OT: Re: Top Search Engine Placement [7:1817]
Here's a fun thought to do with people like this: With an unmetered phone lines you can call all you want and you never get charged (since I don't have any modems, I have a metered line as I rarely use the phone). A little war-dialer program would be useful for just such spam and have it run all night. Whenever you get a piece of spam like this, the number gets changed to the new one listed (which would usually lasts a week or two until the next bozo that gets around my spam blocks, depending on how well your email is filtered). I just wonder what it would do to their 800# bills *g* I bet it'd be annoying as hell to get a hundred messages a day as well (have it call, waits 5 seconds, dials the extension if needed and wait, then plays an mp3 of Monte Python's SPAM out the sound card into the line). Would serve them right though ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Removal instructions below I saw your listing on the internet. I work for a company that specializes in getting clients web sites listed as close to the top of the major search engines as possible. Our fee is only $29.95 per month to submit your site at least twice a month to over 350 search engines and directories. To get started and put your web site in the fast lane, call our toll free number below. Mike Bender 888-892-7537 To be removed call: 888-800-6339 X1377 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1831t=1817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd for Windows 2000 !!! [7:1820]
I like 3CDaemon. 3Com's support site has it under Windows Apps. I keep a copy on my ftp server as well for easy access at customer sites (I hate it when silly support sites change or move files): ftp://artoo.net/pub/bin/windows/32bit/3CDaemon206.zip -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Sameh Badros wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Where I can get syslogd for windows 2000 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1832t=1820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP routing is enabled by default on Cisco 2600's [7:1821]
What IOS were they running? Did they prompt you for configuration on boot, or already seem to have a config? If so, use 'enable' and then 'erase startup-config' and see if it's not enabled by default. I have never had to enable it on a router fresh out of the box in my short two years with Cisco gear. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Colin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi I have read in numerous places that IP routing is enabled by default on Cisco routers. Is this is true? The reason I ask is because the last 3 Cisco 2600's I've received (new routers straight from a VAR) have had IP routing disabled? Thanks Colin FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1834t=1821 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Documentation CD [7:1802]
Very cool. I'd dinked with it a few times and never got it to work, and this solved it for me. Now it prompted for the browser to use, and I select IE and it just works. I don't know why Cisco can't just store the whole thing in pure HTML so folks can browse it with whatever OS/browser you want... silly folks. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Alexander Roth wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... yes try this, open the search.ini file under CiscoCD dir, find this line Browser=C:\Progra~1\INTERN~1\iexplorer.exe change to Browser= then save open the search.ini file under CiscoCD dir, Hoa Ngo schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi! I have a documentatin CD( Version April 2000). I have trouble to use it on windows 2000. Does anyone have problem? Can you show me the way to fix this? Thank you in advance. Hoa _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1833t=1802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Certification Plaque [7:1786]
I think everyone should forward the original email to their Cisco CAMs and request. If we make enough noise, perhaps we'll get some cool plaques. I'd say it's warranted at the CCxP level (although, give things for CCxA on the plaque as well), and perhaps even once you get any single CCNA-level Specialization. Maybe even if you just get both CCNA and CCDA they could send it. Of course, Cisco is in budget cutting mode, so it's doubtful. The Cisco of 6 mos. ago would have done it though. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'd love something like that. I didn't get squat for CCNA, CCDA, or CCNP. For CCDP I got this awful cap that no one wanting to retain any semblence of coolness would be caught dead wearing. Kevin Wigle 4/24/01 5:17:26 PM Dear Group, Got a present delivered by FedEx today. I can remember a thread a long while back about not getting a decent plaque when you certified to CCDP or CCNP. Well, Cisco Canada has started a program that does send out a neat plaque. It reminds me of the laser cut wooden plaque I got when I certified for CBE (Certified Banyan Engineer). The plaque is 9 by 11, wooden and has a metal Cisco Bridge on it with Cisco Systems embossed. Your name is cut into the wood as well as the sentence: Recognized as Cisco Certified Then in a little bag are brass plates with all the certs you have earned. CCNA, CCDA, CCNP and CCDP (in my case). You peel off the sticky tape and place them on the plaque. A letter suggests you may want to place them in consideration of earning more certs! I know the idea is the knowledge (or the journey) and not the certs (or the trinkets/certificates) but I have to admit that this looks cool and somehow suggests a more substantial achievement than a piece of paper might indicate. (in the industry cert arena anyways) However, I guess you get the plaque even if you've just passed CCNA. so I don't know. Perhaps they should restrict it for the NP/DP. I'm not sure I would agree that any one exam cert deserves this kind of recognition... (easy to say since I've got more I guess) Don't know if Cisco (US) will start this but I think that it would be welcomed if they did. Kevin Wigle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1985t=1786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix 6.0 debut? Anyone know when? Thanks [7:1780]
So add a week and looks for it the third week of May ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Alex Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was told yesterday by TAC that it would be second week of May. Dropped Packet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1988t=1780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
But I would compare the CNE to the CCNP/DP, and put the ECNE/MCNE at about half-way between that level and the CCIE. Apples to oranges. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Ronnie Poon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How about Novell CNE. It also have a same thing. Donald B Johnson jr wrote: Yeah I got a mcse in 96 and thought the same thing when it happened to that program. OH well I still want to be part of the swelling ranks. You could drop out and help us out though :). Don - Original Message - From: Tennesee Stud To: Sent: Wednesday, April 25, 2001 8:28 AM Subject: CCIE depreciation in 2 years [7:1882] I was wondering what others thought about the CCIE. It seems to me now that there are so many books and training materials geared towards the CCIE, it is making it easier to obtain the CCIE. With a steady diet of the right books ( which everyone seems to agree on) and hands on time with routers and switches ( which to me is the only obstacle), it does not seem as difficlut as it proclaimed (and I think most people see that).My opinion is the CCIE will be devalued considerably in the next few years (As far as salary is concerned as well as prestige) As others have pointed out, the CCIE population is growing at a faster rate (routing and switching), and even though the demand is high for the CCIE now, I think in 2 years there will be a difference in the way the industry views CCIE's .02 thats all Tennesee Stud _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1996t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
Has anyone heard any recent stats on pass/fail rate for the CCIE? I believe I've heard a few times that it was 80% fail rate the first time through. Not that a Jedi, err, Network Engineer should think about such thinks or be fearful, but still, I'm curious. Speaking of, this is one of the coolest home made Star Wars fans movies I've seen to date: http://www.crewoftwo.com/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Coleman, Jason wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here is my .02 If you don't yet have your CCIE then how can you possibly assume that it is or is not as difficult as most people think that it is. I have not yet taken the test, although I am in the process of studying for it now. Until I take the test I will continue to treat it with the utmost respect and assume it will be the most difficult experience in my technical career. Do anything less and you are setting yourself up for failure! -Original Message- From: Tennesee Stud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 10:29 AM To: [EMAIL PROTECTED] Subject: CCIE depreciation in 2 years [7:1882] I was wondering what others thought about the CCIE. It seems to me now that there are so many books and training materials geared towards the CCIE, it is making it easier to obtain the CCIE. With a steady diet of the right books ( which everyone seems to agree on) and hands on time with routers and switches ( which to me is the only obstacle), it does not seem as difficlut as it proclaimed (and I think most people see that).My opinion is the CCIE will be devalued considerably in the next few years (As far as salary is concerned as well as prestige) As others have pointed out, the CCIE population is growing at a faster rate (routing and switching), and even though the demand is high for the CCIE now, I think in 2 years there will be a difference in the way the industry views CCIE's .02 thats all Tennesee Stud _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1994t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 2900 Password Recovery [7:1911]
Bookmark it. I use it 2-3 times a month (clueless customers). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ sparkest pig wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... anyone know the link for Cat 2916 password recovery? thanks in advanced _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1995t=1911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
I can't see the certification being devalued. Cisco is constantly making the test harder by adding more and more relevant items and removing those that are not. Plus, by forcing older CCIE's to keep current with the CCIE Written is decertifying those that don't care and keeping the numbers from growing too fast. And, as you say, with the need for more and more folks at this caliber is increasing, I don't think there will be any problem with the demand keeping up with the increased supply. Not if the AVVID thing takes off for one (and it is, at least for us). Our local county let their top PBX staff go and is looking to implement VoIP (I don't know why they cut first and didn't get the new system in place first, but government doesn't always make sense). The question is, of course, who will win, 3Com, Nortel, or Cisco (our shop actually does all 3, so we don't care so long as we win the bid, hehee). http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_present.html Just checking the current numbers, they're not up that high - 5595 Active CCIEs (4992 as of 11/01/2000, up 137 since 4855 CCIEs as of 06/01/2000, which was up 156 since 03/31/2000 at 4699). That's only 896 new CCIEs in year. Granted, it sounds like a lot (~75/month), but compare that to the MCSE numbers (which I'd love to see, especially with the new Win2k stuff out). Especially if you figure probably a third, if not more are Cisco employees ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Tennesee Stud wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was wondering what others thought about the CCIE. It seems to me now that there are so many books and training materials geared towards the CCIE, it is making it easier to obtain the CCIE. With a steady diet of the right books ( which everyone seems to agree on) and hands on time with routers and switches ( which to me is the only obstacle), it does not seem as difficlut as it proclaimed (and I think most people see that).My opinion is the CCIE will be devalued considerably in the next few years (As far as salary is concerned as well as prestige) As others have pointed out, the CCIE population is growing at a faster rate (routing and switching), and even though the demand is high for the CCIE now, I think in 2 years there will be a difference in the way the industry views CCIE's .02 thats all Tennesee Stud _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1993t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE lab equipment - VOIP help needed. [7:1774]
Buy a 6400 ;-p http://www.cisco.com/warp/public/cc/pd/as/6400/ Cheaper to order ADSL if you can get it. However, it's pretty much pointless for real ATM practice (just read a sample config for an 827), as you can't change the ISP side of things. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ [EMAIL PROTECTED] (John Nemeth) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Sep 14, 11:18am, Jon wrote: } } Might look at the 827-4v router, as well. It's an Alcatel-DSL modem, with } an ethernet interface and four FXS interfaces. Should be able to buy two Not to mention the DSL port. I've been wondering how one could do DSL in a lab? }-- End of excerpt from Jon FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1972t=1774 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Career/education recommendations after High School [Re: [7:1978]
Of course, those that have gone to college value it more, but I say forget college and don't waste 4+ years of your life if you know what you want to do and don't need it. I've seen a number of pay-scale tables, and here's an example of what I've seen a number of places: 2 years of experience is worth a 4 year BA/BS degree. Now if you can swing working part-time in your field, nail some good certs along the way, AND do college, I say go for it. Especially if you're single and unencumbered. If you can swing it, check out your local junior/community colleges. Here in California they're dirt cheap (a very small fraction of the cost of 4-year schools). The best thing is that if you get tired of the school thing after 2-3 years, you should at least have your AA/AS, versus all those folks that stop college half-way through and have nothing to show but student loans. Depending on how you work, most have night classes to cover most of your low-end prereqs so you can work during the day and do school at night. If you can pull light work during the day and do night classes, I'd say this is the way to go (you get the experience credits people looks for, and the degree). Plus, if you want to do the BA/BS thing, you can easily transfer after your AA/AS. My brother has done this (he actually took 3 years to get his AA, but took it slow and took a lot of extra classes that interested him (electrical, engineering, compsci), and didn't count much toward his journalism/communication degree). The best thing of all is that when he graduated, he owed nothing, and in fact had saved up enough money to pay for two years of state college. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... One more thing to add to that Phil. Russ... at 17, let me make one suggestion to you... put some money away now for your college years! I too had a similar job to Russ, but I spent my money on stupid things that I thought were important at 17 and then when the real fun hits you in college, you are already tapped out! Put in your time, put some money away and it will all come around!! Good luck dude! [EMAIL PROTECTED] For information on our award winning server storage products: Dell Server Site: http://www.dell.com/products/poweredge/index.htm -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 24, 2001 9:06 PM To: [EMAIL PROTECTED] Subject: Re: Failed CCDA [7:1698] When I was 17 years old (1987), I washed chili pots @ the local greasy spoon for $3 an hour... wondering how I was going to pay for college. My senior worked 9 to 4 (I worked 4 to 11, sometimes 12AM), made $5 an hour, only had the cushy lunch crowd to contend with, left the tough pots for me. I feel your pain. Pay your dues change things when you get in a position to. Phil - Original Message - From: Russ Kreigh To: Sent: Tuesday, April 24, 2001 8:49 PM Subject: RE: Failed CCDA [7:1698] I too am only 17 years old and like Priscilla I think this is a controversial topic. However, I have a very strong opinion, therefore am going to express it. :-) I currently work for an local ISP and have quite a bit of Cisco experience along with very much UNIX (BSDi, Linux, HP-UX, Solaris), HTML, JavaScript, ASP, PERL, etc etc. However, I make significantly less that a new guy that was hired to work along with me. I am just as qualified, if not more. Of course, there are other issues to consider; I am part-time and he is full time, I know that makes a difference, that part I understand. But, I feel that a large portion of it has to do with my age, not based on my ability to perform my job. On a Cisco related note, I am going to schedule my CCDA exam within the next month, along with my CCNA. I am very confident that I will do good on my CCNA, and have been studying CCDA material and getting some real-life experience in my job. The message I am trying to point out is that just because we may be young doesn't mean that we should not be taken seriously. Also, I know that my age also offends some people who have been in the field a long time. I can't really speak from expeirence here, but I know that more women have choosen careers in the Technology field in the past 10 years. Just as their co-workers have come to accept it more, they are going to have to accept that us young adults can be capable of doing the same job. -Russ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, April 24, 2001 1:03 PM To: [EMAIL PROTECTED] Subject: Re: Failed CCDA [7:1698] I'm going to say something Very controversial here, which is that I think it's a good sign that a 17-year old had a hard time with the CCDA
Re: Certification Ego! (was Failed CCDA) [7:1929]
I won't argue that it's always wise to follow what other people did, but I will make a few points. First is that unless you know at least a very good entry-level knowledge of networking beyond the Cisco product line, you're not very useful. A CCIE who has never touched NT or Unix, bah, I don't see a huge value. I guess it varies on what you're doing and wanting to do, but for me, 70% of my time is spent helping a customer figure out what in the world they need me to do with the routers. I had a customer today that was going to deploy a DHCP server on each subnet because they didn't understand any other way to do it. If I didn't know NetWare DHCP and NT DHCP servers, I wouldn't have been able to help them today beyond just saying configure you DHCP server for scopes for those subnets. Yes, I know how to do the ip helper-address, but unless they can configure their DHCP servers, that knowledge doesn't do much. As it is, I spent 15 minutes explaining how the whole thing would work, and then the rest of the day configuring scopes and then finally implementing ip helper-address on all the necessary interfaces. So, I do think it's necessary to have a good foundation in various areas. No, you don't need a paper cert to have that experience, but if you're going to learn it and can chase down certs, you might as well so that you've got proof to show customers who go bug-eyed at certs. It's like that commercial (I think IBM does it), where two consulting guys are telling this high-up exec a huge list of things he should implement. He listens (clueless, of course), and says, Great, do it! to which they reply something like, Oh, we don't do anything, we just give consulting as what you need to do. Tomorrow I will be explaining to a customer why they need to not permit all DMZ traffic into their Internal LAN, and what changes they'll have to make on their servers, including, but not limited to, DNS and WINS. I don't think there is anything in Cisco's line that will test you on those topics. I know for me, the CCIE is not the ultimate, but it's pretty damn high up there. I have doubts I'll go back and upgrade my MCSE to Win2k if I get my CCIE and can avoid it. I guess my point is once you get to a certain level, you're less likely to want to go back and do the things that would help you more as they seem of a lesser value or skill set. I do know that I won't be doing my CNE, but then I doubt those who don't have to deal with Novell on a daily basis see it as useful these days. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Fred Danson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... One thing that I ALWAYS notice when asking someone else for advice is that they ALWAYS advise me to take the same path that they did. No matter how dissimilar out situations are, I will always be advised to take the same route that they took. For example, when I was finishing up with my CCNP certification, I asked for advise from several other people who also were finishing their CCNP certifications. A few of the people that I asked were MCSE's and they all told me to go for MCSE before CCIE. Their reasoning was that I wouldn't be able to understand the WAN unless I had a solid understanding of the LAN. Now I do think that there is some logic to this statement, but I definitely did not think that it made sense to put CCIE on hold for 5-6 months just to learn more about Microsoft. I think their real reasons for giving me such crappy advice is that they're afraid to admit that they made a mistake. If they suddenly realized that they wasted 7 months learning about Microsoft, would they be willing to admit this? I really doubt it! They would tell me to do what they did so they can boost their own egos! Or on the other hand, they wouldn't tell me not to do what they did because they would hurt theie egos. So now, instead of blindingly taking someone's advice, I take a realistic look at all of my options. Being only 20 years old, I was advised by many experienced professionals to give it a few years before attempting the CCIE. Does it really take that long to learn all this stuff? I really don't think so. There is an abundance of information out there, and all you have to do is put in the extra effort to learn it. Heck, I didn't even know what a Router was until about 7 months ago, and I already have CCNA, CCDA, CCNP, and CCIE written. My point here is, don't listen to anyone that isn't in the same situation as you! Take a realistic look at your options and go for it! Fred Danson P.S. - I have a problem with the statement youth is a unique illnes that heals with time only. From what I hear, the older portion of the CCIE candidates typically struggle with the time constraints on the CCIE Lab. To my knowledge, cheese and wine are the things that improve with age. They may have the wisdom, but you
Re: Just Pass CIT and become CCNP certified, but .. [7:1677]
Congrats! Comments inline -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ryan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone tell me what is chapter(s) in cisco press book belonged to the following categories which appear in my score sheet ? Thanks Category in my score sheet: --- Connectionless Models (33%) tcp/ip's udp, Novell's spx are both connectionless protocols. HDLC (75%) encapsulation method (vs. ppp or frame relay, etc.), not sure what chapter that'd be on in your list. OSI backups (100%) Troubeshooting (71%) Cisco press Chapter: Chapter 1 Support Resources for Troubleshooting Chapter 2 Understanding Troubleshooting Methods Chapter 3 Identifying Troubleshooting Targets Chapter 4 Applying Cisco Troubleshooting Tools Chapter 5 Diagnosing and Correcting Campus TCP/IP Problems Chapter 6 Diagnosing and Correcting Novell Networking Problems Chapter 7 Diagnosing and Correcting AppleTalk Problems Chapter 8 Diagnosing and Correcting Catalyst Problems Chapter 9 Troubleshooting VLANS on Routers and Switches Chapter 10 Diagnosing and Correcting Frame Relay Problems Chapter 11 Diagnosing and Correcting ISDN BRI Problems FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1797t=1677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: authentication [7:1697]
syslog out to whatever (3Com's 3CDaemon is my fav Win32 app), and use WebTrends to make pretty stats for you. I believe they have a specific version for firewalls/internet access stats. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ SH Wesson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can Cisco ACS be used for Internet access authentication? If it can, is it recommended since I'm using Cisco ACS for my router authentication and VPN authentication. Also, what software do you recommend for logging web access on a Cisco PIX. I've used WebTrend in the pass but wanted to get someone else's opinion. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1803t=1697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pathetic Prometric [7:1746]
You have your stamped Prometric test results, I hope? Please keep us informed. I've taken all my tests at Prometric and never had problems. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ sdonoho wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I need to vent. I studied and passed(did quite well) the BCRAN test 4/9. I noticed today that my records on the Cisco tracking site did not reflect my passing of the test or failing. I called Prometric today and they said that I was listed as a no show for the test. I asked to speak to a manager that could fix this problem and was put on perpetual hold. I'm at work so I can't wait on line forever. I got so fed up after waiting so long, I hung up. This company always seemed third rate to me. I plan on using VUE for testing in the future. OK I'm done. Scott FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1807t=1746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and MS Terminal Server [7:1765]
It's not going to work with port redirection doesn't work with anything other than tcp and udp. You need rdp (protocol 27, not a port, but the protocol), as well as tcp 3389 and tcp 1503. Try it with this instead and you'll see that it should work (provided no ACLs or firewall is blocking it): ip nat inside source static 192.168.1.25 200.200.200.1 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Kim Seng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a MS Terminal server (Port 3389) inside a private subnet. I am using NAT from the router. I am using a Static NAT access list: ip nat inside source static tcp 192.168.1.25 3389 200.200.200.1 3389 I still can not access to the terminal server from the Internet. Can some one tell me what I do wrong. Many thanks in advance. Kim. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1810t=1765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Failed CCDA [7:1698]
Study up and I'm sure you'll have it the next time. Regarding the age thing, experience (not just knowledge) is often a factor. Plus, what says you're not going to leave them as soon as you're able to work full time? More than likely this other employee isn't going to leave as fast. Don't worry, in a short while you'll have some years of experience under your belt as well (often experience isn't seen just as knowledge or hands on experience, but as years in the trenches). Just keep at it, set your goals and stick to them. I'd also talk with your manager and see if they see value to certs, and if so if you can work it into a way to get raises. But when you think about it, most likely the CCDA doesn't hold that much value at your current position, whereas a CCNA and CCNP would be seen as an asset at an ISP (unless you're out selling design solutions to customers like Howard, where it'd make more sense). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Russ Kreigh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I too am only 17 years old and like Priscilla I think this is a controversial topic. However, I have a very strong opinion, therefore am going to express it. :-) I currently work for an local ISP and have quite a bit of Cisco experience along with very much UNIX (BSDi, Linux, HP-UX, Solaris), HTML, JavaScript, ASP, PERL, etc etc. However, I make significantly less that a new guy that was hired to work along with me. I am just as qualified, if not more. Of course, there are other issues to consider; I am part-time and he is full time, I know that makes a difference, that part I understand. But, I feel that a large portion of it has to do with my age, not based on my ability to perform my job. On a Cisco related note, I am going to schedule my CCDA exam within the next month, along with my CCNA. I am very confident that I will do good on my CCNA, and have been studying CCDA material and getting some real-life experience in my job. The message I am trying to point out is that just because we may be young doesn't mean that we should not be taken seriously. Also, I know that my age also offends some people who have been in the field a long time. I can't really speak from expeirence here, but I know that more women have choosen careers in the Technology field in the past 10 years. Just as their co-workers have come to accept it more, they are going to have to accept that us young adults can be capable of doing the same job. -Russ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, April 24, 2001 1:03 PM To: [EMAIL PROTECTED] Subject: Re: Failed CCDA [7:1698] I'm going to say something Very controversial here, which is that I think it's a good sign that a 17-year old had a hard time with the CCDA test. It validates the test a bit. Design requires experience. Can someone who has just learned to drive, design a car? Can someone who has just started learning networking, design a network? Remember that I teach (part-time) at the high school level and I love the energy, quick thinking, and creativity of that age group. I strongly believe that the inventions that they will develop will be even more amazing than the ones our generation came up with. So I do not make this comment out of prejudice. Aaron, it sounds like you know which areas you need to study a bit more in order to pass the test, so I'm sure you'll do well next time. Good luck! Priscilla At 09:02 AM 4/24/01, you wrote: Hey guys, this is Aaron again. I failed my CCDA by 37 points. I made a 718 and i needed a 755 to pass Bah, out 100$.. I did rescedule it for a couple of weeks from now, and now that i know what sections i'm weak in, i think i might be able to make this up. My worst section was WAN Technologies with a 40%. My best was Network Management with a 100%. So i guess i had quite a range of scores. Anyways, back to the books and sample tests for me. Thanks guys. ~Aaron Vose FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1816t=1698 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Win32 app to read/interpret tcpdump file [7:1568]
I can tie this slightly on topic, but it's really not (but no doubt someone here will know). I've got a box that was hacked yesterday (not a box I admin or even have passwords to, but one on my network). Someone is using it for a drop box for ftp. For now, I've just killed everything with blocking incoming ftp and outgoing ftp-data to the box until the clueless admin can fix it (same CCNA I've complained about before). Oh, get this, this same clueless CCNA was told by a customer last week that they didn't want to talk to him anymore when he argued with them when the customer asked for the speed and number their ISDN router was calling, and he told them ISDN doesn't dial. I smoothed it all over and solved it (PBI/SBC had lost their password and was rejecting login). I've got my own personal linux box that I've saved some raw tcpdump captures of the transfers (just after I remove the ACL block and see a few logins occur), but I don't have anything that can view it intelligently. Sniffer Pro just says it's a file format it doesn't recognize (if I could get Sniffer Pro on the subnet, I could solve this real easy, but I don't feel like driving in to solve a problem that's not mine). So, what I want to see is the actual ftp (tcp/21) session info (how they are logging in, where they are going and what they are downloading). From what I can tell in the gibberish file, it looks like they're logging in anonymously and going to vti_cfg and downloading vti_log from somewhere, and possibly something with local drives (c, d, e, etc.). Got me, but I figure I should solve as much of this as I can before this clueless admin gets into the box and wipes out the evidence without knowing it. Anyone have a Win32 app that can read tcpdump raw capture files? Oh, I noticed this as all of our T1s outgoing bandwidth was locked solid at 189K as of last night. It all came from a single ethernet interface, and I know there are only 5 devices on that subnet (2 nameservers I maintain, my personal linux box, pix firewall, and this stupid iis box that this admin refuses to put behind the pix saying he has it secure. Hehee, guess where that box will be by the end of tomorrow?). Here's my on topic tie-in explaining what I blocked for all those wanting to learn about ACLs! e0/0 is where the hacked box is, the serial ports go out to our different ISPs (also, this shows how to add/modify an ACL without locking yourself out, in other words, remove it from the interfaces first, then modify, then re-apply it): int s0/1 no ip access-group 199 in int s1/1 no ip access-group 199 in int s1/2 no ip access-group 199 in no access-list 199 access-list 199 permit tcp host 63.206.176.163 host 207.92.43.210 eq ftp ; let my box in access-list 199 deny tcp any host 207.92.43.210 eq ftp !access-list 199 deny tcp any host 207.92.43.210 ; I used this at first to just kill it all access-list 199 permit ip any any int s0/1 ip access-group 199 in int s1/1 ip access-group 199 in int s1/2 ip access-group 199 in int e0/0 no ip access-group 198 in no access-list 198 access-list 198 permit tcp host 207.92.43.210 eq ftp-data host 63.206.176.163 ; let my box in access-list 198 deny tcp host 207.92.43.210 eq ftp-data any access-list 198 permit ip any any int e0/0 ip access-group 198 in -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1568t=1568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
Heh, well, I found out a simple way to do this tonight (I'd never needed to use it before, always having Sniffer Pro on my laptop available). One way might be to put a sniffer either inside or outside your firewall to watch all data (and possibly filter on http if that's all you want). tcpdump (I believe standard on most *nixes) appears to work great for this. You can tell it stuff like this: tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' It logs lines such as: 22:55:42.624793 www.curtis-arata.com.ftp p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:55:57.446055 www.curtis-arata.com.ftp p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:56:27.078577 www.curtis-arata.com.ftp p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:57:26.363622 www.curtis-arata.com.ftp p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) Throw this at something like Webalizer and it'll save you a lot of work (or just make an ACL on your Cisco router/firewall permit all, but first permit the traffic you want to log and specify log at the end of the line). I'm not a lawyer and this shouldn't be construed as legal advise, but I would make sure you've got a company internet policy established beforehand (and even signed by users, if possible), and include in it that you can and do monitor traffic. Otherwise you might have someone complaining that you're violating their privacy, etc. I just ssh tunnel all traffic I don't want anyone to see to my personal box, so you'd never catch me ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Tariq wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Helo everybody. I want to monitor the activities of my LAN users who are browsing different web sites. I want to enable logging for those users and want to save my all logging information on my Windows 2000 server. Please let me know the procedure. Thanks in advance. Tariq FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1569t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Win32 app to read/interpret tcpdump file [7:1568]
Very cool, worked like a charm. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Mike Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... the evidence without knowing it. Anyone have a Win32 app that can read tcpdump raw capture files? Try http://www.ethereal.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1572t=1568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip address dhcp on a 4000 router [7:1573]
Interesting. If you have time, can you test again with 'no service config' set ? I'm curious if it was originally set by service config or something. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Kevin Wigle wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Found an interesting bug for 12.1(2)T in our lab. We had a scenario using secondary addresses. When the router was reloaded the secondary addresses were deleted. If you weren't watching the reload and saw the one error line - something like Secondary not allowed on negotiated interfaces (but they weren't being negotiated) So watch 12.1(2)T.. the bug is in bug watch Kevin Wigle - Original Message - From: Frank Kim To: Sent: Monday, April 23, 2001 4:11 AM Subject: ip address dhcp on a 4000 router [7:1573] Hi folks, I was able to make my 2511 talk dhcp on its eth0 with ios 12.1(2)T with the command 'ip address dhcp'. Right now, I'm trying to do the same on my 4000m. But unfortunately, version 12.1(2)T does not have an ios for 4000m series. What other ios verion I can use to make my 4000m talk dhcp on its ethernet interface? I have tried numerous ios images, such as the ones above 12.1(2)T, but I got no luck yet. Thanks for any input. -Frank FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1609t=1573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fwall Win2k Terminal server Clients [7:1598]
Terminal Server: remote desktop protocol (rdp) protocol 27 tcp 3389 tcp 1503 Citrix (doesn't require T/S stuff to be opened): tcp 1494 (in) udp 1604 (in/out) tcp/udp 1023-65535 (out) Both info was found from each vendor's knowledge base (T/S in TechNet or , Citrix on Citrix.com), but I keep a file with common app requirements like this. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Edmund Woltynski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks I am trying to get my head around how to poke holes in a router access list with a Firewall feature set (1600 series) to allow a Win2k terminal server client to access a remote TS. From the packet decode the server uses TCP =3389, but the client grabs a number in the range1560 upwards ie a new port per session - I can't seem to nail down a range. There has to be more than just this one port 3389 on the server side considering Citrix has a few to cater for. Does anyone know what the range is - or can nudge me in the right direction in solving this problem. I recall an email on the topic about 6-7 months ago, but can seem to locate it in the archives, I have searched through CCO - all the cookbooks, TAC tips, etc and the MS knowledge base to little avail. Any small hint to will be appreciated. Thanks Regards Edmund Woltynski Email: [EMAIL PROTECTED] ___ The information transmitted by the following e-mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at (618) 83711492, and delete the communication from any computer or network system. - FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1610t=1598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Splitting a BRI for lab testing [7:1604]
No cheap way around it, it will require an ISDN Simulator (hardware device that simulates 2+ ISDN lines, depending on model). ~US$1-2K depending on what features you want. Cisco ISDN CIM's (software programs simulating routers and ISDN configurations) run a lot less (US$150)and may be more appropriate. If you can get a few people to go in on an ISDN Simulator, I'd say it's the way to go, but otherwise it's a very costly investment to a personal lab. Another idea is to get two ISDN lines installed, but unfortunately for my area that's US$150/install (or was two years ago when I used to have it) and US$35/month/line + usage... at least with an ISDN Simulator you can resell it when you're done and get most of your investment back. We've a few dozen lines at my office, and when I was prepping for my Routing test at night I would just go in and hijack a pair to test with *evil grin*. The worst part is it meant physically going to the office, but it was cheap. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Medley, Tim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've read on the list about using 1 BRI and splitting the B Channels to use a router with each B channel in a lab situation. How is this done? I imagine I need to split the B channels at a physical level. Can anyone explain how to do this. thanks, tim Tim Medley - CCNA, CCDA VoIP Engineer 704-943-3615 - Phone 704-525-9119 - Fax 877-6-iReady - Helpdesk FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1611t=1604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip subnetting question [7:1607]
I'm not exactly sure what you're looking for, but I'd suggest grabbing 3Com's Subnet calculator, which will let you select by network bits, subnet mask, subnet networks, or hosts. Somewhere on their support site under Windows applications (free). I keep a copy on my server as well if you like: ftp://artoo.net/pub/bin/windows/32bit/3CIPCalc.zip Here's a URL with some IP basics (it's a good course for those wanting an overview on basic tcp/ip networking): http://www.freesoft.org/CIE/Topics/26.htm -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Lowell Sharrah wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anybody out there have a soft copy of a table that lists the subnet mask, number of networks and number of host per subnet for class a,b, and c networks? Appreciate it very much. Chuck Larrieu 04/23/01 11:07AM Idle curiousity - what resources have you already checked? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of jastinaveen Sent: Monday, April 23, 2001 3:27 AM To: [EMAIL PROTECTED] Subject: pl provide sol for ccna questions [7:1582] 1)How can you check the frame relay configuration on an interface 2) If the access-group command is configured on an interface and there is no access-list created which of the following is most correct? a) An error message will appear. b) The command will be executed and deny all traffic out. c) The command will be executed and permit all traffic out. d) The command will be executed and permit all traffic in and out. e) The command will be executed and deny all traffic in and out 3)what frame-relay displays source and destinations dlci's FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1613t=1607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MNCS 2.0 [7:1651]
No, that expired Dec. 31st, 2000. I took mine while on Christmas vacation for that very reason. Now you only need a CCNA + the 4 security tests for the Security Specialist 1 cert. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cooper, David wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know if you pass the MNCS before 14 May do you still get the +security cert if you have your CCNP already? Thanks Dave Cooper - CCNP, CCDP, NNCSS FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1666t=1651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Tester [7:1479]
Easily. It all depends how and where you look, but I'm seeing 103K right now: telnet://route-views.oregon-ix.net sh ip bgp sum And the highest is looking like: 198.32.162.18 4 4513 6942069052 443975300 6d07h 103539 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Howard commented: 10 million routes? Even with the growth rate of the Internet going exponential again, I wouldn't see that happening for several years yet. By then, we will have new router generations. Me says: I see according to the Bates report that the internet routing table is now hitting 100,000 plus routes a couple of times a week. Any takers on when the number stays over 100,000 for three solid weeks? FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1669t=1479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1670]
Ditto. Get a written policy established first, and unless you're dealing with schoolage kids, a few rumors spread about the internet access being logged should deter most (and syslogging isn't that hard). The rest, well their managers can deal with when presented with the logs. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Indeed this has come up regularly. I remain skeptical that placing the burden for enforcing policy such as this lies with the firewall and the firewall administrators. OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? Merrill Lynch, Dilbert.com? not to mention the various picture sites that so many disapprove of. How about all the radio stations people are listening to over the net? Now, what happens when some person or business unit has a good business reason for accessing AOL or other sights that you are blocking on your firewall? I'm talking to the wind, I suppose, but my first question when this topic comes up, is what is the written policy regarding internet access? the second question is will management pay for what it requires to accomplish this policy? But relying on port blocking, or address blocking, or domain name blocking, on a case by case basis seems a bit shortsighted. JMHO Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Keyur Lavingia Sent: Monday, April 23, 2001 12:41 PM To: [EMAIL PROTECTED] Subject: RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1639] This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is login.oscar.aol.com The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1670t=1670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed CCDA [7:1653]
First off, congrats. That test stumps a lot of experienced folks (just poor test takers). Best recommendation I tell folks is to read through each scenario completely and take brief notes (get 4 of the blue note cards the testing center will offer you), and the time you spend reading through will pay off as you'll be able to breeze through them afterwards. That's how I did it, I don't recall my score, but it was pretty high. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Adam Wang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi group, Passed CCDA today. 72 question, 755 to pass, scored 854. The exam itself is not too hard, but the way Cisco presents the scenario questions is very annoying. 4 scenarios are scattered among the 72 questions. What I mean is you got 1 question on case 1, the next question on case 4, then some non-scenario questions. Then a case question appears again in the middle/end of the exam. I guess it's because of the random selections of the question pool. But I feel I have been tested more on my memory than my skill of design. I have to refresh my memory of each senario once in a while during the exam. I hope Cisco will make some change in the future: Randomize each scenarios, but not mix the questions among all other questions in the exam. Adam __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1668t=1653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP/Firewall IOS [7:1529]
Recall that it's AKA CBAC (Context-Based Access Control) http://www.cisco.com/warp/public/707/index.shtml#IOS There are a ton of examples. Basically, you ACL the outside interface to block everything (or open a few holes for whatever public services you host), and then you apply the firewall inspect name to whatever inside interfaces you want it to look at to allow reflexive traffic back in through the ACL. http://www.cisco.com/warp/public/793/ios_fw/cbac2.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any ideas where to find configuration info dealing with the firewall side of the IOS. I found a link on the CCO, but it really only covers very basic information. Specifically- I'm dealing with version 12.0(9). Thanks Phil FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1539t=1529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Flash 1601 [7:1518]
Try eBay. You're actually looking for the PCMCIA flash card, and make sure you know which model you need it for and that the card goes to, as the 1600 and 1600-R line take different versions (on the back of the router, does it say 1601 or 1601-R?). I see a number of routers with flash, but no actual flash at the moment (but you can add it to a saved search and then select that to be emailed to you when something matches): http://listings.ebay.com/aw/listings/list/all/category11185/index.html Do you know what size you need? I probably have some 4mb Flash cards from upgrades. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""[EMAIL PROTECTED] (James Haynes)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know where I can buy some Flash RAM for a Cisco 1601 Router? I've been to Crucial's site and they only seem to have DRAM not Flash. Thx. Jim FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1538t=1518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Foundation [7:1544]
It'd be better to change the subject and/or start a new post with the appropriate subject (as I just did). Anyway, the Foundation is basically the same as the 3 individual tests, but less questions total, and all drawn from the same 3 full tests. I took the individual tests, just search the archives (use the web interface at http://www.groupstudy.com/ ), there is a ton of info regarding them from those who've taken and passed them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Jason, Are you on your holidays or somethingtalk about prolific posting...otherwise you got the night shift yeah? Karl..How about my question on CCNP Foundation...Please Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1544t=1544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can anyone tell me Colt Test link ? [7:1554]
Everyone with common questions that we all know comes up on the list should consider using the Archive search rather before posting (I use it a lot to find common things asked/answered here). The first hit with "COLT" contains the URL. http://groupstudy.com/cgi-bin/wilma/cisco -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""rayon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I forget it, thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1559t=1554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN-IOS [7:1560]
Get the most minimal IOS version that supports the features you need (just sounds like you need IPSEC, but the Firewall feature set would be recommended if you don't have something else, and it's going to add more DRAM/Flash requirements as well). Each additional feature set is going to add more flash requirements and some DRAM (although they really start to eat up the RAM when you use them). Adhere the minimum DRAM specs (you have to on Flash, or the image just won't fit), and I usually recommend to go somewhat over in case you need to run a newer version for bug fixes that requires it (plus I've seen a lot of router that had the recommended DRAM, but still ran out and lost telnet access). I suggest going over Cisco's VPN/IPSEC tutorial and review sample configs. That should be the place everyone starts when considering implementing something new: http://www.cisco.com/warp/public/707/index.shtml#ipsec -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Arumugam Sundarum wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I need to establish a single VPN connection between two routers... One of them is a 2600 series router and the other is a 800 router. The 2600 is using frame relay on one of its sub interface and connects to the intenet (UUnet). The other has similar charteristics too. Now, I know that the both its IOS has to be upgrade to 12.7, major release and cisco specifies hte recommended size of RAM and ROM. Do we need to follow these specifications strictly. The IOS 12.7 has many type to choose from such as Enterprise IPsec, IPsec, IPlus, blah,blah. Which is the most appropriate one to choose ??? WIth these IOS upgrade, Is it true that I can start specifiying the crypto ISAKMP specification (IKE, MD5, SHA, etc,etc) in the IOS at both ends to create a secured tunnel or do I ned to add something else too such as new module cards,interface, etc. Once I have created the tunnel, what test can be done to ensure that the data transfered is secured ? pls enlightened. thanks in advance. rgds. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1561t=1560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4000 behind a cable modem [7:1498]
You may have to do some research to find what IOS first supports routers a dhcp clients if this command doesn't just work, but here it is: int e0 ip address dhcp You may also want to change the MAC address on your interface if your cable company has tied your access to the NIC you used during the install (I know a number of providers have done that, thinking they could stop multiple access or something silly like that). int e0 mac-address .abcd.abcd You'll then want to use this interface for PAT: ip nat inside source list 1 interface Ethernet0 overload access-list 1 permit 192.168.1.0 0.0.0.255 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Tim Roberts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just had cable internet access installed. I want to put a 4000 (with a 6-port ethernet module) between the cable modem and my network. The cable service only does dynamic addressing at this point. Every few weeks, I will get a new IP address. The IP address is grabbed by the PC not by the cable modem. So in order to put the 4000 between the cable box and my network, I will need one of the ethernet ports to grab an IP from the DHCP server. I cannot remember if there is a way to make an ethernet port do this. Can someone help me out with this or recommend another way to perform this task. Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1513t=1498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router rack pictures [7:1470]
Heh, well, he can identify most networking gear as well. Stuff with a large number of ports are clearly switches, and small number of ports are routers (or firewalls, but hard for him to tell the difference until he can read). I love coming home with some gear to configure for an install later on, and him running out to meet me and seeing it and saying, Daddy's got a router! -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Traceroute wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Col, looks like lots of heart and soul went into the rack and its equipment and congrats on the accompishments! I am in the the same sceanrio sort of. By seeing the pictures, its kind of apparent that providing for the family is what it;s all about (Noah), he;s the pride and joy in the photos, as my daughter Bayleigh is in mine. Thays what its all about show us equipment all day but we are working for that sunshine in our lives ...our families and we keep on striving... and getting better. I am hoping to hear Hey what does your Dad do?,.Oh, he builds bad ass networks! Cheers! George Murphy, CCNP - Original Message - From: Jason J. Roysdon To: Sent: Saturday, April 21, 2001 2:27 AM Subject: OT: Router rack pictures [7:1470] I almost forgot to post this (actually, I did forget to post them last night, and almost forgot again tonight). I got the pictures from my rack up. The first two are before the cleanup, and the last two are after rack I cleaned it up. http://jason.artoo.net/2001-04-19/rack.html Can you believe that on the middle shelf between the white upright speakers and under the rats-nest of cables is a 2610, 16 port hub, and 827 (with my Nextel charger on top)? Yeah, so I decided to clean up a bit. The second pair of pictures show (from the bottom up) two Catalyst 3524 Inline Power switches, 10mbit 16 port hub (left), 827 ADSL router (right), wire management (nicely hiding all the patch cables), 2610 router with two WIC-T1-DI modules, rack-mount 16 port Linksys 10mbit hub, three 6 plug surge protectors, (on the back-left post is a 10-port power strip that came with the rack). Ok, moving to the top of the rack (I know, it's still a bit messy up there, but it leaves me more room in my rack, and that gear doesn't change, whereas the rack gear changes as it's due to be installed at different customer sites). On the top of the rack from the right to left: 486 DX4/100 RH Linux server (with 10mbit Intel NetPort Express connected to two printers), two Linksys 10/100 5 port switches ($25 each after $20 rebates), 1605-R router connected to an ADSL Westell bridge on top (usual internet/firewall access when I don't have the 827), Aironet 350 Access Point on top (Aironet 350 PCMCIA in the laptop works two houses down and covers the entire yard). Ok, behind that, starting from the bottom up is a 4500 with two 100mbit ports and two 10mbit ports, two 2502s, 2501, and IBM Token Ring concentrator (?) on top. Hmm, oh, and to the left of the rack you can see a Cisco 7960 IP Phone. Oh, and down at the bottom is my son Noah's computer (ex-server case that's huge, and has only a baby-AT sized motherboard inside). Noah would be my adorable 3-year and usual excuse for why I haven't been studying. Older pictures from a low-res webcam from when I first got the rack (free, thanks Justin!) with a Compaq 3000 VAC UPS that runs for days with all this gear on it: http://jason.artoo.net/rack/ Ok, I'm spoiled, I know. I'm trying to convince my boss to add a remote power boot/switch and 2511 terminal server to the lab. If you can handle some more pics, you can see some other stuff I'm proud off (family, firepit, and compost bins): http://jason.artoo.net/2001-04-19/ I gotta go add comments (cut'n'paste from this post will make it easy). Man, I don't want to install FrontPage again... will I succumb to the evil that is Micro$oft? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1514t=1470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix to Pix Interface, nat 0 traffic? [7:1429]
Unless you forgot to paste it, you have failed to apply inside2comany to the comanynet interface as incoming. I also suggest having two different ACLs, one I usually call "NoNAT" and one named for the actual interfaces I mean for it to apply to (in your case, inside2comany). Here's what you need: access-group inside2comany in interface comanynet The route statement is incorrect if 192.168.200/24 is connected to the inside (why would you tell the PIX to get to 192.168.200/24 that you have to go through 192.168.100/24? They're on two different interfaces, correct?). My suggestion would be instead to use (192.168.200.5 is the ftp server that 192.168.100.15 needs to get to. In other words, lock it down tight to not just the source/destination ip, but service as well. You can keep the NoNAT simple and easy, but keep security secure): access-list Inside2ComanyNoNAT permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list Inside2ComanyNoNAT access-list Inside2ComanyPermission permit tcp 192.168.200.5 255.255.255.255 eq 21 192.168.100.15 255.255.255.15 access-group Inside2ComanyPermission in interface comanynet -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, need some help talking to group of hosts on a lower security interface from a higher one. For example. I have a fileserver on 192.168.200.0/24 on pix interface 3 security100. I want to be able to speak at will to another fileserver 192.168.100.0/24 on pix interface 2 security 90. The name of int 3 security 100 is inside, and the name of the int 2 security 90 is companynet. I setup an access list, used it with nat (inside) 0. The access list gets hits, but the I can't ping thru to the lower security subnet. What am I doing wrong? nameif ethernet2 comanynet security90 nameif ethernet3 inside security100 access-list inside2comany permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list inside2comany route inside 192.168.200.0 255.255.255.0 192.168.100.1 conduit permit icmp any any Thanks in advance, Michael Snyder FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1463t=1429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix to Pix Interface, nat 0 traffic? [7:1429]
Unless you forgot to paste it, you have failed to apply inside2comany to the comanynet interface as incoming. I also suggest having two different ACLs, one I usually call "NoNAT" and one named for the actual interfaces I mean for it to apply to (in your case, inside2comany). Here's what you need: access-group inside2comany in interface comanynet The route statement is incorrect if 192.168.200/24 is connected to the inside (why would you tell the PIX to get to 192.168.200/24 that you have to go through 192.168.100/24? They're on two different interfaces, correct?). My suggestion would be instead to use (192.168.200.5 is the ftp server that 192.168.100.15 needs to get to. In other words, lock it down tight to not just the source/destination ip, but service as well. You can keep the NoNAT simple and easy, but keep security secure): access-list InsideNoNAT permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list InsideNoNAT access-list Inside2ComanyPermission permit tcp 192.168.200.5 255.255.255.255 eq 21 192.168.100.15 255.255.255.15 access-group Inside2ComanyPermission in interface comanynet -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, need some help talking to group of hosts on a lower security interface from a higher one. For example. I have a fileserver on 192.168.200.0/24 on pix interface 3 security100. I want to be able to speak at will to another fileserver 192.168.100.0/24 on pix interface 2 security 90. The name of int 3 security 100 is inside, and the name of the int 2 security 90 is companynet. I setup an access list, used it with nat (inside) 0. The access list gets hits, but the I can't ping thru to the lower security subnet. What am I doing wrong? nameif ethernet2 comanynet security90 nameif ethernet3 inside security100 access-list inside2comany permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list inside2comany route inside 192.168.200.0 255.255.255.0 192.168.100.1 conduit permit icmp any any Thanks in advance, Michael Snyder FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1464t=1429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco XXXX series router? [7:1433]
Amen, Daniel. I can't see blowing it all on one (or even two) routers when you can make a really nice lab with that amount of money. I guess it all comes down to what your needs are. If it's to have cool equipment you want to use and be able to upgrade with different parts, the module routers fit that bill. If it's to get a practice lab to get your CCNP and then on to the CCIE, I'd say go with Daniel's suggestion, or something like it based on the 2500 fixed-port line. I know it sucks to have to go with "non-cool" old stuff, but it's the wiser choice for studying and cost, IMHO. Regarding the 1600 vs. 1700, the 1600 line comes as a the original 1601-1604 set line, and the newer 1601-1605R line (run from flash). The Flash is not interchangeable between the non-R and R line (not sure on RAM). The 1700 line is nice, and the processor is noticeably faster. Of course, the 1700 is the lower "VPN" router (you can do it with even a 2500, but for performance reasons the 1700 is the lowest recommended), and even has a hardware accelerator VPN module. Plus you get on VoIP slot on the 1750. Note that Scott Dees is incorrect stating the 1750 has 3 WIC slots. It has 2 WIC slots and one VWIC-only slot. That said, I like having my own 1605R that my company paid for, and have been trying to convince my boss I need a 1750 + ADSL WIC + ENET WIC + VWIC 2-FX0 so that I can be fully redundant with internet access at home (ENET would go to a cable modem, hmm, and maybe even use the AUX as a backup interface for my ADSL to SBC/PBI as I get a free dial-up account with ADSL). FX0 would be so I could hook my home phone line into my own little AVVID network at home (CallManager + Unity Voicemail + Unity ActiveFax, woohoo!). Talk about the ultimate home office setup for telecommuting (and of course I'd be VPNing into the company network to do least-cost-routing off their PSTN and have access to VoIP internal phones). Techno-lust, gotta love it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'll take a different tack on desireable routers. Rather than having one great router let me suggest several good routers. The 2500 series is reasonably priced in the used market. How about: 2523 2 Fast Serial, 8 Sync/Async Serial, 1 TR, 1 ISDN BRI S/T 2513 2 Fast Serial ,1 Ethernet, 1 Token Ring 2503 2 Fast Serial, 1 Ethernet, 1 ISDN BRI S/T 2509 2 Fast Serial, 1 Ethernet, 8 Async Serial Check out completed auctions on eBay to see how close this comes to your budget. -Original Message- From: Aaron Vose [mailto:[EMAIL PROTECTED]] Sent: Friday, April 20, 2001 7:48 PM To: [EMAIL PROTECTED] Subject: Cisco series router? [7:1433] Hey all, i haven't taken the CCDA test that i mentioned earlier yet, but i did have a question for all the Gurus about a 1600 - 1700 - 2600 series router. Here's the thing, from my summer job (i'm 17), i'm going to have about 3000$, and i really want to get a cisco router both for my own training, and for use at home. I want to go with somthing that's modular, and not UNGODLY expensive, so that's why i'm leaning twords a 16/1700 series router. But i would really like to get a 2600 series router, because i know one of the 2600 models can connect token ring and ethernet networks. That would be nice, because i have set up a token ring netwrk at 16Mbps just for the hell of it, and it would be nice if i could actually use it for somthing :) Not only that, but it has more WIC slots, and it also has a expandable network slot. This would also be nice... The 8-analog modem card was particularly attractive.. i could set my own mini ISP, if not just use it for myself as a backup line. What would you all suggest? I know i'm buying whatever i get used, but i still can't quite decide. Heh, not only that, but the 2600 looks a hell of a lot cooler ;) Does the 16/1700 series support ISO release 12.x? And what kind of processing speed diffrence is there? RAM / FLASH limit diffrences? I'm just a tad bit lost about this one. Thanks guys! ~Aaron Vose CCNA, A+ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1465t=1433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP on the 800 Series? [7:1365]
Streamlining to keep the code small? This appears to be true on my 827 running IP PLUS FW IPSEC. It does support EIGRP, so stop whinnin' and go to something that supports classlessness. The interesting thing is that it's still in the help system: falcon-827-4v(config)#router igrp ? Autonomous system number falcon-827-4v(config)#router igrp 2 Unknown routing protocol -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Niraj Palikhey"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Can anyone tell me why the 800 series routers do NOT run igrp? I would think that besides the 700 series, all Cisco routers that run the Cisco ios should be capable of running igrp? After all, since igrp is Cisco's very own protocol, shouldn't Cisco give credit to Len Bosack on the 800 series too :-) Please advise. Thank you. Kind regards, [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1450t=1365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: QoS [7:1346]
Look into CAR as well. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Charles Nunie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Can Cisco 2600 and 3600 be configured to provide Quality of Service? We want to dedicate bandwidth to our wireless Internet subscribers Dzilo Get free email and a permanent address at http://www.netaddress.com/?N=1 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1448t=1346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair Cert's [7:1228]
CCNA expiration is automatically renewed when you get your CCNP or CCDP. So long as you keep your CCNP or CCDP current, you'll always be a CCNA (CCNA and CCDA for CCPD). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Not that I'm aware of... the CCNA expires in it's normal time-frame, regardless if you are a CCNP or a CCIE. Phil - Original Message - From: Luong, David To: Sent: Thursday, April 19, 2001 1:00 PM Subject: RE: Job Fair Cert's [7:1228] When you become a CCNP, you also carry the CCNA designate. 'nough said. David. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: Job Fair Cert's [7:1228] I'd had a hard time believing a friend couldn't find a job, when holding both the N+ CCNA certifications. So- I went to a local DC job fair with him yesterday. My buddies resume was 1 page (CCNA with help desk experience) mine was 3 pages (CCNP with design NOC experience). None of the exhibitors seemed to know what category the I (CCNP) belonged in of course I just said "Networking" :o) In two instances exhibitors took my buddies resume not mine, because I was not a CCNA. A third guy looked @ my resume said they didn't do A+ or MCP stuff :-o Man it's rough out there this was not an entry level fair !!! Phil PS- gotta admit, I've been working in the area for 2 years had not ever seen half of these companies before. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1449t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routergod.com [7:1392]
Linked from that site was "CCNA for Dummies" http://www.amazon.com/exec/obidos/ASIN/0764506900/ref%3Dase%5Froutergod/107- 0761137-0763711 Gawd, like we needed that. I know enough CCNA dummies without this book ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Mannan Venkatesan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry for the off-topic. Check this site routergod.com... funny Thanks, Mannan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1453t=1392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What ISP do you recommend for BGP?? [7:1295]
I can say that every time I've contact Sprint the response has been very fast and satisfactory. I've had to make many follow-up calls to get things done with UUNET. I guess you can relax a little when you're the top dog? I'm glad Cisco TAC doesn't feel that way. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Laurel Jones"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I agree with Jason, it's going to be the "luck of the draw" as far as the competency of the Engineering staff that you will have assigned to work with you. We're turned up Internet connections with ATT, Sprint and Internap. We were lucky and all three were pretty good as far as the BGP configurations went. However, the latency and subsequent response time for our E-commerce users in different parts of the country varied widely between the three with ATT being by far the worst. IMHO, you can work through most of the initial configuration and setup issues but support and response time is something you will live with for a long time. Consider these factors as well. -----Original Message- From: Jason J. Roysdon [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 10:06 PM To: [EMAIL PROTECTED] Subject: Re: What ISP do you recommend for BGP?? [7:1295] It's all going to depend on the luck of the draw as to the engineer you get, I think, at least to some degree (same is true of Cisco TAC, and they're the top as far as support goes, IMHO). Mind you I've only turned up two BGP connections, but Sprint was totally on the ball and great to work with. WorldCom/UUNET was incompetent and I had to walk him through a number for things like getting a default route advertised from them, what customer-only routes mean, etc. (lucky for me I did them after Sprint). Check Boardwatch for ISP costs and latency comparisons. WorldCom is directly connected to nearly 50% of prefixes advertised. I believe Sprint has like 30%. http://www.boardwatch.com/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""BH"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Does anyone have a recommendation or horror story for best ISP to work with for implementing BGP? I am thinking of picking between Worldcom, ATT and Qwest. Thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1452t=1295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair Cert's [7:1228] -Reply [7:1228]
I would complain to the cert tracking folks. I'm in the same boat, having done my CCNA v1 last year before the v2 came out, but yet my CCNA is not set to expire 3 years after I got it, but 3 years after I got my CCDP with my CID. One thing I am glad to see is that it now shows I have my CCDPv2 (before it said I only had CCDPv1, saying I required some CCIE tests for my CCDPv2) Here's my Galton info: Certification Agreement Feb 22 2000 P CCNA 1.0 #640-407 Feb 22 2000 P Certification Agreement Feb 26 2000 P Exam #640-503 Oct 9 2000 F (damn ACRC book I used had 2 pages on BGP) Exam #640-503 Oct 9 2000 P (I went home, read up on BGP and nail the Routing v2 that afternoon) Exam #640-504 Nov 6 2000 P Exam #640-505 Nov 21 2000 P Cisco Career Certification Agreement v7 Nov 24 2000 P Exam #640-506 Dec 7 2000 P DCN #640-441 Dec 11 2000 P Exam #640-520 Dec 15 2000 P CID 3.0 #640-025 Dec 18 2000 P MCNS #640-442 Dec 26 2000 P Cisco IP Telephony (9E0-569) Jan 30 2001 P CCNA 1.0 Certification Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Feb 22, 2000 CCNA 2.0 Certification Started: Feb 22, 2000 CCNP 1.0 Certification Completed: Dec 07, 2000 Valid Through: Dec 07, 2003 Recertified: Dec 07, 2000 Valid Through: Dec 07, 2003 CCNP 2.0 Certification Completed: Dec 07, 2000 Valid Through: Dec 07, 2003 Recertification Started: Nov 24, 2000 CCDA 1.0 Certification Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Nov 24, 2000 CCDP 1.0 Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertified: Dec 18, 2000 Valid Through: Dec 18, 2003 CCDP 2.0 Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Nov 24, 2000 Career Specializations CCNP Security** Completed: Dec 26, 2000 Valid Through: Dec 26, 2002 Recertification Started: Nov 24, 2000 Should go sit for CVOICE and get the CCNP Voice Access Specialization before they expire the test? I just wonder if it's worth it (but them, my employer pays for the test, so I could care less). CCNP+Security+Voice/CCDP would look pretty cool, I guess, that is if I was a cert chaser ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The original poster made comment that one must have both. Case in point- I have attained the CCNP certification my CCNA is due to expire in the next year. My CCNA status did not update when I completed the CCNP, it's still the old CCNA 1.0 from 1999. When my CCNA expires, it expires... I guess we agree :o) Phil - Original Message - From: Jose A Rola To: ; Sent: Friday, April 20, 2001 10:43 AM Subject: Re: Job Fair Cert's [7:1228] -Reply Check the Cisco website in tre training and certification section, in the page regarding how to become CCNA, it states there that the CCNA is valid for three years, then you have to recertify by taking again a valid CCNA exam or achieve CCNP status. Jose Rola "Circusnuts" 04/20/01 01:46pm Not that I'm aware of... the CCNA expires in it's normal time-frame, regardless if you are a CCNP or a CCIE. Phil - Original Message - From: Luong, David To: Sent: Thursday, April 19, 2001 1:00 PM Subject: RE: Job Fair Cert's [7:1228] When you become a CCNP, you also carry the CCNA designate. 'nough said. David. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 7:57 AM To: [EMAIL PROTECTED] Subject: Job Fair Cert's [7:1228] I'd had a hard time believing a friend couldn't find a job, when holding both the N+ CCNA certifications. So- I went to a local DC job fair with him yesterday. My buddies resume was 1 page (CCNA with help desk experience) mine was 3 pages (CCNP with design NOC experience). None of the exhibitors seemed to know what category the I (CCNP) belonged in of course I just said "Networking" :o) In two instances exhibitors took my buddies resume not mine, because I was not a CCNA. A third
Re: Failed BSCN [7:1405]
Sorry to hear, sounds like my first pass (and I was so pissed I took the rest of the day off and studied, retook the test that afternoon in the last slot and passed by 150 points). Of course, I blame the ACRC book I used to study with has just a few pages on BGP (my fault for not comparing the outlines of the ARCR vs. the Routing v2 test and seeing that BGP played a bigger role). There are a ton of resources online, but if you're going to spend some time studying, get Halabi's "Internet Routing Architectures, Second Edition" book and you'll learn a huge amount of BGP info. I like started with Avi Freedman's stuff. I like his point of view (practical, small ISP point of view). I haven't re-read his material since I've gotten some hands-on and read Halabi twice, so I'm sure I might find some out of date or things that I might not agree on. http://www.netaxs.com/~freedman/bgp/bgp.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Brad Shifflett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Failed by 23 points. Really tough on BGP. I only got 22%. Any tips on good materials to really grasp BGP? Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1456t=1405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IOS upgrade security policy [7:1408]
My understanding is that you can upgrade to any minor release without cost. So if you had 11.1(1), you could upgrade to 11.1(8). To go to a new major release, like 11.2(1), you'd have to purchase it (or have a SmartNet contract). So long as a product isn't listed as DF (deferred), I wouldn't worry too much about it unless there is an issue you're running into that TAC had told you or found in the bug tracker system. Usually the need to upgrade is for new features. If you don't need the new features and a product works and isn't deferred, might as well stick with it (unless it's for a test lab, of course). I won't say my personal opinion on crappy, err, buggy software. Micro$oft bothers me the most, but anyone in general that charges for the "new" version that fixes the bugs in the old just really has a lot of nerve. Especially the new Windows 2000 ads showing a Windows 95 BDOD and says something like, "Tired of Blue Screens? Upgrade to Windows 2000 Professional." I mean, what a joke. We sold you crappy software, but we've made better stuff now, so buy it and fix the problems we made in our original software. I think Computer Associates (CAI) come in second on my "bad software" maker list (I can tell some terrible backup software stories). Hmm, well, maybe I did say my personal opinion *g* It's easily to get me off on a tangent. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Maness, Drew"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With the different major IOS releases, 11.1,11.2, 11.3, 12.0, 12.1..., How do security vulnerabilities get updated? My question really is this. Is running IOS 11.3.11b less secure than the latest release of 12.1? What is the upgrade policy associated with the IOS version? Should it be that if you are running 11.3 you should update to the latest version of 11.3 or is the recommendation to upgrade all the way to 12.1? Since it looks like different IOS versions along with platform version have different bugs associated with them, I was just wondering what other peoples corporate security policy was in relation to the Cisco IOS versions. Thanks for any insight Drew FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1457t=1408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Failed BSCN [7:1405]
I'm no librarian and don't know much about how ISBN's work, but you'd think a Second Edition should have a different ISBN? I guess technically it just fixes errata, but still. Be sure to get the Second Edition version of this book (c) 2000, instead of the original (c) 1997 book. Same ISBN as the original. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fenech, William J"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Internet Routing Architectures Author: Halabi ISBN: 1-57870-233-X Good Luck Bill Fenech LAN/WAN Developer Lockheed Martin Mission Systems email: [EMAIL PROTECTED] -Original Message- From: Brad Shifflett [mailto:[EMAIL PROTECTED]] Sent: Friday, April 20, 2001 12:11 PM To: [EMAIL PROTECTED] Subject: Failed BSCN [7:1405] Failed by 23 points. Really tough on BGP. I only got 22%. Any tips on good materials to really grasp BGP? Brad Shifflett [EMAIL PROTECTED] Micromenders, Inc. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1455t=1405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Simulator [7:1087]
Zebra for linux works great. I even have a copy running for public access: telnet://artoo.net:2605 (password is bgp) http://freshmeat.net/projects/zebra/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""sdonoho"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there such a thing as a freeware BGP simulator? BGP simulators run on PCs or Workstations and simulate an external AS and will form adjacency with routers. Router manufactures use the simulators to stress their products. But I'm unsure if the simulators are homegrown, commercial or freeware. I'm currently using a Linux system in my home lab and a BGP simulator would be a great addition to my network. Scott FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1189t=1087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring book [7:1138]
I actually found "Cisco IOS Bridging and IBM Network Solutions" in our company library today (collecting a ton of dust, I might add). (c) 1998, but I'm sure the IBM Network Solutions will work for me in addition to what I've found online so far. If I need more help, I'll check out your suggestion. Thanks, -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In reply to a recent request for additional Token Ring reading. "IBM's Token-Ring Networking Handbook" by George C. Sackett ISBN 0-07-054418-2 McGraw-Hill Publisher 1993 Sometimes a used copy comes up for sale on eBay. I'm not sure of any other source for this book. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1190t=1138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network analysis of T1 [7:1057]
MRTG, and it's free. I routinely set it up for customers (of course my labor isn't free). Here's a link to my site where I have it running. At the bottom of the page is a link back to the MRTG site where you can download it. http://artoo.net/mrtg/63.107.123.253.2.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Anthony J Crews"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would like to know the best/least expensive software on the market that will analyze my T1 links for %usage. I have all cisco routers but think the CiscoWorks RWAN is a bit expensive ($15,000)? Thanks, Anthony FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1188t=1057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice Ready Router [7:1092]
Aren't the xV models just the same thing but with the extra dram/flash and correct IOS image bundled (and also cheaper than buying them individually)? I think that's my recollection on them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Joseph Padian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It depends on what model 1750. There are 3 models: 1750, 1750 2V, 1750 4V. The 1750 2V-4V you only need a VIC. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1191t=1092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7100 VPN Router [7:1213]
Yes, routers are capable of QoS into a VPN. The Concentrator or PIX are not, as they don't support QoS (although if you have a router supporting QoS before, you might be able to fudge it a little). Of course, you can only control QoS into the VPN, and not how the tunnel itself will perform once it leaves you control, but at least you can control what's going in. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Gil Shulman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi everyone, Does anyone know if I can perform differant types of QoS to a VPN with respect to a LDAP server? Thank you in advance Gil FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1250t=1213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair Cert's [7:1228]
HR is clueless. List all certs, including pre-reqs that we all know a higher cert holds. I list CCNA and CCDA in addition to the CCNP and CCDP in my certs section (but I also break down when I obtained them by date). Also, don't just list "CCNP" but include what it stands for and order the certs with the highest listed first: a.. Cisco Certified Network Professional (CCNP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-506 Support / Internetwork Troubleshooting b.. Cisco Certified Design Professional (CCDP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-025 Internetwork Design c.. Cisco Certified Network Associate (640-407 CCNA) d.. Cisco Certified Design Associate (640-441 CCDA) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Interesting... I see a lot of job postings where companies are looking for CCNA's and prefer CCIE's...No mention of CCNP's. It seems (to me at least) that many in the HR world are not familiar with the CCNP. roger -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 07:57 To: [EMAIL PROTECTED] Subject: Job Fair Cert's [7:1228] I'd had a hard time believing a friend couldn't find a job, when holding both the N+ CCNA certifications. So- I went to a local DC job fair with him yesterday. My buddies resume was 1 page (CCNA with help desk experience) mine was 3 pages (CCNP with design NOC experience). None of the exhibitors seemed to know what category the I (CCNP) belonged in of course I just said "Networking" :o) In two instances exhibitors took my buddies resume not mine, because I was not a CCNA. A third guy looked @ my resume said they didn't do A+ or MCP stuff :-o Man it's rough out there this was not an entry level fair !!! Phil PS- gotta admit, I've been working in the area for 2 years had not ever seen half of these companies before. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1257t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAR (Commited Access Rate) [7:1234]
I haven't applied CAR yet, but one other point to make is that you need to have your upstream ISP applying CAR as well, otherwise this is basically useless (you need them to block/slow down this sort of traffic before it hits your WAN link). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""BASSOLE Rock"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Group, I would like to apply an CAR for icmp and SYN Flood traffic to a Serial interface on my router. How can I determine the bandwidth limitation to apply (128000) and the maximum (8000), minimum (8000) burst. Here is the example below: interface Serial 0 rate limit input access-group 102 128000 8000 8000 conform-action transmit exceed-action drop access-list 102 permit icmp any any echo access-list 102 permit icmp any any echo-reply Regards, Rock BASSOLE Til: +33 (0) 1 45 96 22 03 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1258t=1234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice Ready Router [7:1092]
Actually, VoIP works very well, at least with my provider. I've got PacBell/SBC ADSL at home (384k down, 128k up, although down bursts way beyond that). Right now I'm using an 827 with an IPSEC tunnel into a customer's office where they have a Cisco CallManager cluster, and gateways out to their ISDN PRI and other branches with FXO POTS access. During the setup we initially used public IPs (VoIP doesn't work through NAT presently) and my 1605R and tested and using G.711 it was a little choppy at times. Once I got an 827 and we got G.729a compression turned on, it now sounds great (I think the 827 is either faster and/or having it directly connected to my ADSL cuts out one more device (the ADSL Westell bridge I have)). QoS helped as well (vs. all the other outbound traffic at my office), and tunneling actually helped more (bypasses the firewall on both ends). I can call out 18 different locations as a "local call" and it sounds great (they're using FR internally between sites). We're working on getting a few copies of CallManager for our own lab use (that can install on any box), and when I do I'll put up some info on how to connect for those that want to try (IPSEC tunnel first, then using Cisco's IP SoftPhone on your PC). I actually spent about 3 hours cleaning up my home rack last night (doesn't have threaded holes, so I had to get more nuts and bolts to mount devices), and when my Wife walked in, she couldn't believe it was the same equipment all still connected (all the wires are hidden by wire management). We took some pictures "before" and "after" and I'll post them when they get developed. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's the scoop on the 1750s: the Base Model 1750 has 4MB Flash, and 16MB RAM, and an empty DSP slot behind a LED riser card on the system board. With a Voice Upgrade kit, you can add on the DSP chip (which looks like a proprietary DIMM, but its not) and you get an 8MB Flash chip and 32MB RAM chip to swap out with the old ones... and you essentially have the 4/8 chips spare on hand. You also get the IOS on CD for IP Plus. the 1750-2V has the Voice Upgrade kit already installed, with the Voice Image already installed too; you just don't have the left-over 4/8 chips on hand. the 1750-4v is all inclusive of the 2v, but it has a second slot on the main board beside the first one for the DSP chips, and if I remember right, they're located in a slightly different location on the board I guess because of space constraints. Optionally, you can bump the 1750 up to 16MB Flash, and 48MB RAM for any of the huge images you decide to run. One nice thing I like about this router is that you can purchase an additional 10BT WAN card to put in a WIC slot, and do PPPoE and the last I checked (about a month ago on CCO), this feature wasn't supported on any other Voice enabled router. Sweet deal for those who want to buddy up with a pal and try VoIP over the internet with DSL or CableModem using a GRE tunnel, of course And yes, I'm aware of the QoS issues you have to deal with in using the Internet as opposed to a FR or PPP connection... like I said, it would be strictly for experimental/play purposes. - Mark Odette II - Original Message - From: "Jason J. Roysdon" To: Sent: Thursday, April 19, 2001 2:48 AM Subject: Re: Voice Ready Router [7:1092] Aren't the xV models just the same thing but with the extra dram/flash and correct IOS image bundled (and also cheaper than buying them individually)? I think that's my recollection on them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Joseph Padian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It depends on what model 1750. There are 3 models: 1750, 1750 2V, 1750 4V. The 1750 2V-4V you only need a VIC. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1260t=1092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO download [7:1238]
Email the CCO team and they'll fix your access if you're supposed to have it. I've run into this from time to time. [EMAIL PROTECTED] is the email address to use. Tell them your login ID and they should be able to take it from there. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Terence Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone had trouble downloading (ex. IOS images)from the CCO wesite? Myself and serveral co-workers are not able to dwonload. It states that my profile can not be found. Thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1259t=1238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Security exam 351-018 [7:1070]
Just because security is something I enjoy, it's most likely the next thing I'd pursue after R/S (plus it should be a piece of cake after the CCIE R/S, just learning the security depth and already feeling secure in the R/S side). A good starting point in the meantime would be the 4 security tests for the Security Specialization. http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/security/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Ali Jamshed Khan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I am working for an E-commerce organization and most of my time is spent on network security. I am also looking for CCIE security certification. My suggestion is that those of us looking for the ccie security should think of having a common list to discuss security specific questions. I plan to take the written in about couple of months and the lab later on this year. regards Ali Jamshed Khan, CCNP - Original Message - From: "Terence Lee" To: Sent: Wednesday, April 18, 2001 2:06 PM Subject: CCIE Security exam 351-018 [7:1070] Has this exam gone live yet? I see that it was in beta from October 20, 2000 to November 10, 2000. Has anyone taken it? Thanks Terence Lee CCNA FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1266t=1070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Dampening, What is a flap? [7:1128]
And it's all tied to time as well, so just don't go down/up within a very short period (just go down, do your work, then back up). If you know you're going to take a BGP announcing router offline and don't want there to be any possibility of things bouncing while you're working, shutdown your BGP neighbors so you won't be announcing and then withdrawing them. So long as I've done that, I've never had dampening problems. When I'm all done, I just no shutdown the BGP neighbors and we've got no dampening penalties. Before learning about the BGP neighbor shutdown command, I was getting dampened a bit as the serial line would sometimes bounce when first coming up and the BGP neighbors were already exchanging routes. Also important is to kill your iBGP neighbors statements as well (shutdown command), as you don't want them to be flapping any routes that originate from the router you're working on. An example of the command: router bgp 18506 neighbor 63.123.123.166 shutdown Worst case, when I was first installing BGP and tweaking with memory and how many routes we could hold (and crashing and losing our BGP sessions), I think I probably flapped 10 times and got dampened for 2 hours from some ISPs. Of course, we were working after hours so no big deal, but now that I know better I wouldn't announce any routes until I knew everything else was stable. BGP looking glasses are very useful to see if you're getting dampened ;-) telnet://route-views.oregon-ix.net telnet://route-server.cerf.net -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It doesn't answer the question. It says there's a penalty for each flap. Is there a penalty for 1. each time a route goes down or 2. each time a route goes down and back up The answer is probably number 2, as the orignal poster thought also, since just going down isn't really "flapping." Priscilla At 05:18 AM 4/19/01, Andy Prima wrote: Please let me quote from sitamoth.com: Route dampening is a BGP feature designed to minimize the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available then unavailable..and so on. A route that is flapping receives a penalty of 1000 for each flap. When the accumulated pelanlty reaches a configurable limit, BGP surpresses advertisement of the route EVEN if the route is UP. The accumulated penalty is decremented by the half-life time. When the accumulated penalty is less than the reuse limit, the route is advertised again (if it is still UP). Hope this can help :) Andy -Original Message- From: Stephen Skinner [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 3:53 PM To: [EMAIL PROTECTED] Subject: Re: BGP Dampening, What is a flap? [7:1128] I always thought of a "Flap" as a generic term meaning when a route/interface/serial-line goes full-circle.regardless of protocol i use the term interchangeably with OSPF,PpP,LEASED lines,BGP,ISDN from:- workingdowninitialisingup i have always treated the "whole" as one flap? Am i going mad. Cheers steve "my mum always said it`s only an exam...PAH...what the heck do she know" From: "Priscilla Oppenheimer" Reply-To: "Priscilla Oppenheimer" To: [EMAIL PROTECTED] Subject: Re: BGP Dampening, What is a flap? [7:1128] Date: Wed, 18 Apr 2001 18:09:50 -0400 I think from BGP's point of view a flap is a withdrawal and announcement of a routing prefix. Howard Berkowitz will know for sure. Did you check his BGP papers at http://www.certificationzone.com. Also there's a good paper here: http://www.ripe.net/ripe/docs/ripe-178.html Cisco often uses the word "flapping" in a generic sense for a route or interface going up and down repeatedly. That could be cause for some confusion. In your class, you might want to be clear about whether you are using the term generically or with reference to parameters to route dampening commands. Good luck. Let us know what you find out for sure! Thanks. Priscilla At 03:35 PM 4/18/01, Tom Pruneau wrote: Greetings All I am in the process of writing a BGP class, at present I am specifically working on a section covering dampening. My question is "what is a flap" The two possible answers are: Answer one A flap is whenever path information changes for a route. By this definition if a route goes away, that would be a flap. When the route comes back, that would be another flap. So a route going away then coming back would be 2 flaps. Answer two A flap is a route transition from up to down back to up. So a route going away then coming back would count as one flap. I am
Re: PPPoe [7:1249]
But as he's posting to a Cisco list, he's probably curious about getting it to work with a Cisco router ;-p Cisco TAC's DSL section has a number of PPPoE sample configs: http://www.cisco.com/warp/public/794/ The hardest thing will be getting your PVC info from your clueless ISP helpdesk: http://www.cisco.com/warp/public/794/wicadsl_pppoe_client.html interface ATM0.1 point-to-point pvc 1/1 pppoe-client dial-pool-number 1 !--- pvc 1/1 is an example value that must be changed !--- to match the value used by the Internet Service Provider (ISP) ! !--- The PPPoE client code ties into a dialer interface upon !--- which a virtual-access interface is cloned. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Nurudeen Aderinto"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You can use Linksys DSL router Yu can get more infomation on it from : http://www.computers4sure.com/product.asp?productid=109800 Regards, Nurudeen --- Vincent wrote: hi; Currently, I subscibe to ISP ADSL service, can I use my router to function as PPPoe clients. So the network behind the router can access the internet? Thanks Vincent FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1261t=1249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair Cert's [7:1228]
The problem is that they're usually overwhelmed, so they just scan for the right letters and aren't going to dig and research any resume that doesn't have the exact specs they're told to match. I think IT Managers could be better informed as well and let the HR folks know what all to be looking for. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I could not agree more HR's tend to be witless and you need to spell out to them what you have. Karl - Original Message ----- From: "Jason J. Roysdon" To: Sent: Thursday, April 19, 2001 6:44 PM Subject: Re: Job Fair Cert's [7:1228] HR is clueless. List all certs, including pre-reqs that we all know a higher cert holds. I list CCNA and CCDA in addition to the CCNP and CCDP in my certs section (but I also break down when I obtained them by date). Also, don't just list "CCNP" but include what it stands for and order the certs with the highest listed first: a.. Cisco Certified Network Professional (CCNP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-506 Support / Internetwork Troubleshooting b.. Cisco Certified Design Professional (CCDP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-025 Internetwork Design c.. Cisco Certified Network Associate (640-407 CCNA) d.. Cisco Certified Design Associate (640-441 CCDA) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Interesting... I see a lot of job postings where companies are looking for CCNA's and prefer CCIE's...No mention of CCNP's. It seems (to me at least) that many in the HR world are not familiar with the CCNP. roger -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 19, 2001 07:57 To: [EMAIL PROTECTED] Subject: Job Fair Cert's [7:1228] I'd had a hard time believing a friend couldn't find a job, when holding both the N+ CCNA certifications. So- I went to a local DC job fair with him yesterday. My buddies resume was 1 page (CCNA with help desk experience) mine was 3 pages (CCNP with design NOC experience). None of the exhibitors seemed to know what category the I (CCNP) belonged in of course I just said "Networking" :o) In two instances exhibitors took my buddies resume not mine, because I was not a CCNA. A third guy looked @ my resume said they didn't do A+ or MCP stuff :-o Man it's rough out there this was not an entry level fair !!! Phil PS- gotta admit, I've been working in the area for 2 years had not ever seen half of these companies before. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1333t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What ISP do you recommend for BGP?? [7:1295]
It's all going to depend on the luck of the draw as to the engineer you get, I think, at least to some degree (same is true of Cisco TAC, and they're the top as far as support goes, IMHO). Mind you I've only turned up two BGP connections, but Sprint was totally on the ball and great to work with. WorldCom/UUNET was incompetent and I had to walk him through a number for things like getting a default route advertised from them, what customer-only routes mean, etc. (lucky for me I did them after Sprint). Check Boardwatch for ISP costs and latency comparisons. WorldCom is directly connected to nearly 50% of prefixes advertised. I believe Sprint has like 30%. http://www.boardwatch.com/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""BH"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Does anyone have a recommendation or horror story for best ISP to work with for implementing BGP? I am thinking of picking between Worldcom, ATT and Qwest. Thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1334t=1295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Ramblings [Was Re: BGP Dampening, What is a flap? [7:1128]
Speaking of, I'll be posting pics of my compost bin, router rack, and firepit on my homepage tonight. These are my hobbies, I'm a homebody geek, and I like my life as it is, thankyouverymuch *g* One of these days I'll get a digital camera so it doesn't take me 4 steps to get photos up my website instead of just 1. A scanner would help, so at least then I wouldn't have to go to the office (I think I've been in the office twice this month, once to pick up parts, and today to scan the photos). Hmm, so I guess I'm a frugal geek. Oh, what a coincidence, Star Trek Voyager re-run tonight just used dampening. Chakotay (sp?) said, "I'm detecting a dampening field around that building." That settles it, Star Trek is made up babbling and usually incorrect when it comes to technical terms (unlike Star Wars, you know), so it must be damping *g* -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As a gardener, however, dampening is a good thing to do to seedlings, making them moist and green. A damped seedling has gone limp and is on its way to the Great Compost Pile in the Sky. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1337t=1128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I Connect to ISP without Public IP [7:907]
interface Ethernet0 description Customer LAN ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ip nat inside ! interface BRI0 description Customer, Inc. 209-599- (SPID1 2095990101) (SPID2 2095990101) ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no keepalive dialer idle-timeout 600 dialer string 5771091 class pbi56 dialer hold-queue 20 dialer load-threshold 60 either dialer-group 1 isdn switch-type basic-ni isdn spid1 2095990101 599 isdn spid2 2095990101 599 no peer default ip address no fair-queue compress stac no cdp enable ppp authentication pap callin ppp pap sent-username ISP_USERNAME_HERE password ISP_PASSWORD_HERE ppp multilink hold-queue 75 in ! ip nat translation timeout 300 ip nat inside source list 100 interface BRI0 overload ip route 0.0.0.0 0.0.0.0 BRI0 permanent ! ! map-class dialer pbi56 dialer isdn speed 56 access-list 100 permit ip 192.168.1.0 0.0.0.255 any -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammad Faheem"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All I want to configure Cisco 801 ISDN Router for Internet Access(ISP Connection) without any Public IP address, I am unable to locate any sample configuration on Cisco site for the same. I know how to configure with public ip but havnt done any configuration without public ip, I will appreciate if anybody send me the sample configuration or any hint for the same. Thanx Muhammad Faheem Systems Engineer Afcomp Hello : (9714)-3529339 / 3027338 Fax : (9714)-3523842 Web : www.afcomp.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=940t=907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Question [7:640]
See my post in reply to his. You don't learn static routes, but you would "learn" next hop from a static route (example being if it had a higher admin metric than a dynamic routing protocol, and that protocol lost the route, then the next-hop would be learned from the static). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Donald B Johnson jr"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I agree, 3 out the window, you don't "learn" a static don [EMAIL PROTECTED] - Original Message - From: "Tony van Ree" To: Sent: Monday, April 16, 2001 4:43 PM Subject: Re: Cisco Question [7:640] Hi all, I thought IP routing was "not on by default" as a matter of fact that thought can bring you unglued when trying to work out way some issues as to why routers don't route IP. So I think (d) would be approriate. Why would a router "learn about a static route". So (c) goes out the window. Maybe I have a twisted view? Teunis, Hobart, Tasmania Australia On Saturday, April 14, 2001 at 03:00:21 PM, Jason J. Roysdon wrote: If 3 must be true, I'd say start with getting rid of the ones that aren't: Routing is enabled by default (may not have always been true, but as of 12.x) The command to enable routing is 'ip routing' That leaves you with three left. Of course, the exam could be wrong. a,c,e sound correct though, just skimming and not thinking too hard. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Victim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Exam 1.11. Which three statements about Cisco Implementation of IP routing are ture: a. Routers can learn next hops dynamically b. IP routing is disabled by default on Cisco routers c. Routers can learn next hops through static routes d. Entering ip route in global configuration mode enables IP routing e. Routers learn next hops by receiving periodic updates from other routers FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=947t=640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrade Catalyst 6509 MSFC problem [7:949]
"show flash" or "dir" will report that you probably don't have enough space. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Kim Seng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to upgrade my Catalyst 6509 MFSC to version 12.1.5. When I issued the cmd: copy tftp flash at the router prompt. It failed and told me that there are not enough space to upgrade the new image. Can someone help me with this. I am digging cisco web site for reading right now. Sorry this is my first time with this. Kim. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=951t=949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IOS on HTTP site WAS: Cisco IOS Documentation: on ftp [7:950]
Mirrored and re-zipped by me at ftp://artoo.net/pub/doc/cisco/ios/ You can get the individually zipped directories (for those with slower connections), or the ciscoios-combined.zip file which contains all of them, but don't waste your time downloading both. Note: I only allow a certain amount of logins at different times (3 during 6am-7pmPST business hours, unlimited all other times). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""COULOMBE, TROY"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Don, That was I! ;-) I d/l them, then zipped them (10Mb v. 70Mb.) They are in the same directories, etc. I also zipped them up as one large file (same size)(proper directories maintained). I am allowed 2G of d/l per month from my domain hoster. So 150 people @ 10Mb is max LOL. But you never know. ;-) Will keep it there for as long as possible. ;-) IMPORTANT** If members on the list want to shoot me an E-mail with the following subject: CiscoDocs I will respond to those requests with the URL of the files for those w/ HTTP only access. ;-) Those that respond w/ a different subject, will be filed in /dev/null. ;-) Too much E-mail in a day, it _must_ be sorted/filtered ;-p TroyC -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 6:39 AM To: [EMAIL PROTECTED] Subject: Re: Cisco IOS Documentation: on ftp site [7:258] Hi All Everyone with the FTP site for the IOS docs the password has changed. I had to do this for use during the week. Starting Friday and into the weekend the site will reopen. Someone also said they zipped the files and made them available if they could inform others that would be great if this is true. Again the username and password will work this weekend. - Original Message - From: "Patrick McAllister" To: "Donald B Johnson jr" Sent: Monday, April 16, 2001 5:21 PM Subject: Re: Cisco IOS Documentation: on ftp site [7:258] Hi Don, I wanted to thank you for the user id and password for your ftp site. I downloaded a fair number of the guides, unfortunately I was not able to complete the downloads this weekend as planned. I went back tonight, but got an access denied message trying to change directories to "guides". I was wondering if the window of opportunity had closed? If so, no biggie, I'd like to thank you for making the documentation available. If perhaps I have done something incorrect and the word docs are still available for download, just let me know (at your convenience of course). Thanks again! Patrick FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=950t=950 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question RE: Windows XP and Catalyst 5000 Issues ... [7:952]
I received this from a fellow engineer who contacted TAC: From: Mangieri,Joe Sent: Tuesday, April 17, 2001 10:46 AM To: 'Jason Roysdon' Subject: RE: Microsoft Windows XP, and CISCO's 5000 Series Switches On a Supervisor Engine III, the show module command provides information about the EARL and uplink modules. Naturally we have a Sup II. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Hennen, David"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, this could be a problem. Does anyone out there know of a way to remotely determine what version of EARL is on the various Cat 5xxx supervisor blades? Thanks if you can help, Dave H -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 5:47 PM To: [EMAIL PROTECTED] Subject: RE: Windows XP and Catalyst 5000 Issues ... [7:816] Here's the Cisco Advisory: http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml -Original Message- From: Hornbeck, Timothy [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 3:30 PM To: [EMAIL PROTECTED] Subject: Windows XP and Catalyst 5000 Issues ... [7:816] Do Not Plug WXP In Your Cisco Network Yet: Crash Warning Computer Reseller News reported something 'interesting'. MS found out about an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 switch. The conflicts can cause your corporate networks to crash. The unexpected incompatibility sits between the 802.1x wireless security feature in Windows XP and the Cisco switch software that has a bug. Cisco has a fix on its website. This week, Redmond sent an e-mail to all of Microsoft Consulting Services (MCS) to not plug Windows XP machines into any network without explicit approval of the client's IT department. What seems to have happened is that a Microsoft consultant plugged a laptop running Windows XP into a site and took the entire company down. Some adventurous souls in Xerox did the same, and brought the whole network down. Xerox sent an email to all 50,000 employees and told them that if they plugged in WXP and brought the network down, they would pay for the damage out of their paycheck. Sounds like they mean it. More at: http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash __ Nathan C. Broome CNE,MCSE Network Administrator Mayfran International 440-461-4100x160 [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=952t=952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Keystrokes to stop traceroute or Ping... [7:978]
*snort* You only do that when you typo an ip address you want to telnet to and it just sits there waiting to time out ;-p Otherwise, use CTRL+^ followed by x (CTRL, SHIFT, 6 release keys and x). If you're telnetting into a router and then into another, you can stack the CTRL+^ twice and then x (CTRL, SHIFT, 6, release, CTRL, SHIFT, 6, release and x). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... or login again and clear the vty line you're on... ;-) -Original Message- From: Rizzo Damian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 13:51 To: [EMAIL PROTECTED] Subject: Keystrokes to stop traceroute or Ping... [7:978] Anyone remember the keystrokes to stop a router from performing an endless traceroute or ping?... Thanks. -Rizzo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=994t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need VPN success story. [7:1000]
Click on the size of the organization, and once the next screen loads you'll have a "Success Stories" button on the bottom left. You'll never find a lack of Cisco sales-fluff on CCO ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Cisco Newsgroup"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could you please tell me where I can find some VPN success stories? Thanks. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1018t=1000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
True, but even if you sat down at a PC and got its MAC address (or just used that same PC), you'd still have to have the username/password for any real access, as even their Bordermanager proxy is based on being authenticated to NDS. But good point if that's all a person was using to verify a valid connection to a network. But the without locking it down to a MAC address, what would stop a broadcast storm at the local switch? What other authentication methods are there at layer 2? I mean, I guess you could have some sort of script that would disable the port if the user failed to authenticate with your servers within a given amount of time... but in that time a WinXP PC would have melted a Cat5k (or worse: a program that simulates the same problem that can be run on an OS). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Frankly, I'm very dubious about any security scheme based on MAC address alone, for wired or wireless networks. At best, it's controlling which device can plug into a port, using an identifier that can be spoofed without all that much effort. The MAC address proves absolutely nothing about the identity of the person using the device. I'm really not sure what problem, in most cases, it solves. Once the device is connected, there are no controls. Data link level encryption does make sense for wireless networks. If I am concerned about random devices plugging into a LAN and doing evil, I'd much rather that they have to connect to an authenticating proxy server, or let them in but control server access, or require encryption with authentication of the user ID. There are other methods for controlling broadcast attacks. Regarding layer 2 security, it all comes down to how much of an administrative load you can handle. We have one customer that locks each port down to the MAC address of what is supposed to be there. No unauthorized traffic is allowed to touch the network beyond the switch port which just drops it. They very rarely if ever have moves, and when they do it all has to be coordinated with the lan/switch netadmin. I hate it because I can't just come in and plug in my laptop anywhere ;-p Of course, this wouldn't work with an IP phone install where you're expected to be able to move phones all of the time. I'm sure there is some way to create a list of MAC addresses (and maybe tag them with an appropriate VLAN, like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is essentially firewalled from the rest of the network). Still, this same bug would have melted a network configured as such. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Taking a step back, she asked, "so what's with this 802.1x standard, anyway?" Is anyone actually using it? Data-link-layer security definitely makes sense for 802.11 wireless networks. Does it really make sense for wired networks? Is the bug happening with wired or wireless networks? It sounds like it's happening with wired networks since the bug is with the Catalyst 5000 EARL, though some of the reports have called 802.1x a wireless standard. That's pretty bad that the switches forward the multicasts out blocked ports. How could that have happened? Just a bug I guess. Back to my original question. Does security at the data-link-layer make sense for wired networks? I guess there could be cases where a person has physical access to an Ethernet port but is not supposed to be able to use the network. Maybe in a conference room or lobby. How does the authentication actually take place? Do you need to use Radius or TACACS also? And one more question, is anyone actually using Windows XP yet? I guess people must be for this bug to have been found. Interesting thread. Would anyone care to share some "big picture" comments on the subject? Priscilla At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: Possible solution? * Operating systems, such as Windows XP, will attempt 802.1X authentication by sending frames to the Authenticator PAE on the destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. On Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, these frames will be forwarded on all ports including spanning tree blocking ports. Because these frames are forwarded on blocked ports, the network will experience a Layer 2 multicast storm. Workaround 1: Enter the following commands to configure a permanent CAM entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out an unused port.
Re: Network Collisions [7:1006]
Should be easy enough to troubleshoot with a sniffer. Search the archives here and you'll find a number of references to free/trial versions. The solution is to segment with switches if it's not a misbehaving device (and even still, switches are so cheap these days). How many nodes and how many hubs? As much as I'd like to recommend a Cisco product, for those that have a bottom line, there is always the Linksys product line. Even a single switch with the server(s) plugged into it running 100/full-duplex and the hubs all connected to it would solve a lot of the collision problems for a while. The best solution, IMHO, would be to get the cheapest Cisco switch that supports Fast Etherchannel and a multi-port NIC that supports Fast Etherchannel for your server(s) (Adaptec and Intel make them). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""John Brandis"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... G'day all where ever you may be. I have been watching my network here in my office and I have noticed that over the last week, that the network is slowing down. Due to financial constraints, we are using 10/100 16 port hubs (2) {just thought I would point that out} I have noticed that the collision LED's are on a fair bit these days. I checked to see if the errors where due to cable problems or broken ports on the hub, but this was not the case. I made sure all the PC's were using the same protocol and still I have an abnormal amount of collisions. I understand that I will have collisons but for a 11 user network that is centerd around a WIN2k Server/Exchange server I have about a 40% collision rate. Does any one have any idea's (besides the obvious of buying a switch) on how I can troubleshoot this or fix the problem... Thanks gang John Brandis Network Engineer GoWireless Communications 155 George Street Sydney +61 2 9251 5000 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1021t=1006 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Autonomous System number [7:752]
I would recommend "Internet Routing Architectures," by Sam Halabi to anyone planning to delve into BGP. Quoting from the BGP Bible itself, Page 104, "Instead, the provider can give the customer an AS number from the private pool of ASs (64512-65535)... as described in RFC 2270." RFC 2270 actually references RFC 1930 for the private range: " The Internet Assigned Numbers Authority (IANA) has reserved the following block of AS numbers for private use (not to be advertised on the global Internet): 64512 through 65535 " http://rfc.net/rfc2270.html http://rfc.net/rfc1930.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Irwin Lazar"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... BTW, there are several "illegal" AS numbers that can be used, but like "private" IP address blocks, they aren't supposed to be routed on the Internet. For the life of me, I don't recall the RFC that designates the numbers. Irwin -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 9:25 AM To: [EMAIL PROTECTED] Subject: Re: Autonomous System number [7:752] Hi All - In the real world, how should I obtain an "autonomous system" number? Will I be assigned from some organization or I just make it up? Sorry for the so simple question! www.arin.net for the Americas www.ripe.net for Europe www.apnic.net for the Pacific rim If you are thinking of participating in global Internet routing, you really can't make up very much. The AS number and address space will be assigned to you, and you will need to justify them. You can then work out your own routing policy, which I strongly suggest you register. Each of the address registries above maintains a routing registry (not sure about APNIC). Why do you need an AS? What problem will it solve? FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=820t=752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Actually, you'll want to make the pools only as big as the subnet, unless you know some trick I don't Muhammed. Each pool will need a default gateway assigned as part of the scope, and unless you're doing a /16 range for 192.168/16, then you'll want a pool for each 192.168/24 network. Don't forget to take advantage of the global attributes. Set your DNS, WINS, and whatever settings are the same for each pool as a global setting, and only those settings that need to be unique for each pool (Gateway is all I can think of). This way you don't have to specify these same settings for each pool. A pool-specific attribute will also override the Global attribute for that pool, so even if you had a local WINS and/or DNS server that you want one network to use, still set the Global for whatever is the main configuration. Don't forget if you use WINS to set the node type to 0x8 (hybrid). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammed Khalilullah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, The DHCP server will check the IP address of the interface on which you have configured the IP Helper address command. So make pools on the DHCP server accordingly. eg: Router's interface 192.168.1.1/16 Server' pool 192.168.0.1-192.168.255.254 wil work. Muhammad Khalilullah CCNP, MCSE --- "Jason J. Roysdon" wrote: Yup, you got it. Just set up the extra scope(s) for the subnet(s) you have the ip helper-address enabled port(s) on. The DHCP server sees the source address (or perhaps network address/mask, I'm not sure the down and dirty details), and sends an appropriate DHCP address from the scope that fits that subnet. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I happen to be a ccnp and mcse. I get how ip helper-address works. Also work with microsoft dhcp servers. How do you setup a scope for a remote subnet, and how does the dhcp server know how to hand out the correct ip leases for a non-connected subnet? Does the dhcp server look at the source address of the interface of the forwarded helper-address packets? Then match up the correct scope with the router interface ip address? ""Jason J. Roysdon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's a fun link explaining ip helper: http://routergod.com/trinity/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammed Khalilullah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Actually, the IP helper command is placed on the interface that is recieving the broadcasts. Now you have to decide which router is supposed to recieve the broadcasts. But in usual case, Clients usually try to communcate with the PDC for authentication and other stuffs. So, i think it would work to configure ip helper-address w.x.y.z on the ethernet interface of router 1 only (where w.x.y.z is the ip address of your PDC, but if you have multiple PDCs then you have to give the directed-broadcast address and also have to use ip directed-broadcast command). I hope this will work Muhammad Khalilullah CCNP, MCSE --- David Eitel wrote: I have two routers connected via serial point to point link. Router 1 has an ethernet segment with PDC info I want forwarded to Router 2 ethernet segment. No ip directed broadcast is configured on all interfaces. I want netbios traffic passed from one segment to the other. I have placed an IP helper-address statement on the ethernet interface needing the help. Do I need to use the ip helper-address on all interfaces to the source ip helper-address? Is the ip forward-protocol also necessary? Any advice would be greatly appreciated David Eitel FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archiv
Re: Autonomous System number [7:752]
To my knowledge, one place alone assigns them, and that's the ARIN. US$500 up front and US$30/year afterwards, plus you have to show justification (mutlihoming with two ISPs will do): http://arin.net/regserv.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Thomas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All - In the real world, how should I obtain an "autonomous system" number? Will I be assigned from some organization or I just make it up? Sorry for the so simple question! FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=819t=752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: where can i purchase PIX 515 memory [7:778]
You can go to Cisco's site and use their "Find a partner/reseller" link if you like: http://www.cisco.com/public/crs/locator/ As you already have the part number, it should be a piece of cake for them to order it for you. If you'd like, I can direct you to my company's ordering number, but you might prefer to go with someone local. http://www.netsworkinc.com/contact_us/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""roy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi i want to a 32M memory for my PIX 515. where can i purchase it? the cisco serial number is PIX-515-MEM-32 . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=822t=778 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Backing up a boot image on a PIX 515 [7:801]
I'm pretty sure it is not possible. I've even heard that once you go from 4.x to 5.x you cannot go back (even if you have the older software on disk or whatever). Something about changes to the way it handles the flash. I've downgraded from different 5.x versions with no problem, but we just keep all Cisco code we download in a central place and can easily get it even if it's not available on CCO. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Sam"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anybody know how to backup the boot image on a PIX 515 to a TFTP server? I looked through the configuration guide but can't seem to find the info. Thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=825t=801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
The PIX doesn't support NTP (either to poll from or server). You'll want to have your external router polling a few outside sources, and have it provide clock for the inside. NTP uses udp/123, so if you right a tight firewall that's what you have to open up to that outside router. Also, lower end IOS/older routers don't support the full NTP protocol, but often do support SNTP. I'd also suggestion setting your logging to use localtime, and establishing your timezone: service timestamps debug uptime service timestamps log datetime msec localtime show-timezone clock timezone PST -8 clock summer-time PDT recurring ! full NTP support ntp master ntp server 63.192.96.2 ntp server 63.172.195.4 ntp server 132.239.254.5 I suggest first setting the servers, then make sure that you can sync, and then set the master (otherwise it may sync with itself if the others don't work, but say "syncronized" even though it isn't sync'd to anything external). Check it out with: show ntp associations show ntp status ! sntp only server: sntp server 63.192.96.2 sntp server 63.172.195.4 sntp server 132.239.254.5 From here you only get: show sntp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""EA Louie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... ntp server a.b.c.d ! where a.b.c.d is your external clock source ntp source ethernet0 ! where ethernet0 is the interface that you use to feed time to the rest of the network It automatically generates ntp clock-period. I don't remember the PIX supporting even taking time from an NTP server, much less being an NTP Master -e- - Original Message - From: "Michael Snyder" To: Sent: Monday, April 16, 2001 9:40 AM Subject: NTP Server/Master (Sample Config?) [7:789] I need to setup a 3600 to update it's clock, then supply it's time to the rest of a internal network. I've seen this in done in about 4 lines, but can't find it now on CCO. Anyone have a sample config they can post? Second question, Can a pix be a NTP Master/Server? Thanks in advance, -- Michael Snyder NOC Engineer CCNP-Security, MCSE,CCDP,CCIE-Written [EMAIL PROTECTED] ICQ#17424414 WAMS 273 E. Hacienda Ave Campbell, CA 95008 (408) 341-1530 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=824t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid question - EOL? [7:793]
Cat6Ks, Cisco's current flagship switch, of course ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thank you very much, appreciate all the help. I was wondering what people were planning to replace their 5000's with! I was originally trying ot locate a picture of the 2926G in Quick Reference Product Guide, but was having no luck. Thanks again, I'm off to check out those links! Patrick "EA Louie" on 04/16/2001 03:23:27 PM To: Patrick McAllister/SOC/WGL@WGL cc: [EMAIL PROTECTED] Subject: Re: Stupid question - EOL? [7:793] just end of *sales* for the older Cat 5000 *modules*, not the 5000 chassis or the 5500's, though! And with the product line so big, it can be difficult keeping track of what's live and what's EOL anymore, so don't get *too* far down on yourself ;-) Cat5000 EOL links - scroll down to product bulletins on (watch wrap) http://www.cisco.com/warp/public/cc/pd/si/casi/ca5000/prodlit/index.shtml General EOL on Cisco products can be found at http://www.cisco.com/univercd/cc/td/doc/pcat/elhw__g1.htm -e- - Original Message - From: To: Sent: Monday, April 16, 2001 11:27 AM Subject: Re: Stupid question - EOL? [7:793] Doh boy! I feel really dumb now, I didn't realize the 5000's had been EOL'd too! I really HAVE to start getting out more often! :) Thanks for the info, Patrick "Circusnuts" on 04/16/2001 02:16:34 PM To: Patrick McAllister/SOC/WGL@WGL, [EMAIL PROTECTED] cc: Subject: Re: Stupid question - EOL? [7:793] Yep- I believe it EOL-ed the same time as the Catalyst 5000's (summer 2000). Of course this does not mean Cisco has stopped supporting the box, just that you will not be able to purchase it under the new product line-up. IOS parts should exist another 3 years or so. Phil - Original Message - From: To: Sent: Monday, April 16, 2001 1:46 PM Subject: Stupid question - EOL? [7:793] I was trying to find some information on the 2926G switch (I'm not overly familiar with the whole Cisco product line so bear with me) and ran across this document: http://www.cisco.com/univercd/cc/td/doc/pcat/ca2926.htm Is the 2926G and old switch and EOL = End of Life? Just wondering Patrick FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=826t=793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:816]
Good advice and a great way to sell SmartNet contracts and maintenance contracts to keep those switch's CatIOS updated. Also, I hear that Win2K can cause the same problem, but comes with spanning tree disabled by default (which is the real problem, I believe). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Hornbeck, Timothy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Do Not Plug WXP In Your Cisco Network Yet: Crash Warning Computer Reseller News reported something 'interesting'. MS found out about an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 switch. The conflicts can cause your corporate networks to crash. The unexpected incompatibility sits between the 802.1x wireless security feature in Windows XP and the Cisco switch software that has a bug. Cisco has a fix on its website. This week, Redmond sent an e-mail to all of Microsoft Consulting Services (MCS) to not plug Windows XP machines into any network without explicit approval of the client's IT department. What seems to have happened is that a Microsoft consultant plugged a laptop running Windows XP into a site and took the entire company down. Some adventurous souls in Xerox did the same, and brought the whole network down. Xerox sent an email to all 50,000 employees and told them that if they plugged in WXP and brought the network down, they would pay for the damage out of their paycheck. Sounds like they mean it. More at: http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash __ Nathan C. Broome CNE,MCSE Network Administrator Mayfran International 440-461-4100x160 [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=827t=816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
Oh, and also the public NTP server list is handy. Use stratum 2 servers since the Cisco box isn't ever going to be accurate enough to need stratum 1. http://www.eecis.udel.edu/~mills/ntp/servers.htm Also, never copy the 'ntp clock-period ' command. That is set automatically by the router as it detects "drift" from it's clock and the external servers (in an attempt to fix the "drift"). It's always unique to each router, and they'll figure it out on their own. Worst case, they'll fix it anyway, but I just recommend against it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Davis, Scott [ISE/RAC]"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Michael, I am doing exactly that with a 3640 now. router(config)# ntp server x.x.x.x (internet stratus 1 clock server) router(config)# ntp master router(config)# ntp source intx/x (interface that supplies other NTP clients) set other routers ntp server to ip address of 3640 interface specified by ntp source command check synch and status with show ntp status and/or show ntp assoc Scott -Original Message- From: Michael Snyder [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 15:54 To: [EMAIL PROTECTED] Subject: Re: NTP Server/Master (Sample Config?) [7:789] "Hmm, why do you want your PIX to skin that racoon? Without any specific figures, I'm going on a limb there, but it seems unlikely that the money value of the added risk is worth the few grands that a peecee running a free Unix, coupled to a receiver for a radio time source, eg GPS, would cost you". I got four segments (different subnets) coming from the pix. I can make the router upstream of the pix the ntp master, but it's the same difference to me if the pix could do it. No problem. Thanks for your response. ""ElephantChild"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Mon, 16 Apr 2001, Michael Snyder wrote: I need to setup a 3600 to update it's clock, then supply it's time to the rest of a internal network. I've seen this in done in about 4 lines, but can't find it now on CCO. Anyone have a sample config they can post? I would look into the IOS configuration guide(s). Relevant section is probably called "Configuring NTP" or something close. Exact URL left to the reader as an exercise. Second question, Can a pix be a NTP Master/Server? Hmm, why do you want your PIX to skin that racoon? Without any specific figures, I'm going on a limb there, but it seems unlikely that the money value of the added risk is worth the few grands that a peecee running a free Unix, coupled to a receiver for a radio time source, eg GPS, would cost you. -- "Someone approached me and asked me to teach a javascript course. I was about to decline, saying that my complete ignorance of the subject made me unsuitable, then I thought again, that maybe it doesn't, as driving people away from it is a desirable outcome." --Me FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=828t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp path [7:837]
Give us a 'show ip route' from reach router. We'll be comparing the weights/metrics, so you can get a jump on it if you like. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""SH Wesson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a network that is running EIGRP to provide for redundancy, for some reason, for this one remote site, it is taking the long route to get to there. For instance, we have the following: RTR-A /\ / \ RTR-B---RTR-C The host we're trying to get to is on RTR-A and we are trying to get there from RTR-C. Every link has the same bandwidth. For some reason we a client on RTR-C is trying to get to a host on RTR-A, it goes from RTR-C to RTR-B then to RTR-A and finally to the host on RTR-A instead of directly from RTR-C to RTR-A and to the host. Any help would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=845t=837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written tomorrow. [7:830]
I hear this and other TR questions oddly still comprise a large section of the test, so be prepared. It's what I spent this weekend starting to learn about. Bleh, I hate old/dead technology that no one I know uses. I'm just glad it's off the lab. I think it's time to purchase or find a good Token Ring overview book. I've read a lot of current docs from Cisco's site, but nothing that really goes back to the beginning and gives a good foundation and good examples to make all this stuff stick in my head. I know a lot of it is just going to be re-reading the docs and definitions a few times until it just sinks in, but often I can find books that do a better job of describing a subject and it speeds the process along. Any recommendations? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tolanid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Focus on RIFs - how RSRB treats RIFs versus how DLSW treats it. Raj "Michael Snyder" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Don't worry about LANE, WORRY about Token RIFS, and the difference in modes of bridging it. What is 0xEOEO vs 0x8137? ""Michael Bambic"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well after teaching CCNA for the last 18 months for the Cisco Networking Academy, then taking the CCNP tests in February and CID in March I am now ready to take the CCIE Written (I HOPE) and plan to take the test tomorrow. I appreciate everyone's help with any questions I had and look forward to the next step in my IT career. I'll let you all know tomorrow what happens, any last minute info would be great. I plan to review ATM LANE components and processes tonight along with basic token ring info. Mike Bambic Lead Mentor Phoenix Branch 602-955-5888 Cisco Regional Business Development Manager TechSkills www.techskills.com [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=846t=830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Test post with CCO URL - http://www.cisco.com [7:847]
Testing to see if URLs in the subject get truncated. The subject should read: Test post with CCO URL - http://www.cisco.com -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=847t=847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Question [7:640]
It's not learning about a static route, but learning (or knowing) about a destination via a static route. Consider a static route with a higher administrative value than a dynamic route. The dynamic route will be used so long as it is received, but as soon as it fails the destination will now be known via the static route. Every router I've touched in the past two years have not required 'ip routing' to be issued and were routing out of the box. I've used it in troubleshooting "just in case" but never had it take affect (except when playing with bridging where it had been disabled). Just for grins and giggles I verified on a spare box, and 'no ip routing' shows when it is set, and 'ip routing' does not, so that lets you know the default values. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tony van Ree"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I thought IP routing was "not on by default" as a matter of fact that thought can bring you unglued when trying to work out way some issues as to why routers don't route IP. So I think (d) would be approriate. Why would a router "learn about a static route". So (c) goes out the window. Maybe I have a twisted view? Teunis, Hobart, Tasmania Australia On Saturday, April 14, 2001 at 03:00:21 PM, Jason J. Roysdon wrote: If 3 must be true, I'd say start with getting rid of the ones that aren't: Routing is enabled by default (may not have always been true, but as of 12.x) The command to enable routing is 'ip routing' That leaves you with three left. Of course, the exam could be wrong. a,c,e sound correct though, just skimming and not thinking too hard. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Victim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Exam 1.11. Which three statements about Cisco Implementation of IP routing are ture: a. Routers can learn next hops dynamically b. IP routing is disabled by default on Cisco routers c. Routers can learn next hops through static routes d. Entering ip route in global configuration mode enables IP routing e. Routers learn next hops by receiving periodic updates from other routers FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=871t=640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Maximum Serial bandwidth = inbound + outbound rate? [7:864]
The average sampling can be changed on a per-interface basis with the load command. I usually change ports I'm testing to 'load 30' so I can easily see after 30 seconds of generated traffic how a link is performing. 10 minute sampling would just be 'load 600.' One of our the groups gurus can answer you best on the speeds, but it's my understanding that the total transmit and receive can't go above the total speed on a serial link, making it a half-duplex connection (but that seems totally wrong since a T1 has two pair of wires, and I believe one pair is for transmit and the other receive). I truly don't know any of these layer 1 details, but just spouting off the top of my head with random logical guesses ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Sim, CT (Chee Tong)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi.. group May I ask if a serial link is said to be 256K, does it mean that the both input and output rate cannot exceed 256K or the SUM of input rate and output rate cannot exceed 256K. What is the Duplex type of Serial link as shown below? Why some of the serial link traffic rate are based on 5 minute in/output rate, but some of them are based on 10 minute in/output rate. How to change it? Does it shown the same info? How they count? They determined the number of bits in 5 minute and divided by the number of second in 5 minute 5X60s?? SIN01sh int s2/0 Serial2/0 is up, line protocol is up Hardware is M4T Description: --- Connects to LON01 S2/0 - MCI Circuit ID W0B73202 --- Internet address is 57.192.240.70/30 MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, reliability 255/255, txload 77/255, rxload 49/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Last input 00:00:01, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 14248 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/20/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 5 bits/sec, 28 packets/sec 5 minute output rate 78000 bits/sec, 32 packets/sec 101610672 packets input, 3280206236 bytes, 0 no buffer Received 872308 broadcasts, 1 runts, 35 giants, 0 throttles 5313 input errors, 4073 CRC, 0 frame, 7 overrun, 0 ignored, 1233 abort 115170761 packets output, 3847528448 bytes, 0 underruns 0 output errors, 0 collisions, 547 interface resets 0 output buffer failures, 0 output buffers swapped out 554 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=873t=864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can someone please help? [7:869]
It depends on the interfaces you'll have on the 1700 and 2500. The base 1700 has only a fastethernet port which can connect via a crossover cable (or hub/switch) to the ethernet port of the 2500 via an AUI-to-10baseT transceiver (if it's a 2500 with an ethernet port and not token ring). You can use the AUX ports to reverse telnet into the CON port of the opposite routing and even use it as an async device to route over (AUX to AUX, of course). If you're given a WIC T1 CSU/DSU module for the 1700 and had an external CSU/DSU for the 2500 (say an AdTran TSU 120), you can connect them via a T1 crossover cable (pins 1,2 cross with 4,5). If nothing else, you can just dig into IOS and learn the commands and syntax. There is a ton you can do to learn routing protocols, etc. if you can get the two routers to communicate (although 3 routers would be more ideal, but two is better than one or even none!). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""johnyohanus-cisco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am able to get my hands on some Cisco routers at work. My questions is, what will I be able to do with two Cisco routers (2500 Series and 1700 Series). Thank you. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=874t=869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you change Telnet's well known port? [7:717]
ipaddress port' from the command line/run (telnet ipaddress:port from the command line fails to work properly and just reports that it cannot connect). I suggest getting TeraTerm for a much better telnet/serial program. You can change the telnet:// URL to launch it instead of the Windows telnet.exe. If you want a quick test, I've got a bgp daemon running on my Linux box (looks very much like Cisco IOS): telnet://artoo.net:2605 and the vty password is 'bgp' (sorry, no enable access for the masses). At first I thought you were asking about the telnet service that Win2k has, so I'd written up this reply before I re-read what you asked: Yes, but remember that just changing the port is very weak security that any portscanner will be able to find: Start - Settings - Control Panel - Administrative Tools - Telnet Server Administrator: Microsoft (R) Windows 2000 (TM) (Build 2195) Telnet Server Admin (Build 5.00.99201.1) Select one of the following options: 0) Quit this application 1) List the current users 2) Terminate a user session ... 3) Display / change registry settings ... 4) Start the service 5) Stop the service Type an option number [0 - 5] to select that option: 3 Select one of the following options: 0) Exit this menu 1) AllowTrustedDomain 2) AltKeyMapping 3) DefaultDomain 4) DefaultShell 5) LoginScript 6) MaxFailedLogins 7) NTLM 8) TelnetPort Type an option number [0 - 8] to select that option: 8 Current value of TelnetPort = 23 Do you want to change this value ? [y/n] -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fred Danson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the info, Does the telnet client that is built into Windows2000 Professional allow changing of the destination port? Could I just click start -- Run and type in telnet 63.1.1.1 :24 ?? Thanks in Advance, Fred From: Carroll Kong To: "Fred Danson" CC: [EMAIL PROTECTED] Subject: Re: Can you change Telnet's well known port? [7:717] Date: Sun, 15 Apr 2001 13:26:34 -0500 At 01:32 PM 4/15/01 -0400, Fred Danson wrote: Anyway, here is what you could do PublicPrivate 63.1.1.1 :23192.168.1.23 :23 63.1.1.1 :24192.168.1.24 :23 63.1.1.1 :25192.168.1.25 :23 63.1.1.1 :26192.168.1.26 :23 I wasn't aware that it is possible to manipulate the port used to telnet. So using your example above, I would telnet to device 1 using the outside destination port of 23, telnet to device 2 using the outside destination port of 24, telnet to device 3 using the outside destination port of 25? Is it possible to do this? Would telnet work with ports other than 23? Could anyone clarify this please? Thanks for the help, Fred Absolutely. They are just daemons using a socket library. They can bind to any port they want and you can get the same result. As long as the client connects to the write server listening port, they do not care. The main reason why they initially set it up so that certain ports belong to certain services is to avoid confusion on the clients. So client software can be written to always connect to the 'well-known' port as opposed to some random port. Any well written client can choose which port to connect to, and if not specified, they default to the well known port. telnet 63.1.1.1 26 that would work for most telnet clients. However, this is not the case up here. In this case, even more the reason why it would work. Specifically here though, we are just redirecting from the external ip:port to some internal ip:port. We are still communicating with an inside host at port 23 (well known telnet port). All they are doing up there is remapping from external ip:port to internal ip:port. However, always remember, a daemon can bind to any port they want. You can tell your unix telnetd to bind to port 3922 or some other port. I suppose it is some feeble form of security, but since a good portscanner will find your "hidden" daemon anyway, I would not try to use this as a form of security. (i.e., putting listening ports on say 6073). -Carroll Kong _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=726t=717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you change Telnet's well known port? [7:717]
Yes, but remember that just changing the port is very weak security that any portscanner will be able to find: Start - Settings - Control Panel - Administrative Tools - Telnet Server Administrator: Microsoft (R) Windows 2000 (TM) (Build 2195) Telnet Server Admin (Build 5.00.99201.1) Select one of the following options: 0) Quit this application 1) List the current users 2) Terminate a user session ... 3) Display / change registry settings ... 4) Start the service 5) Stop the service Type an option number [0 - 5] to select that option: 3 Select one of the following options: 0) Exit this menu 1) AllowTrustedDomain 2) AltKeyMapping 3) DefaultDomain 4) DefaultShell 5) LoginScript 6) MaxFailedLogins 7) NTLM 8) TelnetPort Type an option number [0 - 8] to select that option: 8 Current value of TelnetPort = 23 Do you want to change this value ? [y/n] -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fred Danson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the info, Does the telnet client that is built into Windows2000 Professional allow changing of the destination port? Could I just click start -- Run and type in telnet 63.1.1.1 :24 ?? Thanks in Advance, Fred From: Carroll Kong To: "Fred Danson" CC: [EMAIL PROTECTED] Subject: Re: Can you change Telnet's well known port? [7:717] Date: Sun, 15 Apr 2001 13:26:34 -0500 At 01:32 PM 4/15/01 -0400, Fred Danson wrote: Anyway, here is what you could do PublicPrivate 63.1.1.1 :23192.168.1.23 :23 63.1.1.1 :24192.168.1.24 :23 63.1.1.1 :25192.168.1.25 :23 63.1.1.1 :26192.168.1.26 :23 I wasn't aware that it is possible to manipulate the port used to telnet. So using your example above, I would telnet to device 1 using the outside destination port of 23, telnet to device 2 using the outside destination port of 24, telnet to device 3 using the outside destination port of 25? Is it possible to do this? Would telnet work with ports other than 23? Could anyone clarify this please? Thanks for the help, Fred Absolutely. They are just daemons using a socket library. They can bind to any port they want and you can get the same result. As long as the client connects to the write server listening port, they do not care. The main reason why they initially set it up so that certain ports belong to certain services is to avoid confusion on the clients. So client software can be written to always connect to the 'well-known' port as opposed to some random port. Any well written client can choose which port to connect to, and if not specified, they default to the well known port. telnet 63.1.1.1 26 that would work for most telnet clients. However, this is not the case up here. In this case, even more the reason why it would work. Specifically here though, we are just redirecting from the external ip:port to some internal ip:port. We are still communicating with an inside host at port 23 (well known telnet port). All they are doing up there is remapping from external ip:port to internal ip:port. However, always remember, a daemon can bind to any port they want. You can tell your unix telnetd to bind to port 3922 or some other port. I suppose it is some feeble form of security, but since a good portscanner will find your "hidden" daemon anyway, I would not try to use this as a form of security. (i.e., putting listening ports on say 6073). -Carroll Kong _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=725t=717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Yup, you got it. Just set up the extra scope(s) for the subnet(s) you have the ip helper-address enabled port(s) on. The DHCP server sees the source address (or perhaps network address/mask, I'm not sure the down and dirty details), and sends an appropriate DHCP address from the scope that fits that subnet. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I happen to be a ccnp and mcse. I get how ip helper-address works. Also work with microsoft dhcp servers. How do you setup a scope for a remote subnet, and how does the dhcp server know how to hand out the correct ip leases for a non-connected subnet? Does the dhcp server look at the source address of the interface of the forwarded helper-address packets? Then match up the correct scope with the router interface ip address? ""Jason J. Roysdon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's a fun link explaining ip helper: http://routergod.com/trinity/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammed Khalilullah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Actually, the IP helper command is placed on the interface that is recieving the broadcasts. Now you have to decide which router is supposed to recieve the broadcasts. But in usual case, Clients usually try to communcate with the PDC for authentication and other stuffs. So, i think it would work to configure ip helper-address w.x.y.z on the ethernet interface of router 1 only (where w.x.y.z is the ip address of your PDC, but if you have multiple PDCs then you have to give the directed-broadcast address and also have to use ip directed-broadcast command). I hope this will work Muhammad Khalilullah CCNP, MCSE --- David Eitel wrote: I have two routers connected via serial point to point link. Router 1 has an ethernet segment with PDC info I want forwarded to Router 2 ethernet segment. No ip directed broadcast is configured on all interfaces. I want netbios traffic passed from one segment to the other. I have placed an IP helper-address statement on the ethernet interface needing the help. Do I need to use the ip helper-address on all interfaces to the source ip helper-address? Is the ip forward-protocol also necessary? Any advice would be greatly appreciated David Eitel FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=728t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: back to back cables [7:527]
That's got to be one of the lamest things I've ever heard. I'd tell accounting to stick it, and that unless they want to learn how to make routers work and figure out the correct parts, that perfectly legitimate third-party serial cables are no different than the Cisco blue logo'd cables other than that they cost a third of the cost. That's like saying you won't by Kingston/etc DRAM or Flash at 1/2th to 1/4th the cost of Cisco products. Do you have the same limitations on this? They have the same "Cisco part no." but they're definitely not from Cisco's vendors. I would make a huge fuss over this and take it up as far as I had to, with the message that accounting was making the company throw away money so items would fit into the categories they wanted. I don't know how many routers you're having to buy for, but this sort of corporate waste just makes me go ballistic. It's the sort of thing the US Government is great at. Worst case, here is how I'd get around it: When you order the cables, just order 3-4 at a time so they come in at over $100 and tell the vendor you want them to show as a line-item of quantity 1. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Ray Mosely"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, for those of you who continue to be incredulous, let me spell this out. We have a budget with budget lines. Commodities fall under $100, and equipment is over $100. Third party cables would be commodities, and there isn't enough money in that budget line to buy cables, because somebody else didn't put enough money in that budget line. On the other hand, there's too much money in the equipment budget line, so if we buy Cisco cables bundled with a Cisco router, then we can actually get cables that will work. Even if our supplier had third party cables (which it doesn't), we can't legitimately make the bookkeepers think that this is a manufacturer's bundle. So I have to buy Cisco cables at $150 a set, instead of third party cables at $50 a piece. Now, I'm not sure that any of this has anything to do with Cisco routers/routing, which is why I did NOT say any of this to begin with. I said simply that I could not buy third party cables, which is true and the only fact that is truly relevant. So hopefully, we can lay this to rest. Unless someone has the part number for an actual Cisco back to back cable, which is all that I asked for in the first place, I would like to see this thread buried. Thanks to everyone for their advice, Ray Mosely CCNA, MCSE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Sunday, April 15, 2001 2:06 AM To: [EMAIL PROTECTED] Subject: RE: back to back cables [7:527] Wow, why not? Does your employer make a habit of spending three times as much as necessary? :-) Just kidding... If that's the case, then go with the part numbers I gave you. For the sake of performance you'll want to go with the v.35 cables. John | It's simple. Cisco doesn't, to my knowledge, | make a back to back cable. I'm not allowed to | order a third party cable. | Ray M. | | -Original Message- | From: John Neiberger [mailto:[EMAIL PROTECTED]] | Sent: Friday, April 13, 2001 4:42 PM | To: [EMAIL PROTECTED] | Cc: [EMAIL PROTECTED] | Subject: Re: back to back cables [7:527] | | | Do I even dare ask why you are allowed to use two regular cables but not | a back to back cable? | | Hmm... while writing that I just thought of one good reason. Whenever | I order a back-to-back cable I usually get an RS-232 cable. This would | tend to limit the clock rate between the two routers. If I needed a | higher speed I'd have to find a V.35 back to back cable which seem to be | harder to find. | | If you want V.35: | | CAB-V35MT= | CAB-V35FC= | | If you want RS-232: | | CAB-232MT= | CAB-232FC= | | HTH, | John | | "Ray Mosely" 4/13/01 4:29:14 PM | I'm sorry to bring up this old old old | thread, but I'm in a situation where I | need a back to back cable for some 2501's, | but I'm not allowed to use a back to back | cable. | | There are two bona fide Cisco cables which | can be hooked together to make one back | to back cable (at three times the price | of a back to back). Anybody know the | part numbers of the Cisco cables? It's | for back to back on the WAN ports. | | Thanks, | Ray Mosely | CCNA, MCSE | FAQ, list archives, and subscription info: | http://www.groupstudy.com/list/cisco.html | Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] | | | | | FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html | Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: TEEN PORN SPAM... [7:543]
Use MAPS RBL and/or ORBS. You'll probably end up blocking some legitimate stuff than spam, however (read their disclaimers and how each works). http://www.orbs.org/ http://www.mail-abuse.org/ I like SpamCop for reporting spammers that actually get through to my work and/or personal email. http://www.spamcop.net/ I frankly don't care about dropping email from people with clueless ISPs and like my 99% spam-free email, so I use MAPS RBL ORBS. Of course, I hide all my public email behind hotmail and only give my personal artoo account to real folks and not online forms. I find it less than humorous that my ADSL email account gets numerous pieces of spam a week (which I have never used to send, just check once a month to find out about announcements). I can't wait until even people selling CDs with lists of email addresses are getting taken to court, and when message/call center places that spammers hide behind are required to give information about people that use them when spamming. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Paul Borghese"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We need some ideas on how to block spam more efficiently. Any suggestions? Paul - Original Message - From: "Angel Castillo" To: Sent: Friday, April 13, 2001 8:24 PM Subject: TEEN PORN SPAM... [7:543] I am utterly offended by the previous posting regarding teen porn. I sincerely hope that all of the technical people that use this site figure out a way to "put a big brain techie hurt" on the person that posted it. Hopefully the webmaster has some ideas as well... Angel M. Castillo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=595t=543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:639]
You mean books. Why not start with the CCIE RS Qualification Exam (Written) Recommended Reading List? http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#34 The Blueprint would also make for a good starting place for your book purchasing/online studying: http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""SH Wesson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone give some advice as to what is the best book to use for the CCIE written. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=647t=639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Question [7:640]
If 3 must be true, I'd say start with getting rid of the ones that aren't: Routing is enabled by default (may not have always been true, but as of 12.x) The command to enable routing is 'ip routing' That leaves you with three left. Of course, the exam could be wrong. a,c,e sound correct though, just skimming and not thinking too hard. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Victim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Exam 1.11. Which three statements about Cisco Implementation of IP routing are ture: a. Routers can learn next hops dynamically b. IP routing is disabled by default on Cisco routers c. Routers can learn next hops through static routes d. Entering ip route in global configuration mode enables IP routing e. Routers learn next hops by receiving periodic updates from other routers FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=648t=640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: subnets [7:638]
I can't any reason why it wouldn't work. The only thing I would mention is that older IOS using EIGRP doesn't allow you to specify a mask with the network command, and wouldn't allow you to be granular with your networks if you don't want to specify all of them to be known in EIGRP. If you want all the networks in your EIGRP tables, then it'll work just fine. You might also need to consider 'no auto-summary,' depending on how well you've planned (or rather, if there is a lack of planning and summarization will cause a problem). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""SH Wesson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Our existing network consists of a flat network at 172.16.0.0 with a mask of 255.255.0.0 and 172.31.0.0 with a mask of 255.255.0.0. Since it is flat, the networks are 172.16.2.0 - 172.16.12.0 mask 255.255.0.0. EIGRP is running. Now, the question I have is, if I create new subnets to segment the place with networks like 172.20.10.0, 172.20.11.0, 172.12.0, etc all with masks of 255.255.255.0 and if I run EIGRP also. If I were to run both the above networks at once and within the same EIGRP process, would it cause any problems. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=646t=638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which Job post get most money!? [7:643]
Check some online job posting places and just see what's going for what salary. http://www.dice.com/ Location and its market demand is going to influence things heavily as well, so you should also consult a salary/cost-of-living calculator if it looks like you might be moving. http://www.homefair.com/calc/salcalc.html?NETSCAPE_LIVEWIRE.src=homefair -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Victim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Pls suggest. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=649t=643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: How to determine CIR and increase CIR of FR? [7:554]
Committed Information Rate. Read up on Frame Relay if you want to pick up what we're talking about. Step-by-step for those new to CCO: http://cisco.com Technical Support Help -- Cisco TAC Technologies WAN Frame Relay http://cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Frame_Re lay Once you've read up on a topic, check out some sample configs (starting at the TAC link above): Install Configure TAC Technical Tips/Sample Configurations WAN Technologies Frame Relay http://cisco.com/warp/public/125/index.shtml I think the best thing anyone looking to pursue a Cisco career is to learn CCO, specifically TAC and the UniverCD sections. It's all there, and free. I'd also suggest getting a CCO login as not everything is available to the public (but all the basic items are). They're also free, and if you don't work for a Cisco partner, you can sign up as a consultant. http://www.cisco.com/register/help/consultant.htm http://www.cisco.com/register/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Victim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... what is CIR? "Jason J. Roysdon" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... However, one thing to consider is that CIR at any given point doesn't mean that you have that end-to-end CIR. Of course, without at least having the port speed at your given CIR, you'll never go faster, but having the local FR switch's CIR from 'show frame map' is useful. Consider this: PFI-LIV-3640#sh frame map Serial3/0.20 (up): point-to-point dlci, dlci 20(0x14,0x440), broadcast, BW = 64096 status defined, active Serial3/0.22 (up): point-to-point dlci, dlci 22(0x16,0x460), broadcast, BW = 64000 status defined, active Serial3/0.19 (up): point-to-point dlci, dlci 19(0x13,0x430), broadcast, BW = 128000 status defined, active Serial3/0.18 (up): point-to-point dlci, dlci 18(0x12,0x420), broadcast, BW = 384000 status defined, active Serial3/0.17 (up): point-to-point dlci, dlci 17(0x11,0x410), broadcast, BW = 128000 status defined, active Serial3/0.23 (up): point-to-point dlci, dlci 23(0x17,0x470), broadcast, BW = 64000 status defined, active Serial3/0.21 (up): point-to-point dlci, dlci 21(0x15,0x450), broadcast, BW = 64096 status defined, active What's the total CIR for Serial3 into the cloud? If you total it, it's 896K. That's way over-provisioned as this customer only has 8 64K CIR (128K BE) links, which means the max they can pump CIR from the endpoints is 512 CIR. With Burst it's 1024, but since the far ends are guaranteed anything beyond CIR, it's not really that worth while. Of course, I'll have to call the FR carrier Monday and find out what is really provisioned (always the best way, at least that way you're getting it from the horse's mouth, even if they're lying). The customer has no real clue, as usual. Also, some of the FR switches at the remote ends show BW statements, but more than half (the more rural areas) do not, so it's only useful if you've got a newer route that supports it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Greg Owens"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Positive it is from the frame switch that is sent via LMI -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 9:56 AM To: Greg Owens Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: RE: How to determine CIR and increase CIR of FR? Are you sure that information isn't just taken from the "bandwidth" statements on the subinterfaces? Greg Owens wrote: Sh frame map will show u the CIR -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Skinner Sent: Monday, April 09, 2001 7:45 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: How to determine CIR and increase CIR of FR? your CIR (Committed information rate) is supplied by your SP ...you and him agree how much you can have( depending on how much you pay) usually the person setting up your router sets the "BANDWIDTH" command to the CIR+ BR (burst rate) I.E how high you CAN go up to for a limited amount of time ..again your service provider has set this for you . HTH steve From: "David Gollop" Reply-To: "David Gollop" To: [EMAIL PROTECTED] Subject: How to determine CIR and increase CIR of FR? Date: Mon, 09 Apr 2001 10:29:40 - Hi.. How to determine the CIR of a fra
Re: Would double telnet work? [7:676]
I don't know that they do, but the Linksys does support port redirection. Just point the standard telnet port (23) at your inside router. Once on one inside router you can telnet around to others inside, or you can also point other ports from the outside to inside port 23. The biggest limitation that the Linksys has is that it can only handle one public address (I don't know if the NetGear or anything else can handle more). Not really a big deal unless you've got a bunch of gamers that want to be able to play against each other and the outside world, and they need to have the same outside public port mapped to play. Anyway, here is what you could do PublicPrivate 63.1.1.1 :23192.168.1.23 :23 63.1.1.1 :24192.168.1.24 :23 63.1.1.1 :25192.168.1.25 :23 63.1.1.1 :26192.168.1.26 :23 Of course, you might want to pick better ports, but if you don't care about housing services public services on the inside, it should work. My personal suggestion would be to set up an old 486 and run Linux and SSHv2 so that you can SSH in on port 22, and once on the Linux box on the inside, telnet to your routers. That way it's all encrypted and no chance of someone hijacking your lab. Plus, you can log all the connections to the Linux box and have a user list to control access. Of course, there is a little bit of a learning curve to get that configured, but it's not that bad with RH7 and a standard NIC. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fred Danson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey Group, This is a continuation of the NAT capabilities of small Netgear/Linksys router Post. I am curious, would it be possible for me to do a telnet from my remote site to the small router, and then do another telnet from the small router to the inside devices? This would pretty much be a double telnet (if there is such a thing). Does anyone know if most of these small routers support outgoing telnet sessions? Thanks again for the help, Fred _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=679t=676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switching. [7:551]
Congrats! Most people don't realize that Routing is much harder than they think it's going to be. It's a test on routing protocols, not routed protocols. Just be sure you've read up on the exam outline (maybe pull down the outline from the previous version of the test, as it breaks down different areas in more detail than the new exam outlines do) and know what to expect. When I know someone has had hands on router experience with T1s, ISDN, Frame Relay, etc., I usually suggest they go after the Remote Access (sounds like RAS/dial-up stuff), which is what they already have experience with. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""CISQUO"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi people, Cleared Switching this morning. It was pretty tough , as this was the first CCNP exam . Hope to clear Routing soon. 1 down 3 to go. Shree. _ Chat with your friends as soon as they come online. Get Rediff Bol at http://bol.rediff.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=551t=551 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: How to determine CIR and increase CIR of FR? [7:554]
However, one thing to consider is that CIR at any given point doesn't mean that you have that end-to-end CIR. Of course, without at least having the port speed at your given CIR, you'll never go faster, but having the local FR switch's CIR from 'show frame map' is useful. Consider this: PFI-LIV-3640#sh frame map Serial3/0.20 (up): point-to-point dlci, dlci 20(0x14,0x440), broadcast, BW = 64096 status defined, active Serial3/0.22 (up): point-to-point dlci, dlci 22(0x16,0x460), broadcast, BW = 64000 status defined, active Serial3/0.19 (up): point-to-point dlci, dlci 19(0x13,0x430), broadcast, BW = 128000 status defined, active Serial3/0.18 (up): point-to-point dlci, dlci 18(0x12,0x420), broadcast, BW = 384000 status defined, active Serial3/0.17 (up): point-to-point dlci, dlci 17(0x11,0x410), broadcast, BW = 128000 status defined, active Serial3/0.23 (up): point-to-point dlci, dlci 23(0x17,0x470), broadcast, BW = 64000 status defined, active Serial3/0.21 (up): point-to-point dlci, dlci 21(0x15,0x450), broadcast, BW = 64096 status defined, active What's the total CIR for Serial3 into the cloud? If you total it, it's 896K. That's way over-provisioned as this customer only has 8 64K CIR (128K BE) links, which means the max they can pump CIR from the endpoints is 512 CIR. With Burst it's 1024, but since the far ends are guaranteed anything beyond CIR, it's not really that worth while. Of course, I'll have to call the FR carrier Monday and find out what is really provisioned (always the best way, at least that way you're getting it from the horse's mouth, even if they're lying). The customer has no real clue, as usual. Also, some of the FR switches at the remote ends show BW statements, but more than half (the more rural areas) do not, so it's only useful if you've got a newer route that supports it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Greg Owens"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Positive it is from the frame switch that is sent via LMI -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 9:56 AM To: Greg Owens Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: RE: How to determine CIR and increase CIR of FR? Are you sure that information isn't just taken from the "bandwidth" statements on the subinterfaces? Greg Owens wrote: Sh frame map will show u the CIR -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Skinner Sent: Monday, April 09, 2001 7:45 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: How to determine CIR and increase CIR of FR? your CIR (Committed information rate) is supplied by your SP ...you and him agree how much you can have( depending on how much you pay) usually the person setting up your router sets the "BANDWIDTH" command to the CIR+ BR (burst rate) I.E how high you CAN go up to for a limited amount of time ..again your service provider has set this for you . HTH steve From: "David Gollop" Reply-To: "David Gollop" To: [EMAIL PROTECTED] Subject: How to determine CIR and increase CIR of FR? Date: Mon, 09 Apr 2001 10:29:40 - Hi.. How to determine the CIR of a frame relay line? Like Result shown below, what is the CIR? How do I increase the CIR? Do we have to contact the Frame relay provider? What is the difference between CIR and EIR?? SIN01#sh int s1/1.19 Serial1/1.19 is up, line protocol is up Hardware is M4T Description: --- Connects to JKT01 Ser0.2 --- Internet address is 50.200.243.25/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 2/255, rxload 2/255 Encapsulation FRAME-RELAY IETF _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=554t=554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]