStar Health System, Inc. ("WellStar") and is
intended only for the individual or entity to whom addressed.  This email
may contain information that is held to be privileged, confidential and
exempt from disclosure under applicable law. If the reader of this message
is not the intended recipient, you are hereby notified that any unauthorized
access, dissemination, distribution or copying of any information from this
email is strictly prohibited, and may subject you to criminal and/or civil
liability. If you have received this email in error, please notify the
sender by reply email and then delete this email and its attachments from
your computer. Thank you.
> 
> 

-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35754&t=35628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dening telnet access [7:35628]

[Hire, Ejay]

Because telnet packets destined for the router are not normally processed by
access-lists.  (i don't understand why not, but hey...)

instead do this

access-list y deny xx.xx.xx.xx xx.xx.xx.xx

line vty 0 n (n = the results of a ?, usually 4)
access-class y

-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 4:49 PM
To: [EMAIL PROTECTED]
Subject: Dening telnet access [7:35628]


Access list problem:

Why does this extended access list not work to deny telnet access applied to
the internet interface on a 2514?

Extended IP access list 199
deny tcp any any eq telnet

interface Ethernet0

ip access-group 199 in

I have alot more statments than this and of course the statement
access-list 199 permit ip any any

to take care of the implicit deny all , but I can still access the router
from the internet through telnet.
Anyone have any ideas what else might be needed to prevent of selectivly
allow telnet access to my router.
Thanks,
Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35738&t=35628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Easy ways to pick up a few extra minutes on the CCIE lab. [7:35523]

[Hire, Ejay]

no ip domain-lookup  (how do you spell pnig again)
terminal escape-char 3  (Press Ctrl-c to break out of ping & Telnet)

Anybody got others?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35523&t=35523
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TTL and modern (fast) routers [7:35507]

[Hire, Ejay]

I lab-ed this, and did not observe the TTL incrementing even when the delay
was over 8,000 ms.  (It's not how fast you send the packets, but how slow
you make the link!)

-Original Message-
From: Michael Williams [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 15, 2002 11:54 AM
To: [EMAIL PROTECTED]
Subject: RE: TTL and modern (fast) routers [7:35507]


AFAIK, the TTL gets decremented by one by a router as it passes it on (if
it's held under one second), or by the number of seconds it was held if it
is held over one second.  I agree that anything more than 1000ms of delay
seems outrageous for a single hop these days, but I don't know of anything
that has changed that "rule" that both you and I describe.

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35522&t=35507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: slip/arp/proxy arp switch to csu [7:35413]

[Hire, Ejay]

Can't you just...

interface Async1
 ip address 10.0.0.1 255.255.255.252
 no ip directed-broadcast
 async mode dedicated
!
line aux 0
 no exec
 stopbits 1 
 speed 19200

As for the connection to the csu/dsu, assuming it has a serial conenctor
designed for this purpose, you should be able to use a cisco rollover cable
and a Modem adapter (the serial connector from the console kit with "modem"
stamped in the plastic.

As long as it keeps CD high (one of the pins in the serial connector, it
should.), the connection should stay up all the time.  If you need to reset
it, then clear line x should cause it to bounce and come back up.  I don't
have any csu/dsu's laying around to test with, but I Slip-ped two 2501's
together across the aux port's using the above config.  I don't think it
will apply to you, but the documentation says that Routing protocol updates
are not transmitted across a slip link.  Also, all traffic destined for the
AUX or CON ports is process switched.

-Ejay


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 14, 2002 11:42 AM
To: [EMAIL PROTECTED]
Subject: slip/arp/proxy arp switch to csu [7:35413]


Ok guys/gals/fellow listers,

I've been doing some research on setting up a slip connection to a csu from
a switch or router.  a lot of the cisco TAC refers to the use of term
servers for this but there are some documents on the site that talk about
manualy connecting from a switch or router through the console port.

Is this a sound method for establishing a slip connection you want to stay
in place?  Any comments?  And does the console port then behave like a
switch port? Will normal ethernet protocols go across?  (arp for example)

I'm having to do this without the use of a spare CSU and am just trying to
get some prelim questions answered.  thanks!

-Patrick


>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35443&t=35413
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wierdest ever!! [7:34747]

[Hire, Ejay]

Do you have another roter on the attached network segment?  If so, go into
that router and turn off proxy arp.  I've seen this issue before when a
person had multiple ip schemes on the same ethernet segment.

-Original Message-
From: Charles Lomotey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 9:32 AM
To: [EMAIL PROTECTED]
Subject: Wierdest ever!! [7:34747]


Hi,
I have a 3620 which keeps inicating an IP address conflict. When I add a
secondary interface, the same MAC address attaches itself to that IP also
and says a conflict!

Any ideas??, the errors are pasted below

Duplicate address 172.16.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347602
entry number 15 : IP-4-DUPADDR
Duplicate address 172.16.1.254 on FastEthernet0/1, sourced by
0008.0050.8db2

timestamp: 347605
entry number 16 : IP-4-DUPADDR
Duplicate address 172.22.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347609
entry number 17 : IP-4-DUPADDR
Duplicate address 172.23.1.1 on FastEthernet0/1, sourced by
0008.0050.8db2
timestamp: 347611

Charles






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34771&t=34747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to route this Ip traffic to pass through [7:34664]

[Hire, Ejay]

Assuming that ISP2 is not your only provider, and that you are running BGP
with them and at least one other provider, one of your BGP routers would
peer with there BGP routers and you would accept and pass on their
advertisements.  You may have to call ISP2 and ask them to accept client's
prefixes.

If ISP2 is your only provider and thusly you aren't running BGP then
reselling ISP services is probably not a good idea for you.  If you insist
on doing it though here is how.  You need to know client's peer Ip, AS#, and
the prefixes they will be announcing.  You contact your Isp, have them point
a static route for the host Ip of Client's Peer towards your connected
interface.  Give them Client's peer Ip, AS#, and the prefixes they will be
announcing.  Your Isp will have to Peer with client using ebgp-multihop
through your network.  Conversely, Client will have to static host route for
your Isp's peer Ip, and ebgp-multihop peer with your Isp.

If I was a network engineer for Client, and you presented me with solution
number two, I would laugh you out of the building.  The complexities this
will create in troubleshooting and trying to get issues resolved will be
very annoying.

Ejay Hire CCNA,CCNP,CCIE Candidate
Network Consultant (Available, Cheap!)
[EMAIL PROTECTED]
434-591-4564

-Original Message-
From: Shawn Xu [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 2:29 PM
To: [EMAIL PROTECTED]
Subject: How to route this ip traffic to pass through [7:34664]


Please see the attachment for the scenario.

Let's say we are at ISP1, and our upstream is ISP2. We don't have our own 
IPs,in other words, we got all the ips from ISP2, and we have only static 
route to ISP2.

Now, one client, they have their own public IP block, and they want to 
connect to ISP1, and use their own IPs.

How to route the client's ip traffic to pass through ISP1 and ISP2?

Thank you for your help.

Shawn





_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

[GroupStudy.com removed an attachment of type application/msword which had a
name of ISPIssue.doc]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34671&t=34664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Average afterwork time Tech learning commitmen [7:34634]

[Hire, Ejay]

For me, my optimal study time was during my lunch break at work.  I'd scarf
a sandwich and spend 45 minutes completely distraction free sitting in my
car in the parking lot.  That 45 minutes 5 days a week is more effective
than 2 hours a day trying to work on the lab with the kid, wife, honey-do's,
tv and dog all vying for my attention.  Note, do not become so engrossed in
what you are reading that you sit in the car with the windows rolled up and
cook yourself like a thanksgiving turkey.

Ejay Hire CCNA, CCNP, CCIE Candidate
434-591-4564
[EMAIL PROTECTED]
Independent Cisco and Networking Consultant (Available, and cheap too!)

... Stuffing anyone?

-Original Message-
From: Brad Ellis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 1:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Average afterwork time Tech learning commitmen [7:34634]


It's all about focus, drive, and motiviation. It's very difficult to work
7-8hrs/day, then come home and study for 5 more.  Then on the weekends,
study an additional 8-12hrs/day.  (I did that schedule for 1 month prior to
my lab exam, and a similar schedule 2-3 months out from my exam)  It was
very taxing, and hard to spend time with my significant other (who I
acutally bought a dog to keep her occupied).  How some people can spend the
amount of time that they do with a family, and other "disctractions" is
amazing.

Try and set expectations in your household.  Let people know that this is
your "quiet" time.  Start off spending 2 hours a night, and see if that does
the trick for you. If it's too much, cut back to an hour, if you can handle
more, do 3 hours.  Remeber, an hour a night, every night, really adds up.

After all is said and done, it's focus, motivation, concentration, drive,
and buying someone a dog!  :)

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
used Cisco gear:  www.optsys.net
CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html

""rtc9""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a three hour commute, a full+ part time job, and I'm wondering,
what
> is the average hours people put in to thier job after hours? Some I think
do
> nothing. Others eat drink sleep and live the stuff. I know work is
> important.but




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34661&t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Port spanning question [7:34469]

[Hire, Ejay]

Inherent port-spanning, no.  You can bridge the ports, but your port will be
"pruned" after it (the router acting as a bridge) learns the connect Mac
Addresses.

-Original Message-
From: Tom Martin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 12:41 PM
To: [EMAIL PROTECTED]
Subject: Re: Port spanning question [7:34469]


Steven,

STP is a layer 2 only function and in general it is configured only on
switches.  It can be configured on a router if the router is configured to
act as a transparent bridge.  More info can be found on Cisco's web site
at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.h
tm

- Tom

On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote:

> Is it possible to do port spanning on a router, or is this just a layer
> 2 option?
> 
> Thanks
> 
> Steven Kell Bates
> misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34489&t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Limit Internet BW [7:34201]

[Hire, Ejay]

access-list 1 permit ip.of.sit.e1 (these are the sites you are
rate-limiting.)
access-list 1 permit ip.of.sit.e2 (these are the sites you are
rate-limiting.)

interface serial x/x (the interface closest to the site you want to rate
limit)
rate-limit input access-group 1 XXX YYY ZZZ conform-action transmit
exceed-action drop
rate-limit output access-group 1 XXX YYY ZZZ conform-action transmit
exceed-action drop


XXX - Normal speed in bps (multpiples of 8)
YYY - Normal Burst speed. (supposedly the minimum is XXX/2000, but I can't
test it right now.)
ZZZ - Max Burst speed.

For more info, see this link on Cisco.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos
_r/qrfcmd8.htm



-Original Message-
From: Fernando Shiran [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 02, 2002 10:32 AM
To: [EMAIL PROTECTED]
Subject: Limit Internet BW [7:34201]


Hello,

I do have a requirment to limit Internet Bandwidth among few sites. I do
have a T1 and want to allow site A to be access bandwidth not more than 256K
while site B can access full bandwidth without restricting.

I do have a Cisco 2620 as the Gatway router. All ideas greatly appreciated.

Regards
Shiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34329&t=34201
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT and dynamically attained ip [7:34213]

[Hire, Ejay]

For NAT, I don't think so (at least not on 12.0).  For PAT, Yes.  In your
nat statement,
you use the interface instead of the ip.

ip nat inside source static tcp 10.0.0.1 80 interface dialer 0 80



-Original Message-
From: Tim Booth [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 02, 2002 1:20 PM
To: [EMAIL PROTECTED]
Subject: NAT and dynamically attained ip [7:34213]


Is there any way to get NAT (not PAT) to use as an outside interface,
an Async interface that has IP ADDRESS NEGOTIATE and PPP IPCP
ACCEPT-ADDRESS on it, or is it only possible to have NAT use an outside
interface with a static IP address?

Thanks,
Tim Booth




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34337&t=34213
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Off Topic - tax deductions for studies [7:34270]

[Hire, Ejay]

The best way to do that is to call youself a sole-proprietor of a business.
Then you can also deduct travel costs, supplis, etc.  This will also allow
you to report any profits you may have made from independent consulting.  If
you are like me, you could have made several thousand dollars on consulting
and still reported a loss.

The rule is:  If you do it only to save on taxes it's tax evasion.  If you
are trying to make money, It's tax planning!

-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 03, 2002 1:02 PM
To: [EMAIL PROTECTED]
Subject: Off Topic - tax deductions for studies [7:34270]


As I gather together my 2001 tax year materials, I thought I'd just offer to
the group that the cost of books, classes, home lab routers, etc. MAY be tax
deductible.

there are provisions in the tax code for deducting the cost of those
training materials and classes which contribute to your ongoing ability to
perform your job.

As always, you should check with a qualified accountant to assure that you
are eligible and in compliance with the zillions of tax laws out there.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34336&t=34270
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Where to begin? ( troubleshooting frame relay ) [7:34264]

[Hire, Ejay]

This really sounds like a software problem.  Is it possible to connect the
384k computer to the t1 lan segment and see if the problem persists?

-Ejay

-Original Message-
From: beth [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 03, 2002 10:09 AM
To: [EMAIL PROTECTED]
Subject: Where to begin? ( troubleshooting frame relay ) [7:34264]


Hello All,
 I have a user with a full T1 frame relay circuit and a user with a 384k
frac
T1 circuit. The problem is the user with full T1 is trying to do a big SQL
query that seems to time out after about 6 minutes of trying but the 384k
can
run the same query in about 3 minutes. The full T1 seems responsive  and
here
is the sh int about 45 mins after router reboot. Any responses would be
greatly appreciated.

*

*
***
Serial0 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec,
 reliability 255/255, txload 4/255, rxload 3/255
  Encapsulation FRAME-RELAY, loopback not set
  Keepalive set (10 sec)
  LMI enq sent  321, LMI stat recvd 321, LMI upd recvd 0, DTE LMI up
  LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 0  LMI type is ANSI Annex D  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 105/0, interface broadcasts
50
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:53:44
  Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 22000 bits/sec, 29 packets/sec
  5 minute output rate 29000 bits/sec, 49 packets/sec
 11131 packets input, 1847898 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 16526 packets output, 1309436 bytes, 0 underruns
 0 output errors, 0 collisions, 1 interface resets
 0 output buffer failures, 0 output buffers swapped out
 1 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

 Serial0.1 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Internet address is XXX.XX.XX.X/24
  Backup interface BRI0, failure delay 0 sec, secondary disable delay 0 sec
  MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec,
 reliability 255/255, txload 4/255, rxload 3/255
  Encapsulation FRAME-RELAY

*
***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34334&t=34264
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE starting pay [7:33899]

[Hire, Ejay]

I go both ways on this issue.  There are companies that are "giving away"
training to attract cheap call center helpdesk labor and turning out
MCSE,A+,Net+,CCNA's with only minial helpdesk experience, and setting the
expectation that they will step above the 50k mark in their next job.  (One
was advertised in the richmond newspaper last week)  I think this is setting
a false expectation to the person getting the certification and devaluing
the people who have it now.

On the other hand, someone mentioned the TV show "Pretender", where a
special type of person can step into seeveral roles with minimal real
experience by "absorbing" everything around them.  I am one of those types
of people.  To Explain what I mean, here is a short list of the jobs I could
step into today.

Auto Mechanic
Diesel Mechanic
Tire Service (Heavy Equipment)
Hydraulic Service
General Machine Shop work
Line Cook at a 3 star restaraunt
Pc Repair
Printer/Plotter Repair
Network Administrator
Network Engineer/Designer
Pre-Sales Network Consultant
Cabinetmaking
Helpdesk
Citrix Administrator

In Addition to that, I'm a student pilot and a recreational Scuba diver.




-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 5:50 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE starting pay [7:33899]


I agree that the IT industry is being way overmarketed.  I hear an ad
running almost every morning for a training company here in Denver. 
They claim that the average starting salary for newly certified people
with no experience is $60k.  I'm not sure, but I think they're on crack.
 :-)

John

>>> "Oliver Nadalin"  1/31/02 3:09:33 PM >>>
I agree with everything said so far...what needs to change is the way
Microsoft, and now Cisco and most training providers and study guide
publishers advertise the IT industry as a way of making the 'big bucks'
-
the only people making the big bucks are these guys. People looking for
a
career change read the hype about how much money can be made becoming
an
MCSE, CCNA etc so they take courses, study guides, practice exams -
with no
experience - get the cert then all of a sudden the industry is
flooded.

I'd like to see something like what Compaq does with the ASE - you can
only
get the cert if you are working for a Compaq partnerthis would
really
cut down on the amount of paper certified people. A little heavy handed
but
i think for the best in the long term - at least protects the integrity
of
the certification industry and the industry in general.


""Guy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A CCIE With no work experience
>
> I think most employers would shy away from that! A CCNP, or CCNA
possible,
> but CCIE... Im not sure. That would be like a Brain surgeon with no
work
> experience... WHat would you pay him to operate on your brain
>
> Makes you think eh??? I think your best bet is to get a job as a CCNP
or
> CCNA, get a year or two experience (Minimum) then worry about CCIE.
Maybe
> work some other certs in there too, like Unix or maybe Microsoft or
> something to round you out a bit more and make some opportunities in
the
> market for yourself... Or firewalls, and or something like tripwire
etc...
>
> My point is, If you have a CCNA, CCNP, CCIE, and 50 other
certifications
> behind your name, and no work experience, poeple are going to know
you are
a
> good test taker, but you will still be starting off at the bottom.
With a
> salary range of maybe 30-50k But that CCIE is not going to make it
100k no
> matter what your cousins brother or whatever told you. All the
> certifications are for is to take someone who has the experience,
and
> skills, and gives them something they can use as proof of their
expertise.
>
> It is not for an entry level person to get so they can get a higher
start
> pay... All that does is cheapen the cert.
>
> Look at the MCSE. Back when I took my MCSE, that cert gave me
credibility.
I
> walked out of every interview with an offer. I could make my own
choices.
I
> took my MCSE after several years of workwith Net systems including
Novell,
> IBM OS/2, and Microsoft. It was more of a proof of my skill set. Not
a
proof
> I can read Brain Dumps, and hope I will do ok if someone gives me
the
> chance...
>
> Now days you mention MCSE, and what goes through your mind??? Thats
right
> Worthless.
>
> Now why is that?
>
> Its because people with no skills heard of someone who became an
MCSE, and
> started making 70k or whatever... Then that person decided, Hey,
I can
> do that And found Transcenders etc... Became an M CSE, but cant
even
> copy files to a floppy 
>
> This happened on a large scale, and soon employers were hiring
worthless
> MCSEs, and were getting frustrated...
>
> Now, in the IT industry, it has become a low level Cert... TO me
that
ticks
> me off. Ive been an MCSE since 96, and mine is prrof of the
pudding
not
> a piece of paper...
>
> Now, Cisco is becoming the sa

RE: CCIE benefits [7:33871]

[Hire, Ejay]

iirc, you don't get the medallion or plaque anymore.  But you can buy them.


-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 2:43 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE benefits [7:33871]


Oh ya I do have a pretty medallion, how could I forget;)

  dave

Steve Smith wrote:
> 
> What about that nice pretty plaque?
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 31, 2002 12:20 PM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE benefits [7:33871]
> 
> Hell no!  Benefits, I still have a job  :)
> 
>   Dave
> 
> Joe Carr wrote:
> >
> > Does anyone know if a CCIE gets free TAC support? OR what other
> benefits
> does
> > a CCIE receive
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
> 
> "Emotion should reflect reason not guide it"
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33944&t=33871
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE benefits [7:33871]

[Hire, Ejay]

I don't remember when I saw it on CCO, but I do remember the link saying you
could order one if you wanted it.  ($)

-Ejay

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 4:18 PM
To: Hire, Ejay
Cc: [EMAIL PROTECTED]
Subject: Re: CCIE benefits [7:33871]



 Really, when did that cease?  I suppose looking at it ip probably cost
a couple hundred bucks...

  Dave

"Hire, Ejay" wrote:
> 
> iirc, you don't get the medallion or plaque anymore.  But you can buy
them.
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 31, 2002 2:43 PM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE benefits [7:33871]
> 
> Oh ya I do have a pretty medallion, how could I forget;)
> 
>   dave
> 
> Steve Smith wrote:
> >
> > What about that nice pretty plaque?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33942&t=33871
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please confirm (conf#d22216f5b24622b2d135b956c50be7ca) [7:33909]

[Hire, Ejay]

The 2503 can run bgp if the ISP's agree.  This is the only way to properly
implemet redundancy.  Bgp (Default-only) will not significantly increase the
memory or cpu utilization of the 2503.

---Isp -bgp- 2503 - ebgp multihop - 1605  Isp---
 
The 1605 doesn't even know about bgp, It just passes traffic...
Alternately, you could
---ISP -bgp- 2503 -ibgp- 1605 -bgp- Isp--- 
and use hsrp on the 1605 and 2503 to provide access-layer redundancy as
well.  

If you want to configure this, let me know, my current company is expiring
and I need a gig.

Ejay Hire
CCNA, CCNP, CCIE Candidate
434-591-4564
[EMAIL PROTECTED]

-Original Message-
From: Shawn Xu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 11:25 AM
To: [EMAIL PROTECTED]
Subject: Re: Please confirm (conf#d22216f5b24622b2d135b956c50be7ca)
[7:33866]


>
>Hi,
>
>You have tried to post to GroupStudy.com's Professional mailing list. 
>Because
>the server does not recognize you as a confirmed poster, you will be 
>required
>to authenticate that you are using a valid e-mail address and are not a
>spammer. By confirming this e-mail you certify that you are not sending
>Unsolicited Bulk Email (UBE).
>
>By confirming this e-mail you also certify the following:
>
>1. The message does NOT break Cisco's Non-Disclosure requirements.
>
>2. The message is NOT designed to advertise a commercial product.
>
>3. You understand all postings become property of GroupStudy.com
>
>4. You have searched the archives prior to posting.
>
>5. The message is NOT inflammatory.
>
>6. The message is NOT a test message.
>
>To confirm, simply reply to this message.  No editing is necessary.  Once
>confirmed, you will be able to post without additional confirmations.
>
>
>Welcome to GroupStudy.com!
>
>
>--ORIGINAL MESSAGE-
>
>From [EMAIL PROTECTED]  Thu Jan 31 11:17:08 2002
>Received: from hotmail.com (f219.law14.hotmail.com [64.4.21.219])
>   by groupstudy.com (8.9.3/8.9.3) with ESMTP id LAA03142
>   GroupStudy Mailer; Thu, 31 Jan 2002 11:17:07 -0500
>Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
>Thu, 31 Jan 2002 08:18:22 -0800
>Received: from 66.59.140.7 by lw14fd.law14.hotmail.msn.com with HTTP;
>   Thu, 31 Jan 2002 16:18:22 GMT
>X-Originating-IP: [66.59.140.7]
>From: "Shawn Xu" 
>To: [EMAIL PROTECTED]
>Subject: Topic repeat
>Date: Thu, 31 Jan 2002 11:18:22 -0500
>Mime-Version: 1.0
>Content-Type: text/plain; format=flowed
>Message-ID: 
>X-OriginalArrivalTime: 31 Jan 2002 16:18:22.0917 (UTC) 
>FILETIME=[E7734750:01C1AA72]
>
>Topic: connecting to two ISPs for load balance and fault tolerance.
>
>First of all, I should announce I have searched Archives before I post this
>message, but not exactly match my question.
>
>Some people said for this topic you have to use BGP, and some people said
>you can use default route if you are only for load balance and fault
>tolerance purpose.
>
>We have one client, who currently uses T1 line (Cisco 2503 router) to an
>ISP, and has a whole class C ip address (/24) from the ISP. And on their
>local network, they have web server, mail server, etc. everything is 
>working
>fine.
>
>Now they want to connect to us using SDSL line (Cisco 1605 router) for load
>balance and fault tolerance.
>
>How to do that?
>
>1. Cannot use BGP, because nobody wants to buy a BGP router.
>2. Static or default route:
>(1) HSRP groups implement load sharing, and automatically switching over in
>case  of one line is down, is it right?
>(2) Because they are using T1 line ISP's IP address for local network, if 
>T1
>line is down, how can we route their traffic through DSL line, ip route
>0.0.0.0 0.0.0.0 DSL_ISP will work? and from outside how people can reach
>their local network through DSL line?
>
>Thanks
>
>Shawn
>
>
>
>
>
>
>
>
>
>
>_
>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>







_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33909&t=33909
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco AVVID vs. 3Com [7:33705]

[Hire, Ejay]

I've installed a dozen NBX systems, and worked as the Guru at a 3com
reseller.

The original NBX is by default a Voice-over-Ethernet device, under the
original version it broadcasted for Music on hold, paging, and device
discovery.  Under 2.0+ it uses a Multicast MAC address.  You can acquire
from 3com (For about 1500 iirc) a license to make it do Voice-over-IP.  The
License key is a hash of the Backplane chassis number, so you can't use the
same code over and over.  The originals were 10BaseT only, but the 100BaseT
phones should be out by now.  According to 3com, the original plan was to
integrate al of the functions of the NBX into a card for the Corebuilder
7000, but I think that plan has been scrapped.

http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase
&sku=WEBBNGNBX100COMSYS is 3com's site, but you'll have to paste it back
together to make it work.
www.nbx100.com is the site for one of the larger resellers.



-Original Message-
From: Mark Odette II [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 12:02 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco AVVID vs. 3Com [7:33705]


a couple of weeks back, someone posted a question about inexpensive PBXs and
PBAXs and where to get them.

when I mentioned the NBX option, someone else commented that the NBX is by
default Voice over Ethernet, but that you could purchase a VoIP license to
activate VoIP software running on it.  I don't know how much of this is
accurate, or what the real details on it are... but I've been told that if I
wanted to take a NBX phone set home, and provision the office network
correctly, that I could get it to log in across the Internet directly into
the NBX... and recieve calls as if it were at the office.

Anybody got any validity they can add to this??

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bill Pearch
Sent: Wednesday, January 30, 2002 9:17 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco AVVID vs. 3Com [7:33705]


One thing that Cisco reps mention when the NBX comes up is that 3Com's
solution is voice over ethernet, rather than a VOIP solution.  Then they
admit that Cisco doesn't play well in the small implementation market (less
than 50 phones) unless there are some unusual requirements that are tailored
for VOIP.
TTFN,
Bill

-Original Message-
From: Bill Carter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 8:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco AVVID vs. 3Com [7:33705]


My company is a Cisco Voice partner and a 3Com Voice Partner.  The office I
work out of uses the 3Com NBX for about 20 phones.  It works, no real
complaints.  Some of the earlier versions of code were pretty bad.
Downsides, NBX has 1 hard drive, if it goes we are down. No way to backup.
3Com may be providing a new solution, I'm not sure???

Here is our position when selling to a customers.  If they are a small
office (0-30 phones), with no need for VoIP connecting different offices,
3Com is probably the best choice.  Cost is a lot less than Cisco solution
for same customer and customer wants basic features (voice-mail,
auto-attendant, call-park, call-transfer, speaker phone).

For customers with larger offices (40+ phones), the potential for VoIP with
branch offices we go Cisco.  We end up selling Cisco to 95% of our
customers.  In-line powered phones is a big advantage.  Power outlets at the
desk are usually filled, it's nice to avoid power strips at every desk.

I see 3Com has a price advantage and Cisco has a Technology advantage.
Support from Cisco is excellent.  Lots of time the problem people have with
the Cisco solution is the complexity.  Cisco VoIP can work in many different
environments, 3Com is more positioned for the standard/simple small office.
Don't forget data integration with IP phone system.  XML applications to the
phone are a very good thing.  Some applications on the phones our customers
like are phone directories, time-clock sign-in/sign-out (for hourly staff).

You have to look at the survivability of the company.  3Com has problems
turning a profit.  Networkers hate 3Com NICs, 3Com has exited the core
switching market.  They now sell NICs (most professionals hate them), modems
(commodity), low end switches (commodity), home broadband routers (Cable/DSL
commodity), and a low end phone system.  How long will this model work
Will they dump the NBX in the next 12 months???

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stull, Cory
Sent: Wednesday, January 30, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: OT: Cisco AVVID vs. 3Com [7:33705]


Does anyone have any working experience or good opinions on Cisco's IP
Telephony solution compared to 3Com?  I'm trying to make a buying decision
and right now am very up in the air.  3Com has a nice and more cost
effective solution that even would allow me to (coming soon) be able to use
my existing legacy Lucent/Nortel phones with t

PBX course [7:33756]

[Hire, Ejay]

Someone mentioned theere being an online course for PBX fundamentals.  Is
this a free resource?  I checked cisco.com, but I may have missed it.

Thanks, 
Ejay




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33756&t=33756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet Router? [7:33639]

[Hire, Ejay]

Have you checked the utilization on those 2650's?  I'd bet it's never gotten
above 15%.  The 2650's can handle a lot more than 1 t-1's worth of traffic.

-Ejay

-Original Message-
From: Bill Carter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 12:24 PM
To: [EMAIL PROTECTED]
Subject: RE: Internet Router? [7:33639]


The 3640 will work for you.  I would definitely max out the RAM.  Some
others have commented about not needing full BGP route tables.  My customers
have been very happy with partial tables as described in the following CCO
link.  I have also had customers use 2 2650's, 1 T-1 per connection box,
HSRP on the Ethernet port and run IBGP between each other for optimal
routing.  I then configured them with the below link.

http://www.cisco.com/warp/customer/459/41.shtml

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Nawalaniec
Sent: Tuesday, January 29, 2002 10:45 PM
To: [EMAIL PROTECTED]
Subject: Internet Router? [7:33639]


Hello Everybody,

I just want to run this by everyone for their input from experience.

Scenario:
I'm looking for a Cisco router that will be providing Internet connectivity
running BGP and that will be able to handle the capacity of 2 PTP T1's to
the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I
just want to know what people have tried that does and doesn't work.

My choice would be a 3640 for future T1 expandability and/or a HSSI port.

Thank you for the input.

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33743&t=33639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet Router? [7:33639]

[Hire, Ejay]

If all you need is two t-1's with no eye towards future scalability, then
just about any router will work (17xx+)  the trick is you don't need to
accept full routes via BGP, Just accept the default routes.

-Original Message-
From: Scott Nawalaniec [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 11:45 PM
To: [EMAIL PROTECTED]
Subject: Internet Router? [7:33639]


Hello Everybody,

I just want to run this by everyone for their input from experience. 

Scenario:
I'm looking for a Cisco router that will be providing Internet connectivity
running BGP and that will be able to handle the capacity of 2 PTP T1's to
the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I
just want to know what people have tried that does and doesn't work.

My choice would be a 3640 for future T1 expandability and/or a HSSI port.
 
Thank you for the input. 

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33698&t=33639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Solution -help needed [7:33668]

[Hire, Ejay]

If you are using nat friendly applications, then you could get an Ip from
the pool on the dialer interface and nat inside/outside.

What are you trying to do?

-Ejay



-Original Message-
From: Shane Stockman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 4:25 AM
To: [EMAIL PROTECTED]
Subject: ISDN Solution -help needed [7:33668]


I have a 1601 with BRI Wic and 3COM hub with 4 users.There is only 1 ISDN 
BRI.I need all four users to access the main office but use the ip pool on 
the main 3640.

Any ideas

Thanks


_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33693&t=33668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS Telnet [7:33682]

[Hire, Ejay]

-BEGIN PGP SIGNED MESSAGE-

- --

   UNIRAS (UK Govt CERT) Briefing Notice - 23/02 dated 30.01.02  Time: 09:32
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
- --

  UNIRAS material is also available from its website at www.uniras.gov.uk
and
 Information about NISCC is available from www.niscc.gov.uk
- --


Title
=
Cisco CatOS Telnet Buffer Vulnerability

Detail
==

- -BEGIN PGP SIGNED MESSAGE-

Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability


Revision 1.0

For Public Release 2002 January 29 at 1500 UTC

- - 
---

Summary
- - ---
Some Cisco Catalyst switches, running certain CatOS based software releases,
have a vulnerability wherein a buffer overflow in the telnet option handling
can cause the telnet daemon to crash and result in a switch reload. This
vulnerability can be exploited to initiate a denial of service (DoS) attack.

This vulnerability is documented as Cisco bug ID CSCdw19195. There are
workarounds available to mitigate the vulnerability.

This advisory will be posted at http://www.cisco.com/warp/public/707/
catos-telrcv-vuln-pub.shtml .

Affected Products
- - -
Cisco's various Catalyst family of switches run CatOS-based releases or
IOS-based releases. IOS-based releases are not vulnerable.

The following Cisco Catalyst Switches are vulnerable :

  * Catalyst 6000 series
  * Catalyst 5000 series
  * Catalyst 4000 series
  * Catalyst 2948G
  * Catalyst 2900

For the switches above, the following CatOS based switch software revisions
are
vulnerable.

+---
--+
|   |   Release 4   |   Release 5   |  Release 6   |  Release 7
|
|   |   code base   |   code base   |  code base   |  code base
|
|---+---+---+--+
--|
| Catalyst 6000 |  Not  | earlier than  | earlier than | earlier
than |
| series|  Applicable   |5.5(13)|6.3(4)|7.1(2)
|
|---+---+---+--+
--|
| Catalyst 5000 | earlier than  | earlier than  | earlier than | Not
|
| series|   4.5(13a)|5.5(13)|6.3(4)|  Applicable
|
|---+---+---+--+
--|
| Catalyst 4000 | All releases  | earlier than  | earlier than | earlier
than |
| series|   |5.5(13)|6.3(4)|7.1(2)
|
+---
--+

To determine your software revision, type show version at the command line
prompt.

Not Affected Products
- - -
The following Cisco Catalyst Switches are not vulnerable :

  * Catalyst 8500 series
  * Catalyst 4800 series
  * Catalyst 4200 series
  * Catalyst 3900 series
  * Catalyst 3550 series
  * Catalyst 3500 XL series
  * Catalyst 4840G
  * Catalyst 4908G-l3
  * Catalyst 2948G-l3
  * Catalyst 2950
  * Catalyst 2900 XL
  * Catalyst 2900 LRE XL
  * Catalyst 2820
  * Catalyst 1900

No other Cisco product is currently known to be affected by this
vulnerability.

Details
- - ---
Some Cisco Catalyst switches, running certain CatOS-based software releases,
have a vulnerability wherein a buffer overflow in the telnet option handling
can cause the telnet daemon to crash and result in a switch reload. This
vulnerability can be exploited to initiate a denial of service (DoS) attack.
Once the switch has reloaded, it is still vulnerable and the attack can be
repeated as long as the switch is IP reachable on port 23 and has not been
upgraded to a fixed version of CatOS switch software.

This vulnerability is documented as Cisco bug ID CSCdw19195, which requires
a
CCO account to view and can be viewed after 2002 January 30 at 1500 UTC.

Impact
- - --
This vulnerability can be exploited to produce a denial of service (DoS)
attack. When the vulnerability is exploited it can cause the Cisco Catalyst
switch to crash and reload.

Software Versions and Fixes
- - ---
This vulnerability has been fixed in the following switch software revisions
and the fix will be carried forward in all future releases.

+---
+
|   |   Release 4   |   Release 5   |   Release 6   |   Release
7   |
|   |   code base   |   code base   |   code base   |   code
base   |
|---+---+---+---+---
|
| Cat

RE: Recent One-Day Lab Takers?? [7:33592]

[Hire, Ejay]

I'm surprised.  In san Jose, they are in big red/orange cabinets next to the
cubicle you work in.  You have to go over to the rack to check dial
tone/ring on your VoIp Phone...  and to align the flux capacitor.

-Ejay

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 3:52 PM
To: [EMAIL PROTECTED]
Subject: RE: Recent One-Day Lab Takers?? [7:33592]


I never actually saw any equipment just a monitor and keyboard.  I could
hazzard a guess though that most of the equipment was Cisco.  ;->

-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
Sent: 29 January 2002 19:29
To: [EMAIL PROTECTED]
Subject: Recent One-Day Lab Takers?? [7:33592]


Hello,

Has anyone is this group taken the new one-day lab recently? Wanted to know 
what kind of routers did you see, I mean is it now more than 6 routers or 
still just 6? What models? Is it 2 2513's or 2 2504's etc? And the switch, 
is it still the Cat5? Just wanted to gather this info. to build a lab and 
work on it..visualize that I am actually working on the real lab and 
busting my brains. Thank you Cisco :-)

Thanks!



_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33610&t=33592
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aggregate 3 T1's would this work. [7:33599]

[Hire, Ejay]

Actually, your t-1's will probably not be in the same subnet.  They will
probably have a /30 for each link.  Additionally, you may consider adding no
ip route-cache to each t1 interface.  This will allow per-packet load
balancing instead of per destination.  

New Config...
00
interface Ethernet 0/0
 ip address 172.16.10.1 255.255.255.0
 !
interface Serial 0/0
 ip address 1.1.1.1 255.255.255.252
 no ip route-cache
 !
interface Serial 0/1
 ip address 1.1.1.5 255.255.255.252
 no ip route-cache
 !
interface Serial 1/0
 ip address 1.1.1.9 255.255.255.252
 no ip route-cache
 !
ip route 0.0.0.0 0.0.0.0 serial0/0
ip route 0.0.0.0 0.0.0.0 serial0/1
ip route 0.0.0.0 0.0.0.0 serial1/0
!
ip classless
!
0--0

-Original Message-
From: John Jones [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 3:17 PM
To: [EMAIL PROTECTED]
Subject: Aggregate 3 T1's would this work. [7:33599]


I have a configuration question.
I have 3 dedicated T1's a router 3620 with three T1 CSU/DSU and one
FastEthernet ports installed. All dedicated T's are from the same ISP.
I want to aggregate the three T1's for increased bandwidth (4.5 Mbps)
Would I run into issues

Here is my config.  Would this work?


!
hostname Cisco3620
!
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0/0
 no description
 ip address 172.16.10.1 255.255.255.0
 !
interface Serial 0/0
 no shutdown
 ip address 1.1.1.2 255.255.255.248
 !
interface Serial 0/1
 no shutdown
 ip address 1.1.1.3 255.255.255.248
 !
interface Serial 1/0
 no shutdown
 ip address 1.1.1.4 255.255.255.248
 !
ip route 0.0.0.0 0.0.0.0 serial0/0
ip route 0.0.0.0 0.0.0.0 serial0/1
ip route 0.0.0.0 0.0.0.0 serial1/0

!
!
ip classless
no ip http server
!
end


I tried this config with Cisco's config maker and I get IP address errors on
the serial ports, specifically being on the same subnet.
Would this do basic aggregation?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33609&t=33599
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multilinking more than two ISDN channels [7:33493]

[Hire, Ejay]

You have several different options.  You can make a rotary group or a dialer
group/pool (the config posted to the group earlier is a dialer group)

Good Luck,
Ejay

-Original Message-
From: KM Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: RE: Multilinking more than two ISDN channels [7:33493]


Steve,

I looked into the multilink-group command.  On CCO I found documentation 
titled Configuring MLP on Multiple ISDN BRI Interfaces.  This looks like 
what I was looking for.

As per the doc it states to enable multilink PPP on multiple ISDN BRI 
interfaces, I need to set up a dialer rotary interface and configure it for 
multilink PPP.  Then to configure the BRI interfaces separately and add them

to the same rotary group.  The example shown is as follows:

interface BRI0
no ip address
encapsulation ppp
dialer idle-timeout 2147483
dialer rotary-group 0
dialer load-threshold 1 either
ppp multilink

interface BRI1
no ip address
encapsulation ppp
dialer idle-timeout 2147483
dialer rotary-group 0
dialer load-threshold 1 either
ppp multilink

interface dialer0
ip address 10.x.x.x 255.255.255.252
encapsulation ppp
dialer in-band
dialer idle-timeout 2147483
dialer map ip next-hop name hostname broadcast dial-string
dialer load-thresold 1 either
dialer-group 1
ppp authentication chap
ppp multilink


It looks like there are number of ways to configure multilink PPP on 
multiple BRI interfaces, such as multilink bundle and dialer profiles.  
Thank you for your assistance, by pointing out multilink-group, it helped to

find the doc.

KM


>From: "Steven A Ridder" 
>To: "'KM Reynolds'" 
>Subject: RE: Multilinking more than two ISDN channels [7:33493]
>Date: Mon, 28 Jan 2002 18:27:52 -0500
>
>I thought to bundle interfaces together in a multilink group, you needed
>the multilink group # command in each interface and apply that to
>multilink.
>
>-Original Message-
>From: KM Reynolds [mailto:[EMAIL PROTECTED]]
>Sent: Monday, January 28, 2002 6:04 PM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: Multilinking more than two ISDN channels [7:33493]
>
>
>Below is the config for the single BRI.
>
>interface BRI0
>no ip address
>encapsulation ppp
>dialer pool-member 1 max-link 2
>isdn spid1 xxx
>isdn spid2 xxx
>isdn switch-type basic-ni
>ppp multilink
>
>
>interface dialer 1
>ip address 10.x.x.x 255.255.255.252
>encapsulation ppp
>dialer remote-name
>dialer pool 1
>dialer idle-timeout 2147483
>dialer load-thresold 1 either
>dialer-group 1
>ppp authentication chap
>
>If BRI1 was installed.  Would you need to configure it the same as BRI0,
>but
>change the dialer pool-member 1 max-link to 4?  Sounds to easy.
>
>
> >From: "Steven A. Ridder" 
> >Reply-To: "Steven A. Ridder" 
> >To: [EMAIL PROTECTED]
> >Subject: Re: Multilinking more than two ISDN channels [7:33493]
> >Date: Mon, 28 Jan 2002 17:27:25 -0500
> >
> >How are the Bri's in a multilink group?
> >
> >
> >""MADMAN""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Here ya go, an example that I did some time ago, the 12.1 code was
> > > buggy.  The gist of it is you set up a dialer and attach the bri's
> > > via the dialer pool.  This may not be on CCO but it works.
> > >
> > >   Dave
> > >
> > >
> > > KM Reynolds wrote:
> > > >
> > > > No offence, I just thought I was missing something.  I have read
> > > > your
> > > emails
> > > > in the past, and I do know you know what you are talking about.
> > > >
> > > > I aslo know you can bind PRIs, I just haven't heard of
> > > > multilinking
> >BRIs.
> > > I
> > > > looked in the archives and tried searching the Cisco Web Site, but
>
> > > > had
> >no
> > > > luck.  So I thought it was a good question and posted it.
> > > >
> > > > KM
> > >
> > > David Madland
> > > Sr. Network Engineer
> > > CCIE# 2016
> > > Qwest Communications Int. Inc.
> > > [EMAIL PROTECTED]
> > > 612-664-3367
> > >
> > > "Emotion should reflect reason not guide it"
> > >   This config is an ISDN dial backup binding three BRIs together
> > >
> > >   9/2000
> > > !
> > > ! Last configuration change at 14:54:55 UTC Mon Sep 25 2000 ! NVRAM
> > > config last updated at 14:55:07 UTC Mon Sep 25 2000 !
> > > version 12.1
> > > service timestamps debug uptime
> > > service timestamps log datetime localtime
> > > no service password-encryption
> > > !
> > > hostname CL_Spokane
> > > !
> > > logging buffered 4096 informational
> > > enable password converge*clpriv
> > > !
> > > username CL_Bristol password 0 converge*clpriv
> > > !
> > > ip subnet-zero
> > > ip cef
> > > no ip domain-lookup
> > > ip host routerA 10.1.254.254
> > > !
> > > ipx routing 0030.945d.35e1
> > > isdn switch-type basic-5ess
> > > !
> > > !interface Loopback0
> > >  ip address 10.1.253.253 255.255.255.0
> > > !
> > > interface Loopback100
> > >  ip address 50.1.1.1 255.255.255.0
> > > !
> > > interface Serial2/0.21 point-to-point
> > >  description PVC to Bristol
> > >  ip address 172.31

RE: wic 1T [7:32133]

[Hire, Ejay]

Is it for a Long-haul connection, or just from one room to the next, (i.e. a
data center.)

The only interfaces that support 8mbps on the 26xx are the 8 port t1 ima
card, and the ethernet interfaces.  If this is serial data, then you'll need
an HSSI module and those only go in the 3600 series+

-Ejay

...Cisco Consultant for sale or rent.  Have console cable, will travel.
E-mail off list if you need help.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: wic 1T [7:32133]


anyone knows what WIC should I use on a 26xxx if I
want it to support 8mbps knowing that WIC-1T only
support up to 2mbps
--- Stefan Dozier  wrote:
> Actually the WIC-1T can be used in asynchronous mode
> on the
> 1600 and 1700 series platforms!
> 
> The command you're looking for is "physical-layer
> async"
> 
> In all other platforms, it operates in sychronous
> mode "only".
> 
> Stefan
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: Wednesday, January 16, 2002 12:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: wic 1T [7:32133]
> 
> 
> The WIC-1T is synchronous only.
> http://www.cisco.com/warp/public/107/hw_1t_wic.shtml
> 
> If you want a WIC card that supports asynchronous
> serial then a WIC-2A/S
> would do.
> http://www.cisco.com/warp/public/107/wic-2as.shtml
> 
> You mention modem support. Is your aux port free? If
> so, any reason why it
> won't meet your needs?
> 
> > -Original Message-
> > From: D'Wayne Saunders
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 16, 2002 9:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: wic 1T [7:32133]
> >
> >
> > Hi all
> > i have been searching on the cisco site for some
> > information relating to
> > WIC1T. I have just installed one into a 1720 for a
> modem
> > connection now by
> > cisco (or the information i can find ) the 1720
> with this
> > module supports
> > both aysnc and sync's modes.
> > now my question is do i have to do anything
> special to get it
> > to work in
> > async mode .
> > by the way my ios is 12.0(3)T
> >
> > any help appreciated
> >
> >
> > D'Wayne Saunders,
> > Network Administrator
> >
> > Ph:08 89507742
> > Fax:08 89521112
> > Mobile: 0419 823 568
> >
> > www.lasseters.com.au
> >
> > World's First Government Licensed and Regulated
> Online Casino...
> >
>
**
> >
>
*
> >
> > This email message (and attachments) may contain
> information that is
> > confidential to Lasseters Online. If
> > you are not the intended recipient you cannot use,
> distribute
> > or copy the
> > message or attachments. In such
> > a case, please notify the sender by return email
> immediately
> > and erase all
> > copies of the message and
> > attachments. Opinions, conclusions and other
> information in
> > this message
> > and attachments that do not
> > relate to the official business of Lasseters
> Online are
> > neither given nor
> > endorsed by it.
> >
>
**
> >
>
*
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32877&t=32133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wic 1T [7:32133]

[Hire, Ejay]

Is it for a Long-haul connection, or just from one room to the next, (i.e. a
data center.)

The only interfaces that support 8mbps on the 26xx are the 8 port t1 ima
card, and the ethernet interfaces.  If this is serial data, then you'll need
an HSSI module and those only go in the 3600 series+

-Ejay

...Cisco Consultant for sale or rent.  Have console cable, will travel.
E-mail off list if you need help.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: wic 1T [7:32133]


anyone knows what WIC should I use on a 26xxx if I
want it to support 8mbps knowing that WIC-1T only
support up to 2mbps
--- Stefan Dozier  wrote:
> Actually the WIC-1T can be used in asynchronous mode
> on the
> 1600 and 1700 series platforms!
> 
> The command you're looking for is "physical-layer
> async"
> 
> In all other platforms, it operates in sychronous
> mode "only".
> 
> Stefan
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: Wednesday, January 16, 2002 12:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: wic 1T [7:32133]
> 
> 
> The WIC-1T is synchronous only.
> http://www.cisco.com/warp/public/107/hw_1t_wic.shtml
> 
> If you want a WIC card that supports asynchronous
> serial then a WIC-2A/S
> would do.
> http://www.cisco.com/warp/public/107/wic-2as.shtml
> 
> You mention modem support. Is your aux port free? If
> so, any reason why it
> won't meet your needs?
> 
> > -Original Message-
> > From: D'Wayne Saunders
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 16, 2002 9:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: wic 1T [7:32133]
> >
> >
> > Hi all
> > i have been searching on the cisco site for some
> > information relating to
> > WIC1T. I have just installed one into a 1720 for a
> modem
> > connection now by
> > cisco (or the information i can find ) the 1720
> with this
> > module supports
> > both aysnc and sync's modes.
> > now my question is do i have to do anything
> special to get it
> > to work in
> > async mode .
> > by the way my ios is 12.0(3)T
> >
> > any help appreciated
> >
> >
> > D'Wayne Saunders,
> > Network Administrator
> >
> > Ph:08 89507742
> > Fax:08 89521112
> > Mobile: 0419 823 568
> >
> > www.lasseters.com.au
> >
> > World's First Government Licensed and Regulated
> Online Casino...
> >
>
**
> >
>
*
> >
> > This email message (and attachments) may contain
> information that is
> > confidential to Lasseters Online. If
> > you are not the intended recipient you cannot use,
> distribute
> > or copy the
> > message or attachments. In such
> > a case, please notify the sender by return email
> immediately
> > and erase all
> > copies of the message and
> > attachments. Opinions, conclusions and other
> information in
> > this message
> > and attachments that do not
> > relate to the official business of Lasseters
> Online are
> > neither given nor
> > endorsed by it.
> >
>
**
> >
>
*
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32878&t=32133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer idle-timeout [7:32740]

[Hire, Ejay]

The Obvious would be "dialer idle-timeout 0".  If this is for a specific
user, you could use radius to specify different timeout settings.

-EJH

-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 21, 2002 4:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Dialer idle-timeout [7:32740]


I would have thought by definition, if they're not sending or receiving
traffic, then  no, but am open to correction.
What sort of override do you mean. Do you mean something as simple as
setting outlook express to poll for new mail every 4 minutes, or a script to
ping every 4 minutes, or something more permanent?

Gaz


""kevhed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have a 3640 as a RAS box for remote dial-in users and have the dialer
> idle-timeout set for 5 minutes (eitherbound).  My question is, does anyone
> know of a way that a user can override that 5 minute dialer idle-timeout
> window and keep his/her connection up indefinitely, assuming that the
person
> is not sending or rcv'ing any traffic?
>
> Regards,
>
> Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32750&t=32740
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: router for BGP and HSRP [7:32029]

[Hire, Ejay]

If you are not running BGP, How do you notify your upstream Isp to stop
advertising reachability to your subnet?

-Ejay

-Original Message-
From: Thomas Crowe [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 21, 2002 3:47 PM
To: [EMAIL PROTECTED]
Subject: RE: router for BGP and HSRP [7:32029]


If your only looking to get your default route from your ISP, you do not
need to worry about the headaches associated with BGP.  Each router will
have 2 ethernet interfaces, one on your network and one on your ISP's.  Each
router attached to your ISP will have a default route to your ISP's gateway.
Configure HSRP between your 2 routers, and then whatever router is active
will route according to it's own default gateway, in the event of a
failover, your hosts do not see a change in their default gateway, and the
active router forwards the packets based on it's own routing table.

__

Thomas Crowe
Senior Systems Engineer / Architect
CTS Professional Services - Atlanta
__

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 1:04 PM
To: [EMAIL PROTECTED]
Subject: router for BGP and HSRP [7:32029]




Hello,

  I have a question I hope someone maybe able to help me with. I have a
setup that will be in a data center. They are giving us two handoffs a
primary and shadow on 2 distinct subnets. These will be ethernet
connections.I would like to use 2 routers running HSRP for our servers
inside our network. I also want the routers to run BGP4 for fault
tolerance,
they do not need to  load share.The only thing I want to use BGP for is to
get my default gateway. The routers will need to have 2 eth interfaces
each.
Does anyone know the cheapest router that could do this?

Thanks alot

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of Thomas Crowe.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32746&t=32029
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Home-use PABX [7:32584]

[Hire, Ejay]

One more note about the NBX 100.  It is not inherently a Voice-over-Ip
device.  By default, It's voice over ethernet.  You have to purchase a
seperate liscense for voice-0ver-Ip.

-Ejay

-Original Message-
From: Mark Odette II [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 19, 2002 4:12 PM
To: [EMAIL PROTECTED]
Subject: RE: Home-use PABX [7:32584]


James- I'm not sure about Nortel, Lucent, or any of the other manufacturers,
but I know you can pick up a 3COM NBX off of ebay for 1/3 the price of it
brand new.  They are usually posted with different variable line cards, so
you can read the descriptions and get a little education from there as to
what you may want.  Keep in mind that E1/T1 still applies to Europe as
opposed to North America, so you would have to make sure that your
Multi-Flex trunk card on your 26xx/36xx/AS5x00 router can support that type
of trunk connection directly to the P(A)BX.  Also, keep in mind that you may
just have scenarios where you used E&M lines, so getting the appropriate
router equipment for that will serve just as well as if you were trialing
the Analogue FXS/FXO line options.

The thing to keep in mind is there are several combinations as to how you
want to "soup-bowl".

One thing to note about the 3Com NBX- it's web-administered, as compared to
some of the other P(A)BXs that are administered via one of the "admin"
version telephones, or via terminal service connection with a bunch of
cryptic commands.  While the web gui would be a crutch initially, it'll sure
help learn the XYZs a whole lot faster... of which the XYZs are going to be
fairly the same across most P(A)BX vendors... just like configuring routers
for different vendors- TCP/IP is still the same no matter how you slice it.

That's my .25 for the month.  It's all mere opinion, of which is always open
to modification based on new information :)

HTHs!

Mark Odette II


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 19, 2002 11:18 AM
To: [EMAIL PROTECTED]
Subject: Home-use PABX [7:32584]


I have a home lab just now consisting of a number of routers for
data. I would like to get more in to the voice side of
networking and wonder where best to start. My thoughts are to
buy a small second hand PABX with E1 and ISDN PRI lines but I'm
really not sure if that's how a PBX would be provisioned. I
guess that older PBXs would have analogue lines which would not
connect to my routers as I want them to, though some analogue
mixed with the above digital would be OK. Of course, cost would
be a major factor but I haven't as yet seen anything for sale
that looked like a digital telephone switch.

So, that's the problem. As a starter for ten I would be grateful
if someone could point me in the right direction. Thanks.
- James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32690&t=32584
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wic 1T [7:32133]

[Hire, Ejay]

Is it for a Long-haul connection, or just from one room to the next, (i.e. a
data center.)

The only interfaces that support 8mbps on the 26xx are the 8 port t1 ima
card, and the ethernet interfaces.  If this is serial data, then you'll need
an HSSI module and those only go in the 3600 series+

-Ejay

...Cisco Consultant for sale or rent.  Have console cable, will travel.
E-mail off list if you need help.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: wic 1T [7:32133]


anyone knows what WIC should I use on a 26xxx if I
want it to support 8mbps knowing that WIC-1T only
support up to 2mbps
--- Stefan Dozier  wrote:
> Actually the WIC-1T can be used in asynchronous mode
> on the
> 1600 and 1700 series platforms!
> 
> The command you're looking for is "physical-layer
> async"
> 
> In all other platforms, it operates in sychronous
> mode "only".
> 
> Stefan
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: Wednesday, January 16, 2002 12:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: wic 1T [7:32133]
> 
> 
> The WIC-1T is synchronous only.
> http://www.cisco.com/warp/public/107/hw_1t_wic.shtml
> 
> If you want a WIC card that supports asynchronous
> serial then a WIC-2A/S
> would do.
> http://www.cisco.com/warp/public/107/wic-2as.shtml
> 
> You mention modem support. Is your aux port free? If
> so, any reason why it
> won't meet your needs?
> 
> > -Original Message-
> > From: D'Wayne Saunders
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 16, 2002 9:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: wic 1T [7:32133]
> >
> >
> > Hi all
> > i have been searching on the cisco site for some
> > information relating to
> > WIC1T. I have just installed one into a 1720 for a
> modem
> > connection now by
> > cisco (or the information i can find ) the 1720
> with this
> > module supports
> > both aysnc and sync's modes.
> > now my question is do i have to do anything
> special to get it
> > to work in
> > async mode .
> > by the way my ios is 12.0(3)T
> >
> > any help appreciated
> >
> >
> > D'Wayne Saunders,
> > Network Administrator
> >
> > Ph:08 89507742
> > Fax:08 89521112
> > Mobile: 0419 823 568
> >
> > www.lasseters.com.au
> >
> > World's First Government Licensed and Regulated
> Online Casino...
> >
>
**
> >
>
*
> >
> > This email message (and attachments) may contain
> information that is
> > confidential to Lasseters Online. If
> > you are not the intended recipient you cannot use,
> distribute
> > or copy the
> > message or attachments. In such
> > a case, please notify the sender by return email
> immediately
> > and erase all
> > copies of the message and
> > attachments. Opinions, conclusions and other
> information in
> > this message
> > and attachments that do not
> > relate to the official business of Lasseters
> Online are
> > neither given nor
> > endorsed by it.
> >
>
**
> >
>
*
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32481&t=32133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wic 1T [7:32133]

[Hire, Ejay]

Is it for a Long-haul connection, or just from one room to the next, (i.e. a
data center.)

The only interfaces that support 8mbps on the 26xx are the 8 port t1 ima
card, and the ethernet interfaces.  If this is serial data, then you'll need
an HSSI module and those only go in the 3600 series+

-Ejay

...Cisco Consultant for sale or rent.  Have console cable, will travel.
E-mail off list if you need help.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: wic 1T [7:32133]


anyone knows what WIC should I use on a 26xxx if I
want it to support 8mbps knowing that WIC-1T only
support up to 2mbps
--- Stefan Dozier  wrote:
> Actually the WIC-1T can be used in asynchronous mode
> on the
> 1600 and 1700 series platforms!
> 
> The command you're looking for is "physical-layer
> async"
> 
> In all other platforms, it operates in sychronous
> mode "only".
> 
> Stefan
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: Wednesday, January 16, 2002 12:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: wic 1T [7:32133]
> 
> 
> The WIC-1T is synchronous only.
> http://www.cisco.com/warp/public/107/hw_1t_wic.shtml
> 
> If you want a WIC card that supports asynchronous
> serial then a WIC-2A/S
> would do.
> http://www.cisco.com/warp/public/107/wic-2as.shtml
> 
> You mention modem support. Is your aux port free? If
> so, any reason why it
> won't meet your needs?
> 
> > -Original Message-
> > From: D'Wayne Saunders
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 16, 2002 9:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: wic 1T [7:32133]
> >
> >
> > Hi all
> > i have been searching on the cisco site for some
> > information relating to
> > WIC1T. I have just installed one into a 1720 for a
> modem
> > connection now by
> > cisco (or the information i can find ) the 1720
> with this
> > module supports
> > both aysnc and sync's modes.
> > now my question is do i have to do anything
> special to get it
> > to work in
> > async mode .
> > by the way my ios is 12.0(3)T
> >
> > any help appreciated
> >
> >
> > D'Wayne Saunders,
> > Network Administrator
> >
> > Ph:08 89507742
> > Fax:08 89521112
> > Mobile: 0419 823 568
> >
> > www.lasseters.com.au
> >
> > World's First Government Licensed and Regulated
> Online Casino...
> >
>
**
> >
>
*
> >
> > This email message (and attachments) may contain
> information that is
> > confidential to Lasseters Online. If
> > you are not the intended recipient you cannot use,
> distribute
> > or copy the
> > message or attachments. In such
> > a case, please notify the sender by return email
> immediately
> > and erase all
> > copies of the message and
> > attachments. Opinions, conclusions and other
> information in
> > this message
> > and attachments that do not
> > relate to the official business of Lasseters
> Online are
> > neither given nor
> > endorsed by it.
> >
>
**
> >
>
*
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32481&t=32133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Default gateway question [7:32430]

[Hire, Ejay]

Proxy Arp.

Because you are set as your own default gateway with a /32 mask, then you
will send an arp request for every IP.  Their router performs proxy arp and
viola! you have internet access.  This saves Ip's while maintaining
universal routability, and is very common for dial-up Isp's.

-ejay

-Original Message-
From: Omer Ehsan Dar [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 8:05 AM
To: [EMAIL PROTECTED]
Subject: Default gateway question [7:32430]


Hi all,
I have a query that whenever I connect to my ISP I get an IP address a
mask and a default gateway.This is what it looks like

PPP Adapter:
Connection specific DNS Suffix:
IP address: 203.135.17.194
Subnet mask: 255.255.255.255
Default gateway: 203.135.17.194

what is default gateway and my IP the same ? and why is the mask all
ones that ignore all bit hoe does the mask then check the network
portion and the host portion?
Plz help me out.
Thanks
Omer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32482&t=32430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Reverse telnet [7:32206]

[Hire, Ejay]

Try a straight cable instead of a rollover.  I just tried it and it's
working for me.

-Original Message-
From: Joaquim Lopes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 6:04 AM
To: [EMAIL PROTECTED]
Subject: RE: Reverse telnet [7:32206]


I just configured speed 9600, still no password prompt...
Help appreciated.
thanks

-Original Message-
From: Rob Webber [mailto:[EMAIL PROTECTED]] 
Sent: quinta-feira, 17 de Janeiro de 2002 1:16
To: [EMAIL PROTECTED]
Subject: Re: Reverse telnet [7:32206]


Try configuring "speed 9600" under the line aux 0. I do not believe you can
use a straight cable, I thiink it has to be rolled.

Also, are you sure port 2065 is the right port number? It sounds high, but
that may be correct...

Rob.

""Joaquim Lopes""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, i'm trying to configure a switch without ip remotely.
>
> I have the router AUX port connected to the switch Console port via 
> Roll-cable When i try to connect i've got :
>
> RouterXPTO#1.1.1.1 2065
> Trying 1.1.1.1, 2065 ... Open
>
>
> But i can't type anything (newbie problems )
>
> --
> Router configuration
> interface Loopback0
>  ip address 1.1.1.1 255.255.255.0
>  no ip directed-broadcast
> line aux 0
>  no exec
>  no activation-character
>  terminal-type VT100
>  transport preferred none
>  transport input all
>
>
> One last thing, can i use a straigth cable to do the connectio ? 
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32480&t=32206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to Configure 2-routers back to back via T1/CSU/DSU [7:32461]

[Hire, Ejay]

No, you don't loopback any of the interfaces.  Configure one of the t-1
ports for clock source line and the other as clock source internal.  Then
check your cable.  A t1 crossover is not the same as an ethernet crossover.

A t1 crossover is 1-4 and 2-5.

Good luck,
ejay

...Cisco Consultant for sale or rent.  E-mail off list if you need help.

-Original Message-
From: Emily Lee [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 11:37 PM
To: [EMAIL PROTECTED]
Subject: How to Configure 2-routers back to back via T1/CSU/DSU
[7:32403]


All,

I am trying to configure 2-2600 routers that have
integrated T1 CSU/DSU WAN interfaces. I am using a
crossover cable connecting the 2 routers back to back.
 From reading, I understand I need to enable the
loopback command, but I have found several and none
are working so far. I am using the 2 routers to learn
more on router configurations since I dont have much
hands on. So I am using them only for practice at
home.

Thanks for any help.


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32461&t=32461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Least cost router to run BGP (partial or Full) [7:32397]

[Hire, Ejay]

You have three problems.  

1. How do you get 8mbps of traffic into the router.  For the 2600 series, it
includes..
a. Switched Full-duplex 10baseT Port
b. 100BaseT or Faster ethernet Port.
c. 8 port T-1 nm with IMA  (8 port t-1 atm module)
If your providers aren't providing connections via one of the above, you'll
have to switch to a different series of routers so you can get the traffic
into the router.

2.  What routers will support 8 mbps of traffic.
8mbps = 800 bytes-sec.  800 bytes-sec/1500 bytes-packet = 5333 pps.
add a 10% safety margin and you get 6kpps.  Look at
http://www.cisco.com/warp/public/752/qrg/ 
The Cisco 2610/11 (The lowest in the 2600 series) is rated for 12-15 kpps.

3.  What routers will support full or Partial BGP routes.
That depends on how partial they are.  If you are accepting only a default
route, then it doesn't significantly change your memory requirements.  You
need an IP Plus image to run BGP, so minimum is 40 mb.  I.e. 40Mb of ram is
the minimum to run bgp and accept only the default route.  If you are
planning on accepting the full routing table, then 128mb is the current
requirement, but that is continually increasing.  128 Mb is the maximum
memory a 26xx will accept, and that's only on the 2650/51 so  A cisco
2651 with maximum ram would be the minimum choice for full routes, and a
Cisco 2621 would be acceptable for partial routes.  If your ISP connections
are via ethernet, then you're all set with the 2621 or 2651 as they have two
FastEthernet ports.

Recap:
A 2610/11 can take the traffic, and can accept default or partial routes via
bgp.  If you want to use the 10BaseT ports for the network connections, they
need to be connected to a full duplex switch to fit 8mbps of traffic on the
line.  This is probably not the best unless you are using something other
than the 10BaseT port to squeeze the traffic onto the network.

A 2620/21 can take the traffic, and can accept default or partial routes via
bgp.  It is a significantly better choice than the 2610/11 if you are using
the FastEthernet ports

A 2650/51 can take the traffic, and can accept Full, default, or partial
routes via bgp.  If you don't require full bgp routes, this isn't a
significantly better choice than the 262x.

-Ejay
...Cisco Consultant for sale or rent, e-mail off list if you need help.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 10:03 PM
To: [EMAIL PROTECTED]
Subject: Least cost router to run BGP (partial or Full) [7:32397]


hi all,

I am looking at a least cost router that can run full
BGP and supports 8mbps of WAN traffic. I am looking at
Cisco 26xx but can a WIC-1T support 8mbps ?


regars,

suaveguru


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32458&t=32397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Loopback IP masking - 32 or 24 bits? or? [7:32345]

[Hire, Ejay]

If you are using a classful routing protocol and advertising the Loopback,
it's going to burn the /24 anyway, you could use it.

-Eh

-Original Message-
From: Lupi, Guy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: Loopback IP masking - 32 or 24 bits? or? [7:32345]


Well, you could use part of the loopback subnet for a nat pool if your
loopback is a public IP address, that is one reason you may want more than a
/32 on the interface.  Just throwing things out there.

-Original Message-
From: Walker, Jim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: Loopback IP masking - 32 or 24 bits? or? [7:32345]


Your friend is right. Why would you use anything other than a /32 bit mask
on a virtual interface?
You are not going to route using the loopback address are you?



Jim Walker
Master Network Engineer
Partners HealthCare System, Inc.
Information Systems / Technical Services & Operations
Tel. (617) 732-8803
Fax (617) 264-5130
This e-mail message and any attachments are confidential and may be
privileged.  If you are not the intended recipient, please notify me
immediately by replying to this message and please destroy all copies of
this message and attachments.  Thank you.



-Original Message-
From: Joshua Dughi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 3:23 PM
To: [EMAIL PROTECTED]
Subject: Loopback IP masking - 32 or 24 bits? or? [7:32345]


Hi, all;

I recently started considering why I might want to have a 32-bit mask
for my loopbacks as opposed to some other scheme - for instance using
the regularly documented 24-bit mask on a loopback.

I am speaking of course, of:  Interface Loopback0
IP Address 10.0.0.1
255.255.255.0

versus approaching this matter in this fashion:

  Interface Loopback0
IP Address 10.0.0.1
255.255.255.255

So, my questions are: 1)
 Has any one here seen a detailed discussion of this matter?
Can you provide me a link to it?

   2) Based on what a friend of mine feels, his view is that there
is never any benefit to having a 24-bit, or 28, or 29-bit mask on a
loopback. In his view, loopbacks will always need to be, very logically,
used with 32-bit masks.

Can anyone please shed some light on this matter?

Thank you.

Joshua Dughi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32372&t=32345
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Waiting Period [7:32232]

[Hire, Ejay]

According to the online scheduler, the following dates/times are available
in San Jose.
17-Jan-2002
19-Jan-2002
20-Jan-2002
21-Jan-2002
22-Jan-2002

-Original Message-
From: Ed Chuchaisri [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 7:05 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab Waiting Period [7:32232]


Guys,

I wonder when is the earliest R/S lab available in San Jose if I passed the
written today?  I heard that it still takes at least 6 months even though
Cisco has changed the lab to a 1-day format.

And how do you compared the written exam to other Cisco Exam like CID 3.0 (I
think this is the most challenging one out there), Routing 2.0, and
switching 2.0.  Is it true that written exam for R/S is the combination of
Routing 2.0 and switching 2.0 together.  How many questions by the way?

Thanks,

Ed
www.router4u.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32304&t=32232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwith [7:32264]

[Hire, Ejay]

For Ios 11.3 you can restrict outbound traffic rates, using the traffic
shape command, but I don't know how to do incoming traffic.
interface serial 0/0
 traffic-shape rate 131072

In Ios 12.0, there is a handy feature that will do what you want...you can
rate-limit it. 

interface Serial 0/0
 rate-limit input 131072 0 0 conform-action transmit exceed-action drop
 rate-limit output 131072 0 0 conform-action transmit exceed-action drop

And, you can set burst sizes on these to allow your customer to go above the
maximum rate for short periods of time.  If you wanted to give them 128k,
but burstable to 256k, then it would be
interface serial 0/0
 rate-limit input 131072 131072 131072 conform-action transmit exceed-action
drop
 rate-limit output 131072 131072 131072 conform-action transmit
exceed-action drop

(The first 131072 is the 128k committed.  The second and third 131072 is the
additional 128k burstable.  the format of the command is rate-limit
(input/output) (cir) (normal-cbr) (max-cbr) conform-action (...) exceed
action (...))

To verify the configuration 
Show interface serial 0/0 rate-limit...

Let me know if you need more help.

-Ejay

p.s.  Expiring .net company Cisco Consultant for sale or rent (me).  Contact
off-list for $

-Original Message-
From: kaushalender [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 2:24 AM
To: [EMAIL PROTECTED]
Subject: Bandwith [7:32264]


Hi all,


I have 2610 router on which i want that i can restrict bandwith to 
128kbs on  serial port which is directly connected to my customer's 
router on HDSL encapsulation . How can i do that whithout using modem in 
between .Plz guide me .

Thanx in advance
kaushalender




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32299&t=32264
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: router for BGP and HSRP [7:32029]

[Hire, Ejay]

>From the requirements you've mentioned, I don't think the 16xx is going to
work for you.  Yes, It can run BGP, HSRP, and OSPF.  The issue is with the
amount of traffic you want to push across it.  A 160xx couldn't handle doing
all of the above _and_ handling 4mbps of traffic.

4mbps of traffic assuming an average packet size of 1500 bytes = 2796 pps +
10 % safety margin = ~3000 pps.  You need a router that can handle 3000 pps.
(Thank you Priscilla, see I was paying attention when I read the book)  

A check of 
http://www.cisco.com/warp/public/cc/general/qrg/cpqrg.pdf

Shows that the minimum that you need is a 2500 (A 2514 for 2 ethernet ports)
or a 2600 (2611 for 2 ethernet ports.) Note, I had to look in an old one to
find that a 1600 wasn't capable of 3kpps.

And because you want to run BGP, then you need a minimum of an Ip Plus IOS.


-Original Message-
From: sam sneed [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 1:04 PM
To: [EMAIL PROTECTED]
Subject: router for BGP and HSRP [7:32029]


Hello,

  I have a question I hope someone maybe able to help me with. I have a
setup that will be in a data center. They are giving us two handoffs a
primary and shadow on 2 distinct subnets. These will be ethernet
connections.I would like to use 2 routers running HSRP for our servers
inside our network. I also want the routers to run BGP4 for fault tolerance,
they do not need to  load share.The only thing I want to use BGP for is to
get my default gateway. The routers will need to have 2 eth interfaces each.
Does anyone know the cheapest router that could do this?

Thanks alot




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32230&t=32029
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP AS Number [7:32107]

[Hire, Ejay]

No sooner than I typed this I went back to verify what I remembered about
the cost of an ASN, and I was wrong.  AS # $500. /19 of Public Ip's = $5000.
Sorry about that.  Take a look at:
http://www.arin.net/regserv/asnguide.htm
http://www.arin.net/regserv/feeschedule.html

-Original Message-
From: Hire, Ejay 
Sent: Wednesday, January 16, 2002 3:16 PM
To: 'Shawn Xu'; [EMAIL PROTECTED]
Subject: RE: BGP AS Number [7:32107]


This is mostly correct, To properly implement BGP, you should have your own
AS #.  Alternately, If you can't ante the $5000 to get the #, then you may
be able to talk the ISP's into letting you use a private As number that they
strip off and replace with their AS#.

I.e.
Internet - Isp1 (701) - You (65530) - Isp2 (16770) - internet
A looking glass on the internet would see (assuming you are 1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701
1.1.1.0/24    16770

A looking glass inside UUnet (701) would see (assuming you are 1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701 65530
1.1.1.0/24    16770

A looking glass inside Broadslate (16770) would see (assuming you are
1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701
1.1.1.0/24    16770 65530

They would have to do a wee bit of engineering on there part to make their
routers prefer the longer AS path, but technically it is doable.  

-ejay

Btw, I've never agressively looked, but I don't know of any Isp's that will
let you do this.  If anyone needs assistance with BGP configuration, e-mail
me off list.  Thanks.




-Original Message-
From: Shawn Xu [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 9:15 PM
To: [EMAIL PROTECTED]
Subject: BGP AS Number [7:32107]


As far as we know, when you connect to two ISPs for load balancing and fault

tolerance,  you have to configure BGP, please refer

http://www.cisco.com/warp/public/459/40.html

but from the above examples, you have to have your own AS number. If I don't

have my own AS number, I can not connect to two ISPs?

Please help, thanks.

Shawn Xu

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32228&t=32107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How do I bind several E1 links into one link on 7204 just [7:32209]

[Hire, Ejay]

It depends on what is on the other end of the E1's.  The easiest way to do
it is with Multilink PPP.  If you are connecting to an ISP, then they will
probably dictate what protocol you use for them.  E-mail me off-list if you
have questions or you want help configuring this.

-Ejay

-Original Message-
From: cage [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 3:51 AM
To: [EMAIL PROTECTED]
Subject: How do I bind several E1 links into one link on 7204 just like
[7:32136]


asd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32209&t=32209
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP AS Number [7:32107]

[Hire, Ejay]

This is mostly correct, To properly implement BGP, you should have your own
AS #.  Alternately, If you can't ante the $5000 to get the #, then you may
be able to talk the ISP's into letting you use a private As number that they
strip off and replace with their AS#.

I.e.
Internet - Isp1 (701) - You (65530) - Isp2 (16770) - internet
A looking glass on the internet would see (assuming you are 1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701
1.1.1.0/24    16770

A looking glass inside UUnet (701) would see (assuming you are 1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701 65530
1.1.1.0/24    16770

A looking glass inside Broadslate (16770) would see (assuming you are
1.1.1.0/24)
Subnet -- AS Path
1.1.1.0/24    701
1.1.1.0/24    16770 65530

They would have to do a wee bit of engineering on there part to make their
routers prefer the longer AS path, but technically it is doable.  

-ejay

Btw, I've never agressively looked, but I don't know of any Isp's that will
let you do this.  If anyone needs assistance with BGP configuration, e-mail
me off list.  Thanks.




-Original Message-
From: Shawn Xu [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 9:15 PM
To: [EMAIL PROTECTED]
Subject: BGP AS Number [7:32107]


As far as we know, when you connect to two ISPs for load balancing and fault

tolerance,  you have to configure BGP, please refer

http://www.cisco.com/warp/public/459/40.html

but from the above examples, you have to have your own AS number. If I don't

have my own AS number, I can not connect to two ISPs?

Please help, thanks.

Shawn Xu

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32208&t=32107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wiping a config w/o en password [7:31838]

[Hire, Ejay]

Full instructions are at this webpage, but I'll summarize.
http://www.cisco.com/warp/public/474/pswdrec_2600.shtml

Power Cycle the router, and Press Ctrl-Break within 30 seconds of powering
it back up.  You should go to a Prompt rommon>.  type confreg 0x2142 Press
enter type reset, press enter.  Wait for the router to reboot.  Type the
following

enable
copy start runn
config term
configura 2102
enable secret newenablepassword
line vty 0 4
password newtelnetpassword
line con 
password newconsolepassword

copy runn start

Let me know if you need help,

-Ejay
-Original Message-
From: Johnson, Richard (NY Int) [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 14, 2002 7:44 AM
To: [EMAIL PROTECTED]
Subject: Wiping a config w/o en password [7:31838]


Hi All, 

How do I trash a config on a 2611 w/o the en password. 



Thanks, 

Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31846&t=31838
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Compresses Cisco IOS to fit onto a smaller fla [7:31729]

[Hire, Ejay]

It is an alternate method for performing code upgrades.  You used to be able
to order a single use card that would upgrade the code on a single router
and then self-destruct.  (Not Explode, just self-disable)

-ejay.

-Original Message-
From: Paul Borghese [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 12, 2002 1:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Compresses Cisco IOS to fit onto a smaller fla [7:31729]


Hey as a side note.  Does anyone know what that PCMCIA slot inside the 25xx
routers are used for?  It looks as if you can add Flash via a PCMCIA card.
It is not worth it as Flash is so inexpensive, but it would be neat to try.

Paul
- Original Message -
From: "Brad Ellis" 
To: 
Sent: Saturday, January 12, 2002 11:31 AM
Subject: Re: Compresses Cisco IOS to fit onto a smaller fla [7:31729]


> I would highly recommend AGAINST using it.  We used to use it and had all
> sorts of strange problems with the newly created compressed IOS.  You also
> have to have an extra amount of DRAM available for the created image to be
> decompressed into RAM.
>
> Flash and DRAM are soo cheap these days, you'd be better off upgrading the
> memory.  Also, MZMaker is only applicable with uncompressed run-from-flash
> IOS (ie, 2500 series routers and the old 1600 series routers).  Again, I'd
> highly recommend against it.
>
> thanks,
> -Brad Ellis
> CCIE#5796 (R&S / Security)
> Network Learning Inc
> [EMAIL PROTECTED]
> used Cisco gear:  www.optsys.net
> CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html
> ""Circusnuts""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Yes- the program is called MZMaker and can only be applied to IOS that
> > is run from RAM only.
> >
> > All the best !!!
> > Phil
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Richard
> > Sent: Saturday, January 12, 2002 2:57 AM
> > To: [EMAIL PROTECTED]
> > Subject: Compresses Cisco IOS to fit onto a smaller flash size.
> > [7:31710]
> >
> > I wonder if anyone has tried to compress a larger Cisco IOS to fit onto
> > a
> > router with a smaller flash. If so, I'd appreciated for some pointers.
> >
> >
> > Thanks
> > _
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31753&t=31729
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: I would like to hear from those who have taken the CCIE lab [7:31711]

[Hire, Ejay]

Er, if you don't expect any ATM on the exam, then you can expect to be
surprised instead.

-ejh

-Original Message-
From: Brian Whalen [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 12, 2002 2:12 AM
To: [EMAIL PROTECTED]
Subject: Re: I would like to hear from those who have taken the CCIE lab
[7:31708]


Interesting atm is in sect 8.4 of the written blueprint but not on the
lab..

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Fri, 11 Jan 2002, Chuck Larrieu wrote:

> true or false - loopback interfaces can never be down unless the entire
box
> fails..
>
> ""Brad Ellis""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > They have removed ATM and Voice completely.  Don't bother studying it.
> You
> > should really focus on your loopback and token ring interface
> configuration.
> > Make sure you can put the loopback interfaces in a 'down down' state. 
For
> > the token ring interfaces, make sure you can program the router to
> > automatically bring up a token ring interface without a mau or media
> filter
> > or anything at all connected to the interface...and for that matter, if
> you
> > do use a mau, make sure you can bring up the interface WITHOUT pushing
in
> > the RingIn and RingOut buttons (inside joke).
> >
> > You should be able to run a mile in under 5 minutes, as the cafeteria
has
> > been relocated 2.5 miles away and you only have a half hour for lunch,
> bring
> > pepto and gatorade.  Your lab is now written using invisible ink, make
> sure
> > you can see it.  You may have to repell from the third floor, bring a
long
> > rope.  There will be loud music playing, and a laser light show, wear
> > sunglasses and earplugs.  The room temperature will be over 100F, dress
> > light.  You will have to solve world hunger, bring extra food.  And last
> but
> > not least, NDA!!!  You'll find out when you get there!!!  Study
EVERYTHING
> >
> > -Brad
> > ""Firesox""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I am going for a the CCIE R/S lab in March.
> > > I am going thru all the labs that I can find, but I would love to hear
> > from
> > > someone who has actually taken it recently.
> > > I am particularly curious to see how much ATM and Voice stuff I would
> have
> > > to know.
> > > Please email me at [EMAIL PROTECTED]
> > >
> > > Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31711&t=31711
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hardware BGP? [7:31529]

[Hire, Ejay]

Okay, I'll bite.

Situation:  If Joe Bob's WebHosting Has a frac ti to provider A and a Frac
t1 to Provider B.  Both provider's are providing their own CPE's, and Joe
Bob has convinced them to run BGP with him.  Both Isp's want him to peer to
one of there Distribution layer routers via ebgp muilthop.

Assuming JoeBob only accepts the bgp default routes, why should he not use a
160x in this situation?

More realistic situation:  JoeBob's company uses vpn services on a cisco
17xx, the 160xs cousin.  They implement bgp to their Isp's, because the VPN
connection needs to be there if one of the ISP's fail.  Assuming JoeBob only
accepts the bgp default routes, why should he not use a 17xx in this
situation?

I agree that every router is limited in what it can do and how much traffic
it can handle.  I do not agree that we should arbitrarily dismiss certain
models of routers without considering the actual need.

-ejay 

-Original Message-
From: Jason [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 10, 2002 12:17 PM
To: [EMAIL PROTECTED]
Subject: Re: Hardware BGP? [7:31529]


1600's IOS supports BGP Should you use 1600 with BGP, hell no...

""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I don't think 1600's support BGP.  Actually BGP is supported in most
> all IOS of platforms that support BGP.  If you just want to configure
> BGP for experience and not accept 100k+ routes I now you can use a 2500,
> 1700, 2600...
>
>   Dave
>
> Shawn Xu wrote:
> >
> > Hi, All:
> >
> > Which Cisco router can run BGP? Cisco 1605 can do it?
> >
> > I never had BGP experience, and I think it depends on IOS version, not
> > hardware.
> >
> > Please help. Thanks.
> >
> > Shawn
> >
> > _
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31570&t=31529
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame relay map 0.0.0.0 question, please help! CCIE lab is [7:31565]

[Hire, Ejay]

Did you change the Hub router's ospf priority so It will become DR?  And
change The spoke routers' ospf priority to 0 so it will never attempt to
become DR or bdr?

-Original Message-
From: Wilson, Christian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 10, 2002 12:23 PM
To: [EMAIL PROTECTED]
Subject: Frame relay map 0.0.0.0 question, please help! CCIE lab is Feb
[7:31555]


I have a frame switch configured for full mesh connectivity over a 3 node
frame relay cloud.  Router A and router B cannot use subinterfaces.  Router
B and router C can only use thier dlci that connects them to Router A, not
the dlci that connects them to each other.  Because the frame switch is set
up as a full mesh, I have disabled inverse arp on router A, B, and C and
have used frame relay map commands with the broadcast parameter on each
router.  I am able to ping every router just fine using router A as a hub.
Then I need to enable ospf between all of them.  I used the neighbor x.x.x.x
command to enable ospf, but the two spoke routers, B and C, only form adj
with router A, they can not form adj with each other.  When I debug ip ospf
adj, I see that routers B and C are sending their poll-intervals? to
0.0.0.0.  When I issued a sh frame relay map command, I saw the following
entires:

sh fram map
Serial0/0 (up): ip 0.0.0.0 dlci 503(0x1F7,0x7C70)
  broadcast,
  CISCO, status defined, inactive
Serial0/0 (up): ip 0.0.0.0 dlci 502(0x1F6,0x7C60)
  broadcast,
  CISCO, status defined, inactive
Serial0/0 (up): ip 140.4.1.2 dlci 503(0x1F7,0x7C70), static,
  broadcast,
  CISCO, status defined, inactive
Serial0/0 (up): ip 140.4.1.3 dlci 503(0x1F7,0x7C70), static,
  broadcast,
  CISCO, status defined, inactive

I can not seem to loose the frame maps to 0.0.0.0.  They do not show
themselves as being learned dynamically or statically.  What do they mean?
How do I get rid of them?  How did they get in there?  I can not form adj,
please help!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31565&t=31565
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AS 5300 [7:31394]

[Hire, Ejay]

Yes, You can terminate 2e1 pri's into an AS5300.  Additionally, if it has
MICA modem cards installed, you will be able to answer/negotiate analog and
digital calls.  

-Original Message-
From: Amit Bhasin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 10:45 AM
To: [EMAIL PROTECTED]
Subject: AS 5300 [7:31394]


Hi all,
i need to know whether we can configure Even PRI on Cisco AS 5300 RAS and
use
it for ISDN and analog Dial-Up users simentaniously.If yes can anyone tell
me
what will be the configartion commands for as such.

Regards,
Amit Bhasin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31536&t=31394
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Permissions: read but don't copy [7:31128]

[Hire, Ejay]

On an off-topic note, PGP has a feature that will allow you to view an
encrypted (file/message) but not save or print.  The creative amongst us
could modify the source and recompile, but 

-Original Message-
From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 4:37 AM
To: [EMAIL PROTECTED]
Subject: RE: Permissions: read but don't copy [7:31128]


This is clear, thanks

Pierre-Alex

-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Kayne Ian (Softlab)
Sent: Tuesday, January 08, 2002 3:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Permissions: read but don't copy [7:31128]


Content filtering isn't the issue here. If the user opens a document on the
server and has to traverse the firewall to get it, the firewall will
evaluate the request based on it's ruleset. If it finds the request is valid
it will allow the data to be sent (ie: the document downloaded to the pc).
At this point the user is able to copy and paste on the local machine, which
is outside the control of the firewall. Content filtering only works to
control what data you receive, not what you do after you've got it.

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company


> -Original Message-
> From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]]
> Sent: 07 January 2002 16:44
> To: [EMAIL PROTECTED]
> Subject: Re: Permissions: read but don't copy [7:31128]
>
>
> Hi Daniel,
>
> You are right on the second point. The only way (that I know of)to
> accomplish the requirement is to deny the users the
> permission to write to
> their hard drive. Windows 2000 does have a very granular security,
> unfortunately, the way it is setup, if you can read a file
> from a server,
> you can also copy it to your machine. --- As Andy explained,
> since I have no
> control over the users' machine, I am stuck unless I use a web base
> interface (see previous messages)--
>
> One the first point, I am not so sure. My understanding is
> that content
> filtering does look inside the packets (application layer)
> and uses what it
> sees to filter traffic.
>
> Any firewall expert want to comment?
>
> Pierre-Alex
>
> -Original Message-
> From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 07, 2002 10:32 AM
> To: 'Pierre-Alex J. Guanel'
> Subject: RE: Permissions: read but don't copy [7:31128]
>
>
> Firewalls make decisions based on IP addresses and port
> numbers. So that
> doesn't look like a good candidate.
> I would think that W2K would have your solution. (I am in the
> dumb user
> category with MicroSoft). Cannot you set rights on files or
> folders? Is your
> problem that they can do either a copy or a "cut and paste"
> once they can
> read the file? Just thinking out loud - it would seem that their local
> machine would have to be severely
> restricted - as in a dumb terminal.
>
> > -Original Message-
> > From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, January 07, 2002 6:19 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Permissions: read but don't copy [7:31128]
> >
> >
> > Can a Cisco firewall do this?
> >
> > Pierre-Alex
> >
> > -Original Message-
> > From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, January 07, 2002 6:07 AM
> > To: [EMAIL PROTECTED]
> > Subject: Permissions: read but don't copy
> >
> >
> > Hi all,
> >
> > I am running Windows 2000 Advanced Server.
> >
> > I would like to allow users (Windows 98 / Windows 2000
> > Professional) to read
> > a file,
> >
> > but prevent them to copy it electronically to their desktop.
> > It looks like
> > Windows 2000 does not
> >
> > have the permissions to accomplish this. Has anyone done
> this before?
> >
> > Thanks,
> >
> > Pierre-Alex
> [EMAIL PROTECTED]
> >
>
> --
> 
> The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
> international's LISTSERV(R) software.  For subscription/signoff info
> and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .
>  COPYRIGHT INFO:
> http://peach.ease.lsoft.com/scripts/wa.exe?SHOWTPL=COPYRIGHT&L=WINNT-L
>



This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.

Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.

If you have received this 

RE: wireless max distance question [7:30822]

[Hire, Ejay]

Flourinert - (Pronounced Floor-in-ert) is pretty neat stuff.  You can put
your tv in a tank of the stuff and keep on watching.  also, if you've got a
intermittent solder joint, plug it in and dunk it in florinert.  You'll see
a thin stream of bubbles rising from the fault.  First time I saw it was on
the tv show Beyond 2000.  Anybody remember that one?

Back to the off topic subject of Liquid cooled CPU's, most desings I've seen
use mineral oil.  A fault with this design is that "bubbles" of moisture can
settle out and sink onto the Board/cpu.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31172&t=30822
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lab Equipments [7:31040]

[Hire, Ejay]

I have a 4-serial-port Cisco AGS I've been using as a Frame-Relay Switch I'd
like to sell.  $150.00
Also, I have the dte-dce cables to connect it to anything that uses a HD-60
serial port. (25xx & 4xxx series, as well as anything that takes a Wic-1t
card.)

-Original Message-
From: Prabhat Sen [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 05, 2002 8:58 PM
To: [EMAIL PROTECTED]
Subject: Lab Equipments [7:31040]


Hi Guys,


Want to set up a home lab. I have listed some stuff
that is should have. 

 3x2501 routers; 1x2522 or 2523; 3x2502/2504 routers

 A Cat5K switch or a 2900 (non XL); 1 TokenRing

 One ISDN Simulator; Token Ring Mau x 2; Token Ring
NIC/Cables x 2;
 
 Probably two Cisco 2602 or maybe 4700/4500/3620 

 Token Ring  3920 

Will adding an Intel Intelligent Server Adaptor be
helpful ?


Anything that i missed out.  Pls send me your
feedback, so that i can complete the set. Any ideas
from where i can buy this cheap? Awaiting your
feedback,

Thanks,
Prabhat


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31141&t=31040
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wireless max distance question [7:30822]

[Hire, Ejay]

If there is a significant interest in this, let me know.  I can make the
"lens" part on my lathe.

-ejh

-Original Message-
From: Jarmoc, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 4:43 PM
To: [EMAIL PROTECTED]
Subject: RE: wireless max distance question [7:30822]


There's also the good ol' 802.11b pringles can hack.  I haven't tried it,
and it's obviously not something you'd want to implement in a business
environment, but I've thought about playing with it as a home toy.

http://verma.sfsu.edu/users/wireless/pringles.php

Jeff Jarmoc - CCSA, CCNA, MCSE
Network Analyst - Grubb & Ellis
[EMAIL PROTECTED]



-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 2:17 PM
To: [EMAIL PROTECTED]
Subject: Re: wireless max distance question [7:30822]


I've heard of a Cisco antenna boosters.  Check the qprg. or
http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/airoa_ds.htm

Some directional antennas can get up to 25 miles.  You may need a line of
sight though.  Check with Cisco

FYI, Linksys wireless access points can be hacked via firmware and stuff to
get a +3 to +4 dB gain in power.

http://www.wi2600.org/mediawhore/nf0/wireless/docs/802.11/WAP11/fun_with_the
_wap11.txt



--
RFC 1149 Compliant.


FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30919&t=30822
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can ne1 Help me??? [7:30892]

[Hire, Ejay]

Router on a stick is a term used to refer to a router with a fast/Gig
ethernet interface connected to a Multi-Vlan trunk providing routing
services between multiple vlans.  The name "router on a stick" refers to the
way the router appears in a network diagram.  i.e. only one physical
connection to the network instead of multiple physical connections.

-ejh

-Original Message-
From: Kanthimathi R [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 1:22 AM
To: [EMAIL PROTECTED]
Subject: Can ne1 Help me??? [7:30892]


> Could You please explain the term
> "Router-on-a-stick" or "one-armed-router"
> 
> 
> TIA,
> R.Kanthimathi.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30917&t=30892
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISL Trunking [7:30728]

[Hire, Ejay]

True enough, the management VLAN doesn't have to be 1.  Using 1 is
reccomended however, because it is the default.

-Original Message-
From: Darren Crawford [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 12:32 PM
To: [EMAIL PROTECTED]
Subject: RE: ISL Trunking [7:30728]


I must disagree with VLAN 1 being the only administrative VLAN.  It is
simply the default VLAN.  At a previous client I set up a DMZ switch with a
management VLAN of 999.  This was on a Cat5505.

HTH

Darren

At 11:28 PM 1/2/2002 -0500, Mark Odette II wrote:
>Ali-
>If my memory serves correct, you must first specify another VLAN as your
>administrative VLAN before you can drop VLAN 1 from the trunk...otherwise,
>your trunk would be orphaned (become unmanageable) and you wouldn't be able
>to control it anymore- until you cleared the config that is.
>
>Some Catalysts may just simply not allow dropping VLAN 1, as it can be the
>only Administrative Vlan.
>
>If you have a SmartNet contract, you might just call TAC to get a quick and
>straight forward answer to this.  The call will probably last you 5 minutes
>+/-.
>
>-Mark Odette II
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Ali, Abbas
>Sent: Wednesday, January 02, 2002 5:59 PM
>To: [EMAIL PROTECTED]
>Subject: ISL Trunking [7:30728]
>
>
>Is it possible to remove default Vlans 1, 1002-1005 from ISL trunking?  I
am
>setting up a ISL trunking between Catalyst 2924 and 3640 router.
>
>I am running IOS on Catalyst XL 2924 and only want certain vlan on my link.
>IOS does it, but then it also inserts default vlan 1 and 1002-1005
>automatically.  The IOS accepts the remove command to remove vlans from the
>current list, but will not remove default vlans.
>
>Ali
x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:

Lucent Technologies
NetworkCare Professional Services
http//www.lucent.com/netcare/
Darren S. Crawford - CCNP, CCDP, CCIE TBA

Northwest Region - Sacramento Office
Voicemail (916) 859-5200 x310
Pager (800) 467-1467
mailto:[EMAIL PROTECTED]

x$:0`0:$xx$:0`0:$xx$:0`0:$xx$: 

"You always have time for things you put first" - Tucker Resources




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30812&t=30728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: simple ip monitor [7:30433]

[Hire, Ejay]

What'sUpGold.  Couldn't live without it.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 29, 2001 11:33 AM
To: [EMAIL PROTECTED]
Subject: Re: simple ip monitor [7:30433]


Cisco will be comming out with DHRP which will do just that.


""2387""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, I am looking for a simple program to monitor an ip and email me
when
> it
> goes up or down. Can anyone recommend a very basic program like this?
> thank you




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30561&t=30433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: setting up NPAT using only one ethernet interface (2501) [7:30504]

[Hire, Ejay]

Nope, won't work.  Yoou can't creat subinterfaces on the ethernet port of a
2501.  You can do secondary addressing, but not subinterfaces.

Happy new year all. -ejh

-Original Message-
From: Juan Blanco
To: [EMAIL PROTECTED]
Sent: 12/29/01 10:44 PM
Subject: RE: setting up NPAT using only one ethernet interface (2501)
[7:30458]

John,
What if you create subinterfaces, connect your isp link to a hub
and your
router the same hub
JB


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Mairs
Sent: Saturday, December 29, 2001 10:03 PM
To: [EMAIL PROTECTED]
Subject: setting up NPAT using only one ethernet interface (2501)
[7:30454]


Hi,

can I, if so, how would I go about setting up NPAT on
my 2501's only ethernet port. I am confused as to how
my router will be able to distinguish inside/outside
NAT on the primary/secondary interfaces.

Essentially I would like to now how to configure the
router to do this with a rudimentary explanation what
is happening.

I can find thousands of descriptions of how to set up
NAT but none of them show how to do this over a single
LAN interface.

Any thoughts would be greatly appreciated.

Thanks for your time,

John

__
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30504&t=30504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NATing 2 ip's [7:30301]

[Hire, Ejay]

FatPipe makes a box that does this.  They also have a vpn box that works
this way as well.

-Original Message-
From: to cisco new [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 28, 2001 2:07 PM
To: [EMAIL PROTECTED]
Subject: Re: NATing 2 ip's [7:30301]


thanks for the help.  fyi, the reason i asked is because i'm trying to set
up a redundant dsl connection to a different isp than my primary isp (the
reason for the different isp's)  i have an email and web server behind my
router so i need some kind of nating to each of the dsl lines.  a two global
ip's to one local ip seems like a possible solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30358&t=30301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LAN sub-interface routing [7:30225]

[Hire, Ejay]

Hi John.

interface ethernet 0
ip address 192.168.0.1 255.255.255.0
ip address 10.0.0.1 255.0.0.0 secondary

If you are using dynamic routing protocols on the interface, you will also
need to add no ip split-horizon.

Merry New Year.
Ejay

-Original Message-
From: John Mairs [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 27, 2001 3:10 PM
To: [EMAIL PROTECTED]
Subject: LAN sub-interface routing [7:30225]


Hi,

I have a 2501 (one ethernet interface) and I wanted to
route over that interface by setting up two
sub-interfaces. I can't assign an address because it
replies with

"configuring IP routing on a LLAN subinterface is only
allowed if that subinterface is already configured as
part of an IEEE 802.10 or ISL vLAN."

what will I need to do (specifically if you can) to
route over a single E0 interface?

thanks

__
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30229&t=30225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how do I add the vpn dial network adapter in win98 [7:30223]

[Hire, Ejay]

It's not in network properties, It's in...
Start>Settings>Control Panel> Add Remove Software>Windows
Setup>Communications> VPN Adapter.

-Original Message-
From: Nick S. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 27, 2001 5:33 AM
To: [EMAIL PROTECTED]
Subject: RE: how do I add the vpn dial network adapter in win98
[7:30072]


>From what I remember you need a particular version of DUN (Dial up network)
I think it was 4.3 . Check the CCO under TEchnical Documents --> VPN

Nick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30223&t=30223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fame Relay FECN BECN [7:29675]

[Hire, Ejay]

Congratulations, you're working with a commercial frame-relay provider.
 When I was a sprint customer, they marked all of my traffic as DE,
regardless of CIR.  Very annoying.  FECN'S, BECN'S, and DE are all features
that your provider may or may not have configured (properly) in their
network.  They are required to pass data, not meet with accepted industry
standards. 

-Original Message-
From: DAGENHARDT Frank [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 2:43 PM
To: [EMAIL PROTECTED]
Subject: Fame Relay FECN BECN [7:29675]


Group,
 
I thought I had FECN and BECN down in regards to frame relay setup. Recently
I have come across some router output that doesn't make sence to me.
I don't understand why I have DE pkts when I don't have and FECN or BECN
errors. Or for that matter how I can have so many DE pks and no of them were
dropped. I was thinking of implementing traffic shaping, but I don't know if
that will help if I am not receiving any BECN errors. On top of that I
understand that when your CIR is reached packets get marked DE but at what
point do they actually get dropped. Can someone try to make a little sence
out of this for me?
 
DLCI = 131, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0/1.131
 
  input pkts 29103083  output pkts 23370364 in bytes 3538537810
  out bytes 941866396  dropped pkts 13  in FECN pkts 0
  in BECN pkts 0   out FECN pkts 0  out BECN pkts 0
  in DE pkts 1154469   out DE pkts 0
  out bcast pkts 1379364out bcast bytes 110300947
  pvc create time 10w2d, last time pvc status changed 3w2d
 
Thank you,
Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29694&t=29675
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to disable NAT in Cisco PIX? [7:29641]

[Hire, Ejay]

Dumb question.

Does the Router on the otside interface of the pix (66.61.46.254) have the
following route in the route table?
ip route 129.174.1.0 255.255.255.0 to 66.61.46.120  

If not, a traceroute will show either unreachable or a routing loop.

-ejay hire

-Original Message-
From: David Tran [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 12:08 PM
To: [EMAIL PROTECTED]
Subject: How to disable NAT in Cisco PIX? [7:29641]


I posted this question once before; however, none of the
advise mentioned work so I am going to post it again hoping
that I might be able to an a correct answer this time.
By the way, please don't tell me to change the default route
because everything works.  The PIX can ping the Internet just
fine.  Furthermore, I have a workstation on the 66.61.46.0/24
network (66.61.46.150) and that machine can reach the Internet
just fine.  There is no problem with connectivity issue except
for the fact that the machines from the "inside" interfave can
NOT browse the Internet.  Why it doesn't work is a mystery
to me.  Another thing, this is a TEST network so everything
is wide open at the moment.  Please help.

I am having problem setting up a network in this scenario

with my PIX515-UR firewall running version 6.1(1) with pdm

version 1.1(2).

I have a network with REGISTERED IP addresses. The

"inside" interface of the PIX is on the 129.174.1.0/24

network with IP address of 129.174.1.254. The "outside"

interface of the PIX is on the 66.61.46.0/24 network with

IP address of 66.61.46.120. The "inside" interface has

a security level of 100 and the "outside" interface has

security level of 0. On the "inside" internal network, I

have 10 workstations range from 129.174.1.1-10. These

workstations have the default gateway point to the

"inside" interface of the PIX.

I understand that for machines from the "inside"

network to access the Internet, the command "nat"

and global must be used. However, since I all of my

machines have valid (aka registered IP addresses), I

want to disabe NAT completely. For, example,

I want machine 129.174.1.1 to be able to browse and

ping any machines on the Internet. At the same time,

I don't want users from the Internet to be able to access

any of the workstations on the "inside" interface. I have

been searching for documentation on Cisco website

but it seems likemost of the example have to do with NAT

enable. There are a few examples that will disable NAT

but it is relatedto VPN which is something I don't want.

Furthermore, most of the examples fill with errors and

pretty worthless (for PIX anyway). If anyone has done

this before, let me know. I also include a copy of the config.

Thanks.

David

PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password sdfkjfdjjdfjksdf encrypted

passwd sdfjksdfkjsdfjksjf encrypted

hostname ciscopix

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list no-nat-list permit ip any any

access-list no-nat-list permit icmp any any

pager lines 24

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 66.61.46.120 255.255.255.0

ip address inside 129.174.1.254 255.255.255.0

ip address dmz 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address dmz 0.0.0.0

pdm history enable

arp timeout 14400

nat (inside) 0 129.174.1.0 255.255.255.0

static (inside, outside) 129.174.1.0 129.174.1.0

conduit permit ip any any

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 66.61.46.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00
sip

0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29678&t=29641
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mask in L3 Packet [7:29182]

[Hire, Ejay]

A host on the 172.16.x.x/16 network would have to have a specific route for
172.16.2.x/24, or the packet would not be directed to a router, and
(Ignoring proxy arp) the communication would fail.

If proxy arp was enabled on the local router, and the router was configured
with a mask smaller than /16, it would work.

ejh

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 14, 2001 2:07 PM
To: [EMAIL PROTECTED]
Subject: Re: Mask in L3 Packet [7:29182]


Say I have 2 networks:

Network 1.  172.16.x.x/16
and
Network 2.  172.16.2.x/24

We all agree that they are two different networks, right?

Now if Host A on
Network 1 is 172.16.2.1/16

and

Host B is on Network 2 is 172.16.2.1/24,

How does the host know that the second host is on a different network?  Are
they differnt addresses because of the mask, or are they considered the same
address regardless of mask, and therefore illegal?  I understand ANDing on
the local host.  It's just if 2 hosts had the same numbers, only marked
differently by the mask, are they the same or not?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29233&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confirm your subscription [7:28112]

[Hire, Ejay]

If anyone confirms this subscription, I will forcefully remove your
link-clicking fingers.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 04, 2001 4:08 PM
To: [EMAIL PROTECTED]
Subject: Confirm your subscription [7:28112]


~~~
Mailing List Subscription Confirmation
*** Confirmation required ***
~~~

You recently decided to join a mailing list.

This list has a double optin feature so you must goto the URL listed below
to finish joining this list. This is a safeguard for you.

PLEASE VISIT THIS LINK TO CONFIRM YOUR SUBSCRIPTION:
http://pub26.bravenet.com/elist/add.php?usernum=2223729417&id=4507306

This email is being sent to you because of a request to join a mailing list.
If this message was sent in error, please disregard it and no further email
will be sent to you on this subject.


---
Bravenet.com ~ free webtools for webmasters ~ http://www.bravenet.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28132&t=28112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Advise on Auction fraud [7:28004]

[Hire, Ejay]

Also, I strongly reccomend against buying big-ticket items from sellers that
are overseas.  If you do, pay the extra to use an escrow service.  I bid on
a 26xx from a chap on Ebay.  The listing said he was in Germany.  When I won
the auction, I got the actual contact info and he had registered the account
under an address in North Carolina.  When I asked him about it, he stopped
returning my e-mails.  I feel like I saved myself from getting burned.

-Ejay


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 2:24 PM
To: [EMAIL PROTECTED]
Subject: OT:Advise on Auction fraud [7:28004]


Sorry for off topic
I recentley bcame the victim of the Auction fraud the guy took my $1000 for
2621 router and now not replying for my emails and also I came to know that
thi s guy is a fraud and  done similiar thing to at least 4 other people
,Now
what are the options I have to get my money back from him

Thanks for all your advise
Kaamvi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28020&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Absolute Must-See Cisco-related website [7:27490]

[Hire, Ejay]

For the more technically challenged, that's cisco.com, ietf.org and
ieee.org.

Great stuff, a very non-subtle way to get the point across.

-Original Message-
From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 28, 2001 2:56 PM
To: [EMAIL PROTECTED]
Subject: RE: Absolute Must-See Cisco-related website [7:27490]


Works great in Opera however...


-Original Message-
From:   Dennis [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, November 27, 2001 6:36 PM
To: [EMAIL PROTECTED]
Subject:Re: Absolute Must-See Cisco-related website [7:27490]

For some reason this url obfuscation doesn't work in IE6...



--

-=Repy to group only... no personal=-

""Logan, Harold""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yah that site's great'n all, but here are some that REALLY have all the
> answers:
>
> http://3330661145
>
> http://68265990
>
> http://2355282214
>
>
> Hal  -Original Message-
> > From: TALBOT, WILLIAM P (SWBT) [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, November 27, 2001 2:06 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Absolute Must-See Cisco-related website [7:27490]
> >
> >
> > I have heard of that site (from somewhere...) but I don't
> > have the time
> > to do all that typing into the web browser and then all that
> > typing into
> > the search windows and sifting through the results and then
> > reading and
> > trying to understand what the pages say...it's all just too
> > time consuming!
> > I would much rather have someone just hold my hand and
> > explain it all to
> > me without having to do all of that other stuff on my
> > own...and I do really
> > appreciate how much effort I avoid by doing it that way.
> >
> > Thanks,
> >
> > Pat  ;-)
> >
> > -Original Message-
> > From: John Neiberger [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, November 27, 2001 11:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: Absolute Must-See Cisco-related website [7:27490]
> >
> >
> > Check this out.  I found it recently and I have never run
> > across a more
> > useful site with more information regarding networking technologies,
> > Cisco-related products and capabilities, configuration
> > guides, you name
> > it!  The URL is:
> >
> > www.cisco.com
> >
> >
> > Regards,
> > John (who apparently needs some more coffee this morning  )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27730&t=27490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Numbers [7:26741]

[Hire, Ejay]

#2 = 2

PIR^2 = 2RPI
R =2


-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 19, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: RE: Spanning Tree Protocol [7:26538]


Playing with numbers...

1) What's special about 142857?

2) What radius of a circle gives it the same area as it's circumference?

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~


-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 17, 2001 1:27 PM
To: [EMAIL PROTECTED]
Subject: RE: Spanning Tree Protocol [7:26538]


At 10:12 PM 11/16/01, Kane, Christopher A. wrote:
>Someone was a Douglas Adams fan?

Of course! Also another cool thing about 42 is that it's a palindrome (the 
same backwards and forwards in binary) and avoided the Little Endian/ Big 
Endian wars!

Priscilla


>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: Friday, November 16, 2001 8:27 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Spanning Tree Protocol [7:26538]
>
>
>At 04:55 PM 11/16/01, John Neiberger wrote:
> >You asked that question right when I had EtherPeek running on my PC.
> >So, the answer is:
> >
> >0180.c200.
> >
> >Source and Destination SAP:  0x42 :-)   See?  The answer *is* 42!
>
>According to Radia Perlman, the IEEE chose this SAP on purpose. ;-)
>
>
> > >>> "Randy Lopez"  11/16/01 2:27:57 PM >>>
> >What Multicast address does STP use?
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26741&t=26741
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 AUX to modem help. [7:26589]

[Hire, Ejay]

Yes, It's doable.  If your ISP doesn't give you a static IP, then you'll
need Ios 11.3+ because it has the Ip address Negotiated command.

1.  Connect the modem to the aux port.  Configure the aux port for the
Maximum baud rate, no exec, and Reverse telnet.
2.  Reverse telnet to the modem to make sure everything works right.
3.  Configure Reset and Dial Chat Scripts for the modem wit appropriate AT
commands.
4.  Stick the async interface (aux) in a Dialer Pool
5.  Create your Dialer interface with the parameters necessary to dial-up to
your ISP.

Here is a working config.  Ignore the nat configuration.


version 11.3
service timestamps debug uptime
service timestamps log uptime
!
hostname 2501_Top
!
enable password password
!
ip subnet-zero
ip nat inside source list 99 interface Dialer1 overload
chat-script dial ABORT ERROR "" "AT Z" OK "ATm0DT \T" TIMEOUT 30 CONNECT \c
!
!
interface Ethernet0
 ip address 172.16.0.2 255.255.255.252
 ip nat inside
!
interface Serial0
 no ip address
 no ip mroute-cache
 no keepalive
!
interface Serial1
 ip address 10.0.0.1 255.255.255.252
 encapsulation frame-relay
 frame-relay map ip 10.0.0.2 17 broadcast
!
interface Async1
 no ip address
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 ppp authentication pap chap callin
!
interface Dialer1
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer remote-name ELN/username
 dialer string 9,9770971
 dialer hold-queue 100
 dialer pool 1
 dialer-group 1
 ppp authentication pap chap callin
 ppp chap hostname ELN/username
 ppp chap password  mypassword
!
router rip
 redistribute connected
 network 172.16.0.0
 neighbor 10.0.0.2
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 2 deny   any
access-list 99 permit 192.168.0.0 0.0.255.255
access-list 99 permit 172.16.0.0 0.15.255.255
access-list 99 permit 0.0.0.0 0.255.255.255
!
line con 0
 exec-timeout 3 0
line aux 0
 no exec
 script dialer dial
 modem InOut
 modem autoconfigure type usr_sportster
 transport input all
 stopbits 1
 speed 38400
line vty 0 4
 password password
 login
!
end 

-Original Message-
From: Thomas Yi [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 17, 2001 1:38 PM
To: [EMAIL PROTECTED]
Subject: 2501 AUX to modem help. [7:26589]


Hi.  I would like to connect my modem to AUX
port on my 2501 router, so I can connect to my
router through PSTN.  Is this possible?  BTW I need to do some configuration
on my modem.
how do I access modem through router?

Is it possible?  In my BCRA class, we've used 3640 router.  Configured the
ethernet interface and we were able to connect to the modem using the ip
address of ethernet and the port number which was 2033.  The modem was
connected to s1/0 on the slot 1.  BTW y is it that when I used the ip
address and the port number of the modem 2033, I was not able to telnet to
the mode?  even through the modem was physically attached to that serial
interface?
instead we used the ehternet int ip address.

Then do I have to configure my E0 interface to access modem that is
physically attached to AUX port?  If so with what port number?  If not, how
do I do it.

TIA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26714&t=26589
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent! Please help! [7:26396]

[Hire, Ejay]

Troll

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 1:51 PM
To: [EMAIL PROTECTED]
Subject: Urgent! Please help! [7:26396]


My stuff is broken, I think I need some things to fix it.

Any ideas on what's wrong?

any help appreciated!

-Patrick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26402&t=26396
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: about BGP [7:26353]

[Hire, Ejay]

To Configure BGP on Non-directly connected neighbors, you use the following
command

Router bgp AS
neigbor X.X.X.X ebgp-multihop N

Where:
AS is your AS number
X.X.X.X is the Ip address of the remote Peer
N is the maximum number of hops between the 2 peers (N is reccomended but
not required.)

Good Luck,
Ejay



-Original Message-
From: Ihsan Turkmen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 5:37 AM
To: [EMAIL PROTECTED]
Subject: about BGP [7:26353]


Hi.
 
I am trying to configure two routers  as BGP peers . Routers (both) are on
the same LAN but in diffrent subnetworks. I mean, routers can ping eachother
, since there is another router between them. But , they can not establish
BGP connection as two neighbours. Does that mean they have to be dirctly
connected to eachother.?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26359&t=26353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CAT 5500 backup [7:25969]

[Hire, Ejay]

You can also force it to write the config to a tftp server via snmp. 

-Original Message-
From: 416South [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 12, 2001 12:43 PM
To: [EMAIL PROTECTED]
Subject: CAT 5500 backup [7:25969]


Question in regards to the config of a CAT 5500

I just wanted to get info on the CAT5500 in regards to the config and
backing it up during production hours.  I currently back up the config of
the SupIII engine(RSM) but not quite clear on the Cat portion of things and
the process to do so.

Any help would be appreciated.

Thanks

C




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=25991&t=25969
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Location of Switching stuff in DOC CD [7:25798]

[Hire, Ejay]

Cisco Product Documentation >Multi-Layer LAN Switches >Catalyst 5000 Family
Switches >Switch Software Documentation 5.4>
I use the Software config guide and Command reference.

-Original Message-
From: IT Guy [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 11, 2001 3:02 AM
To: [EMAIL PROTECTED]
Subject: Location of Switching stuff in DOC CD [7:25798]


Hi Guys,

Any IDea where I can find stuff for Switching  Like Port security,Play with 
VLAN etc etc in DOC CD>>?

Thanks for help.

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=25960&t=25798
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two default routes on the same router [7:25750]

[Hire, Ejay]

Yes, it will work.

If you have Ip route-cache enabled on both of the interfaces then it will
load balance on a per destination basis.
If you have Ip route-cache disabled, then it will load balance on a per
packet basis.

-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 10, 2001 11:35 AM
To: [EMAIL PROTECTED]
Subject: Two default routes on the same router [7:25750]


Does anyone know if you can have two completley different default routes and
on the same router in totally two different subnets pointing to two totally
different gateways?
For instance
ip route 0.0.0.0 0.0.0.0 25.13.240.1

ip route 0.0.0.0 0.0.0.0 65.11.213.1

Will the router parse each one separatley or will neither one of them work?
This is on a 2514 .

Thanks
Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=25958&t=25750
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Netflow switching. [7:20943]

[Hire, Ejay]

If anyone has some netflow switching capable equipment in a non-production
environment, please contact me off-list.  I would like to get some packet
captures of the netflow statistic packets.  (between the router and the mgmt
station)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20943&t=20943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Probobly a stupid question.... [7:14273]

[Hire, Ejay]

The cheap way to do this is with a $99.00 LinkSys router/firewall.

-Original Message-
From: Guy Russell [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 5:47 PM
To: [EMAIL PROTECTED]
Subject: Probobly a stupid question [7:14273]


Is it possible to set up NAT on a router for DSL, allowing the DSL side
connection to receive a DHCP generated address??

I have been running 2000 server Nat, and using my DSL connection with no
problems, but would like to remove the server interface completely...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14279&t=14273
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list w/ prime numbers [7:14117]

[Hire, Ejay]

If you mean block all even or odd numbers, then yes it can be done.  If you
mean prime numbers, then it cannot be done in a short/simple access-list.

Why? ..Because there isn't a short/simple binary bit pattern that
encompasses the prime numbers.  I.e.

1 0001
2 0010
3 0011
5 0101
7 0111
11 1011
13 1101

>From a bit-pattern view, It seems random, and not short/simple
access-listable.

Compare to even numbers
0 
2 0010
4 0100
6 0110
8 1000
10 1010
(Hint:  the Rightmost digit is always a 0)

HTH, 
Ejay


-Original Message-
From: Alejandro Pelaez [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 2:58 AM
To: [EMAIL PROTECTED]
Subject: access list w/ prime numers [7:14117]


Hola All!

I want to set up an access list that do the following:
deny all packets from subnet 192.168.1.0 with last octect a prime numer.

Alejandro




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14230&t=14117
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]