Re: Certification Ego! (was Failed CCDA) [7:1929]
I won't argue that it's always wise to follow what other people did, but I will make a few points. First is that unless you know at least a very good entry-level knowledge of networking beyond the Cisco product line, you're not very useful. A CCIE who has never touched NT or Unix, bah, I don't see a huge value. I guess it varies on what you're doing and wanting to do, but for me, 70% of my time is spent helping a customer figure out what in the world they need me to do with the routers. I had a customer today that was going to deploy a DHCP server on each subnet because they didn't understand any other way to do it. If I didn't know NetWare DHCP and NT DHCP servers, I wouldn't have been able to help them today beyond just saying "configure you DHCP server for scopes for those subnets." Yes, I know how to do the "ip helper-address," but unless they can configure their DHCP servers, that knowledge doesn't do much. As it is, I spent 15 minutes explaining how the whole thing would work, and then the rest of the day configuring scopes and then finally implementing "ip helper-address" on all the necessary interfaces. So, I do think it's necessary to have a good foundation in various areas. No, you don't need a paper cert to have that experience, but if you're going to learn it and can chase down certs, you might as well so that you've got proof to show customers who go bug-eyed at certs. It's like that commercial (I think IBM does it), where two consulting guys are telling this high-up exec a huge list of things he should implement. He listens (clueless, of course), and says, "Great, do it!" to which they reply something like, "Oh, we don't do anything, we just give consulting as what you need to do." Tomorrow I will be explaining to a customer why they need to not permit all DMZ traffic into their Internal LAN, and what changes they'll have to make on their servers, including, but not limited to, DNS and WINS. I don't think there is anything in Cisco's line that will test you on those topics. I know for me, the CCIE is not the "ultimate," but it's pretty damn high up there. I have doubts I'll go back and upgrade my MCSE to Win2k if I get my CCIE and can avoid it. I guess my point is once you get to a certain level, you're less likely to want to go back and do the things that would help you more as they seem of a lesser value or skill set. I do know that I won't be doing my CNE, but then I doubt those who don't have to deal with Novell on a daily basis see it as useful these days. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fred Danson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > One thing that I ALWAYS notice when asking someone else for advice is that > they ALWAYS advise me to take the same path that they did. No matter how > dissimilar out situations are, I will always be advised to take the same > route that they took. > > For example, when I was finishing up with my CCNP certification, I asked for > advise from several other people who also were finishing their CCNP > certifications. A few of the people that I asked were MCSE's and they all > told me to go for MCSE before CCIE. Their reasoning was that I wouldn't be > able to understand the WAN unless I had a solid understanding of the LAN. > Now I do think that there is some logic to this statement, but I definitely > did not think that it made sense to put CCIE on hold for 5-6 months just to > learn more about Microsoft. > > I think their real reasons for giving me such crappy advice is that they're > afraid to admit that they made a mistake. If they suddenly realized that > they wasted 7 months learning about Microsoft, would they be willing to > admit this? I really doubt it! They would tell me to do what they did so > they can boost their own egos! Or on the other hand, they wouldn't tell me > not to do what they did because they would hurt theie egos. > > So now, instead of blindingly taking someone's advice, I take a realistic > look at all of my options. Being only 20 years old, I was advised by many > "experienced professionals" to give it a few years before attempting the > CCIE. Does it really take that long to learn all this stuff? I really don't > think so. There is an abundance of information out there, and all you have > to do is put in the extra effort to learn it. Heck, I didn't even know what > a Router was until about 7 months ago, and I already have CCNA, CCDA, CCNP, > and CCIE written. > > My point here is, don't listen to anyone that isn't in the same situation as > you! Take a realistic look at your options and go for it! > > Fred Danson > > P.S. - I have a problem with the statement "youth is a unique illnes that > heals with time only". From what I hear, the older portion of the CCIE > candidates typically struggle with the time constraints on the CCIE Lab. To > my knowledge, cheese and wine are the things
Re: How long ? [7:1928]
That's not nearly as important as what information is tested on the CID. Know that and don't worry about the score or time (I believe it's 90 minutes though). http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-025.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Antonio Ramirez Volker"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Two very simple question.. > > How long takes the CID exam? > What is the pass grade? > > Thanks in advance > > Antonio > > *** > Ing. Antonio Ramirez Volker > Consultor LAN/WAN > Consorcio Red Uno S.A. de C.V. > Av Lazaro Cardenas 3430 piso 2 > Col Chpalaita CP 45040 > Guadalajara Jalisco Mexico > Tel 3 678 58 00 > Fax 3 678 58 88 > email [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1998&t=1928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Career/education recommendations after High School [Re: [7:1978]
Of course, those that have gone to college value it more, but I say forget college and don't waste 4+ years of your life if you know what you want to do and don't need it. I've seen a number of pay-scale tables, and here's an example of what I've seen a number of places: 2 years of experience is worth a 4 year BA/BS degree. Now if you can swing working part-time in your field, nail some good certs along the way, AND do college, I say go for it. Especially if you're single and unencumbered. If you can swing it, check out your local junior/community colleges. Here in California they're dirt cheap (a very small fraction of the cost of 4-year schools). The best thing is that if you get tired of the school thing after 2-3 years, you should at least have your AA/AS, versus all those folks that stop college half-way through and have nothing to show but student loans. Depending on how you work, most have night classes to cover most of your low-end prereqs so you can work during the day and do school at night. If you can pull "light" work during the day and do night classes, I'd say this is the way to go (you get the "experience" credits people looks for, and the degree). Plus, if you want to do the BA/BS thing, you can easily transfer after your AA/AS. My brother has done this (he actually took 3 years to get his AA, but took it slow and took a lot of extra classes that interested him (electrical, engineering, compsci), and didn't count much toward his journalism/communication degree). The best thing of all is that when he graduated, he owed nothing, and in fact had saved up enough money to pay for two years of state college. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > One more thing to add to that Phil. > > Russ... at 17, let me make one suggestion to you... put some money away now > for your college years! I too had a similar job to Russ, but I spent my > money on stupid things that I thought were important at 17 and then when > the real fun hits you in college, you are already tapped out! Put in your > time, put some money away and it will all come around!! > > Good luck dude! > > > > > [EMAIL PROTECTED] > > For information on our award winning server & storage products: > > Dell Server Site: http://www.dell.com/products/poweredge/index.htm > > > -Original Message- > From: Circusnuts [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 24, 2001 9:06 PM > To: [EMAIL PROTECTED] > Subject: Re: Failed CCDA [7:1698] > > > When I was 17 years old (1987), I washed chili pots @ the local greasy spoon > for $3 an hour... wondering how I was going to pay for college. My senior > worked 9 to 4 (I worked 4 to 11, sometimes 12AM), made $5 an hour, only had > the cushy lunch crowd to contend with, & left the tough pots for me. > > I feel your pain. > > Pay your dues & change things when you get in a position to. > > Phil > > > > - Original Message - > From: Russ Kreigh > To: > Sent: Tuesday, April 24, 2001 8:49 PM > Subject: RE: Failed CCDA [7:1698] > > > > I too am only 17 years old and like Priscilla I think this is a > > controversial topic. However, I have a very strong opinion, therefore am > > going to express it. :-) I currently work for an local ISP and have quite > a > > bit of Cisco experience along with very much UNIX (BSDi, Linux, HP-UX, > > Solaris), HTML, JavaScript, ASP, PERL, etc etc. However, I make > > significantly less that a new guy that was hired to work along with me. I > am > > just as qualified, if not more. Of course, there are other issues to > > consider; I am part-time and he is full time, I know that makes a > > difference, that part I understand. But, I feel that a large portion of it > > has to do with my age, not based on my ability to perform my job. > > > > On a Cisco related note, I am going to schedule my CCDA exam within the > next > > month, along with my CCNA. I am very confident that I will do good on my > > CCNA, and have been studying CCDA material and getting some real-life > > experience in my job. > > > > The message I am trying to point out is that just because we may be young > > doesn't mean that we should not be taken seriously. Also, I know that my > age > > also offends some people who have been in the field a long time. I can't > > really speak from expeirence here, but I know that more women have choosen > > careers in the Technology field in the past 10 years. Just as their > > co-workers have come to accept it more, they are going to have to accept > > that us young adults can be capable of doing the same job. > > > > -Russ > > > > > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Priscilla Oppenheimer > > Sent: Tuesday, April 24, 2001 1:03 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Failed CCDA [7:1698] > > > > > > I'm go
Re: AS5300 Async Dial-up Connectivity problem [7:1840]
debug ppp authentication debug ppp negotiation debug ppp errors My guess is you'll see it in there. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Burgin Kozak"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi. > I have an AS5300 Access Server. > I want to dial-up access to AS5300 using my Laptop and my async modem. > But I cant log in. ( I mean AS5300 doesnt authenticate) > AS5300s show running-config output and show version output are below. > If someone check the configs I will be very happy. > > Thanks. > Regards. > > Burcin > > > /*** > **/ > /*RUNNING CONFIGURATION > */ > /*** > **/ > > Current configuration: > ! > version 12.0 > service timestamps debug datetime msec localtime > service timestamps log datetime msec localtime > no service password-encryption > ! > hostname merkez-access > ! > aaa new-model > aaa authentication login default local > aaa authentication ppp default local none > enable secret 5 /* i erased passwords */ > enable password 7 /* i erased passwords */ > ! > username dial password 0 dial > username user1 password 0 user1 > modem country mica turkey > ip subnet-zero > no ip domain-lookup > ! > isdn switch-type primary-net5 > ! > ! > controller E1 0 > clock source line primary > pri-group timeslots 1-31 > ! > controller E1 1 > clock source line secondary 1 > pri-group timeslots 1-31 > ! > controller E1 2 > clock source line secondary 2 > ! > controller E1 3 > clock source line secondary 3 > ! > controller E1 4 > clock source line secondary 4 > ! > controller E1 5 > clock source line secondary 5 > ! > controller E1 6 > clock source line secondary 6 > ! > controller E1 7 > clock source line secondary 7 > ! > ! > interface Loopback0 > ip address 10.9.0.1 255.255.255.0 > no ip directed-broadcast > ! > interface Ethernet0 > ip address 10.32.9.1 255.255.255.0 > no ip directed-broadcast > shutdown > ! > interface Serial0 > ip unnumbered Ethernet0 > no ip directed-broadcast > no ip mroute-cache > shutdown > no fair-queue > clockrate 2015232 > ! > interface Serial1 > ip unnumbered Ethernet0 > no ip directed-broadcast > shutdown > no fair-queue > clockrate 2015232 > ! > interface Serial2 > ip unnumbered Ethernet0 > no ip directed-broadcast > shutdown > no fair-queue > clockrate 2015232 > ! > interface Serial3 > ip unnumbered Ethernet0 > no ip directed-broadcast > shutdown > no fair-queue > clockrate 2015232 > ! > interface Serial0:15 > ip unnumbered Loopback0 > no ip directed-broadcast > encapsulation ppp > isdn switch-type primary-net5 > isdn incoming-voice modem > peer default ip address pool deneme > fair-queue 64 256 0 > ! > interface Serial1:15 > ip unnumbered Loopback0 > no ip directed-broadcast > encapsulation ppp > isdn switch-type primary-net5 > isdn incoming-voice modem > peer default ip address pool deneme > fair-queue 64 256 0 > ! > interface FastEthernet0 > no ip address > no ip directed-broadcast > shutdown > ! > interface Group-Async1 > ip unnumbered Loopback0 > no ip directed-broadcast > encapsulation ppp > async dynamic address > peer default ip address pool deneme > ppp authentication chap > group-range 1 240 > hold-queue 10 in > ! > router eigrp 100 > network 10.0.0.0 > ! > ip local pool deneme 10.9.0.1 10.9.0.254 > no ip http server > ip classless > ! > logging history notifications > dialer-list 1 protocol ip permit > ! > line con 0 > logging synchronous > transport input none > line 1 240 > autoselect during-login > autoselect ppp > modem Dialin > modem autoconfigure discovery > transport input telnet > transport output telnet > line aux 0 > line vty 0 4 > ! > end > > > /*** > ***/ > /* SH VERSION OUTPUT > */ > /*** > ***/ > > sh version > Cisco Internetwork Operating System Software > IOS (tm) 5300 Software (C5300-I-M), Version 12.0(4)XJ4, EARLY DEPLOYMENT > RELEASE SOFTWARE (fc1) > TAC:Home:SW:IOS:Specials for info > Copyright (c) 1986-1999 by cisco Systems, Inc. > Compiled Sun 24-Oct-99 20:26 by sharpd > Image text-base: 0x600088F8, data-base: 0x60676000 > > ROM: System Bootstrap, Version 12.0(2)XD1, EARLY DEPLOYMENT RELEASE SOFTWARE > (fc1) > BOOTFLASH: 5300 Software (C5300-BOOT-M), Version 12.0(4)T1, RELEASE > SOFTWARE (fc1) > > merkez-access uptime is 2 hours, 10 minutes > System restarted by reload > System image file is "flash:c5300-i-mz.120-4.XJ4" > > cisco AS5300 (R4K) processor (revision A.32) with 65536K/16384K bytes of > memory. > Processor board ID 17041484 > R47
Re: CCIE lab equipment - VOIP help needed. [7:1774]
Oh, and the 1700 line has an ADSL WIC available. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Vincent Chong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1750 with enough memory and flash if you wan to play voice over ip > 1720 series ( no support for voice) > > > > ""Jon"" Might look at the 827-4v router, as well. It's an Alcatel-DSL > modem, with > > an ethernet interface and four FXS interfaces. Should be able to buy two > > of them for what a single 1700 and voice modules cost, and connect them > > over your existing lab to perform WAN QoS stuff. > > > > -jon- > > > > ""Circusnuts"" wrote: > > > Don't forget the 3600's do Voice, ATM, & Fast Ethernet. You may find > > the > > > 4500 Fast Ethernet modules cost more than anything for 3600 router. We > > > replaced a lot of Government 45's & 4700's with 3600 routers, when > > > pricing modules. If you have the 4500's already, I would think the > > > 1700's would be the best Voice router for the money. I would assume- > > > with a reasonable discount, you could outfit 2 complete Voice 1700's for > > > > > around 3,000. > > > > __ > > Do You Yahoo!? > > Yahoo! Auctions - buy the things you want at great prices > > http://auctions.yahoo.com/ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1973&t=1774 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Win 2000 DNS server query test failed [7:1852]
I haven't heard of this problem. Perhaps your internet connection was down when the DNS service started and it couldn't initialize properly. Try restarting the service. If all else fails, search the Microsoft online TechNet database: http://www.microsoft.com/technet/ "Advanced Search" http://search.microsoft.com/us/itresources/SearchMS25.asp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Shawn Xu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know this is Cisco stuff study group, but I am really stuck at one DNS > server problem, maybe someone knows. > > Also if we should not post any questions not related to Cisco, please warn > me, and I will not do again next time. > > We have a Windows 2000 DNS server (66.59.140.251), and in fact it is > working, but for some reasons it doesn't synchronize with other DNS servers > properly. When we do "A simple query against this DNS server" and "A > recursive query to other DNS servers" test, both of them failed. > > I have read some books, they say it is very important to pass these two > tests, but they don't say why and how to make them pass. > > When we checked DNS log files,it say: > ERROR: GQCS failure on dead socket. status=995, socket=456, pcon=00465EDC, > state=-1, IP=66.59.140.251. > > What does it mean? How to fix this problem? > > Any help will be highly appreciated. > > Shawn Xu > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1974&t=1852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab eBay [7:1967]
I'm not the seller, but I saw this on eBay and thought it might interest those of you with a bunch of cash to spare (or company money), and wanting a great CCIE level lab of equipment (currently at $2K, and reserve is not yet met): http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1232735202 "I have finally attained my CCIE so it time to get this equipment out of my house!! This is perfect for getting your Cisco Certifications! Everything is in A+ condition with extra accessories included. This lab consists of 7 routers, 1 Cisco CS-500 terminal server for reverse telnet, 1 Cisco 2501 1 eth 2 serial , 1 Cisco 2514 dual Ethernet router w 2 serial, 2 Cisco 2502 token ring routers w 2 serial, 1 2521 for a Frame Relay switch 4 serial w 1 toekn ring and 1 isdn, 1 1601 Ethernet router with 2 serial and 1 ethernet port., 1 1005 Ethernet router with 1 serial and 1 ethernet port, 1 token ring MAU for the token ring routers, 1 Cat 5000 with Supervisor I module, 48 Port 10BT Desktop Ethernet Switching Module with Telco cables and 48 port patch panel! 4 Catalyst 5000 CDDI Switching Module . Rack mount kits are included for the 2500 series routers and the catalyst. Also all terminal cables for the CS-500 and power cords for all routers are included. All Ethernet and token ring transceivers are included.5 DTE-DCE back to back cables.5 CAT5 eth cables. This is a great deal to get your CCNA, CCNP, and CCIE. Feel free to email any questions you have. Pay pal preferred for payment. I will throw in the 19inch rack pictured for $100 if the high bidder wants it." -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1967&t=1967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MNCS + Security [7:1860]
This URL should clear it up: http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html "As of January 1, 2001, this specialization no longer requires CCNP certification. See the Cisco Security Specialist page for more information." Which links to: http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/security/ Which is the "Cisco Security Specialist 1" that is CCNA + MCNS + CSPFA + CSIDS + CSVPN, and not CCNP-level. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Cooper, David"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have received multiple answers to the question about the + security cert > for CCNP. I guess the best question is has anyone that is a CCNP and taken > the test after 1 Jan 2001 gotten the +security cert? I have read through > the old posts and I have not found anything definite in them and most of the > direct answers were 50% yes and 50% no?. Anyone from CISCO know? The Cisco > web site isn't much help either other then the other specialization's retire > on 14 May. Thanks. Sorry to beat a dead horse. > > Dave > CCNP, CCDP, NNCSS > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1975&t=1860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE lab equipment - VOIP help needed. [7:1774]
Buy a 6400 ;-p http://www.cisco.com/warp/public/cc/pd/as/6400/ Cheaper to order ADSL if you can get it. However, it's pretty much pointless for real ATM practice (just read a sample config for an 827), as you can't change the ISP side of things. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""[EMAIL PROTECTED] (John Nemeth)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Sep 14, 11:18am, "Jon" wrote: > } > } Might look at the 827-4v router, as well. It's an Alcatel-DSL modem, with > } an ethernet interface and four FXS interfaces. Should be able to buy two > > Not to mention the DSL port. I've been wondering how one could do > DSL in a lab? > > }-- End of excerpt from "Jon" > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1972&t=1774 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
I can't see the certification being devalued. Cisco is constantly making the test harder by adding more and more relevant items and removing those that are not. Plus, by forcing older CCIE's to keep current with the CCIE Written is decertifying those that don't care and keeping the numbers from growing too fast. And, as you say, with the need for more and more folks at this caliber is increasing, I don't think there will be any problem with the demand keeping up with the increased supply. Not if the AVVID thing takes off for one (and it is, at least for us). Our local county let their top PBX staff go and is looking to implement VoIP (I don't know why they cut first and didn't get the new system in place first, but government doesn't always make sense). The question is, of course, who will win, 3Com, Nortel, or Cisco (our shop actually does all 3, so we don't care so long as we win the bid, hehee). http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_present.html Just checking the current numbers, they're not up that high - 5595 Active CCIEs (4992 as of 11/01/2000, up 137 since 4855 CCIEs as of 06/01/2000, which was up 156 since 03/31/2000 at 4699). That's only 896 new CCIEs in year. Granted, it sounds like a lot (~75/month), but compare that to the MCSE numbers (which I'd love to see, especially with the new Win2k stuff out). Especially if you figure probably a third, if not more are Cisco employees ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tennesee Stud"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was wondering what others thought about the CCIE. It seems to me now that > there are so many books and training materials geared towards the CCIE, it > is making it easier to obtain the CCIE. With a steady diet of the right > books ( which everyone seems to agree on) and hands on time with routers and > switches ( which to me is the only obstacle), it does not seem as difficlut > as it proclaimed (and I think most people see that).My opinion is the CCIE > will be devalued considerably in the next few years (As far as salary is > concerned as well as prestige) As others have pointed out, the CCIE > population is growing at a faster rate (routing and switching), and even > though the demand is high for the CCIE now, I think in 2 years there will be > a difference in the way the industry views CCIE's > > .02 thats all > > Tennesee Stud > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1993&t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 2900 Password Recovery [7:1911]
Bookmark it. I use it 2-3 times a month (clueless customers). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""sparkest pig"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > anyone know the link for Cat 2916 password recovery? > > thanks in advanced > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1995&t=1911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
Has anyone heard any recent stats on pass/fail rate for the CCIE? I believe I've heard a few times that it was 80% fail rate the first time through. Not that a Jedi, err, Network Engineer should think about such thinks or be fearful, but still, I'm curious. Speaking of, this is one of the coolest "home made" Star Wars fans movies I've seen to date: http://www.crewoftwo.com/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Coleman, Jason"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here is my .02 > > If you don't yet have your CCIE then how can you possibly assume that it is > or is not as difficult as most people think that it is. I have not yet > taken the test, although I am in the process of studying for it now. Until > I take the test I will continue to treat it with the utmost respect and > assume it will be the most difficult experience in my technical career. > > Do anything less and you are setting yourself up for failure! > > -Original Message- > From: Tennesee Stud [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 25, 2001 10:29 AM > To: [EMAIL PROTECTED] > Subject: CCIE depreciation in 2 years [7:1882] > > I was wondering what others thought about the CCIE. It > seems to me now that > there are so many books and training materials geared > towards the CCIE, it > is making it easier to obtain the CCIE. With a steady diet > of the right > books ( which everyone seems to agree on) and hands on time > with routers and > switches ( which to me is the only obstacle), it does not > seem as difficlut > as it proclaimed (and I think most people see that).My > opinion is the CCIE > will be devalued considerably in the next few years (As far > as salary is > concerned as well as prestige) As others have pointed out, > the CCIE > population is growing at a faster rate (routing and > switching), and even > though the demand is high for the CCIE now, I think in 2 > years there will be > a difference in the way the industry views CCIE's > > .02 thats all > > Tennesee Stud > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1994&t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE depreciation in 2 years [7:1882]
But I would compare the CNE to the CCNP/DP, and put the ECNE/MCNE at about half-way between that level and the CCIE. Apples to oranges. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Ronnie Poon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > How about Novell CNE. It also have a same thing. > > Donald B Johnson jr wrote: > > > Yeah I got a mcse in 96 and thought the same thing when it happened to that > > program. OH well I still want to be part of the swelling ranks. You > > could drop out and help us out though :>). > > Don > > > > - Original Message - > > From: "Tennesee Stud" > > To: > > Sent: Wednesday, April 25, 2001 8:28 AM > > Subject: CCIE depreciation in 2 years [7:1882] > > > > > I was wondering what others thought about the CCIE. It seems to me now > > that > > > there are so many books and training materials geared towards the CCIE, > it > > > is making it easier to obtain the CCIE. With a steady diet of the right > > > books ( which everyone seems to agree on) and hands on time with routers > > and > > > switches ( which to me is the only obstacle), it does not seem as > > difficlut > > > as it proclaimed (and I think most people see that).My opinion is the > CCIE > > > will be devalued considerably in the next few years (As far as salary is > > > concerned as well as prestige) As others have pointed out, the CCIE > > > population is growing at a faster rate (routing and switching), and even > > > though the demand is high for the CCIE now, I think in 2 years there will > > be > > > a difference in the way the industry views CCIE's > > > > > > .02 thats all > > > > > > Tennesee Stud > > > _ > > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1996&t=1882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix 6.0 debut? Anyone know when? Thanks [7:1780]
So add a week and looks for it the third week of May ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Alex Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was told yesterday by TAC that it would be second week of May. > > > ""Dropped Packet"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1988&t=1780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Certification Plaque [7:1786]
I think everyone should forward the original email to their Cisco CAMs and request. If we make enough noise, perhaps we'll get some cool plaques. I'd say it's warranted at the CCxP level (although, give things for CCxA on the plaque as well), and perhaps even once you get any single CCNA-level Specialization. Maybe even if you just get both CCNA and CCDA they could send it. Of course, Cisco is in budget cutting mode, so it's doubtful. The Cisco of 6 mos. ago would have done it though. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'd love something like that. I didn't get squat for CCNA, CCDA, or > CCNP. For CCDP I got this awful cap that no one wanting to retain any > semblence of coolness would be caught dead wearing. > > >>> "Kevin Wigle" 4/24/01 5:17:26 PM >>> > Dear Group, > > Got a present delivered by FedEx today. > > I can remember a thread a long while back about not getting a decent > plaque > when you certified to CCDP or CCNP. > > Well, Cisco Canada has started a program that does send out a neat > plaque. > It reminds me of the laser cut wooden plaque I got when I certified for > CBE > (Certified Banyan Engineer). > > The plaque is 9" by 11", wooden and has a metal Cisco Bridge on it > with > "Cisco Systems" embossed. > > Your name is cut into the wood as well as the sentence: "Recognized as > Cisco > Certified" > > Then in a little bag are brass plates with all the certs you have > earned. > CCNA, CCDA, CCNP and CCDP (in my case). You peel off the sticky tape > and > place them on the plaque. A letter suggests you may want to place them > in > consideration of earning more certs! > > I know the idea is the knowledge (or the journey) and not the certs (or > the > trinkets/certificates) but I have to admit that this looks cool and > somehow > suggests a more substantial achievement than a piece of paper might > indicate. (in the industry cert arena anyways) > > However, I guess you get the plaque even if you've just passed > CCNA. > so I don't know. Perhaps they should restrict it for the NP/DP. I'm > not > sure I would agree that any one exam cert deserves this kind of > recognition... (easy to say since I've got more I guess) > > Don't know if Cisco (US) will start this but I think that it would be > welcomed if they did. > > Kevin Wigle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1985&t=1786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New IP and AS number [7:1866]
Best to just go to the source (of course if someone has experience with RIPE and give you more details, great): http://www.ripe.net/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael E Taiwo"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Guys, > > Can anyone tell me how long it will take, to obtain an IP address and an AS > number from Ripe. > > Suggestion will be welcome. > > Thanks in advance, > > Michael. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1983&t=1866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Documentation CD [7:1802]
Very cool. I'd dinked with it a few times and never got it to work, and this solved it for me. Now it prompted for the browser to use, and I select IE and it just works. I don't know why Cisco can't just store the whole thing in pure HTML so folks can browse it with whatever OS/browser you want... silly folks. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Alexander Roth"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > yes try this, > > open the search.ini file under CiscoCD dir, > find this line > Browser=C:\Progra~1\INTERN~1\iexplorer.exe > change to > Browser= > then save > > open the search.ini file under CiscoCD dir, > ""Hoa Ngo"" schrieb im Newsbeitrag > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi! > > I have a documentatin CD( Version April 2000). I have trouble to use it on > > windows 2000. Does anyone have problem? Can you show me the way to fix > this? > > Thank you in advance. > > Hoa > > _ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1833&t=1802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP routing is enabled by default on Cisco 2600's [7:1821]
What IOS were they running? Did they prompt you for configuration on boot, or already seem to have a config? If so, use 'enable' and then 'erase startup-config' and see if it's not enabled by default. I have never had to enable it on a router fresh out of the box in my short two years with Cisco gear. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Colin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi > > I have read in numerous places that IP routing is enabled by default on > Cisco routers. Is this is true? The reason I ask is because the last > 3 Cisco 2600's I've received (new routers straight from a VAR) have > had IP routing disabled? > > Thanks > > Colin > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1834&t=1821 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd for Windows 2000 !!! [7:1820]
I like 3CDaemon. 3Com's support site has it under Windows Apps. I keep a copy on my ftp server as well for easy access at customer sites (I hate it when silly support sites change or move files): ftp://artoo.net/pub/bin/windows/32bit/3CDaemon206.zip -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Sameh Badros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Where I can get syslogd for windows 2000 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1832&t=1820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: Top Search Engine Placement [7:1817]
Here's a fun thought to do with people like this: With an unmetered phone lines you can call all you want and you never get charged (since I don't have any modems, I have a metered line as I rarely use the phone). A little war-dialer program would be useful for just such spam and have it run all night. Whenever you get a piece of spam like this, the number gets changed to the new one listed (which would usually lasts a week or two until the next bozo that gets around my spam blocks, depending on how well your email is filtered). I just wonder what it would do to their 800# bills *g* I bet it'd be annoying as hell to get a hundred messages a day as well (have it call, waits 5 seconds, dials the extension if needed and wait, then plays an mp3 of Monte Python's SPAM out the sound card into the line). Would serve them right though ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Removal instructions below > > I saw your listing on the internet. > > I work for a company that specializes > in getting clients web sites listed > as close to the top of the major > search engines as possible. > > Our fee is only $29.95 per month to > submit your site at least twice a > month to over 350 search engines > and directories. > > To get started and put your web site > in the fast lane, call our toll free > number below. > > > Mike Bender > 888-892-7537 > > > To be removed call: 888-800-6339 X1377 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1831&t=1817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Failed CCDA [7:1698]
Study up and I'm sure you'll have it the next time. Regarding the age thing, experience (not just knowledge) is often a factor. Plus, what says you're not going to leave them as soon as you're able to work full time? More than likely this other employee isn't going to leave as fast. Don't worry, in a short while you'll have some years of "experience" under your belt as well (often "experience" isn't seen just as knowledge or hands on experience, but as years in the trenches). Just keep at it, set your goals and stick to them. I'd also talk with your manager and see if they see value to certs, and if so if you can work it into a way to get raises. But when you think about it, most likely the CCDA doesn't hold that much value at your current position, whereas a CCNA and CCNP would be seen as an asset at an ISP (unless you're out selling design solutions to customers like Howard, where it'd make more sense). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Russ Kreigh"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I too am only 17 years old and like Priscilla I think this is a > controversial topic. However, I have a very strong opinion, therefore am > going to express it. :-) I currently work for an local ISP and have quite a > bit of Cisco experience along with very much UNIX (BSDi, Linux, HP-UX, > Solaris), HTML, JavaScript, ASP, PERL, etc etc. However, I make > significantly less that a new guy that was hired to work along with me. I am > just as qualified, if not more. Of course, there are other issues to > consider; I am part-time and he is full time, I know that makes a > difference, that part I understand. But, I feel that a large portion of it > has to do with my age, not based on my ability to perform my job. > > On a Cisco related note, I am going to schedule my CCDA exam within the next > month, along with my CCNA. I am very confident that I will do good on my > CCNA, and have been studying CCDA material and getting some real-life > experience in my job. > > The message I am trying to point out is that just because we may be young > doesn't mean that we should not be taken seriously. Also, I know that my age > also offends some people who have been in the field a long time. I can't > really speak from expeirence here, but I know that more women have choosen > careers in the Technology field in the past 10 years. Just as their > co-workers have come to accept it more, they are going to have to accept > that us young adults can be capable of doing the same job. > > -Russ > > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Tuesday, April 24, 2001 1:03 PM > To: [EMAIL PROTECTED] > Subject: Re: Failed CCDA [7:1698] > > > I'm going to say something Very controversial here, which is that I think > it's a good sign that a 17-year old had a hard time with the CCDA test. It > validates the test a bit. Design requires experience. Can someone who has > just learned to drive, design a car? Can someone who has just started > learning networking, design a network? > > Remember that I teach (part-time) at the high school level and I love the > energy, quick thinking, and creativity of that age group. I strongly > believe that the inventions that they will develop will be even more > amazing than the ones our generation came up with. So I do not make this > comment out of prejudice. > > Aaron, it sounds like you know which areas you need to study a bit more in > order to pass the test, so I'm sure you'll do well next time. Good luck! > > Priscilla > > At 09:02 AM 4/24/01, you wrote: > >Hey guys, this is Aaron again. I failed my CCDA by 37 points. I made a > 718 > >and i needed a 755 to pass Bah, out 100$.. I did rescedule it for a > >couple of weeks from now, and now that i know what sections i'm weak in, i > >think i might be able to make this up. My worst section was WAN > >Technologies with a 40%. My best was Network Management with a 100%. So i > >guess i had quite a range of scores. Anyways, back to the books and sample > >tests for me. Thanks guys. > > > >~Aaron Vose > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1816&t=1698 -- FAQ, list archives, and subscription info: http://www.grou
Re: NAT and MS Terminal Server [7:1765]
It's not going to work with port redirection doesn't work with anything other than tcp and udp. You need rdp (protocol 27, not a port, but the protocol), as well as tcp 3389 and tcp 1503. Try it with this instead and you'll see that it should work (provided no ACLs or firewall is blocking it): ip nat inside source static 192.168.1.25 200.200.200.1 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Kim Seng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a MS Terminal server (Port 3389) inside a > private subnet. I am using NAT from the router. I am > using a Static NAT access list: > > ip nat inside source static tcp 192.168.1.25 3389 > 200.200.200.1 3389 > > I still can not access to the terminal server from the > Internet. Can some one tell me what I do wrong. > > Many thanks in advance. > > Kim. > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1810&t=1765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pathetic Prometric [7:1746]
You have your stamped Prometric test results, I hope? Please keep us informed. I've taken all my tests at Prometric and never had problems. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""sdonoho"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I need to vent. > > I studied and passed(did quite well) the BCRAN test 4/9. I noticed today > that my records on the Cisco tracking site did not reflect my passing of the > test or failing. I called Prometric today and they said that I was listed as > a "no show" for the test. I asked to speak to a manager that could fix this > problem and was put on perpetual hold. I'm at work so I can't wait on line > forever. I got so fed up after waiting so long, I hung up. This company > always seemed third rate to me. I plan on using VUE for testing in the > future. > > OK I'm done. > > Scott > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1807&t=1746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: authentication [7:1697]
syslog out to whatever (3Com's 3CDaemon is my fav Win32 app), and use WebTrends to make pretty stats for you. I believe they have a specific version for firewalls/internet access stats. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""SH Wesson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can Cisco ACS be used for Internet access authentication? If it can, is it > recommended since I'm using Cisco ACS for my router authentication and VPN > authentication. > > Also, what software do you recommend for logging web access on a Cisco PIX. > I've used WebTrend in the pass but wanted to get someone else's opinion. > > Thanks. > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1803&t=1697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Just Pass CIT and become CCNP certified, but .. [7:1677]
Congrats! Comments inline -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""ryan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can anyone tell me what is chapter(s) in cisco press book belonged to the > following categories which appear in my score sheet ? Thanks > > Category in my score sheet: > --- > Connectionless Models (33%) tcp/ip's udp, Novell's spx are both connectionless protocols. > HDLC (75%) encapsulation method (vs. ppp or frame relay, etc.), not sure what chapter that'd be on in your list. > OSI backups (100%) > Troubeshooting (71%) > > > Cisco press Chapter: > > Chapter 1 Support Resources for Troubleshooting > Chapter 2 Understanding Troubleshooting Methods > Chapter 3 Identifying Troubleshooting Targets > Chapter 4 Applying Cisco Troubleshooting Tools > Chapter 5 Diagnosing and Correcting Campus TCP/IP Problems > Chapter 6 Diagnosing and Correcting Novell Networking Problems > Chapter 7 Diagnosing and Correcting AppleTalk Problems > Chapter 8 Diagnosing and Correcting Catalyst Problems > Chapter 9 Troubleshooting VLANS on Routers and Switches > Chapter 10 Diagnosing and Correcting Frame Relay Problems > Chapter 11 Diagnosing and Correcting ISDN BRI Problems > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1797&t=1677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed CCDA [7:1653]
First off, congrats. That test stumps a lot of experienced folks (just poor test takers). Best recommendation I tell folks is to read through each scenario completely and take brief notes (get 4 of the blue note cards the testing center will offer you), and the time you spend reading through will pay off as you'll be able to breeze through them afterwards. That's how I did it, I don't recall my score, but it was pretty high. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Adam Wang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group, > > Passed CCDA today. 72 question, 755 to pass, scored > 854. The exam itself is not too hard, but the way > Cisco presents the scenario questions is very > annoying. > > 4 scenarios are scattered among the 72 questions. > What I mean is you got 1 question on case 1, the next > question on case 4, then some non-scenario questions. > Then a case question appears again in the middle/end > of the exam. > > > I guess it's because of the random selections of the > question pool. But I feel I have been tested more on > my memory than my skill of design. I have to refresh > my memory of each senario once in a while during the > exam. > I hope Cisco will make some change in the future: > Randomize each scenarios, but not mix the questions > among all other questions in the exam. > > Adam > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1668&t=1653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1670]
Ditto. Get a written policy established first, and unless you're dealing with schoolage kids, a few rumors spread about the internet access being logged should deter most (and syslogging isn't that hard). The rest, well their managers can deal with when presented with the logs. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Indeed this has come up regularly. I remain skeptical that placing the > burden for enforcing policy such as this lies with the firewall and the > firewall administrators. > > OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? > Merrill Lynch, Dilbert.com? not to mention the various picture sites that so > many disapprove of. How about all the radio stations people are listening to > over the net? > > Now, what happens when some person or business unit has a good business > reason for accessing AOL or other sights that you are blocking on your > firewall? > > I'm talking to the wind, I suppose, but my first question when this topic > comes up, is "what is the written policy regarding internet access?" the > second question is "will management pay for what it requires to accomplish > this policy?" > > But relying on port blocking, or address blocking, or domain name blocking, > on a case by case basis seems a bit shortsighted. > > JMHO > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Keyur Lavingia > Sent: Monday, April 23, 2001 12:41 PM > To: [EMAIL PROTECTED] > Subject: RE: Blocking Napster and Aol on Pix config/Setting up Tacus or > [7:1639] > > This has actually come up again in the discussion. If u want to block AIM > outgoing from ur network, u should try to block the IP Addresses of the > login server of AIM which is "login.oscar.aol.com" The AIM App is designed > to scan for ports other than 5190 to login to the server, so port blocking > will not work always. > > Sincerely, > > KEYUR LAVINGIA > Network Engineer > Peak XV Networks > San Ramon, CA 94583. > W - 925.242.7492 > C - 925.699.8855 > [EMAIL PROTECTED] > www.peakxv.net > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 23, 2001 11:12 AM > To: [EMAIL PROTECTED] > Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or > [7:1629] > > > Just a note, that people can shoose other ports to get to the AIM services. > > > ""Kevin O'Gilvie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Before I ask this question I would like to give something back, below is > the > > config to block aim and napster: > > > > access-list acl_out deny tcp any any eq 5190 > > access-list acl_out deny tcp any any eq 8875 > > access-list acl_out deny tcp any any eq > > access-list acl_out deny tcp any any eq 6699 > > access-list acl_out deny tcp any any eq > > access-group acl_out in interface inside > > access-list acl_out permit tcp any any > > access-list acl_out permit ip any any > > > > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > > widows 2000 domain and I am unsure of how to do this. Please advise. > > > > TIA, > > > > Kevin > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1670&t=1670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Tester [7:1479]
Easily. It all depends how and where you look, but I'm seeing 103K right now: telnet://route-views.oregon-ix.net sh ip bgp sum And the highest is looking like: 198.32.162.18 4 4513 6942069052 443975300 6d07h 103539 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Howard commented: > >10 million routes? Even with the growth rate of the Internet going > >exponential again, I wouldn't see that happening for several years > >yet. By then, we will have new router generations. > > Me says: I see according to the Bates report that "the internet routing > table" is now hitting 100,000 plus routes a couple of times a week. Any > takers on when the number stays over 100,000 for three solid weeks? > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1669&t=1479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MNCS 2.0 [7:1651]
No, that expired Dec. 31st, 2000. I took mine while on Christmas vacation for that very reason. Now you only need a CCNA + the 4 security tests for the "Security Specialist 1" cert. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Cooper, David"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know if you pass the MNCS before 14 May do you still get the > +security cert if you have your CCNP already? Thanks > > > > Dave Cooper - CCNP, CCDP, NNCSS > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1666&t=1651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip subnetting question [7:1607]
I'm not exactly sure what you're looking for, but I'd suggest grabbing 3Com's Subnet calculator, which will let you select by network bits, subnet mask, subnet networks, or hosts. Somewhere on their support site under Windows applications (free). I keep a copy on my server as well if you like: ftp://artoo.net/pub/bin/windows/32bit/3CIPCalc.zip Here's a URL with some IP basics (it's a good course for those wanting an overview on basic tcp/ip networking): http://www.freesoft.org/CIE/Topics/26.htm -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Lowell Sharrah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anybody out there have a soft copy of a table that lists the subnet > mask, number of networks and number of host per subnet for class a,b, and c > networks? Appreciate it very much. > > >>> "Chuck Larrieu" 04/23/01 11:07AM >>> > Idle curiousity - what resources have you already checked? > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > jastinaveen > Sent: Monday, April 23, 2001 3:27 AM > To: [EMAIL PROTECTED] > Subject: pl provide sol for ccna questions [7:1582] > > 1)How can you check the frame relay configuration on an interface > > 2) If the access-group command is configured on an interface and there is no > access-list created which of the following is most correct? > > a) An error message will appear. > > b) The command will be executed and deny all traffic out. > > c) The command will be executed and permit all traffic out. > > d) The command will be executed and permit all traffic in and out. > > e) The command will be executed and deny all traffic in and out > > 3)what frame-relay displays source and destinations dlci's > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1613&t=1607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Splitting a BRI for lab testing [7:1604]
No cheap way around it, it will require an ISDN Simulator (hardware device that simulates 2+ ISDN lines, depending on model). ~US$1-2K depending on what features you want. Cisco ISDN CIM's (software programs simulating routers and ISDN configurations) run a lot less (US$150)and may be more appropriate. If you can get a few people to go in on an ISDN Simulator, I'd say it's the way to go, but otherwise it's a very costly investment to a personal lab. Another idea is to get two ISDN lines installed, but unfortunately for my area that's US$150/install (or was two years ago when I used to have it) and US$35/month/line + usage... at least with an ISDN Simulator you can resell it when you're done and get most of your investment back. We've a few dozen lines at my office, and when I was prepping for my Routing test at night I would just go in and hijack a pair to test with *evil grin*. The worst part is it meant physically going to the office, but it was cheap. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Medley, Tim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I've read on the list about using 1 BRI and splitting the B Channels to use > a router with each B channel in a lab situation. > > How is this done? I imagine I need to split the B channels at a physical > level. > > Can anyone explain how to do this. > > thanks, > > tim > > > Tim Medley - CCNA, CCDA > VoIP Engineer > 704-943-3615 - Phone > 704-525-9119 - Fax > 877-6-iReady - Helpdesk > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1611&t=1604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fwall & Win2k Terminal server Clients [7:1598]
Terminal Server: remote desktop protocol (rdp) protocol 27 tcp 3389 tcp 1503 Citrix (doesn't require T/S stuff to be opened): tcp 1494 (in) udp 1604 (in/out) tcp/udp 1023-65535 (out) Both info was found from each vendor's knowledge base (T/S in TechNet or , Citrix on Citrix.com), but I keep a file with common app requirements like this. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Edmund Woltynski"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Folks > > I am trying to get my head around how to poke holes in a router access > list with a Firewall feature set (1600 series) to allow a Win2k terminal > server client to access a remote TS. From the packet decode the server > uses TCP =3389, but the client grabs a number in the range1560 upwards > ie a new port per session - I can't seem to nail down a range. There has > to be more than just this one port 3389 on the server side considering > Citrix has a few to cater for. > > Does anyone know what the range is - or can nudge me in the right > direction in solving this problem. > > I recall an email on the topic about 6-7 months ago, but can seem to > locate it in the archives, > I have searched through CCO - all the cookbooks, TAC tips, etc and the > MS knowledge base to little avail. > > Any small hint to will be appreciated. > > Thanks > > Regards > Edmund Woltynski >Email: [EMAIL PROTECTED] > ___ > The information transmitted by the following e-mail is intended only for > > the addressee and may contain confidential and/or privileged material. > Any interception, review, retransmission, dissemination, or other use > of, or taking of any action upon this information by persons or entities > > other than the intended recipient is prohibited by law and may subject > them to criminal or civil liability. If you received this communication > in error, please contact us immediately at (618) 83711492, and delete > the communication from any computer or network system. > - > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1610&t=1598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip address dhcp on a 4000 router [7:1573]
Interesting. If you have time, can you test again with 'no service config' set ? I'm curious if it was originally set by service config or something. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Kevin Wigle"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Found an interesting bug for 12.1(2)T in our lab. > > We had a scenario using secondary addresses. > > When the router was reloaded the secondary addresses were deleted. > > If you weren't watching the reload and saw the one error line - something > like "Secondary not allowed on negotiated interfaces" (but they weren't > being negotiated) > > So watch 12.1(2)T.. the bug is in bug watch > > Kevin Wigle > > - Original Message - > From: "Frank Kim" > To: > Sent: Monday, April 23, 2001 4:11 AM > Subject: ip address dhcp on a 4000 router [7:1573] > > > > Hi folks, > > I was able to make my 2511 talk dhcp on its eth0 with ios 12.1(2)T > > with the command 'ip address dhcp'. Right now, I'm trying to do the same > > on my 4000m. But unfortunately, version 12.1(2)T does not have an ios for > > 4000m series. What other ios verion I can use to make my 4000m talk dhcp > > on its ethernet interface? I have tried numerous ios images, such > > as the ones above 12.1(2)T, but I got no luck yet. Thanks for any input. > > > > > > > > -Frank > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1609&t=1573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Win32 app to read/interpret tcpdump file [7:1568]
I can read them back in, but what I wanted to be able to do was view the ASCII information being passed back and forth (username login, and all user commands/server responses like CWD & RETR). I couldn't find an easy way to do this with tcpdump (the raw dump to a file with -w isn't something that cat could just display, or even wordpad after I transferred it over). Ethereal was able to open the file just fine and give me the low-level decodes I needed and I found the account (anonymous) and directory (/_vty_pvt) and file (rzr-ress.). I get a permission denied when I try to retrieve it. If I remove the ACL block for even a second a ton of remote ftp clients will try to connect and start transferring the file again. I've emailed the clueless admin so he can find the file. I'm guessing it's some huge mpeg/avi movie file or possibly some other warez. You know, I wonder just how useful a warm body that can't follow directions is sometimes. *shrug* Dumpster idea is good, but customers would complain about their websites being down, and eventually someone would find it. Although, we wouldn't notice the difference in work load, except maybe not so much cleanup work ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""ElephantChild"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Mon, 23 Apr 2001, Jason J. Roysdon wrote: > > > the evidence without knowing it. Anyone have a Win32 app that can read > > tcpdump raw capture files? > > I take it that tcpdump -r won't do? > > > refuses to put behind the pix saying he has it secure. Hehee, guess where > > that box will be by the end of tomorrow?). > > In a dumpster, pinning its former maintainer face down in stinky, slimy > garbage? :-) > > -- > "Someone approached me and asked me to teach a javascript course. I was > about to decline, saying that my complete ignorance of the subject made > me unsuitable, then I thought again, that maybe it doesn't, as driving > people away from it is a desirable outcome." --Me > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1603&t=1568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Win32 app to read/interpret tcpdump file [7:1568]
Very cool, worked like a charm. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Mike Taylor"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > the evidence without knowing it. Anyone have a Win32 app that can read > > tcpdump raw capture files? > > > > Try http://www.ethereal.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1572&t=1568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
Heh, well, I found out a simple way to do this tonight (I'd never needed to use it before, always having Sniffer Pro on my laptop available). One way might be to put a sniffer either inside or outside your firewall to watch all data (and possibly filter on http if that's all you want). tcpdump (I believe standard on most *nixes) appears to work great for this. You can tell it stuff like this: tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' It logs lines such as: 22:55:42.624793 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:55:57.446055 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:56:27.078577 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:57:26.363622 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) Throw this at something like Webalizer and it'll save you a lot of work (or just make an ACL on your Cisco router/firewall permit all, but first permit the traffic you want to log and specify log at the end of the line). I'm not a lawyer and this shouldn't be construed as legal advise, but I would make sure you've got a company internet policy established beforehand (and even signed by users, if possible), and include in it that you can and do monitor traffic. Otherwise you might have someone complaining that you're violating their privacy, etc. I just ssh tunnel all traffic I don't want anyone to see to my personal box, so you'd never catch me ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tariq"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Helo everybody. > > I want to monitor the activities of my LAN users who are browsing different > web sites. > I want to enable logging for those users and want to save my all logging > information on my Windows 2000 server. > > Please let me know the procedure. > > Thanks in advance. > > Tariq > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1569&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Win32 app to read/interpret tcpdump file [7:1568]
I can tie this slightly on topic, but it's really not (but no doubt someone here will know). I've got a box that was hacked yesterday (not a box I admin or even have passwords to, but one on my network). Someone is using it for a drop box for ftp. For now, I've just killed everything with blocking incoming ftp and outgoing ftp-data to the box until the clueless admin can fix it (same CCNA I've complained about before). Oh, get this, this same clueless CCNA was told by a customer last week that they didn't want to talk to him anymore when he argued with them when the customer asked for the speed and number their ISDN router was calling, and he told them ISDN doesn't dial. I smoothed it all over and solved it (PBI/SBC had "lost" their password and was rejecting login). I've got my own personal linux box that I've saved some raw tcpdump captures of the transfers (just after I remove the ACL block and see a few logins occur), but I don't have anything that can view it intelligently. Sniffer Pro just says it's a file format it doesn't recognize (if I could get Sniffer Pro on the subnet, I could solve this real easy, but I don't feel like driving in to solve a problem that's not mine). So, what I want to see is the actual ftp (tcp/21) session info (how they are logging in, where they are going and what they are downloading). From what I can tell in the gibberish file, it looks like they're logging in anonymously and going to vti_cfg and downloading vti_log from somewhere, and possibly something with local drives (c, d, e, etc.). Got me, but I figure I should solve as much of this as I can before this clueless admin gets into the box and wipes out the evidence without knowing it. Anyone have a Win32 app that can read tcpdump raw capture files? Oh, I noticed this as all of our T1s outgoing bandwidth was locked solid at 189K as of last night. It all came from a single ethernet interface, and I know there are only 5 devices on that subnet (2 nameservers I maintain, my personal linux box, pix firewall, and this stupid iis box that this admin refuses to put behind the pix saying he has it secure. Hehee, guess where that box will be by the end of tomorrow?). Here's my on topic tie-in explaining what I blocked for all those wanting to learn about ACLs! e0/0 is where the hacked box is, the serial ports go out to our different ISPs (also, this shows how to add/modify an ACL without locking yourself out, in other words, remove it from the interfaces first, then modify, then re-apply it): int s0/1 no ip access-group 199 in int s1/1 no ip access-group 199 in int s1/2 no ip access-group 199 in no access-list 199 access-list 199 permit tcp host 63.206.176.163 host 207.92.43.210 eq ftp ; let my box in access-list 199 deny tcp any host 207.92.43.210 eq ftp !access-list 199 deny tcp any host 207.92.43.210 ; I used this at first to just kill it all access-list 199 permit ip any any int s0/1 ip access-group 199 in int s1/1 ip access-group 199 in int s1/2 ip access-group 199 in int e0/0 no ip access-group 198 in no access-list 198 access-list 198 permit tcp host 207.92.43.210 eq ftp-data host 63.206.176.163 ; let my box in access-list 198 deny tcp host 207.92.43.210 eq ftp-data any access-list 198 permit ip any any int e0/0 ip access-group 198 in -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1568&t=1568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN-IOS [7:1560]
Get the most minimal IOS version that supports the features you need (just sounds like you need IPSEC, but the Firewall feature set would be recommended if you don't have something else, and it's going to add more DRAM/Flash requirements as well). Each additional feature set is going to add more flash requirements and some DRAM (although they really start to eat up the RAM when you use them). Adhere the minimum DRAM specs (you have to on Flash, or the image just won't fit), and I usually recommend to go somewhat over in case you need to run a newer version for bug fixes that requires it (plus I've seen a lot of router that had the recommended DRAM, but still ran out and lost telnet access). I suggest going over Cisco's VPN/IPSEC tutorial and review sample configs. That should be the place everyone starts when considering implementing something new: http://www.cisco.com/warp/public/707/index.shtml#ipsec -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Arumugam Sundarum"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > I need to establish a single VPN connection between two routers... > One of them is a 2600 series router and the other is a 800 router. > > The 2600 is using frame relay on one of its sub interface and connects to > the intenet (UUnet). The other has similar charteristics too. > Now, I know that the both its IOS has to be upgrade to 12.7, major release > and cisco specifies hte recommended size of RAM and ROM. Do we need to > follow these specifications strictly. > > The IOS 12.7 has many type to choose from such as Enterprise IPsec, IPsec, > IPlus, blah,blah. Which is the most appropriate one to choose ??? > > WIth these IOS upgrade, Is it true that I can start specifiying the crypto > ISAKMP specification (IKE, MD5, SHA, etc,etc) in the IOS at both ends to > create a secured tunnel or do I ned to add something else too such as new > module cards,interface, etc. > > Once I have created the tunnel, what test can be done to ensure that the > data transfered is secured ? > > pls enlightened. > > thanks in advance. > > rgds. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1561&t=1560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can anyone tell me Colt Test link ? [7:1554]
Everyone with common questions that we all know comes up on the list should consider using the Archive search rather before posting (I use it a lot to find common things asked/answered here). The first hit with "COLT" contains the URL. http://groupstudy.com/cgi-bin/wilma/cisco -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""rayon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I forget it, thanks > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1559&t=1554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Foundation [7:1544]
It'd be better to change the subject and/or start a new post with the appropriate subject (as I just did). Anyway, the Foundation is basically the same as the 3 individual tests, but less questions total, and all drawn from the same 3 full tests. I took the individual tests, just search the archives (use the web interface at http://www.groupstudy.com/ ), there is a ton of info regarding them from those who've taken and passed them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Jason, > > Are you on your holidays or somethingtalk about prolific > posting...otherwise you got the night shift yeah? > > Karl..How about my question on CCNP Foundation...Please Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1544&t=1544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Flash 1601 [7:1518]
Try eBay. You're actually looking for the PCMCIA flash card, and make sure you know which model you need it for and that the card goes to, as the 1600 and 1600-R line take different versions (on the back of the router, does it say 1601 or 1601-R?). I see a number of routers with flash, but no actual flash at the moment (but you can add it to a saved search and then select that to be emailed to you when something matches): http://listings.ebay.com/aw/listings/list/all/category11185/index.html Do you know what size you need? I probably have some 4mb Flash cards from upgrades. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""[EMAIL PROTECTED] (James Haynes)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Does anyone know where I can buy some Flash RAM for a Cisco 1601 Router? I've > been to Crucial's site and they only seem to have DRAM not Flash. Thx. > > Jim > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1538&t=1518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP/Firewall IOS [7:1529]
Recall that it's AKA CBAC (Context-Based Access Control) http://www.cisco.com/warp/public/707/index.shtml#IOS There are a ton of examples. Basically, you ACL the outside interface to block everything (or open a few holes for whatever public services you host), and then you apply the firewall inspect name to whatever inside interfaces you want it to look at to allow reflexive traffic back in through the ACL. http://www.cisco.com/warp/public/793/ios_fw/cbac2.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Any ideas where to find configuration info dealing with the firewall side of > the IOS. I found a link on the CCO, but it really only covers very basic > information. Specifically- I'm dealing with version 12.0(9). > > Thanks > Phil > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1539&t=1529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router rack pictures [7:1470]
Heh, well, he can identify most networking gear as well. Stuff with a large number of ports are clearly switches, and small number of ports are routers (or firewalls, but hard for him to tell the difference until he can read). I love coming home with some gear to configure for an install later on, and him running out to meet me and seeing it and saying, "Daddy's got a router!" -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Traceroute"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Col, looks like lots of heart and soul went into the rack and its > equipment and congrats on the accompishments! I am in the the same sceanrio > sort of. By seeing the pictures, its kind of apparent that providing for > the family is what it;s all about (Noah), he;s the pride and joy in the > photos, as my daughter Bayleigh is in mine. Thays what its all about > show us equipment all day but we are working for that sunshine in our lives > ..."our families" and we keep on striving... and getting better. I am hoping > to hear "Hey what does your Dad do?",."Oh, he builds bad ass > networks!" > > Cheers! > > George Murphy, CCNP > > - Original Message - > From: "Jason J. Roysdon" > To: > Sent: Saturday, April 21, 2001 2:27 AM > Subject: OT: Router rack pictures [7:1470] > > > > I almost forgot to post this (actually, I did forget to post them last > > night, and almost forgot again tonight). > > > > I got the pictures from my rack up. The first two are "before" the > cleanup, > > and the last two are "after" rack I cleaned it up. > > > > http://jason.artoo.net/2001-04-19/rack.html > > > > Can you believe that on the middle shelf between the white upright > speakers > > and under the rats-nest of cables is a 2610, 16 port hub, and 827 (with my > > Nextel charger on top)? Yeah, so I decided to clean up a bit. > > > > The second pair of pictures show (from the bottom up) two Catalyst 3524 > > Inline Power switches, 10mbit 16 port hub (left), 827 ADSL router (right), > > wire management (nicely hiding all the patch cables), 2610 router with two > > WIC-T1-DI modules, rack-mount 16 port Linksys 10mbit hub, three 6 plug > surge > > protectors, (on the back-left post is a 10-port power strip that came with > > the rack). Ok, moving to the top of the rack (I know, it's still a bit > > messy up there, but it leaves me more room in my rack, and that gear > doesn't > > change, whereas the rack gear changes as it's due to be installed at > > different customer sites). On the top of the rack from the right to left: > > 486 DX4/100 RH Linux server (with 10mbit Intel NetPort Express connected > to > > two printers), two Linksys 10/100 5 port switches ($25 each after $20 > > rebates), 1605-R router connected to an ADSL Westell bridge on top (usual > > internet/firewall access when I don't have the 827), Aironet 350 Access > > Point on top (Aironet 350 PCMCIA in the laptop works two houses down and > > covers the entire yard). Ok, behind that, starting from the bottom up is > a > > 4500 with two 100mbit ports and two 10mbit ports, two 2502s, 2501, and IBM > > Token Ring concentrator (?) on top. Hmm, oh, and to the left of the rack > > you can see a Cisco 7960 IP Phone. Oh, and down at the bottom is my son > > Noah's computer (ex-server case that's huge, and has only a baby-AT sized > > motherboard inside). Noah would be my adorable 3-year and usual excuse > for > > why I haven't been studying. > > > > Older pictures from a low-res webcam from when I first got the rack (free, > > thanks Justin!) with a Compaq 3000 VAC UPS that runs for days with all > this > > gear on it: > > http://jason.artoo.net/rack/ > > > > Ok, I'm spoiled, I know. I'm trying to convince my boss to add a remote > > power boot/switch and 2511 terminal server to the lab. > > > > If you can handle some more pics, you can see some other stuff I'm proud > off > > (family, firepit, and compost bins): > > http://jason.artoo.net/2001-04-19/ > > > > I gotta go add comments (cut'n'paste from this post will make it easy). > > Man, I don't want to install FrontPage again... will I succumb to the evil > > that is Micro$oft? > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1514&t=1470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4000 behind a cable modem [7:1498]
You may have to do some research to find what IOS first supports routers a dhcp clients if this command doesn't just work, but here it is: int e0 ip address dhcp You may also want to change the MAC address on your interface if your cable company has tied your access to the NIC you used during the install (I know a number of providers have done that, thinking they could stop multiple access or something silly like that). int e0 mac-address .abcd.abcd You'll then want to use this interface for PAT: ip nat inside source list 1 interface Ethernet0 overload access-list 1 permit 192.168.1.0 0.0.0.255 -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tim Roberts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just had cable internet access installed. I want to put a 4000 (with a > 6-port ethernet module) between the cable modem and my network. The cable > service only does dynamic addressing at this point. Every few weeks, I will > get a new IP address. The IP address is grabbed by the PC not by the cable > modem. So in order to put the 4000 between the cable box and my network, I > will need one of the ethernet ports to grab an IP from the DHCP server. I > cannot remember if there is a way to make an ethernet port do this. Can > someone help me out with this or recommend another way to perform this task. > Thanks > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1513&t=1498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2610 56/64k DSU/CSU [7:1471]
My understanding of 56K serial is that it won't work with a T1 (only with 56K). It also uses pins 1,2 & 7,8 vs. the T1 pins of 1,2 & 4,5. I've only installed one (they seem silly to me, might as well get a fractional T1 at 128K, or just use a stinking modem instead). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Jeremiah Wegernoski"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I recently purchased a 2610 with a 56/64k DSU/CSU card in it. > > My question is, what would be the easiest way to implement it with the rest > of > my lab. > > Rest of the lab consists of: > > 2503, 2504, 2509, 2513, and a 4000 as the frame relay switch. > > Thanks a bunch for any suggestions or information offered! > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1472&t=1471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Router rack pictures [7:1470]
I almost forgot to post this (actually, I did forget to post them last night, and almost forgot again tonight). I got the pictures from my rack up. The first two are "before" the cleanup, and the last two are "after" rack I cleaned it up. http://jason.artoo.net/2001-04-19/rack.html Can you believe that on the middle shelf between the white upright speakers and under the rats-nest of cables is a 2610, 16 port hub, and 827 (with my Nextel charger on top)? Yeah, so I decided to clean up a bit. The second pair of pictures show (from the bottom up) two Catalyst 3524 Inline Power switches, 10mbit 16 port hub (left), 827 ADSL router (right), wire management (nicely hiding all the patch cables), 2610 router with two WIC-T1-DI modules, rack-mount 16 port Linksys 10mbit hub, three 6 plug surge protectors, (on the back-left post is a 10-port power strip that came with the rack). Ok, moving to the top of the rack (I know, it's still a bit messy up there, but it leaves me more room in my rack, and that gear doesn't change, whereas the rack gear changes as it's due to be installed at different customer sites). On the top of the rack from the right to left: 486 DX4/100 RH Linux server (with 10mbit Intel NetPort Express connected to two printers), two Linksys 10/100 5 port switches ($25 each after $20 rebates), 1605-R router connected to an ADSL Westell bridge on top (usual internet/firewall access when I don't have the 827), Aironet 350 Access Point on top (Aironet 350 PCMCIA in the laptop works two houses down and covers the entire yard). Ok, behind that, starting from the bottom up is a 4500 with two 100mbit ports and two 10mbit ports, two 2502s, 2501, and IBM Token Ring concentrator (?) on top. Hmm, oh, and to the left of the rack you can see a Cisco 7960 IP Phone. Oh, and down at the bottom is my son Noah's computer (ex-server case that's huge, and has only a baby-AT sized motherboard inside). Noah would be my adorable 3-year and usual excuse for why I haven't been studying. Older pictures from a low-res webcam from when I first got the rack (free, thanks Justin!) with a Compaq 3000 VAC UPS that runs for days with all this gear on it: http://jason.artoo.net/rack/ Ok, I'm spoiled, I know. I'm trying to convince my boss to add a remote power boot/switch and 2511 terminal server to the lab. If you can handle some more pics, you can see some other stuff I'm proud off (family, firepit, and compost bins): http://jason.artoo.net/2001-04-19/ I gotta go add comments (cut'n'paste from this post will make it easy). Man, I don't want to install FrontPage again... will I succumb to the evil that is Micro$oft? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1470&t=1470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco XXXX series router? [7:1433]
Amen, Daniel. I can't see blowing it all on one (or even two) routers when you can make a really nice lab with that amount of money. I guess it all comes down to what your needs are. If it's to have cool equipment you want to use and be able to upgrade with different parts, the module routers fit that bill. If it's to get a practice lab to get your CCNP and then on to the CCIE, I'd say go with Daniel's suggestion, or something like it based on the 2500 fixed-port line. I know it sucks to have to go with "non-cool" old stuff, but it's the wiser choice for studying and cost, IMHO. Regarding the 1600 vs. 1700, the 1600 line comes as a the original 1601-1604 set line, and the newer 1601-1605R line (run from flash). The Flash is not interchangeable between the non-R and R line (not sure on RAM). The 1700 line is nice, and the processor is noticeably faster. Of course, the 1700 is the lower "VPN" router (you can do it with even a 2500, but for performance reasons the 1700 is the lowest recommended), and even has a hardware accelerator VPN module. Plus you get on VoIP slot on the 1750. Note that Scott Dees is incorrect stating the 1750 has 3 WIC slots. It has 2 WIC slots and one VWIC-only slot. That said, I like having my own 1605R that my company paid for, and have been trying to convince my boss I need a 1750 + ADSL WIC + ENET WIC + VWIC 2-FX0 so that I can be fully redundant with internet access at home (ENET would go to a cable modem, hmm, and maybe even use the AUX as a backup interface for my ADSL to SBC/PBI as I get a free dial-up account with ADSL). FX0 would be so I could hook my home phone line into my own little AVVID network at home (CallManager + Unity Voicemail + Unity ActiveFax, woohoo!). Talk about the ultimate home office setup for telecommuting (and of course I'd be VPNing into the company network to do least-cost-routing off their PSTN and have access to VoIP internal phones). Techno-lust, gotta love it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'll take a different tack on desireable routers. Rather than having one > great router let me suggest several good routers. The 2500 series is > reasonably priced in the used market. How about: > > 2523 2 Fast Serial, 8 Sync/Async Serial, 1 TR, 1 ISDN BRI S/T > 2513 2 Fast Serial ,1 Ethernet, 1 Token Ring > 2503 2 Fast Serial, 1 Ethernet, 1 ISDN BRI S/T > 2509 2 Fast Serial, 1 Ethernet, 8 Async Serial > > Check out completed auctions on eBay to see how close this comes to your > budget. > > > -Original Message- > > From: Aaron Vose [mailto:[EMAIL PROTECTED]] > > Sent: Friday, April 20, 2001 7:48 PM > > To: [EMAIL PROTECTED] > > Subject: Cisco series router? [7:1433] > > > > > > Hey all, i haven't taken the CCDA test that i mentioned earlier yet, > > but i did have a question for all the Gurus about a 1600 - 1700 - 2600 > > series router. Here's the thing, from my summer job (i'm > > 17), i'm going to > > have about 3000$, and i really want to get a cisco router > > both for my own > > training, and for use at home. I want to go with somthing > > that's modular, > > and not UNGODLY expensive, so that's why i'm leaning twords a > > 16/1700 series > > router. But i would really like to get a 2600 series router, > > because i know > > one of the 2600 models can connect token ring and ethernet > > networks. That > > would be nice, because i have set up a token ring netwrk at > > 16Mbps just for > > the hell of it, and it would be nice if i could actually use > > it for somthing > > :) Not only that, but it has more WIC slots, and it also has > > a expandable > > network slot. This would also be nice... The 8-analog modem card was > > particularly attractive.. i could set my own mini ISP, if not > > just use it > > for myself as a backup line. What would you all suggest? I > > know i'm buying > > whatever i get used, but i still can't quite decide. Heh, > > not only that, > > but the 2600 looks a hell of a lot cooler ;) Does the 16/1700 series > > support ISO release 12.x? And what kind of processing speed > > diffrence is > > there? RAM / FLASH limit diffrences? I'm just a tad bit > > lost about this > > one. Thanks guys! > > > > ~Aaron Vose > > CCNA, A+ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1465&t=1433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECT
Re: Pix to Pix Interface, nat 0 traffic? [7:1429]
Unless you forgot to paste it, you have failed to apply inside2comany to the comanynet interface as incoming. I also suggest having two different ACLs, one I usually call "NoNAT" and one named for the actual interfaces I mean for it to apply to (in your case, inside2comany). Here's what you need: access-group inside2comany in interface comanynet The route statement is incorrect if 192.168.200/24 is connected to the inside (why would you tell the PIX to get to 192.168.200/24 that you have to go through 192.168.100/24? They're on two different interfaces, correct?). My suggestion would be instead to use (192.168.200.5 is the ftp server that 192.168.100.15 needs to get to. In other words, lock it down tight to not just the source/destination ip, but service as well. You can keep the NoNAT simple and easy, but keep security secure): access-list InsideNoNAT permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list InsideNoNAT access-list Inside2ComanyPermission permit tcp 192.168.200.5 255.255.255.255 eq 21 192.168.100.15 255.255.255.15 access-group Inside2ComanyPermission in interface comanynet -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ok, need some help talking to group of hosts on a lower security interface > from a higher one. > > For example. > > I have a fileserver on 192.168.200.0/24 on pix interface 3 security100. I > want to be able to speak at will to another fileserver 192.168.100.0/24 on > pix interface 2 security 90. The name of int 3 security 100 is inside, and > the name of the int 2 security 90 is companynet. > > I setup an access list, used it with nat (inside) 0. The access list gets > hits, but the I can't ping thru to the lower security subnet. What am I > doing wrong? > > nameif ethernet2 comanynet security90 > nameif ethernet3 inside security100 > > access-list inside2comany permit ip 192.168.200.0 255.255.255.0 > 192.168.100.0 255.255.255.0 > > nat (inside) 0 access-list inside2comany > > route inside 192.168.200.0 255.255.255.0 192.168.100.1 > > conduit permit icmp any any > > > > Thanks in advance, > > Michael Snyder > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1464&t=1429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix to Pix Interface, nat 0 traffic? [7:1429]
Unless you forgot to paste it, you have failed to apply inside2comany to the comanynet interface as incoming. I also suggest having two different ACLs, one I usually call "NoNAT" and one named for the actual interfaces I mean for it to apply to (in your case, inside2comany). Here's what you need: access-group inside2comany in interface comanynet The route statement is incorrect if 192.168.200/24 is connected to the inside (why would you tell the PIX to get to 192.168.200/24 that you have to go through 192.168.100/24? They're on two different interfaces, correct?). My suggestion would be instead to use (192.168.200.5 is the ftp server that 192.168.100.15 needs to get to. In other words, lock it down tight to not just the source/destination ip, but service as well. You can keep the NoNAT simple and easy, but keep security secure): access-list Inside2ComanyNoNAT permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 nat (inside) 0 access-list Inside2ComanyNoNAT access-list Inside2ComanyPermission permit tcp 192.168.200.5 255.255.255.255 eq 21 192.168.100.15 255.255.255.15 access-group Inside2ComanyPermission in interface comanynet -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ok, need some help talking to group of hosts on a lower security interface > from a higher one. > > For example. > > I have a fileserver on 192.168.200.0/24 on pix interface 3 security100. I > want to be able to speak at will to another fileserver 192.168.100.0/24 on > pix interface 2 security 90. The name of int 3 security 100 is inside, and > the name of the int 2 security 90 is companynet. > > I setup an access list, used it with nat (inside) 0. The access list gets > hits, but the I can't ping thru to the lower security subnet. What am I > doing wrong? > > nameif ethernet2 comanynet security90 > nameif ethernet3 inside security100 > > access-list inside2comany permit ip 192.168.200.0 255.255.255.0 > 192.168.100.0 255.255.255.0 > > nat (inside) 0 access-list inside2comany > > route inside 192.168.200.0 255.255.255.0 192.168.100.1 > > conduit permit icmp any any > > > > Thanks in advance, > > Michael Snyder > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1463&t=1429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Failed BSCN [7:1405]
I'm no librarian and don't know much about how ISBN's work, but you'd think a Second Edition should have a different ISBN? I guess technically it just fixes errata, but still. Be sure to get the Second Edition version of this book (c) 2000, instead of the original (c) 1997 book. Same ISBN as the original. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Fenech, William J"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Internet Routing Architectures > Author: Halabi > ISBN: 1-57870-233-X > > Good Luck > Bill Fenech > LAN/WAN Developer > Lockheed Martin Mission Systems > email: [EMAIL PROTECTED] > > -Original Message- > From: Brad Shifflett [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 20, 2001 12:11 PM > To: [EMAIL PROTECTED] > Subject: Failed BSCN [7:1405] > > > Failed by 23 points. Really tough on BGP. I only got 22%. Any tips on good > materials to really grasp BGP? > > Brad Shifflett > [EMAIL PROTECTED] > Micromenders, Inc. > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1455&t=1405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair & Cert's [7:1228]
And with the same logic, would CCDP supercede the CCIE Design? It's 6 tests vs. only 2 for the CCIE Design ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Louie Belt"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > And to think, I got it all wrong. > > Since Cisco's rule about displaying certification logos and listing > certifications is "You may only use the Logo for the highest level of > certification you have achieved." Does this mean I now have to list my CCNP > instead of my CCIE?? > > Louie Belt > CCIE #7054 > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Oleg Mazurov > Sent: Friday, April 20, 2001 9:25 AM > To: [EMAIL PROTECTED] > Subject: Re: Job Fair & Cert's [7:1228] > > > > So play the game, list both CERTS. You might even convience them the CCNP > > is more > > valuable that than a CCIE. If they dont speak knowlegely of CCNP, sell > > Sure it is. To get ccna you pass one exam. To get ccie you pass two. To > get ccnp you need to pass FOUR AND you have to have ccna. Sounds right? > > /felis > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1459&t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2621 Aux port [7:1304]
Also, the 'modem autoconfigure type usr_courier' line will override whatever you set it to as soon as it starts talking to the modem, so don't even bother (no need to even set it, it'll figure it out). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The aux port on the 2600 (and I'm assuming the 3600) can do 115kbps. > > John > > >>> "David Chandler" 4/20/01 2:36:01 PM >>> > How did you get this to work on the AUX port? > > I agree with everything bellow except with the > "speed 115200". > > Acording to my documentation "Cisco IOS Dial > Solutions" the max speed on the AUX port is > 38400. > > I have set this up on 2500s, 4500s & 7500s. > Every time that I have tried to force the speed > greater than 38400, the line speed will cycle > through all the speeds 9600, 14400 etc and > not sync with the modem. > > Is the AUX differnet for 2600's ? > > If you repeatedly do a "sh line" what speed does > the AUX show up at? And, is it changing? > > PS: I have been checking CCO for the specifics > on the 2600 AUX to confirm but no luck @tt > > DaveC > > > > Bernardo Estevez wrote: > > > > Hey listen man. > > Thank you so much. > > The configuration below WORKED!!! > > > > I appreciate your help. > > > > Thanks again, > > -Bernardo > > > > --- Thomas wrote: > > > Try this configuration: > > > > > > line aux 0 > > > login local > > > modem InOut > > > modem autoconfigure type usr_courier > > > transport input all > > > escape-character BREAK > > > autoselect ppp > > > stopbits 1 > > > speed 115200 > > > flowcontrol hardware > > > > > > I tried the "modem autoconfiguration discoverty" > > > with the U.S. Robotics, but > > > it didn't work. Also, the "modem" adapter shipped > > > with the 2600 router is > > > not the correct one. I don't have the part number > > > here. Please go to Cisco > > > web site and check for part number of this adapter. > > > > > > > > > > > > ""Bernardo Estevez"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi all, > > > > > > > > I'm trying to configure the AUX port on a Cisco > > > > terminal server 2621. I'm using an external US > > > > Robotics 56K modem connected with a rolled cable > > > and a > > > > modem adapter on the modem side. This connection > > > seems > > > > to work but where I'm having problem is in the > > > > configuration of the "line aux 0" interface. > > > > This is what I have done so far: > > > > > > > > line aux 0 > > > > autobaud > > > > modem answer-timeout 20 > > > > modem autoconfigure discovery > > > > stopbits 1 > > > > > > > > When I dial-in using Windows2k HyperTerminal, the > > > > modem answers and I get connected, but then I > > > don't > > > > see anything on the window. I've tried playing > > > around > > > > with the 'login' and 'password' option but no > > > luck. Do > > > > I have to manually tell it the transmit and > > > receive > > > > speeds? What else am I missing? > > > > > > > > Any input would be greately appreciated. > > > > > > > > Thank you in advance. > > > > > > > > Please also copy your reply to > > > [EMAIL PROTECTED] > > > > as I don't get the chance to go through this list > > > too > > > > often. > > > > > > > > -Bernardo > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Yahoo! Auctions - buy the things you want at great > > > prices > > > > http://auctions.yahoo.com/ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > > > [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > __ > > Do You Yahoo!? > > Yahoo! Auctions - buy the things you want at great prices > > http://auctions.yahoo.com/ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1458&t=1304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IOS upgrade security policy [7:1408]
My understanding is that you can upgrade to any minor release without cost. So if you had 11.1(1), you could upgrade to 11.1(8). To go to a new major release, like 11.2(1), you'd have to purchase it (or have a SmartNet contract). So long as a product isn't listed as DF (deferred), I wouldn't worry too much about it unless there is an issue you're running into that TAC had told you or found in the bug tracker system. Usually the need to upgrade is for new features. If you don't need the new features and a product works and isn't deferred, might as well stick with it (unless it's for a test lab, of course). I won't say my personal opinion on crappy, err, buggy software. Micro$oft bothers me the most, but anyone in general that charges for the "new" version that fixes the bugs in the old just really has a lot of nerve. Especially the new Windows 2000 ads showing a Windows 95 BDOD and says something like, "Tired of Blue Screens? Upgrade to Windows 2000 Professional." I mean, what a joke. We sold you crappy software, but we've made better stuff now, so buy it and fix the problems we made in our original software. I think Computer Associates (CAI) come in second on my "bad software" maker list (I can tell some terrible backup software stories). Hmm, well, maybe I did say my personal opinion *g* It's easily to get me off on a tangent. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Maness, Drew"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > With the different major IOS releases, 11.1,11.2, 11.3, 12.0, 12.1..., How > do security vulnerabilities get updated? My question really is this. Is > running IOS 11.3.11b less secure than the latest release of 12.1? > > What is the upgrade policy associated with the IOS version? Should it be > that if you are running 11.3 you should update to the latest version of 11.3 > or is the recommendation to upgrade all the way to 12.1? > > Since it looks like different IOS versions along with platform version have > different bugs associated with them, I was just wondering what other peoples > corporate security policy was in relation to the Cisco IOS versions. > > Thanks for any insight > > Drew > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1457&t=1408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Failed BSCN [7:1405]
Sorry to hear, sounds like my first pass (and I was so pissed I took the rest of the day off and studied, retook the test that afternoon in the last slot and passed by 150 points). Of course, I blame the ACRC book I used to study with has just a few pages on BGP (my fault for not comparing the outlines of the ARCR vs. the Routing v2 test and seeing that BGP played a bigger role). There are a ton of resources online, but if you're going to spend some time studying, get Halabi's "Internet Routing Architectures, Second Edition" book and you'll learn a huge amount of BGP info. I like started with Avi Freedman's stuff. I like his point of view (practical, small ISP point of view). I haven't re-read his material since I've gotten some hands-on and read Halabi twice, so I'm sure I might find some out of date or things that I might not agree on. http://www.netaxs.com/~freedman/bgp/bgp.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Brad Shifflett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Failed by 23 points. Really tough on BGP. I only got 22%. Any tips on good > materials to really grasp BGP? > > Brad Shifflett > [EMAIL PROTECTED] > Micromenders, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1456&t=1405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair & Cert's [7:1228] -Reply [7:1228]
I would complain to the cert tracking folks. I'm in the same boat, having done my CCNA v1 last year before the v2 came out, but yet my CCNA is not set to expire 3 years after I got it, but 3 years after I got my CCDP with my CID. One thing I am glad to see is that it now shows I have my CCDPv2 (before it said I only had CCDPv1, saying I required some CCIE tests for my CCDPv2) Here's my Galton info: Certification Agreement Feb 22 2000 P CCNA 1.0 #640-407 Feb 22 2000 P Certification Agreement Feb 26 2000 P Exam #640-503 Oct 9 2000 F (damn ACRC book I used had 2 pages on BGP) Exam #640-503 Oct 9 2000 P (I went home, read up on BGP and nail the Routing v2 that afternoon) Exam #640-504 Nov 6 2000 P Exam #640-505 Nov 21 2000 P Cisco Career Certification Agreement v7 Nov 24 2000 P Exam #640-506 Dec 7 2000 P DCN #640-441 Dec 11 2000 P Exam #640-520 Dec 15 2000 P CID 3.0 #640-025 Dec 18 2000 P MCNS #640-442 Dec 26 2000 P Cisco IP Telephony (9E0-569) Jan 30 2001 P CCNA 1.0 Certification Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Feb 22, 2000 CCNA 2.0 Certification Started: Feb 22, 2000 CCNP 1.0 Certification Completed: Dec 07, 2000 Valid Through: Dec 07, 2003 Recertified: Dec 07, 2000 Valid Through: Dec 07, 2003 CCNP 2.0 Certification Completed: Dec 07, 2000 Valid Through: Dec 07, 2003 Recertification Started: Nov 24, 2000 CCDA 1.0 Certification Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Nov 24, 2000 CCDP 1.0 Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertified: Dec 18, 2000 Valid Through: Dec 18, 2003 CCDP 2.0 Completed: Dec 18, 2000 Valid Through: Dec 18, 2003 Recertification Started: Nov 24, 2000 Career Specializations CCNP Security** Completed: Dec 26, 2000 Valid Through: Dec 26, 2002 Recertification Started: Nov 24, 2000 Should go sit for CVOICE and get the CCNP Voice Access Specialization before they expire the test? I just wonder if it's worth it (but them, my employer pays for the test, so I could care less). CCNP+Security+Voice/CCDP would look pretty cool, I guess, that is if I was a cert chaser ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The original poster made comment that one must have both. Case in point- I > have attained the CCNP certification & my CCNA is due to expire in the next > year. My CCNA status did not update when I completed the CCNP, it's still > the old CCNA 1.0 from 1999. When my CCNA expires, it expires... > > I guess we agree :o) > Phil > > > - Original Message - > > From: Jose A Rola > > To: ; > > Sent: Friday, April 20, 2001 10:43 AM > > Subject: Re: Job Fair & Cert's [7:1228] -Reply > > > > > > Check the Cisco website in tre training and certification section, in the > > page regarding how to become CCNA, it states there that the CCNA is valid > > for three years, then you have to recertify by taking again a valid CCNA > > exam or achieve CCNP status. > > > > Jose Rola > > > > >>> "Circusnuts" 04/20/01 01:46pm >>> > > > > > > > Not that I'm aware of... the CCNA expires in it's normal time-frame, > > regardless if you are a CCNP or a CCIE. > > > > Phil > > > > - Original Message - > > From: Luong, David > > To: > > Sent: Thursday, April 19, 2001 1:00 PM > > Subject: RE: Job Fair & Cert's [7:1228] > > > > > > > When you become a CCNP, you also carry the CCNA designate. 'nough said. > > > > > > David. > > > > > > -Original Message- > > > From: Circusnuts [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, April 19, 2001 7:57 AM > > > To: [EMAIL PROTECTED] > > > Subject: Job Fair & Cert's [7:1228] > > > > > > > > > I'd had a hard time believing a friend couldn't find a job, when holding > > > both > > > the N+ & CCNA certifications. So- I went to a local DC job fair with > him > > > yesterday. My buddies resume was 1 page (CCNA with help desk > experience) > > & > > > mine was 3 pages (CCNP with design & NOC experience). None of the > > > exhibitors > > > seemed to know what category the I (CCNP) belonged in & of course
Re: What ISP do you recommend for BGP?? [7:1295]
I can say that every time I've contact Sprint the response has been very fast and satisfactory. I've had to make many follow-up calls to get things done with UUNET. I guess you can relax a little when you're the top dog? I'm glad Cisco TAC doesn't feel that way. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Laurel Jones"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I agree with Jason, it's going to be the "luck of the draw" as far as the > competency of the Engineering staff that you will have assigned to work with > you. We're turned up Internet connections with AT&T, Sprint and Internap. > We were lucky and all three were pretty good as far as the BGP > configurations went. However, the latency and subsequent response time for > our E-commerce users in different parts of the country varied widely between > the three with AT&T being by far the worst. IMHO, you can work through most > of the initial configuration and setup issues but support and response time > is something you will live with for a long time. Consider these factors as > well. > > -Original Message- > From: Jason J. Roysdon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 19, 2001 10:06 PM > To: [EMAIL PROTECTED] > Subject: Re: What ISP do you recommend for BGP?? [7:1295] > > > It's all going to depend on the luck of the draw as to the engineer you get, > I think, at least to some degree (same is true of Cisco TAC, and they're the > top as far as support goes, IMHO). Mind you I've only turned up two BGP > connections, but Sprint was totally on the ball and great to work with. > WorldCom/UUNET was incompetent and I had to walk him through a number for > things like getting a default route advertised from them, what customer-only > routes mean, etc. (lucky for me I did them after Sprint). Check Boardwatch > for ISP costs and latency comparisons. WorldCom is directly connected to > nearly 50% of prefixes advertised. I believe Sprint has like 30%. > > http://www.boardwatch.com/ > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""BH"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > Does anyone have a recommendation or horror story for best ISP to work > with > > for implementing BGP? > > I am thinking of picking between Worldcom, ATT and Qwest. > > Thanks > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1452&t=1295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routergod.com [7:1392]
Linked from that site was "CCNA for Dummies" http://www.amazon.com/exec/obidos/ASIN/0764506900/ref%3Dase%5Froutergod/107- 0761137-0763711 Gawd, like we needed that. I know enough CCNA dummies without this book ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Mannan Venkatesan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sorry for the off-topic. Check this site routergod.com... funny > > Thanks, > Mannan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1453&t=1392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair & Cert's [7:1228]
CCNA expiration is automatically renewed when you get your CCNP or CCDP. So long as you keep your CCNP or CCDP current, you'll always be a CCNA (CCNA and CCDA for CCPD). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Circusnuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Not that I'm aware of... the CCNA expires in it's normal time-frame, > regardless if you are a CCNP or a CCIE. > > Phil > > - Original Message - > From: Luong, David > To: > Sent: Thursday, April 19, 2001 1:00 PM > Subject: RE: Job Fair & Cert's [7:1228] > > > > When you become a CCNP, you also carry the CCNA designate. 'nough said. > > > > David. > > > > -Original Message- > > From: Circusnuts [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 19, 2001 7:57 AM > > To: [EMAIL PROTECTED] > > Subject: Job Fair & Cert's [7:1228] > > > > > > I'd had a hard time believing a friend couldn't find a job, when holding > > both > > the N+ & CCNA certifications. So- I went to a local DC job fair with him > > yesterday. My buddies resume was 1 page (CCNA with help desk experience) > & > > mine was 3 pages (CCNP with design & NOC experience). None of the > > exhibitors > > seemed to know what category the I (CCNP) belonged in & of course I just > > said > > "Networking" :o) In two instances exhibitors took my buddies resume & not > > mine, because I was not a CCNA. A third guy looked @ my resume & said > they > > didn't do A+ or MCP stuff :-o > > > > Man it's rough out there & this was not an entry level fair !!! > > Phil > > > > PS- gotta admit, I've been working in the area for 2 years & had not ever > > seen > > half of these companies before. > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1449&t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP on the 800 Series? [7:1365]
Streamlining to keep the code small? This appears to be true on my 827 running IP PLUS FW IPSEC. It does support EIGRP, so stop whinnin' and go to something that supports classlessness. The interesting thing is that it's still in the help system: falcon-827-4v(config)#router igrp ? Autonomous system number falcon-827-4v(config)#router igrp 2 Unknown routing protocol -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Niraj Palikhey"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > Can anyone tell me why the 800 series routers do NOT run igrp? I would think > that besides the 700 series, all Cisco routers that run the Cisco ios should > be capable of running igrp? After all, since igrp is Cisco's very own > protocol, shouldn't Cisco give credit to Len Bosack on the 800 series too > :-) > Please advise. > Thank you. > Kind regards, > [EMAIL PROTECTED] > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1450&t=1365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: QoS [7:1346]
Look into CAR as well. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Charles Nunie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > Can Cisco 2600 and 3600 be configured to provide Quality of Service? We want > to dedicate bandwidth to our wireless Internet subscribers > > Dzilo > > > Get free email and a permanent address at http://www.netaddress.com/?N=1 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1448&t=1346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Ramblings [Was Re: BGP Dampening, What is a flap? [7:1128]
Speaking of, I'll be posting pics of my compost bin, router rack, and firepit on my homepage tonight. These are my hobbies, I'm a homebody geek, and I like my life as it is, thankyouverymuch *g* One of these days I'll get a digital camera so it doesn't take me 4 steps to get photos up my website instead of just 1. A scanner would help, so at least then I wouldn't have to go to the office (I think I've been in the office twice this month, once to pick up parts, and today to scan the photos). Hmm, so I guess I'm a frugal geek. Oh, what a coincidence, Star Trek Voyager re-run tonight just used dampening. Chakotay (sp?) said, "I'm detecting a dampening field around that building." That settles it, Star Trek is made up babbling and usually incorrect when it comes to technical terms (unlike Star Wars, you know), so it must be damping *g* -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > As a gardener, however, dampening is a good thing to do to seedlings, > making them moist and green. A damped seedling has gone limp and is > on its way to the Great Compost Pile in the Sky. > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1337&t=1128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What ISP do you recommend for BGP?? [7:1295]
It's all going to depend on the luck of the draw as to the engineer you get, I think, at least to some degree (same is true of Cisco TAC, and they're the top as far as support goes, IMHO). Mind you I've only turned up two BGP connections, but Sprint was totally on the ball and great to work with. WorldCom/UUNET was incompetent and I had to walk him through a number for things like getting a default route advertised from them, what customer-only routes mean, etc. (lucky for me I did them after Sprint). Check Boardwatch for ISP costs and latency comparisons. WorldCom is directly connected to nearly 50% of prefixes advertised. I believe Sprint has like 30%. http://www.boardwatch.com/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""BH"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > Does anyone have a recommendation or horror story for best ISP to work with > for implementing BGP? > I am thinking of picking between Worldcom, ATT and Qwest. > Thanks > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1334&t=1295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair & Cert's [7:1228]
The problem is that they're usually overwhelmed, so they just scan for the right letters and aren't going to dig and research any resume that doesn't have the exact specs they're told to match. I think IT Managers could be better informed as well and let the HR folks know what all to be looking for. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I could not agree more HR's tend to be witless and you need to spell out to > them what you have. > > Karl > - Original Message - > From: "Jason J. Roysdon" > To: > Sent: Thursday, April 19, 2001 6:44 PM > Subject: Re: Job Fair & Cert's [7:1228] > > > > HR is clueless. List all certs, including pre-reqs that we all know a > > higher cert holds. I list CCNA and CCDA in addition to the CCNP and CCDP > in > > my certs section (but I also break down when I obtained them by date). > > Also, don't just list "CCNP" but include what it stands for and order the > > certs with the highest listed first: > > > > a.. Cisco Certified Network Professional (CCNP) > > a.. 640-503 Routing > > b.. 640-504 Switching > > c.. 640-505 Remote Access > > d.. 640-506 Support / Internetwork Troubleshooting > > b.. Cisco Certified Design Professional (CCDP) > > a.. 640-503 Routing > > b.. 640-504 Switching > > c.. 640-505 Remote Access > > d.. 640-025 Internetwork Design > > c.. Cisco Certified Network Associate (640-407 CCNA) > > d.. Cisco Certified Design Associate (640-441 CCDA) > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Interesting... > > > > > > I see a lot of job postings where companies are looking for CCNA's and > > > prefer CCIE's...No mention of CCNP's. It seems (to me at least) that > many > > > in the HR world are not familiar with the CCNP. > > > > > > roger > > > > > > -Original Message- > > > From: Circusnuts [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, April 19, 2001 07:57 > > > To: [EMAIL PROTECTED] > > > Subject: Job Fair & Cert's [7:1228] > > > > > > > > > I'd had a hard time believing a friend couldn't find a job, when holding > > > both > > > the N+ & CCNA certifications. So- I went to a local DC job fair with > him > > > yesterday. My buddies resume was 1 page (CCNA with help desk > experience) > > & > > > mine was 3 pages (CCNP with design & NOC experience). None of the > > > exhibitors > > > seemed to know what category the I (CCNP) belonged in & of course I just > > > said > > > "Networking" :o) In two instances exhibitors took my buddies resume & > not > > > mine, because I was not a CCNA. A third guy looked @ my resume & said > > they > > > didn't do A+ or MCP stuff :-o > > > > > > Man it's rough out there & this was not an entry level fair !!! > > > Phil > > > > > > PS- gotta admit, I've been working in the area for 2 years & had not > ever > > > seen > > > half of these companies before. > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1333&t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPPoe [7:1249]
But as he's posting to a Cisco list, he's probably curious about getting it to work with a Cisco router ;-p Cisco TAC's DSL section has a number of PPPoE sample configs: http://www.cisco.com/warp/public/794/ The hardest thing will be getting your PVC info from your clueless ISP helpdesk: http://www.cisco.com/warp/public/794/wicadsl_pppoe_client.html interface ATM0.1 point-to-point pvc 1/1 pppoe-client dial-pool-number 1 !--- pvc 1/1 is an example value that must be changed !--- to match the value used by the Internet Service Provider (ISP) ! !--- The PPPoE client code ties into a dialer interface upon !--- which a virtual-access interface is cloned. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Nurudeen Aderinto"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can use Linksys DSL router > > Yu can get more infomation on it from : > > http://www.computers4sure.com/product.asp?productid=109800 > > Regards, > > Nurudeen > > > --- Vincent wrote: > hi; > > > > Currently, I subscibe to ISP ADSL service, can I > > use my router to > > function as PPPoe clients. So the network behind > > the router can access > > the internet? > > > > Thanks > > Vincent > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > Do You Yahoo!? > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > or your free @yahoo.ie address at http://mail.yahoo.ie > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1261&t=1249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Dampening, What is a flap? [7:1128]
And it's all tied to time as well, so just don't go down/up within a very short period (just go down, do your work, then back up). If you know you're going to take a BGP announcing router offline and don't want there to be any possibility of things bouncing while you're working, shutdown your BGP neighbors so you won't be announcing and then withdrawing them. So long as I've done that, I've never had dampening problems. When I'm all done, I just no shutdown the BGP neighbors and we've got no dampening penalties. Before learning about the BGP neighbor shutdown command, I was getting dampened a bit as the serial line would sometimes bounce when first coming up and the BGP neighbors were already exchanging routes. Also important is to kill your iBGP neighbors statements as well (shutdown command), as you don't want them to be flapping any routes that originate from the router you're working on. An example of the command: router bgp 18506 neighbor 63.123.123.166 shutdown Worst case, when I was first installing BGP and tweaking with memory and how many routes we could hold (and crashing and losing our BGP sessions), I think I probably flapped 10 times and got dampened for 2 hours from some ISPs. Of course, we were working after hours so no big deal, but now that I know better I wouldn't announce any routes until I knew everything else was stable. BGP looking glasses are very useful to see if you're getting dampened ;-) telnet://route-views.oregon-ix.net telnet://route-server.cerf.net -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It doesn't answer the question. It says there's a penalty for each flap. Is > there a penalty for > > 1. each time a route goes down > or > 2. each time a route goes down and back up > > The answer is probably number 2, as the orignal poster thought also, since > just going down isn't really "flapping." > > Priscilla > > At 05:18 AM 4/19/01, Andy Prima wrote: > >Please let me quote from sitamoth.com: > > > >Route dampening is a BGP feature designed to minimize the propagation of > >flapping routes across an internetwork. A route is considered to be flapping > >when it is repeatedly available, then unavailable, then available then > >unavailable..and so on. > >A route that is flapping receives a penalty of 1000 for each flap. When the > >accumulated pelanlty reaches a configurable limit, BGP surpresses > >advertisement of the route EVEN if the route is UP. > >The accumulated penalty is decremented by the half-life time. When the > >accumulated penalty is less than the reuse limit, the route is advertised > >again (if it is still UP). > > > > > >Hope this can help :) > > > >Andy > > > >-Original Message- > >From: Stephen Skinner [mailto:[EMAIL PROTECTED]] > >Sent: Thursday, April 19, 2001 3:53 PM > >To: [EMAIL PROTECTED] > >Subject: Re: BGP Dampening, What is a flap? [7:1128] > > > > > >I always thought of a "Flap" as a generic term meaning when a > >route/interface/serial-line goes full-circle.regardless of protocol > >i use the term interchangeably with OSPF,PpP,LEASED lines,BGP,ISDN > > > >from:- workingdowninitialisingup > > > >i have always treated the "whole" as one flap? > > > >Am i going mad. > > > >Cheers > > > >steve > > > >"my mum always said it`s only an exam...PAH...what the heck do she > >know" > > > > > > >From: "Priscilla Oppenheimer" > > >Reply-To: "Priscilla Oppenheimer" > > >To: [EMAIL PROTECTED] > > >Subject: Re: BGP Dampening, What is a flap? [7:1128] > > >Date: Wed, 18 Apr 2001 18:09:50 -0400 > > > > > >I think from BGP's point of view a flap is a withdrawal and announcement > of > > >a routing prefix. Howard Berkowitz will know for sure. Did you check his > > >BGP papers at http://www.certificationzone.com. Also there's a good paper > > >here: > > > > > >http://www.ripe.net/ripe/docs/ripe-178.html > > > > > >Cisco often uses the word "flapping" in a generic sense for a route or > > >interface going up and down repeatedly. That could be cause for some > > >confusion. In your class, you might want to be clear about whether you are > > >using the term generically or with reference to parameters to route > > >dampening commands. > > > > > >Good luck. Let us know what you find out for sure! Thanks. > > > > > >Priscilla > > > > > >At 03:35 PM 4/18/01, Tom Pruneau wrote: > > > >Greetings All > > > > > > > >I am in the process of writing a BGP class, at present I am specifically > > > >working on a section covering dampening. > > > > > > > >My question is "what is a flap" > > > > > > > >The two possible answers are: > > > > > > > > > > > >Answer one > > > >A flap is whenever path information changes for a route. By this > > >definition > > > >if a route goes away, that would be a flap. When the route comes back, > > >that > > > >would be another fla
Re: CCIE Security exam 351-018 [7:1070]
Just because security is something I enjoy, it's most likely the next thing I'd pursue after R/S (plus it should be a piece of cake after the CCIE R/S, just learning the security depth and already feeling secure in the R/S side). A good starting point in the meantime would be the 4 security tests for the Security Specialization. http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/security/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Ali Jamshed Khan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all > > I am working for an E-commerce organization and most of my time is spent on > network security. > I am also looking for CCIE security certification. My suggestion is that > those of us looking for the ccie security should > think of having a common list to discuss security specific questions. > > I plan to take the written in about couple of months and the lab later on > this year. > > regards > > Ali Jamshed Khan, CCNP > > > - Original Message - > From: "Terence Lee" > To: > Sent: Wednesday, April 18, 2001 2:06 PM > Subject: CCIE Security exam 351-018 [7:1070] > > > > Has this exam gone live yet? I see that it was in beta from October 20, > 2000 > > to November 10, 2000. Has anyone taken it? Thanks > > > > Terence Lee > > CCNA > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1266&t=1070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO download [7:1238]
Email the CCO team and they'll fix your access if you're supposed to have it. I've run into this from time to time. [EMAIL PROTECTED] is the email address to use. Tell them your login ID and they should be able to take it from there. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Terence Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone had trouble downloading (ex. IOS images)from the CCO wesite? > Myself and serveral co-workers are not able to dwonload. It states that my > profile can not be found. Thanks > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1259&t=1238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice Ready Router [7:1092]
Actually, VoIP works very well, at least with my provider. I've got PacBell/SBC ADSL at home (384k down, 128k up, although down bursts way beyond that). Right now I'm using an 827 with an IPSEC tunnel into a customer's office where they have a Cisco CallManager cluster, and gateways out to their ISDN PRI and other branches with FXO POTS access. During the setup we initially used public IPs (VoIP doesn't work through NAT presently) and my 1605R and tested and using G.711 it was a little choppy at times. Once I got an 827 and we got G.729a compression turned on, it now sounds great (I think the 827 is either faster and/or having it directly connected to my ADSL cuts out one more device (the ADSL Westell bridge I have)). QoS helped as well (vs. all the other outbound traffic at my office), and tunneling actually helped more (bypasses the firewall on both ends). I can call out 18 different locations as a "local call" and it sounds great (they're using FR internally between sites). We're working on getting a few copies of CallManager for our own lab use (that can install on any box), and when I do I'll put up some info on how to connect for those that want to try (IPSEC tunnel first, then using Cisco's IP SoftPhone on your PC). I actually spent about 3 hours cleaning up my home rack last night (doesn't have threaded holes, so I had to get more nuts and bolts to mount devices), and when my Wife walked in, she couldn't believe it was the same equipment all still connected (all the wires are hidden by wire management). We took some pictures "before" and "after" and I'll post them when they get developed. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's the scoop on the 1750s: > the Base Model 1750 has 4MB Flash, and 16MB RAM, and an empty DSP slot > behind a LED riser card on the system board. With a Voice Upgrade kit, you > can add on the DSP chip (which looks like a proprietary DIMM, but its not) > and you get an 8MB Flash chip and 32MB RAM chip to swap out with the old > ones... and you essentially have the 4/8 chips spare on hand. You also get > the IOS on CD for IP Plus. > > the 1750-2V has the Voice Upgrade kit already installed, with the Voice > Image already installed too; you just don't have the left-over 4/8 chips on > hand. > > the 1750-4v is all inclusive of the 2v, but it has a second slot on the main > board beside the first one for the DSP chips, and if I remember right, > they're located in a slightly different location on the board I guess > because of space constraints. > > Optionally, you can bump the 1750 up to 16MB Flash, and 48MB RAM for any of > the huge images you decide to run. > > One nice thing I like about this router is that you can purchase an > additional 10BT WAN card to put in a WIC slot, and do PPPoE and the last > I checked (about a month ago on CCO), this feature wasn't supported on any > other Voice enabled router. Sweet deal for those who want to buddy up with > a pal and try VoIP over the internet with DSL or CableModem using a GRE > tunnel, of course And yes, I'm aware of the QoS issues you have to > deal with in using the Internet as opposed to a FR or PPP connection... like > I said, it would be strictly for experimental/play purposes. > > - Mark Odette II > - Original Message - > From: "Jason J. Roysdon" > To: > Sent: Thursday, April 19, 2001 2:48 AM > Subject: Re: Voice Ready Router [7:1092] > > > > Aren't the xV models just the same thing but with the extra dram/flash and > > correct IOS image bundled (and also cheaper than buying them > individually)? > > I think that's my recollection on them. > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > ""Joseph Padian"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > It depends on what model 1750. There are 3 models: 1750, 1750 2V, 1750 > 4V. > > > The 1750 2V-4V you only need a VIC. > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1260&t=1092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAR (Commited Access Rate) [7:1234]
I haven't applied CAR yet, but one other point to make is that you need to have your upstream ISP applying CAR as well, otherwise this is basically useless (you need them to block/slow down this sort of traffic before it hits your WAN link). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""BASSOLE Rock"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Group, > > > I would like to apply an CAR for icmp and SYN Flood traffic to a Serial > interface on my router. How can I determine the bandwidth limitation to > apply (128000) and the maximum (8000), minimum (8000) burst. > > Here is the example below: > > interface Serial 0 > rate limit input access-group 102 128000 8000 8000 conform-action transmit > exceed-action drop > > access-list 102 permit icmp any any echo > access-list 102 permit icmp any any echo-reply > > > Regards, > > > Rock BASSOLE > Til: +33 (0) 1 45 96 22 03 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1258&t=1234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Job Fair & Cert's [7:1228]
HR is clueless. List all certs, including pre-reqs that we all know a higher cert holds. I list CCNA and CCDA in addition to the CCNP and CCDP in my certs section (but I also break down when I obtained them by date). Also, don't just list "CCNP" but include what it stands for and order the certs with the highest listed first: a.. Cisco Certified Network Professional (CCNP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-506 Support / Internetwork Troubleshooting b.. Cisco Certified Design Professional (CCDP) a.. 640-503 Routing b.. 640-504 Switching c.. 640-505 Remote Access d.. 640-025 Internetwork Design c.. Cisco Certified Network Associate (640-407 CCNA) d.. Cisco Certified Design Associate (640-441 CCDA) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Interesting... > > I see a lot of job postings where companies are looking for CCNA's and > prefer CCIE's...No mention of CCNP's. It seems (to me at least) that many > in the HR world are not familiar with the CCNP. > > roger > > -Original Message- > From: Circusnuts [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 19, 2001 07:57 > To: [EMAIL PROTECTED] > Subject: Job Fair & Cert's [7:1228] > > > I'd had a hard time believing a friend couldn't find a job, when holding > both > the N+ & CCNA certifications. So- I went to a local DC job fair with him > yesterday. My buddies resume was 1 page (CCNA with help desk experience) & > mine was 3 pages (CCNP with design & NOC experience). None of the > exhibitors > seemed to know what category the I (CCNP) belonged in & of course I just > said > "Networking" :o) In two instances exhibitors took my buddies resume & not > mine, because I was not a CCNA. A third guy looked @ my resume & said they > didn't do A+ or MCP stuff :-o > > Man it's rough out there & this was not an entry level fair !!! > Phil > > PS- gotta admit, I've been working in the area for 2 years & had not ever > seen > half of these companies before. > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1257&t=1228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7100 VPN Router [7:1213]
Yes, routers are capable of QoS into a VPN. The Concentrator or PIX are not, as they don't support QoS (although if you have a router supporting QoS before, you might be able to fudge it a little). Of course, you can only control QoS into the VPN, and not how the tunnel itself will perform once it leaves you control, but at least you can control what's going in. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Gil Shulman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi everyone, > >Does anyone know if I can perform differant types of QoS to a VPN with > respect to a LDAP server? > > Thank you in advance > >Gil > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1250&t=1213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice Ready Router [7:1092]
Aren't the xV models just the same thing but with the extra dram/flash and correct IOS image bundled (and also cheaper than buying them individually)? I think that's my recollection on them. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Joseph Padian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It depends on what model 1750. There are 3 models: 1750, 1750 2V, 1750 4V. > The 1750 2V-4V you only need a VIC. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1191&t=1092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring book [7:1138]
I actually found "Cisco IOS Bridging and IBM Network Solutions" in our company library today (collecting a ton of dust, I might add). (c) 1998, but I'm sure the IBM Network Solutions will work for me in addition to what I've found online so far. If I need more help, I'll check out your suggestion. Thanks, -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In reply to a recent request for additional Token Ring reading. > "IBM's Token-Ring Networking Handbook" by George C. Sackett ISBN > 0-07-054418-2 McGraw-Hill Publisher 1993 > Sometimes a used copy comes up for sale on eBay. I'm not sure of any other > source for this book. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1190&t=1138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network analysis of T1 [7:1057]
MRTG, and it's free. I routinely set it up for customers (of course my labor isn't free). Here's a link to my site where I have it running. At the bottom of the page is a link back to the MRTG site where you can download it. http://artoo.net/mrtg/63.107.123.253.2.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Anthony J Crews"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I would like to know the best/least expensive software on the market that > will analyze my T1 links for %usage. I have all cisco routers but think the > CiscoWorks RWAN is a bit expensive ($15,000)? > > Thanks, > > Anthony > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1188&t=1057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Simulator [7:1087]
Zebra for linux works great. I even have a copy running for public access: telnet://artoo.net:2605 (password is bgp) http://freshmeat.net/projects/zebra/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""sdonoho"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is there such a thing as a freeware BGP simulator? BGP simulators run on > PCs or Workstations and simulate an external AS and will form adjacency with > routers. Router manufactures use the simulators to stress their products. > But I'm unsure if the simulators are homegrown, commercial or freeware. I'm > currently using a Linux system in my home lab and a BGP simulator would be a > great addition to my network. > > Scott > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1189&t=1087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Definitely at least get something (especially before they get switches and make sniffing harder), but I think Fluke is a bit pricey for most unless that's what you really need (same with Sniffer Pro, etc.). Speaking of which, I believe we just got approved to get a Dolch box with Sniffer Pro and a ton of hardware interfaces (including 802.11). Our old box just wouldn't support some of our older WAN cards once we upgraded to GUI, and the DOS version is so outdated (but still required if we wanted to do anything with our v.35 interface). Speaking of, any idea when Sniffer Pro split into a LAN and WAN (and even "High Speed") versions? I wasn't in on specing out our new box, so I didn't know until I just looked at their site. Hey, and it looks like they even rent packaged boxes as "Sniffer Express" for week and month periods: http://www.sniffer.com/services/sniffer-rentals/default.asp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > They should get the troubleshooting tools first, in my opinion. There are > free protocol analyzers available. The problem may be some network-hog > application that doesn't belong on the network, such as Napster or > something. The problem could continue to lurk even if they did get a switch. > > Of course, protocol analysis can be very time-consuming, and time is money, > so perhaps throwing a switch in the network might be a good approach > too. Mwave.com is advertising a D-Link 8-port 10/100 switch for only > $69.99, while supplies last. They also have a 3-Com 4-port switch for only > $92 and really cheap LinkSys switches. Those are all good name brands. (No, > I don't work for them! ;-) > > Priscilla > > At 09:05 PM 4/17/01, Jason J. Roysdon wrote: > >Convince them to get troubleshooting tools when they don't even have > >switches? *chuckles* Good luck. > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Chuck Larrieu"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hhm.. > > > > > > Are these hubs daisy chained? > > > > > > Does the noticeable slowdown happen al the time, or can you isolate it to > > > particular times of day? > > > > > > Do you have an internet connection? > > > > > > Do you have anyone using any kind of dial up to an external service of > >some > > > kind? > > > > > > Have people set up their own little Windows networking networks, in > >addition > > > to your network - file and print sharing stuff? > > > > > > Are people having to print a lot of things they weren't doing before? > > > > > > Story time: > > > > > > Back at the brokerage firm, there was an occasion where my help desk > >started > > > getting calls about the network being down. In general, this kind of > > > complaint could be attributed to not being logged on to the network, and > > > usually we would blow off the callers with the instruction to log on. > >Well, > > > upon thinking about the fact that people who were complaining were in > many > > > cases "good" users, and the fact that there were so many calls that > >morning, > > > I traced back one of the end user stations to a particular hub ( we had > >hubs > > > plugged into switches at the time ) and I was shocked to see the > collision > > > light solid red. I was able to use the HP stack manager software to > >discover > > > that a particular port was just saturating the hub with traffic. Tracking > > > down that user, I learned that particular person was connected to a > > > particular internet based service ( some kind of research database ) and > >was > > > downloading and updating a complex database file using a particular > > > proprietary piece of software. The damn thing practically seized the > >entire > > > bandwidth of that hub, and so monopolized the traffic that other folks > >were > > > losing their connections to the Novell servers, I am guessing because of > > > lack of keepalives. > > > > > > Once the problem was identified, I gave this particular user a dedicated > > > switch port, and life was good after that. > > > > > > M
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
The Novell client doesn't use the windows login password (they keep them blank and actually have a script that deletes *.pwl), and is also configured to blank out the username. This can be done with NT as well (or at least instruct users to use blank local windows passwords). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > User name is easily found by looking at the default login screen on a > windoze device. > > As for the password, it's no doubt easily found on one of the post-it's on > the edge of the monitor. ;-> > > I'm with Howard - exactly what does a layer two security feature accomplish > in real terms? > > Chuck > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 5:51 PM > To: [EMAIL PROTECTED] > Subject: Re: Windows XP and Catalyst 5000 Issues ... [7:911] > > True, but even if you sat down at a PC and got its MAC address (or just used > that same PC), you'd still have to have the username/password for any real > access, as even their Bordermanager proxy is based on being authenticated to > NDS. But good point if that's all a person was using to verify a valid > connection to a network. > > But the without locking it down to a MAC address, what would stop a > broadcast storm at the local switch? What other authentication methods are > there at layer 2? I mean, I guess you could have some sort of script that > would disable the port if the user failed to authenticate with your servers > within a given amount of time... but in that time a WinXP PC would have > melted a Cat5k (or worse: a program that simulates the same problem that can > be run on an OS). > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Howard C. Berkowitz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Frankly, I'm very dubious about any security scheme based on MAC > > address alone, for wired or wireless networks. At best, it's > > controlling which device can plug into a port, using an identifier > > that can be spoofed without all that much effort. The MAC address > > proves absolutely nothing about the identity of the person using the > > device. I'm really not sure what problem, in most cases, it solves. > > Once the device is connected, there are no controls. > > > > Data link level encryption does make sense for wireless networks. > > > > If I am concerned about random devices plugging into a LAN and doing > > evil, I'd much rather that they have to connect to an authenticating > > proxy server, or let them in but control server access, or require > > encryption with authentication of the user ID. There are other > > methods for controlling broadcast attacks. > > > > >Regarding layer 2 security, it all comes down to how much of an > > >administrative load you can handle. We have one customer that locks each > > >port down to the MAC address of what is supposed to be there. No > > >unauthorized traffic is allowed to touch the network beyond the switch > port > > >which just drops it. They very rarely if ever have moves, and when they > do > > >it all has to be coordinated with the lan/switch netadmin. I hate it > > >because I can't just come in and plug in my laptop anywhere ;-p > > > > > >Of course, this wouldn't work with an IP phone install where you're > expected > > >to be able to move phones all of the time. I'm sure there is some way to > > >create a list of MAC addresses (and maybe tag them with an appropriate > VLAN, > > >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is > > >essentially firewalled from the rest of the network). Still, this same > bug > > >would have melted a network configured as such. > > > > > > > > >-- > > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > >List email: [EMAIL PROTECTED] > > >Homepage: http://jason.artoo.net/ > > > > > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >> Taking a step back, she asked, "so what's with this 802.1x standard, > > >> anyway?" Is anyone actually using it? > > >> > > >> Data-link-layer security definitely makes sense for 802.11 wireless > > >> networks. Does it really make sense for wired networks? Is the bug > > >> happening with wired or wireless networks? It sounds like it's > happening > > >> with wired networks since the bug is with the Catalyst 5000 EARL, > though > > >> some of the reports have called 802.1x a wireless standard. That's > pretty > > >> bad that the switches forward the multicasts out blocked ports. How > could > > >> that have happened? Just a bug I guess. > > >> > > >> Back to my original question. Does security at the data-link-layer > make > > >> sense for wired netwo
Re: Network Collisions [7:1006]
Convince them to get troubleshooting tools when they don't even have
switches? *chuckles* Good luck.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Chuck Larrieu"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hhm..
>
> Are these hubs daisy chained?
>
> Does the noticeable slowdown happen al the time, or can you isolate it to
> particular times of day?
>
> Do you have an internet connection?
>
> Do you have anyone using any kind of dial up to an external service of
some
> kind?
>
> Have people set up their own little Windows networking networks, in
addition
> to your network - file and print sharing stuff?
>
> Are people having to print a lot of things they weren't doing before?
>
> Story time:
>
> Back at the brokerage firm, there was an occasion where my help desk
started
> getting calls about the network being down. In general, this kind of
> complaint could be attributed to not being logged on to the network, and
> usually we would blow off the callers with the instruction to log on.
Well,
> upon thinking about the fact that people who were complaining were in many
> cases "good" users, and the fact that there were so many calls that
morning,
> I traced back one of the end user stations to a particular hub ( we had
hubs
> plugged into switches at the time ) and I was shocked to see the collision
> light solid red. I was able to use the HP stack manager software to
discover
> that a particular port was just saturating the hub with traffic. Tracking
> down that user, I learned that particular person was connected to a
> particular internet based service ( some kind of research database ) and
was
> downloading and updating a complex database file using a particular
> proprietary piece of software. The damn thing practically seized the
entire
> bandwidth of that hub, and so monopolized the traffic that other folks
were
> losing their connections to the Novell servers, I am guessing because of
> lack of keepalives.
>
> Once the problem was identified, I gave this particular user a dedicated
> switch port, and life was good after that.
>
> My point being that even though you have a very few users, all it takes is
> one bandwidth piggy, and your shared collision domain network is toast.
> Might want to convince the boss that investment in a Fluke meter or some
> kind of management software is a good thing.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John
> Brandis
> Sent: Tuesday, April 17, 2001 5:09 PM
> To: [EMAIL PROTECTED]
> Subject: Network Collisions [7:1006]
>
> G'day all where ever you may be.
>
> I have been watching my network here in my office and I have noticed that
> over
> the last week, that the network is slowing down. Due to financial
> constraints,
> we are using 10/100 16 port hubs (2) {just thought I would point that out}
I
> have noticed that the collision LED's are on a fair bit these days. I
> checked
> to see if the errors where due to cable problems or broken ports on the
hub,
> but this was not the case. I made sure all the PC's were using the same
> protocol and still I have an abnormal amount of collisions. I understand
> that
> I will have collisons but for a 11 user network that is centerd around a
> WIN2k
> Server/Exchange server I have about a 40% collision rate.
> Does any one have any idea's (besides the obvious of buying a switch) on
how
> I
> can troubleshoot this or fix the problem...
>
> Thanks gang
>
> John Brandis
> Network Engineer
> GoWireless Communications
> 155 George Street Sydney
> +61 2 9251 5000
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1022&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Collisions [7:1006]
Should be easy enough to troubleshoot with a sniffer. Search the archives
here and you'll find a number of references to free/trial versions.
The solution is to segment with switches if it's not a misbehaving device
(and even still, switches are so cheap these days). How many nodes and how
many hubs?
As much as I'd like to recommend a Cisco product, for those that have a
bottom line, there is always the Linksys product line. Even a single switch
with the server(s) plugged into it running 100/full-duplex and the hubs all
connected to it would solve a lot of the collision problems for a while.
The best solution, IMHO, would be to get the cheapest Cisco switch that
supports Fast Etherchannel and a multi-port NIC that supports Fast
Etherchannel for your server(s) (Adaptec and Intel make them).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""John Brandis"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> G'day all where ever you may be.
>
> I have been watching my network here in my office and I have noticed that
> over
> the last week, that the network is slowing down. Due to financial
> constraints,
> we are using 10/100 16 port hubs (2) {just thought I would point that out}
I
> have noticed that the collision LED's are on a fair bit these days. I
checked
> to see if the errors where due to cable problems or broken ports on the
hub,
> but this was not the case. I made sure all the PC's were using the same
> protocol and still I have an abnormal amount of collisions. I understand
that
> I will have collisons but for a 11 user network that is centerd around a
> WIN2k
> Server/Exchange server I have about a 40% collision rate.
> Does any one have any idea's (besides the obvious of buying a switch) on
how
> I
> can troubleshoot this or fix the problem...
>
> Thanks gang
>
> John Brandis
> Network Engineer
> GoWireless Communications
> 155 George Street Sydney
> +61 2 9251 5000
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1021&t=1006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
True, but even if you sat down at a PC and got its MAC address (or just used that same PC), you'd still have to have the username/password for any real access, as even their Bordermanager proxy is based on being authenticated to NDS. But good point if that's all a person was using to verify a valid connection to a network. But the without locking it down to a MAC address, what would stop a broadcast storm at the local switch? What other authentication methods are there at layer 2? I mean, I guess you could have some sort of script that would disable the port if the user failed to authenticate with your servers within a given amount of time... but in that time a WinXP PC would have melted a Cat5k (or worse: a program that simulates the same problem that can be run on an OS). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Frankly, I'm very dubious about any security scheme based on MAC > address alone, for wired or wireless networks. At best, it's > controlling which device can plug into a port, using an identifier > that can be spoofed without all that much effort. The MAC address > proves absolutely nothing about the identity of the person using the > device. I'm really not sure what problem, in most cases, it solves. > Once the device is connected, there are no controls. > > Data link level encryption does make sense for wireless networks. > > If I am concerned about random devices plugging into a LAN and doing > evil, I'd much rather that they have to connect to an authenticating > proxy server, or let them in but control server access, or require > encryption with authentication of the user ID. There are other > methods for controlling broadcast attacks. > > >Regarding layer 2 security, it all comes down to how much of an > >administrative load you can handle. We have one customer that locks each > >port down to the MAC address of what is supposed to be there. No > >unauthorized traffic is allowed to touch the network beyond the switch port > >which just drops it. They very rarely if ever have moves, and when they do > >it all has to be coordinated with the lan/switch netadmin. I hate it > >because I can't just come in and plug in my laptop anywhere ;-p > > > >Of course, this wouldn't work with an IP phone install where you're expected > >to be able to move phones all of the time. I'm sure there is some way to > >create a list of MAC addresses (and maybe tag them with an appropriate VLAN, > >like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is > >essentially firewalled from the rest of the network). Still, this same bug > >would have melted a network configured as such. > > > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> Taking a step back, she asked, "so what's with this 802.1x standard, > >> anyway?" Is anyone actually using it? > >> > >> Data-link-layer security definitely makes sense for 802.11 wireless > >> networks. Does it really make sense for wired networks? Is the bug > >> happening with wired or wireless networks? It sounds like it's happening > >> with wired networks since the bug is with the Catalyst 5000 EARL, though > >> some of the reports have called 802.1x a wireless standard. That's pretty > >> bad that the switches forward the multicasts out blocked ports. How could > >> that have happened? Just a bug I guess. > >> > >> Back to my original question. Does security at the data-link-layer make > >> sense for wired networks? I guess there could be cases where a person has > >> physical access to an Ethernet port but is not supposed to be able to use > >> the network. Maybe in a conference room or lobby. How does the > >> authentication actually take place? Do you need to use Radius or TACACS > >also? > >> > >> And one more question, is anyone actually using Windows XP yet? I guess > >> people must be for this bug to have been found. > >> > >> Interesting thread. Would anyone care to share some "big picture" > comments > >> on the subject? > >> > >> Priscilla > >> > >> At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > >> > > Possible solution? > >> > > > >> > > * Operating systems, such as Windows XP, will attempt 802.1X > >> > > authentication by sending frames to the Authenticator PAE on the > >> > > destination multicast address 01-80-c2-00-00-0f and > 01-80-c2-00-00-03. > >On > >> > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or > EARL1.1, > >> > > these frames will be forwarded on all ports including spanning tree > >> > > blocking ports. Because these frames are forwarded on blocked ports, > >the > >> > > network will experience a Layer
Re: Need VPN success story. [7:1000]
Click on the size of the organization, and once the next screen loads you'll have a "Success Stories" button on the bottom left. You'll never find a lack of Cisco sales-fluff on CCO ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Cisco Newsgroup"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could you please tell me where I can find some VPN success stories? > > Thanks. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1018&t=1000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:911]
Regarding layer 2 security, it all comes down to how much of an administrative load you can handle. We have one customer that locks each port down to the MAC address of what is supposed to be there. No unauthorized traffic is allowed to touch the network beyond the switch port which just drops it. They very rarely if ever have moves, and when they do it all has to be coordinated with the lan/switch netadmin. I hate it because I can't just come in and plug in my laptop anywhere ;-p Of course, this wouldn't work with an IP phone install where you're expected to be able to move phones all of the time. I'm sure there is some way to create a list of MAC addresses (and maybe tag them with an appropriate VLAN, like a generic "PUBLIC" VLAN for all unknown MAC addresses, which is essentially firewalled from the rest of the network). Still, this same bug would have melted a network configured as such. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Taking a step back, she asked, "so what's with this 802.1x standard, > anyway?" Is anyone actually using it? > > Data-link-layer security definitely makes sense for 802.11 wireless > networks. Does it really make sense for wired networks? Is the bug > happening with wired or wireless networks? It sounds like it's happening > with wired networks since the bug is with the Catalyst 5000 EARL, though > some of the reports have called 802.1x a wireless standard. That's pretty > bad that the switches forward the multicasts out blocked ports. How could > that have happened? Just a bug I guess. > > Back to my original question. Does security at the data-link-layer make > sense for wired networks? I guess there could be cases where a person has > physical access to an Ethernet port but is not supposed to be able to use > the network. Maybe in a conference room or lobby. How does the > authentication actually take place? Do you need to use Radius or TACACS also? > > And one more question, is anyone actually using Windows XP yet? I guess > people must be for this bug to have been found. > > Interesting thread. Would anyone care to share some "big picture" comments > on the subject? > > Priscilla > > At 11:10 AM 4/17/01, Hornbeck, Timothy wrote: > > > Possible solution? > > > > > > * Operating systems, such as Windows XP, will attempt 802.1X > > > authentication by sending frames to the Authenticator PAE on the > > > destination multicast address 01-80-c2-00-00-0f and 01-80-c2-00-00-03. On > > > Catalyst 5000 family switches with EARL1, EARL1+, EARL1++, or EARL1.1, > > > these frames will be forwarded on all ports including spanning tree > > > blocking ports. Because these frames are forwarded on blocked ports, the > > > network will experience a Layer 2 multicast storm. > > > Workaround 1: Enter the following commands to configure a permanent CAM > > > entry for 01-80-c2-00-00-0f and 01-80-c2-00-00-03 to be directed out an > > > unused port. > > > * set cam permanent 01-80-c2-00-00-0f mod/port > > > * set cam permanent 01-80-c2-00-00-03 mod/port > > > Workaround 2: Follow this procedure to configure Windows XP to not send > > > these frames: > > > a. Cick on the associated Local Area Connection under Network > > > Connections. > > > b. Click on the Authentication Tab. > > > c. Uncheck "Network Access Control using IEEE 802.1x." > > > This problem is resolved in software release 6.2(1). (CSCdt62732) > > > > >Timothy J. Hornbeck > >Technical Analyst III > >Infrastructure Implementation - LAN/WAN > >"6EQUJ5" - By Unknown > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=998&t=911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Keystrokes to stop traceroute or Ping... [7:978]
*snort* You only do that when you typo an ip address you want to telnet to and it just sits there waiting to time out ;-p Otherwise, use CTRL+^ followed by x (CTRL, SHIFT, 6 release keys and x). If you're telnetting into a router and then into another, you can stack the CTRL+^ twice and then x (CTRL, SHIFT, 6, release, CTRL, SHIFT, 6, release and x). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > or login again and clear the vty line you're on... ;-) > > -Original Message- > From: Rizzo Damian [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 13:51 > To: [EMAIL PROTECTED] > Subject: Keystrokes to stop traceroute or Ping... [7:978] > > > Anyone remember the keystrokes to stop a router from performing an endless > traceroute or ping?... Thanks. > > >-Rizzo > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=994&t=978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question RE: Windows XP and Catalyst 5000 Issues ... [7:952]
I received this from a fellow engineer who contacted TAC: From: Mangieri,Joe Sent: Tuesday, April 17, 2001 10:46 AM To: 'Jason Roysdon' Subject: RE: Microsoft Windows XP, and CISCO's 5000 Series Switches On a Supervisor Engine III, the show module command provides information about the EARL and uplink modules. Naturally we have a Sup II. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Hennen, David"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Well, this could be a problem. > > Does anyone out there know of a way to remotely determine what version of > EARL is on the various Cat 5xxx supervisor blades? > > Thanks if you can help, > Dave H > > -Original Message- > From: Daniel Cotts [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 5:47 PM > To: [EMAIL PROTECTED] > Subject: RE: Windows XP and Catalyst 5000 Issues ... [7:816] > > > Here's the Cisco Advisory: > http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml > > > -Original Message- > > From: Hornbeck, Timothy [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 16, 2001 3:30 PM > > To: [EMAIL PROTECTED] > > Subject: Windows XP and Catalyst 5000 Issues ... [7:816] > > > > > > Do Not Plug WXP In Your Cisco Network Yet: Crash Warning > > > > > > Computer Reseller News reported something 'interesting'. MS > > found out about > > an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 > > switch. The conflicts can cause your corporate networks to crash. The > > unexpected incompatibility sits between the 802.1x wireless > > security feature > > in Windows XP and the Cisco switch software that has a bug. > > Cisco has a fix > > on its website. > > > > This week, Redmond sent an e-mail to all of Microsoft > > Consulting Services > > (MCS) to not plug Windows XP machines into any network > > without explicit > > approval of the client's IT department. What seems to have > > happened is that > > a Microsoft consultant plugged a laptop running Windows XP > > into a site and > > took the entire company down. > > > > Some adventurous souls in Xerox did the same, and brought the > > whole network > > down. Xerox sent an email to all 50,000 employees and told > > them that if they > > plugged in WXP and brought the network down, they would pay > > for the damage > > out of their paycheck. Sounds like they mean it. More at: > > http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash > > __ > > Nathan C. Broome CNE,MCSE > > Network Administrator > > Mayfran International > > 440-461-4100x160 > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=952&t=952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IOS on HTTP site WAS: Cisco IOS Documentation: on ftp [7:950]
Mirrored and re-zipped by me at ftp://artoo.net/pub/doc/cisco/ios/ You can get the individually zipped directories (for those with slower connections), or the ciscoios-combined.zip file which contains all of them, but don't waste your time downloading both. Note: I only allow a certain amount of logins at different times (3 during 6am-7pmPST business hours, unlimited all other times). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""COULOMBE, TROY"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Don, > That was I! ;-) > > I d/l them, then zipped them (10Mb v. 70Mb.) They are in the same > directories, etc. I also zipped them up as one large file (same > size)(proper directories maintained). I am allowed 2G of d/l per month from > my domain hoster. So 150 people @ 10Mb is max LOL. But you never know. ;-) > Will keep it there for as long as possible. ;-) > > IMPORTANT** > > If members on the list want to shoot me an E-mail with the following > subject: > > CiscoDocs > > I will respond to those requests with the URL of the files for those w/ HTTP > only access. ;-) > Those that respond w/ a different subject, will be filed in /dev/null. ;-) > Too much E-mail in a day, & it _must_ be sorted/filtered ;-p > > TroyC > > -Original Message- > From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 17, 2001 6:39 AM > To: [EMAIL PROTECTED] > Subject: Re: Cisco IOS Documentation: on ftp site [7:258] > > > Hi All > Everyone with the FTP site for the IOS docs the password has changed. > I had to do this for use during the week. Starting Friday and into the > weekend the site will reopen. Someone also said they zipped the files and > made them available if they could inform others that would be great if this > is true. Again the username and password will work this weekend. > > > > - Original Message - > From: "Patrick McAllister" > To: "Donald B Johnson jr" > Sent: Monday, April 16, 2001 5:21 PM > Subject: Re: Cisco IOS Documentation: on ftp site [7:258] > > > > Hi Don, > > > > I wanted to thank you for the user id and password for your ftp site. I > > downloaded a fair number of the guides, unfortunately I was not able to > > complete the downloads this weekend as planned. I went back tonight, but > got > > an access denied message trying to change directories to "guides". I was > > wondering if the window of opportunity had closed? If so, no biggie, I'd > > like to thank you for making the documentation available. If perhaps I > have > > done something incorrect and the word docs are still available for > download, > > just let me know (at your convenience of course). Thanks again! > > > > Patrick > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=950&t=950 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrade Catalyst 6509 MSFC problem [7:949]
"show flash" or "dir" will report that you probably don't have enough space. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Kim Seng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am trying to upgrade my Catalyst 6509 MFSC to > version 12.1.5. When I issued the cmd: > copy tftp flash at the router prompt. It failed and > told me that there are not enough space to upgrade the > new image. Can someone help me with this. I am digging > cisco web site for reading right now. Sorry this is my > first time with this. > > Kim. > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=951&t=949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Question [7:640]
See my post in reply to his. You don't learn static routes, but you would "learn" next hop from a static route (example being if it had a higher admin metric than a dynamic routing protocol, and that protocol lost the route, then the next-hop would be learned from the static). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Donald B Johnson jr"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I agree, 3 out the window, you don't "learn" a static > don > [EMAIL PROTECTED] > - Original Message - > From: "Tony van Ree" > To: > Sent: Monday, April 16, 2001 4:43 PM > Subject: Re: Cisco Question [7:640] > > > > Hi all, > > > > I thought IP routing was "not on by default" as a matter of fact that > > thought can bring you unglued when trying to work out way some issues as > to > > why routers don't route IP. So I think (d) would be approriate. > > > > Why would a router "learn about a static route". So (c) goes out the > window. > > > > Maybe I have a twisted view? > > > > Teunis, > > Hobart, Tasmania > > Australia > > > > > > > > On Saturday, April 14, 2001 at 03:00:21 PM, Jason J. Roysdon wrote: > > > > > If 3 must be true, I'd say start with getting rid of the ones that > aren't: > > > Routing is enabled by default (may not have always been true, but as of > > > 12.x) > > > The command to enable routing is 'ip routing' > > > > > > That leaves you with three left. Of course, the exam could be wrong. > > a,c,e > > > sound correct though, just skimming and not thinking too hard. > > > > > > -- > > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > > List email: [EMAIL PROTECTED] > > > Homepage: http://jason.artoo.net/ > > > > > > > > > > > > ""Victim"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Exam 1.11. Which three statements about Cisco Implementation of IP > > routing > > > > are ture: > > > > > > > > a. Routers can learn next hops dynamically > > > > b. IP routing is disabled by default on Cisco routers > > > > c. Routers can learn next hops through static routes > > > > d. Entering ip route in global configuration mode enables IP routing > > > > e. Routers learn next hops by receiving periodic updates from other > > > routers > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > > > -- > > www.tasmail.com > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=947&t=640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Conference Facility [7:921]
Hehee, cool, and no irc client even required! I've added an A record in my domain to make it easier to remember, so please keep me informed if you change the IP: telnet://ciscochat.artoo.net -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Guys... > > I have cranked up an old telnet chat system... that I was once very fond > of... > it done the rounds a bit in Germany > > Anyway feel free to use. > > 212.120.142.229 > > > login as chat > > > use .h for help > > Hopefully some of u might find this useful for a quick chat using telnet > only !!! > > kind regards, peter. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=946&t=921 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I Connect to ISP without Public IP [7:907]
interface Ethernet0 description Customer LAN ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ip nat inside ! interface BRI0 description Customer, Inc. 209-599- (SPID1 2095990101) (SPID2 2095990101) ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no keepalive dialer idle-timeout 600 dialer string 5771091 class pbi56 dialer hold-queue 20 dialer load-threshold 60 either dialer-group 1 isdn switch-type basic-ni isdn spid1 2095990101 599 isdn spid2 2095990101 599 no peer default ip address no fair-queue compress stac no cdp enable ppp authentication pap callin ppp pap sent-username ISP_USERNAME_HERE password ISP_PASSWORD_HERE ppp multilink hold-queue 75 in ! ip nat translation timeout 300 ip nat inside source list 100 interface BRI0 overload ip route 0.0.0.0 0.0.0.0 BRI0 permanent ! ! map-class dialer pbi56 dialer isdn speed 56 access-list 100 permit ip 192.168.1.0 0.0.0.255 any -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammad Faheem"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All > > I want to configure Cisco 801 ISDN Router for Internet Access(ISP > Connection) without any Public IP address, I am unable to locate any sample > configuration on Cisco site for the same. > > I know how to configure with public ip but havnt done any configuration > without public ip, I will appreciate if anybody send me the sample > configuration or any hint for the same. > > Thanx > Muhammad Faheem > Systems Engineer > Afcomp > Hello : (9714)-3529339 / 3027338 > Fax : (9714)-3523842 > Web : www.afcomp.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=940&t=907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I Connect to ISP without Public IP [7:907]
I believe he means without a static public IP. I posted a config for a dynamically issued IP that should work. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >Hi All > > > >I want to configure Cisco 801 ISDN Router for Internet Access(ISP > >Connection) without any Public IP address, I am unable to locate any sample > >configuration on Cisco site for the same. > > What problem are you trying to solve? If you don't have a public IP > address, how can machines on the Internet send anything back to you? > > If you are assuming that the provider will translate your private > address into a public one, there's really no difference in > configuration. The specific addresses to be used will be defined by > the provider. As with any address translation, it is possible some > applications may not work properly. > > I am assuming, given that you are dealing with an 801, you are not > talking about much more complex problems such as BGP with private AS > numbers. > > > > >I know how to configure with public ip but havnt done any configuration > >without public ip, I will appreciate if anybody send me the sample > >configuration or any hint for the same. > > > >Thanx > >Muhammad Faheem > >Systems Engineer > >Afcomp > >Hello : (9714)-3529339 / 3027338 > >Fax : (9714)-3523842 > >Web : www.afcomp.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=941&t=907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can someone please help? [7:869]
It depends on the interfaces you'll have on the 1700 and 2500. The base 1700 has only a fastethernet port which can connect via a crossover cable (or hub/switch) to the ethernet port of the 2500 via an AUI-to-10baseT transceiver (if it's a 2500 with an ethernet port and not token ring). You can use the AUX ports to reverse telnet into the CON port of the opposite routing and even use it as an async device to route over (AUX to AUX, of course). If you're given a WIC T1 CSU/DSU module for the 1700 and had an external CSU/DSU for the 2500 (say an AdTran TSU 120), you can connect them via a T1 crossover cable (pins 1,2 cross with 4,5). If nothing else, you can just dig into IOS and learn the commands and syntax. There is a ton you can do to learn routing protocols, etc. if you can get the two routers to communicate (although 3 routers would be more ideal, but two is better than one or even none!). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""johnyohanus-cisco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am able to get my hands on some Cisco routers at work. My questions is, > what will I be able to do with two Cisco routers (2500 Series and 1700 > Series). Thank you. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=874&t=869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Maximum Serial bandwidth = inbound + outbound rate? [7:864]
The average sampling can be changed on a per-interface basis with the load command. I usually change ports I'm testing to 'load 30' so I can easily see after 30 seconds of generated traffic how a link is performing. 10 minute sampling would just be 'load 600.' One of our the groups gurus can answer you best on the speeds, but it's my understanding that the total transmit and receive can't go above the total speed on a serial link, making it a half-duplex connection (but that seems totally wrong since a T1 has two pair of wires, and I believe one pair is for transmit and the other receive). I truly don't know any of these layer 1 details, but just spouting off the top of my head with random logical guesses ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Sim, CT (Chee Tong)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi.. group > > May I ask if a serial link is said to be 256K, does it mean that the both > input and output rate cannot exceed 256K or the SUM of input rate and output > rate cannot exceed 256K. > > What is the Duplex type of Serial link as shown below? > > Why some of the serial link traffic rate are based on 5 minute in/output > rate, but some of them are based on 10 minute in/output rate. How to > change it? Does it shown the same info? How they count? They determined > the number of bits in 5 minute and divided by the number of second in 5 > minute 5X60s?? > > > > SIN01>sh int s2/0 > Serial2/0 is up, line protocol is up > Hardware is M4T > Description: --- Connects to LON01 S2/0 - MCI Circuit ID W0B73202 --- > Internet address is 57.192.240.70/30 > MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, > reliability 255/255, txload 77/255, rxload 49/255 > Encapsulation HDLC, crc 16, loopback not set > Keepalive set (10 sec) > Last input 00:00:01, output 00:00:00, output hang never > Last clearing of "show interface" counters never > Input queue: 0/75/0 (size/max/drops); Total output drops: 14248 > Queueing strategy: weighted fair > Output queue: 0/1000/64/0 (size/max total/threshold/drops) > Conversations 0/20/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > 5 minute input rate 5 bits/sec, 28 packets/sec > 5 minute output rate 78000 bits/sec, 32 packets/sec > 101610672 packets input, 3280206236 bytes, 0 no buffer > Received 872308 broadcasts, 1 runts, 35 giants, 0 throttles > 5313 input errors, 4073 CRC, 0 frame, 7 overrun, 0 ignored, 1233 abort > 115170761 packets output, 3847528448 bytes, 0 underruns > 0 output errors, 0 collisions, 547 interface resets > 0 output buffer failures, 0 output buffers swapped out > 554 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > > == > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=873&t=864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Question [7:640]
It's not learning about a static route, but learning (or knowing) about a destination via a static route. Consider a static route with a higher administrative value than a dynamic route. The dynamic route will be used so long as it is received, but as soon as it fails the destination will now be known via the static route. Every router I've touched in the past two years have not required 'ip routing' to be issued and were routing out of the box. I've used it in troubleshooting "just in case" but never had it take affect (except when playing with bridging where it had been disabled). Just for grins and giggles I verified on a spare box, and 'no ip routing' shows when it is set, and 'ip routing' does not, so that lets you know the default values. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tony van Ree"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I thought IP routing was "not on by default" as a matter of fact that > thought can bring you unglued when trying to work out way some issues as to > why routers don't route IP. So I think (d) would be approriate. > > Why would a router "learn about a static route". So (c) goes out the window. > > Maybe I have a twisted view? > > Teunis, > Hobart, Tasmania > Australia > > > > On Saturday, April 14, 2001 at 03:00:21 PM, Jason J. Roysdon wrote: > > > If 3 must be true, I'd say start with getting rid of the ones that aren't: > > Routing is enabled by default (may not have always been true, but as of > > 12.x) > > The command to enable routing is 'ip routing' > > > > That leaves you with three left. Of course, the exam could be wrong. > a,c,e > > sound correct though, just skimming and not thinking too hard. > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > ""Victim"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Exam 1.11. Which three statements about Cisco Implementation of IP > routing > > > are ture: > > > > > > a. Routers can learn next hops dynamically > > > b. IP routing is disabled by default on Cisco routers > > > c. Routers can learn next hops through static routes > > > d. Entering ip route in global configuration mode enables IP routing > > > e. Routers learn next hops by receiving periodic updates from other > > routers > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > -- > www.tasmail.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=871&t=640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Test post with CCO URL - http://www.cisco.com [7:847]
Testing to see if URLs in the subject get truncated. The subject should read: Test post with CCO URL - http://www.cisco.com -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=847&t=847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written tomorrow. [7:830]
I hear this and other TR questions oddly still comprise a large section of the test, so be prepared. It's what I spent this weekend starting to learn about. Bleh, I hate old/dead technology that no one I know uses. I'm just glad it's off the lab. I think it's time to purchase or find a good Token Ring overview book. I've read a lot of current docs from Cisco's site, but nothing that really goes back to the beginning and gives a good foundation and good examples to make all this stuff stick in my head. I know a lot of it is just going to be re-reading the docs and definitions a few times until it just sinks in, but often I can find books that do a better job of describing a subject and it speeds the process along. Any recommendations? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tolanid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Focus on RIFs - how RSRB treats RIFs versus how DLSW treats it. > > Raj > "Michael Snyder" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Don't worry about LANE, WORRY about Token RIFS, and the difference in > modes > > of bridging it. > > > > What is 0xEOEO vs 0x8137? > > > > > > > > > > ""Michael Bambic"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Well after teaching CCNA for the last 18 months for the Cisco Networking > > > Academy, then taking the CCNP tests in February and CID in March I am > now > > > ready to take the CCIE Written (I HOPE) and plan to take the test > > tomorrow. > > > I appreciate everyone's help with any questions I had and look forward > to > > > the next step in my IT career. > > > I'll let you all know tomorrow what happens, any last minute info would > be > > > great. I plan to review ATM LANE components and processes tonight along > > with > > > basic token ring info. > > > > > > Mike Bambic > > > Lead Mentor > > > Phoenix Branch > > > 602-955-5888 > > > Cisco Regional Business Development Manager > > > TechSkills > > > www.techskills.com > > > [EMAIL PROTECTED] > > > > > > [GroupStudy.com removed an attachment of type application/ms-tnef which > > had > > > a name of winmail.dat] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=846&t=830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp path [7:837]
Give us a 'show ip route' from reach router. We'll be comparing the weights/metrics, so you can get a jump on it if you like. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""SH Wesson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a network that is running EIGRP to provide for redundancy, for some > reason, for this one remote site, it is taking the long route to get to > there. For instance, we have the following: > > > > RTR-A > /\ >/ \ > RTR-B---RTR-C > > The host we're trying to get to is on RTR-A and we are trying to get there > from RTR-C. Every link has the same bandwidth. For some reason we a > client on RTR-C is trying to get to a host on RTR-A, it goes from RTR-C to > RTR-B then to RTR-A and finally to the host on RTR-A instead of directly > from RTR-C to RTR-A and to the host. Any help would be appreciated. > Thanks. > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=845&t=837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
Oh, and also the public NTP server list is handy. Use stratum 2 servers since the Cisco box isn't ever going to be accurate enough to need stratum 1. http://www.eecis.udel.edu/~mills/ntp/servers.htm Also, never copy the 'ntp clock-period ' command. That is set automatically by the router as it detects "drift" from it's clock and the external servers (in an attempt to fix the "drift"). It's always unique to each router, and they'll figure it out on their own. Worst case, they'll fix it anyway, but I just recommend against it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Davis, Scott [ISE/RAC]"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Michael, > > I am doing exactly that with a 3640 now. > router(config)# ntp server x.x.x.x (internet stratus 1 clock server) > router(config)# ntp master > router(config)# ntp source intx/x (interface that supplies other NTP > clients) > > set other routers ntp server to ip address of 3640 interface specified by > ntp source command > > check synch and status with show ntp status and/or show ntp assoc > > Scott > > -Original Message- > From: Michael Snyder [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 15:54 > To: [EMAIL PROTECTED] > Subject: Re: NTP Server/Master (Sample Config?) [7:789] > > > "Hmm, why do you want your PIX to skin that racoon? Without any specific > figures, I'm going on a limb there, but it seems unlikely that the money > value of the added risk is worth the few grands that a peecee running a > free Unix, coupled to a receiver for a radio time source, eg GPS, would > cost you". > > I got four segments (different subnets) coming from the pix. I can make the > router upstream of the pix the ntp master, but it's the same difference to > me if the pix could do it. > > No problem. Thanks for your response. > > > ""ElephantChild"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > On Mon, 16 Apr 2001, Michael Snyder wrote: > > > > > I need to setup a 3600 to update it's clock, then supply it's time to > the > > > rest of a internal network. > > > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > > > Anyone have a sample config they can post? > > > > I would look into the IOS configuration guide(s). Relevant section is > > probably called "Configuring NTP" or something close. Exact URL left to > > the reader as an exercise. > > > > > Second question, Can a pix be a NTP Master/Server? > > > > Hmm, why do you want your PIX to skin that racoon? Without any specific > > figures, I'm going on a limb there, but it seems unlikely that the money > > value of the added risk is worth the few grands that a peecee running a > > free Unix, coupled to a receiver for a radio time source, eg GPS, would > > cost you. > > > > -- > > "Someone approached me and asked me to teach a javascript course. I was > > about to decline, saying that my complete ignorance of the subject made > > me unsuitable, then I thought again, that maybe it doesn't, as driving > > people away from it is a desirable outcome." --Me > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=828&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and Catalyst 5000 Issues ... [7:816]
Good advice and a great way to sell SmartNet contracts and maintenance contracts to keep those switch's CatIOS updated. Also, I hear that Win2K can cause the same problem, but comes with spanning tree disabled by default (which is the real problem, I believe). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Hornbeck, Timothy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Do Not Plug WXP In Your Cisco Network Yet: Crash Warning > > > Computer Reseller News reported something 'interesting'. MS found out about > an incompatibility between Windows XP and Cisco Systems' Catalyst 5000 > switch. The conflicts can cause your corporate networks to crash. The > unexpected incompatibility sits between the 802.1x wireless security feature > in Windows XP and the Cisco switch software that has a bug. Cisco has a fix > on its website. > > This week, Redmond sent an e-mail to all of Microsoft Consulting Services > (MCS) to not plug Windows XP machines into any network without explicit > approval of the client's IT department. What seems to have happened is that > a Microsoft consultant plugged a laptop running Windows XP into a site and > took the entire company down. > > Some adventurous souls in Xerox did the same, and brought the whole network > down. Xerox sent an email to all 50,000 employees and told them that if they > plugged in WXP and brought the network down, they would pay for the damage > out of their paycheck. Sounds like they mean it. More at: > http://www.w2knews.com/rd/rd.cfm?id=041601-Cisco-WXP-Crash > __ > Nathan C. Broome CNE,MCSE > Network Administrator > Mayfran International > 440-461-4100x160 > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=827&t=816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid question - EOL? [7:793]
Cat6Ks, Cisco's current flagship switch, of course ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you very much, appreciate all the help. I was wondering what people > were > planning to replace their 5000's with! I was originally trying ot locate a > picture of the 2926G in Quick Reference Product Guide, but was having no > luck. > > Thanks again, I'm off to check out those links! > > Patrick > > > > > > > > "EA Louie" on 04/16/2001 03:23:27 PM > > > > > > > > > To: Patrick McAllister/SOC/WGL@WGL > > cc: [EMAIL PROTECTED] > > > > Subject: Re: Stupid question - EOL? [7:793] > > > > > > > > > just end of *sales* for the older Cat 5000 *modules*, not the 5000 chassis > or the 5500's, though! And with the product line so big, it can be > difficult keeping track of what's live and what's EOL anymore, so don't get > *too* far down on yourself ;-) > > Cat5000 EOL links - scroll down to product bulletins on (watch wrap) > http://www.cisco.com/warp/public/cc/pd/si/casi/ca5000/prodlit/index.shtml > General EOL on Cisco products can be found at > http://www.cisco.com/univercd/cc/td/doc/pcat/elhw__g1.htm > > -e- > > - Original Message - > From: > To: > Sent: Monday, April 16, 2001 11:27 AM > Subject: Re: Stupid question - EOL? [7:793] > > > > Doh boy! I feel really dumb now, I didn't realize the 5000's had been > EOL'd > > too! > > I really HAVE to start getting out more often! :) > > > > Thanks for the info, > > Patrick > > > > > > > > > > > > > > > > > > "Circusnuts" on 04/16/2001 02:16:34 PM > > > > > > > > > > > > > > > > > > To: Patrick McAllister/SOC/WGL@WGL, > > [EMAIL PROTECTED] > > > > cc: > > > > > > > > Subject: Re: Stupid question - EOL? [7:793] > > > > > > > > > > > > > > > > > > Yep- I believe it EOL-ed the same time as the Catalyst 5000's (summer > 2000). > > Of course this does not mean Cisco has stopped supporting the box, just > that > > you will not be able to purchase it under the new product line-up. IOS & > > parts should exist another 3 years or so. > > > > Phil > > > > - Original Message - > > From: > > To: > > Sent: Monday, April 16, 2001 1:46 PM > > Subject: Stupid question - EOL? [7:793] > > > > > > > I was trying to find some information on the 2926G switch (I'm not > overly > > > familiar with the whole Cisco product line so bear with me) and ran > across > > > this > > > document: > > > > > > http://www.cisco.com/univercd/cc/td/doc/pcat/ca2926.htm > > > > > > Is the 2926G and old switch and EOL = End of Life? Just wondering > > > > > > Patrick > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=826&t=793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
The PIX doesn't support NTP (either to poll from or server). You'll want to have your external router polling a few outside sources, and have it provide clock for the inside. NTP uses udp/123, so if you right a tight firewall that's what you have to open up to that outside router. Also, lower end IOS/older routers don't support the full NTP protocol, but often do support SNTP. I'd also suggestion setting your logging to use localtime, and establishing your timezone: service timestamps debug uptime service timestamps log datetime msec localtime show-timezone clock timezone PST -8 clock summer-time PDT recurring ! full NTP support ntp master ntp server 63.192.96.2 ntp server 63.172.195.4 ntp server 132.239.254.5 I suggest first setting the servers, then make sure that you can sync, and then set the master (otherwise it may sync with itself if the others don't work, but say "syncronized" even though it isn't sync'd to anything external). Check it out with: show ntp associations show ntp status ! sntp only server: sntp server 63.192.96.2 sntp server 63.172.195.4 sntp server 132.239.254.5 >From here you only get: show sntp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""EA Louie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ntp server a.b.c.d ! where a.b.c.d is your external clock source > ntp source ethernet0 ! where ethernet0 is the interface that you use to feed > time to the rest of the network > > It automatically generates ntp clock-period. > > I don't remember the PIX supporting even taking time from an NTP server, > much less being an NTP Master > > -e- > - Original Message - > From: "Michael Snyder" > To: > Sent: Monday, April 16, 2001 9:40 AM > Subject: NTP Server/Master (Sample Config?) [7:789] > > > > I need to setup a 3600 to update it's clock, then supply it's time to the > > rest of a internal network. > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > Anyone have a sample config they can post? > > > > > > > > Second question, Can a pix be a NTP Master/Server? > > > > > > Thanks in advance, > > > > -- > > Michael Snyder > > NOC Engineer > > CCNP-Security, MCSE,CCDP,CCIE-Written > > [EMAIL PROTECTED] > > ICQ#17424414 > > > > WAMS > > 273 E. Hacienda Ave > > Campbell, CA 95008 > > (408) 341-1530 > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=824&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
